CUSTOMER AGREEMENT

PLEASE READ THIS CUSTOMER AGREEMENT (“AGREEMENT”) BEFORE USING THE EDUCATION AND COMPLIANCE PLATFORM (THE “PLATFORM”) MADE AVAILABLE BY DONE DESK, INC. (“DONE DESK”).  IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF A PRACTICE, DENTAL SERVICES ORGANIZATION OR OTHER ENTITY, SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. BY ACCESSING OR USING THE PLATFORM, YOU, ON BEHALF OF THE APPLICABLE PRACTICE, DENTAL SERVICES ORGANIZATION OR OTHER ENTITY (AS APPLICABLE, THE “CUSTOMER” AND, TOGETHER WITH DONE DESK, THE “PARTIES” AND, EACH, A “PARTY”) SIGNIFY ACCEPTANCE OF, AND AGREE TO THE TERMS AND CONDITIONS OF, THIS AGREEMENT, INCLUDING THE LIMITATIONS OF LIABILITY, WARRANTY DISCLAIMERS AND AMENDMENT PROVISIONS CONTAINED HEREIN.  IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, DO NOT ACCESS OR USE THE PLATFORM. 

WHEREAS, Done Desk is the provider of the Platform, and the Customer wishes to obtain access to, or to benefit from, the same subject to the terms and conditions of this Agreement; and 

WHEREAS, the parties desire that this Agreement govern Done Desk’s provision, and Customer’s use of, the Platform as purchased pursuant to an Order (as defined below) from time to time.  

This Agreement was last updated on [August 24, 2023]. It is effective between Customer and Done Desk as of the date of Customer accepting this Agreement (“Effective Date”).

DEFINITIONS.

“Affiliate” of any Person means any Person that controls, is controlled by, or is under common control with such Person. As used in the context of Affiliates, the term “control” (including the terms “controlling,” “controlled by” and “under common control with”) means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of a Person, whether through ownership of voting securities or other interests, by contract or otherwise.  

“Authorized Users” means Customer’s employees, consultants, contractors, and agents who have been authorized by Customer to access and use the Platform solely on Customer’s behalf.

“Customer Data” means information, data and documents that are submitted, posted, or otherwise transmitted through the Platform by an Authorized User, including standard operating procedures and similar policies and procedures of Customer.

“Documentation” means, to the extent made available by Done Desk from time to time hereunder, Done Desk’s user guides and similar materials relating to the Platform.

“Done Desk IP” means the Platform (including the Software), the Documentation, all technology (including source code, object code and all related algorithms) related thereto and all intellectual property or proprietary rights in the foregoing. For the avoidance of doubt, Done Desk IP does not include Customer Data.

“Educational Content” means the lessons, materials and information that are made available to Customer and the Authorized Users through the Platform, including any such lessons, materials or information that is produced or provided by an Affiliate of Done Desk.

“Order” means an order for Customer’s use of the Platform that is either agreed in writing (whether physically or electronically) or completed online by or on behalf of Customer through the Done Desk site. 

“Person” means any natural person, corporation, limited liability company, trust, joint venture, association, company, partnership or other entity.

“Term” means the subscription period set forth in an Order (a “Committed Subscription Term”) or, if no such Committed Subscription Term is set forth in an Order, until either Party terminates this Agreement in accordance with Section 11 hereof.  Upon expiration of any Committed Subscription Term set forth in an Order, this Agreement shall remain in effect unless and until Customer terminates this Agreement in accordance with Section 11 hereof.

ACCESS AND USE.

Provision of Access. Subject to Customer’s full compliance with all terms and conditions of this Agreement, Done Desk hereby grants Customer a non-exclusive, non-transferable right to access and use the Platform during the Term, solely by Authorized Users, for Customer’s internal use and in accordance with the Documentation. If Customer is a Dental Services Organization, the Customer’s internal use will include managing the operations of practices that are associated with such Dental Services Organization.  Done Desk shall provide to Customer the necessary passwords and network links or connections to allow Customer to access the Platform.  Done Desk may in its sole discretion, modify, enhance or otherwise change the Platform from time to time in its sole discretion; provided, that such changes will not materially limit or adversely affect the Platform provided to Customer hereunder.   

Use Restrictions. Customer shall not, directly or indirectly: (i) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to or attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Platform or any software, Documentation or data underlying or related to the Platform (“Software”); (ii) copy, modify, translate, or create derivative works of the Platform or Software, in whole or in part; (iii) use or access the Platform or Software for timesharing or service bureau purposes or for any purpose other than for the internal benefit of Customer as set forth in this Agreement; (iv) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Platform or Software to any third-party; (v) remove any product identification, proprietary, copyright or other notices from the Platform, Software or Educational Content; (v) use the Platform or Software in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any Person, or that violates any applicable laws or regulations; (vi) use the Platform as a repository for, or to otherwise store, any patient data, including any data that may contain financial account numbers or other financial information of patients or that may be considered “Protected Health Information” pursuant to the Health Insurance Portability and Accountability Act or (vii) permit any third party to do any of the foregoing. Customer will use commercially reasonable efforts to prevent any unauthorized use of the Platform or the Software and will promptly notify Done Desk of any unauthorized use that comes to Customer’s attention and provide all reasonable cooperation to prevent and terminate such use.  

Reservation of Rights. Except for the limited rights expressly granted under this Agreement, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, to Customer or any third party any intellectual property rights or other right, title, or interest in or to the Done Desk IP.  As between the Parties, Done Desk retains all right, title and interest in and to the Done Desk IP.  

Suspension. Notwithstanding anything to the contrary in this Agreement, Done Desk may temporarily suspend Customer’s and any Authorized User’s access to any portion or all of the Platform if: (i) Done Desk reasonably determines that (A) there is a threat or attack on any of the Done Desk IP; (B) Customer’s or any Authorized User’s use of the Done Desk IP disrupts or poses a security risk to the Done Desk IP or to any other customer or vendor of Done Desk; (C) Customer, or any Authorized User, is using the Done Desk IP for fraudulent or illegal activities; (D) subject to applicable law, Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; or (E) Done Desk’s provision of the Platform to Customer or any Authorized User is prohibited by applicable law or (ii) in accordance with Section 5(a)(iii) (any such suspension described in sub-clause (i), or (ii) of this Section, a “Service Suspension”). Done Desk shall use commercially reasonable efforts to provide prior notice of any Service Suspension to Customer and to provide updates regarding resumption of access to the Platform following any Service Suspension. Done Desk shall use commercially reasonable efforts to resume providing access to the Platform as soon as reasonably possible after the event giving rise to the Service Suspension is cured. Done Desk will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any Authorized User may incur as a result of a Service Suspension. 

DATA SECURITY; DATA PROCESSING. 

Data Security.  Done Desk will maintain commercially reasonable administrative, physical and technical safeguards for the Platform to protect against the accidental or unauthorized access, use, alteration or disclosure of Customer Data properly uploaded to, or ingested by, the Platform and processed or stored on a computer and/or computer network owned or controlled by Done Desk in connection with the Platform, including by maintaining security controls no less stringent, when considered as a whole, than those set forth on Exhibit A.  If, at any time, Done Desk fails to comply with this Section, Customer may promptly notify Done Desk in writing of any such noncompliance.  Done Desk will, within thirty (30) days of receipt of such written notification, either correct the noncompliance or provide Customer with a plan for correcting the noncompliance. If the noncompliance is not corrected or if a reasonably acceptable plan for correcting the noncompliance is not established during such period, Customer may terminate this Agreement as its sole and exclusive remedy for such noncompliance.

Data Processing.  To the extent required pursuant to applicable laws, the Parties will enter into a Data Processing Addendum in the form attached hereto as Exhibit B (the “DPA”) setting forth the specific terms and conditions under which Done Desk may receive and process personal data from and on behalf of Customer.

CUSTOMER RESPONSIBILITIES.

General.  Customer is responsible and liable for all uses of the Platform and Documentation resulting from access provided by Done Desk, including all acts and omissions of Authorized Users. Customer shall make all Authorized Users aware of this Agreement’s provisions as applicable to such Authorized Users’ use of the Platform, and shall cause Authorized Users to comply with such provisions.

Customer Data; Educational Content. Customer is responsible for the accuracy, completeness, quality and legality of the Customer Data (including complying with all applicable laws, rules or regulations requiring notice to, or permissions from, individuals and other third parties in connection with providing Done Desk the Customer Data).  As between the Parties, Customer is solely responsible for ensuring that any Educational Content made available through the Platform is suitable for its intended purpose.    

FEES AND PAYMENT.

Fees. Customer shall pay Done Desk the fees (“Fees”) as set forth in Order without offset or deduction. Customer shall make all payments hereunder in US dollars on or before the due date set forth in Order.  Done Desk may increase the fees payable by Customer at any time upon thirty (30) days’ prior written notice to Customer; provided, that Done Desk may not increase the Fees for the duration of a Committed Subscription Term.  Done Desk uses a third-party payment processor (the “Payment Processor”) to bill Customer through a payment account linked to your account on the Platform.  The processing of payments will be subject to the terms, conditions and privacy policies of the Payment Processor.  Currently, Done Desk uses Stripe, Inc. as its Payment Processor.  Done Desk is not responsible for the errors or omissions of its Payment Processor.  If Customer fails to make any payment when due, without limiting Done Desk’s other rights and remedies: (i) Done Desk may charge interest on past due amounts at a rate of 1.0% per month or, if lower, the highest rate permitted under applicable law; (ii) Customer shall reimburse Done Desk for all costs incurred by Done Desk in collecting any late payments or interest, including attorneys’ fees, court costs, and collection agency fees; and (iii) if such failure continues for 10 days or more, Done Desk may suspend Customer’s and its Authorized Users’ access to any portion or all of the Platform until such amounts are paid in full.  

Taxes. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Done Desk’s income.

DATA AND CONTENT RIGHTS.  

Customer Data.  Customer grants Done Desk a nonexclusive, worldwide, royalty-free, sublicensable license to (i) use, copy, reproduce, distribute, and make derivative works of Customer Data for the purpose of providing the Platform and related services to Customer and (ii) use Customer Data in connection with Done Desk’s improvement of the Platform and related Done Desk products and services; provided, that any such use contemplated in this subsection (ii) will be on an aggregated, anonymized basis and will not involve the disclosure of Customer Data to third parties.  For clarity, Done Desk will never publish or provide to any third-party (including other customers) any standard operating procedures or other policies or procedures that Customer uploads to the Platform.

Usage Data.  Done Desk may collect, retain, disclose, and use, during and after the Term for purposes of Done Desk’s business, usage data that is derived from the operation of the Platform, including patterns identified through the use of the Platform and algorithms, log data, and data regarding the performance and availability of the Platform (“Usage Data”).

CONFIDENTIAL INFORMATION; FEEDBACK. 

Confidential Information.  From time to time during the Term, either Party may disclose or make available to the other Party information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether or not marked, designated or otherwise identified as “confidential” (collectively, “Confidential Information”). Confidential Information does not include information that, at the time of disclosure is: (a) publicly available; (b) rightfully known to the receiving Party on a non-confidential basis; (c) rightfully obtained by the receiving Party on a non-confidential basis from a third party; or (d) independently developed by the receiving Party without use of, or reference to, the Confidential Information of the disclosing Party. The receiving Party shall not disclose the disclosing Party’s Confidential Information to any Person, except to the receiving Party’s employees, consultants, agents or representatives who have a need to know the Confidential Information for the receiving Party to exercise its rights or perform its obligations hereunder (such Persons, its “Representatives”).  In addition, and except as permitted herein, the receiving Party shall not use the Confidential Information of the disclosing Party except as necessary to exercise its rights or perform its obligations hereunder.  The receiving Party shall be responsible for any unauthorized access, use or disclosure of the disclosing Party’s Confidential Information by the receiving Party’s Representatives.  Each Party may disclose Confidential Information to the limited extent required (i) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order shall first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (ii) to establish a Party’s rights under this Agreement, including to make required court filings.  All Confidential Information disclosed pursuant to the preceding sentence will remain subject to the confidentiality and non-use obligations contained herein for all purposes other than such permitted disclosure.  On the expiration or termination of the Agreement, the receiving Party shall promptly return to the disclosing Party all copies, whether in written, electronic, or other form or media, of the disclosing Party’s Confidential Information, or destroy all such copies. Each Party’s confidentiality obligations with regard to Confidential Information are effective as of the Effective Date and will survive expiration or termination of this Agreement.  

Feedback.  Customer or any of its employees or contractors may send or transmit any communications or materials to Done Desk by mail, email, telephone, or otherwise, suggesting or recommending changes to the Platform, including new features or functionality relating thereto, or any comments, questions, suggestions, or the like (“Feedback”).  In such case, Customer shall, and hereby does, grant to Done Desk a nonexclusive, worldwide, perpetual, irrevocable, transferable, sublicensable, royalty-free, fully paid up license to use and exploit the Feedback for any purpose.  

WARRANTIES AND DISCLAIMERS.

Mutual. Each Party represents and warrants that (i) it is duly organized, validly existing, and in good standing under the laws of the state of its organization; (ii) it has the necessary organizational power and authority to enter into this Agreement, to carry out its obligations under this Agreement, and to grant the rights granted to the other Party herein; (iii) the execution of this Agreement by such Party, and the performance by such Party of its obligations and duties hereunder do not and will not violate any other agreement to which such Party is a party or by which it is otherwise bound; and (iv) it and its performance hereunder will comply with all applicable laws and regulations.

Done Desk. Done Desk warrants that (i) the Platform will perform in accordance with the Documentation, if any and (ii) it will not knowingly include, in the Platform provided to Customer hereunder, any computer code or other computer instructions, devices or techniques, including those known as disabling devices, trojans, or time bombs, that intentionally disrupt, disable, harm, infect, defraud, damage, or otherwise impede in any manner, the operation of a network, computer program or computer system or any component thereof, including its security or user data.

Disclaimers. EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN THIS SECTION 8, THE PLATFORM IS PROVIDED “AS IS” AND DONE DESK HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE.  DONE DESK SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 8, DONE DESK MAKES NO WARRANTY OF ANY KIND THAT THE PLATFORM, OR ANY RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, ARE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM OR OTHER SERVICES, OR ARE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE. WITHOUT LIMITING THE FOREGOING, DONE DESK PROVIDES NO WARRANTY OR GUARANTEE THAT THE USE OF THE PLATFORM WILL ENHANCE OR IMPROVE CUSTOMER’S PERSONNEL TRAINING PROGRAM.  IN ADDITION, DONE DESK DOES NOT MAKE ANY GUARANTEES OR REPRESENTATIONS ABOUT THE EDUCATIONAL CONTENT, INCLUDING ITS SUITABILITY FOR CONTINUING EDUCATION PURPOSES.  TO THE EXTENT CUSTOMER OBTAINS ANY EDUCATIONAL CONTENT FROM AN AFFILIATE OF DONE DESK, SUCH AFFILIATE WILL BE SOLELY RESPONSIBLE FOR SUCH EDUCATIONAL CONTENT. 

INDEMNIFICATION.

Done Desk Indemnification. Done Desk shall indemnify, defend, and hold harmless Customer from and against any and all out of pocket losses, damages, liabilities, and costs (including reasonable attorneys’ fees) (”Losses”) incurred by Customer resulting from any third-party claim, suit, action, or proceeding (“Third-Party Claim”) that the Platform infringes or misappropriates such third party’s U.S. patents, copyrights, trademarks or trade secrets; provided, that Customer promptly notifies Done Desk in writing of the claim, cooperates with Done Desk, and allows Done Desk sole authority to control the defense and settlement of such claim.  If such a claim is made or appears possible, Customer agrees to permit Done Desk, at Done Desk’s sole discretion, to (i) modify or replace the Platform, or component or part thereof, to make it non-infringing, or (ii) obtain the right for Customer to continue use of the Platform in the manner permitted in this Agreement. If Done Desk reasonably determines that neither alternative is reasonably available, Done Desk may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice to Customer and refund Customer all prepaid but unused fees for the remainder of the then-current Term. The first sentence of this Section 9(a) will not apply with respect to portions or components of the Platform (V) not created by Done Desk, including but not limited to Customer Data; (W) that are modified by anyone other than Done Desk where the alleged infringement relates to such modification; (X) combined with other products, processes or materials where the alleged infringement relates to such combination; (Y) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement or (Z) where Customer’s use thereof is not strictly in accordance with this Agreement and all Documentation.

Customer Indemnification. Customer shall indemnify, hold harmless, and, at Done Desk’s option, defend Done Desk from and against any Losses resulting from any Third-Party Claim (i) excluded from indemnity obligation in Section 9(a) above or otherwise from Customer’s or any Authorized User’s negligence or willful misconduct or use of the Platform in a manner not authorized by this Agreement; (ii) related to the Customer Data, including any claim that Done Desk’s access or use of Customer Data in the manner contemplated in this Agreement is unlicensed or infringes any third-party’s intellectual property rights; or (iii) related to Customer’s employment or engagement of Authorized Users. Customer may not settle any Third-Party Claim against Done Desk unless Done Desk consents to such settlement, and further provided that Done Desk will have the right, at its option, to defend itself against any such Third-Party Claim or to participate in the defense thereof by counsel of its own choice. 

Sole Remedy. THIS SECTION 9 SETS FORTH CUSTOMER’S SOLE REMEDIES AND DONE DESK’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE PLATFORM INFRINGES, MISAPPROPRIATES, OR OTHERWISE VIOLATES ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY. 

LIMITATIONS OF LIABILITY. 

Indirect Liabilities. IN NO EVENT WILL EITHER PARTY BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (I) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (II) INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (III) LOSS OF GOODWILL OR REPUTATION; (IV) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (V) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE REGARDLESS OF WHETHER DONE DESK WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. 

Direct Liability. IN NO EVENT WILL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED THE TOTAL AMOUNTS PAID TO DONE DESK UNDER THIS AGREEMENT IN THE TWELVE MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM. 

Exclusions.  THE FOREGOING LIMITATIONS IN THIS SECTION 10 SHALL NOT LIMIT (I) A PARTY’S INDEMNIFICATION OBLIGATION SET FORTH IN SECTION 9; (II) DAMAGES ARISING IN CONNECTION WITH A PARTY’S FRAUD, WILLFUL MISCONDUCT, OR GROSS NEGLIGENCE; OR (III) DAMAGES ARISING IN CONNECTION WITH A PARTY’S MISAPPROPRIATION OR OTHER UNAUTHORIZED USE OF THE OTHER PARTY’S TECHNOLOGY. 

TERM AND TERMINATION.

Term. The initial term of this Agreement begins on the Effective Date and lasts for the duration of the Term.  

Termination.  Except for the duration of a Committed Subscription Term (as contemplated in an Order), either Party may terminate this Agreement and any Order on 30 days’ notice to the other Party.  For clarity, Customer may not terminate this Agreement for the duration of a Committed Subscription Term except with the written consent of Done Desk. 

Termination for Breach. Either Party may terminate this Agreement, effective on written notice to the other Party, if the other Party materially breaches this Agreement, and such breach: (A) is incapable of cure or (B) being capable of cure, remains uncured 30 days after the non-breaching Party provides the breaching Party with written notice of such breach.  Either Party may terminate this Agreement, effective immediately upon written notice to the other Party, if the other Party: (W) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (X) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (Y) makes or seeks to make a general assignment for the benefit of its creditors; or (Z) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.

Effect of Expiration or Termination. Upon expiration or earlier termination of this Agreement, Customer shall immediately discontinue use of the Done Desk IP and, without limiting Customer’s obligations under Section 7, Customer shall delete, destroy, or return all copies of the Done Desk IP. No expiration or termination will affect Customer’s obligation to pay all Fees that may have become due before such expiration or termination, or entitle Customer to any refund.

Survival. This Section 11(e) and Sections 1, 2(c), 4, 5, 6(b), 7, 8(c), 9, 10, and 12 survive any termination or expiration of this Agreement. No other provisions of this Agreement survive the expiration or earlier termination of this Agreement.

MISCELLANEOUS.

Entire Agreement. This Agreement, together with each Order and any other documents incorporated herein by reference and all related Exhibits, constitutes the sole and entire agreement of the Parties with respect to the subject matter of this Agreement and supersedes all prior and contemporaneous understandings, agreements, and representations and warranties, both written and oral, with respect to such subject matter. In the event of any inconsistency between the statements made in the body of this Agreement, the related Exhibits, and any other documents incorporated herein by reference, the following order of precedence governs: (i) first, this Agreement, excluding its Exhibits; (ii) second, the Exhibits to this Agreement as of the Effective Date; and (iii) third, any other documents incorporated herein by reference.

Notices. All notices, requests, consents, claims, demands, waivers, and other communications hereunder (each, a “Notice”) must be in writing and addressed to the Parties at the addresses set forth on the applicable Order (or to such other address that may be designated by the Party giving Notice from time to time in accordance with this Section). All Notices must be delivered by personal delivery, nationally recognized overnight courier (with all fees pre-paid), email, or certified or registered mail (in each case, return receipt requested, postage pre-paid). Except as otherwise provided in this Agreement, a Notice is effective only: (i) upon receipt by the receiving Party; and (ii) if the Party giving the Notice has complied with the requirements of this Section.

Force Majeure. In no event shall either Party be liable to the other Party, or be deemed to have breached this Agreement, for any failure or delay in performing its obligations under this Agreement (except for any obligations to make payments), if and to the extent such failure or delay is caused by any circumstances beyond such Party’s reasonable control, including but not limited to acts of God, flood, fire, earthquake, explosion, war, terrorism, invasion, riot or other civil unrest, strikes, labor stoppages or slowdowns or other industrial disturbances, or passage of law or any action taken by a governmental or public authority, including imposing an embargo.  Notwithstanding the foregoing, Customer shall not be excused from its payment obligations as a result of the occurrence or persistence of a force majeure event. 

Relationship of the Parties. No agency, partnership, joint venture, or employment relationship is created as a result of this Agreement and neither party has any authority of any kind to bind the other in any respect.

Amendment and Modification; Waiver. THIS AGREEMENT MAY BE MODIFIED OR UPDATED FROM TIME TO TIME BY DONE DESK UPON THIRTY (30) DAYS’ PRIOR WRITTEN NOTICE TO CUSTOMER, AND CUSTOMER’S CONTINUED USE OF THE PLATFORM FOLLOWING SUCH NOTICE WILL CONSTITUTE CUSTOMER’S CONSENT TO THE MODIFICATION OR UPDATE.  Notwithstanding the foregoing, Done Desk will not modify this Agreement during a Committed Subscription Term without the Customer’s written consent. Except as otherwise set forth in this Agreement, (i) no failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from this Agreement will operate or be construed as a waiver thereof and (ii) no single or partial exercise of any right, remedy, power, or privilege hereunder will preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.

Severability. If any provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability will not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal, or unenforceable, the Parties shall negotiate in good faith to modify this Agreement so as to effect their original intent as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.

Governing Law; Submission to Jurisdiction; Waiver of Jury Trial. This Agreement is governed by and construed in accordance with the internal laws of the State of Texas without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of Texas. Any legal suit, action, or proceeding arising out of or related to this Agreement or the licenses granted hereunder will be instituted exclusively in the federal courts of the United States or the courts of the State of Texas in each case located in Travis County, Texas, and each Party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding.  EACH PARTY KNOWINGLY, VOLUNTARILY AND INTENTIONALLY WAIVES ITS RIGHT TO TRIAL BY JURY IN ANY PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT, WHETHER SOUNDING IN CONTRACT, TORT OR OTHERWISE.

Construction.  As used in this Agreement, all terms used in the singular shall be deemed to include the plural, and vice versa, as the context may require. The words “hereof,” “herein” and “hereunder” and other words of similar import refer to this Agreement as a whole, as the same may from time to time be amended or supplemented in accordance herewith, and not to any subdivision contained in this Agreement. The word “including” when used herein is not intended to be exclusive and means “including, without limitation.”  Any reference to a Person shall include that Person’s successors and assigns or to any Person succeeding to that Person’s functions.  All references in this Agreement to “Sections” and “Exhibits” refer to the sections and exhibits of this Agreement.  Where a date or time period is specified, it will be deemed inclusive of the last day in such period or the date specified, as the case may be.  Words, obligations, representations, restrictions, rights, remedies or other matters connected by the word “or” are not exclusive of one another, unless expressly stated otherwise. 

Publicity.  During the term of this Agreement, Done Desk may include Customer’s name and logo in its marketing materials and customer lists, including on its website. To the extent Customer provides standard trademark usage guidelines, Done Desk shall use Customer’s name and logo in accordance with the guidelines. In addition, Customer will cooperate with Done Desk with respect to a mutually agreed joint press release. 

Relationship of the Parties.  For all purposes under this Agreement, each Party will be and act as an independent contractor of the other and will not bind or attempt to bind the other to any contract, and nothing contained herein shall be deemed to constitute either Party as an employee, partner, joint venturer, or agent of the other Party.  NOTWITHSTANDING ANY DUTY (INCLUDING ANY FIDUCIARY DUTY) THAT MAY OTHERWISE EXIST AT LAW OR IN EQUITY, TO THE FULLEST EXTENT PERMITTED BY LAW, (I) NO PARTY SHALL HAVE A FIDUCIARY DUTY TO ANY PERSON BOUND BY THIS AGREEMENT, AND (II) THE SOLE DUTIES, IF ANY, OF EACH PARTY TO THIS AGREEMENT AND ITS RESPECTIVE AFFILIATES TO ANY PERSON BOUND BY THIS AGREEMENT SHALL BE LIMITED TO THE CONTRACTUAL DUTIES IMPOSED BY THIS AGREEMENT.

Assignment. Neither Party may assign any of its rights or delegate any of its obligations hereunder without the prior written consent of the other Party, which consent shall not be unreasonably withheld, conditioned, or delayed, except that either Party may assign this Agreement without consent of the other Party to its successor in interest pursuant to a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets to which this Agreement relate.  If Customer assigns this Agreement or any Order in connection with a merger, acquisition, corporate reorganization or sale of all or substantially all of its assets to which this Agreement relates, the pricing may be subject to change by Done Desk based on the size of the Customer’s organization following the consummation of such transaction.  Any purported assignment or delegation in violation of this Section will be null and void. No assignment or delegation will relieve the assigning or delegating Party of any of its obligations hereunder. This Agreement is binding upon and inures to the benefit of the Parties and their respective permitted successors and assigns.  For clarity, the foregoing shall not restrict or otherwise limit Done Desk’s ability to subcontract portions of the Platform to its vendors, including its cloud hosting provider. 

Export Regulation. The Platform utilize software and technology that may be subject to US export control laws, including the US Export Administration Act and its associated regulations. Customer shall not, directly or indirectly, export, re-export, or release the Platform or the underlying software or technology to, or make the Platform or the underlying software or technology accessible from, any jurisdiction or country to which export, re-export, or release is prohibited by law, rule, or regulation. Customer shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), prior to exporting, re-exporting, releasing, or otherwise making the Platform or the underlying software or technology available outside the US.

US Government Rights. Each of the Documentation and the software components that constitute the Platform is a “commercial item” as that term is defined at 48 C.F.R. § 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in 48 C.F.R. § 12.212. Accordingly, if Customer is an agency of the US Government or any contractor therefor, Customer only receives those rights with respect to the Platform and Documentation as are granted to all other end users, in accordance with (a) 48 C.F.R. § 227.7201 through 48 C.F.R. § 227.7204, with respect to the Department of Defense and their contractors, or (b) 48 C.F.R. § 12.212, with respect to all other US Government users and their contractors.

Equitable Relief. Each Party acknowledges and agrees that a breach or threatened breach by such Party of any of its obligations under Section 7 or, in the additional case for Customer, Sections 2(b) would cause the other Party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other Party will be entitled to equitable relief, including a restraining order, an injunction, specific performance and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity or otherwise. 

Counterparts. This Agreement may be executed in counterparts, each of which is deemed an original, but all of which together are deemed to be one and the same agreement.

[Schedules and Exhibits Follow]

EXHIBIT A

INFORMATION SECURITY POLICY

Definitions.  For the purposes of this Exhibit B, the terms below have the following meanings whenever capitalized:

“Done Desk Systems” means the information technology systems and devices that store, process, and/or transmit Customer Data and which are controlled by Done Desk, including, to the extent controlled by Done Desk, the Platform; and

“Subcontractor” means any independent contractor, service provider, or other non-employee agent of Done Desk, including, as applicable, an Affiliate of Done Desk. 

Security Program.  Done Desk shall create, implement, and, throughout the Term and for so long thereafter as Done Desk retains any Customer Data, maintain an information security program (the “Program”) that includes commercially reasonable administrative, technical, and physical safeguards designed to protect the confidentiality and security of Customer Data.  Done Desk shall also periodically review and update the Program, paying attention to developments in technology and industry standard practices.  At a minimum, Done Desk’s Program shall include:

User authentication controls, including restricting access to authorized users;

Strong encryption technology for endpoints on Done Desk Systems managing Customer Data;

Network security practices in accordance with prevailing industry standards; and

Commercially reasonable password complexity standards that align with prevailing industry standards.

Access Control.

Rights to use and access Done Desk Systems shall be determined based on each user’s access privileges.  Access privileges shall be granted on the basis of specific business need (i.e. a “need to know” basis) and restricted to only those personnel who reasonably require such access to perform their job functions as determined by Done Desk management. 

System Monitoring and Protection.

Done Desk shall regularly monitor Done Desk Systems and proactively resolve customer impacting incidents.

All computers and other endpoints storing or processing Customer Data shall be patched and running operating systems and applications that are supported by the applicable provider of such operating systems and/or applications.

Personnel and Service Providers.  

Done Desk shall exercise commercially reasonable supervision over its employees and Subcontractors in a manner designed to maintain confidentiality and security of Customer Data. 

Prior to engaging any third-party service provider who may receive Customer Data, Done Desk shall take commercially reasonable steps to select and retain third-party service providers that are capable of maintaining appropriate security measures designed to protect the Customer Data. 

Done Desk shall terminate an individual’s access to Done Desk Systems as soon as reasonably practicable after such individual is no longer employed or engaged by Done Desk.  Terminated personnel are required to surrender all keys, IDs, access codes, badges, business cards and the like that permit access to Done Desk’s premises and/or Done Desk Systems. 

* * * *

EXHIBIT B

DATA PROCESSING ADDENDUM

This United States Privacy Law Exhibit (the “Exhibit”) supplements the Customer Agreement (the “Agreement”) entered into by and between Done Desk and the Customer and includes the terms required by the applicable Privacy Laws (defined below). Capitalized terms used but not defined herein have the meanings assigned to such terms in the Agreement.

Definitions

“Company Account Data” means Personal Data that relates to the Company’s relationship with Customer, including the names or contact information of Authorized Users and billing information of individuals that Customer has associated with its account. Company Account Data also includes any data the Company may need to collect for the purpose of managing its relationship with Customer, identity verification, or as otherwise required by applicable laws and regulations.

“Consumer” means a natural person who is a resident of, as applicable: (1) California, however identified, including by any unique identifier; or (2) Virginia acting only in an individual or household context. 

“Controller” means the natural or legal person that, alone or jointly with others, determines the purpose and means of Processing Personal Data. “Controller” includes a “Business” as defined by the CCPA. 

“Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable Consumer that is processed by the Company on behalf of the Customer pursuant to the Agreement. “Personal Data” includes “Personal Information” as defined by the CCPA.

“Privacy Laws” means (i) the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (Cal. Civ. Code §§ 1798.100 et seq.) (“CCPA”), and (ii) the Virginia Consumer Data Protection Act (VA. Code §§ 59.1-575 et seq.) (“VCDPA”), in each case as updated, amended or replaced from time to time. 

“Process” or “Processing” means any operation or set of operations that are performed on Personal Data or on sets of Personal Data, whether or not by automated means. 

“Processor” means a natural or legal entity that Processes Personal Data on behalf of a Controller. “Processor” includes “Service Provider” as defined by the CCPA.

Relationship of the Parties; Processing of Data

The Parties acknowledge and agree that Customer is a Controller and, except with respect to Company Account Data and Usage Data, the Company is a Processor for purposes of the CCPA and the VCDPA, each to the extent applicable, and the Company is receiving Personal Data from Customer, other than Company Account Data and Usage Data, in order to provide the Platform pursuant to the Agreement. The Company shall adhere to Customer’s lawful instructions with respect to the Processing of Personal Data to be performed by the Company pursuant to the Agreement. Customer shall, in its use of the Platform, at all times Process Personal Data, and provide instructions for the Processing of Personal Data, in compliance with Privacy Laws. Customer shall ensure that the Processing of Personal Data in accordance with Customer’s instructions will not cause the Company to be in breach of Privacy Laws.  Customer is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to the Company by or on behalf of Customer, (ii) the means by which Customer acquired any such Personal Data, and (iii) the instructions it provides to the Company regarding the Processing of such Personal Data.  Customer shall not provide or make available to the Company any Personal Data in violation of the Agreement or otherwise inappropriate for the nature of the Platform, and shall indemnify the Company from all claims and losses in connection therewith.

The Parties acknowledge and agree that with respect to Company Account Data and Usage Data, the Company is an independent Controller, not a joint Controller with Customer. The Company will Process Company Account Data and Usage Data as a Controller (i) to manage the relationship with Customer; (ii) to carry out the Company’s core business operations, such as accounting, audits, tax preparation and filing and compliance purposes; (iii) to monitor, investigate, prevent and detect fraud, security incidents and other misuse of the Platform, and to prevent harm to Customer; (iv) for identity verification purposes; (v) to comply with legal or regulatory obligations applicable to the Processing and retention of Personal Data to which the Company is subject; and (vi) as otherwise permitted under Privacy Laws and in accordance with this Exhibit and the Agreement. The Company may also Process Usage Data as a Controller to provide, optimize, and maintain the Platform, to the extent permitted by Privacy Laws. 

Processing Details

Nature and Purpose of Processing: The Company shall Process Personal Data provided by Customer under the Agreement as necessary to provide the Platform under the Agreement, for the purposes specified in the Agreement and this Exhibit, and in accordance with Customer’s instructions as set forth in this Exhibit. 

Duration of Processing: The Company shall Process Personal Data provided by Customer as long as required to provide the Platform to Customer under the Agreement. 

Categories of Consumers: The Company may Process the following categories of Personal Data provided by Customer: Customer’s employees and personnel.

Categories of Personal Data: The Company may Process Personal Data contained in Company Account Data, Usage Data, and any Personal Data provided by Customer (including any Personal Data Customer collects from its end users and Processes through its use of the Platform) or collected by the Company in order to provide the Platform or as otherwise set forth in the Agreement or this Exhibit. Categories of Personal Data include name, email address, phone number, credentials, and continuing education status. 

California-Specific Terms

Additional Definitions

For purposes of this Section 4, the terms “Business Purpose,” “Commercial Purpose,” “Personal Information,” “Sell,” “Service Provider,” and “Share” shall have the meanings set forth in the CCPA. 

Obligations. Except with respect to Company Account Data and Usage Data processed by the Company in accordance with Section 2(b) of this Exhibit, the Parties acknowledge and agree as follows: 

The Company shall be a Service Provider for the purposes of the CCPA (to the extent it applies) and the Company is receiving Personal Information from Customer in order to provide the Platform pursuant to the Agreement, which constitutes a Business Purpose.

Customer shall disclose Personal Information to the Company only for the limited and specified purposes described in Section 3.

The Company shall not Sell or Share Personal Information provided by Customer under the Agreement.

The Company shall not retain, use, or disclose Personal Information provided by Customer pursuant to the Agreement outside of the direct business relationship with Customer or for any purpose, including a Commercial Purpose, other than as necessary for the specific purpose of performing the Platform for Customer pursuant to the Agreement, or as otherwise set forth in the Agreement or as permitted by the CCPA.

The Company shall notify Customer if the Company makes a determination that it can no longer meet its obligations as a Service Provider under the CCPA.

The Company will not combine Personal Information received from, or on behalf of, Customer with Personal Information that it receives from, or on behalf of, another party, or that it collects from its own interaction with the Consumer.

The Company shall comply with all obligations applicable to Service Providers under the CCPA, including by providing Personal Information provided by Customer under the Agreement the level of privacy protection required by the CCPA. 

The Company will not combine Personal Information received from, or on behalf of, Customer with other Personal Information except to the extent a Service Provider is permitted to do so under the CCPA. 

Customer shall promptly notify the Company upon receipt of any consumer request made pursuant to the CCPA that requires the Company to take any action with respect to a consumer’s personal information.

Customer may, upon written notice to the Company, (1) take commercially reasonable and appropriate steps as may be necessary to ensure that the Company’s collection and use of Personal Information is consistent with requirements under the CCPA, and (2) take commercially reasonable and appropriate steps to stop and remediate any unauthorized use of Personal Information by the Company. Any measures implemented by Customer under this Subsection (j) shall be limited to Personal Information relevant to Customer.

Virginia-Specific Terms 

Obligations. Except with respect to Company Account Data and Usage Data processed by the Company in accordance with Section 2(b) of this Exhibit, the Parties acknowledge and agree as follows: 

The Company shall be a Processor for the purposes of the VCDPA (to the extent it applies).

The nature, purpose, and duration of Processing, as well as the types of Personal Data and categories of Consumers are described in Section 3.

The Company shall maintain the confidentiality of Personal Data provided by Customer under the Agreement and require that each person Processing such Personal Data be subject to a duty of confidentiality with respect to such Processing.

Upon Customer’s written request, the Company shall delete or return all Personal Data provided by Customer under the Agreement, unless retention of such Personal Data is required or authorized by law or the Exhibit and/or Agreement. If return or destruction is impracticable or prohibited by law, rule or regulation, the Company shall take measures to block such Personal Data from any further Processing (except to the extent necessary for its continued hosting or Processing required by law, rule or regulation) and shall continue to appropriately protect such Personal Data remaining in its possession, custody, or control.

Upon Customer’s written request at reasonable intervals, and subject to reasonable confidentiality controls, the Company shall either (1) make available for Customer’s review copies of certifications or reports demonstrating the Company’s compliance with prevailing data security standards applicable to the Processing of Personal Data provided by Customer under the Agreement, or (2) if the provision of reports or certifications pursuant to (1) is not reasonably sufficient under the VCDPA, the Company shall arrange for an independent third party to conduct an assessment of the Processor’s policies and technical and organizational measures using an appropriate and accepted control standard or framework and assessment procedure for such assessments. In such event, the report produced by the independent third party shall be provided to the controller upon request. Customer shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to the Company for any time expended for on-site audits.

* * * * *