The Terms of Use for Trace One Regulatory Compliance (these "Terms") are effective as of the applicable Order Form Effective Date and are entered into and between You and Us. 

1.                 License and usage rights, modifications and content.


1.1.              License. Subject to Your compliance with the Agreement and the applicable Documentation, We will grant You a non-exclusive, non-transferable and non-assignable right and license to access and use Trace One Regulatory Compliance (“Trace One Regulatory Compliance” or “Solution”) as specified in the applicable Order Form during the relevant Subscription Period solely for Your internal business purposes (the "License"). Except for the License, We retain all right, title and interest in and to the Solution.


1.2.              Modifications to Solution. We may modify the Solution at any time in Our sole discretion. We may inform You of such modifications in the same manner that We use to inform Our customers generally (e.g., by email, through the Solution portal, etc.). No modification will result in a material reduction to the overall performance of the Solution in the then-current Subscription Period.


1.3.              Content. You acknowledge and agree that We will not be liable or responsible for content accessible through the Solution and that such content is: (a) information of a general nature and not intended to address Your specific circumstances or requirements or those of any other entity or individual; (b) not necessarily accurate, complete, comprehensive or up to date; (c) mainly linked to external sites over which We have no control; (d) not legal or professional advice; and (e) intended to be an initial reference source only.




2.1.              The applicable Order Form sets forth the maximum number of individuals that are permitted to access and use the Solution (the "Authorized Users"). Only Authorized Users are allowed to access and use the Solution.


2.2.              Usernames, passwords and other account information applicable to the Solution (collectively, "Access Credentials") may not be used by more than one Authorized User but may be transferred from one Authorized User to another if the original Authorized User is no longer permitted to use the Solution. You will be responsible for (a) Your employees', agents', contractors', outsourcers', customers' and suppliers' (collectively, "Representatives") access to and use of the Solution and full compliance with the Agreement; (b) identifying and approving all Authorized Users; (c) controlling against unauthorized access to or use of the Solution by Your Representatives or third parties through Your Representatives' networks or systems; (d) maintaining the confidentiality of Your Access Credentials; and (e) all activities that occur under Your Access Credentials.


2.3.              You will not (a) use the Solution for rental, time sharing, subscription services, hosting, or outsourcing, or otherwise commercially exploit the Solution; (b) remove or modify any program markings or any notice of Ours or Our licensors' proprietary rights; (c) make the Solution available in any manner to any third party for use in the third party's business operations (unless such access is expressly permitted by Us in writing for a specific program license); (d) reverse engineer, disassemble or decompile the Solution or make derivative works (including to review data structures or similar materials produced by programs); (e) duplicate the Solution; or (f) perform any benchmark, performance or other tests or scans on the Solution or disclose any results of such tests or scans run on the Solution.


2.4.              You will not use the Solution for any purpose that may (a) menace or harass any person, or cause damage or injury to any person or property; (b) involve the publication of any material that is false, defamatory, harassing or obscene; (c) violate privacy rights or promote bigotry, racism, hatred or harm; (d) constitute unsolicited bulk email, junk mail, spam or chain letters; (e) constitute an infringement of intellectual property or other proprietary rights; (f) violate applicable laws or regulations; or (g) circumvent or endanger the operation or security of the Solution. We reserve the right to take remedial action if Your use of the Solution violates the foregoing restrictions, including by suspending or limiting Your access to the Solution.


2.5.              You will monitor Your own use of the Solution and immediately report any use in violation of the Agreement to Us (including any use of the Solution in excess of the applicable Usage Metrics). We may monitor Your use of the Solution to verify compliance with the Agreement, as well as to help provide and improve the Solution. In addition, You will (a) permit Us to audit Your use of the Solution (which will include the right for Us to inspect the location(s) from which the Solution is accessed and used, upon reasonable prior notice, for the purpose of verifying Your compliance with the Agreement) and (b) provide Us with reasonable assistance and access to information in the course of such audit.


2.6.              You acknowledge that third party technology that may be appropriate or necessary for use with the Solution is specified in the applicable Documentation or as otherwise notified by Us and that such third party technology is licensed to You only for use with the Solution under the terms of the license agreement specified in the applicable Documentation or as otherwise notified by Us and not under the Agreement.


2.7.              You must accept all patches, bug fixes, updates, maintenance and service packs (collectively, "Patches") required for the proper performance of the Solution as such Patches are generally released by Us.


3.                 Subscription period, renewal and FEES.


3.1.              Subscription Period. We will provide You with access to and use of the Solution, subject to the Agreement, for the Subscription Period stated in the applicable Order Form.


3.2.              Renewal. Unless otherwise specified in the applicable Order Form, upon expiration of the then-current Subscription Period, the Subscription Period will automatically renew for additional Subscription Periods of the same length as the then-current Subscription Period unless a party provides the other party with at least thirty (30) days prior notice of its intention not to renew.


3.3.              Subscription Fee. You will pay the Subscription Fee in consideration of the License to the Solution granted hereunder. Unless otherwise specified in the applicable Order Form, We will invoice You for the Subscription Fee annually in advance beginning upon the applicable Order Form Effective Date.


3.4.              Consulting Fees. You will pay the Consulting Fees in consideration of any ancillary consulting services We provide to You in connection with the Agreement. Unless otherwise specified in the applicable Order Form, We will invoice you for the Consulting Fees monthly in arrears.  


3.5.              Payment Terms. Unless otherwise agreed in the applicable Order Form, You will pay the Subscription Fee, the Consulting Fees and any other fees and expenses incurred in connection with the Agreement within thirty (30) days of the date of the applicable invoice. If You have a valid reason to dispute an invoice, You will so notify Us within seven (7) days of Your receipt of the invoice, and, if no such notification is given, the invoice will be deemed valid. If You dispute only a portion of an invoice, the portion of the invoice that is not in dispute will be paid by You in accordance with the Agreement.


3.6.              Interest. A finance charge equal to the lesser of (a) one and one-half percent (1.5%) per month or (b) the maximum amount allowed by law may be charged on any past due amounts. Payments by You will be applied first to accrued interest and then to the principal unpaid balance. Any attorney fees, court costs, or other costs incurred by Us in the collection of past due amounts will be paid by You. If payment of invoices is not current, or You have not complied with any of Your other obligations under the Agreement, We may suspend Your access to and use of the Solution, as well as any other work We may be performing on Your behalf.


3.7.              Excess Usage. To the extent Your use of the Solution exceeds the Usage Metrics in the applicable Order Form, We may invoice You, and You will pay, any additional fees (at Our then-current rates) to account for Your excess usage.


3.8.              Taxes. All amounts payable by You pursuant to the Agreement are exclusive of taxes. Accordingly, You will pay any sales, value-added or other similar taxes imposed by applicable law that We must pay based on the services You ordered, except for taxes based on Our income.


4.                 LIMITATION OF LIABILITY.


4.1.              Direct damages CAP. Notwithstanding anything to the contrary in the Agreement, except as set forth in section 4.3, OUR AGGREGATE maximum liability for any damages arising out of or related to the Agreement, whether in contract, tort or otherwise, WILL be limited to the amount of the FeeS actually paid by YOU to US for the SOLUTION under the APPLICABLE Order Form, AND IN THE TWELEVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT, giving rise to the liability.










5.1.              Authority. Each party represents and warrants that it has the full power, capacity and authority to enter into, and perform its obligations under, the Agreement.


5.2.              Compliance with Laws. Each party warrants that it will comply with all laws and regulations applicable to it in connection with: (a) in Our case, the operation of Our business as it relates to the Solution; and (b) in Your case, Your access to and use of the Solution.


5.3.              Solution Warranty. We warrant that, when properly, accessed and used by You, the Solution will substantially operate as described in the applicable Documentation. If You notify Us of any breach of said warranty, We will use reasonable efforts to remedy any material defect or error in the Solution at Our own expense and within a reasonable time after receiving such notice from You, but only if: (a) You are fully compliant with Your payment and other obligations under the Agreement; (b) You, at Our request, promptly provide Us with documentation of the alleged defect or error; (c) You provide Us with complete information regarding the circumstances surrounding the alleged defect or error and cooperate fully in recreating the environment in which the alleged defect or error in question arose; and (d) the alleged defect or error does not result from or relate to: (i) any failure by You to perform Your obligations under the Agreement; (ii) the unauthorized or incorrect use of the SCC, or database or operator error; (iii) the use of computer equipment, products or services that have not been approved or supplied by Us; (iv) operation of the SCC outside Our recommended operating procedures and environmental specifications; or (v) accident, neglect, hazard, misuse, natural calamity, or failure or fluctuation of electrical power or environmental conditions. In the event that We are unable to cure any material defect or error in the SCC within a reasonable period of time, Your sole and exclusive remedy will be to terminate Your access to and use of the Solution upon thirty (30) days prior notice to Us and receive a pro-rata refund of any pre-paid, unused Subscription Fee for the remainder of the then-current Subscription Period.




6.                 PROPRIETARY RIGHTS.


6.1.              Ownership. The Solution and all copyright, patent, trade secret, trade mark and other proprietary and intellectual property rights of any kind (collectively, "Intellectual Property Rights") arising in the Solution, and in all other written or oral information or other materials provided by Us to You in connection with the Agreement, are and will remain Our exclusive property. You agree to execute and to ensure your third parties execute such documentation as reasonably necessary to secure Our title over such rights. All Intellectual Property Rights arising in any third party content or other third party products or services are and will remain the exclusive property of the third party provider of such third party content or other third party products or services. Subject to the preceding three sentences and other applicable provisions of the Agreement, all Intellectual Property Rights arising in Your Data are and will remain Your exclusive property.


6.2.              Feedback. You grant to Us a worldwide, perpetual, irrevocable, royalty-free right and license to use and incorporate into the Solution and Our other products and services any suggestions, enhancement requests, recommendations, corrections or other feedback You provide relating to the operation of the Solution or Our other products and services.


7.                 INDEMNIFICATION.


7.1.              Indemnity. We will defend You against claims brought against You by any third party alleging that Your use of the Solution, in accordance with the Agreement, constitutes an infringement or misappropriation of such third party's patent, copyright or trade secret rights ("IP Claims"). We will pay damages finally awarded against You (or the amount of any settlement We enter into) with respect to IP Claims. This obligation of Ours will not apply if the alleged infringement or misappropriation results from (a) Our compliance with any designs, specifications or instructions provided by You or on Your behalf; (b) modification of the Solution by You or on Your behalf; (c) combination, operation or use of the Solution with third-party products, services, software or business processes; or (d) Your violation of, or access to or use of the Solution other than as permitted by, the Agreement or the applicable Documentation. You will indemnify, defend and hold harmless Our Indemnitees from any and all Losses and threatened Losses due to third party claims arising out of or in connection with (i) Your breach of the Agreement; (ii) Your Data or (iii) the activities described in items (a), (b), (c) and (d) above.


7.2.              Mitigation. If We believe that the Solution may have violated a third party's intellectual property rights, We may elect to either modify the Solution or obtain a license to allow You to continue to use the Solution. If neither of these alternatives is commercially reasonable, We may, in Our sole discretion, suspend or terminate Your ability to further access and use the Solution.


7.3.              Procedures. The indemnification obligations under this Section 7 are conditioned on: (a) the party against whom a third party claim is brought (the "Indemnified Party") timely notifying the other party (the "Indemnifying Party") of any such claim, provided however that the Indemnified Party's failure to provide or delay in providing such notice will not relieve the Indemnifying Party of its obligations under this Section 7 except to the extent such failure or delay prejudices the defense; (b) the Indemnifying Party having the right to fully control the defense of such claim; and (c) the Indemnified Party reasonably cooperating in the defense of such claim. Any settlement of any claim will not include a financial or specific performance obligation on, or admission of liability by, the Indemnified Party, provided however that We may settle any claim on a basis requiring Us to substitute for the Solution any alternative substantially equivalent non-infringing product or service. The Indemnified Party may appear, at its own expense, through counsel reasonably acceptable to the Indemnifying Party.


7.4.              Sole Remedy. The provisions of this Section 7 state Our sole, exclusive and entire liability to You, and is Your sole remedy, with respect to third party claims covered hereunder and to the infringement or misappropriation of third-party intellectual property rights.


8.                 CONFIDENTIALITY. You may use Our Confidential Information only in connection with your use of the Solution as permitted under the Agreement. You will not disclose Our Confidential Information during the Subscription Period or at any time during the five (5) year period following the end of the Subscription Period. You will take all reasonable measures to avoid disclosure, dissemination or unauthorized use of Our Confidential Information, including, at a minimum, those measures you take to protect your own confidential information of a similar nature.


9.                 YOUR DATA AND PERSONAL DATA.


9.1.              Your Data. You are responsible for Your Data (including, where applicable, entering it into the Solution). If and to the extent You provide Us with access to Your Data, You grant Us (including Our affiliates and subcontractors) a nonexclusive right to process Your Data to provide, support and improve the Solution.


9.2.              Access to Your Data Hosted in the Solution.


9.2.1.          During the Subscription Period, You may access Your Data in the Solution, and may export and retrieve Your Data in a standard format. Export and retrieval may be subject to technical limitations, in which case the parties will find a reasonable method to allow You to access Your Data.


9.2.2.          Prior to expiration of the then-current Subscription Period or the effective date of termination, You may use Our self-service export tools (as available) to perform a final export of Your Data from the Solution. Upon the expiration or termination of the Subscription Period: (a) You will no longer be permitted to access or use the Solution; and (b) We may delete or render inaccessible any of Your Data remaining in the Solution (except to the extent applicable law requires retention).


9.2.3.          In the event of third party legal proceedings related to Your Data in the Solution, We will reasonably cooperate with You and comply with applicable law (both at Your sole cost and expense) with respect to handling of Your Data. If You request assistance from Us to access, export or retrieve Your Data, We may invoice, and You will pay, for such assistance at Our then-current rates.


9.3.              Personal Data. You will collect and maintain all Personal Data contained in Your Data in compliance with applicable data privacy and protection laws. Exhibit 1 (Data Processing Agreement) hereto, explain how We may use certain Personal Data that You provide to Us when You access and use the Solution, and how We will protect the privacy of such data. By using the Solution, You agree that We can use such data in accordance with Exhibit 1 (Data Processing Agreement) and the other applicable provisions of the Agreement.


9.4.              Security. You will maintain reasonable security standards for Your Authorized Users' access to and use of the Solution. You are responsible for any security vulnerabilities, and the consequences of such vulnerabilities, arising from Your Data, including any viruses, trojan horses, worms or other programming routines contained in Your Data. We will use reasonable security technologies in providing the Solution. As a data Processor, We will implement technical and organizational measures designed to secure Your Data (including Personal Data) processed in the Solution in accordance with applicable Data Protection Law.


9.5.              Service Analyses. We may compile statistical and other information related to the performance, operation and use of the Solution (including Your Data made accessible to Us and information derived from Your use of the Solution) ("Service Analyses"), including for security and operations management, to create statistical analyses and for research and development purposes. Service Analyses will anonymize and aggregate information and will be treated as Our Confidential Information.


10.               SUSPENSION AND Termination.


10.1.           Temporary Suspension. We may suspend Your or any Authorized User's right to access or use any portion of the Solution immediately upon notice to You if We determine: (a) Your or an Authorized User's use of the Solution (i) poses a security risk to Us or any third party, (ii) could adversely impact Our or Our other customers' systems, (iii) could subject Us, Our affiliates or any third party to liability, or (iv) could be fraudulent; (b) You are, or any Authorized User is, in breach of the Agreement; (c) You are in breach of your payment obligations under the Agreement; or (d) You have ceased to operate in the ordinary course, made an assignment for the benefit of creditors or similar disposition of Your assets, or become subject of any bankruptcy, reorganization, liquidation, dissolution or similar proceeding.


10.2.           Effect of Suspension. If We suspend your right to access or use any portion of the Solution, You remain responsible for all fees and charges You incur during the period of suspension.


10.3.           Termination for Cause. Either party may terminate the Agreement for cause if the other party is in material breach of the Agreement and the material breach remains uncured for a period of thirty (30) days from receipt of notice by the other party. We may also terminate the Agreement immediately upon notice to You (a) for cause if We have the right to suspend under Section 10.1, (b) if Our relationship with a third-party partner who provides software or other technology We use to provide the Solution expires, terminates or requires Us to change the way We provide the software or other technology as part of the Solution, or (c) in order to comply with the law or requests of governmental entities.


10.4.           Effect of Termination. You remain responsible for all fees and charges You have incurred through the effective date of termination. Upon the effective date of termination, You will immediately return or, if instructed by Us, destroy all Our Confidential Information in Your possession or under Your control.


10.5.           No Refund. In the event of any suspension or termination hereunder, You will not be excused from Your payment obligations or entitled to any refund of any payments made by You, except as expressly stated otherwise in these Terms.



11.               MISCELLANEOUS.


11.1.           Severability. Should any part of the Agreement for any reason be declared invalid, such decision will not affect the validity of any remaining provisions, which remaining provisions will remain in full force and effect as if the Agreement had been executed with the invalid portion thereof eliminated, and it is hereby declared the intention of the parties that they would have executed the remaining portion of the Agreement without including any such part, parts, or portions which may, for any reason, be hereafter declared invalid. Any provision will nevertheless remain in full force and effect in all other circumstances.


11.2.           Waiver of Remedies. No waiver of any rights arising under the Agreement will be effective unless in writing and signed by a duly authorized signatory of the party against whom the waiver is to be enforced. No failure or delay by either party in exercising any right, power or remedy under the Agreement (except as expressly provided herein) will operate as a waiver of any such right, power or remedy.


11.3.           Independent Contractor. We and You are independent contractors, and the Agreement will not be construed to create a partnership, joint venture, agency, or employment relationship. Neither party, nor any of their respective affiliates, is an agent of the other for any purpose or has the authority to bind the other.


11.4.           Notices.


11.4.1.        To You. We may provide any notice to You under the Agreement by: (a) posting a notice on the Solution portal; or (b) sending a message to the email address then associated with Your account. Notices We provide by posting on the Solution portal will be effective upon posting and notices We provide by email will be effective when We send the email. It is Your responsibility to keep Your email address current. You will be deemed to have received any email sent to the email address then associated with Your account when We send the email, whether or not You actually receive the email.


11.4.2.        To Us. To give Us notice under the Agreement, You must contact Us by facsimile transmission or personal delivery, overnight courier or registered or certified mail to the facsimile number or mailing address, as applicable, listed on the applicable Order Form. We may update the facsimile number or address for notices to Us by posting a notice on the Solution portal. Notices provided by personal delivery will be effective immediately. Notices provided by facsimile transmission or overnight courier will be effective one (1) business day after they are sent. Notices provided by registered or certified mail will be effective three (3) business days after they are sent.


11.5.           Assignment. You may not assign the Agreement, in whole or in part, without Our prior written consent. We may assign the Agreement, in whole or in part, without Your prior written consent to (a) an affiliate that that agrees in writing to be bound by the Agreement or (b) an entity acquiring, directly or indirectly, control of Us, an entity into which We are merged or an entity acquiring all or substantially all of Our assets, provided that the acquirer or surviving entity agrees in writing to be bound by the Agreement.


11.6.           Section Headings. Title and headings of Sections of the Agreement are for convenience of reference only and will not affect the construction of any provision of the Agreement.


11.7.           Residuals. Nothing in the Agreement will prohibit or limit Our ownership and use of ideas, concepts, know-how, methods, models, data, techniques, skill knowledge and experience that were used, developed or gained in connection with the Agreement.


11.8.           Non-solicitation of Employees. During and for one (1) year after the expiration or termination of the Agreement, You will not solicit the employment of, or employ Our personnel, without Our prior written consent.


11.9.           Cooperation. You will cooperate with Us in taking actions and executing documents, as appropriate, to achieve the objectives of the Agreement.


11.10.         Governing Law and Construction; Consent to Jurisdiction. The Agreement shall be governed by and construed in accordance with the laws of (1) New York (if the Company signing entity is located in the USA) or (2) the Italian Republic (if the Company signing entity is located in the EU), without regard to the principles of conflicts of law. The language of the Agreement shall be deemed to be the result of negotiation among the parties and their respective counsel and shall not be construed strictly for or against any party. The exclusive venue for any disputes arising under or related to the Agreement shall be in the (A) state or federal courts located in New York, New York (if the Company signing entity is located in the USA) or (B) Courts of Milan (Italy) (if the Company signing entity is located in the EU). The parties consent to the personal and exclusive jurisdiction of such courts for such disputes.


11.11.         Entire Agreement; Amendments. The Agreement state the entire agreement between the parties and supersede all previous agreements, understandings, representations, warranties, contracts, proposals and all other communications between the parties respecting the subject matter hereof (oral or written). We may modify these Terms at any time by posting a revised version on Our website (currently (the "Website") or by otherwise notifying You. The modified terms will become effective upon posting or, if We notify You, as stated in the applicable notification. By continuing to access or use the Solution after the effective date of any modifications to these Terms, You agree to be bound by the modified terms. It is Your responsibility to check the Website regularly for modifications to these Terms. We last modified these Terms on the date listed at the end of these Terms. If You submit work orders, change orders, services requests, purchase orders or other similar documents to Us for accounting or administrative purposes or otherwise, no pre-printed or similar terms and conditions contained in any such documents will be deemed to supersede any of the terms and conditions of the Agreement. The language of the Agreement will not be construed strictly for or against any party.


11.12.         Force Majeure. We will not be responsible for delays or failures if such delay or failure arises out of causes beyond Our control. Such causes may include acts of God or of the public enemy, fires, floods, epidemics, pandemics, outbreaks, riots, quarantine restrictions, strikes, freight embargoes, earthquakes, electrical outages, computer or communications failures, government actions, travel restrictions and severe weather, and acts or omissions of subcontractors or third parties.


11.13.         Third Party Beneficiaries. Except as expressly provided in the Agreement, the Agreement is entered into solely between, and may be enforced only by, You and Us. The Agreement will not be deemed to create any rights or causes of action in or on behalf of any third parties, including employees, suppliers and customers of a party, or to create any obligations of a party to any such third parties.


11.14.         Survival. Any provision of the Agreement which contemplates performance or observance subsequent to any termination or expiration of the Agreement will survive any termination or expiration of the Agreement and continue in full force and effect. Additionally, all provisions of the Agreement will survive the expiration or termination of the Agreement to the fullest extent necessary to give the parties the full benefit of the bargain expressed herein.


11.15.         Hierarchy. In the event of any inconsistencies between these Terms and an Order Form, the Order Form will take precedence over these Terms.


11.16.         Waiver of Jury Trial. You hereby expressly waive any right to a trial by jury in any action or proceeding to enforce or defend any right, power, or remedy under or in connection with the Agreement or under or in connection with any amendment, instrument, document or agreement delivered or which may in the future be delivered in connection therewith arising from any relationship existing in connection with the Agreement, and agree that any such action will be tried before a court and not before a jury. The terms and provisions of this Section constitute a material inducement for the parties entering into the Agreement.


11.17.         Subcontractors. We may subcontract, in whole or in part, any of its obligations under the Agreement without Your prior written consent. We will be responsible and liable for any of Our subcontractors' failure to perform in accordance with the Agreement to the same extent as if such failure to perform was committed by Us.


11.18.         Required Consents. You will obtain all consents or approvals that are required for You to use the Solution in the manner contemplated under the Agreement, except for those consents or approvals that are expressly specified in the applicable Order Form as to be obtained by Us.


11.19.         Third Party Content. The Solution may include integrations with, or links to, content or other web services made available by third parties that are accessed through the Solution and subject to terms and conditions with those third parties ("Third Party Content"). Third Party Content is not part of the Solution and the Agreement does not apply to it. You acknowledge and agree that Your access to and use of Third Party Content will be entirely at Your own risk and We assume no liability or responsibility with respect to any Third Party Content.


11.20.         Publicity. We (including Our Affiliates) may use Your (or Your Affiliates') names, logos, service marks, trade names or trademarks, or refer to You (or its Affiliates) directly or indirectly in any press release, public announcement or public disclosure relating to the Agreement, including in any promotional, advertising or marketing materials, customer lists or business presentations, without Your (or Your Affiliates') prior written consent prior to each such use or reference.


12.               DEFINITIONS. The words "day", "month", "quarter" and "year" mean, respectively, calendar day, calendar month, calendar quarter and calendar year. The words "include" and "including" will not be construed as terms of limitation and introduce a non-exclusive set of examples. The word "or" will not be exclusive. The following terms, when used in the Agreement will have the meanings specified below:


12.1.           "Affiliate" means, generally, with respect to any entity, any other entity Controlling, Controlled by or under common Control with such entity.


12.2.           "Agreement" means, collectively, these Terms, including its Exhibits and Attachments, the Order Forms and any other policy or terms referenced in or incorporated into the Agreement.


12.3.           "Consulting Fees" means at the fees payable by You for any ancillary consulting services as specified in the applicable Order Form (following the first anniversary of the applicable Order Form Effective Date, or if the applicable Order From does not specify the fees for ancillary consulting services, Our then-current fees will apply).


12.4.           "Control" and its derivatives means: (a) the legal, beneficial, or equitable ownership, directly or indirectly, of (i) at least fifty percent (50%) of the aggregate of all voting equity interests in an entity or (ii) equity interests having the right to at least fifty percent (50%) of the profits of an entity or, in the event of dissolution, to at least fifty percent (50%) of the assets of an entity; (b) the right to appoint, directly or indirectly, a majority of the board of directors; (c) the right to control, directly or indirectly, the management or direction of the entity by contract or corporate governance document; or (d) in the case of a partnership, the holding by an entity (or one of its Affiliates) of the position of sole general partner.


12.5.           "Controller" means a natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For purposes of the Agreement, where You act as a Processor for another Controller, it will in relation to Us be deemed to be an additional and independent Controller with the respective Controller rights and obligations under the Agreement.


12.6.           "Data Protection Law" means the applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the processing of Personal Data under the Agreement.


12.7.           "Data Subject" means an identified or identifiable natural person as defined by Data Protection Law.


12.8.           "Documentation" means the operating manuals, customer instructions, technical literature and all other related materials in eye-readable form only as supplied or made available to You by Us for aiding the use and application of the Solution.


12.9.           "Losses" means all losses, liabilities, damages, fines, penalties, interest and claims (including taxes), and all related costs and expenses (including reasonable legal fees and disbursements and costs of investigation, litigation, experts, settlement and judgment).


12.10.         "Order Form" means all written order forms for the Solution entered into by You and Us containing the pricing and other specific terms and conditions applicable for the Solution under the applicable Order Form.


12.11.         "Order Form Effective Date" means the effective date of the applicable Order Form as specified therein (or, if no effective date is specified therein, the date of the last signature thereto).


12.12.         "Our," "Us," or "We" means the Company entity specified on the applicable Order Form.


12.13.         "Our Confidential Information" means all nonpublic information disclosed by Us or Our affiliates or business partners, or Our or their respective employees, contractors or agents, that is designated as confidential or that, given the nature of the information or circumstances surrounding its disclosure, reasonably should be understood to be confidential. Our Confidential Information includes: (a) nonpublic information relating to Our or Our affiliates' or business partners’ technology, customers, business plans, promotional and marketing activities, finances and other business affairs; (b) third-party information that We are obligated to keep confidential; and (c) the nature, content and existence of any discussions or negotiations between You and Us or Our affiliates. Our Confidential Information does not include any information that: (i) is or becomes publicly available without breach of the Agreement; (ii) can be shown by documentation to have been known to You at the time of Your receipt from Us; (iii) is received from a third party who did not acquire or disclose the same by a wrongful or tortious act; or (iv) can be shown by documentation to have been independently developed by You without reference to Our Confidential Information.


12.14.         "Our Indemnitees" means Us and Our affiliates, and Our and their respective officers, directors, employees, agents, representatives, successors and assigns.


12.15.         "Personal Data" means any information relating to a Data Subject that is protected under Data Protection Law. Personal Data is a subset of Your Data.


12.16.         "Personal Data Breach" means a confirmed (a) accidental or unlawful destruction, loss, alternation, unauthorized disclosure of or unauthorized third party access to Personal Data or (b) similar incident involving Personal Data, in each case for which a Controller is required under Data Protection Law to provide notice to competent data protection authorities or Data Subjects.


12.17.         "Processor" means a natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller, be it directly as Processor of a Controller or indirectly as Subprocessor of a Processor that processes Personal Data on behalf of the Controller.


12.18.         "Trace One Regulatory Compliance" or "Solution" means Our web-based global regulatory compliance application for the food industry named Trace One Regulatory Compliance.


12.19.         "Standard Contractual Clauses" means the Standard Contractual Clauses or any subsequent version thereof published by the European Commission.


12.20.         "Subprocessor" means an affiliate of Ours, or a third party engaged by Us or Our affiliates in connection with the provision of the Solution, that processes Personal Data in accordance with the Agreement.


12.21.         "Subscription Fee" means the fee payable by You for the Solution, as specified in the applicable Order Form. Beginning upon the first anniversary of applicable Order Form Effective Date, We may increase the Subscription Fee by giving You not less than thirty (30) days' prior notice; provided, however, that We will not increase the Subscription Fee more than once in any twelve (12) month period. Within thirty (30) days after Your receipt of such notice, You may elect to terminate Your access to and use of the Solution upon notice to Us.


12.22.         "Subscription Period" means the term of a subscription for the Solution identified in the applicable Order Form, including all renewals.


12.23.         "Usage Metrics" means the standard of measurement for determining the permitted use and calculating the fees due for the Solution as set forth in the applicable Order Form.


12.24.         "You" or "Your" means the customer entity specified on the applicable Order Form.


12.25.         "Your Data" means any content, materials, data and information that Authorized Users enter into the Solution or that You derive from Your use of and store in the Solution (e.g., Your specific reports), in all cases excluding any of Our Confidential Information or other materials owned by Us.


Last updated September 15th 2023.







  • Purpose. This Exhibit applies to Our and Our Subprocessors' processing of Personal Data that You provide to Us (if any) in connection with Your access to and use of the Solution. Attachment 1 (Description of Processing) to this Exhibit, which describes the nature and purpose of the processing, the type of Personal Data and the categories of Data Subjects, is incorporated into and forms part of this Exhibit.


  • GDPR. The parties agree that it is each party's responsibility to review and adopt requirements imposed on Controllers and Processors by the General Data Protection Regulation 2016/679 ("GDPR") if and to the extent applicable to Personal Data of Yours that is processed in connection with Your access to and use of the Solution.


  • Relationship of the Parties. The parties acknowledge and agree that, in connection with the processing of Personal Data in connection with Your access to and use of the Solution: (a) We will act as a Processor and (b) You and those entities that You permit to access or use the Solution will act as Controllers. You will act as a single point of contact and are solely responsible for obtaining any relevant authorizations, consents and permissions for the processing of Personal Data in accordance with these Terms, including, where applicable, approval by Controllers to use Us as a Processor. Where authorizations, consents, permissions or instructions are provided by You these are provided not only on behalf of You but also on behalf of any other Controller accessing or using the Solution. Where We inform or give notice to You, such information or notices will be deemed received by those Controllers permitted by You to access or use the Solution and it is Your responsibility to forward such information and notices to the relevant Controllers.



  • Security Measures. We have implemented and will apply the technical and organizational measures set forth in Attachment 4.2 (Technical and Organizational Measures) to this Exhibit (the "Security Measures"). You acknowledge that You have reviewed the Security Measures and agree that, with respect to the Solution, the Security Measures are appropriate taking into account the state of the art, costs of implementation, nature, scope, context and purposes of the processing of Personal Data.


  • Changes. We may change the Security Measures at any time without notice so long as We maintain a comparable or better level of security. Individual Security Measures may be replaced by new security measures that serve the same purpose without diminishing the overall level of security protecting Personal Data.




  • Compliance with Your Instructions. We will process Personal Data only in accordance with documented instructions from You. These Terms (including this Exhibit) constitute such documented initial instructions and You may provide further instructions in connection with Your access to and use of the Solution (for clarity, each use of the Solution constitutes such further instructions). We will use reasonable efforts to follow any other instructions You provide, as long as they are required by Data Protection Law, technically feasible and do not require changes to the Solution. If any of the preceding exceptions apply, or We cannot otherwise comply with an instruction or We are of the opinion that an instruction violates Data Protection Law, We will promptly notify You.


  • Legal Requirements. We may also process Personal Data to the extent required by applicable law. In such a case, We will inform You of the applicable legal requirement before processing (except to the extent legally prohibited from doing so).


  • Cooperation. At Your request, We will reasonably cooperate with You and Your Controllers in handling requests from Data Subjects or regulatory authorities regarding Our processing of Personal Data or any Personal Data Breach. We will notify You as soon as reasonably practical about any request We receives from a Data Subject in relation to Our processing of Personal Data; provided, however, that We will not respond to such request without Your further instructions. With respect to the Solution, We will endeavor to provide functionality that supports Your ability to correct or remove Personal Data from the Solution, or restrict its processing in accordance with Data Protection Law. Where such functionality is not provided as part of the Solution, We will correct or remove Personal Data, or restrict its processing, in accordance with Your instructions and Data Protection Law.


  • Personal Data Breach Notification. We will notify You without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in Our possession to assist You to meet Your obligations to report such Personal Data Breach as required under Data Protection Law. We may provide such information in phases as it becomes available. Such notification will not be interpreted or construed as an admission of fault or liability by Us.


  • Data Protection Impact Assessment. If, pursuant to Data Protection Law, You or Your Controllers are required to perform a data protection impact assessment or prior consultation with a regulator, We will, at Your reasonable request, provide such documents as We generally make available for Our other similarly situated customers. Any additional assistance will be mutually agreed between the parties.




  • Solution. The following will apply with respect to the Solution:


  • Export and Retrieval by You. During the Subscription Period, You may access Your Personal Data in the Solution, and may export and retrieve Your Personal Data in a standard format. Such export and retrieval may be subject to technical limitations, in which case the parties will find a reasonable method to allow You access to Your Personal Data.


  • Deletion. Prior to expiration of the then-current Subscription Period or the effective date of termination, You may use Our self-service tools (as available) to perform a final export of Personal Data from the Solution. At the end of the Subscription Period for the Solution, You hereby instruct Us to delete any Personal Data remaining on servers hosting the Solution within a reasonable time period in accordance with Data Protection Law (unless applicable law requires retention).




  • Your Audit. Subject to Sections 5.3 and 4 below, You or Your independent third party auditor reasonably acceptable to Us (which will not include any third party auditor that is a competitor of Ours, not suitably qualified or independent or has not executed a written confidentiality agreement applicable to Us before conducting the audit) may (once in any twelve (12) month period unless mandatory Data Protection Law requires more frequent audits) audit Our control environment(s) and security practices relevant to Personal Data processed by Us in connection with Your access to and use of the Solution, but only if:


  • We have not provided sufficient evidence of Our compliance with applicable technical and organizational measures that protect the Solution through providing either (a) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (b) a valid ISAE3402 or ISAE3000 or other SOC1-3 attestation report. Our audit reports or ISO certifications are available upon Your reasonable request;


  • a Personal Data Breach has occurred;


  • an audit is formally requested by Your data protection authority; or


  • mandatory Data Protection Law provides You with a direct audit right.


  • Other Controller Audit. Any other Controller may audit Our control environment and security practices relevant to Personal Data processed by Us in accordance with Section 5.1 above, but only if any of the cases set out in Section 5.1 above applies to such other Controller. Such audit must be undertaken through and by You unless the audit must be undertaken by the other Controller itself under Data Protection Law. If several Controllers whose Personal Data is processed by Us require an audit, You will use best efforts to combine the audits and avoid multiple audits.


  • Scope of Audit. You will provide at least sixty (60) days prior notice of any audit unless mandatory Data Protection Law or a competent data protection authority requires shorter notice. The frequency and scope of any audit will be mutually agreed between the parties acting reasonably and in good faith. Any audit will (a) be subject to Our applicable policies; (b) be limited in time to a maximum of three (3) business days; (c) be conducted during Our regular business hours; and (d) not interfere with Our business operations. Beyond such restrictions, the parties will use current certifications or other audit reports to avoid or minimize repetitive audits. You will provide the results of any audit to Us.


  • Cost of Audit. You will bear the costs of any audit. If an audit determines that We have breached Our obligations under this Exhibit, We will promptly remedy the breach at Our own cost.



  • Permitted Use. Notwithstanding anything to the contrary in these Terms, We will be permitted to subcontract the processing of Personal Data to Subprocessors. We will engage Subprocessors under a written contract (which may be in electronic form) consistent with the terms of this Exhibit in relation to each Subprocessor's processing of Personal Data. We will be responsible and liable for any of Our Subprocessors' failure to perform in accordance with this Exhibit to the same extent as if such failure to perform was committed by Us. We will evaluate the security, privacy and confidentiality practices of each Subprocessor prior to selection to help establish that it is capable of providing the level of protection of Personal Data required by this Exhibit. We will make Our list of Subprocessors available to You upon Your reasonable request, including the name, address and role of each Subprocessor that We use.


  • New Subprocessors. Our use of Subprocessors is at our sole discretion. You authorize Us to make use of New Subprocessors under the following conditions:


- The Subprocessor is bound by the obligations set out in this Agreement, which shall be reiterated in the agreement signed between the Subprocessor and Us;

- We shall remain fully liable towards You for the performance by the Subprocessor of its contractual obligations.


We shall endeavor to inform You by keeping an up-to-date list of its Subprocessors and shall endeavor to inform You by providing it with an updated version of such list (directly available on Company’s website : ). You may reasonably object to any New Subprocessor within thirty (30) days following the update. Use of the Solution after such period shall constitute Your acceptance of the updated list.





  • International Processing. We will be entitled to process Personal Data, including by using Subprocessors or Our Affiliates in accordance with this Exhibit outside the country in which You are located as permitted under Data Protection Law. We may process Personal Data outside the European Union provided that:
  • the country of destination is covered by an adequacy decision by the European Commission; or
  • the transfer is covered by appropriate guarantees such as the signature of Standard Contractual Clauses adopted by the European Commission.


  • Standard Contractual Clauses. Where (a) Personal Data of an European Economic Area (EEA) or Swiss based Controller is processed in a country outside the EEA, Switzerland or any jurisdiction acknowledged by the European Union as a safe jurisdiction with an adequate level of data protection under Art 45 GDPR; or (b) Personal Data of another Controller is processed internationally and such international processing requires an adequacy means under the laws of the country of the Controller and the required adequacy means can be met by entering into Standard Contractual Clauses, then You appoint Us to perform any such transfer and You give Us a mandate to sign, in Your name and on Your behalf, Standard Contractual Clauses governing the transfers of Personal Data from Controller to Processors established in third countries (2010/87/ EU), unless otherwise notified in writing.


  • Hierarchy. Nothing in these Terms will be construed to prevail over any conflicting clause of the Standard Contractual Clauses. For the avoidance of doubt, where this Exhibit further specifies audit and subprocessor rules in Sections 5 and 6 above, such specifications also apply in relation to the Standard Contractual Clauses.


  • Governing Law of Standard Contractual Clauses. The Standard Contractual Clauses will be governed by the law of the country in which the relevant Controller is incorporated. If the Company is not incorporated in the EU, the governing law shall be the French law.


  1. Each party will be responsible for its compliance with its documentation requirements, in particular maintaining records of processing where required under Data Protection Law. Each party will reasonably assist the other party in its documentation requirements, including providing the information the other party needs from it in a manner reasonably requested by the other party (such as using an electronic system), in order to enable the other party to comply with any obligations relating to maintaining records of processing.










Trace One Regulatory Compliance

Data Exporter

You, who subscribe to the Solution and allow Authorized Users to enter, amend, use, delete or otherwise process Personal Data, are the data exporter. Where You allow other Controllers to also access or use the Solution, such other Controllers are also data exporters.

Data Importer

We, Our Affiliates and Our Subprocessors, which provide the Cloud Services, are the data importers.


Data Subjects

Unless provided otherwise by the data exporter, transferred Personal Data relates to the following categories of Data Subjects:

·        Authorized Users (Customer’s Employees);

·        Contractors;

·        Business partners; or

·        Other individuals whose Personal Data is stored in the Solution.

Categories of Data

The data exporter determines the categories of data that could be transferred to the data importer. Transferred Personal Data typically relates to the following categories of data:

·        Name (first and last name);

·        Phone number;

·        Professional Email address;

·        Title;

·        Location Data (Time zone);

·        Address data (IP address, cookies);

·        System access / usage / authorization data;

·        Contract data; and

·        Application specific data that is transferred by Your Authorized Users.

Special Categories of Data


Processing Operations

Unless otherwise agreed in the applicable Order Form, the transferred Personal Data will be subject to the following basic processing activities:

·        Setting up, operating, monitoring and providing the Solution;

·        Providing consulting services;

·        Communicating to Authorized Users;

·        Invoicing/ accounting;

·        Storing Personal Data in dedicated data centers;

·        Uploading fixes or upgrades to the Solution;

·        Backing up Personal Data;

·        Computer processing of Personal Data (e.g., data transmission, data retrieval, data access, etc.);

·        Network access to allow Personal Data transfer;

·        Verifying compliance with these Terms;

·        Testing and applying new product or system versions, patches, updates and upgrades;

·        Consulting services;

·        Monitoring and testing system use and performance;

·        Resolving bugs and other issues;

·        Monitoring the Solution;

·        Backup and restoration of Your Data stored in the Solution;

·        Release and development of fixes and upgrades to the Solution;

·        Monitoring, troubleshooting and administering the underlying Solution infrastructure and database;

·        Security monitoring, network-based intrusion detection support and penetration testing.

·        Providing support when You submit a support ticket because the Solution is not available or not working as expected for some or all Authorized Users. We answer phones and perform basic troubleshooting, and handle support tickets in a tracking system that is separate from the production instance of the Solution;

·        Complying with applicable legal requirements; and

·        Execution of Your instructions in accordance with these Terms.








  • Introduction. When processing Personal Data on Your behalf in connection with Your access to or use of the Solution, We have implemented and will maintain appropriate technical and organizational security measures for the processing of such data, including the measures specified in this Attachment to the extent applicable. These measures are intended to protect Personal Data against accidental or unauthorized loss, destruction, alteration, disclosure or access, and against other unlawful forms of processing.
  • Physical Access Control. We employ measures designed to prevent unauthorized persons from gaining access to data processing systems in which Personal Data is processed, such as the use of security personnel, secured buildings and data center premises.
  • System Access Control. To the extent applicable: (a) authentication via passwords or two-factor authentication, (b) documented authorization processes, (c) documented change management processes, (d) logging of access on several levels, (e) log-ins to the Solution environments by Our employees and Subprocessors are logged; (f) logical access to the data centers is restricted and protected by firewall/VLAN; and (g) intrusion detection systems, centralized logging and alerting, and firewalls are used.
  • Data Access Control. Personal Data is accessible and manageable only by properly authorized staff appointed as system administrators, direct database query access is restricted, and application access rights are established and enforced.
  • In addition to the access control rules described above We are responsible to manage the access and rights to operate the Cloud Services (as for instance administration, exploitation, security, data protection, backups). However, it is Your responsibility to manage the access and rights to the application and data accessible through it.
  • Transmission Control. Except as otherwise specified these Terms or the applicable Documentation, transfers of data outside the Solution environment are encrypted. The content of communications (including sender and recipient addresses) sent through some email or messaging services may not be encrypted. You are solely responsible for the results of Your decision to use unencrypted communications or transmissions.
  • Input Control. The Personal Data source is under Your control. Personal Data integration into the system is managed by secured file transfer (i.e., via web services or entered into the application) from You. To the extent the Solution permits You to use unencrypted file transfer protocols, You are solely responsible for Your decision to use such unencrypted file transfer protocols.
  • Data Backup. Back-ups are taken on a regular basis and are secured using a combination of technical and physical controls, depending on the circumstances.
  • Data Segregation. Personal Data from Our different customers' environments is logically segregated on Our systems.