Skip to main content
Back to HomepageBook a Demo

Master Subscription Agreement

Updated: Sept 30th, 2020

THIS AGREEMENT GOVERNS YOUR SUBSCRIPTION TO, AND USE OF, OUR SERVICES.

BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” OR “YOUR” SHALL REFER TO SUCH ENTITY, ITS AFFILIATES AND ALL USERS OF THE SERVICES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.

This Agreement is effective between You and Us as of the Effective Date of the respective Order Form.

TABLE OF CONTENTS

  1. Definitions
  2. Services
  3. Use and provision of the services
  4. Fees and payment
  5. Term and termination
  6. Intellectual property
  7. Privacy
  8. Confidentiality
  9. Representations and warranties
  10. Liability and indemnities
  11. General

Schedule A – Privacy Protection Addendum to the Master Subscription Agreement
Schedule B – Data Protection Addendum (Europe) to the Master Subscription Agreement

  1. DEFINITIONS
    1. “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where “control” means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity;
    2. “Agreement” means this Master Subscription Agreement;
    3. “API” means the application programming interface made available by Us to enable direct access to the Services and Your Content by third-party applications;
    4. “Applicable Law” means all applicable laws, including local, provincial, state, national and foreign laws, treaties and regulations as well as court or governmental agency orders and decisions;
    5. “Content” means all content including but not limited to photos, videos, graphics, audio files, designs, illustrations, presentations, VR and AR files, 2D & 3D files, documents, files, data, templates, logos, marks, tags, descriptions, code, software, contact information, identifiers and other such information and materials;
    6. “Data Centre” means any Microsoft data centre around the world that runs the Platform;
    7. “Fees” means, collectively, the set-up and annual fees indicated in an Order Form, as well as the Overage Fees, as applicable.
    8. “Force Majeure Event” means any event beyond a party’s control, including but not limited to, acts of God, acts of any civil or military authority, terrorism, war or other hostility, national emergencies, civil disorder, fire, flood or other catastrophe, power failures, equipment failure, industrial or labor dispute, acts of third party providers, communication outage, Internet outage, cyber attack or performance (or lack thereof) of third parties;
    9. “Mobile App” means the mobile application created by Us to enable Users to access the Services from their mobile devices;
    10. “Order Form” means a document specifying the Services that are entered into between You and Us or any Affiliates, including any addendums;
    11. “Our Content” means all Content made available by Us or Our licensors through the Services except for Your Content. For greater certainty it includes any Versions or Upgrades to the Services created, developed or acquired by Us or Our licensors;
    12. “Permitted Sublicensee” means an Affiliate or independent contractor of Yours for the period that such entity or person is, in fact, an Affiliate or independent contractor of Yours and is bound by You to terms and conditions in respect of the Services that are at least as restrictive as this Agreement;
    13. “Platform” means Microsoft’s Azure cloud platform;
    14. “Portal” means the graphical user interface created by Us to enable Users to access the Services;
    15. “Services” means the cloud-based, software-as-a-service, digital asset management service known as MediaValet, all related products and services offered by Us, and all Versions and paid Upgrades;
    16. “Upgrade” means any new feature, add-on, update of, or addition to, the Services where We generally charge a separate fee to Our customers, both new and existing, to obtain the Upgrade;
    17. “User” means a named individual who is authorized by You to use the Services and who has been supplied a User Account by You (or by Us at Your request);
    18. “User Account” means an account with credentials for accessing the Services in respect of a particular named User, such credentials include a user name, email address and password that can be deleted at any time by the User;
    19. “Your Content” means any Content created or acquired by You and then posted, uploaded, transmitted, added or otherwise made available by You using the Services;
    20. “Your Portal” means the Portal customized by Us for You to enable You to access Your Content. Your Portal may be accessed via a unique URL provided by You or one provided by Us (example: https://[Your name].mediavalet.com);
    21. “Versions” mean new releases of the Services that include fixes, patches, minor enhancements, developments, modifications, updates, additions and improvements made to the Services by Us, and for greater certainty, Versions do not include Upgrades;
    22. “We”, “Us” and “Our” means MediaValet Inc.; and
    23. “You” and “Your” means the company or other legal entity for which you are accepting this Agreement, and Affiliates of that company or entities, which have signed Order Forms.
  2. SERVICES
    1. Services. We agree to provide You with a limited, non-exclusive, non-transferable right to access and use the Services for Your business purposes pursuant to the number of Users identified on an applicable Order Form during the Term set forth in the Order Form. You Agree to only allow Users and Permitted Sublicensees to access the Services. For greater clarity, You may provide User accounts to personnel of Permitted Sublicensees to facilitate Your business, but in such instance, You will be responsible for the obligations, actions and omissions of each Permitted Sublicensee and all Users as if such obligations, actions or omissions were Yours.
    2. Versions. We may, from time to time, release new Versions of the Services without further payment by You.
    3. Upgrades. We may, from time to time, offer optional Upgrades to the Services that are not part of the currently-offered Version. Such Upgrades may be available to You, for an additional fee. At no time will Your election not to purchase an Upgrade affect the Services You’ve subscribed to under this Agreement.
    4. Usage Restrictions. You may not access the Services if You are a direct competitor, except with Our prior written consent. You shall not make the Services available to, or use the Services for the benefit of, any third party other than Users, sell, resell, license, sublicense, distribute, rent or lease the Services, or include the Services in a service bureau or outsourcing offering, use the Services to store or transmit infringing, libelous or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, use the Services to store or transmit Malicious Code, interfere with or disrupt the integrity or performance of the Services or third-party data or Content contained therein, attempt to gain unauthorized access to the Services or related systems or networks, permit any third party to access the Services or Our Content except as permitted herein, create derivative works based on the Services, copy the Services or our Content, or any part, feature, function or user interface thereof, scrape, frame or mirror any part of the Services or of our Content, other than copying or framing for Your own internal business purposes, reverse engineer the Services, or access the Services in order to build a competitive product or service, copy any features, functions or graphics of the Services or of Our Content or monitor availability, performance or functionality, or for any other benchmarking purposes.
  3. USE AND PROVISION OF THE SERVICES
    1. Our Responsibilities. During the terms of this Agreement We will use commercially reasonable efforts to make the Services available to You, through Your Portal and Our API, 24 hours a day, 7 days a week, except for planned downtime, of which We will give You reasonable notice (not less than three (3) Business Days) via email or Your Portal, and which We will schedule, to the extent practicable, during low-usage periods as determined reasonably by Us from time to time, unavailability caused by a Force Majeure Event; or unavailability caused by factors not reasonably within our control that do not constitute a Force Majeure Event (e.g. an internet outage or denial of service attack).
    2. Your Responsibilities. You will use the Services in accordance with all Applicable Laws and the privacy, intellectual property, proprietary and other rights of Us and third parties. You will safeguard the integrity of the Services at all times by using industry standard security measures. You will be responsible for the accuracy, quality, integrity and legality of Your Content.
    3. Non-Compliance. If We are informed or we have a reasonable basis to believe that Your use of the Services is not in compliance with Your responsibilities then We may immediately suspend Your, or a specific User’s, use of the Services or remove any offending items of Your Content from the Services.
    4. Users. You have the responsibility for creating and managing User Accounts for designated, named individuals only; assigning access and usage rights to Users; and ensuring User Accounts are not shared or used by unauthorized individuals. You are responsible for all use of the Services by Users.
    5. License to Host Your Content. You grant Us and Our Affiliates a worldwide, limited term license to host, copy, transmit and display Your Content as necessary for Us to provide the Services in accordance with this Agreement. Subject to the limited licenses granted herein, We acquire no right, title or interest from You under this Agreement in or to Your Content.
  4. FEES AND PAYMENT
    1. Fees. You agree to pay the setup fees and annual fees as specified in the applicable Order Form. The Fees will be invoiced upon execution of the Agreement and are non-refundable (except as otherwise set forth in this Agreement).Annual Fees for each subsequent Payment Period will be invoiced on or before the first day of each Payment Period. All fees are due and payable within thirty (30) days of invoice.You agree to pay by wire when possible, otherwise by cheque, money order, bank draft or other form of payment reasonably acceptable by Us in the currency specified in the applicable Order Form;Any overdue invoices will accrue late interest at the rate of 1.5% of the outstanding balance per month or the greatest amount allowed by Applicable Law, whichever is less.
    2. Overage Fees. Fees are based on the package of services that you have subscribed for in the applicable Order Form, which include maximums regarding amount of storage, bandwidth and number of Users. If any such maximums are exceeded during the applicable Term, We reserve the right to charge You, and You agree to pay, additional fees based on the Overage Fee schedule set out in the applicable Order Form. At any time, You may request an increase in the maximums upon which We will provide You with a quote for the additional services.
    3. Suspension of Services and Acceleration. Except for amounts subject to good faith disputes, if Your account is overdue, and we’ve provided at least ten (10) days of written notice of account delinquency, We may immediately suspend or restrict Your use of and access to the Services.
    4. Taxes. All fees are exclusive of applicable federal, provincial, state or local, value added, sales, use, excise and similar tax or duty (collectively, “Applicable Taxes”). If We are required to pay or collect any Applicable Taxes on any fees charged under this Agreement, excluding taxes levied on Our net income, then such Applicable Taxes shall be billed to and paid by You as set out herein and in the Order Form and You agree to indemnify and hold Us harmless from any liabilities arising from Your failure to pay Applicable Taxes.
  5. TERM AND TERMINATION
    1. Term. The term of this Agreement begins on the Effective Date and for the Term set out in the applicable Order Form. This Agreement will automatically renew for successive periods equal to the expiring term unless either of Us notifies the other in writing not less than thirty (30) days prior to the expiration of the current term of the intention not to renew. Either of Us may choose not to renew this Agreement without cause. In respect of any renewal term, the Fees shall be the same as that during the prior term unless We have given You written notice of a price increase at least sixty (60) days before the end of such term, in which case the price increase shall be effective upon renewal and thereafter. This notification period gives You thirty (30) days to consider and agree to the price increase or notify us of your intention not to renew.
    2. Early Termination. This Agreement may be terminated before expiration as follows:
      1. without cause, by either of Us upon mutual written agreement;
      2. with cause (“Cause”) by one party immediately upon notice to the other party if such other party has materially breached this Agreement and the terminating party has given at least thirty (30) days’ notice of such breach (such notice to specify the reasonable particulars thereof) during which notice period the other party has not remedied its breach;
      3. notwithstanding the above, We may terminate this Agreement immediately upon three (3) days prior notice if your use of the Services or of Our Content infringes Applicable Law; or
      4. the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors, where same is not being actively contested by the other party.
    3. Return of Your Content. Provided that all outstanding Fees are paid in full, We will make available to You for bulk download Your Content via FTP, in its native file formats, for a period of twenty (20) business days after effective termination or expiry of this Agreement. After such period, We shall have no obligation to maintain or provide access to Your Content and may thereafter, unless legally prohibited, delete Your Content in Our possession.
    4. Outstanding Obligations. If this Agreement is terminated for or expires for any reason:
      1. (if terminated by You for Cause) We will refund any Fees paid on a pro-rata basis in respect of any remaining term of the Agreement for which You have paid,
      2. We will render a final invoice and You will pay all outstanding Fees to Us,
      3. You will stop using the Services for any purpose,
      4. each party will return the other party’s Confidential Information in accordance with Section 8.7 of this Agreement; and
      5. all provisions of this Agreement that, by their nature, are intended to survive the purported or actual termination or expiry of this Agreement will so survive.
  6. INTELLECTUAL PROPERTY
    1. Your Content. All right, title and interest (including Intellectual Property Rights) in and to Your Content, will at all times be fully vested in You. You grant Us all rights and licenses necessary to use Your Content to carry out the functions of the Services.
    2. Ownership of our Content and Services. All proprietary and intellectual property rights in Our Content and in the Services as well as data and analytics concerning use and performance of the Services are owned by Us. Except as specificially contemplated in this Agreement, nothing shall be construed to convey, assign,transfer or grant you any proprietary or intellectual property rights in our Content or the Services to You.
  7. PRIVACY
    1. Privacy Addendum. We will process personal information that You share with Us or include in your Content, in accordance with our privacy policy, which is incorporated therein by reference, as well as with the Privacy Protection Addendum attached hereto as Schedule A.
    2. Data Protection Addendum. If We process on Your behalf personal data of individuals located in the European Union, the Data Protection Addendum (Europe) enclosed hereto as Schedule B shall apply.
  8. CONFIDENTIALITY
    1. Confidential Information. Notwithstanding anything else in this Agreement, neither of Us, without the prior written approval of the other, will disclose or use for any purpose other than performance of our individual obligations under this Agreement, any Confidential Information of the other party. For the purposes of this Agreement, Confidential Information shall be defined as documents, know-how, trade secrets, financial information, including the terms of this Agreement, and any other information which a reasonable person would understand to be of a confidential nature based on the content or circumstances of its disclosure, that may come to the other’s knowledge or possession by reason of exchange of information under this Agreement (collectively the “Confidential Information”). Neither party makes any representation or warranty as to the accuracy of the Confidential Information and such information is provided hereunder on an “as is” basis.
    2. Obligation to Protect. Each party will protect the other’s Confidential Information using the same standard of care that it would use to protect its own, similar information, but in any case no less than a reasonable standard of care. Each party may only use the other’s Confidential Information as necessary to perform its obligations under the terms of this Agreement or as may otherwise be authorized in writing by the disclosing party.
    3. Title. All right, title and interest (including all Intellectual Property Rights) in and to each party’s Confidential Information will be and remain vested in such party subject to the express licenses granted herein.
    4. Permitted Disclosures. Neither party shall disclose the Confidential Information of the other party to any employee, agent, sub-contractor or other person except where such person is bound by a confidentiality agreement containing provisions as stringent as those contained herein. Notwithstanding such disclosures, each party will be fully responsible for any breaches of confidentiality caused by such persons as if such breach were committed by such party. Either party may disclose the terms of this Agreement to its Affiliates, solicitors, auditors, insurers or accountants as required.
    5. Exceptions. Neither party will have an obligation of confidentiality under this Section 8 where such party can establish, through documentary evidence, that such information was previously known to it free of any obligation to keep it confidential, is or becomes publicly available other than by unauthorized disclosure, is legally disclosed by third parties without restrictions of confidentiality, or has been independently developed by it without reference to the other party’s Confidential Information.
    6. Governmental Disclosures. Notwithstanding anything else in this Agreement, if a party is required to disclose any Confidential Information to a government body or court of law or as otherwise required by law, it may do so provided that it gives the other party sufficient advance notice as reasonable in the circumstances subject to Applicable Law to enable the owner of such Confidential Information the opportunity to contest the disclosure or obtain a protective order and assists the owner of such Confidential Information in contesting or protecting same.
    7. Return of Information. Except as set out in Section 5.3 (which fully governs the return of Your Content), upon termination of this Agreement or upon the written instruction of the party owning Confidential Information, the other party will return or destroy the requesting party’s Confidential Information, provided that a party will be deemed to have destroyed electronic Confidential Information when it executes an application (or operating system) level, commercially reasonable, delete function.
  9. REPRESENTATIONS AND WARRANTIES
    1. NO WARRANTIES; DISCLAIMERS. THE SERVICES ARE PROVIDED ON AN “AS-IS” AND “AS-AVAILABLE” BASIS. WE DO NOT REPRESENT OR WARRANT THAT THE SERVICES WILL RUN ERROR FREE OR UNINTERRUPTED. WE EXPRESSLY DISCLAIM, ALL CONDITIONS, WARRANTIES AND REPRESENTATIONS, EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED CONDITIONS, WARRANTIES OR REPRESENTATIONS IN RESPECT OF QUALITY, CONDUCT, PERFORMANCE, RELIABILITY, AVAILABILITY, TITLE, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, WHETHER ARISING BY USAGE OF TRADE, BY COURSE OF DEALING, BY COURSE OF PERFORMANCE, AT LAW, IN EQUITY, BY STATUTE OR OTHERWISE HOWSOEVER, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. FURTHER, YOU ACKNOWLEDGES AND AGREE THAT, YOU CONTROL USER ACCOUNTS AND YOUR CONTENT PLACED ON THE SERVICES, AND AS SUCH WE SHALL HAVE NO RESPONSIBILITY FOR ANY ACCESS OR USE OF YOUR CONTENT BY USERS.
  10. LIABILITY AND INDEMNITIES
    1. Indemnification by Us. We will indemnify and hold You and Your Affiliates, and Your respective officers, employees and agents (collectively, “Customer Indemnified Persons”) harmless from and against any and all liabilities, actions, proceedings, claims, demands, losses, damages and costs, including reasonable legal costs and expenses (collectively, “Claims”), brought or made against, or incurred by, Customer Indemnified Persons, or any one of them, arising out of a claim by a third party that the Services or Our Content infringes the Intellectual Property Rights of a third party. Notwithstanding the foregoing, We will not be required to defend or indemnify any of Customer Indemnified Persons under this Section if, and to the extent that, the Claim was caused by Customer Indemnified Persons’ combination of the Services with software, services or products not supplied by Us, any breach by Customer Indemnified Persons of any provision of this Agreement, any failure by Customer Indemnified Persons to use a non-infringing version of the Service offered by Us hereunder, or Customer Indemnified Persons’ gross negligence or willful misconduct.
    2. Indemnification by You. You will indemnify and hold Us and Our Affiliates, and Our respective officers, employees and agents (collectively, “MediaValet Indemnified Persons”) harmless, from and against any and all Claims brought or made against, or incurred by, MediaValet Indemnified Persons, or any one of them, arising out of a claim by a third party (including Users) that Your Content infringes the Intellectual Property or Privacy Rights of a third party or otherwise breaches any Applicable Law. Notwithstanding the foregoing, You will not be required to defend or indemnify any MediaValet Indemnified Persons under this Section if, and to the extent that, the Claim was caused by any breach by MediaValet Indemnified Persons of any provision of this Agreement, any failure by MediaValet Indemnified Persons to use a non-infringing version of the Your Content provided by You hereunder; or MediaValet Indemnified Persons’ gross negligence or willful misconduct.
    3. Additional Infringement Obligations. If a party who is providing an indemnity hereunder (an “Indemnifying Party”) receives any knowledge of any Claim for which indemnity is available hereunder, or any circumstances in which a Claim in respect of such provision is threatened or reasonably anticipated, it will, as soon as reasonably practicable:
      1. procure, at its expense, the right for the other party whether that may be Customer Indemnified Persons or Mediavalet Indemnified Persons (the “Indemnified Party”) to use the Services, Our Content or Your Content or any part thereof , as the case may be (the “Infringing Items”); or
      2. replace, at its expense, the Infringing Items with material of at least comparable functionality that does not breach this Agreement; or
      3. if the removal of the Infringing Item would not be a breach of this Agreement, remove such Infringing Item; or
      4. if the Claim is indemnifiable by Us under this Section and after diligent, good faith and commercially reasonable efforts, We have not been able to perform any of the above, terminate this Agreement and refund to You a pro rata portion of the fees paid by You for any outstanding portion of the term.
    4. Conduct of Indemnities. Each party acknowledges that the Indemnifying Party will be given complete authority for the defense or settlement of Claims indemnified hereunder, on the understanding that, in all events, the Indemnified Party will have the right (at its own expense) to participate in such defense or compromise through counsel of its choosing.
    5. Conditions of Indemnification. An Indemnifying Party’s obligations to provide an indemnity hereunder will be conditional upon the Indemnified Party notifying the Indemnifying Party as soon as reasonably practicable after receiving notice of a Claim, the Indemnified Party providing such information and assistance as reasonably requested by the Indemnifying Party, and the Indemnified Party not compromising or settling the Claim without the Indemnifying Party’s prior written consent, such consent not to be unreasonably withheld, conditioned or delayed.
    6. EXCLUSION AND LIMIT OF LIABILITY. OTHER THAN FOR INDEMNIFICATION OBLIGATIONS OR FOR BREACH OF CONFIDENTIALITY OBLIGATIONS, NEITHER PARTY WILL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL CLAIMS OF ANY KIND WHATSOEVER AND HOWEVER CAUSED, WHETHER ARISING UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE. TO THE EXTENT ALLOWED UNDER APPPLICABLE LAW AND EVEN IF THE PARTY HAS BEEN NOTIFIED OF THE POSSIBILITY THEREOF OR COULD HAVE FORESEEN SUCH CLAIMS, AND EACH PARTY’S AGGREGATE LIABILITY FOR DIRECT DAMAGES IN RESPECT OF THIS AGREEMENT WILL BE LIMITED TO THE FEES PAID OR PAYABLE TO US BY YOU DURING THE SIX-MONTH PERIOD PRECEDING THE CIRCUMSTANCES IN WHICH SUCH LIABILITY ARISES.
  11. GENERAL
    1. Force Majeure. Neither party will be liable for any delay or failure to perform its obligations pursuant to this Agreement if such delay is due to a Force Majeure Event, provided that the affected party will notify the other party as soon as practicable in the circumstances and resumes performance of its obligations upon the abatement or ceasing of the Force Majeure Event. Without restricting the generality of the foregoing, We will utilize industry-standard technologies and practices to promote and enhance the availability of the Services during Force Majeure Events.
    2. Use of Name. Neither party nor its Affiliates, shall have permission to use the other party’s or its Affiliate’s names and/or logos without prior written consent from the other party.
    3. Applicable Law and Jurisdiction. This Agreement will be governed by and construed in accordance with the laws of the Province of British Columbia and the laws of Canada applicable therein, without reference to conflict of laws principles. Each party hereby irrevocably attorns to the exclusive jurisdiction of the courts in the City of Vancouver, British Columbia, Canada with respect to the resolution of any disputes hereunder.
    4. Waivers. No right under this Agreement will be deemed to be waived except by notice in writing signed by each party, which waiver will not prejudice its rights in respect of any subsequent breach of this Agreement by the other party. Any failure by a party to enforce any clause of this Agreement or right contained in it, or any forbearance, delay or indulgence granted by a party to the other party, will not be construed as a waiver of the first-mentioned party’s rights under this Agreement.
    5. Assignment. This Agreement may not be assigned by either party without the prior written approval of the other party, but may be assigned without a party’s consent by a party to an Affiliate of such party, an acquirer of all or substantially all of such party’s assets, or such party’s successor by merger, amalgamation, wind-up or other similar corporate reorganization, in each case of (i), (ii) or (iii) that does not result in a direct competitor of the other party’s business being the proposed assignee, transfer or recipient of this Agreement. Any purported assignment in violation of this provision will be void.
    6. Injunctive Relief. Each party acknowledges and agrees that a breach by it of the provisions of this Agreement relating to Intellectual Property Rights or Confidential Information may result in immediate and irreparable harm to the other party for which compensation would be an inadequate remedy. Accordingly, each party acknowledges and agrees that the other party may seek, as a matter of right and without the necessity of establishing the inadequacy of monetary damages, injunctive or other equitable relief to prevent or remedy such conduct from any court of appropriate jurisdiction.
    7. Entire Agreement. This Agreement constitutes the entire Agreement, including its Order Forms, Schedules and Addendums between the parties and supersedes all prior representations, agreements, statements and understandings, whether verbal or in writing. In connection therewith, neither party has relied upon any representations or warranties that are not made in this Agreement, and to the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any Schedule hereto or the Order Form, the terms of the applicable Schedule or the Order Form will prevail (provided that the Order Form will not include the terms and conditions of any purchase order to which the Order Form is attached). This Agreement may not be amended except by written instrument signed by both parties.
  12. SCHEDULE APRIVACY protection addendumTO THE MASTER SUBSCRIPTION agreementThis Privacy Protection Addendum (the “Addendum”) applies to the processing of Personal Information by MediaValet pursuant to the Master Subscription Agreement (the “Agreement”) entered into between MediaValet and the Customer for the provision of the Services.
    1. Definitions.For the purposes of this Addendum unless the context dictates otherwise, all terms which are not defined in this Addendum shall have the meaning ascribed to them in the Agreement.
      1. “Agreed Purposes” means the provision of the Services under the Agreement.
      2. “Data Incident” means any unauthorised access to, use, loss or disclosure of Personal Information.
      3. “Privacy Laws” applicable laws governing the collection, use, disclosure and security of personal information, as same may be amended, supplemented and interpreted by regulatory authorities and courts from time to time, including the Personal Information Protection and Electronic Documents Act (Canada), and the Protection of Personal Information Act (British Columbia).
      4. “Personal Information” means any information about an identifiable individual, uploaded by Customer to the Services pursuant to the Agreement.
    2. Compliance with Privacy Laws.
      1. Each of Customer and MediaValet shall comply with Privacy Laws’ requirements currently in effect and as they become effective, and any other applicable law now in force or that may in the future come into force governing the collection, use, disclosure and protection of Personal Information applicable to it.
      2. Customer warrants that it has all necessary rights to provide the Personal Information to MediaValet for the processing to be performed in relation to the Services; and the processing of any Personal Information included in Customer Content by MediaValet in accordance with this Addendum is based on lawful grounds pursuant to Privacy Laws. To the extent required by Privacy Laws, Customer is responsible for ensuring that individuals consent to the processing of their personal information by MediaValet, and for ensuring that a record of such consents is maintained. Should such consent be revoked by the Individual, Customer is responsible for communicating such revocation to MediaValet, and MediaValet shall implement Customer’s instructions with respect to the further processing of such Personal Information.
      3. Without prejudice to any existing contractual arrangements between the Parties, MediaValet shall treat all Personal Information as confidential and shall inform all of its employees, agents and approved sub-processors engaged in the Processing of Personal Information the confidential nature of the same. MediaValet shall ensure that all such persons have signed an appropriate confidentiality agreement, are otherwise bound to a duty of confidentiality, or are under an appropriate statutory obligation of confidentiality.
    3. Purpose limitation; ownership.
      MediaValet shall only use the Personal Information in accordance with the Agreed Purposes or such other purposes expressly authorized by the Agreement. Personal Information shall at all times be and remain the sole property of Customer, unless agreed otherwise in the Agreement.
    4. Transfers to third parties.
      MediaValet may only share, transfer, disclose or otherwise provide access (“Transfer”) to Personal Information to third parties to the extent authorized by Customer in the Agreement, except as required to comply with a legal obligation to which MediaValet is subject. MediaValet must flow down the requirements of this Addendum to any third party to whom it may be Transferring Personal Information in a written agreement binding upon each such third party and MediaValet. MediaValet shall be responsible for compliance of the requirements set forth therein by those third parties.
    5. Cross-border Transfers.
      Customer shall be solely responsible for ensuring that Personal Information relating to residents of Canada can be lawfully Transferred by MediaValet to its service providers in accordance with its Privacy Policy, including by providing adequate notice of such transfers and obtaining individuals’ meaningful consent, as applicable.
    6. Data Subjects’ Requests under Privacy Laws.
      If MediaValet receives an individual’s request regarding his/her Personal Information under Privacy Laws, it shall promptly inform Customer and provide all relevant information to Customer. MediaValet shall not respond to an individual’s request regarding the Personal Information under Privacy Laws unless instructed to do so in writing by Customer.
    7. Notice of Process.
      In the event MediaValet receives a governmental or other regulatory request for any Personal Information, it shall promptly notify Customer to allow Customer to have the option to defend such action. MediaValet shall reasonably cooperate with Customer in such defense, at Customer’s expense.
    8. Data Security Program.
      MediaValet shall maintain a comprehensive, written information security program that contains administrative, technical, and physical safeguards that are appropriate to the size, scope and type of MediaValet’s business; the type and sensitivity level of Personal Information; and the need for security and confidentiality of such information (“Security Program”). The Customer hereby acknowledges that MediaValet is sub-processing cloud hosting services to Microsoft Corporation which adheres to ISO/IEC 27018 (Cloud privacy) and has implemented appropriate administrative, technical, and physical safeguards. Customer shall at all times maintain appropriate administrative, technical, and physical safeguards to protect the Personal Information.
    9. Data Incidents
      1. Informing Customer of Data Incident. When MediaValet becomes aware of a Data Incident that impacts Personal Information, it shall, to the extent allowed under applicable law, promptly notify the Customer about the Data Incident, take reasonable measure to mitigate risks created by such incident and cooperate with the Customer.
      2. Notice of Data Incident. The parties will collaborate on whether any notice of the Data Incident is required to be given to any person, and if so, the content of that notice.
    10. Liability and Indemnity
      1. To the extent permitted by applicable law, each party’s total liability for all claims relating to the Services will be limited in accordance with the Agreement.
      2. The Customer shall indemnify MediaValet and hold MediaValet harmless against all claims, actions, third party claims, losses, damages and expenses (“Claims”) incurred by MediaValet and arising directly or indirectly out of or in connection with a violation of Privacy Laws by the Customer, including but not limited to Claims arising out of the Transfer of Personal Information to third parties by Users using the Services.
    11. DurationThis Addendum shall come into effect upon its signature by both parties and shall expire or terminate concurrently with the expiration or termination of the Agreement. Termination or expiration of this Addendum shall not discharge MediaValet from its confidentiality obligations pursuant to the Agreement until Personal Information is returned or destroyed in accordance with the Agreement.

SCHEDULE A

DATA PROTECTION ADDENDUM (EUROPE)

TO THE MASTER SUBSCRIPTION AGREEMENT

This Data Protection Addendum (the “Addendum”) applies exclusively to the processing of Personal Data that is subject to EU Data Protection Law (as this term is defined hereafter) by MediaValet pursuant to the Agreement entered into between MediaValet and the Customer for the provision of the Services.

  1. DefinitionsUnless the context dictates otherwise, all terms which are not defined in this Addendum shall have the meaning ascribed to them in the Agreement.
    1. “Applicable Data Protection Law” means EU Data Protection Law and the Personal Information Protection and Electronic Documents Act (Canada) as amended, replaced or superseded from time to time.
    2. “EU Data Protection Law” shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as same may be amended, supplemented and interpreted by the European Data Protection Board from time to time.
    3. “Controller”, “Data Breach”, “Data Subjects”, “Data Protection Authority”, “Processing”, “Personal Data”, and “Processor” shall have the meaning ascribed to them pursuant to EU Data Protection Law.
  2. ScopeInsofar as MediaValet will be Processing Personal Data subject to EU Data Protection Law on behalf of the Customer in the course of the performance of the Services, the terms of this Addendum shall apply. An overview of the categories of Personal Data, the types of Data Subjects, and purposes for which the Personal Data is being Processed is provided in Annex 1.
  3. Roles of the Parties
    1. The Customer, as Controller, will determine the scope, purposes, and manner by which the Personal Data may be accessed or Processed by MediaValet.
    2. MediaValet, as Processor, will Process the Personal Data only as set forth in Customer’s written instructions communicated to MediaValet through the Customer Portal, API, MediaValet mobile application, or other such interface, product or service offered by MediaValet in such manner as – and to the extent that – this is appropriate for the provision of the Services, except as required to comply with a legal obligation to which MediaValet is subject. In such a case, MediaValet shall inform the Customer of that legal obligation, unless applicable law prohibits the furnishing of such information to the Customer. MediaValet shall not process the Personal Data in a manner inconsistent with the Customer’s documented instructions.
    3. MediaValet shall be allowed to exercise its own discretion in the selection and use of the means it considers necessary to pursue the purpose of the Agreement, subject to the requirements of this Addendum.
    4. Customer warrants that it has all necessary rights to provide the Personal Data to MediaValet for the Processing to be performed in relation to the Services; and the Processing of any Personal Data included in Customer Content by MediaValet in accordance with this Addendum is based on lawful grounds pursuant to Applicable Data Protection Law. To the extent required by Applicable Data Protection Law, Customer is responsible for ensuring that Data Subjects consent to this Processing, and for ensuring that a record of the lawful basis for the Processing (including consent, as applicable) is maintained. Should consent be revoked by a Data Subject or should the the legal basis upon which the Processing is based be invalidated, Customer is responsible for communicating such revocation or invalidation to MediaValet, and MediaValet shall implement Customer’s instructions with respect to the further Processing of such Personal Data.
    5. In the event that MediaValet is controlled by a Data Protection Authority in relation to all or part of the Processing it carries out on behalf of Customer, Customer shall actively cooperate with MediaValet and, if necessary, with the Data Protection Authority.
  4. Confidentiality
    1. Without prejudice to any existing contractual arrangements between the Parties, MediaValet shall treat all Personal Data as confidential and shall inform all of its employees, agents and approved sub-processors engaged in the Processing of Personal Data the confidential nature of the same. MediaValet shall ensure that all such persons have signed an appropriate confidentiality agreement, are otherwise bound to a duty of confidentiality, or are under an appropriate statutory obligation of confidentiality.
  5. Security
    1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, without prejudice to any other security standards agreed upon by the Parties, the Customer and MediaValet shall implement appropriate technical and organisational measures to ensure a level of security of the Processing of Personal Data appropriate to the risk. The Customer hereby acknowledges that MediaValet is sub-processing cloud hosting services to Microsoft Corporation which adheres to ISO/IEC 27018 (Cloud privacy) and has implemented the appropriate technical and organisational security measures required under Article 32(3) of the GDPR.
    2. Customer shall have the right, during the term of the Agreement, to perform audits of MediaValet’s processing of the Personal Data (including such processing as may be carried out by the MediaValet’s Sub-processors, but excluding Microsoft Azure’s Data Centres) in order to verify MediaValet’s, and any Sub-processor’s, compliance with section 1.1
    3. MediaValet will address a Customer’s request for audit as follows:
      1. MediaValet will answer questions asked by the Customer;
      2. In the event Customer reasonably considers that the answer provided by MediaValet justifies further analysis, MediaValet shall, in agreement with the Customer, either:
        1. Provide a statement to the Customer issued by a qualified independent third party auditor certifying that MediaValet’s processes and procedures that involve the processing of Personal Data complies with this Addendum; or,
        2. Upon prior reasonable notice, make the facilities it uses for the processing of Personal Information available for an audit by the Customer or by a third party independent auditor engaged by the Customer reasonably accepted by MediaValet, bound by confidentiality obligations satisfactory to MediaValet. The audit notice request must include a detailed written audit plan reviewed and approved by MediaValet’s Chief Information Security Officer and must provide for compliance with MediaValet’s on-site security policies and procedures. Such audits must take place only in the presence of a representative of MediaValet’s Chief Information Security Officer or such other person designated by the appropriate representative. The audits shall not be permitted to disrupt MediaValet’s processing activities, cause damages to MediaValet’s premises, equipment, personnel and business or compromise the security or confidentiality of personal data pertaining to other MediaValet’s other customers.
  6. Data Transfers
    1. Should MediaValet modify permanently or temporarily the location where the Personal Data is Processed, it shall notify the Customer of such modification if it results in a transfer of Personal Data to a country located outside of the European Economic Area without an adequate level of protection. MediaValet shall only perform such a transfer after obtaining authorisation from the Customer. Annex 2 provides a list of Sub-processors for which the Customer grants its consent upon the conclusion of this Addendum.
    2. To the extent that the Customer or MediaValet are relying on a specific statutory mechanism to normalize international data transfers that is subsequently modified, revoked, or held by a court of competent jurisdiction to be invalid, the Customer and MediaValet agree to cooperate in good faith to promptly terminate the transfer or to pursue a suitable alternate mechanism that can lawfully support the transfer.
    3. The Customer shall be solely responsible for any transfer of Customer Data or Personal Data to third party recipients using the Services. Without limiting the generality of the foregoing, Customer must ensure that any transfer of Customer Content or Personal Data to third parties complies with Applicable Data Protection Law.
  7. Data Breaches
    1. When MediaValet becomes aware of a Data Breach, it shall, to the extent allowed under applicable law, promptly notify Customer, providing Customer with available information that allows Customer to meet its obligations to report a Data Breach in accordance with EU Data Protection Law. Any notifications made to the Customer pursuant to this section shall be addressed to the employee of the Customer whose contact details are provided in Annex 3 of this Addendum, and shall contain:
      1. a description of the nature of the Data Breach, including where possible the categories and approximate number of Data Subjects concerned and the categories and approximate number of Personal Data records concerned;
      2. the name and contact details of MediaValet’s Privacy Officer;
      3. a description of the likely consequences of the Data Breach; and
      4. a description of the measures taken or proposed to be taken by MediaValet to address Data Breach including, where appropriate, measures to mitigate its possible adverse effects.
  8. Governmental requestsMediaValet shall promptly notify Customer about any legally binding request for disclosure of Personal Data by a law enforcement authority and shall refrain from disclosing same until instructed to do so by the Customer, unless otherwise prohibited from doing so.
  9. Contracting with Sub-Processors
    1. The Customer authorises MediaValet to engage Sub-processors for the Service-related activities specified in Annex 1. MediaValet shall inform the Customer of any addition or replacement of such Sub-processors giving the Customer an opportunity to object to such changes.
    2. Notwithstanding Section 9.1, authorization of the Customer is required under 6.1 prior to the sub-processing for the engagement of Sub-processors in a country outside the European Economic Area without an adequate level of protection.
    3. MediaValet shall ensure that its Sub-processors implement appropriate technical and organizational measures in such a manner that the Processing will meet the requirements of EU Data Protection Law. Notwithstanding the foregoing, the Customer acknowledges and agrees that Sub-processors identified in Annex 2 meet the requirements set forth in this Section 9.3
  10. Assistance to Customer
    1. MediaValet shall assist the Customer by appropriate technical and organisational measures, to the extent commercially reasonable, for the fulfilment of the Customer’s obligation to respond to requests to exercise Data Subjects’ rights under EU Data Protection Law. MediaValet shall not respond to an individual’s request regarding the Personal Information under Data Protection Laws unless instructed to do so in writing by Customer.
    2. MediaValet shall assist the Customer in ensuring compliance with the obligations pertaining to prior consultations with Data Protection Authorities required under Article 36 of the GDPR, taking into account the nature of processing and the information available to MediaValet.
  11. Liability and Indemnity
    1. To the extent permitted by applicable law, each party’s total liability for all claims relating to the Services will be limited in accordance with the Agreement.
    2. The Customer shall indemnify MediaValet and hold MediaValet harmless against all claims, actions, third party claims, losses, damages and expenses (“Claims”) incurred by MediaValet and arising directly or indirectly out of or in connection with a violation of Applicable Data Protection Law by the Customer, including but not limited to Claims arising out of the transfer of Personal Data to third parties by Users using the Services.
  12. DurationThis Addendum shall come into effect upon its signature by both parties and shall expire or terminate concurrently with the expiration or termination of the Agreement. Termination or expiration of this Addendum shall not discharge MediaValet from its confidentiality obligations until Personal Data is returned or destroyed in accordance the Agreement.

ANNEX 1

Categories of Personal Data:

  • First name, last name, business email address, business phone number, IP address, items consulted on the MediaValet website.

Types of Data Subjects:

  • Users.

Purposes for which the Personal Data is being processed:

  • To create and maintain credentials for Users of the Customer Portal and to control access to, and use of, Customer Content;
  • To track access and use of Customer Content by Users;
  • To make available Customer Content to Users and to third-party recipients designated by Users.

ANNEX 2

Transfers to sub-processors located in countries outside the European Economic Area without an adequate level of protection for which the Customer has granted its authorisation:

Name of sub-processor: Microsoft Corporation

Name of service provided: Azure

Country of sub-processor’s head office: USA

Region or Country where sub-processor processes the Personal Data: European Union

Services: Cloud services