1.    GENERAL. These General Terms and Conditions of Sale (the “Terms”) govern the sale of all Products and Services to Demandware, Inc. and/or its Affiliates (collectively, “Buyer” or “DW”) by the Supplier named in the Purchase Order (“PO”) referencing these Terms (the “Supplier”), unless Supplier and Buyer have entered into a master agreement providing otherwise. In such case, the master agreement will govern as to the terms and conditions therein, supplemented by these Terms and such PO(s) as Buyer may issue, which together shall constitute the entire agreement between the parties respecting the subject matter hereof (the “Agreement”). In the event the master agreement conflicts with these Terms or a PO, the master agreement will control, and if these Terms conflict with a PO, the PO will control. As used herein, “Affiliate” means an entity controlling, controlled by, or under common control with a party to the Agreement,  “Product” means goods, hardware and/or software, together with any support and/or maintenance related thereto and not otherwise specified in a PO or SOW, provided or to be provided by Supplier pursuant to the Agreement, and “Services” means the services provided, or contracted to be provided, and any associated deliverables (“Deliverables”), by Supplier, including without limitation services defined in a valid SOW. “SOW” or “Statement of Work” means a document signed by Buyer and Supplier that describes Services to be provided by Supplier to Buyer. “Purchase Order” or “PO” means a written purchase order issued by Buyer to Supplier referencing the Terms and specifying Products or Services to be purchased from Supplier. These Terms are subject to change from time to time in the ordinary course of Buyer’s business, but no such change will be effective retroactively.

2.    CONFIDENTIALITY AND PERSONAL DATA.  In connection with this Agreement, each party, expressly in reliance upon the promises and covenants herein contained, may disclose to the other certain “Confidential Information” (hereinafter, “CI”) including, without limitation, trade secrets and information relating to a party’s business, plans, products, or customers; information of third parties which the disclosing party is obligated to protect as confidential or proprietary, including without limitation any information related to or by which a natural person can be identified or located (“Personal Data”); and information (i) marked as “confidential” or “proprietary” or (ii) which by its nature and the circumstances of its disclosure would permit a reasonable person familiar with the parties’ businesses to conclude that the information is confidential or is treated by the disclosing party as confidential.  As between the parties, all CI disclosed hereunder is and shall remain the exclusive property of the disclosing party thereof. Each party as recipient of CI shall (a) maintain such CI as confidential; (b) not disclose any such CI to any third party; (c) use at least the same degree of care to protect such CI from unauthorized use, access, or disclosure as it uses to protect its own information of like kind, but in no case using than reasonable care; (d) not use any such CI other than as necessary in connection with this Agreement or the performance of its obligations hereunder.  CI does not include information a recipient can show is (1) in the public domain other than by breach hereof, (2) received from a third party with no duty of confidentiality, or (3) developed by or for recipient without use of or access to disclosing party CI. The obligations under this paragraph shall survive termination or expiration of this Agreement or any PO. If Supplier will store or process any Personal Data, Exhibit A (the “Demandware Personal Data Protection Document”) will apply to such use, storage or processing of such Personal Data.

3.    QUOTATIONS; ORDERS; ACKNOWLEDGMENTS.  Supplier’s written price quotations are valid for the greater of ninety (90) days or the length of time, if any, indicated on the quotation.  All orders and invoices for Products and/or Services must reference Buyer's applicable PO. Should the terms of any proposal, quotation, SOW, sales order, work order, order form, acknowledgment, or other Supplier document (each, a “Supplier Document”) add to or conflict with these Terms, these Terms shall govern, unless the Supplier Document (a) is signed by an authorized signatory of each party, (b) specifically identifies the conflicting term herein, and (c) expressly states that the term in the Supplier Document supersedes or adds to such identified term herein.  

4.    SERVICES.  Sales of Services require a an SOW which shall be governed by these Terms. Supplier warrants that the Services and Products will not infringe any Intellectual Property rights of any third party, and that the Services will be performed in a workmanlike manner and Services and Products will conform to all specifications provided to or required by Buyer. “Intellectual Property” or “IP” means all rights in patents, copyrights, moral rights, trade secrets, mask works, trademarks, service marks and any other rights in intellectual property. Supplier shall defend, indemnify, and hold harmless Buyer and its Authorized Users from and against any action brought against any such person alleging that any Services infringe on a patent, copyright, trademark or other IP right of any third party. “Authorized Users” means Buyer, its Affiliates, and its and their respective joint venturers, employees, agents, consultants, contractors and service companies.

5.    SUPPLIER PERSONNEL. All workers employed or contracted by or through Supplier or its Contractors for the provision of Services and/or deliverables to Buyer hereunder (collectively, “Personnel”) shall be subject to the direction, supervision, and control of Supplier. “Contractor” means any and all third parties that have direct or indirect contracts with Supplier to perform any portion of the Services under an SOW or otherwise under the Agreement. Supplier shall not use Contractors or otherwise delegate any of its obligations under the Agreement without the prior written approval of Buyer. Supplier by written agreement shall impose on its Contractors the same obligations imposed upon Supplier under the Agreement as applicable to such Services, including without limitation those relating to safety, security, confidentiality, Personal Data, compliance with laws, insurance, Employer Obligations, and indemnification, and Buyer shall be an intended third party beneficiary of each such agreement. Supplier shall be responsible and liable for all acts and omissions of itself, its Contractors, and its and their Personnel. 

Supplier will act solely as an independent contractor. Nothing contained herein will be construed to create any relationship of principal and agent, employer and employee, partners or joint venturers between Buyer and (a) Supplier, (b) any Contractors, or (c) Personnel. Supplier will be fully responsible for the acts and safety of Personnel while rendering Services to or for Buyer. Supplier shall set and enforce effective disciplinary and safety policies related thereto and shall ensure that all Personnel comply with all applicable provisions of the Agreement. Supplier represents and warrants that it will (i) provide for and pay the compensation of Personnel, (ii) withhold and remit all sums related thereto as may be legally required, including without limitation payment of all taxes, contributions, and benefits (such as, but not limited to, workers’ compensation benefits), and (iii) perform all tasks which an employer is required, whether by statute, regulation, or otherwise, to perform relating to the employment of employees or the keeping of records related thereto (collectively, the “Employer Obligations”). 

6.    ACCEPTANCE. Criteria for Buyer’s acceptance of any Services shall be addressed in the corresponding SOW and relevant change orders, if any. Buyer shall not be obligated to pay for any Services or Products prior to acceptance, but if Buyer does so elect, such payment shall not constitute acceptance by Buyer.
7.    INTELLECTUAL PROPERTY RIGHTS. Each Party will retain all right, title, and interest in and to its own IP irrespective of any disclosure of such IP to the other party, subject to any licenses granted pursuant hereto. 

Supplier will not incorporate any existing Supplier or third party IP or materials (together, “Incorporated Items”), including Open Source software or freeware, into any Deliverable unless (i) Supplier clearly identifies the specific elements of the Deliverable to contain the Incorporated Items in the SOW, (ii) Supplier identifies the corresponding third party licenses and any restrictions on use thereof in the SOW, (iii) approval is given by Buyer as evidenced by a signed SOW which conditions approval in the case of Open Source materials upon compliance with Buyer’s applicable Open Source review processes. As used herein, “Open Source” means any software having license terms that require, as a condition of use, modification, or distribution of the software that such software or other software combined or distributed with such software be (i) disclosed or distributed in source code form, (ii) licensed for the purpose of making derivative works, and (iii) redistributable at no charge. 

To the extent Supplier includes or incorporates any Supplier Incorporated Items into a Deliverable, Supplier without any additional cost or charge to Buyer grants Buyer a non-exclusive, royalty-free, worldwide, perpetual and irrevocable license in such Supplier Incorporated Items; such license shall include the right to make, have made, sell, use, reproduce, modify, adapt, display, distribute, make other versions of and disclose such Supplier Incorporated Items and to sublicense others to do these things, and such license shall be in addition to any other rights Supplier may grant to Buyer. 

To the extent Supplier includes or incorporates any third party Incorporated Items into a Deliverable, Supplier at its sole cost and expense shall procure for Buyer a non-exclusive, royalty-free, worldwide, perpetual and irrevocable license in such third party Incorporated Items; such license shall include the right to make, have made, sell, use, reproduce, modify, adapt, display, distribute, make other versions of and disclose such third party Incorporated Items and to sublicense others to do these things, and such license shall be in addition to any other rights Supplier may grant to Buyer. Supplier represents and warrants that Supplier has complied and shall continue to comply with all third party licenses (including all Open Source licenses) associated with any software components that will be included in the Deliverables or any other materials supplied by Supplier. Supplier shall indemnify Buyer against any losses and liability incurred by Buyer and Buyer’s Customers and End Users due to failure of Supplier to meet any of the requirements in any of the third party licenses.

All Deliverables and all IP Rights pertaining thereto will belong to Buyer, and Supplier hereby assigns such rights to Buyer, except Supplier’s rights in its Materials which are subject to the license granted in the foregoing paragraph. Supplier agrees that Buyer will own all patents, inventor’s certificates, utility models or other rights, copyrights or trade secrets covering the Deliverables and will have full rights to use the Deliverables without claim on the part of Supplier for additional compensation and without challenge, opposition or interference by Supplier. Supplier will sign any necessary documents and will otherwise assist Buyer, at Buyer’s expense, in securing, maintaining and defending copyrights or other rights to protect the Deliverables and perfect Buyer’s ownership and interest therein in any country. Supplier, its agents, employees, and Contractors shall deliver the Deliverables to Buyer upon the earlier of the expiration/termination of the SOW or Buyer’s request. 

8.    SOFTWARE.  When the sale of a Product includes or involves Supplier Software, Supplier sells and transfers to Buyer only the rights to use the Supplier Software (the “Software License”) and not ownership of the Supplier Software. “Supplier Software” means Supplier’s software program(s), in object code only, but including software as a service (“SAAS”), in all available versions, platforms, languages, and all associated documentation, bug fixes, updates, upgrades or new versions thereof provided, or required to be provided, to Buyer by Supplier, and/or software otherwise developed, authored, prepared by or in which Supplier or its Affiliates claim ownership or a proprietary interest, including any extracts from or derivative works of such programs, or collective works. As used herein, the term “Software License” includes SAAS subscriptions.  When the sale of a Product includes or involves software (other than Supplier Software), firmware or similar code or instructions, such sale includes all of the rights and licenses necessary to use the Product for its intended purpose (the “Firmware License”). Notwithstanding any provision in any license, license agreement, or other Supplier document, the following provisions shall apply to each Software License and Firmware License.

Except as provided below or as expressly provided to the contrary in a writing by Supplier, Supplier disclaims all warranties of fitness for a particular purpose and implied warranties of merchantability for the Supplier Software, the website, if any, used to distribute or host the Supplier Software (the “Site”), and the materials and user content contained therein or provided in connection therewith (the “Materials”). The Supplier Software, the Site, and the Materials are referred to collectively as the “Licensed Resources”. Supplier warrants that the Supplier Software and the Site will function in accordance with its documentation as provided to Buyer and the service level agreement (“SLA”), if any, incorporated into any PO. Supplier represents that to the best of its knowledge and information, the Licensed Resources are free of viruses, worms, and other harmful components. Supplier warrants and represents that it has the legal authority to grant the Software License to Buyer, and that the Licensed Resources and Buyer’s use thereof as permitted hereunder do not and will not infringe any patent, copyright or trademark of any third party. Supplier shall timely notify Buyer in writing if it becomes aware of any circumstance in which the foregoing warranties or representations are not, or cease to be, fully accurate and true.

Buyer may terminate any Software License within ninety (90) days of commencement thereof or any modification of the Licensed Resources and receive a prorated refund of all sums paid therefor. Upon termination of any Software License for any reason, Supplier shall retain and make available any information Buyer has stored on the Site or otherwise within or by means of the Supplier Software for no less than sixty (60) days and shall assist Buyer and use all reasonable means to enable Buyer to retrieve such information timely and efficiently. Supplier shall comply with Buyer’s reasonable directions regarding deletion and destruction of Buyer’s data and information, and shall certify such compliance within thirty (30) days of receipt thereof in a writing signed by an authorized officer of Supplier.

9.    BACK-UP, ARCHIVE, FAILOVER AND TRANSFER. Buyer may, at no additional charge make copies or adaptations of the Licensed Resources for archival and back-up purposes. Buyer shall have the right, at no additional charge, to maintain a failover copy of any Licensed Resources on one or more redundant computer systems. Such failover Licensed Resources shall be available to immediately initiate a process or application in the event that the primary computer system fails for any reason. 

10.    SECURITY. If Supplier becomes aware of any unauthorized access to, material unauthorized attempt to access, or any unauthorized use or disclosure of, any Buyer or End User data (a "Security Breach"), Supplier shall notify Buyer in writing within twenty-four (24) hours. Promptly following Supplier's notification to Buyer of a Security Breach, the parties shall coordinate with each other to investigate, prevent, contain, and mitigate the impact of the Security Breach.  Supplier shall not inform any third party of any Security Breach without first obtaining Buyer’s prior written consent, except as required under law in which case Supplier shall notify Buyer in writing about this disclosure. Buyer shall have the right to determine: (i) whether notice of the Security Breach is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies or others as required by law or regulation, or otherwise in Buyer’s discretion; and (ii) the contents of such notice, whether any type of remediation may be offered to affected persons, and the nature and extent of any such remediation.

Supplier shall perform vulnerability scans of its systems at least annually, unless Buyer requires more frequent scans. If and when a security vulnerability within the Licensed Resources or otherwise within Supplier’s software infrastructure (collectively, the “Software Infrastructure”) is found, Supplier shall notify Buyer within seven (7) days, and shall remediate findings using a risk based approach in a timely manner. Supplier shall, upon Buyer’s request, timely provide to Buyer’s reasonable satisfaction a generally accepted security certification (such as ISO 27001, satisfactory SOC2 Type II report with at least 3 Trust Service Principals, etc.) that is no older than 1 year. Supplier will, on an annual basis and after a Security Breach, respond in a timely manner to reasonable audit requests from Buyer and provide answers to Buyer’s security questionnaires or other reasonable inquiries about Supplier’s security. Supplier’s failure to comply with the provisions of this paragraph shall constitute a material breach hereof.

11.    EXTENSION OF LICENSE TO BUYER’S END USERS. For purposes of this Agreement, Buyer shall be empowered (a) to use the Licensed Resources for itself, its Authorized Users, and such of Buyer’s Customers, or its or their respective personnel (each, an “End User” and, collectively, the “End Users”) as Buyer may from time to time choose or designate and (b) to confer to End Users the limited right to access the Licensed Resources through Buyer’s platform or systems, whether as an integration or otherwise, but not as a standalone offering competitive with Supplier’s offering.

12.    IP INDEMNITY. Supplier, at its own expense, shall indemnify, defend and hold harmless Buyer and End Users and their independent contractors, service providers and consultants, and their respective directors, employees and agents from and against any action brought against any such person alleging that a Licensed Resource infringes a patent, copyright, trademark or other intellectual property right of any third party. 

13.    PAYMENT.  Invoices are due and payable net thirty (30) days from receipt of invoice.  Buyer’s outstanding unpaid balances shall be subject to a maximum finance charge of 1/2% per month (or such lower rate as may be the maximum permitted by law).  Payments received from Buyer shall be applied by Supplier as Buyer may direct. Buyer may set off any amounts due to Buyer from Supplier against any of Supplier’s invoices.  

14.    WARRANTY EXTENSIONS.  To the extent that Supplier acts as a reseller of Products or Services made, manufactured, supplied or otherwise originated by, or otherwise obtained from a third party (the “Supplier”), Supplier shall transfer, assign and  “pass through” to Buyer (a) any transferable warranty made to Supplier by Supplier to the extent transferable and permitted by law and (b) entitlement or benefit of indemnification to which Supplier is entitled with respect to any IP Claims asserted against Buyer which arise in any way from Products or Services sold pursuant to this Agreement. Buyer shall be entitled to bring actions against the Supplier as well as the Supplier for all claims arising from breach of Supplier’s applicable warranty for Products and Services.  

15.    TERMINATION. Either party may terminate any SOW and/or PO upon fourteen (14) days’ advance written notice of the other party’s (a) breach thereof, (b) breach of this Agreement, or (c) breach of applicable law,  if such breach is susceptible of being cured and is not cured within such fourteen (14) day period. If such breach involves (i) criminal activity by the breaching party, (ii) unauthorized use or disclosure of CI, or if such breach is not susceptible of being cured, then no advance notice is required for termination. Buyer reserves the right to terminate the Agreement or any SOW or PO, in whole or in part, without liability at any time, without cause, upon thirty (30) days prior written notice to Supplier. Upon termination of any SOW, Supplier will immediately provide Buyer with any and all work in progress or completed prior to the termination date. Buyer’s sole obligation to Supplier resulting from such termination is to pay Supplier an equitable amount for the partially completed work in progress and the agreed price for the completed Services or other Deliverables provided and accepted prior to the date of termination. Upon termination of the Agreement or an SOW, or completion of Supplier’s performance under an SOW, whichever occurs first, Supplier shall promptly return to the owner thereof all CI, materials and/or tools provided to Supplier.

16.    COMPLIANCE WITH APPLICABLE LAW. Supplier warrants that it will comply with all applicable law in its performance under the Agreement. Buyer agrees that its conduct and use or resale of Products sold by Supplier shall be in compliance with all applicable laws.  Buyer may monitor, but will not be responsible for monitoring, compliance with any applicable laws by Supplier or its Contractors. Each party shall comply with all U.S. export, import and antiboycott laws and with the United States Foreign Corrupt Practices Act.  

17.    INDEMNITY. In addition to any other obligations stated herein, Supplier at its own expense will indemnify, defend and hold harmless Buyer and End Users and their independent contractors, service providers and consultants, and their respective directors, employees and agents from and against any action brought against any such person (a) for personal injury or death arising out of Supplier’s or its Contractor’s acts or omissions, (b) arising out of any data security breach, or (c) arising out of any breach of this Agreement or any alleged violation of law by Supplier or its Contractors.

18.    NOTICES. All notices required or permitted under the Agreement must be in writing and sent to the recipient’s address of record. For Supplier, this is the address as specified in the PO, and for Buyer, it is as follows: Demandware, Inc., Attn: General Counsel, 5 Wall Street, Burlington, MA 01803 USA, or as either party may subsequently notify the other as provided herein. Any such notice may be delivered by hand, overnight courier, or first class pre-paid letter, and will be deemed received upon the earlier of (a) actual receipt, (b) 24 hours after delivery to an overnight courier with evidence of delivery from the courier, or (c) three (3) business days after the date of mailing.

19.    DISPUTES.  This Agreement shall be governed by and interpreted and construed in accordance with the laws of the state of New York without regard for its rules or laws regarding choice or conflicts of laws. Any litigation arising from, concerning or otherwise in connection with this Agreement, the performance or breach hereof, or any Products and/or Services purchased or sold hereunder shall be resolved in the state or federal courts said state. The parties expressly waive their right to trial by jury for all such litigation. 

20.    MISCELLANEOUS.  All agreements, covenants, conditions and provisions contained herein shall apply to and bind the assignees and successors in interest of Supplier and Buyer.  The waiver by either party of any breach or default shall not be deemed to be a waiver of any later breach or default.  The exercise or failure to exercise any remedy shall not preclude the exercise of that remedy at another time or of any other remedy at any time.  If any provision or portion of this Agreement is held to be invalid, illegal, unconscionable or unenforceable, the other provisions and portions shall not be affected.  The headings are used for the convenience of the parties only and shall not affect the construction or interpretation of this Agreement.  This Agreement shall not be governed by the UN Convention on the International Sale of Goods.

Supplier shall procure the insurance coverage specified below and shall maintain all such coverage in effect during the term of this Agreement and, with respect to any coverage that is issued on a claims-made basis, for a period of not less than five (5) years following the expiration or termination of this Agreement.  Each insurer must be rated by A.M. Best Company as “A VIII” or better, and must be otherwise acceptable to Buyer and licensed to do business in all jurisdictions where the Products are made or Services are performed. Neither this paragraph nor the provision of the insurance required hereunder shall serve to limit Supplier’s indemnification obligations or other liability under this Agreement. 

For orders involving only Products: 
Commercial General Liability: $2,000,000 combined single limit each occurrence and $2,000,000 annual aggregate.

For orders involving Services:
Statutory Workers Compensation, as required by applicable law;
Employer’s Liability:  $2,000,000 combined single limit each occurrence;
Errors & Omissions/Professional Liability: $1,000,000 per claim and $1,000,000 annual aggregate  
Commercial General Liability: $2,000,000 combined single limit each occurrence and $2,000,000 annual aggregate;
Commercial Automobile Insurance (including owned, leased, hired or non-owned vehicles):  $1,000,000 combined single limit each occurrence; and
Crime/Fidelity Bond:  $1,000,000 per claim and $5,000,000 annual aggregate, 

together with such other coverage Supplier may be required to maintain pursuant to applicable laws and regulations.

Supplier shall cause Buyer to be named as an additional insured under the required coverage described above for any claims, liability and losses actually or allegedly arising out of or in connection with the Services. Supplier agrees to waive, and to cause its insurers to waive, any right of subrogation against Buyer for any claims arising out of death or injury to Supplier’s personnel or Contractors, or for damage to or loss of Supplier’s property or its Contractors, arising out of or in connection with Supplier’s performance of the Services.  Prior to commencing Services or accepting any order for Products (or as otherwise agreed by Buyer) and, at a minimum, annually thereafter, upon the written request of Buyer, Supplier shall furnish one or more certificates from each insurer evidencing that the coverage required by this section is in full force and effect in compliance with the provisions hereof.  Each such certificate shall state that such coverage shall not be canceled until the expiration of at least thirty (30) days after written notice of such cancellation has been received by Buyer.  Supplier shall ensure that such certificates are accurate in all material respects prior to submitting them to Buyer and shall obtain any endorsements from the applicable insurers as they may require in order to extend such coverages to Buyer as required herein.  

22.    ENTIRE AGREEMENT.  This Agreement together with all Exhibits hereto is the entire agreement between the parties concerning the subject matter hereof and replaces and as of the effective date supersedes any prior or contemporary agreement between the parties concerning such subject matter. Any amendment, waiver or other alteration of this Agreement by a party shall be effective only if made in a writing signed by a designated officer or director of both parties. 



1.1    Definition of Buyer Personal Data. “Buyer Personal Data” shall mean Personal Data made available to Supplier for processing on behalf of Buyer pursuant to the Agreement. 

1.2    Processing and use of Buyer Personal Data

(a)    Supplier shall process and use Buyer Personal Data solely to perform its obligations under the Agreement. Supplier shall strictly limit the disclosure of Buyer Personal Data to only those Supplier employees who need-to-know and only to the extent necessary for the performance of such obligations. Supplier shall ensure that its employees processing Buyer Personal Data have received timely and appropriate privacy training from the Supplier, and are bound by confidentiality obligations not less restrictive than those contained in the Agreement. Supplier may not sell, rent or lease Buyer Personal Data to anyone.

(b)    Supplier may not enter into subcontracting agreements with third parties or transfer Buyer Personal Data to another country without the express, written consent of Buyer. In the event Supplier is authorized by Buyer to contract any services involving collecting, using, storing, transferring and/or otherwise processing Buyer Personal Data, such Contractor shall agree to protect and process the Buyer Personal Data under terms no less restrictive than those contained in the Agreement. Furthermore, Buyer reserves the right, at its sole option, to enter into additional confidentiality agreements directly with such Contractors in order to ensure adequate protection of Buyer Personal Data or comply with any applicable law.

1.3    Additional Supplier Obligations.

(a)    In connection with protecting, collecting, storing, transferring and otherwise processing of Buyer Personal Data, Supplier agrees to act in accordance with the requirements of the Agreement or other written instructions provided by Buyer.

(b)    Supplier agrees not to copy or reproduce any Buyer Personal Data without the express written permission of Buyer, except as technically necessary to comply with the Agreement (e.g., data backup for business continuity and disaster recovery).

(c)    Supplier agrees to immediately notify Buyer by telephone and email if it becomes aware of any actual, suspected or alleged unauthorized use of, disclosure of, or access to Buyer Personal Data by itself or others, including notification of loss or suspected loss of data whether or not such data has been encrypted. Supplier will cooperate with Buyer in the manner reasonably requested by Buyer and in accordance with applicable law, including but not limited to: conducting the investigation; cooperating with authorities; notifying affected persons at Supplier’s sole expense, credit bureaus, other persons or entities deemed appropriate by Buyer; and issuing press releases. Such cooperation will include without limitation: (i) Buyer access to applicable Supplier records and facilities; (ii) Supplier provision of all relevant data and reports to Buyer; and (iii) prior advance approval by Buyer of any notifications to impacted individuals, government agencies, or media.

(d)    Supplier agrees to inform Buyer promptly in writing if Supplier believes that any instruction from Buyer violates applicable law.

(e)    When collecting, using, storing, transferring and otherwise processing Buyer Personal Data, Supplier shall adhere to all applicable import/export and personal data protection laws, regulations and rules.

(f)    Supplier shall process any Buyer Personal Data in a manner consistent with the then current policy or guidance of Buyer, as Buyer may make available to Supplier from time to time. 

1.4    Security Measures.

(a)    Supplier shall use at least the same degree of care to prevent unauthorized use, dissemination or publication of Buyer Personal Data as its uses to protect its own information of similar nature, but in no case less than reasonable care.

(b)    Supplier shall implement reasonable and appropriate technical and organizational measures to protect Buyer Personal Data as required by law and by applicable Buyer policies and procedures, as Buyer may make available to Supplier from time to time.
(c)    Supplier agrees to implement appropriate technical and organizational measures to protect Buyer Personal Data against (i) accidental or unlawful destruction or loss, (ii) unauthorized disclosure or access, in particular where processing involves the transmission of Buyer Personal Data over a network, (iii) alteration, and (iv) all other unlawful forms of processing.

(d)    Supplier agrees to implement appropriate procedures to ensure that (i) unauthorized persons will not have access to the data processing equipment used to process Buyer Personal Data, (ii) any persons it authorizes to have access to Buyer Personal Data will respect and maintain the confidentiality and security of the Personal Data, and (iii) the measures and procedures that it uses will be sufficient to comply with all applicable legal requirements.

1.5    Records. 

(a)    Upon request by Buyer or upon termination of the Agreement, Supplier shall deliver to Buyer any Buyer Personal Data in its possession and destroy any copies of Buyer Personal Data in the Supplier’s files to the extent technically possible, unless otherwise required under operation of law.

(b)    In the event Buyer reasonably believes that there is any actual or suspected breach of contract, and upon reasonable notice and during mutually agreed upon time and place, Supplier agrees to submit its data processing facilities, data files and documentation relating to the Agreement to auditing by Buyer (or a duly qualified independent auditor or inspection authority selected by Buyer for such purpose and not reasonably objected to by the Supplier) to ascertain compliance with the Agreement. If a material breach is found, Supplier shall reimburse Buyer for the fees and costs associated with the audit.

1.6    Liability. Supplier will indemnify and hold Buyer harmless from any cost, charge, damages, expense or loss resulting from the breach of this Section 5 (Personal Data Protection and Use) by Supplier or for any processing or act pertaining to Buyer Personal Data, which is in contravention of applicable laws by Supplier

1.7    Disclaimers. 

(a)    Nothing in the Agreement shall be construed as an obligation (i) to disclose any particular information, (ii) to incorporate any disclosed information into a product, or (iii) to warrant the accuracy or completeness of any information disclosed hereunder.

(b)    Notwithstanding the foregoing, nothing in the Agreement will be construed as an exclusion of any laws, regulations or rules pertaining to protection of personal data or export regulations that may be applicable to the services provided by Supplier under the Agreement and that must be observed by Supplier.

1.8.    General. Capitalized terms used but not defined in this Exhibit A shall have the meaning ascribed to such terms in the Agreement.