NICE inContact SymXchange Interface End User License Agreement

BY CLICKING A BOX INDICATING ACCEPTANCE OF, OR EXECUTING AN ORDER THAT INCORPORATES, THIS USER AGREEMENT (“Agreement”), THE IDENTIFIED INDIVIDUAL, ORGANIZATION, OR OTHER LEGAL ENTITY (“Customer”) AGREES THE TERMS AND CONDITIONS OF THIS AGREEMENT GOVERN CUSTOMER’S ACCESS TO AND USE OF THE NICE INCONTACT SYMXCHANGE INTERFACE (“Services”) PROVIDED BY CONDADO GROUP. (“Condado“). THIS AGREEMENT IS EFFECTIVE AS OF THE DATE OF SUCH ACCEPTANCE OR EXECUTION (“Effective Date”).

ANY INDIVIDUAL AGREEING TO BE BOUND BY THIS AGREEMENT ON BEHALF OF AN ORGANIZATION OR OTHER LEGAL ENTITY REPRESENTS THAT SUCH INDIVIDUAL HAS THE AUTHORITY TO BIND SUCH ENTITY TO THE TERMS AND CONDITIONS CONTAINED HEREIN.  

CUSTOMER SHALL NOT ACCESS OR USE THE SERVICES WITHOUT PRIOR WRITTEN CONSENT OF CONDADO IF CUSTOMER IS OR BECOMES A DIRECT COMPETITOR TO CONDADO OR ITS AFFILIATES.  

 

Section 1 – Services 

1.1 Right to Access and Use. Subject to the terms and conditions of this Agreement and in consideration of the fees specified in any Order or SOW, Condado hereby grants Customer a non-exclusive, non-transferable right to access and use Condado’s Services during the applicable Term for Customer’s own business purposes. Users may exercise such limited right on behalf of Customer.  

1.2 Restrictions. Customer’s access to and use of the Services during any Term is subject to the applicable restrictions in an Order, SOW or any restrictions defined in NICE inContact Terms as of such Term’s start date. Customer shall not permit a set of login credentials for a Service to be used by more than one User and shall not commercially sell, resell, license, sublicense, distribute, or frame the Services to a third party. Customer shall access and use the Services in compliance with this Agreement, the Documentation, and applicable laws and regulations, and shall promptly notify Condado of any known unauthorized access or use. Customer is responsible for Users’ access to and use of the Services.

Section 2 – Security and Processing.  

2.1 Security. Condado has implemented and will maintain information security policies and safeguards as described in SCHEDULE 1 to this Agreement, which include physical, organizational, and technical measures designed to preserve the security, integrity, and confidentiality of Customer Content and to protect against information security threats. Condado may update such security policies and safeguards from time to time, provided that any such update does not materially reduce the overall level of security or commitments as described in Schedule 1.
 

2.2 Processing. Customer represents and warrants that it has all rights, permissions, and consents necessary to: (a) submit all Customer Content to the Services; and (b) grant Condado the limited rights to process Customer Content for the provision of the Services. Condado’s limited right to process Customer Content hereunder will not excuse any obligation of Condado relating to Customer Content under this Agreement.

2.3 Subcontractors. Condado may engage subcontractors to act on Condado’s behalf in connection with Condado’s provision of the Services, including processing Customer Content, provided that: (a) such subcontractors are subject to applicable confidentiality and data security obligations that are substantially as protective as those set forth in this Agreement; and (b) Condado is responsible for such subcontractors’ acts and omissions in relation to Condado’s obligations under this Agreement.

 

Section 3 – Intellectual Property and Proprietary Rights.  

3.1 Condado. As between the parties, all right, title, and interest in and to Condado Properties is owned by Condado notwithstanding any other provision in this Agreement. Except as expressly set forth in this Agreement, Condado does not convey any rights to Customer or any User. 

3.2 Customer. As between the parties, Customer retains all its right, title, and interest in and to Customer’s Confidential Information, including Customer Content, and all intellectual property and proprietary rights therein. Except as expressly set forth in this Agreement, Condado acquires no right, title, or interest from Customer under this Agreement in or to Customer Content.

3.3 Feedback. Customer grants Condado a worldwide, irrevocable, perpetual, sublicensable, transferable, non-exclusive license to use and incorporate into Condado’s products and services any feedback or suggestions for enhancement that Customer or a User provides to Condado (“Feedback”), without any obligation of compensation. Feedback is provided by Customer “as-is,” without representations or warranties, either express or implied, including any warranties of merchantability or fitness for a particular purpose.

Section 4 – Ancillary Services; Third Party Products.  

4.1 Professional Services. Condado and Customer may enter into SOWs or Orders under this Agreement for the provision of Professional Services. If Condado provides Professional Services to Customer, Customer’s rights to access and use Customizations resulting from such Professional Services are subject to the limitations and restrictions set forth in Services of this Agreement.

4.2 Condado API. Condado may make an application programming interface or other similar development tools available within an online Service which establishes an interface with such Service (“Condado API”). Unless Customer has entered into Condado’s separate developer agreement and Condado has provided Customer with an application ID for authentication purposes, Customer shall not use or enable a third party to use any Condado API: (a) in a manner that causes Customer to exceed the limits of its authorized use of the applicable Service as set forth in this Agreement or an applicable Order; or (b) to access a Condado account not otherwise controlled by Customer.

4.3 Third Party Products. If Customer separately procures services, applications, or online content from a third party (“Third Party Products”) for use with the Services, any such use is subject to the end-user license or use agreement that Customer accepts from or establishes with the third party. Third Party Products are not Services and, as between the parties, Condado has no liability with respect to Customer’s procurement or use of Third Party Products.

Section 5 – Fees and Payment. 

5.1 Fees. Customer will pay Service fees specified in each Order or SOW. All Service fees are nonrefundable once paid except as otherwise expressly provided in this Agreement or the applicable Order or SOW. Condado may increase the unit price specified in an Order for any Renewal Term upon written notice to Customer (including via email), provided that if the number of units purchased by Customer for such Renewal Term is equal or greater than the number of units up for renewal, then such notice must be provided at least forty-five (45) days prior to the start of the Renewal Term.

5.2 Resellers. Customer may elect to purchase certain Services through a reseller authorized by Condado (“Reseller”). Customer’s obligation for payment to, and its relationship with, any Reseller is between Customer and such Reseller, and Customer must direct any claims for refunds owed hereunder to such Reseller. 

Section 6 – Confidentiality.  

6.1 Confidential Information.Confidential Information” means all non-public, proprietary, business, technical, legal, or financial information disclosed or learned in connection with this Agreement that the Disclosing Party has identified as confidential at the time of disclosure or that, based on the nature of the information or circumstances surrounding its disclosure, the Receiving Party would clearly understand it as confidential. Confidential Information includes Condado Properties with regard to Condado and Customer Content with regard to Customer. Notwithstanding the foregoing definition, Confidential Information does not include: (a) information that was generally known to the public at the time disclosed to the Receiving Party; (b) information that becomes generally known to the public (other than through a breach of Confidentiality by the Receiving Party) after disclosure to the Receiving Party; (c) information that was in the Receiving Party’s possession free of any obligation of confidentiality prior to disclosure by the Disclosing Party; (d) information that is rightfully received by the Receiving Party from a third party without any restriction on disclosure; or (e) information that was independently developed by the Receiving Party without reference to or use of Disclosing Party’s Confidential Information. ALL CONFIDENTIAL INFORMATION IS PROVIDED “AS IS.”  EXCEPT FOR THE WARRANTIES EXPRESSLY STATED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, EXPRESSED OR IMPLIED, CONCERNING THE ACCURACY OR COMPLETENESS OF ITS CONFIDENTIAL INFORMATION.

6.2 Use and Disclosure of Confidential Information. The Receiving Party: (a) will not use the Disclosing Party’s Confidential Information for any purpose except as permitted under this Agreement; (b) will not disclose, give access to, or distribute any of the Disclosing Party’s Confidential Information to any third party, except to the extent expressly authorized in this Agreement or a separate written agreement signed by the Disclosing Party; and (c) will take reasonable security precautions (which will be at least as protective as the precautions it takes to preserve its own Confidential Information of a similar nature) to safeguard the Disclosing Party’s Confidential Information. Notwithstanding the foregoing, the Receiving Party may disclose Confidential Information to those of its employees, directors, Affiliates, advisors, agents, contractors, and other representatives (“Representatives”) who need to know such information in order to exercise their respective rights and obligations hereunder, provided that each such Representative is bound to protect the Confidential Information by confidentiality obligations substantially as protective as those set forth in this Agreement. The Receiving Party will be responsible for its Representatives’ disclosure or use of the Disclosing Party’s Confidential Information in violation of Section 6 (Confidentiality). The Receiving Party will promptly notify the Disclosing Party in writing upon discovery of any unauthorized disclosure or use of the Disclosing Party’s Confidential Information, or any other breach of Section 6, by it or its Representatives. The Receiving Party’s obligations set forth in Section 6 will remain in effect during the Term and for three (3) years after termination of this Agreement. The disclosure of Confidential Information to the Receiving Party does not grant or convey any right of ownership of such Confidential Information. 

6.3 Required Disclosures. The Receiving Party may disclose Confidential Information to the extent required by law or legal process, provided, however, the Receiving Party will (unless prohibited by law or legal process): (a) give the Disclosing Party prior written notice of such disclosure to afford the Disclosing Party a reasonable opportunity to appear, object, and obtain a protective order or other appropriate relief regarding such disclosure; (b) use diligent efforts to limit disclosure to that which is legally required; and (c) reasonably cooperate with the Disclosing Party, at the Disclosing Party’s expense, in its efforts to obtain a protective order or other legally available means of protection.

6.4 Return and Deletion. Upon written request by the Disclosing Party, the Receiving Party will, without undue delay: (a) either return or destroy all tangible documents and media in its possession or control that contain the Disclosing Party’s Confidential Information; (b) delete electronically stored Confidential Information of the Disclosing Party in its possession or control; and (c) certify its compliance with this Section 6.4 in writing. Notwithstanding the foregoing: (x) the Receiving Party will not be obligated to render unrecoverable Confidential Information of the Disclosing Party that is contained in an archived computer system backup made in accordance with the Receiving Party’s legal and financial compliance obligations or security and disaster recovery procedure; and Any such retained Confidential Information will remain subject to Section 6 (Confidentiality).  

6.5 Remedies. The Receiving Party acknowledges that any actual or threatened breach of Section 6 (Confidentiality) may cause irreparable, non-monetary injury to the Disclosing Party, the extent of which may be difficult to ascertain. Accordingly, the Disclosing Party is entitled to (but not required to) seek injunctive relief to prevent or mitigate any breaches of Section 6 with respect to the Disclosing Party’s Confidential Information or any damages that may otherwise result from those breaches.  

Section 7 – Representations and Warranties.
 

7.1 Authority and Compliance Warranty. Condado represents and warrants that it has the necessary authority to enter into this Agreement and that Condado shall comply with any United States laws and regulations to the extent such laws and regulations apply to Condado’s provision of the Services under this Agreement. For the avoidance of doubt, Condado shall not be responsible for Customer’s compliance with any laws and regulations applicable to Customer and its industry.  

7.2 Limited Warranty for Online Services. Condado represents and warrants that the online Services will operate during the applicable Term substantially as described in the applicable Documentation. Upon receipt of Customer’s written notice of any alleged failure to comply with this warranty, Condado will use commercially reasonable efforts to cure or correct the failure. If Condado has not cured or corrected the failure within thirty (30) days following its receipt of such notice, then Customer may terminate the applicable Order and Condado shall issue a refund of prepaid fees covering the terminated portion of the Subscription Services. Notwithstanding the foregoing, this warranty will not apply to any failure due to a defect in or modification of a Subscription Service that is caused or made by Customer, any User, or any person acting at Customer’s direction. This Section 7.2 sets forth Customer’s exclusive rights and remedies and Condado’s sole liability in connection with this warranty.
  

7.3 Limited Warranty for Professional Services. Condado represents and warrants that the Professional Services will be provided in a competent and workmanlike manner in accordance with the Order or SOW, as applicable. Customer must notify Condado in writing of any alleged failure to comply with this warranty within thirty (30) days following delivery of the Professional Services. Upon receipt of such notice, Condado will either: (a) use commercially reasonable efforts to cure or correct the failure; or (b) terminate the Professional Services and issue a refund of prepaid fees covering the terminated portion of the Professional Services. This Section 7.3 sets forth Customer’s exclusive rights and remedies and Condado’s sole liability in connection with this warranty.  

7.4 Disclaimer. EXCEPT FOR THE REPRESENTATIONS AND WARRANTIES EXPRESSLY STATED IN THIS AGREEMENT, CONDADO MAKES NO REPRESENTATIONS AND DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, CONDADO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, COMPLIANCE WITH LAWS, NON-INFRINGEMENT, AND ACCURACY, AND CONDADO DOES NOT WARRANT THAT THE SERVICES OR THIRD-PARTY APPLICATIONS AND SERVICES WILL BE ERROR-FREE OR OPERATE WITHOUT INTERRUPTIONS OR DOWNTIME. 

Section 8 – Indemnification.  

8.1 By Condado. Condado will defend Customer and its respective officers, directors, and employees (“Customer Indemnified Parties”) from and against any claims, demands, proceedings, investigations, or suits brought by a third party alleging that Customer’s use of the Services or Customizations in accordance with this Agreement infringes any third party intellectual property rights (each, a “Claim Against Customer”). Condado will indemnify Customer Indemnified Parties for any finally awarded damages or settlement amount approved by Condado in writing to the extent arising from a Claim Against Customer, and any reasonable attorneys’ fees of Customer associated with initially responding to a Claim Against Customer. Notwithstanding the foregoing, Condado will have no obligation under this Section 8.1 to the extent any Claim Against Customer arises from: (a) Customer’s use of the Services or Customizations in combination with technology or services not provided by Condado, if the Services or Customizations or use thereof would not infringe without such combination; (b) Customer Content; (c) Condado’s compliance with designs, specifications, or instructions provided in writing by Customer if such infringement would not have occurred but for such designs, specifications, or instructions; or (d) use of the Services or Customizations by Customer after notice by Condado to discontinue use. If Customer is enjoined or otherwise prohibited from using any of the Services or Customizations or a portion thereof based on a Claim Against Customer, then Condado will, at Condado’s sole expense and option, either: (x) obtain for Customer the right to use the allegedly infringing portions of the Service or Customizations; (y) modify the allegedly infringing portion of the Service or Customizations so as to render it non-infringing without substantially diminishing or impairing its functionality; or (z) replace the allegedly infringing portions of the Service or Customizations with non-infringing items of substantially similar functionality. If Condado determines that the foregoing remedies are not commercially reasonable or possible, then Condado will terminate the applicable Order or SOW and issue a refund of prepaid fees covering the terminated portion of the applicable Service.  

8.2 By Customer. To the extent permitted by applicable law, Customer will defend Condado and Condado’s Affiliates providing the Services, and their respective officers, directors, and employees (“Condado Indemnified Parties”) from and against any claims, demands, proceedings, investigations, or suits brought by a third party arising out of Customer Content or Customer’s use of the Services or Customizations in violation of applicable law (each, a “Claim Against Condado”). Customer will indemnify Condado Indemnified Parties for any finally awarded damages or settlement amount approved by Customer in writing to the extent arising from a Claim Against Condado, and any reasonable attorneys’ fees of Condado associated with initially responding to a Claim Against Condado.  

8.3 Conditions. The indemnifying party’s obligations under Section 8 (Indemnification) are contingent on the indemnified party: (a) promptly providing written notice of the claim to the indemnifying party, provided that the indemnifying party shall not be excused from its indemnity obligations for the indemnified party’s failure to provide prompt notice except to the extent that the indemnifying party is materially prejudiced thereby; (b) giving the indemnifying party sole control of the defense and settlement of the claim, provided that any settlement unconditionally releases the indemnified party of all liability and does not make any admissions on behalf of the indemnified party or include payment of any amounts by the indemnified party; and (c) providing the indemnifying party, at the indemnifying party’s expense, all reasonable assistance in connection with such claim. The indemnified party may participate in the defense of the claim at its sole cost and expense. Section 8 sets forth the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy for, any type of claim or action described in Section 8.  

Section 9 – Limitations of Liability

TO THE EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR ANY LOST PROFITS, GOODWILL, OR REVENUES OR FOR ANY INCIDENTAL, CONSEQUENTIAL, SPECIAL, INDIRECT, COVER, BUSINESS INTERRUPTION, OR PUNITIVE DAMAGES IN CONNECTION WITH ANY CLAIM OF ANY NATURE, WHETHER IN CONTRACT, TORT, OR UNDER ANY THEORY OF LIABILITY, ARISING UNDER THIS AGREEMENT, EVEN IF A PARTY HAS BEEN GIVEN ADVANCE NOTICE OF SUCH POSSIBLE DAMAGES OR IF A PARTY’S REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE.

 
TO THE EXTENT PERMITTED BY LAW, EACH PARTY’S ENTIRE LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE FEES PAID BY CUSTOMER TO CONDADO UNDER THIS AGREEMENT FOR THE SERVICES GIVING RISE TO THE LIABILITY DURING THE TWELVE (12) MONTHS PRIOR TO THE DATE ON WHICH THE LIABILITY AROSE. THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE THIS LIMIT. 


THE FOREGOING EXCLUSIONS AND LIABILITY LIMITS IN THIS SECTION 9 SHALL NOT APPLY TO DAMAGES OR LIABILITY RESULTING FROM CLAIMS OR OBLIGATIONS ARISING UNDER SECTIONS 1.2 (RESTRICTIONS) OR 8 (INDEMNIFICATION), INFRINGEMENT OR MISAPPROPRIATION BY A PARTY OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, OR CUSTOMER’S OBLIGATION TO PAY FOR SERVICES OR TAXES UNDER THIS AGREEMENT.  

Section 10 – General   

10.1 Insurance. Condado will procure and maintain at its expense commercially reasonable insurance coverage during the Term, evidenced by Condado’s certificate of insurance, which is available upon request.

10.2 Publicity. Unless Customer has notified Condado to the contrary in writing (including via email), Condado may disclose Customer as a customer of Condado, and may use Customer’s name and logo on the Site and in Condado’s promotional materials. Condado will request Customer’s prior written consent for any other uses.

10.3 Export Compliance. Each party shall comply with United States export control laws and regulations. Without limiting the foregoing: (a) Customer acknowledges that the Services, Documentation, and Customizations may be subject to United States Export Administration Regulations; (b) Customer will not permit Users to access or use any Service, Documentation, or Customization in a United States embargoed country; and (c) Customer is responsible for complying with any local laws and regulations which may impact Customer’s right to import, export, access, or use the Services, Documentation, and Customizations.

10.4 Assignment. Either party may assign this Agreement and any Orders or SOWs in connection with a merger or similar transaction or to a company acquiring substantially all of its assets, equity, or business, without any requirement to obtain permission for such assignment; otherwise, neither party may assign this Agreement or any Orders or SOWs to a third party without the advance written consent of the other party. Subject to the foregoing and notwithstanding any prohibitions on transferability under this Agreement, the assigning party shall notice the non-assigning party of any permitted assignment and this Agreement and any Orders or SOWs will bind and inure to the benefit of the parties, their successors, and their permitted assigns.

10.5 Force Majeure. Neither party is liable for delay or default under this Agreement if caused by conditions beyond its reasonable control, provided that the party suffering from any such conditions shall use reasonable efforts to mitigate against the effects of such conditions.

10.6 Amendment; Waiver. Unless otherwise expressly stated herein, this Agreement and any Orders or SOWs may be modified only by a written amendment or agreement executed by an authorized representative of each party.  The waiver of any breach of any provision of this Agreement or of any Order or SOW will be effective only if in writing, and no such waiver will operate or be construed as a waiver of any subsequent breach.  

10.7 Enforceability. If any provision of this Agreement or any Order or SOW is held to be unenforceable, then that provision is to be construed either by modifying it to the minimum extent necessary to make it enforceable (if permitted by law) or disregarding it (if not permitted by law), and the rest of this Agreement or the relevant Order or SOW is to remain in effect as written. Notwithstanding the foregoing, if modifying or disregarding the unenforceable provision would result in failure of an essential purpose of this Agreement or any Order or SOW, the entire Agreement or the relevant Order or SOW will be considered null and void. 

10.8 Governing Law. This Agreement and any Orders and SOWs are governed by the laws of the State of Missouri, without regard to its conflicts of law rules, and each party hereby consents to exclusive jurisdiction and venue in the state and federal courts located in Kansas City, Missouri for any dispute arising out of this Agreement or any Orders or SOWs. 

10.9 Entire Agreement; Conflict. This Agreement, together with the Policies, Schedule(s) attached hereto, and, if applicable, any Orders and SOWs represent the entire agreement between Condado and Customer with respect to the Services. In the event of any conflict between this Agreement and any Order or SOW, this Agreement will govern and control unless the Order or SOW expressly and specifically overrides terms or conditions of this Agreement.

10.10 Revisions. Condado reserves the right to revise this Agreement by posting a revised version on the Site, which will be effective five (5) days after posting. Continued use of the Services after the effective date of revision will constitute Customer’s acceptance of the revised Agreement. If Customer objects to the revisions, Customer may terminate any Orders governed by this Agreement by providing written notice to Condado prior to the effective date of revision, provided that Customer will remain obligated to pay amounts due to Condado under such Orders and will not receive a refund of prepaid fees. Customer’s termination will be effective upon Condado’s written acknowledgement of such termination, and in no event later than thirty (30) days from Condado’s receipt of Customer’s termination notice.

Definitions

 

Capitalized terms used but not otherwise defined in this Agreement have the following meanings: 

  • Affiliate” means any person or entity that owns or controls, is owned or controlled by, or is under common control or ownership with, a party to this Agreement, where “control” is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract, or otherwise.
  • Customer Content” means any data, file attachments, text, images, reports, personal information, or other content that is uploaded or submitted to the online Services by Customer or Users and is processed by Condado on behalf of Customer.  For the avoidance of doubt, Customer Content does not include usage, statistical, or technical information that does not reveal the actual contents of Customer Content.  
  • Customizations” means all software, code, materials, ideas, deliverables, and items that are conceived, made, discovered, written, or created by Condado’s personnel in connection with providing Professional Services.   
  • Disclosing Party” means the party disclosing Confidential Information to the Receiving Party.
  • Documentation” means documentation provided by Condado on the Site that is uniformly available and applicable to all Condado customers and relates to the operation and use of the Services, including user manuals, operating instructions, and release notes, each as updated by Condado from time to time.
  • Order” means an executed ordering document or online order issued or otherwise approved in writing by Condado that incorporates this Agreement by reference and sets forth the commercial details of the Services made available to Customer.
  • Partner App” means a service or application developed and owned by a third party for which Customer purchases a license from Condado under an Order and is made available to Customer exclusively in accordance with the terms and conditions of the end-user license agreements accompanying them, except that the payment provisions of this Agreement will apply.
  • Professional Services” means implementation, configuration, integration, training, advisory, and other professional services related to the Services that are specified in an Order or SOW.
  • Receiving Party” means the party receiving or accessing Confidential Information of the Disclosing Party.  
  • Services” means the Subscription Services, Professional Services, and any other online service or application provided or controlled by Condado for use with the Subscription Services.  
  • Site” means Condado’s website at www.Condado.com and any website linked from such website that is owned or controlled by Condado.
  • Condado Properties” means Services, Documentation, and Customizations, and all Condado technology, software, data, methodologies, improvements, and documentation used to provide or made available in connection with Services, Documentation, and Customizations, and all intellectual property and proprietary rights in and to the foregoing.
  • SOW” means a statement of work or similar document that describes and scopes Professional Services, establishes the fees for the Professional Services, and incorporates this Agreement by reference.
  • Subscription Services” means the subscription-based online work collaboration services and applications that are provided by Condado and purchased by Customer. 
  • SysAdmin” means a User with certain administrative control rights over Customer’s Service.  
  • Term” means the period of authorized access and use of a Service as set forth in an Order.
  • User” means any individual authorized or invited by Customer or another User to access and use the online Services received by Customer from Condado under the terms of this Agreement.  


SCHEDULE 1
SECURITY PRACTICES


Capitalized terms used but not defined in this Schedule 1 have the meanings ascribed to them in the Agreement.

1. Security Protocols.

1.1 Information Security Program. Condado shall maintain a comprehensive written information security program, including policies, standards, procedures, and related documents that establish criteria, means, methods, and measures governing the processing and security of Customer Content and the Condado systems or networks used to process or secure Customer Content in connection with providing the Services (“Condado Information Systems”). Subcontractors engaged by Condado in accordance with the Agreement will maintain (at a minimum) substantially similar levels of security as applicable and required by these Security Practices.

1.2 Security Controls. In accordance with its information security program, Condado shall implement appropriate physical, organizational, and technical controls designed to: (a) ensure the security, integrity, and confidentiality of Customer Content accessed, collected, used, stored, or transmitted to or by Condado; and (b) protect Customer Content from known or reasonably anticipated threats or hazards to its security, integrity, accidental loss, alteration, disclosure, and other unlawful forms of processing. Without limiting the foregoing, Condado will, as appropriate, utilize the following controls:

1.2.1 Firewalls. Condado will install and maintain firewall(s) to protect data accessible via the Internet. 

1.2.2 Updates. Condado will maintain programs and routines to keep the Condado Information Systems up to date with the latest upgrades, updates, bug fixes, new versions, and other modifications.

1.2.3 Anti-malware. Condado will deploy and use anti-malware software and will keep the anti-malware software up to date. Condado will use such software to mitigate threats from all viruses, spyware, and other malicious code that are or should reasonably be detected. 

1.2.4 Testing. Condado will regularly test its security systems, processes, and controls to ensure they meet the requirements of these Security Practices.

1.2.5 Access Controls. Condado will secure data in production Condado Information Systems by complying with the following:

1.2.5.1 Condado will assign a unique ID to each individual with access to systems processing Customer Content.

1.2.5.2 Condado will restrict access to systems with Customer Content to only those individuals necessary to perform a specified obligation as permitted by this Agreement. 

1.2.5.3 Condado will regularly review (at a minimum once every ninety (90) days) the list of individuals and services with access to systems processing Customer Content and remove accounts that no longer require access.

1.2.5.4 Condado will not use manufacturer supplied defaults for system passwords on any operating systems, software, or other systems, and will mandate the use of system-enforced “strong passwords” in accordance with or exceeding the best practices (described below) on all systems processing Customer Content, and will require that all passwords and access credentials be kept confidential and not shared among Condado personnel. 

1.2.5.5 At a minimum, Condado production passwords will: (i) contain at least eight (8) characters; (ii) not match previous passwords, the user’s login, or common name; (iii) be changed whenever an account compromise is suspected or assumed; and (iv) be regularly replaced.

1.2.5.6 Condado will enforce account lockout by disabling accounts with access to Customer Content when an account exceeds a designated number of incorrect password attempts in a certain period.

1.2.5.7 Condado will maintain log data for all use of accounts or credentials by Condado personnel for access to systems processing Customer Content and will regularly review access logs for signs of malicious behavior or unauthorized access. 

1.2.6 Policies. Condado will maintain and enforce appropriate information security, confidentiality, and acceptable use policies for employees, subcontractors, agents, and suppliers that meet the standards set forth in these Security Practices, including methods to detect and log policy violations. 

1.2.7 Development. Development and testing environments for Condado Information Systems will be separate from production environments. 

1.2.8 Remote Access. Condado will ensure that any access from outside of its protected corporate or production environments to systems processing Customer Content or to Condado’s corporate or development workstation networks will require appropriate connection controls, such as VPN or multi-factor authentication. 

2. System Availability. Condado will maintain (or, with respect to systems controlled by its subcontractors, ensure that such subcontractors maintain) a disaster recovery (“DR”) program designed to recover the Subscription Service’s availability following a disaster. At a minimum, such DR program will include the following elements: (a) routine validation of procedures to regularly and programmatically create retention copies of Customer Content for the purpose of recovering lost or corrupted data; (b) inventories, updated at minimum annually, that list all critical Condado Information Systems; (c) annual review and update of the DR program; and (d) annual testing of the DR program designed to validate the DR procedures and recoverability of the service detailed therein.

3. Security Incidents.

3.1 Procedure. If Condado becomes aware of confirmed unauthorized or unlawful access to any Customer Content processed by Condado Information Systems (a “Security Incident”), Condado will promptly: (a) notify Customer of the Security Incident; and (b) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.

3.2 Unsuccessful Attempts. An unsuccessful attack or intrusion is not a Security Incident subject to this Section 3. An “unsuccessful attack or intrusion” is one that does not result in unauthorized or unlawful access to Customer Content and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond IP addresses or TCP/UDP headers), or similar incidents.

3.3 User Involvement. Unauthorized or unlawful access to Customer Content that results from the compromise of a User’s login credentials or from the intentional or inadvertent disclosure of Customer Content by a User is not a Security Incident.

3.4 Notifications. Notification(s) of Security Incidents, if any, will be delivered to one or more of Customer’s SysAdmin users by any reasonable means Condado selects, including email. Customer is solely responsible for maintaining accurate contact information in the online Service at all times.

3.5 Disclaimer. Condado’s obligation to report or respond to a Security Incident under this Section 3 is not an acknowledgement by Condado of any fault or liability of Condado with respect to the Security Incident.