Please click on the title of the legal notice below to read more about it.
Download a copy of this Acceptable Use Policy.
This Acceptable Use Policy (this “Policy”) describes prohibited uses of the software and related services offered by Zadara Storage Inc. and its subsidiaries and affiliates (the “Software”and“Services” respectively) and the website located at https://www.zadara.com (the “Zadara Site”). The examples described in this Policy are not exhaustive. This Policy applies to yourself and any other entities you or your affiliates enable to utilize the Software (collectively “You”). We may modify this Policy at any time and without notice by posting a revised version on the Zadara Site. By using the Software or accessing the Zadara Site, you agree to the latest version of this Policy. If you violate the Policy or authorize or help others to do so, we may suspend or terminate part or all of your use of the Software and the Services.
- No Illegal, Harmful, or Offensive Use or Content
You may not use, or encourage, promote, facilitate or instruct others to use, the Software or Zadara Site for any illegal, harmful or offensive use, or to transmit, store, display, distribute or otherwise make available content that is illegal, harmful, or offensive. Examples of prohibited activities or content include:
Illegal Activities. Any illegal activities, including advertising, transmitting, or otherwise making available gambling sites or services or disseminating, promoting or facilitating child pornography.
Harmful or Fraudulent Activities. Activities that may be harmful to others, our operations or reputation, including offering or disseminating fraudulent goods, services, schemes, or promotions (e.g., make-money-fast schemes, ponzi and pyramid schemes, phishing, or pharming), or engaging in other unfair and/or deceptive practices.
Infringing Content. Content that infringes or misappropriates the intellectual property or proprietary rights of others.
Offensive Content. Content that is defamatory, obscene, abusive, invasive of privacy, or otherwise objectionable, including content that constitutes child pornography, relates to bestiality, or depicts non-consensual sex acts.
Harmful Content. Content or other computer technology that may damage, interfere with, surreptitiously intercept, or expropriate any system, program, or data, including viruses, Trojan horses, worms, time bombs, or cancelbots.
- No Security Violations
You may not use the Software to violate the security or integrity of any network, computer or communications system, software application, or network or computing device (each, a “System”). Prohibited activities include:
Unauthorized Access. Accessing or using any System without permission, including attempting to probe, scan, or test the vulnerability of a System or to breach any security or authentication measures used by a System.
Interception. Monitoring of data or traffic on a System without permission.
Falsification of Origin. Forging TCP-IP packet headers, e-mail headers, or any part of a message describing its origin or route. This prohibition does not include the use of aliases or anonymous remailers.
- No Network Abuse
You may not make network connections to any users, hosts, or networks unless you have permission to communicate with them. Prohibited activities include:
Monitoring or Crawling. Unauthorized Monitoring or crawling of a System that impairs or disrupts the System being monitored or crawled.
Denial of Service (DoS). Inundating a target with communications requests so the target either cannot respond to legitimate traffic or responds so slowly that it becomes ineffective.
Intentional Interference. Interfering with the proper functioning of any System, including any deliberate attempt to overload a system by mail bombing, news bombing, broadcast attacks, or flooding techniques.
Operation of Certain Network Services. Operating network services like open proxies, open mail relays, or open recursive domain name servers.
Avoiding System Restrictions. Using manual or electronic means to avoid any use limitations placed on a System, such as access and storage restrictions.
- No E-Mail/Message Abuse
You will not distribute, publish, send, or facilitate the sending of unsolicited mass e-mailing or other messages, promotions, advertising, or solicitations (e.g., “spam mail”), including commercial advertising and informational announcements. You will not alter or obscure mail headers or assume a sender’s identity without the sender’s explicit permission. You will not collect replies to messages sent from another internet service provider if those messages violate this Policy or the acceptable use policy of that provider.
- Our Monitoring and Enforcement
We reserve the right, but do not assume the obligation, to investigate any violation of this Policy or misuse of the Software or the Services or Zadara Site. We may, in our sole discretion:
(a) Investigate violations of this Policy or misuse of the Software, the Services or Zadara Site; or
(b) Remove, disable access to, or modify any content or resource that violates this Policy or any other agreement we have with you for use of the Services or the Zadara Site; or
(c) Report any activity that we suspect violates any law or regulation to appropriate law enforcement officials, regulators, or other appropriate third parties. Our reporting may include disclosing appropriate customer information. We also may cooperate with appropriate law enforcement agencies, regulators, or other appropriate third parties to help with the investigation and prosecution of illegal conduct by providing network and systems information related to alleged violations of this Policy.
- Reporting of Violations of this Policy
If you become aware of any violation of this Policy, you will immediately notify us and provide us with assistance, as requested, to stop or remedy the violation. To report any violation of this Policy, please contact us via E-Mail at: firstname.lastname@example.org.
Never forget to look up the online HTML CheatSheet when you forget how to write an image, a table or an iframe or any other tag in HTML!
Download a copy of this Acceptable Use Policy.
Download a signed copy of this DPA for your execution.
This Data Processing Addendum (“DPA”) forms part of the Terms of Service for the purchase of storage services from Zadara (identified either as “Services” or otherwise in the applicable agreement, and hereinafter defined as “Services”) (the “Agreement”) to reflect the parties’ agreement with regard to the Processing of Personal Data
By accepting the Agreement, Customer enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws and Regulations, in the name and on behalf of its Authorized Affiliates, if and to the extent Zadara processes Personal Data for which such Authorized Affiliates qualify as the Controller. For the purposes of this DPA only, and except where indicated otherwise, the term “Customer” shall include Customer and Authorized Affiliates. All capitalized terms not defined herein shall have the meaning set forth in the Agreement.
In the course of providing the Services to Customer pursuant to the Agreement, Zadara may Process Personal Data on behalf of Customer and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
HOW THIS DPA APPLIES
- a) If the Customer entity entering into this DPA is a party to the Agreement, this DPA is an addendum to and forms part of the Agreement. In such case, the Zadara entity that is party to the Agreement is party to this DPA. If Customer has purchased the Services though an authorized reseller, Customer should contact the authorized reseller to discuss whether any amendment to its agreement with the authorized reseller is required.
- This DPA consists of two parts: the main body of the DPA, and Schedules 1 and 2. This DPA has been pre-signed on behalf of Zadara and its Affiliates. The Standard Contractual Clauses in Schedule 2 have been pre-signed by Zadara Storage Inc. as the data importer. To complete this DPA, Customer must: (i) Complete the information in the signature box and sign on Page 6 and 7; (ii) Complete the information as the data exporter on Page 9; (iii) Complete the information in the signature box and sign on Page 13; (iv) Send the completed and signed DPA to Zadara by email, indicating the Customer’s full legal name (as set out on the applicable Order form or invoice), to email@example.com.
- c) This DPA shall not replace any comparable or additional rights relating to Processing of Customer Data contained in the Agreement.
DATA PROCESSING TERMS
- “Adequate Country” means a country or territory that is recognized under EU Data Protection Rules and Regulations as providing adequate protection for Personal Data
- “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity..
- “Authorized Affiliate”means any of Customer’s Affiliate(s) which (a) is subject to the data protection laws and regulations of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom, and (b) is permitted to use the Services pursuant to the Agreement between Customer and Zadara but has not signed its own Order Form with Zadara and is not a “Customer” as defined under the Agreement.
- “Zadara”means Zadara Storage Inc., a limited liability company organized under the laws of the State of Delaware, USA, acting on its behalf and in the name and on behalf of each of its Affiliates.
- “Controller”means the entity which determines the purposes and means of the Processing of Personal Data.
- “Customer Data”means what is defined in the Agreement as “Customer Data”.
- “Data Protection Laws and Regulations”means laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the Agreement.
- “Data Subject”means the identified or identifiable person to whom Personal Data relates.
- “GDPR”means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “Personal Data”means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Laws and Regulations), where for each (i) or (ii), such data is Customer Data.
- “Processing”means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor”means the entity which Processes Personal Data on behalf of the Controller.
- “Security Documentation” means the Security Documentation applicable to the specific Services purchased by Customer, as updated from time to time, and accessible via Zadara’s webpage, or as otherwise made reasonably available by Zadara.
- “Standard Contractual Sections” means the contractual Sections set out in Schedule 2 to this DPA.
- “Sub-processor”means any Processor engaged by Zadara or an Affiliate of Zadara.
- “Supervisory Authority” means an independent public authority which is established by an EU Member State pursuant to the GDPR.
2. PROCESSING OF PERSONAL DATA
- Roles of the Parties.The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller, Zadara is the Processor and that Zadara or its Affiliates will engage Sub-processors pursuant to the requirements set forth in Section 5 “Sub-processors” below.
- Customer’s Processing of Personal Data. Customer shall, in its use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, Customer’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. Customer shall have sole responsibility for the means by which Customer acquired Personal Data.
- Zadara’s Processing of Personal Data. Subject to the Agreement with Customer, Zadara shall Process Personal Data in accordance with Customer’s documented instructions for the following purposes: (i) Processing in accordance with the Agreement and applicable Order Form(s); (ii) Processing by customer users in their use if the Services; (iii) Processing for Customer to be able to use the Services; and (iv) Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement. To the extent that Zadara cannot comply with a change to Customer’s instructions without incurring material additional costs, Zadara shall: (i) inform Customer, giving full details of the problem; and (ii) storing those data until revised instructions are received. Any changes in Customer’s instructions that affect the pricing structure or commercial relationship between the parties must go through an appropriate change control procedure. The Parties confirm that this DPA is Customer’s complete and final instructions to Zadara is relation to processing of the Customer Data.
- Details of the Processing. The subject-matter of Processing of Personal Data by Zadara is the performance of the Services pursuant to the Agreement. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Schedule 1 (Details of the Processing) to this DPA.
3. RIGHTS OF DATA SUBJECTS
- Data Subject. Zadara shall, to the extent legally permitted, promptly notify Customer if Zadara receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”). However, it is agreed that Zadara processes only the Personal Data that Customer has chosen to share with Zadara. Zadara has no direct or contractual relationship with Data Subjects. As a result, Customer is solely responsible for satisfying all legal obligations owed directly to the Data Subject under applicable data protection laws.
4. ZADARA PERSONNEL
- Confidentiality. Zadara shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and have executed written confidentiality agreements. Zadara shall ensure that such confidentiality obligations survive the termination of the personnel engagement.
- Zadarashalltakecommercially reasonable stepstoensurethereliabilityofanyZadarapersonnelengaged intheProcessingofPersonalData.
- Limitation of Access. Zadara shall ensure that Zadara’s access to Personal Data is limited to those personnel performing Services in accordance with the Agreement.
- Appointment of Sub-processors.Customer acknowledges and agrees that Zadara may engage third-party Sub-processors in connection with the provision of the Services. Where a Sub-processor will process Personal Data which is subject to EU Data Protection Laws and Regulations, Zadara will ensure that the Sub-processor is subject to contractual obligations regarding Personal Data not less protective than those in this Agreement with respect to the protection of Customer Data to the extent applicable to the nature of the Services provided by such Sub-processor.
- List of Current Sub-processors and Notification of New Sub-processors. Customer may find on Zadara’s webpage a mechanism to subscribe to notifications of new Sub-processors, to which Customer shall subscribe, and if Customer subscribes, Zadara shall provide notification of a new Sub-processor(s) before authorizing any new Sub-processor(s) to Process Personal Data in connection with the provision of the Services.
- Objection Right for New Sub-processors.Customer may object to Zadara’s use of a new Sub-processor by notifying Zadara promptly in writing within ten (10) business days after receipt of Zadara’s notice in accordance with the mechanism set out in Section 5.2. In the event Customer objects to a new Sub-processor, as permitted in the preceding sentence, Zadara will use reasonable efforts to make available to Customer a change in the Services or recommend a commercially reasonable change to Customer’s configuration or use of the Services to avoid Processing of Personal Data by the objected-to new Sub-processor without unreasonably burdening the Customer. If Zadara is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer’s sole remedy is to terminate the applicable Order Form(s) with respect only to those Services which cannot be provided by Zadara without the use of the objected-to new Sub-processor by providing written notice to Zadara.
- Liability. Zadara shall be liable for the acts and omissions of its Sub-processors to the same extent Zadara would be liable if performing the services of each Sub-processor directly under the terms of this DPA, except as otherwise set forth in the Agreement.
- Controls for the Protection of Customer.Zadara shall maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Data), confidentiality and integrity of Customer Data, as set forth in the Security Documentation. Zadara regularly monitors compliance with these measures. Zadara will not materially decrease the overall security of the Services during a subscription term. Customer is solely responsible for reviewing the information made available by Zadara relating to data security and making an independent determination as to whether the Services meet Customer’s requirements, and for ensuring that Customer’s personnel and consultants follow the guidelines they are provide regarding data security.
- Third-Party Certifications and Audits.Zadara has completed Service Organization Control 2 (SOC 2) Type II and ISO 27001 audits for the Services, which were conducted by an independent auditor that evaluated the design and effectiveness of Zadara security policies, procedures, and controls. Zadara will continue to undergo regular Service Organization Control audits for the Service during the Term. Upon Customer’s written request at reasonable intervals but no more than once per year, and subject to the confidentiality obligations set forth in the Agreement, Zadara shall make available to Customer that is not a competitor of Zadara (or Customer’s independent, third-party auditor that is not a competitor of Zadara) a copy of Zadara’s then most recent third-party audits or certifications, as applicable.
7. CUSTOMER DATA INCIDENT MANAGEMENT AND NOTIFICATION
Zadara maintains security incident management policies and procedures specified in Security Documentation and, to the extent required under applicable Data Protection Laws and Regulations, shall notify Customer without undue delay after becoming aware of the actual unauthorized disclosure of or access to Customer Data, or compromise of Zadara’s systems that Zadara determines is reasonably likely to result in such disclosure or access, caused by failure of Zadara’s security measures and excluding any unauthorized disclosure or access that is caused by Customer or its users, including Customer or its End Users’ failure to adequately secure equipment or accounts (a “Customer Data Incident”). Zadara shall make reasonable efforts to identify the cause of such Customer Data Incident and take those steps as Zadara deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within Zadara’s reasonable control. Zadara may limit the scope of, or refrain from delivering, any disclosures to the extent reasonably necessary to avoid compromising the integrity of Zadara’s security, an ongoing investigation, or any Customer’s or end user’s data.
8. RETURN AND DELETION OF CUSTOMER DATA
Subject to the Agreement, Zadara shall, to the extent allowed by applicable law, delete Customer Data in accordance with the procedures and timeframes specified in applicable Data Protection Laws and Regulations.
9. AUTHORIZED AFFILIATES
- Contractual Relationship. The parties acknowledge and agree that, by executing the Agreement, the Customer enters into the DPA on behalf of itself and, as applicable, in the name and on behalf of its Authorized Affiliates, thereby establishing a separate DPA between Zadara and each such Authorized Affiliate subject to the provisions of the Agreement and this Section 9 and Section 10. Each Authorized Affiliate agrees to be bound by the obligations under this DPA and, to the extent applicable, the Agreement. For the avoidance of doubt, an Authorized Affiliate is not and does not become a party to the Agreement, and is only a party to the DPA. All access to and use of the Services and Content by Authorized Affiliates must comply with the terms and conditions of the Agreement and any violation of the terms and conditions of the Agreement by an Authorized Affiliate shall be deemed a violation by Customer.
- Communication.The Customer that is the contracting party to the Agreement shall remain responsible for coordinating all communication with Zadara under this DPA and be entitled to make and receive any communication in relation to this DPA on behalf of its Authorized Affiliates.
- Rights of Authorized Affiliates Where an Authorized Affiliate becomes a party to this DPA with Zadara, it shall, to the extent required under applicable Data Protection Laws and Regulations, be entitled to exercise the rights and seek remedies under this DPA, subject to the following:
- 9.3.1 Except where applicable Data Protection Laws and Regulations require the Authorized Affiliate to exercise a right or seek any remedy under this DPA against Zadara directly by itself, the parties agree that: (i) solely the Customer that is the contracting party to the Agreement shall exercise any such right or seek any such remedy on behalf of the Authorized Affiliate, and (ii) the Customer that is the contracting party to the Agreement shall exercise any such rights under this DPA not separately for each Authorized Affiliate individually but in a combined manner for all of its Authorized Affiliates together (as set forth, for example, in Section 9.3.2, below).
- 9.3.2 The parties agree that the Customer that is the contracting party to the Agreement shall, when carrying out an on-site audit of the procedures relevant to the protection of Personal Data, take all reasonable measures to limit any impact on Zadara and its Sub-Processors by combining, to the extent reasonable possible, several audit requests carried out on behalf of different Authorized Affiliates in one single audit.
10. LIMITATION OF LIABILITY
Each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this DPA, and all DPAs between Authorized Affiliates and Zadara, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement and all DPAs together.
For the avoidance of doubt, Zadara’s and its Affiliates’ total liability for all claims from the Customer and all of its Authorized Affiliates arising out of or related to the Agreement and each DPA shall apply in the aggregate for all claims under both the Agreement and all DPAs established under this Agreement, including by Customer and all Authorized Affiliates, and, in particular, shall not be understood to apply individually and severally to Customer and/or to any Authorized Affiliate that is a contractual party to any such DPA.
Also for the avoidance of doubt, each reference to the DPA in this DPA means this DPA including its Schedules and Appendices (if any).
11. DATA TRANSFER
- Customer may specify the Zadara region where Customer Data will be Processed within the Zadara datacenters. Once Customer had made up its choice, Zadara will not transfer Customer Data from Customer’s selected region, except as necessary to comply with the law or a valid and binding order of a law enforcement agency.
- If, in the performance of this DPA, Zadara transfers any Personal Data to a sub-processor located outside of the European Economic Area (except if an Adequate Country and without prejudice to Section 5), Zadara shall in advance of any such transfer ensure that a legal mechanism to achieve adequacy in respect of that Processing is in place, such as:
- the requirement for Zadara to execute or procure that the sub-processor execute to the benefit of the Customer the Standard Contractual Sections as set out in Schedule 2;
- the existence of any other specifically approved safeguard for data transfers (as recognized under EU Data Protection Laws) and/or a European Commission finding of adequacy.
- The following terms shall apply to the standard contractual Sections set out in Schedule 2:
- The Customer may exercise its right of audit under Section 5(a)viof the Standard Contractual Sections as set out in, and subject to the requirements of Section 2 of this DPA; and
- Zadara may appoint sub-processors as set out, and subject to the requirements of, Section 5 of this DPA.
This DPA shall only become legally binding between Customer and Zadara when the formalities steps set out in the Section “HOW TO EXECUTE THIS DPA” above have been fully completed.
Download a signed copy of this DPA for your execution.
List of Schedules
· SCHEDULE1–DETAILS OF THE PROCESSING
· SCHEDULE 2 – STANDARD CONTRACTUAL SECTIONS
Subject Matter of the Personal Data Processing: The provision of the Services by Zadara to Customer.
Duration of the Personal Data Processing: The Term, and any period after the Term prior to Zadara’s deletion of Customer Data.
Nature and Purpose of the Personal Data Processing: To enable Customer to receive and Zadara to provide the storage Services.
Categories of Personal Data: The personal data relating to individuals which is uploaded on to the Services by Customer or its users.
Data Subjects: CustomermaysubmitPersonalDatatotheServices,theextentofwhichisdeterminedandcontrolledbyCustomerinitssolediscretion,andwhichmayinclude,butisnotlimitedtoPersonalDatarelatingtothefollowingcategoriesofdatasubjects:
SCHEDULE 2 – STANDARD CONTRACTUAL SECTIONS
EU Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
Name of the data exporting organization: _________________________
Tel: ___________________________fax: _________________________ e-mail: ______________________
(the “Data Exporter”)
Name of the data importing organization: Zadara Storage Inc.
Address: 6 Venture, Suite 140 Irvine, CA 92618, USA
(the “Data Importer”)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses), in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Sections:
- “personaldata“, “special categories of data“, “process/Processing“, “controller“, “processor“, “data subject” and “supervisory authority” shall have the same meaning as in EU Data Protection Laws 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the Processing of personal data and on the free movement of such data;
- the “data exporter” means the entity who transfers the personal data;
- the “data importer” means the processor who agrees to receive from the data exporter personal data intended for Processing on his behalf after the transfer in accordance with his instructions and the terms of the Sections and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of EU Data Protection Laws 95/46/EC;
- the “sub-processor” means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for Processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Sections and the terms of the written subcontract;
- the “applicable data protection law” means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the Processing of personal data applicable to a data controller in the Member State in which the data exporter is established; and
- “technical and organisational security measures” means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of Processing.
- Details of the Processing.The details of the processing and in particular the special categories of personal data where applicable are specified in Schedule 1 which forms an integral part of the Sections.
- Third-party beneficiary Section
- The data subject can enforce againstthe data exporter this Section, Section 4(a)ii to 4(a)ix, Section 5(a)i to 5(a)v, and 5(a)vii to 5(a)x, Section 6(a) and 6(b), Section 7, Section 8(b), and Sections 9 to 12 as third-party beneficiary.
- The data subject can enforce against the data importer this Section, Section 5(a)i to 5(a)v, and 5(a)vii, Section 6, Section 7, Section 8(b), and Sections 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
- The data subject can enforce against the sub-processor this Section, Section 5(a) to (e) and (g), Section 6, Section 7, Section 8(2), and Sections 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub- processor shall be limited to its own Processing operations under the Sections.
- The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
- Obligations of the data exporter
- The data exporter agrees and warrants:
- that the Processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
- that it has instructed and throughout the duration of the personal data-Processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Sections;
- that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Schedule 2 to this contract;
- that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of Processing, and that these measures ensure a level of security appropriate to the risks presented by the Processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
- that it will ensure compliance with the security measures;
- that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of EU Data Protection Laws 95/46/EC;
- to forward any notification received from the data importer or any sub-processor pursuant to Section 5(a)ii and Section 8(c) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
- to make available to the data subjects upon request a copy of the Sections, with the exception of Schedule 2, and a summary description of the security measures, as well as a copy of any contract for sub-Processing services which has to be made in accordance with the Sections, unless the Sections or the contract contain commercial information, in which case it may remove such commercial information;
- that, in the event of sub-Processing, the Processing activity is carried out in accordance with Section 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Sections; and
- that it will ensure compliance with Section 4(a)i to (ix).
- Obligations of the data importer
- The data importer agrees and warrants:
- to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Sections; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Sections, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has implemented the technical and organisational security measures specified in Schedule 2 before Processing the personal data transferred;
- that it will promptly notify the data exporter about:
- any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
- any accidental or unauthorised access; and
- any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
- to deal promptly and properly with all inquiries from the data exporter relating to its Processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the Processing of the data transferred;
- at the request of the data exporter to submit its data-Processing facilities for audit of the Processing activities covered by the Sections which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
- to make available to the data subject upon request a copy of the Sections, or any existing contract for sub-Processing, unless the Sections or contract contain commercial information, in which case it may remove such commercial information, with the exception of Schedule 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
- that, in the event of sub-Processing, it has previously informed the data exporter and obtained its prior written consent;
- that the Processing services by the sub-processor will be carried out in accordance with Section 11;
- to send promptly a copy of any sub-processor agreement it concludes under the Sections to the data exporter.
- The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Section 3 or in Section 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
- If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Section 3 or in Section 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
- If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs (a) and (b), arising out of a breach by the sub-processor of any of their obligations referred to in Section 3 or in Section 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own Processing operations under the Sections as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity.The liability of the sub-processor shall be limited to its own Processing operations under the Sections.
- Mediation and jurisdiction
- The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Sections, the data importer will accept the decision of the data subject:
- to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
- to refer the dispute to the courts in the Member State in which the data exporter is established.
- The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
- Co-operation with supervisory authorities
- The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
- The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Section 5(a)ii.
- Governing law. The Sections shall be governed by the laws of the Member State in which the data exporter is established.
- Variation of the contract. The parties undertake not to vary or modify the Sections. This does not preclude the parties from adding Sections on business related issues where required as long as they do not contradict the Section.
- The data importer shall not subcontract any of its Processing operations performed on behalf of the data exporter under the Sections without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Sections, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Sections. Where the sub-processor fails to fulfill its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
- The prior written contract between the data importer and the sub-processor shall also provide for a third party beneficiary Section as laid down in Section 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph (a) of Section 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own Processing operations under the Sections.
- The provisions relating to data protection aspects for sub-Processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
- The data exporter shall keep a list of sub-Processing agreements concluded under the Sections and notified by the data importer pursuant to Section 5(a)x, which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
- Obligation after the termination of personal data-Processing services
- The parties agree that on the termination of the provision of data-Processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
- The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-Processing facilities for an audit of the measures referred to in paragraph (a).
to the Standard Contractual Clauses
This Appendix forms part of the Clauses.
Data Exporter. The Data Exporter is the customer to the Agreement, as amended by the DPA.
Data Importer. The Data Importer is Zadara Storage Ltd. and/or Zadara Storage UK Limited or Zadara Storage Inc. (“Zadara”), a global provider of cloud storage services. Zadara provides software applications that allow Customer to store its data through the Services. Zadara’s service may also be accessed by Application Programming Interfaces (APIs).
Data Subjects.The personal data transferred concern the Data Exporter’s and Data Exporter’s affiliates’ end users including employees, consultants and contractors of the Data Exporter, as well as Data Exporter’s users authorized by Data Exporter’s to use the Services, prospects, customers, business partners and vendors of Data Exporter (who are natural persons), employees or contact persons of Data Exporter’s prospects, customers, business partners and vendors.
Categories of dataThe personal data transferred concern end users identifying information and organization data (both on-line and offline) as well as documents, images and other content or data in electronic form stored or transmitted by end users via Data Importer’s services.
Processing operations. The personal data transferred will be subject to the following basic processing activities Storage through Zadara’s Services.
Scope of Processing. The scope and purposes of processing the Data Exporter’s personal data is described in the DPA to which these Clauses are annexed as well as the Agreement between Data Exporter and Data Importer.
Term of Processing. The term for data processing will be the term set forth in the applicable Agreement.
Data Deletion or Return. Upon expiration or termination of the Agreement, Data Importer agrees to delete or return Data Exporter’s personal data from Data Importer’s service, in accordance with the terms and conditions of the Agreement.
Sub-processing. Data Importer may engage other companies to provide parts of the Service on Data Importer’s behalf. Data Importer will ensure that any such Sub-Processors will only access and use any personal data of Data Exporter to provide the service in accordance with the Agreement.
to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and Organizational security measures implemented by the data importer in accordance with Clauses 4 and 5 (or document/legislation attached):
The technical and organizational Security Measures implemented by the Data Importer are as described in this DPA.
Download a signed copy of this DPA for your execution.
We, at Zadara., are committed to respecting our customers’ and their users’ privacy, protecting their personal data and making sure it is used properly by us. This privacy notice explains the principles of our privacy practices for processing personal data on our website and services: what data we collect, how we collect it, what we do with it, how we protect it, and your rights regarding your user’s information.
This Service Level Agreement (“SLA”) governs Customer’s use of Zadara’s storage services (the “Services”) during the term of the Zadara Terms of Service (“Agreement”). Capitalized terms used herein shall have the meaning specified in the Agreement. Zadara reserves the right to change the terms of this SLA in accordance with the Agreement. Download a copy of this SLA document.
- Service Commitment
Zadara will use commercially reasonable efforts to make the Services available with a monthly uptime percentage of at least 99.999%, in each case during any monthly billing cycle (the “Service Commitment”).
Unavailability period is a period of one or more consecutive minutes of loss of external connectivity to Customer Data, measured separately for each Virtual Private Storage Array associated with Customer’s account (“Unavailability” and “VPSA” respectively). Partial minutes or intermittent Unavailability for a period of less than one minute will not be counted towards any Unavailability period. The Unavailability period will commence when the Customer is unable to access Customer data stored via the Services and will end when access becomes available, provided that such Unavailability is not due to any of the SLA exclusions outlined below.
- Service Credit Calculation
A Service Credit is an amount measured in US dollars or other applicable currency that Zadara will apply against a Customer’s future payments to Zadara, calculated based on the recurring or metered subscription amount of the affected VPSA (net of any discounts) for the billing month in which the Unavailability event occurred (“Service Credit”). If the invoice does not include separate billing for each VPSA, Zadara shall calculate the credit based on the ratio between the capacity of the data stored through the affected VPSA and the total capacity invoiced. Service Credits are not transferable, do not convert to cash refunds or refunds in any other form, and expire after one month of having been issued. Service Credits are the sole and exclusive remedy available to the Customer for any Unavailability occurring during the Agreement term or for any other claim in connection with this SLA. In the event that the Services do not meet the Service Commitment, the Customer will be eligible to receive a Service Credit according to the following schedule:
|Monthly Cumulative Unavailability
(listed in minutes)
(% of the monthly fee of the affected VPSA)
|1 – 120||5%|
|121 – 420||25%|
|421 – 840||50%|
|841 – 1440||75%|
|1441 (or above)||100%|
- Requesting Service Credits
To be eligible for Service Credits, an affected Customer must request the credit via the Customer Support page located at support.zadara.com within fifteen (15) days of the Unavailability. This request must include the dates, times, and duration of the Unavailability. Once Zadara confirms the Unavailability and approves the claim, the corresponding Service Credits will be applied automatically to the invoice issued in the month following the applicable Unavailability. Failure to request Service Credits or provide the required documentation supporting the requests will make the Customer ineligible for Service Credits. The Customer must be current on all outstanding invoices in order to be eligible for the Service Credits referenced in this SLA. No Service Credits will be extended if the Customer is delinquent in its payment of outstanding invoices. Zadara’s monitoring tools and records will be the sole source of information used to track and validate Unavailability.
- SLA Exclusions
This SLA only applies to unplanned Unavailability of the Services in standard operating conditions. Exclusions include, but are not limited to, the following:
- Unavailability of the Services during scheduled maintenance windows, emergency maintenance or any other agreed-to scheduled Unavailability activity.
- Unavailability caused by failures of third party systems or services that are outside of Zadara’s control.
- Unavailability that resulted from modifications or changes of the operating system, database, application code or other Customer code, not provided by Zadara.
- Any availability or outage impact related to customer-side security breaches or compromised service credentials.
- Unavailability associated with improper use of the Services (credentials, call sequence, method formats, etc.).
- Any Unavailability that resulted from act or omission of Customer, its authorized end users, anybody on their behalf or any other third party, not under the control or responsibility of Zadara, including but not limited to Customer failure to provide Remote Hands or adhere to Zadara’s instructions related to the operation of the Service.
- Any external factor affecting Customers from making use of Services.
- Unavailability of access to volumes encrypted by the Services, due to failure of the Customer to provide the encryption password, or failure to enter the encryption password in a timely manner, or loss of the encryption password by the Customer.
- Suspension or termination of the Services as described in the Terms of Service.
- Any Service outage due to force majeure events or any other events that are not within Zadara’s control or that could not have been avoided with commercially reasonable care.
- Bugs in code or services for which there is no commercially known fix.
- Any Unavailability caused as a result of the Customer’s equipment, software or other technology.
- Any Unavailability caused as a result of abuses or other behaviors that violate this SLA.
Last Updated Jul 21, 2019
Download a copy of this Terms of Service.
TERMS OF SERVICE between Zadara Storage, Inc. and/or the Affiliate, from whom Customer purchases the Services defined below (“Zadara“), and the customer who orders the Services (“Customer“).
Customer’s use of the Services shall be governed by these Terms of Service and the Acceptable Use Policy. In addition (and subject to the below), the Order may contain additional terms applicable to the Services. The term “Agreement” shall refer to these Terms of Service, the Acceptable Use Policy and Customer’s Order. The Services are purchased electronically. Customer acknowledges that its electronic consent constitutes its acceptance of the Agreement for each Order it submits. If Customer is entering into this Agreement for an entity, such as an employer, Customer represents that it is not a consumer, and that it has the legal authority to bind that entity to the Agreement.
IF CUSTOMER DOES NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT, IT MUST ABANDON THE SIGNUP PROCESS AND MAY NOT USE THE SERVICES.
- DEFINED TERMS
For the purpose of this Agreement, the following terms shall have the following meaning:
“Acceptable Use Policy”or “AUP”means the Acceptable Use Policy https://www.zadara.com, as may be amended from time to time.
“API”means application programming interface.
“Application”means software application or web site created by the Customer which interfaces with the Services.
“Affiliate”means any and all legal entities which are now or hereafter under the control of the ultimate parent of Zadara. For the purpose of this definition, “control” means an entity, directly or indirectly, holding more than fifty per cent (50%) of the issued share capital, or more than fifty per cent (50%) of the voting power at general meetings, or which has the power to appoint and to dismiss a majority of the directors or otherwise to direct the activities of such legal entity.
“Confidential Information”means all information disclosed by one party to the other, whether before or after the effective date of the Agreement, concerning the disclosing party’s business, business plans, customers, strategies, trade secrets, technology and any intellectual property related thereto, finances, assets and products. Information will not be deemed Confidential Information hereunder if such information: (i) is or becomes known without restriction to the receiving party from a source other than one having an obligation of confidentiality to the disclosing party; (ii) becomes generally publicly known or otherwise ceases to be secret or confidential, except through a breach of this Agreement by the receiving party; or (iii) is independently developed by the receiving party without reference to the Confidential Information.
“Customer Data”means all data, records, files, input materials, reports, forms and other such items that are received, stored or transmitted using the Services.
“Data Processing Addendum”means Data Processing Addendumlocated at https://www.zadara.com.
“Maintenance”means any maintenance action performed on Zadara’s Services related hardware, and any upgrades, improvements and bug fixes performed on Zadara’s Services related software.
“Services”means the services described in the Order, including any services Customer utilizes via an API.
“Software”means any downloadable or accessible tools, software development kits (SDK), APIs or other such proprietary computer software modules provided by Zadara in connection with the Services, which may be downloaded or accessed by Customer, and any updates Zadara may make to such software from time to time.
“Support”means the applicable level of support offered by Zadara, as detailed in the Order.
- PROVISION OF SERVICES, LOCATIONS AND ACCESS
2.1 Contingent on Zadara’s acceptance of Customer’s Order, and subject to the terms and conditions of the Agreement, Zadara agrees to provide the Services and the Support described in Customer’s Order. The Services may be accessed via APIs provided by Zadara. Zadara may modify or replace its APIs at any time.
2.2 By signing up for Services, Customer understands that Zadara may send Customer (including via email) information regarding the Services, such as: (a) notices about Customer’s use of the Services, including notices of violations of use; (b) updates to the Services and new features or products; and (c) promotional information and materials regarding the services. If Customer doesn’t consent to receive notices (other than promotional materials) electronically, Customer must stop using the Services.
2.3 Zadara stores the Application and Customer Data on the drives selected by the customer at the VPSA creation. By using the Services Customer consents to this storage of the Application and the Customer Data Zadara agrees to store the Application and Customer Data in the specific geographic location(s) named at the time of purchase (“Location(s)”). Customer understands and agrees that while the Customer Data will be stored and may be processed in the Location(s), some processing and metadata storage may continue to be provided from the United States. It is Customer’s responsibility to configure and properly utilize the applicable Services and Location’s to address its obligations related to data types and data residency obligations.
- WHO MAY USE THE SERVICES
3.1 Customer may authorize others to use the Services, except as provided below or otherwise restricted by Zadara. If Customer’s authorizes othersto use the Services, Customer is responsible for use of the Services by any third party authorized by it, to the same extent as if Customer was using the Services itself. Unless otherwise agreed, Zadara will provide Support only to Customer, and not to any other person which the Customer authorized to use the Services.All of Zadara’s undertakings and obligations hereunder are to the benefit of the Customer only.
- CUSTOMER’S OBLIGATIONS
Customer agrees to: (i) comply with all applicable laws and regulations and the Acceptable Use Policy, (ii) use the Software in compliance with Section 19, (iii) pay when due the fees for the Services, (iv) use reasonable security precautions in light of its use of the Services, including encrypting any personally identifiable information transmitted through the Services and maintaining routine archiving of Customer Data, (v) cooperate with Zadara’s reasonable investigation of outages, security problems, and any suspected breach of the Agreement, (vi) keep its billing contact and other account information up to date, (vii) immediately notify Zadara of any unauthorized use of its account or any other breach of security, and (vii) ensure that calls it make to the Service are compatible with then-current APIs for that Service, and bear the sole responsibility for the technical operation of Customer Data.
- CUSTOMER DATA SECURITY AND PRIVACY:
5.1 Zadara is committed to assist the Customer to protect the security of Customer Data. Zadara uses a variety of administrative, technical and physical security technologies and procedures to help protect Customer’s Data from unauthorized access, use, or disclosure. However, Customer is responsible for properly configuring and using the Services and taking its own steps to maintain appropriate security, protection and backup of the Customer Data. Customer specifically agrees to maintain at least one additional current copy of Customer Data elsewhere.
5.2 As between the Parties, the Customer is the controller of Customer Data. Zadara doesn’t control, verify, or endorse the Customer Data. Customer is responsible for: (a) all Customer Data it uploads through the Services and (b) making sure that Customer has all the rights it needs to the Customer Data. In addition, by storing, using or transmitting Customer Data Customer cannot and will not violate any law or this Agreement (please also see the Acceptable Use Policy).
5.3 You agree to provide Zadara (as well as agents or service providers acting on Zadara’s behalf to provide the Services) the right to transmit, process, use and disclose Customer Data and other information which they may obtain as part of Customer use of the Services but only: (i) as necessary to provide the Services, (ii) as otherwise permitted by these Agreement, (iii) as otherwise required by law, regulation or order, or (iv) to respond to an emergency. Zadara’s data storage practices are described in the Data Processing Addendum, which is hereby incorporated by reference.
5.4 Zadara’s security obligations with respect to Customer Data are limited to the obligations described herein. Zadara shall not use or disclose Customer Data. Customer Data is and shall always remain under the exclusive care, custody and control of Customer.
5.5 Customer must maintain the security of its login credentials and may not share login credentials except as required to establish and authorize users in its account.
- SERVICE LEVEL AGREEMENT
Zadara will provide the Services in accordance with the applicable Service Level Agreement (“SLA“), located at https://www.zadara.com, as may be amended from time to time. The SLA contains service level credits for unavailability of Zadara’s Services.
Zadara performs scheduled Maintenance from time to time. In addition, Zadara may occasionally need to perform emergency or unscheduled Maintenance. These Maintenance activities may cause interruptions to the Services. Zadara will use reasonable efforts to inform Customer in advance of any interruption that involves downtime of the Services.
This Agreement will commence on the date Customer agrees to the terms and conditions of this Agreement, and continues for the term stated in the Order. If no period is stated in the Order, then the initial term shall be one month. Upon expiration of the initial term, the Order will automatically renew for successive one month terms each, unless and until either party gives the other a written notice of non-renewal prior to end of the initial or renewal term, as applicable.
- FEES AND BILLING
Zadara will charge Customer the fees described in Customer’s Order, using one of the payment methods Zadara supports. Customer must provide Zadara with current, complete, accurate and authorized payment method information (e.g. credit card information). Zadara reserves the right to change its prices at any time, unless otherwise is stated in a specific Order. If Customer doesn’t agree to that change, Customer must stop using the Services, and the cancellation date shall be the end of the Service period specified in the Order, if applicable.
8.2 Taxes.Any taxes and duties including value added tax and applicable sales tax (other than Zadara’s income tax), are at Customer’s responsibility and Customer agrees to pay Zadara any Service fee due, without any reduction or withholding for taxes. If Zadara is obligated to collect or pay any taxes, the taxes will be invoiced to Customer, unless Customer provides Zadara with a valid tax exemption certificate authorized by the appropriate taxing authority.
8.3 Billing and Late Payment. Unless otherwise stated in an Order, Zadara calculates and bills fees monthly, based on Customer’s actual usage of the Services, on an hourly basis rounded up to the nearest whole hour. Payment is due upon receipt of Zadara’s invoice. Late payments will accrue interest at a rate of one and one-half percent (1½ %) per month or the highest rate allowed by applicable law, whichever is lower. Zadara reserves the right to have Customer completing a credit application to determine its creditworthiness as a condition of receiving further Services. If Zadara initiates a collection process to recover fees due and payable hereunder, Customer shall reimburse Zadara for all costs associated with such collection efforts.
Zadara reserves the right to suspend the Services without liability if: (i) Zadara reasonably believes that the Services are being used (or have been or are likely to be used) in violation of the Agreement, (ii) Zadara reasonably believes that the Services have been accessed or manipulated by a third party without Customer’s consent, (iii) Zadara reasonably believes that suspension of the Services is necessary to protect Zadara’s network, (iv) a payment for the Services is overdue, or (v) suspension is required by law. Any Customer Data stored through the Services shall be unavailable during the Suspension period. Unless Zadara determines in its reasonable discretion that immediate suspension is required, Zadara will use commercially reasonable efforts to provide Customer with a notice of any Suspension and estimated time to cure.
- TERMINATION FOR CONVENIENCE
Each party may terminate the Agreement for convenience at any time on thirty (30) days advance written notice.
- TERMINATION FOR BREACH
11.1 Zadara may immediately terminate the Agreement for breach on written notice if: (i) Customer’s payment of certain fee is overdue and is not paid within three (3) days of Zadara’s written notice; (ii) a credit report indicates that Customer no longer meet Zadara’s reasonable credit criteria; (iii) Customer fails to comply with any provision of the Agreement and does not remedy the failure within fourteen (14) days of Zadara’s notice.
11.2 Customer may terminate the Agreement for breach on written notice if: (i) Zadara materially fails to provide the Services as agreed and does not remedy that failure within fourteen (14) days of Customer’s written notice describing the failure, or (ii) Zadara materially fails to meet any other obligation stated in the Agreement and does not remedy that failure within fourteen (14) days of Customer’s written notice describing the failure.
- ACCESS AND REMOVAL OF CUSTOMER DATA
12.1 During a Suspension period or following the termination of the Agreement, Customer shall not have access to the Customer Data.
12.2 Upon receipt of Zadara’s notice of termination as detailed above, Customer shall have 7 days to remove all of Customer Data and other information, including without limitation backup copies thereof, that Customer or anybody on its behalf has uploaded, stored or otherwise input through the Services (the “Data Removal Period”). Upon expiration of the Data Removal Period, Zadara may remove any and all Customer Data from Zadara’s cloud servers or any other data storage systems, including without limitation any and all backup copies thereof. Zadara is not responsible for any deletion, destruction, damage, loss or failure by Customer to backup any Customer Data removed by Zadara at the end of the Data Removal Period.
- EXPORT MATTERS
Customer shall, in connection with its use of the Services, comply with all applicable export and re-export control laws and regulations, including the USA Export Administration Regulations, the International Traffic in Arms Regulations, and country-specific economic sanction programs implemented by the US Office of Foreign Assets Control.
- CONFIDENTIAL INFORMATION
14.1 Each party agrees that it will not use in any way, for its own account or the account of any third party, except as expressly permitted by this Agreement, nor disclose to any third party (except as required by law or to that party’s attorneys, accountants and other advisors as reasonably necessary to carry out the purposes of this Agreement), any of the other party’s Confidential Information and will take reasonable precautions to protect the confidentiality of such information.Customer agrees that Zadara will disclose Customer’s Confidential Information to others only on a need to know basis, provided they are bound by confidentiality undertakings at least as stringent as those stated herein.
14.2 FEEDBACK. Customer may choose to or Zadara may invite Customer to submit comments or ideas about the Services, including without limitation comments concerning improvement or enforcement of the Services (“Feedback”). By submitting any Feedback, Customer agrees that: (i) its disclosure is made without entitling Customer to any consideration whatsoever, (ii) its disclosure is unsolicited and without restriction and will not place Zadara under any fiduciary or other obligation, (iii) Zadara is free to use the Feedback without any additional compensation to Customer, and/or to disclose the Feedback on a non-confidential basis or otherwise to anyone, and (iv) it waives all right, title and interest in copyrights, including any other rights that may be known as or referred to as moral rights, andCustomer ratify and consent to any action that may be taken with respect to such moral rights by or authorized by Zadara and agree not to assert any moral rights with respect thereto.
- OWNERSHIP OF INTELLECTUAL PROPERTY
Each Party retains all right, title and interest in and to such Party’s respective trade secrets, inventions, copyrights, and other intellectual property. Any intellectual property developed by Zadara during the performance of the Services shall belong to Zadara unless otherwise agreed in writing between Zadara and Customer. As between the Parties the Software and the Services are and shall be solely owned by Zadara and the licensors of any Software and/or Services related third party software. Customer Data and the Applications shall be solely owned by Customer.
- LIMITATION OF LIABILITY
16.1 ZADARA’S LIABILITY AND OBLIGATIONS ARE AS EXPRESSLY DEFINED IN THIS AGREEMENT. ZADARA SHALL NOT BE LIABLE FOR ANY FAILURE TO PROVIDE THE SERVICES UNLESS SUCH FAILURE RESULTS FROM A BREACH OF THE SLA OR RESULTS FROM ZADARA’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT. THE CREDITS STATED IN ANY APPLICABLE SLA ARE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ZADARA’S FAILURE TO MEET THE SLA GUARANTEES FOR WHICH CREDITS WERE PROVIDED.
16.2 NEITHER ZADARA NOR CUSTOMER (NOR ANY OF THEIR EMPLOYEES, AGENTS, AFFILIATES OR SUPPLIERS) SHALL BE LIABLE TO THE OTHER FOR ANY LOST PROFITS OR ANY OTHER INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL LOSS OR DAMAGE OF ANY KIND, OR FOR ANY LOSS THAT COULD HAVE BEEN AVOIDED BY THE DAMAGED PARTY’S USE OF REASONABLE DILIGENCE, EVEN IF THE PARTY RESPONSIBLE FOR THE DAMAGES HAS BEEN ADVISED OR SHOULD BE AWARE OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY PUNITIVE OR EXEMPLARY DAMAGES.
16.3 NOTWITHSTANDING ANYTHING IN THE AGREEMENT TO THE CONTRARY, EXCEPT FOR LIABILITY BASED ON WILLFUL MISCONDUCT OR FRAUDULENT MISREPRESENTATION, AND LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM ZADARA’S NEGLIGENCE, THE MAXIMUM AGGREGATE MONETARY LIABILITY OF ZADARA AND ANY OF ITS EMPLOYEES, AGENTS, SUPPLIERS, OR AFFILIATES IN CONNECTION WITH THE SERVICES, THE AGREEMENT, AND ANY ACT OR OMISSION RELATED TO THE SERVICES OR THE AGREEMENT, UNDER ANY THEORY OF LAW (INCLUDING BREACH OF CONTRACT, TORT, STRICT LIABILITY, VIOLATION OF LAW, AND INFRINGEMENT) SHALL NOT EXCEED THE GREATER OF (I) THE AGGREGATE FEES CUSTOMER PAID ZADARA WITH RESPECT TO THE SERVICES IN THE SIX MONTHS PERIOD PRECEDING THE OCCURRENCE OF THE EVENT GIVING RISE TO THE CLAIM, OR (II) FIVE HUNDRED US DOLLARS (US $500).
17.1 Zadara Indemnification. Zadara will defend Customer from any third party claim, suit, action or proceeding, and will pay all related damages, costs, expenses, judgments, settlement amounts, and other liabilities (including reasonable attorney’s fees and costs) finally awarded against Customer by a court or tribunal of competent jurisdiction, arising from any allegation that the Services, when used as authorized hereunder in the form provided by Zadara, infringe, misappropriate or violate any copyright, patent, trade secret, trademark or other intellectual property rights of a third party. If Customer seeks indemnification under this Section, it must provide Zadara with prompt notice of the claim, give Zadara sole control of the defense and related settlement negotiations and reasonably cooperate with Zadara, at Zadara’s expense, in defending or settling the claim.
17.2 Customer Indemnification.Customer will defend Zadara from any third party claim, suit, action or proceeding, and will pay all related damages, costs, expenses, judgments, settlement amounts, and other liabilities (including reasonable attorney’s fees and costs) finally awarded against Zadara by a court or tribunal of competent jurisdiction, arising out or related to Customer’s alleged or actual use of, misuse of, or failure to use the Services, including without limitation:: (i) any violation (or alleged violation) of applicable law by Customer or any Customer Data; (ii) any allegation that any Customer Data infringes, misappropriates or violates any copyright, patent, trade secret, trademark or other intellectual property rights of a third party; (iii) any disputes with third party licensors or providers of any Customer Data; (iv) any acts or omissions of Customer or Customer’s authorized users, including any breach of this Agreement.
THERE IS NO GUARANTEE THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE. CUSTOMER ACKNOWLEDGES THAT THERE ARE RISKS INHERENT IN INTERNET CONNECTIVITY THAT COULD RESULT IN THE LOSS OF CUSTOMER’S PRIVACY, CUSTOMER DATA AND CONFIDENTIAL INFORMATION. ZADARA HAS NO OBLIGATION TO PROVIDE SECURITY OTHER THAN AS STATED IN THIS AGREEMENT. ZADARA DISCLAIMS ANY AND ALL WARRANTIESNOT EXPRESSLY STATED IN THE AGREEMENT, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CUSTOMER IS SOLELY RESPONSIBLE FOR THE SUITABILITY OF THE SERVICES CHOSEN, INCLUDING THE SUITABILITY AS IT RELATES TO CUSTOMER DATA. THE SERVICES ARE PROVIDED AS IS, SUBJECT ONLY TO ANY APPLICABLE SLA (AS DESCRIBED IN SECTION 6ABOVE). ANY VOLUNTARY SERVICES ZADARA MAY PERFORM FOR CUSTOMER AT CUSTOMER’S REQUEST AND WITHOUT ANY ADDITIONAL CHARGE ARE PROVIDED AS IS. CUSTOMER IS SOLELY RESPONSIBLE FOR DETERMINING THE SUITABILITY OF THE SERVICES FOR CUSTOMER’S USE IN LIGHT OF ANY APPLICABLE DATA PRIVACY LAWS AND REGULATIONS.
19.1 All Software that Zadara provides for Customer’s use is subject to the terms of this Agreement. Customer may not use any Software after the expiration or termination of this Agreement, or the termination of the particular Service for which it was provided, and Customer may not copy the Software unless expressly permitted by the Agreement. Customer may not remove, modify or obscure any copyright, trademark or other proprietary rights notices that appear on any Software Zadara provides. Unless permitted by the terms of an open source software license, Customer may not reverse engineer, decompile or disassemble any Software Zadara provides except and to the extent that Customer is expressly permitted by applicable law to do this, and then following at least ten (10) days advance written notice to Zadara. Any additional restrictions which may apply to Software Zadara utilizes in the performance of the Services will be specified in the applicable Order.
19.2 In the event that Zadara distributes any third party or open source software to Customer as part of the Services, such open source software is subject to the terms of the applicable third party or open source license. THERE ARE NO WARRANTIES PROVIDED WITH RESPECT TO ANY third party or OPEN SOURCE SOFTWARE AND ALL IMPLIED WARRANTIES ARE DISCLAIMED. IN THE EVENT OF ANY CONFLICT BETWEEN THE TERMS HEREIN AND THE APPLICABLE OPEN SOURCE or third party LICENSE WITH RESPECT TO ANY such third party or OPEN SOURCE SOFTWARE, THE TERMS OF THE APPLICABLE third party or OPEN SOURCE LICENSE SHALL CONTROL.
- MONITORING TOOLS
Customer agrees to provide information and/or other materials related to its Applications as reasonably requested by Zadara and allow Zadara to access the Applications or crawl or otherwise monitor the external interfaces of Customer’s Applications with the Services, for the purpose of verifying Customer’s compliance with this Agreement and to allow Zadara to more efficiently manage various service issues. Customer undertakes not to block, disable or otherwise interfere with such crawling or monitoring tools.
- SERVICES PROVIDED BY THIRD PARTIES
Zadara may direct Customer to third party products or services, including availability of third party applications through deployment or implementation tools. ZADARA MAKES NO REPRESENTATION OR WARRANTY WHATSOEVER REGARDING PRODUCTS AND SERVICES THAT ARE NOT PURCHASED FROM ZADARA. Customer’s use of any such third-party products and services is governed by the terms of Customer’s agreement with the provider of those products and services.
- GENERAL PROVISIONS
22.1 Orders.If over time Customer signs multiple Orders for a single account, the terms of service incorporated in the latest Order posted on the effective date of the latest Order will govern the entire account.
22.3 Severability.If any provision of this Agreement, or a portion thereof, shall be adjudged by a court of competent jurisdiction to be unenforceable or invalid, that portion shall be eliminated or limited to the minimum extent necessary so that this Agreement shall remain in full force and effect and enforceable.
22.4 Survival.Sections 1, 8, 14, 16, 17, 15, 22.6and 22.13, and all other provisions that by their nature are intended to survive expiration or termination of the Agreement shall survive expiration or termination of the Agreement.
22.5 Modifications to the Agreement. Zadara may modify the terms and conditions contained in the Agreement and the SLA, by posting a change notice or a new agreement on https://www.zadara.com, as may be amended from time to time. The change shall come into effect 30 days following posting. If any modification is unacceptable to Customer, Customer may stop using the Services. Customer’s continued use of the Services following the posting of a change notice or new Agreement on Zadara’s website will constitute Customer’s acceptance of the change (provided that any material change to the Agreement will not apply retroactively to any event that occurred prior to the date of posting such material change).
22.6 Notices. Any required notice hereunder including notice of termination or suspension may be delivered by electronic mail, facsimile, personally or by courier, or mailed by registered or certified mail, return receipt requested, postage prepaid, to either party at the name and address on the signature page of this Agreement, or at such other address as such party may provide to the other by written notice. Such notice will be deemed to have been given on the first business day after the day of transmission if sent by electronic mail or facsimile; upon delivery if delivered personally, or by courier; or five (5) business days after it is sent by mail. All communications and notices to be made or given pursuant to this Agreement shall be in the English language.
22.7 Assignment. Customer may not assign this Agreement, in whole or in part, without the prior written consent of Zadara. Zadara may assign this Agreement in whole or in part, without consent, to an Affiliate, or as part of a corporate reorganization or a sale of its business. In order to provide the Services, Customer agrees that Zadara may use third party service providers to perform all or any part of the Services, provided it remains responsible to Customer under this Agreement for work performed by such third party. Zadara may change the service provider(s) at any time during the Customer subscription term, subject to providing Customer at least thirty (30) days prior written notice of such change in service provider prior to implementation unless such change is necessary to prevent imminent harm to Customer, Zadara, or the Services, in which case Zadara will notify Customer as soon as reasonably practicable thereafter.Any attempted assignment or delegation without such consent will be void. This Agreement will bind and inure to the benefit of each party’s successors and permitted assigns.
22.8 Force Majeure. Except for performance of a payment obligation, neither party shall be liable under this Agreement for delays, failures to perform, damages, losses or destruction, or malfunction of any equipment, or any consequence thereof, caused or occasioned by, or due to fire, earthquake, flood, water, the elements, labor disputes or shortages, utility curtailments, power failures, explosions, civil disturbances, acts of war or terror, governmental actions, shortages of equipment or supplies, unavailability of transportation, acts or omissions of third parties, or any other cause beyond its reasonable control. If the force majeure continues for more than thirty (30) calendar days, then either party may terminate the Agreement for convenience upon written notice to the other party.
22.9 Evaluation, Trial or Demonstration Services. Customer may receive from Zadara certain services for evaluation, trial or demonstration at no-cost. Customer agrees to use such services in a non-production environment. By accepting services on such a basis, Customer accept such services as is and waives all express and implied warranties and conditions and service level agreements during the Evaluation. Either Party, upon written notice to the other, may cancel the Evaluation with immediate effect. Upon termination or expiration of the Evaluation period, Customer shall either convert to a paid contract covering the use of such services or immediately terminate use of such services.
22.10 Use of Customer Name. Customer agrees that Zadara may use Customer’s name and logo in Zadara’s marketing materials and website, and identify Customer as user of the Services.
22.11 Independent Contractor.Neither party shall be deemed to be an agent of the other party, and the relationship of the parties shall be that of independent contractors. Neither party shall have any right or authority to assume any obligations, or to make any representations or warranties, whether express or implied, on behalf of the other party, or to bind the other party in any matter whatsoever.
22.12 OpaaS Services. In the event that Customer’s orders Zadara’s On Premises as a Service (“OpaaS”), the provisions of the OpaaS Addendum below will apply to such OpaaS Services in additional to the provisions of this Agreement, and the OpaaS Services shall be deemed part of the Services.
22.13 Governing Law.With respect to Orders accepted by Zadara Storage Inc., the Agreement shall be governed by the laws of the state of California, excluding any choice of law rules. The Agreement shall not be governed by the United Nations Convention on the International Sale of Goods. For any dispute arising out of or relating to this Agreement, the parties consent to personal jurisdiction in, and the exclusive venue of, the courts in California. Orders accepted by any Affiliate will be governed by the laws of the country of the Affiliate accepting the Order and the courts of that locale will have exclusive jurisdiction. However, Zadara or its Affiliates may, bring suit for payment in any country where Customer is located.
“DesignatedHardware” means the hardware specified in Customer’s Order with respect to the OpaaS Services, as updated in writing from time to time.
“Customer Site”or “Site” shall mean the Customer’s data center or premises as detailed in the Order.
“Remote Hands” shall mean the technical support to be performed by Customer’s staff, which includes diagnose, troubleshoot, installation and repair of the Designated Hardware at any time of day or night, including weekends and holidays.
22.14 The provisions of this OpaaS Addendum apply only to the OpaaS features of the Services.
22.15 OpaaS Features. OpaaS features of the Services include provision of the Services through Designated Hardware located at the Customer Site, payment of Minimum Service Fee and Minimum Subscription Period, as described below. This Agreement is a contract for services and not a sale of goods. Other than the rights specifically granted by this OpaaS Addendum, Customer has no right to the Designated Hardware or the Services. Customer shall not remove the Designated Hardware from the Customer Site.
22.16 Designated Hardware Delivery. Zadara shall ship the Designated Hardware to the Customer Site, according to the terms specified in the Order. Customer shall bear the shipping costs, insurance costs and applicable taxes. The Customer will install the Designated Hardware at the Site within one week of delivery date, at Customer’s cost. Customer will provide, at its own cost, the space and the infrastructure required for the installation of the Designated Hardware at the Customer Site, including power supply and cooling systems and all other necessary environment conditions, and including expansion of such space and infrastructure if and when needed. Customer will also provide, at its own cost, racks, networking connectivity, IP addresses, WAN communication and Remote Hands. The Designated Hardware will be used by Customer exclusively in connection with the Services, and not for any other purpose.
22.17 Security.Customer will be responsible for the physical security and the safekeeping of the Customer Site and the Designated Hardware. Whenever required by Zadara, Customer shall allow and assist Zadara’s representatives to enter the Customer Site and to inspect and handle the Designated Hardware. Customer will maintain environmental conditions for the Designated Hardware as customary and as recommended by Zadara, and will allow access to the Designated Hardware only to its trained and competent employees, who must handle the Designated Hardware according to customary practices and applicable manuals.
22.18 Title. Title in the Designated Hardware remains with Zadara at all times. Customer shall mark the Designated Hardware with appropriate legends identifying the Designated Hardware as Zadara’s property. Customer shall not remove or alter such legends or any other legends placed by Zadara. Customer shall not grant any security interest in or otherwise encumber any of the Designated Hardware, shall not cause any of the Designated Hardware, or any interest therein, to become subject to any lien, other than any lien required by Zadara. Upon request of Zadara, Customer shall execute any instrument or document required to perfect Zadara’s security interest in the Designated Hardware.
22.19 Risks of Loss. Without prejudice to the foregoing statement, as long as the Designated Hardware is at the Customer Site, Customer bears all risks of loss and damage related to or arising from the Designated Hardware, and shall indemnify Zadara for any damage or loss caused to the Designated Hardware. Customer shall insure the Designated Hardware for its full replacement value with an insurance company of repute and if required by Zadara shall provide it with an evidence of the insurance and endorsement of the interest of Zadara on such policy.
22.20 Effects of Termination. Upon termination of the Agreement the Customer shall remove the Designated Hardware from the Customer Site and return it to Zadara at its own costs, no later than 10 days of the termination date, according to shipping instructions received from Zadara. Should the Designated Hardware not be received by Zadara within 10 days, Customer shall be invoiced for the Service Fee due until the Designated Hardware is received. Customer is responsible to remove any and all Customer Data stored on the Designated Hardware, prior to shipment.
22.21 Designated Hardware Support. Customer shall ensure the ability of Zadara to remote access the Services, for the purpose of troubleshooting and management of the Services. If Zadara diagnoses a defect that requires a Designated Hardware replacement or repair, or if Customer notifies Zadara of such defect, Zadara will provide the replacement part to Customer. The Customer will provide Remote Hands services to Zadara and the actual on-site hardware replacement will be performed by Customer. The defective part will be returned to Zadara within 10 working days from the receipt of the replacement part. Zadara shall bear the shipping costs of the replacement part, provided that the defect is covered under Zadara’s support obligations, as detailed herein. Customer must provide Zadara IP connectivity. The support will be provided in English in accordance with Zadara’s then existing technical Support policy. Customer will appoint designated employees, to liaise with Zadara to provide Remote Hands support. Zadara’s support obligations are conditioned upon Customer providing Remote Hands support.
22.22 Without derogating from the above, Zadara shall not be liable for any failure or unavailability of the Services, and no SLA credits (as defined in the SLA) shall be provided, if Customer fails to provide Zadara the Remote Hands services or if Customer’s staff fails to adhere to Zadara’s instructions. The OpaaS Service does not include customization, on-site assistance/support and installation of the Designated Hardware. Support or assistance required as a result of: fault or negligence of the Customer, repairs or modifications made by parties not authorized by Zadara or causes external to the Services, may be provided by Zadara subject to additional service fee.
22.23 Payment. Customer will pay Zadara monthly fees as detailed in the Orders under Customer’s account. Customer will pay for the OpaaS Services pursuant to its actual usage, but no less than the Minimum Service Fee defined below. The OpaaS Service fee is determined by the type of engines and number of disks ordered under Customer’s account. Customer may order additional disks or upgrade engines (“Upgrade”), subject to availability and subject to acceptance of the Order in writing by Zadara. Additional charges will go into effect upon Upgrade.
22.24 Billing and Minimum Service Fee. Billing shall commence upon delivery of the Designated Hardware to the Customer and shall continue until the Designated Hardware is delivered to Zadara. If the monthly Service fee due to Zadara based on Customer’s actual usage is lower than the monthly Minimum Service Fee defined in Customer’s Order, Zadara will bill Customer the full Minimum Service Fee.
22.25 Minimum Subscription Period. The OpaaS Service requires a minimum subscription period as stated in the Order (“Minimum Subscription”). Early termination by Customer is subject to payment of the Minimum Service Fee due until the end of the Minimum Subscription period.
22.26 Survival. The following provisions of this OpaaS Addendum will survive any termination or expiration of this Agreement: Sections 22.17- 22.20 and 22.22- 22.25, as well as any provision that must survive to fulfill its essential purpose.
Download a copy of this Terms of Service.