BrainStorm Legal Documents

BRAINSTORM PRIVACY POLICY

Effective Date:  January 1, 2020

Last Reviewed On: April 4, 2020

BrainStorm, Inc. (“Brainstorm,” “we”, “us” and “our”) is committed to protecting your privacy.  BrainStorm is a U.S.-based corporation that provides change management solutions through its online, cloud-based QuickHelp™ software application and electronic instructional content, as well as instructor-led training (“ILT”) and an immersive cloud-based training and facilitator bootcamp (“CIE”). We provide our services to other businesses and organizations to enable them to manage change and to support their employees when they adopt new software.

This privacy policy addresses our collection of personal data that relates to you as an identified or identifiable individual (“personal information”), including without limitation personal information that we collect when we engage in marketing, you apply for a job, or you use our Services:

• https://www.brainstorminc.com/, https://quickhelp.com, and http://cie.brainstorminc.com/ (collectively referred to as “Websites”)
• Our QuickHelp™ platform
• ILT or CIE events
• Our service and support for our software, training and services
• Our other communications to you, including when you interact with us through our Websites, or when we communicate by phone, email, live chat and social media

The policy also describes the choices available to you regarding the use of, your access to, sharing of and deletion of personal information and how to update and correct your personal information. 

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, you are not required to use our Services. As discussed below, we review this policy at least annually and may change it from time to time. Any updates or changes to our privacy statement will be posted to this privacy statement, the home page, and other places we deem appropriate so that you are aware of our personal information processing practices. We reserve the right to modify this privacy policy at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by e-mail, or by means of a notice on our home page prior to the change becoming effective.

For users outside the European Union and European Economic Area, we understand your use of the Services to signal your acceptance of the use of personal information as described in this privacy policy. We also understand your continued use of the service after a change to this privacy policy to indicate your acceptance of those changes. If you are a QuickHelp user and wish to withdraw your consent, you can access that feature in your user “Settings” in QuickHelp.  

IDENTITY OF THE CONTROLLER

With respect to information collected through our Services at the direction of our customers, our customers are the controllers of this personal information. Our use of the customer personal information is limited to the purpose of providing the service for which the customer has engaged BrainStorm.  We do not control what customer personal information we may receive and host, nor what steps the customer has taken to ensure that the data is reliable for its intended use, non-infringing, accurate, complete, and current.  If data is customer personal information, individuals who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their queries to BrainStorm’s customer. If a customer provides any personal information about any third parties to BrainStorm, the customer is responsible for providing any notices and obtaining any consents required by applicable law necessary for BrainStorm to process that customer personal information under this policy.

We also collect certain personal information on our own behalf regarding applicants for employment, our customers, former customers, and prospects. We are the controllers with respect to this information and we can be reached using the following contact information:

BrainStorm, Inc.
Attn: Data Protection Inquiry
Ten South Center Street
American Fork, UT 84003
security@brainstorminc.com
801-229-1337

HOW WE USE PERSONAL INFORMATION

In addition to the personal information sharing shown in the table above, we also reserve the right to disclose your information to our successor in the event of an acquisition, bankruptcy, or other transfer of our business. We also reserve the right to use personal information for other purposes that are compatible with the purposes for which we originally collected personal information.

Additional Information for Applicants. When we consider making an offer of employment, we generally conduct a pre-employment background check. Prior to doing this check, we will provide candidates with a further privacy notice with information about the scope of the check, the information that will be collected during the process, and with information about their rights under applicable law. We then obtain their consent prior to conducting the background check.

USAGE INFORMATION

We automatically collect usage information. Usage information is sourced from our use of cookies, log files, and analytics technologies. Some usage information includes or can be related to personal information.

1. Using Cookies. BrainStorm and service providers operating on our behalf use cookies on our Services. By using our Services, you accept the use of cookies that are strictly necessary to deliver the Services. You may update your preferences with respect to your consent to allow any other cookies through your profile on the Services at any time.
2. Log files. We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, device identifier, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, and other usage data. We may combine this automatically-collected log information with other information we collect about you. If you contact us over the telephone or via fax, we may also log telephony information such as your phone number, forwarding calls, SMS routing information, and types of calls.
3. Services Use. We may use technologies to automatically collect information from you when you use the Services. We collect this information to, among other things, provide you information and benchmarking based upon your usage of the Services, which are used in analyzing trends, administering the Services, tracking users’ utilization and to gather information about our user community as a whole.  For example, if enabled by your administrator, we use third-party services such as Microsoft Graph that help us understand details about your usage of Microsoft Office 365, including without limitation total numbers of communications, methods of making attachments, timing of logging into social media and other details that provide us with statistics about how you interact with the software so that we can better assist you in learning new features and capabilities.  BrainStorm does not have any access or ability to read the content of your Microsoft Office 365 usage. 

YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION

You have certain rights available to you regarding your personal information, and BrainStorm respects and honors those rights. 

• If you are a user of the Services and you notice an error in your personal information, you may rectify (i.e. correct or update) much of the information we store about you by updating your settings under your user profile. You may request rectification of any other personal information by contacting us at security@brainstorminc.com with “Personal Information Rectification Request” in the subject line. Please provide us with full details in relation to your request, including your contact information, your company’s name, and any other detail you feel is relevant.
• Upon request, BrainStorm will provide you with information about whether we possess any of your personal information. To find out if we possess your personal information or to make a request to access your personal information, please contact us at security@brainstorminc.com with “Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information, your company’s name and any other detail you feel is relevant.
• If you would like your personal information erased, restricted, or transferred, or if you wish to withdraw your consent to our data processing, or your personal information has been processed in violation of the Privacy Shield Principles please contact us at security@brainstorminc.com with “Erase My Personal Data”, “Restrict or Transfer My Personal Data” or “Withdrawing My Consent to Data Processing” in the subject line, and articulate your specific request in the body of the email.
• Upon request by e-mail or mail (to the addresses noted below), BrainStorm will provide you with reasonable access to your personal information, unless legally prohibited from doing so.

We will attempt to respond to your requests within 30 days. It may take us longer if your request is complex or you have made multiple requests in which circumstances we will notify you and keep you apprised of our progress.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your information (or to exercise any of your other rights). This is a security measure to ensure that your information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

DATA RETENTION

We retain your personal information and the data we process on behalf of our customers indefinitely unless otherwise directed by the customer or required by applicable laws.  We will retain and use this information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you delete any of your account information, we may retain certain information if required by law or for legitimate business purposes or to complete our contractual obligations to you.

If you become an inactive customer, or if we close or suspend your account, we will continue to adhere to the then-current Policy when we collected your information so long as we retain it in our possession. 

If your application for a job is successful, your information gathered during the recruitment process will be transferred to your human resources files subject to our internal human resources policies and procedures and retained as employment data.  If your application is unsuccessful, we may, with your consent, keep your information on file for future employment opportunities.  You may withdraw your consent at any time. 

We may delete any or all of your information at any time without notice to you for any reason or no reason unless otherwise required by law or contract to retain it. 

PREFERENCES AND OPTING-OUT

1. Communications/Marketing. Our Services provide visitors and customers the opportunity to opt-out of receiving specific types of communications from us and our partners at the point where we request information about the visitor or customer.  If you have previously signed up to receive information about our Services, you may unsubscribe or opt out of all future marketing communications from us that do not relate to products or services you have already ordered by removing your contact and other information from our marketing and communications databases by (a) adjusting your settings within the services; (b) sending an email to security@brainstorminc.com with the subject line of  “Unsubscribe” or “Opt-Out Request”; or (c) clicking the unsubscribe link on any email marketing communication you receive.
2. QuickHelp Platform. You may access your account to make changes in your preferences. Before we send you any message from QuickHelp, you will be asked to “opt-in” to those communications.  If you have opted-in to receiving communications from QuickHelp, you may stop receiving those communications by managing your message notification settings under your user profile.
3. How to allow/deactivate cookies. You can also delete cookie files from your hard drive, or avoid them altogether, by configuring your browser to reject them or to notify you when a cookie is being placed on your hard drive. Most Internet browsers allow you to block cookies from your browser. If you do not agree to the use of these cookies, you can follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” portion of the browser toolbar or options or by following the instructions for your browser set out here: http://www.allaboutcookies.org/).  You may also visit the Network Advertising Initiative opt-out page at http://www.networkadvertising.org/choices/or use the automated disabling tool where available.  However, some of the Services will not function well if cookies are disabled. Where the organization setting the cookie provides an automated disabling tool in respect of its cookie(s) we provide a link to its automated disabling tool below. 
4. How to opt out of targeted advertising. You can generally opt-out of receiving personalized ads from third party advertisers and ad networks who are members of the Network Advertising Initiative (NAI) or who follow the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising (DAA) by visiting the opt-out pages on the NAI website and DAA we  Also, if you do not want to have your information used for the purpose of serving you targeted ads, you may opt-out by clicking on TrustArc’s Your Advertising Choices page at http://preferences-mgr.truste.com/ or, if in the European Union, http://www.youronlinechoices.eu/.  Please note this does not opt you out of being served advertising. Depending upon the Service, you may continue to receive generic ads. Not all features of the Services will function as intended if you reject cookies.

NO USE BY CHILDREN

The Services are not intended for users younger than 16. We do not knowingly collect contact information from children under the age of 16 without verifiable parental consent. If we become aware that a visitor under the age of 16 has submitted personal information without verifiable parental consent, we will remove his or her information from our files.

DO NOT TRACK REQUESTS

Your Internet browser and mobile device may allow you to adjust your browser settings so that “do not track” requests are sent to the websites you visit. BrainStorm respects your wishes and will not track user activity once “do not track” signals have been activated.  Some of our Services, such as QuickHelp, may not function properly if you disable cookies or activate a “do not track” signal.

SAFEGUARDS

BrainStorm takes reasonable precautions to protect personal information in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal information.  BrainStorm hosts QuickHelp in Microsoft’s cloud computing service known as Azure.  Full details on Azure’s data center may be found here.  We protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.  However, no method of transmission or storage is perfect. While we use commercially reasonable and appropriate means to protect your personal information, we cannot guarantee its absolute security.

If you have any questions about security on our website, you can e-mail us at security@brainstorminc.com with "Questions about Data Security" in the subject line.

TRANSFER OF PERSONAL INFORMATION TO THE UNITED STATES: E.U.-U.S. and Swiss-U.S. Privacy Shield Frameworks

Your personal information will be transferred to the United States. This is permissible under applicable law because BrainStorm complies with the E.U.-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and/or Switzerland, respectively, to the United States. BrainStorm has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

The Federal Trade Commission (“FTC”) has jurisdiction over BrainStorm’s compliance with the Privacy Shield Principles. BrainStorm is also subject to the FTC’s ordinary investigatory and enforcement powers.

In compliance with the Privacy Shield Principles, BrainStorm commits to resolve complaints about your privacy and our collection or use of your personal information. European Union and/or Swiss individuals with inquiries or complaints regarding this Policy should first contact BrainStorm at security@brainstorminc.com or by mail at:

BrainStorm
Attn: Security
Ten South Center Street
American Fork, UT 84003

BrainStorm has further committed to refer unresolved Privacy Shield complaints to an alternative dispute resolution provider located in the United States. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge), JAMS, as the following link:  https://www.jamsadr.com/eu-us-privacy-shield.

Under certain conditions, which are more fully described on the Privacy Shield website at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim, you may invoke binding arbitration after other dispute resolution procedures have been exhausted.

BrainStorm complies with the Privacy Shield Principles for all onward transfers of personal data from the European Union and Switzerland to any third parties acting as an agent on its behalf. BrainStorm remains liable under the Privacy Shield Principles if an agent processes personal information covered by this Policy in a manner inconsistent with the Privacy Shield Principles, except where BrainStorm is not responsible for the event giving rise to the damage.

QUESTIONS?  COMPLAINTS?  HOW YOU CAN CONTACT US

If you have any questions or concerns regarding this policy, you should contact us by email at security@brainstorminc.com with "Privacy Policy Inquiry" in the subject line.  You can also write to us at: 

BrainStorm
Attn: Privacy Policy Inquiry
Ten South Center Street
American Fork, UT 84003

When we receive formal written complaints, we will contact the person who made the complaint to follow up. As appropriate, we work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

If you are located in the EU, after May 25, 2018, you have the right to lodge a complaint with a supervisory authority in relation to the processing of your personal information, but we would appreciate the opportunity to speak with you first and resolve your issues.

DATA PROTECTION OFFICER

You may reach our Data Protection Officer at security@brainstorminc.com.  You can also write to our Data Protection Officer at the following address:

BrainStorm
Attn: Data Protection Officer
Ten South Center Street
American Fork, UT 84003

Thoughts or questions about this Privacy Policy? Please let BrainStorm know by email or writing to BrainStorm at the address below.

BrainStorm
Attn: Privacy Policy Inquiry
Ten South Center Street
American Fork, UT 84003

Supplemental California Privacy Information Notice

This section of our privacy policy supplements the information contained in our general privacy notice above. It applies only to all those who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act (CCPA) and other laws that provide rights specific to California residents.

Categories of Information We Collect

Our Services collect personal information. We have collected the following categories of personal information from our consumers within the last 12 months. The sources from which we obtain this information and the ways in which we use this information are set forth in our general privacy notice above. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Disclosures of Personal Information for a Business Purpose

We disclose your personal information to third parties for business purposes. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

We share your personal information with the following categories of third parties:

• Service providers, which we refer to as “subprocessors” in our general privacy notice, above.

In the preceding 12 months, we have disclosed the following categories of personal information for business purposes:

• Category A: Identifiers.
• Category B: California Customer Records personal information categories.
• Category C: Protected classification characteristics under California or federal law.
• Category D: Commercial information.
• Category F: Internet or other similar network activity.
• Category I: Professional or employment-related information.
• Category J: Non-public education information.

Sales of Personal Information

In the preceding 12 months, we have not sold consumers’ personal information.

Your California Rights

The CCPA provides California consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Requests to Access to Specific Information

You have the right to request that we disclose information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see below), we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we collected about you.
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
• sales (if any) along with the personal information categories that each category of recipient purchased; and
• disclosures for a business purpose along with the personal information categories that each category of recipient obtained.

Deletion Requests

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see below), we will delete (and direct any of our service providers that hold your data on our behalf to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.).
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Opt-out of Sales of Personal Information

CCPA provides California consumers with the right to opt-out of the sale of their personal information. This right does not apply to our use of personal information because we do not sell personal information and have not sold personal information in the past 12 months.

California “Shine the Light” Notice

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits California residents to request certain information regarding disclosure of their personal information to third parties for their direct marketing purposes. This law does not apply to us because we do not disclose your personal information to any third parties for their direct marketing purposes.

Exercising Your Rights

To exercise the access, data portability, and deletion rights described above, please submit a request to us by one of the following methods:

• E-mailing us at security@brainstorminc.com

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your personal information. You may also make a request on behalf of your minor child.

You may only make a request for access or data portability twice within a 12-month period. The request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in a request to verify the requestor’s identity or authority to make the request.

We endeavor to respond to requests within 30 days of its receipt, but we are allowed by law to take up to 45 days to respond. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding your request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For personal information access requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Although we are permitted under CCPA to offer certain financial incentives that can result in different prices, rates, or quality levels, we do not presently do so.

Data Protection Addendum

This BrainStorm, Inc. Data Protection Addendum (“DPA”) is between the parties with respect to the terms governing the Processing of Personal Data under the BrainStorm QuickHelp Subscription Agreement (the “Master Agreement”).  This DPA sets out the additional terms, requirements and conditions on which BrainStorm, as Provider (defined below), will obtain, handle, process, disclose, transfer, or store Personal Information (defined below) when providing services under the Master Agreement.  This DPA serves as an addendum to the Master Agreement and is effective upon its incorporation into the Master Agreement, which incorporation may be specified in the Master Agreement, the Order Form (as defined in the Master Agreement), or as otherwise agreed to between the parties. 

BrainStorm will periodically update the terms and conditions of this DPA.  You will be notified of any material updates or changes via email or through the Admin Portal.

Terms not otherwise defined in this DPA shall have the meaning as set forth in the Master Agreement.

1. Definitions and Interpretation

• The following definitions and rules of interpretation apply in this DPA.

“Business Purpose” means the services described in the Master Agreement or any other purpose specifically identified in Appendix A.

“Customer” shall mean the Customer defined in the Master Agreement or Order Form, and who shall determine the purpose and means of the Processing of Personal Information. 

“Data Subject” means an individual who is the subject of Personal Information.

“Personal Information” means any information the Provider processes for the Customer that (a) identifies or relates to an individual who can be identified directly or indirectly from that data alone or in combination with other information in the Provider’s possession or control or that the Provider is likely to have access to, or (b) the relevant Privacy and Data Protection Requirements otherwise define as protected personal information.

“Processing, processes, or process” means any activity that involves the use of Personal Information or that the relevant Privacy and Data Protection Requirements may otherwise include in the definition of processing, processes, or process. It includes obtaining, recording, or holding the data, or carrying out any operation or set of operations on the data including, but not limited to, organizing, amending, retrieving, using, disclosing, erasing, or destroying it. Processing also includes transferring Personal Information to third parties.

“Privacy and Data Protection Requirements” means all applicable federal, state, and international laws and regulations relating to the processing, protection, or privacy of Personal Information, including where applicable, the guidance and codes of practice issued by regulatory bodies in any relevant jurisdiction.

“Provider” shall mean BrainStorm, Inc., a Delaware corporation with offices located at Ten South Center Street, American Fork, Utah 84003, who shall process Personal Information on behalf of the Customer.

“Security Breach” means any act or omission that compromises the security, confidentiality, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place to protect it. The loss of or unauthorized access, disclosure, or acquisition of Personal Information is a Security Breach whether or not the incident rises to the level of a security breach under the Privacy and Data Protection Requirements.

• This DPA is subject to the terms of the Master Agreement and is incorporated into the Master Agreement. Interpretations and defined terms set forth in the Master Agreement apply to the interpretation of this DPA.
• The Appendices form part of this DPA and will have effect as if set out in full in the body of this DPA. Any reference to this DPA includes the Appendices.
• A reference to writing or written includes email but not messages sent via fax.
• In the case of conflict or ambiguity between:
  • any provision contained in the body of this DPA and any provision contained in the Appendices, the provision in the body of this DPA will prevail;
  • the terms of any accompanying invoice or other documents annexed to this DPA and any provision contained in the Appendices, the provision contained in the Appendices will prevail;
  • any of the provisions of this DPA and the provisions of the Master Agreement, the provisions of this DPA will prevail; and
  • any of the provisions of this agreement and any executed Standard Contractual Clauses, the provisions of the executed Standard Contractual Clauses will prevail.

2. Personal Information Types and Processing Purposes
   • The Customer retains control of the Personal Information and remains responsible for its compliance obligations under the applicable Privacy and Data Protection Requirements, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to the Provider.
   • Appendix A describes the general Personal Information categories and Data Subject types the Provider may process to fulfill the Business Purposes of the Master Agreement.
3. Provider’s Obligations
   • The Provider will only process the Personal Information to the extent, and in such a manner, as is necessary for the Business Purposes in accordance with the Customer’s instructions. The Provider will not process the Personal Information for any other purpose or in a way that does not comply with this DPA or the Privacy and Data Protection Requirements. The Provider will promptly notify the Customer if, in its opinion, the Customer’s instruction would not comply with the Privacy and Data Protection Requirements.
   • The Provider shall promptly comply with any Customer request or instruction requiring the Provider to amend, transfer, or delete the Personal Information, or to stop, mitigate, or remedy any unauthorized processing.
   • The Provider will maintain the confidentiality of all Personal Information and will not disclose Personal Information to third parties unless the Customer or this DPA specifically authorizes the disclosure, or as required by law. If a law requires the Provider to process or disclose Personal Information, the Provider shall first inform the Customer of the legal requirement and give the Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.
   • The Provider will reasonably assist the Customer with meeting the Customer’s compliance obligations under the Privacy and Data Protection Requirements, taking into account the nature of the Provider’s processing and the information available to the Provider.
   • The Provider will promptly notify the Customer of any changes to Privacy and Data Protection Requirements that may adversely affect the Provider’s performance of the Master Agreement.
   • The Customer acknowledges that the Provider is under no duty to investigate the completeness, accuracy, or sufficiency of any specific Customer instructions from Authorized Persons or the Personal Information other than as required under the Privacy and Data Protection Requirements.
   • The Provider will only collect Personal Information for the Customer in accordance with the Agreement, the Privacy Policy, and this DPA. 
4. Provider’s Employees
   • The Provider will limit Personal Information access to:
     • those employees who require Personal Information access to meet the Provider’s obligations under this DPA and the Master Agreement; and
     • the part or parts of the Personal Information that those employees strictly require for the performance of their duties.
   • The Provider will ensure that all employees:
     • are informed of the Personal Information’s confidential nature and use restrictions;
     • have undertaken training on the Privacy and Data Protection Requirements relating to handling Personal Information and how it applies to their particular duties; and
     • are aware both of the Provider’s duties and their personal duties and obligations under the Privacy and Data Protection Requirements and this DPA.
   • The Provider will take reasonable steps to ensure the reliability, integrity, and trustworthiness of all of the Provider’s employees with access to the Personal Information.
5. Security
   • The Provider will maintain appropriate technical and organizational measures designed to safeguard Personal Information against unauthorized or unlawful processing, access, copying, modification, storage, reproduction, display, or distribution, and against accidental loss, destruction, or damage. These shall include any security measures set out in Appendix . The Provider will periodically review these measures at least annually to ensure they remain current and complete.
   • The Provider will immediately notify the Customer if it becomes aware of any advance in technology and methods of working, which indicate that the parties should adjust their security measures.
   • The Provider will take reasonable precautions to preserve the integrity of any Personal Information it processes and to prevent any corruption or loss of the Personal Information, including but not limited to establishing effective back-up and data restoration procedures.
6. Security Breaches and Personal Information Loss
   • The Provider will promptly notify the Customer if any Personal Information is lost or destroyed or becomes damaged, corrupted, or unusable. The Provider will restore such Personal Information at its own expense.
   • The Provider will immediately notify the Customer if it becomes aware of:
     • any unauthorized or unlawful processing of the Personal Information; or
     • any Security Breach.
   • Immediately following any unauthorized or unlawful Personal Information processing or Security Breach, the parties will co-ordinate with each other to investigate the matter. The Provider will reasonably co-operate with the Customer in the Customer’s handling of the matter, including:
     • assisting with any investigation;
     • providing the Customer with physical access to any facilities and operations affected;
     • facilitating interviews with the Provider’s employees, former employees and others involved in the matter; and
     • making available all relevant records, logs, files, data reporting, and other materials required to comply with all Privacy and Data Protection Requirements or as otherwise reasonably required by the Customer.
   • The Provider will not inform any third party of any Security Breach without first obtaining the Customer’s prior written consent, except when law or regulation requires it.
   • The Provider agrees that the Customer has the sole right to determine:
     • whether to provide notice of the Security Breach to any Data Subjects, regulators, law enforcement agencies, or others, as required by law or regulation or in the Customer’s discretion, including the contents and delivery method of the notice; and
     • whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
   • The Provider will cover all reasonable expenses associated with the performance of the obligations under clause 2 and 6.3, unless the matter arose from the Customer’s specific instructions, negligence, willful default, or breach of this DPA, in which case the Customer will cover all reasonable expenses.
   • The Provider will also reimburse the Customer for actual reasonable expenses the Customer incurs when responding to and mitigating damages, to the extent that the Provider caused a Security Breach, including all costs of notice and any remedy as set out in clause 5.
7. Cross-Border Transfers of Personal Information
   • If the Privacy and Data Protection Requirements restrict cross-border Personal Information transfers, the Customer will only transfer that Personal Information to the Provider under the following conditions:
     • the Provider, either through its location or participation in a valid cross-border transfer mechanism under the Privacy and Data Protection Requirements, as identified in Appendix A, may legally receive that Personal Information, however the Provider will immediately inform the Customer of any change to that status;
     • the Customer obtained valid Data Subject consent to the transfer under the Privacy and Data Protection Requirements; or
     • the transfer otherwise complies with the Privacy and Data Protection Requirements for the reasons set forth in Appendix A.
   • The Provider will not transfer any Personal Information to another country unless the transfer complies with the Privacy and Data Protection Requirements. In Appendix A, the Provider shall identify the legal basis supporting any transfers it makes and will promptly inform the Customer of any change to that status.
8. Subcontractors
   • The Provider may only authorize a third party (subcontractor) other than those set forth in Appendix A to process the Personal Information if:
     • the Customer is given an opportunity to object within 14 days after the Provider supplies the Customer with details regarding the subcontractor’s proposed role with respect to the Personal Information, contact information for the subcontractor’s data protection officer or other data-protection point-of-contact, and the terms on which the subcontractor shall be able to process the Personal Information;
     • the Provider enters into a written contract with the subcontractor that contains terms substantially the same as those set out in this DPA and, upon the Customer’s written request, provides the Customer with copies of such contracts;
     • the Provider maintains control over all Personal Information it entrusts to the subcontractor; and
     • the subcontractor’s contract terminates automatically on termination of this DPA for any reason.
   • The Provider shall list all subcontractors that it anticipates using to carry out the Business Purposes in Appendix A and include each subcontractor’s name and location and contact information for the person responsible for privacy and data protection compliance. The Customer’s agreement to this DPA shall authorize the Provider to use the subcontractors as described in Appendix A.
   • If a subcontractor fails to fulfill its obligations under such written agreement, the Provider remains responsible to the Customer for the subcontractor’s performance of its obligations.
   • Upon the Customer’s written request, the Provider will audit a subcontractor’s compliance with its obligations regarding the Customer’s Personal Information and provide the Customer with a summary of the audit results.
9. Complaints, Data Subject Requests, and Third-Party Rights
   • The Provider shall notify the Customer promptly if it receives any complaint, notice, or communication that directly or indirectly relates to the Personal Information processing or to either party’s compliance with the Privacy and Data Protection Requirements.
   • The Provider will notify the Customer within 5 working days if it receives a request from a Data Subject regarding their Personal Information unless the Provider is able to fully handle and respond to such request.
   • The Provider will give the Customer its full co-operation and assistance in responding to any complaint, notice, communication, or Data Subject request.
   • The Provider shall not disclose the Personal Information to any Data Subject or to a third party unless the disclosure is either at the Customer’s request or instruction, permitted by this DPA, or is otherwise required by law.
10. Term and Termination
    • This DPA will remain in full force and effect so long as:
      • the Master Agreement remains in effect; or
      • the Provider retains any Personal Information related to the Master Agreement in its possession or control (the “Term”).
    • Any provision of this DPA that expressly or by implication should come into or continue in force on or after termination of the Master Agreement in order to protect Personal Information will remain in full force and effect.
    • If a change in any Privacy and Data Protection Requirement prevents either party from fulfilling all or part of its Master Agreement obligations, the parties will suspend the processing of Personal Information until that processing complies with the new requirements. If the parties are unable to bring the Personal Information processing into compliance with the Privacy and Data Protection Requirement within a reasonable time, they may terminate the Master Agreement upon written notice to the other party.
11. Data Return and Destruction
    • At the Customer’s request, the Provider will give the Customer a copy of or access to all or part of the Customer’s Personal Information in its possession or control in the format and on the media reasonably specified by the Customer.
    • On termination of the Master Agreement for any reason or expiration of its term, the Provider will securely destroy or, if directed in writing by the Customer, return and not retain, all or any Personal Information related to this agreement in its possession or control, except for one copy that it may retain and use for audit purposes only.
    • If any law, regulation, or government or regulatory body requires the Provider to retain any documents or materials that the Provider would otherwise be required to return or destroy, it will notify the Customer in writing of that retention requirement, giving details of the documents or materials that it must retain, the legal basis for retention, and establishing a specific timeline for destruction once the retention requirement ends. The Provider may only use this retained Personal Information for the required retention reason or audit purposes.
    • If Customer requests, the Provider will certify in writing that it has destroyed the Personal Information within 14 days after receiving the Customer’s request.
12. Records
    • The Provider will keep detailed, accurate, and up-to-date records regarding any processing of Personal Information it carries out for the Customer, including but not limited to, the access, control, and security of the Personal Information, approved subcontractors and affiliates, the processing purposes, and any other records required by the applicable Privacy and Data Protection Requirements (the “Records”).
    • The Provider will ensure that the Records are sufficient to enable the Customer to verify the Provider’s compliance with its obligations under this DPA.
    • The Customer and the Provider shall review the information listed in the Appendices to this DPA annually to confirm its current accuracy and update it if required to reflect current practices.
13. Audit
    • At least annually, the Provider will audit its Personal Information processing practices and the information technology and information security controls for all facilities and systems used in complying with its obligations under this DPA, including, but not limited to, obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm based on recognized industry best practices.
    • Upon the Customer’s written request, the Provider will make the relevant audit reports available to the Customer for review. The Customer will treat such audit reports as the Provider’s confidential information under this Agreement.
    • The Provider will promptly address any issues, concerns, or exceptions noted in the audit reports with the development and implementation of a corrective action plan by the Provider’s management.

14. Warranties
    • The Provider warrants and represents that:
      • its employees, subcontractors, agents, and any other person or persons accessing Personal Information on its behalf are reliable and trustworthy and have received the required training on the Privacy and Data Protection Requirements relating to the Personal Information; and
      • it and anyone operating on its behalf will process the Personal Information in compliance with both the terms of this DPA and all applicable Privacy and Data Protection Requirements and other laws, enactments, regulations, orders, standards, and other similar instruments; and
      • it has no reason to believe that any Privacy and Data Protection Requirements prevent it from providing any of the Master Agreement’s contracted services; and
      • considering the current technology environment and implementation costs, it will take appropriate technical and organizational measures to prevent the unauthorized or unlawful processing of Personal Information and the accidental loss or destruction of, or damage to, Personal Information, and ensure a level of security appropriate to:
        • the harm that might result from such unauthorized or unlawful processing or accidental loss, destruction, or damage; and
        • the nature of the Personal Information protected; and
        • comply with all applicable Privacy and Data Protection Requirement and its information and security policies, including the security measures required in clause 1.
      • The Customer warrants and represents that the Provider’s expected use of the Personal Information for the Business Purpose and as specifically instructed by the Customer will comply with all Privacy and Data Protection Requirements.

15. Indemnification
    • The Provider agrees to indemnify the Customer against all costs, claims, damages, or expenses incurred by the Customer or for which the Customer may become liable due to any failure by the Provider or its employees, subcontractors, or agents to comply with any of its obligations under this DPA or applicable Privacy and Data Protection Requirements.
    • The limitations on liability set forth in the Master Agreement shall apply to this DPA’s indemnity or reimbursement obligations.
16. Notice
    • Any notice or other communication given to a party under or in connection with this DPA shall be in writing and delivered to:

For the Customer: (i) to the points of contact Customer designates in the Master Agreement or Order Form, or (ii) to the Customer’s Admins such as Customer may identify in the QuickHelp Admin Portal;

For the Provider: BrainStorm, Inc. Ten South Center Street, American Fork, Utah 84003, security@brainstorminc.com.

• Clause 1 does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

Appendix A

Personal Information Processing Purposes and Details

Business Purposes:  To provide Customer with the Service, as set forth in the Master Agreement. 

Personal Information Categories:  The personal data transferred includes the name, work email, title, department, IP address, and other data in an electronic form in the context of Provider’s Service. 

Data Subject Types:  The data subjects include Customer’s representatives and end-users, primarily Customer’s employees, but also, potentially, contractors, affiliates and their affiliate’s employees and contractors, and collaborators thereof. 

Approved Subcontractors:  Microsoft Azure (hosting services); Google Analytics (data analytics); HubSpot (communications platform within the Service), and SendGrid (email messaging tool within the Service)

Provider’s legal basis for receiving Personal Information with cross-border transfer restrictions:  EU/US Privacy Shield Certified

Appendix B

Security Measures

Provider will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of the data uploaded to the service, as described in the Master Agreement or in this DPA, or otherwise made reasonably available by Provider. The security practices described int his Appendix B are currently observed by Provider.  Although it reserves the right to modify or update these practices, Provider will not materially decrease the overall security of the Service during a subscription term.

PHYSICAL ACCESS CONTROLS:  QuickHelp is hosted in Microsoft Azure, a multi-tenant environment.  The physical and environmental security controls are audited for SOC 2 Type II compliance, among other certifications.

SYSTEM ACCESS CONTROLS:  Access controls within the Service are designed to permit role-based access control using least privileged access principals.  Provider utilizes multi-factor authentication for access to management system portals. 

DATA ACCESS CONTROLS:  Users of the Service have access to non-public data via the application.  Customers and their users are not allowed direct access to the underlying infrastructure of the Service.  Only Provider has direct access to Customer data and Customer’s Personal Information.  The authorization protocols is designed to permit only designated individuals access to the underlying infrastructure.  Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set.

TRANSMISSION CONTROLS:  Provider encrypts all QuickHelp data and Personal Information at rest and in-transit using HTTPS encryption.

INPUT CONTROLS:  Provider logs information regarding system behavior, system authentication, and other application requests.  Utilizing Azure Threat Detection, Provider is able to monitor and be responsive to malicious, unintended, or anomalous activities. Provider also maintains a record of security incidents.  Any suspected or confirmed security incident is investigated by Provider’s personnel, who then identify appropriate steps to resolve the incident and minimize damage or unauthorized disclosure (if any). 

DATA BACKUPS.  By hosting the Service in Azure, Provider is able to ensure redundancy and fail-over protections, including geo-redundancy.  All databases are backed up and maintained using industry standard methods. 

BrainStorm Content Submission Policy

This Content Submission Policy (this “Policy”) covers any Content (as defined below) submitted by you, the customer (“You”), a user of BrainStorm, Inc.’s (“BSI”) online, cloud-based QuickHelp™ software application (the “Service”), and is incorporated by reference to the QuickHelp Subscription Agreement (the “Agreement”) covering the Service.  Terms not otherwise defined in this Policy shall have the meaning as set forth in the Agreement.

The Service, among other things, allows certain authorized users to submit content to the Service and BSI is willing to allow You to submit content to the Service and to otherwise access and use the additional functionality of the Service in accordance with the terms of the Agreement and this Policy.  Except as otherwise provided in this Policy, the terms of the Agreement will continue to govern Customer’s and Your access to and use of the Service.  Unless otherwise agreed to in a separate writing between BSI and Customer, this Policy sets out the general duties that all of Customer’s users of the Service must follow with regard to any Content they submit to the Service.

BY SUBMITTING CONTENT TO THE SERVICE, YOU ACCEPT AND AGREE TO THE TERMS AND CONDITIONS OF THIS POLICY.  IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, YOU MAY NOT UPLOAD OR SUBMIT ANY CONTENT TO THE SERVICE. 

1. The Service contains interactive features that allow users to post, upload, submit, publish, display, or transmit content or other materials on or through the Service and that allow BSI to deliver the Content back to Customer and its users.  All Content must comply with the Content Standards set forth in paragraph 4 below (the “Content Standards”).  You are responsible for any Content submitted or contributed to the Service by You, including its legality, reliability, accuracy, and appropriateness.  BSI is not responsible or liable for the content or accuracy of any Content posted by Customer, You or any other users.  For purposes of this Policy, “Content” means all data, text, information, images, audio and video clips, sounds, musical works, works of authorship, links, and other content or materials that is created or originally provided by You or any other user of the Service and submitted, uploaded, posted or displayed on or via the Service.  Content shall not include any content prepared or created by or for BSI or that is originally provided to You or Customer by BSI. 
2. Reservation of Rights; License to Use. By providing Content to BSI via the Service, You represent and warrant that You or Customer own or control all rights in and to the Content uploaded or posted on or through the Service.  Except for Content, as between the parties, BSI and its licensors own and retain all right, title and interest in and to all other content created, submitted, uploaded, posted or displayed by, to, on or through the Service.  BSI does not claim ownership of any Content posted on or uploaded to the Service by You, Customer or any other user of the Service.  Instead, and only as necessary for BSI to provide the Service, You and Customer hereby grant to BSI a worldwide, assignable, sublicensable, royalty-free, irrevocable, perpetual license to display, perform, reproduce, distribute, transmit, create Derivatives of, provide user access to, and otherwise use Content and any Derivatives.  For purposes of the Agreement, the term “Derivatives” of any subject matter shall mean and include, without limitation, all derivatives, enhancements, extensions, improvements, modifications, new products and the like, that to any extent incorporate or are based on or related to any portion of that subject matter. 
3. You agree not to upload any Content to the Service that (i) violates any applicable federal, state, local, or international law or regulation (including, without limitation, any laws regarding the export of data or software to and from the United States or other countries), including, but not limited to, copyright and trademark laws, (ii) does not comply with the Content Standards, (iii) introduces any viruses, Trojan horses, worms, logic bombs, or other material that is malicious or technologically harmful, or attempts to gain unauthorized access to any parts of the Service, or (iv) otherwise interferes with the proper working of the Service.
4. Content Standards.  Content must not (i) contain any material that is defamatory, obscene, indecent, abusive, offensive, harassing, violent, hateful, inflammatory, or otherwise objectionable, (ii) promote or contain any sexually explicit or pornographic material, violence, or discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age, (iii) infringe any patent, trademark, trade secret, copyright, or other intellectual property or other rights of any other person, (iv) violate the legal rights (including the rights of publicity and privacy) of others or contain any material that could give rise to any civil or criminal liability under applicable laws or regulations or that otherwise may be in conflict with the Agreement, (v) be likely to deceive any person, (vi) promote any illegal activity, or advocate, promote, or assist any unlawful act, (vii) cause annoyance, inconvenience, or needless anxiety or be likely to upset, embarrass, alarm, or annoy any other person, (viii) impersonate any person, or misrepresent Customer’s or any user’s identity or affiliation with any person or organization, (ix) involve commercial activities, advertising or sales, such as contests, sweepstakes and other sales promotions, or (x) give the impression that Content emanates from or is endorsed by BSI or any other person or entity.  The foregoing restrictions are collectively referred to as the “Content Standards.” 
5. Violations of this Policy may, at BSI’s sole discretion, result in the suspension or termination of Your and/or Customer’s access to the Service and/or immediate removal of Content.  If Content uploaded by You violates this Policy, You and/or Customer will bear legal responsibility for that Content.  By uploading Content to the Service, You and Customer agree that BSI is not responsible for Content uploaded.
6. Changes and Updates to This Policy.  BSI reserves the right, in its sole discretion, to change the terms and conditions contained in this Policy from time to time.  Unless BSI makes a change for legal or administrative reasons, BSI will provide reasonable advance notice before the updated terms to this Policy become effective (“Updated Policy Terms”).  All Updated Policy Terms will be posted to the Service, and will be effective as of the time of posting, or such later date as may be specified in the Updated Policy Terms.

Instructor-Led Training Terms and Conditions

These BrainStorm, Inc. (“BrainStorm” or “We”) Instructor-Led (“ILT”) Terms and Conditions are applicable to all ILT Services, unless otherwise mutually agreed to by the parties.  For the purposes of these Terms and Conditions, “ILT Services” consists of the instructor led training services described in the attached Quote or Statement of Work (collectively, the “SOW”).

Fees & Expenses

In consideration of BrainStorm’s performance of the ILT Services, You agree to pay BrainStorm the fees and expenses described in the SOW (the “Training Fees”).  All Training Fees are due and payable within 30 days of the date of the invoice.  Any amounts that are unpaid after the due date shall be subject to a late fee of 1.5% per month, or the highest rate allowed by law if lower, from the due date until such amounts are paid.  Without limiting its rights or remedies hereunder, BrainStorm shall have the right to suspend the Services if any payment is not received within 30 days of the invoice date.  Client shall be responsible for any taxes imposed on the Services, other than taxes measured by any net income derived by BrainStorm. 

ILT Services Policies

The following policies are subject to change at any time and for any reason. 

Rush Requests

All trainings must be scheduled and confirmed at least twenty (20) business days prior to the start date of the requested training. Customers scheduling a training within fifteen (15) business days of the start date will be charged a scheduling rush premium of thirty percent (30%) of the price for the services delivered and flat travel rate within the rush period.

The customer will confirm and provide BrainStorm with the training location for all onsite trainings no later than ten (10) business days prior to the start date of the training. If a customer confirms a training under (10) business days prior to the start date of the training, customers will be charged actual travel costs.

Training Hours

One training day is defined as a consecutive, 10-hour time period between 8:30 a.m. – 8:00 p.m. EST/EDT. This 10-hour consecutive time includes a one-hour prep period, 30-minute breaks between sessions, and a one-hour lunch break. If sessions need to be scheduled outside of these hours, this preference must be indicated upon requesting training dates. Training outside of BrainStorm’s supported training hours has an associated price premium. Finally, when delivering training outside of BrainStorm’s standard hours, the customer understands there is limited technical support available from BrainStorm.

Buzz Session - Attendee Limit

Buzz Sessions are capped at 200 attendees per session, and are priced accordingly. 

Cancellation and Rescheduling Policy

Customers cancelling or rescheduling confirmed training dates within fifteen (15) business days of the start date will be charged fifty percent (50%) of the total cost of canceled or rescheduled services + non-refundable travel expenses. Canceling or rescheduling confirmed training dates within ten (10) business days of the start date will incur 100% the cost of canceled services + non-refundable travel expenses.

Recording and Distribution Policy

BrainStorm does not allow the recording or distribution of any instructor-led training service.

Curriculum Customization Policy

Any customization of the training curriculum must be finalized at least ten (10) business days prior to the start date of training. Customizations that are not finalized at least ten (10) business days prior to the start date are not guaranteed to be implemented during the training.

Online Training Policy

BrainStorm has assembled a best-in-class technology solution and has further added redundancies to ensure seamless trainings. 95% of the time these trainings are completed without incident. However, due to specific client technology setups, internet speed variability, etc., there are rare occasions where users may experience technology issues or failure. 

To mitigate most issues, BrainStorm will conduct a tech check session prior to online training events and provide troubleshooting documentation to all clients. This documentation includes step-by-step resolution for common issues and tech support contact information.

In the event that a training has to be cancelled, we are unable to deliver the agreed upon curriculum, or the majority of users are unable to access the training environment due to technology issues, we will offer a make-up session to ensure all users have the opportunity to complete the training.

We monitor and evaluate our online meeting technology on an ongoing basis to ensure we are providing the best possible experience for our clients. As technology changes, we will continue to adopt best- in-class solutions.

Online Training Audio Solutions

BrainStorm’s primary audio options for virtual training are:

1. VoIP (integrated computer audio)
2. BrainStorm’s toll conference bridge
3. Customer provided conference bridge

Please note that BrainStorm’s primary conference bridge is a toll conferencing solution. Any costs incurred by callers are based solely on the caller's long-distance plan with their provider. Most providers do not charge for long distance calling. However, if unsure, please verify with your provider that this is the case.

We recommend participants outside of the US or Canada use the VoIP solution. Using the toll conference bridge will result in a long-distance charge to callers outside of North America, rates varying by provider.

You may also choose to supply their own conference bridge for a virtual training. Note that in this case, the audio is not integrated with VoIP.

Materials; Intellectual Property Rights

As part of the ILT Services, BrainStorm may provide You with handouts or other written materials (the “Materials”).  BrainStorm hereby grants You a worldwide, perpetual, non-exclusive, non-transferable, royalty-free license to retain and use all such Materials for Your internal business purposes.  BrainStorm retains all ownership and all intellectual property rights in and to such Materials. 

BrainStorm Software

The ILT Services that BrainStorm will provide may be in support of Your purchase or license, under separate agreement(s), of BrainStorm’s QuickHelp™ software (the “Software”) and/or BrainStorm’s Quick Start™ Cards (the “Cards”).  Such separate agreement(s) shall govern Your use of the Software and/or the Cards.  Neither these Terms and Conditions nor any Statement of Work grants You any right or license to access or use such Software or Cards.

Warranties

You acknowledge that BrainStorm’s obligations hereunder are limited to providing the Services and BrainStorm shall not be deemed to have guaranteed any results or the achievement of any certain performance levels as a result of the Services.  BRAINSTORM PROVIDES THE SERVICES ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT WARRANTY OF ANY KIND.  ACCORDINGLY, BRAINSTORM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE AND ANY IMPLIED WARRANTIES ARISING OUT OF COURSE OF PERFORMANCE OR COURSE OF DEALING.

Indemnification

BrainStorm agrees to defend You against any claim, demand, suit, or proceeding (each, a "Claim") made or brought against You by a third party alleging that the ILT Services infringe or misappropriate the intellectual property rights of such third party and to indemnify You from any damages finally awarded by a court of competent jurisdiction against You or amounts agreed to in settlement in connection with any such Claim.  BrainStorm’s obligations under this Section shall only apply to the extent that: (a) You promptly notify BrainStorm in writing of the Claim; (b) BrainStorm has control of the defense and all related settlement negotiations relating to the Claim; and (c) You provide BrainStorm with the assistance, information and authority reasonably necessary to perform the above.  The foregoing constitutes BrainStorm’s total liability with respect to any Claim.  Should BrainStorm’s right to provide the ILT Services pursuant to these Terms and Conditions be subject to a Claim of infringement or if BrainStorm reasonably believes such a Claim of infringement may arise, BrainStorm may, at its option and in its sole discretion and at no cost to Client: (i) procure the right to continue to provide the ILT Services; (ii) modify the ILT Services to render them non-infringing; or (iii) immediately cease providing the ILT Services. 

Confidentiality

“Confidential Information” means all confidential or proprietary information disclosed orally or in writing by one Party to the other that is identified as confidential or the confidential nature of which is reasonably apparent.  Confidential Information shall not include information which:  (a) is or becomes a part of the public domain through no fault of the receiving Party; (b) was in the receiving Party’s lawful possession prior to the disclosure; (c) is lawfully disclosed to the receiving Party by a third party without restriction on disclosure or any breach of confidence; (d) is independently developed by the receiving Party; or (e) is required to be disclosed by law.  Each Party agrees to hold the other’s Confidential Information in confidence, and to not use or disclose such Confidential Information other than in connection with the performance of its obligations hereunder.

Limitation of Liability

UNDER NO CIRCUMSTANCES SHALL BRAINSTORM BE LIABLE TO YOU WITH RESPECT TO ANY SUBJECT MATTER OF THE ILT SERVICES OR THESE TERMS AND CONDITIONS, WHETHER UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHER LEGAL OR EQUITABLE THEORY, FOR (I) ANY INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, OR LOST PROFITS; OR (II) ANY AMOUNTS THAT IN THE AGGREGATE ARE IN EXCESS OF THE AMOUNTS YOU PAY TO BRAINSTORM, REGARDLESS OF WHETHER BRAINSTORM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 

Force Majeure

Except for the payment of money, neither Party shall be liable for any delays or nonperformance resulting from circumstances or causes beyond its reasonable control, including, without limitation, fire or other casualty, act of God, strike or labor dispute, failures or outages of the Internet or other information transmission systems, war or other violence, or any law, order, or requirement of any governmental agency or authority.

Independent Contractors

It is understood and agreed that each Party hereto is an independent contractor and that neither Party is, nor shall be considered to be, the other’s agent, partner, fiduciary, joint venturer, co-owner, or representative.  Neither Party shall act or represent itself, directly or by implication, in any such capacity or in any manner assume or create any obligation on behalf of, or in the name of, the other.

General

You may not assign or transfer the ILT Services or these Terms and Conditions without the prior written consent of BrainStorm, and any attempt to do so shall be void.  Subject to the foregoing, the ILT Services or these Terms and Conditions shall be binding upon and inure to the benefit of the Parties hereto and their permitted successors and assigns.  Any notice required to be given hereunder by either Party shall be in writing and shall be delivered personally or sent by certified or registered mail, postage prepaid, or by private courier to the other Party to the address set forth in the SOW, or to such other address as either Party may designate from time to time.  No waiver of any of the provisions of these Terms and Conditions shall be deemed, or shall constitute, a waiver of any other provision, whether or not similar, nor shall any waiver constitute a continuing waiver.  Any waiver, modification or amendment of any provision of the ILT Services or these Terms and Conditions shall be effective only if in writing in a document that specifically refers to the ILT Services or these Terms and Conditions and such document is signed by both of the Parties hereto.  If any provision of these Terms and Conditions shall be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that these obligations shall otherwise remain in full force and effect and enforceable.  The ILT Services and these Terms and Conditions shall be governed by and construed in accordance with the laws of the State of Utah, without reference to choice of law principles.  The Parties hereby submit themselves to the exclusive jurisdiction of the federal and state courts located in Salt Lake City, Utah.  In the event of any litigation or arbitration arising out of the ILT Services or these Terms and Conditions, the prevailing Party shall be entitled to be reimbursed for all reasonable costs and expenses, including reasonable attorneys’ fees incurred in connection with such litigation or arbitration.  Without limiting the foregoing, You agrees to pay all costs and expenses incurred by BrainStorm in any attempt to collect any amount due to BrainStorm for the provision of the ILT Services, including all costs of legal action and reasonable attorneys’ fees.  These Terms and Conditions constitute the full and complete understanding and agreement of the Parties hereto with respect to the subject matter covered herein and supersedes all prior oral or written understandings and agreements with respect thereto.  No terms, provisions or conditions of any purchase order, acknowledgement or other business form that either of the Parties may use in connection with the Services will have any effect on the rights, duties or obligations of the Parties under, or otherwise modify, the ILT Services or these Terms and Conditions, regardless of any failure of the other Party to object to such terms, provisions or conditions.  BrainStorm may, in its reasonable discretion, use subcontractors to perform any of its obligations hereunder.  Your rights under these Terms and Conditions are non-exclusive and nothing herein shall be deemed to prohibit BrainStorm from providing training or other services that are similar to the ILT Services for its other customers and clients.

QUICK START CARD LICENSE AGREEMENT

PLEASE READ THIS LICENSE AGREEMENT CAREFULLY. BY UTILIZING THE LICENSED WORKS YOU ACCEPT AND AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, YOU MAY NOT UTILIZE THE LICENSED WORKS, BUT CAN OBTAIN A REFUND.

This Quick Start Card License Agreement (this “Agreement”), is entered into by and between BrainStorm, Inc, a Delaware corporation, with principal offices at 10 South Center Street, American Fork, Utah 84003 (the “Licensor”), and YOU (the “Licensee”).  This Agreement is effective as of the Effective Date of our Order Form or the date You download the Licensed Works (defined below), whichever is earlier (the “Effective Date”). 

WHEREAS, Licensor owns the Quick Start Cards, which contain step-by-step instructions on how to use one or more off-the-shelf software programs on an electronic portable document format (.pdf) as further set forth Your Order Form (the “Licensed Works”). Licensee desires to license from Licensor certain rights with respect to the Licensed Works, as more fully set forth below.

NOW THEREFORE, in consideration of the covenants contained herein and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties hereto hereby agree as follows:

1. Grant of License. Subject to the terms and conditions of this Agreement, Licensor hereby grants to Licensee, under Licensor's applicable intellectual property rights, and Licensee hereby accepts from Licensor, upon the terms set forth in this Agreement, an non-exclusive, non-transferable (except as provided in Section 10(a)), non-sublicensable, time-limited, restricted, revocable, internal license to (a) host non-editable electronic copies (.pdf files) of the Licensed Works on an internal Licensee computer network, or intranet, for access by the number of authorized users set forth in Your Order Form attached hereto who are employees or independent contractors of Licensors (“Authorized Users”), and (b) print non-professional quality (e.g. inkjet, laserjet) for the sole purpose of providing computer and software training and support up to Authorized Users .  Licensor shall include, and if already included, shall not remove or obscure, a copyright notice at the bottom of each Licensed Work indicating that Licensor is the copyright holder of the Licensed Works, and Licensee shall not remove or obscure such notice. 

2. Restrictions on Use. Licensee acknowledges that the Licensed Works constitute valuable property of Licensor.  Accordingly, Licensee agrees that without Licensor’s prior written consent, it will not (a) modify, adapt, alter, translate, or create derivative works from the Licensed Works; (b) sublicense, lease, rent, loan, or otherwise transfer (except as provided in Section 10(a)) any portion of the Licensed Works or any copies (whether electronic or paper) thereof to any third party, (c) otherwise use or copy the Licensed Software except as expressly allowed in this Agreement, (d) sell, distribute, or provide access to, in part or in whole, internally or externally, professionally printed copies (e.g. card stock, laminated, etc.) of the Licensed Works, or (e) make the Licensed Works available to users who are not Authorized Users through any network or electronic media, including without limitation the Internet.

3. Proprietary Rights. Licensee acknowledges and agrees that the Licensed Works and all right, title and interest therein, is and shall remain the exclusive property of Licensor. Licensee agrees never to contest Licensor’s rights in and to the Licensed Works, and agrees never to take any action that could reasonably be expected to limit or diminish Licensor’s rights in the Licensed Works.

4. Payment. Licensee shall submit payment to Licensor for the Licensed Works in the amounts set forth in the invoice issued by Licensor to Licensee and in accordance with the payment terms set forth in Schedule A attached hereto.

5. Term. The term of this Agreement commences on the Effective Date and shall terminate, unless sooner terminated by Licensor, on the ten (10) year anniversary hereof (the “Term”).

6. Termination. Licensor may terminate this Agreement upon ten (10) days’ notice to Licensee if Licensee is in material breach of this Agreement and such breach has not been cured with such 10-day period (to the extent curable). Such termination shall not be deemed to be a waiver on Licensor’s part of any other rights or remedies it may have by reason of the circumstances on which the termination is predicated.  Upon termination or expiration of this Agreement, Licensee shall immediately discontinue the use of the Licensed Works by its employees and independent contractors and remove all copies, regardless of the format or medium thereof, of the Licensed Works from its premises, servers, and cloud, and return to Licensor, within five (5) days, all the Licensed Works, including all copies thereof, regardless of the format or medium thereof. Upon termination or expiration of this Agreement, all rights granted to Licensee hereunder shall automatically revert to Licensor without further notice.

7. DISCLAIMER OF WARRANTIES. LICENSOR LICENSES THE LICENSED WORKS TO LICENSEE “AS IS,” WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, AND LICENSOR HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESSED OR IMPLIED.

8. DISCLAIMER OF DAMAGES; LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCE SHALL LICENSOR OR LICENSEE BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF LICENSOR OR LICENSEE, AS THE CASE MAY BE, HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. LICENSOR’S CUMULATIVE LIABILITY FOR DAMAGES FOR ANY CAUSE WHATSOEVER, AND REGARDLESS OF THE FORM OF THE ACTION, WILL BE LIMITED TO NO GREATER THAN THE AMOUNT OF MONEY PAID TO LICENSOR BY LICENSEE FOR THE LICENSED WORKS THAT CAUSED THE DAMAGES.

9. Survival of Certain Provisions. Notwithstanding any provisions of this Agreement stating otherwise, the provisions of Sections 2, 3, 6, 7, 8, 9, and 10 shall survive any completion, rescission, expiration or termination of this Agreement, and be enforceable against the parties hereto.
   
   
10. Miscellaneous Provisions.

(a)        The parties hereto hereby certify that each has read and understands the terms hereof.  Any term hereof may be amended or waived only with the written consent of both parties or their respective successors and assigns.  This Agreement may be assigned only with the written consent of the both parties.  This Agreement shall inure to the benefit of, and is binding upon the heirs, executors, administrators, successors, and assigns of the parties.  This Agreement may be executed in two or more counterparts, each of which shall be deemed an original, and all of which together shall constitute one instrument.  If any provision hereof is held by a court of competent jurisdiction to be void or unenforceable for any reason, the remaining provisions hereof shall nevertheless continue in full force and effect.  This Agreement (including Schedule A and the invoice issued in connection herewith) constitutes the entire agreement between the parties hereto with respect to the subject matters covered by it, and supersedes all prior oral or written agreements between the parties hereto relating to such matters.  All notices, requests and other communications to any party hereunder will be in writing and will be given to such party at its address stated in the invoice issued by Licensor to Licensee.  In the event that a party hereto who is required to engage the services of legal counsel to enforce the terms and conditions hereof against the other is successful in doing so, regardless of whether such action results in litigation, such party shall be entitled to the reimbursement by the other party of all reasonable attorneys' fees and court costs incurred by the successful party.  This Agreement shall be governed by the laws of the State of Utah without regard to its conflicts of laws rules.  Each of the parties hereto consents to the exclusive jurisdiction and venue of the courts of the State of Utah or the Federal District Court for the District of Utah.

(b)        The parties hereto acknowledge and agree that a violation of this Agreement may result in irreparable injury to the non-breaching party hereto, the exact amount of which may be difficult to ascertain and the remedies at law for which will not be reasonable or adequate compensation to the non-breaching party hereto for such a violation. Accordingly, each party hereto agrees that if it violates any of the provisions of this Agreement, in addition to any other remedy available at law or in equity, the other party hereto will be entitled to seek specific performance or injunctive relief without posting a bond, or other security, and without the necessity of proving actual damages.

Terms & Conditions:

Legal and Privacy Notices

This website is owned and operated by BrainStorm, Inc (BrainStorm) at https://www.brainstorminc.com. The material contained within this website is periodically checked for accuracy and is presented without any warranties, either expressed or implied. BrainStorm, will assume no, and hereby disclaims any, responsibility for any errors or omissions of this website's content. BrainStorm shall not be responsible for any damages incurred as a result of the content or use of this website.

By using the material at this website, all users agree to all terms and conditions contained in this website, which are subject to change without notice, as well as all applicable laws, and do so at their own risk. All changes to this legal notice will be posted to this website in a timely manner.

Materials contained within this website are intended for U.S. residents. While BrainStorm does ship internationally, any deliveries requested for addresses outside the U.S. are subject to refusal by BrainStorm, Inc.

Any link between BrainStormInc.com and any other website does not constitute an endorsement of the linked site. BrainStorm does not make and hereby disclaims any warranty as to the content of any other website linked to BrainStormInc.com. Exercise caution when communicating or interacting with any website.

This website and all information contained herein are provided "as is" and without warranties of any kind, express or implied. BrainStorm shall not be liable for any damages whatsoever arising out of or relating to the use by any person of this site, including but not limited to direct, indirect, consequential or punitive damages, including damages to hardware or software resulting from use of this site.

Any questions regarding these legal notices may be directed to:

BrainStorm, Inc.
Ten South Center
American Fork, UT
84003 USA

Our Pricing Policy

BrainStorm is committed to offering quality merchandise at fair, competitive prices. In most cases, the internet prices will reflect prices available by calling or otherwise contacting BrainStorm. However, there may be some exceptions. Prices and sales are subject to change without notice.

Our Return Policy

We are confident that you will be satisfied with your BrainStorm purchase. However, should you decide that the item(s) that you have purchased does not, for some reason, meet your needs, BrainStorm will accept returns for in-store credit (less original shipping amount) based on the following Return Policy:

• The item(s) is returned within thirty (30) calendar days of purchase.
• The item(s) is returned with its original BrainStorm receipt.
• The item(s) is in its original, unused condition (unless there is a product defect).

Please mail return item(s) to BrainStorm at one of the following addresses:

United States Postal Service:
BrainStorm, Inc.
Attn: Returns Department
Ten South Center
American Fork, UT
84003 USA

FedEx or UPS:
BrainStorm, Inc.
Attn: Returns Department
Ten South Center
American Fork, UT
84003 USA

Please note that return postage, and lost and damaged packages will be the responsibility of the returner. BrainStorm strongly suggests that you insure your return package. If you have any questions about BrainStorm's return policy, please email websupport@brainstorminc.com.

Our Cancellation Policy

Customers cancelling within twenty (20) business days of the start date will be charged fifty percent (50%) of the total cost of services. Canceling within ten (10) business days of the start date will incur the total cost of services. Any such fee charged will not be applied to the price of any rescheduled courses. Customer will always incur any non-refundable travel expenses associated with a course cancellation.

Our Rescheduling Policy

Customers rescheduling within ten (10) business days of the start day of training will incur the cost of any non-refundable or change charges incurred for travel arrangements. Any rescheduling within five (5) business days of the start day of training will incur fifty percent (50%) of the total cost of services along with any non-refundable or change charges incurred.

Our Privacy Statement

We understand that your privacy is very important to you. You can trust we make every effort to handle your personal information in a secure and safe way. Please feel free to review our privacy policy below and contact websupport@brainstorminc.com if you have any questions.

BrainStorm will not share any information about our customers which we collect at our website with anyone. If you provide us with your personal information, comments, or requests for information, we keep your personal information private. We value your privacy as much as you do.

No unauthorized parties will be allowed access to your personal information and we will not sell or otherwise knowingly make your information available to anyone outside our organization, unless required to do so by law. As a customer, your information may be applied to our in-house marketing programs to inform you of product arrivals and other items we think you might find of interest. If you begin receiving materials from us and wish to have them stopped, simply contact us.

Privacy is of great importance on the internet. Technology is constantly changing, and we will change along with it. We will be on constant guard against piracy, and implement whatever measures are required to give you the most secure experience we can reasonably provide. We reserve the right to change this policy, and to apply any changes to information previously collected, as permitted by law.

BrainStorm uses cookies. Cookies are files that a website transfers to your computer's hard drive to store data that you provide. Cookies facilitate future visits to the website so we can customize content to specific interests. If the cookie contains confidential information, we encrypt it and deliver it using secure sockets layer (SSL) security, which protects the information as it travels between your computer and our service. (If you are uncomfortable with the use of cookies, please keep in mind that you can disable cookies on your computer by changing the settings your browser's "Preferences" or "Options" menu selection.)

Our site may link to other sites not controlled by BrainStorm. We are not responsible for the privacy or security practices of any other websites.

We reserve the right to change this policy at any time without notice.

The Children's Online Privacy Protection Act (COPPA)

The Children's Online Privacy Protection Act (COPPA) protects the online privacy and personal information of children under 13 years of age. In compliance with this act, BrainStorm does not promote online to children, and does not intentionally collect any personally identifiable information from children under 13.

Our Copyright Notice

The contents of this site are the property of BrainStorm and are subject to United States and worldwide laws and treaties restricting the copy, distribution, publishing and transmission of same. No portion of this site may be copied, distributed, published or transmitted without the express written consent of BrainStorm.

All of this website's content and supporting code are copyrighted by or licensed to BrainStorm and all rights are reserved. All content copies, either electronic or printed, are for personal use only. The content and supporting code contained herein may not be used in any other manner unless express written permission is obtained in advance.

Our Trademarks Policy

BrainStorm has attempted to supply trademark information about company names, products, and services mentioned on this website. The following list of trademarks was derived from various sources:

• BrainStorm, Inc. is a registered trademark of BrainStorm, Inc.
• NetWare, GroupWise, and Novell are registered trademarks of Novell, Inc. in the United States and other countries.
• Adobe is a registered trademark of Adobe Systems Incorporated. Microsoft is a registered trademark of Microsoft Corporation. All other product names mentioned herein may be trademarks or registered trademarks of their respective companies.