Signority Terms of Service

This Signority Cloud Platform License Agreement (the “Agreement”) is made and entered into by and between Signority and the entity or person agreeing to these terms (“Customer”).

This Agreement is effective as of the date Customer clicks to accept the Agreement (the “Effective Date”). If you are accepting on behalf of Customer, you represent and warrant that: (i) you have full legal authority to bind Customer to this Agreement; (ii) you have read and understand this Agreement; and (iii) you agree, on behalf of Customer, to this Agreement. If you do not have the legal authority to bind Customer, please do not click to accept. This Agreement governs Customer’s access to and use of the Service.

1. Definitions.

“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control”, for purposes of this Agreement, means direct or indirect ownership or control of more than fifty percent (50%) of the voting interests of the subject entity.

“Customer Data” means all electronic data or information submitted by Customer to the Service.

“Service Fees” means the monthly or annually or other specific period per User per Service fees (as specified on the Pricing page of the Signority website) payable by Customer to Service Provider for the right to receive and provide access to the Service to Users.

“Order Form” means the ordering documents for Customer’s purchases from Service Provider that are executed hereunder by the parties from time to time. Order Forms shall be deemed incorporated into this Agreement.

“Service” means the online, Web-based application for Signority electronic signature workflow provided by Service Provider via www.signority.com and/or other designated websites, including associated offline components, [as described by the User Guide].

“Term” has the meaning ascribed to that term in Section 10.1.

“User” means an individual who prepares and transmits documents for signatures for whom Customer has purchased a subscription or multiple subscriptions to entitle Customer to make the Service available to Users.

“User Guide” means the online user guide for the Service, accessible at www.signority.com, as updated by Service Provider from time to time.

2. Grant of License.

2.1 Provision of Service.

Conditioned on the provisions in this Section 2 and the other terms and conditions of this Agreement and payment of the applicable fees, Service Provider shall make the Service available to Customer during the Term for the purpose of allowing Customer to use the Service internally for Users for whom subscriptions have been purchased. Customer shall not use the Service for any other purposes.

2.2 User Subscriptions.

User subscriptions are for designated Users and cannot be shared or used by more than one User.

2.3 Customer Affiliates.

Customer Affiliates may use the Service and may purchase User subscriptions subject to the terms of this Agreement by executing Order Forms hereunder. Customer shall cause each Customer Affiliate to comply with the terms and conditions of this Agreement to the full extent as if such Affiliate were a party hereto, and any act or omission relating to this Agreement by such Customer Affiliate shall be deemed an act or omission of Customer. In addition, each party may use one or more Affiliates to perform its obligations under this Agreement, provided that such use shall not affect such party’s obligations hereunder and any act or omission by such Affiliate relating to this Agreement shall be deemed an act or omission of such party.

3. Use of the Service.

3.1 Service Provider Responsibilities.

Service Provider shall: (i) maintain the security and integrity of the Service and the Customer Data; (ii) provide basic support to Customer at no additional charge; and (iii) use commercially reasonable efforts to make the Service available twenty-four (24) hours a day, seven (7) days a week, except for: (a) planned downtime (of which Service Provider shall give at least forty-eight (48) hours’ notice via the Service; or (b) any unavailability caused by circumstances beyond Service Provider’s reasonable control, including without limitation, acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (other than those involving Service Provider employees), computer, telecommunications, Internet service provider or hosting facility failures or delays involving hardware, software or power systems not within Service Provider’s possession or reasonable control, and denial of service attacks.

3.2 Customer Responsibilities.

Customer shall: (i) have sole responsibility for the accuracy, quality, integrity, legality, reliability and appropriateness of all Customer Data; (ii) use commercially reasonable efforts to prevent unauthorized access to or use of the Service and notify Service Provider promptly of any such unauthorized access or use; and (iii) comply with all applicable local, provincial, state, federal and foreign laws in using the Service.

3.3 Fair Dealings Policy.

If applicable, Signority’s “Fair Dealings” policy states that if for any given thirty 30 day period, your use of server space exceeds the allowed amount of server storage capacity as advertised for your specific Service Plan, you will be found to be in violation of your policy. If you are found to be in violation of this policy, you will be issued a warning by Signority. From the time the warning is issued, you will have fourteen 14 days to comply with the policy. If after this 14 days period you remain in violation of the Agreement or any other conditions imposed by Signority, your account will be suspended until you have taken some action to reactivate. Server space shall be defined as total bytes stored on our servers by you through the use of the Application. Servers other than those owned and/or operated by Signority may be used by you to store documents processed by the Application, in which case the server space used by these external servers shall not be calculated for the purposes of this Fair Dealings Policy. Any violation of Signority’s Fair Dealings Policy may subject your account to a more limited functionality, or in the case of concerns about abuse, may also subject your account to termination or deactivation. Any failure by Signority to enforce this Policy does not constitute a waiver of Signority’s right to enforce past or current violations at any time in the future.

3.4 Use Guidelines.

Customer shall not: (i) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Service available to any third party, other than as contemplated by this Agreement; (ii) use the Service to send spam or otherwise duplicative or unsolicited messages in violation of applicable laws; (iii) use the Service to send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material, including material that is harmful to children or violates third-party privacy or publicity rights; (iv) use the Service to send or store Malicious Code; (v) interfere with or disrupt the integrity or performance of the Service or the data contained therein; or (vi) attempt to gain unauthorized access to the Service or its related systems or networks.

3.5 Incremental Services.

From time to time, certain additional Service Provider or third-party functionality (such functionality being deemed not to be part of the Service) may be made available by Service Provider to Customer (in the case of third-party functionality, such functionality being made available on a pass-through basis pursuant to terms specified by the third-party provider of such functionality), and which additional functionality may be purchased by Customer for additional fees in accordance with such terms and conditions as may be applicable to such additional functionality (such terms and conditions prevailing in the event of any inconsistency with the terms and conditions of this Agreement)

3.6 Publicity.

Neither party may issue press releases relating to this Agreement without the other party’s prior written consent, such consent not to be unreasonably withheld. Each party may include the name and logo of the other party in lists of customers or vendors in accordance with the other party’s standard trademark guidelines.

4. Fees & Payment.

4.1 Fees.

In consideration for the receipt of the Service, Customer shall pay Service Provider the Service Fees, all as specified on the Pricing page of the Signority website and in any subsequent Order Forms submitted pursuant to this Agreement. All amounts are payable in U.S. or equivalent Canadian dollars. Except as otherwise specified herein or in an Order Form, fees are based on services purchased and not actual usage, payment obligations are non-cancelable, fees paid are non-refundable, and a subscription cannot be terminated during the relevant subscription term stated in the applicable Order Form. Because fees are based on monthly units, fees for subscriptions purchased in the middle of a monthly period will be charged for that monthly period in full.

4.2 New, Legacy, and Obsolete Price Plans.

At any time during the Term of this Agreement, Signority may launch new price plans. Plans of a given duration (whether monthly or yearly), will be honored. Should your legacy plan be discontinued, you will be informed thirty (30) days in advance of the expiry of your current plan, by sending an email to your billing administrator’s email account. Customers that fail to respond will be automatically move to a new plan that is a close equivalent or their legacy plan based on the history of services usage. It is customer’s responsibility to keep the billing administrator’s email address up to date. Signority will not refund subscription fees.

4.3 Invoicing & Payment.

Fees for the Service will be invoiced on an annual basis for enterprise customers. Unless otherwise stated in an invoice, charges are due net seven (7) days from the invoice date. Customer is responsible for maintaining complete and accurate billing and contact information on the Service.

4.4 Overdue Payments.

Any payment not received from Customer by the due date may accrue (except with respect to charges then under reasonable and good faith dispute), at Service Provider’ discretion, late charges at the rate of 1.5% of the outstanding balance per month (19.57% per annum), or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid.

4.5 Taxes.

Unless otherwise stated, Service Provider’ fees do not include any direct or indirect local, state, provincial, federal or foreign taxes, levies, duties or similar governmental assessments of any nature, including value-added, goods and services, harmonized, use or withholding taxes (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder, excluding taxes based on Service Provider’ net income or property. If Service Provider has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, the appropriate amount shall be invoiced to and paid by Customer, unless Customer provides Service Provider with a valid tax exemption certificate authorized by the appropriate taxing authority.

4.6 Audit Rights.

Service Provider shall have the right to use the capabilities of the Service to confirm the number of Users being managed by the Service and Customer’s compliance with this Agreement.

4.7 Suspension of Service.

If Customer’s account is seven (7) days or more overdue (except with respect to charges then under reasonable and good faith dispute), in addition to any of its other rights or remedies, Service Provider reserves the right to suspend the Service provided to Customer, without liability to Customer, until such amounts are paid in full.

5. Proprietary Rights.

5.1 Reservation of Rights.

Subject to the limited rights expressly granted hereunder, Service Provider reserves all rights, title and interest in and to the Service, including all related intellectual property rights. No rights are granted to Customer hereunder other than as expressly set forth herein.

5.2 Restrictions.

Customer shall not (and shall not allow any third party to): (a) modify, translate, reverse engineer, decompile, disassemble, or create derivative works based on the Service except to the extent that enforcement is prohibited by applicable law notwithstanding a contractual provision to the contrary; (b) circumvent any user limits or other timing or use restrictions that are built into the Service; (c) remove any proprietary notices, labels, or marks from the Service or User Guide; (d) frame or mirror any content forming part of the Service; (e) access the Service in order to (i) build a competitive product or service, or (ii) copy any ideas, features, functions or graphics of the Service.

5.3 Customer Data.

As between Service Provider and Customer, Customer exclusively owns all rights, title and interest in and to all Customer Data. Customer Data is deemed Confidential Information under this Agreement. Service Provider shall not access Customer’s User accounts, including Customer Data, except to respond to service or technical problems or at Customer’s request or as necessary for the operation of the Service or billing. Customer Data must be returned to the customer immediately upon request or when the contract ends, whichever occurs first.

5.4 Suggestions.

Service Provider shall have a royalty-free, worldwide, transferable, sublicenseable, irrevocable, perpetual, unrestricted license to use and/or incorporate into the Service any suggestions, enhancement requests, recommendations or other feedback provided by Customer or its Users relating to the operation of the Service.

6. Confidentiality and Personal Information.

6.1 Definition of Confidential Information.

As used herein,“Confidential Information” means all confidential and proprietary information of a party (the “Disclosing Party”) disclosed to the other party (the “Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including the terms and conditions of this Agreement, the Customer Data, the Service, business and marketing plans, technology and technical information, product designs, and business processes. Confidential Information shall not include any information that: (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party; (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (iii) was independently developed by the Receiving Party without breach of any obligation owed to the Disclosing Party; or (iv) is received from a third party without breach of any obligation owed to the Disclosing Party.

6.2 Confidentiality.

The Receiving Party shall not disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, except with the Disclosing Party’s prior written permission.

6.3 Protection.

Each party agrees to protect the confidentiality of the Confidential Information of the other party in the same manner that it protects the confidentiality of its own proprietary and confidential information of like kind (but in no event using less than reasonable care).

6.4 Compelled Disclosure.

If the Receiving Party is compelled by law to disclose Confidential Information of the Disclosing Party, it shall provide the Disclosing Party with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure.

6.5 Remedies.

If the Receiving Party discloses or uses (or threatens to disclose or use) any Confidential Information of the Disclosing Party in breach of the confidentiality requirements in this Agreement, the Disclosing Party shall have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts, it being specifically acknowledged by the parties that any other available remedies may be inadequate.

6.6 Security of Personal Information.

The provisions regarding security of personal information are attached hereto as Schedule C.

7. Warranties & Disclaimers.

7.1 Warranties.

Each party represents and warrants that it has the legal power to enter into this Agreement. Service Provider represents and warrants that it will provide the Service in a manner consistent with general industry standards reasonably applicable to the provision thereof.

7.2 Disclaimer.

EXCEPT AS EXPRESSLY PROVIDED HEREIN, SERVICE PROVIDER MAKES NO REPRESENTATIONS AND PROVIDES NO WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED REPRESENTATIONS, WARRANTIES AND/OR CONDITIONS, INCLUDING ANY REPRESENTATIONS, WARRANTIES AND/OR CONDITIONS OF MERCHANTABILITY, MERCHANTABLE QUALITY, DURABILITY, TITLE, NON-INFRINGEMENT, SATISFACTORY QUALITY OR FITNESS FOR A PARTICULAR PURPOSE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.

8. Mutual Indemnification.

8.1 Indemnification by Service Provider.

Subject to this Agreement, Service Provider shall defend, indemnify and hold Customer harmless against any loss, damage or costs (including reasonable attorneys’ fees) awarded to a third party against Customer by a court of competent jurisdiction in any claims, demands, suits, or proceedings made or brought against Customer by a third party alleging that the use of the Service as contemplated hereunder infringes the intellectual property rights of a third party (“IP Claims”); subject to the condition that Customer (a) promptly gives written notice of each IP Claim to Service Provider; (b) gives Service Provider sole control of the defense and settlement of each IP Claim (provided that Service Provider may not settle or defend any IP Claim unless it unconditionally releases Customer of all liability); and (c) provides to Service Provider, at Service Provider’s cost, all reasonable assistance in respect to each IP Claim.

8.2 Mitigation.

If (a) Service Provider becomes aware of an actual or potential IP Claim, or (b) Customer provides Service Provider with notice of an actual or potential IP Claim, Service Provider may (or in the case of an injunction against Customer, shall), at Service Provider’s sole option and determination: (I) procure for Customer the right to continue to use the Service; or (II) replace or modify the Service with equivalent or better functionality so that Customer’s use is no longer infringing; or (III) if (I) or (II) are not commercially reasonable, terminate provision of the Service and refund to Customer any pre-paid Service fees for any periods after the termination of the Service, less any outstanding moneys owed by Customer to Service Provider.

8.3 Exclusions.

The indemnity in Section 8.1 does not extend to (1) any IP Claim based upon infringement or alleged infringement of any patent, trademark, copyright or other intellectual property right by the combination of the Service furnished by Service Provider with other products, software or services not provided by Service Provider; (2) any IP Claim related to any Customer Data, or (3) any IP Claim related to any use or exercise of any other right in respect to the Service outside the scope of the rights granted in this Agreement.

8.4 Indemnification by Customer.

Subject to this Agreement, Customer shall defend, indemnify and hold Service Provider harmless against any loss, damage or costs (including reasonable attorneys’ fees) incurred in connection with any claims, demands, suits, or proceedings made or brought against Service Provider by a third party (i) alleging that the Customer Data, or Customer’s use of the Service in violation of this Agreement, infringes the intellectual property rights of, or has otherwise harmed, a third party, or (ii) as a result of any representations, warranties or other commitments made by Customer to any third party (including Users) in respect to the Service (any claims, demands, suits, or proceedings within (i) and (ii) hereinafter referred to as “Customer Claims”); provided, that Service Provider (a) promptly gives written notice of each Customer Claim to Customer; (b) gives Customer sole control of the defense and settlement of each Customer Claim (provided that Customer may not settle or defend any Customer Claim unless it unconditionally releases Service Provider of all liability); and (c) provides to Customer, at Customer’s cost, all reasonable assistance in respect to each Customer Claim.

9. Limitation of Liability.

9.1 Limitation of Liability.

IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR UNDER ANY OTHER THEORY OF LIABILITY, EXCEED THE AMOUNTS ACTUALLY PAID BY AND DUE FROM CUSTOMER HEREUNDER IN THE TWELVE MONTHS PRECEDING THE INCIDENT GIVING RISE TO LIABILITY.

9.2 Exclusion of Consequential and Related Damages.

IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY LOST PROFITS OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, BUSINESS INTERRUPTION, LOSS OF DATA, LOST SAVINGS OR OTHER SIMILAR PECUNIARY LOSS) HOWEVER CAUSED AND, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR UNDER ANY OTHER THEORY OF LIABILITY, WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

9.3 Certain Damages Not Excluded.

NOTWITHSTANDING THE FOREGOING, NO LIMITATION OF EITHER PARTY’S LIABILITY SET FORTH IN THIS AGREEMENT SHALL APPLY TO (I) DAMAGES ARISING FROM A PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS, (II) DAMAGES ARISING FROM INFRINGEMENT AND/OR MISAPPROPRIATION OF A PARTY’S INTELLECTUAL PROPERTY RIGHTS; OR (III) ANY CLAIMS FOR NON-PAYMENT.

10. Term & Termination.

10.1 Term of Agreement.

This Agreement shall commence as of the Effective Date and shall continue in effect until the cancellation by either party. Thereafter, the term of the Agreement shall be automatically renewed monthly or annually or contract-specified time period on the term period of the Effective Date for renewal terms (any such subsequent renewal terms referred to in this Agreement as a “Renewal Term”), unless either party gives written notice of non-renewal to the other party at least thirty (30) days prior to the end of the Initial Term or any Renewal Term hereof. Collectively, the Initial Term and any subsequent Renewal Terms shall constitute the “Term”. Terms can be cancelled via the Signority application web page or by email to support@signority.com.

10.2. Term of User Subscriptions.

User subscriptions commence on the start date of the user sign up date or the relevant Order Form and continue for the subscription term specified therein. User subscriptions may be renewed monthly or annually or by specified renewal period in the Order Form.

10.3. Termination for Cause.

A party may terminate this Agreement for cause: (i) upon fourteen (14) days written notice of a material breach to the other party if such breach remains uncured at the expiration of such period; or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. Upon any termination for cause by Customer, Service Provider shall refund Customer any prepaid fees for any periods after the termination of the Agreement. Termination or expiration of this Agreement will cause termination of any User subscriptions that are then active. At the end of this 14 day suspension period, your account shall be terminated and your documents will be deleted from our servers.

10.4 Outstanding Fees.

Termination shall not relieve Customer of the obligation to pay any fees accrued or payable to Service Provider prior to the effective date of termination.

10.5 Surviving Provisions.

The following provisions shall survive any termination or expiration of this Agreement: Sections 4 through 11.

11. General Provisions.

11.1 Relationship of the Parties.

The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.

11.2 No Third-Party Beneficiaries.

There are no third-party beneficiaries to this Agreement.

11.3. Notices.

All notices under this Agreement shall be in writing and shall be deemed to have been given upon: (i) personal delivery; (ii) the second business day after mailing; (iii) the second business day after sending by confirmed facsimile; or (iv) the second business day after sending by email. Notices to Service Provider shall be addressed to the attention of the Support Department. Notices to Customer shall be addressed to Customer’s signatory of this Agreement unless otherwise designated below.

11.4 Waiver and Cumulative Remedies.

No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity.

11.5 Severability.

If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.

11.6 Assignment.

Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (not to be unreasonably withheld). Notwithstanding the foregoing, each party may assign this Agreement in its entirety (including all Order Forms), without consent of the other party, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its stock or assets. Any attempt by a party to assign its rights or obligations under this Agreement in breach of this section shall be void and of no effect. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.

11.7 Governing Law.

This Agreement shall be governed by the laws of the Province of Ontario, Canada, without regard to its conflict of law principles. No choice of laws rules of any jurisdiction shall apply to this Agreement. The application of the United Nations Convention on Contracts for the International Sale of Goods to this Agreement is expressly excluded.

11.8 Venue; Waiver of Jury Trial.

The provincial and federal courts located in Ottawa, Ontario, Canada, shall have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement. Each party hereby consents to the exclusive jurisdiction of such courts. Each party also hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement.

11.9 Force Majeure.

Neither party shall be responsible for its failure to perform to the extent due to unforeseen circumstances or causes beyond its control, including but not limited to acts of God, wars, terrorism, riots, embargoes, acts of civil or military authorities, fires, floods, accidents, or strikes, labour problems (other than those involving the employees of the affected party), computer, telecommunications, Internet service provider or hosting facility failures or delays involving hardware, software or power systems not within a party’s possession or reasonable control, provided that such party gives the other party prompt written notice of the failure to perform and the reason therefore and uses its reasonable efforts to limit the resulting delay in its performance.

11.10 Export.

Customer acknowledges and agrees that the Service may be subject to export and import controls under the regulations of Canada, the United States and other countries, and Customer shall comply with all export and import control regulations of such countries. Customer shall not use the Service for any purposes prohibited by export laws, including, without limitation, nuclear, chemical or biological weapons proliferation. Customer shall be responsible for procuring all required permissions for any subsequent export, import or use of the Service.

11.11 Entire Agreement.

This Agreement, including all schedules, exhibits and addenda hereto and all Order Forms, constitutes the entire agreement between the parties, and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the party against whom the modification, amendment or waiver is to be asserted. To the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any schedule, exhibit or addendum hereto or any Order Form, the terms of such schedule, exhibit, addendum or Order Form shall prevail. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Customer purchase order or in any other Customer order documentation shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void.

11.12 Counterparts.

This Agreement may be executed by email and in counterparts, which taken together shall form one legal instrument.

Confidentiality Agreement

1. Under this Agreement, all personal information transferred to the Service Provider by the Customer remains under the control of the Customer and subject to the Freedom of Information and Protection of Privacy Act (FIPPA). All such information is at all times held in trust for the Customer by the Service Provider.

2. The Service Provider acknowledges that the Customer has obligations under FIPPA with respect to protect personal information in its custody or under its control. This includes an obligation to take all reasonable precautions to protect such personal information from inadvertent use or disclosure. The Service Provider agrees that it will comply with the provisions of FIPPA in its collection, use and disclosure of personal information pursuant to the contract.

3. Without limiting the generality of the foregoing, the Service Provider specifically agrees that it will maintain all reasonable safeguards, in accordance with the ISO/IEC 27001:2013 industry standard, to protect the confidentiality of personal information in its control. This includes but is not limited to administrative, technical and physical safeguards.

4. The Service Provider agrees that personal information transferred or collected under this contract will at no time be stored on unencrypted removable media, including but not limited to CDs, DVDs, and “USB Key” style removable drives.

5. The Service Provider must restrict access to records containing personal information received, collected or retained in the course of providing the Services to only those persons who are authorized to use the information in the course of their duties in providing the Services, and then only if the information is necessary for the performances of those duties. Access by those persons must be limited to the types of personal information necessary for the performance of the Services.

6. Before allowing an employee to have access to any personal information, the Service Provider must ensure that each employee signs an undertaking of confidentiality. The undertaking must cover all personal information the employee may become aware of in performing the Services and must include the employee’s consent to the disclosure of the undertaking to the Customer.

7. The Service Provider acknowledges that the Customer reserves the right to audit or inspect the Service Provider’s physical, technical, and administrative safeguards to ensure that they comply with this Contract and the Customer’s obligations.

8. The Service Provider must keep separate from all its other records and information all personal information transferred to it by the Customer or collected, created, maintained, or stored under this contract.

9. The Service Provider is responsible for ensuring that its employees, officers, agents and subcontractors (if permitted by the Customer as detailed below) are aware of and understand the requirements of FIPPA as it relates to this Agreement before the employees, agents or subcontractors perform duties that require access to personal information received, collected or retained under this Agreement.

10. The Service Provider shall not engage the services of any subcontractor to perform any portion of the Services under this Agreement without the consent of the Customer. Prior to engaging the services of a subcontractor, the Service Provider must verify the ability of the prospective subcontractor to protect the security and privacy of the affected information, in a manner specified by the Customer. The Service Provider must supply a record of such verification to the Customer upon request by the Customer.

11. The Service Provider must include provisions in its agreement with any subcontractor approved by the Customer incorporating substantially the same requirements as set out in this Agreement.

12. Unless otherwise expressly authorized in writing by the Customer, the Service Provider may collect, use and disclose personal information on behalf of the Customer only for the purpose of providing the Services, and may collect, use and disclose no more personal information than is necessary for that purpose.

13. For the purposes of this contract, data matching is the comparison of personal information obtained from different sources, including both electronic and paper-based formats, for the purpose of making decisions about the person to whom the data pertains. The Service Provider agrees that it will not engage in data matching between data about an individual which is received, collected, or retained in the course of providing the Services and data about the same individual which is collected or retained by the Service Provider independently of providing the Services.

14. Any request by the Customer for data secured on the Signority services must be responded to in 8 hours, with a full resolution in 48 hours. Should the Service Provider be unable to meet these obligations due to circumstances outside of its control (including, for example, power outages) immediate notice shall be provided to the Customer.

15. The Service Provider undertakes that, if it receives a demand for disclosure of information it has received or collected, created, maintained, or stored on behalf of the Customer under this contract, whether the request is from a person, a government, a non-government organization, a court of law, or from any other source, and the disclosure is not for a purpose authorized under this Agreement, the Service Provider

  1. must require that any demand be made in writing setting out the authority of the person making the demand;
  2. must immediately advise the Customer of the demand made to the Service Provider and forward a copy of the demand to the Customer; and
  3. must not disclose the information until authorized to do so by the Customer, or, if the disclosure is required by law, until the Customer has had an opportunity to seek standing to object to the disclosure, to seek a protection order, or to take such other steps as it sees fit to protect the confidentiality of the information.

16. Where the Service Provider is prohibited by law from notifying the Customer of a request for information or other legal process seeking access to personal information held under the Contract, the Service Provider must take all lawfully permitted steps to resist the order before releasing the information.

17. In the event that the Service Provider anticipates a breach of privacy or becomes aware of a breach relating to the personal information received, collected, retained, or stored by the Service Provider in the course of performing the Services, the Service Provider must immediately notify the Customer in writing of the following, to the extent known:

  1. the nature of the information that was breached (type and date of the information, name(s) of the person(s) whose information is affected);
  2. when the breach occurred;
  3. how the breach occurred;
  4. who was responsible for the breach;
  5. what steps the Service Provider has taken to mitigate the matter; and
  6. what measures the Service Provider has taken to prevent reoccurrence.

18. The Service Provider agrees to cooperate fully, at its own cost, in any investigation into a breach or alleged breach by the Customer or its officers, agents or employees, or by any public office, including but not limited to the Office of the Information and Privacy Commissioner/Ontario.

19. The Service Provider agrees to indemnify the Customer for any and all losses, including damages, legal or other costs, charges, fines, penalties or interest which the Customer incurs as a result of breaches of privacy in respect of personal information in the Service Provider’s possession which the Service Provider receives, collects, uses or discloses in the course of providing the Services; subject to the condition that Customer

  1. promptly gives written notice of each claim to Service Provider;
  2. gives Service Provider sole control of the defense and settlement of each claim (provided that Service Provider may not settle or defend any claim unless it unconditionally releases Customer of all liability); and
  3. provides to Service Provider, at Service Provider’s cost, all reasonable assistance in respect to each claim. This indemnification shall not apply where the Service Provider complied with this Agreement and took all commercially reasonable precautions to limit the risk of a privacy breach.

20. Should there be any use or disclosure of the personal information provided by the Customer by the Service Provider, its employees, agents, or subcontractors contrary to this contract, or should the Service Provider change its privacy policies or practices without providing the Customer with notice of such change sufficient to permit the Customer to withdraw from the Contract if it should wish to do so, the Customer may, at its sole discretion and without prejudice to any other rights which the Customer may have pursuant to this contract or at law:

  1. immediately terminate or suspend this Agreement and/or any contract pursuant to which the Services are provided;
  2. demand immediate return of all personal information retained by the Service Provider on behalf of the Customer, at the expense of the Service Provider; and/or
  3. require that the Service Provider issue notice, at its own expense, to any third party whose information was improperly used or disclosed.

21. At the expiry or termination of the contract, or at such time as the Customer may direct, the Service Provider must do any or all of the following with respect to records containing personal information received, collected, or retained on behalf of the Customer in the course of providing the Services:

  1. return to the Customer all original records transferred to or collected, created, maintained, or stored by the Service Provider in the course of providing the Services;
  2. destroy all copies (including electronic copies) of records transferred to or collected, created, maintained, or stored by the Service Provider in relation to this contract in the manner specified by the Customer, and provide confirmation of the destruction to the Customer in a manner specified by the Customer; and
  3. wipe the hard drive used for the storage of information in electronic format and otherwise destroy the information in a manner specified by the Customer, and provide confirmation of the destruction to the Customer in a manner specified by the Customer.

22. In the event that any record or part of a record transferred to or collected, created, maintained or stored by the Service Provider in relation to this contract is located at a future date, the Service Provider must immediately notify the Customer that the record or part of a record has been found and return, destroy or dispose of the record or part of a record in a manner specified by the Customer. This obligation survives this contract.