Contracts
- Acceptable Use Policy
- Highly Sensitive Information NDA
- WebOps Services Agreement
- Software Evaluation Agreement
- Terms of Service
- Reseller Terms of Service
- Privacy Policy
- Non-Disclosure Agreement
- Change Order to Vendor Master Services Agreement
- Non-Disclosure Agreement (US)
- Vendor Agreements Guidelines
- Customer Data Processing Agreement
- Statement of Work - Site Migration
- Statement of Work - Managed Updates
- Statement of Work - Advanced Global CDN
- Pantheon SOC 2 Type 2 Report Final
- Vendor Data Processing Agreement
- Vendor Data Processing Agreement
- Vendor Requirement Form US
- Supplier Code of Conduct
- Vendor Work Order Pantheon US
- Statement of Work Request
- Global Services Agreement
- Vendor Work Order Pantheon PH
- Vendor Requirement Form PH
- Supplemental Agreement for Contractors under Vendor
- Supplemental Agreement for Independent Contractors
- Contractor Agreements Guidelines
- Contractor Data Processing Agreement
- Non-Disclosure Agreement (PH)
Acceptable Use Policy
Version 15.0
Effective April 8, 2020
DownloadTable of Contents
Acceptable Use Policy
This Acceptable Use Policy (“AUP”) applies to any use of the services provided by Pantheon Systems, Inc. (“Pantheon,” “we,” “us,” or “our”) to you the user (“Subscriber” or “you”). Subscriber has separately entered a services agreement (“Agreement”) with Pantheon and this AUP are deemed “Supplemental Terms” within the meaning of the Agreement . These Supplemental Terms take effect on the earlier of: the last date a party signs, when you click an “Accept” button or by your use of any of the Services (the “Effective Date”). All capitalized terms are as defined in the Agreement except as set out herein.
Highly Sensitive Information NDA
Version 3.3
Effective July 7, 2020
DownloadTable of Contents
Highly Sensitive Information Non-Disclosure Agreement
- 	
- “Protected Information” means the information contained in this document. You will not disclose any Protected Information under any circumstances whether or not such information can be established as publicly known, disclosed or known by you prior to this Agreement, or otherwise generally available through no action or inaction on your part. 	
- Non-use and Non-disclosure. You will not use the Protected Information for any reason except the Purpose. You will not disclose any Protected Information to third parties or to your employees, except to those employees who are required to have the Protected Information in connection with the Purpose and under protective standards no less stringent than this Agreement. If any disclosure to a third party is required, you will direct them to Pantheon for authorized access. 	
- Maintenance of Confidentiality. You will protect the secrecy of and avoid disclosure and unauthorized use of the Protected Information. Without limiting the foregoing, you will take at least those measures that you take to protect your own most highly Protected Information. You will not make any copies of Protected Information unless we approve in writing by the legal department of Pantheon. You will immediately notify us if there is any unauthorized use or disclosure of the Protected Information. 	
- Compelled Disclosure. If you become legally compelled to disclose any Protected Information, you will provide us with prompt written notice and will assist us in seeking a protective order or another appropriate remedy. In all cases, you will only furnish Protected Information that is legally required to be disclosed and additionally seek a protective order at Pantheon’s reasonable expense. 	
- No Obligation. Nothing in this Agreement obligates you or us to proceed with any transaction, and each party reserves the right, in its sole discretion, to terminate the discussions that the Purpose contemplates. 	
- No Warranty. ALL PROTECTED INFORMATION IS PROVIDED “AS IS.” YOUR ACCESS AND USE OF THE PROTECTED INFORMATION IS AT YOUR OWN RISK. 	
- Return of Materials. Upon our request, you will (a) promptly deliver to us all Protected Information, without retaining any copies, and (b) promptly destroy analyses, studies, and other documents prepared based on the Protected Information, without retaining copies. 	
- No License. Nothing in this Agreement is intended to grant any rights to you under any patent, copyright, or other intellectual property right of ours, nor does this Agreement grant you any rights in or to the Protected Information, except as expressly set forth in this Agreement. 	
- Term. This Agreement will survive until all Protected Information is no longer trade secret and becomes publicly known and made generally available by Pantheon through no action or inaction of you. 	
- Remedies. You acknowledge that any breach or threatened breach of this Agreement would cause irreparable harm to us, and in addition to any other remedies at law or in equity that we may have, we are entitled, without the requirement of posting a bond or other security, to equitable relief, including injunctive relief and specific performance. 	
- Miscellaneous. This Agreement will bind and inure to the benefit of the parties and their successors and assigns; except that you may not assign or otherwise transfer this Agreement, by operation of law or otherwise, (including by merger, reorganization, consolidation, change of control, or sale of all or substantially all of your assets to which this Agreement pertains), without our prior written consent. This Agreement will be governed by the laws of the state of California, without reference to conflict of laws principles. This Agreement contains the entire agreement between the parties with respect to the subject matter of this Agreement, except that if there is any other nondisclosure agreement between the parties and if any of the provisions set forth in this Agreement conflict with any provisions in such agreement, then the provisions that are more protective of our Protected Information will prevail and any information disclosed under this Agreement will be considered our Protected Information under such agreement. If a court or other body of competent jurisdiction finds any provision of this Agreement, or portion thereof, to be invalid or unenforceable, such provision will be enforced to the maximum extent permissible so as to effect the intent of the parties, and the remainder of this Agreement will continue in full force and effect. Any failure to enforce any provision of this Agreement will not constitute a waiver of that provision or of any other provision. This Agreement may not be amended, nor any obligation waived, except by a writing signed by both parties.
WebOps Services Agreement
Version 26.0
Effective July 23, 2021
DownloadTable of Contents
WebOps Services Agreement
Subscriber hereby represents that it has read, understood, and agrees to be bound to this Agreement, that you are lawfully able to enter into contracts (e.g., you have adequate legal capacity and authorization), and agree to conduct electronic business transactions with digital acceptance processes and electronic signatures.
Pantheon may modify this Agreement with written notice to Subscriber at the e-mail address Subscriber maintains with Pantheon. Changes to this Agreement shall be effective immediately and any material changes shall be effective the earlier of thirty (30) days after such notice or the minimum notice period required under applicable law with respect to those material changes requiring additional notice. If you do not agree to any change(s) to this Agreement, you may not access or use the Services and must contact Pantheon directly at [email protected].
1. USE OF THE SERVICES
1.1 Services. Pantheon provides a centralized website operations platform designed to increase productivity across collaborative teams building and supporting a website or a portfolio of websites (“WebOps”). Any Services Pantheon performs for Subscriber are subject to the terms and conditions of this Agreement. Pantheon shall provide the Services that you select in the Order Form, solely for your own use, and not for the use or benefit of any third party except under Supplemental Terms (defined below) to this Agreement. Any authorized resale of the Services are subject to the Reseller Terms of Service set out at https://legal.pantheon.io.
1.2 Access to Services. Subject to this Agreement, Pantheon shall make the Software Tools available twenty-four hours a day, seven days a week, provided that Pantheon shall not be responsible for any failure in the Software Tools caused by (a) your systems, configuration, third party products or services procured by you and any unauthorized access thereof (b) network, telecommunications or other service or equipment, (c) your gross negligence or willful misconduct or the gross negligence or willful misconduct of third parties engaged by you, (d) any Force Majeure Event, and (e) measures necessary to provide Subscriber with a high performing WebOps platform to meet our obligations under this Agreement, and provide upgrades to our subscribers for the Software Tools and Services. Pantheon shall minimize such disruption where it is within Pantheon’s reasonable control but may otherwise modify or suspend the Services at any time. Updates to the Services shall be as set out in the Documentation and corresponding release notes. Certain Pantheon features or Services may be deprecated or limited for access or use in subsequent releases. Pantheon retains the right to limit use and storage in its sole discretion at any time with or without notice. Subscriber shall develop, operate, configure and maintain their Subscriber Content and shall ensure that any service calls are compatible with the then-current APIs for the applicable Services.
1.3 Subscribers Registration. Subscriber shall maintain accurate, complete, and updated registration information with Pantheon, including Subscriber’s email address as a material condition of this Agreement. Subscriber may not use the Services with a URL name that is subject to any Pantheon or third-party right without appropriate authorization. Pantheon reserves the right to refuse registration of, or cancel, a Pantheon URL in its discretion. Subscriber shall maintain adequate controls to secure access credentials to the Services and shall notify Pantheon immediately of any actual or suspected loss, theft, or unauthorized use of Subscriber’s account or password.
1.4 Restrictions. Except as expressly authorized under this Agreement, neither you or any End User may, or permit any other to: (a) sell, rent, lease, license, sublicense, or assign the Services, or any part thereof to others without express permission under a separate signed written agreement; (b) access or use the Services in a manner intended to avoid incurring fees or exceeding usage limits or quotas; (c) transfer the Services or Documentation, in whole or in part, or any copy thereof to any third party; (d) reverse engineer, modify, decompile, disassemble, or otherwise access source code from the Software Tools or Services, or any part thereof; (e) copy, modify or prepare derivative works of the Services, or any part thereof; (f) violate any aspect of Pantheon’s AUP; or (g) use the Services to process or store any Restricted Data.
1.5 Subscriber’s Content. Subscriber shall be responsible for the accuracy, integrity, content and compliance, including appropriate legal rights to use all Subscriber Content. Subscriber shall configure the Services to meet Subscriber’s requirements for archiving, storage, backup, and other configuration of such Subscriber Content used with the Services (including the UI). Pantheon shall provide Subscriber any configuration options for scheduling server backups, restoring data, access to log files or other application and server options available to Pantheon related to Subscriber’s use of Services. Pantheon shall not retain any Subscriber Confidential Information following termination of Services except as may be required under applicable law.
2. SUPPORT AND SERVICES
2.1 Support Services. Pantheon may provide certain support services to you as described in the Documentation and the Order Form (“Support”). Pantheon may change the description and features of such Support programs at any time with notice to you as set out above. Support shall be delivered by Pantheon in accordance with the target response times in the Documentation, which are not binding on Pantheon.
2.2 Professional Services. Pantheon shall provide professional services as specified in the Order Form and in accordance with the timeline, requirements and inclusive of any deliverables (“Professional Services”). The Parties may change items set out in the Order Form only as agreed upon in writing under a subsequent Order Form entered between the Parties. Subscriber shall provide reasonable and timely assistance to Pantheon for Professional Services.
3. CONFIDENTIALITY
3.1 Obligations of the Parties. For purposes of any Confidential Information shared by Disclosing Party, Receiving Party shall not disclose Confidential Information to any third party; provided that it may, however, disclose Confidential Information to its employees, contractors, advisors and agents solely for purposes of meeting Receiving Party’s obligations under this Agreement under similarly restrictive terms as set forth herein. If the Receiving Party is required to disclose Confidential Information pursuant to any applicable statute, regulation or order of a court of competent jurisdiction, Receiving Party shall reasonably notify Disclosing Party. Each Party shall maintain physical, technical and organizational safeguards designed to protect the confidentiality and integrity of, and to prevent unauthorized access to or use of, Confidential Information provided by the other Party.
3.2 Exclusions to Confidentiality. Notwithstanding the foregoing, Confidential Information does not include any information that: (i) is or becomes publicly available without breach of this Agreement; (ii) can be shown by documentation to have been lawfully known to the Receiving Party when provided by Disclosing Party; (iii) is lawfully received from a third party; or (iv) can be shown by documentation to have been independently developed by the Receiving Party without reference to the Confidential Information. Confidential Information excludes PI, which requires unique protection and is more specifically addressed in Section 4 below.
4. DATA PROCESSING STANDARDS OF ANY PI
4.1 Nature of Data Processing Activity. Pantheon hosts Subscriber Content as part of the Services. If Subscriber Content includes any PI shared with Pantheon, the Parties each agree to comply with all applicable federal, state and international laws, rules, regulations, and directives regarding the collection, use, disclosure, and/or processing of personal information pursuant to the Agreement, including but not limited to Regulation EU 2016/679 or “GDPR” and the California Consumer Privacy Act (CCPA) (collectively, “Data Protection Laws”). To the extent applicable, each Party understands and shall comply with their respective obligations thereunder to protect any PI in accordance with such Data Protection Laws in accordance with this Section 4. Pantheon shall not retain, use or disclose any PI for purposes other than the Services and under no circumstance shall sell such information to a third party within the meaning of CCPA.
4.2 Obligations of the Parties. Both Parties, where Subscriber shall be the data controller and where Pantheon shall be data processor (GDPR) or service provider (CCPA), as those terms are defined under Data Protection Laws, shall ensure they each have in place appropriate technical and organizational security measures to protect any PI disclosed under this Agreement. Pantheon shall maintain data processing standards in accordance with Pantheon’s privacy policy accessible at https://www.pantheon.io/privacy and as maintained and updated by Pantheon periodically in accordance with Pantheon’s compliance program and all applicable data protection laws (“Privacy Policy”). Pantheon shall adhere to such Privacy Policy and process any PI received hereunder solely to perform the Services and for no other purpose.
4.3. Consents and End User Requests. Subscriber shall maintain adequate legal consent(s) for any PI used by Subscriber with the Services under this Agreement. Subscriber shall promptly notify Pantheon, and Pantheon shall promptly respond to Subscriber regarding, any data access, transfer, deletion or other similar requests under Data Protection Laws.
4.4 International Transfers. For the transfer of Personal Data from the EEA and Switzerland to the U.S. and for any onward transfers and solely for purposes of the Services, the applicable standard contractual clauses for the Transfers of Personal Data to Processors Established in Third Countries, dated 5 February 2010 (2010/87/EU), as amended or replaced from time to time (the “Standard Clauses”), shall apply and are hereby incorporated by reference into this Agreement. For purposes of the Standard Clauses, (a) Subscriber shall act as the data exporter and Pantheon shall act as the data importer and service provider; (b) any subprocessors (as defined under GDPR) shall be subject to Clause 11 (Sub-processing) of the Standard Clauses; (c) Appendices 1 and 2 of the Standard Clauses shall be promptly completed by the Parties and incorporated by reference to this Agreement. If the Standard Clauses are amended or replaced from time to time, then the foregoing Standard Clauses and Appendix references shall be deemed updated as appropriate. To the extent that there is a conflict between this Agreement and the Standard Clauses, the Standard Clauses shall prevail. If the Standard Clauses or other applicable transfer mechanisms become invalid, they shall be replaced with other valid instruments prescribed by applicable Data Protection Laws.
4.5 Subcontracting. Pantheon maintains a current list of subprocessors for purposes of Data Protection Laws under its Privacy Policy as set out above. Pantheon shall maintain as current and Subscriber consents to Pantheon’s use of such subprocessors solely for purposes of the Services. Pantheon shall maintain adequate data protection agreements with such subprocessors and remain liable for any breach of this Section 4 caused by a Pantheon subprocessor.
5. INTELLECTUAL PROPRIETARY RIGHTS.
5.1 Intellectual Property Rights Ownership. As between the Parties, Pantheon retains ownership in and reserves all right, title, and interest in and to any and all Proprietary Rights in and to the Documentation, Subscription Plans, the Support and Professional Services excluding Subscriber Confidential Information, the UI, and Software Tools, in whole and in part, and all derivative works thereof (“Pantheon IP”). Except for Pantheon IP, as between the Parties, Subscriber retains ownership in and reserves all right, title, and interest in and to any and all Proprietary Rights in and to Subscriber Content and any works created by Subscriber or End User that do not include any Pantheon IP. Except as expressly set forth in Section 5.2 below, no express or implied license or right of any kind is granted to Subscriber regarding any Pantheon IP, the Services, or any part thereof, including without limitation any right to obtain possession of any source code, data or other technical material relating to the Services. All rights not expressly granted to Subscriber are hereby reserved by Pantheon.
5.2 License. Subject to this Agreement, Pantheon grants to Subscriber during the Term a limited, revocable, non-exclusive, non-sublicensable, non-transferrable license, in object code form only, as applicable, to: (i) access and use the Documentation, Subscription Plans, and Software Tools and (ii) use the UI solely in connection with the Services. Further, Pantheon grants Subscriber a limited, revocable, non-exclusive, non-sublicensable, non-transferrable license, to copy, modify, distribute, and create derivative works of any Professional Services exclusive of Pantheon IP. The Services may contain open source software components which are licensed under the terms of the applicable open source software licenses and not this Agreement. All licenses and other rights, if any, granted to you in this Agreement are conditional on your continued compliance with this Agreement, and shall immediately and automatically terminate if you do not comply with any term or condition of this Agreement.
5.3 Cooperation. During and after the term, you shall not assert, nor shall you authorize, assist, or encourage any third party to assert, against Pantheon any intellectual property infringement claim regarding any Services you or any other authorized users have used on your behalf under this Agreement. Subscriber shall abide by all copyright notices, information, and restrictions contained in any UI accessed through the Services.
5.4 Retention of Rights in Downloaded Materials. Subject to this Agreement and any license restrictions included in such download, Subscriber may download or copy the UI, and other items designated for download, on the UI in connection with the Services and provided that Subscriber maintains all copyright and other notices contained in such UI. Such downloads and use thereof are provided solely in conjunction with your use of the Services, and any intellectual property therein is licensed to you by Pantheon or third-party licensors solely for your noncommercial use, and no title to the Software Tools or the UI shall be transferred to you.
5.5 Proprietary Rights of Subscriber Content. Subscriber shall own all Subscriber Content that Subscriber contributes to the UI. For purposes of Pantheon providing its Services, Subscriber hereby grants Pantheon during the Term a non-exclusive, worldwide, fully paid, royalty-free, non-transferable right and license to use, copy, cache, publish, display, distribute, modify, create derivative works and store such Subscriber Content solely to the extent necessary to provide the Services.
5.6 Feedback. If Subscriber identifies problems or changes or provides ideas, suggestions, or tangible materials to Pantheon about the Services (“Feedback”) Pantheon may use that information without obligation to Subscriber (including without limitation obligations of confidentiality), and Subscriber hereby irrevocably grants to Pantheon a fully paid, royalty-free, perpetual, worldwide, non-exclusive and fully sub-licensable right and license to use, reproduce, perform, display, distribute, adapt, modify, create derivative works of, and otherwise commercially or non-commercially exploit in any manner, any and all Feedback, and to sublicense the foregoing rights.
6. WARRANTY AND DISCLAIMER
6.1 Mutual Warranties. Each party represents and warrants to the other party that it: (a) has the legal power to enter into and perform under this Agreement (b) applies targeted measures to protect against the Services and UI containing any disabling devices, viruses, trojan horses, trap doors, back doors, easter eggs, time bombs, cancelbots, or other computer programming routines that damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or information and (c) its performance under this Agreement shall not violate any law applicable to its respective performance hereunder.
6.2 Pantheon Warranties. Pantheon warrants any professional services or Support by Pantheon shall be provided in a professional and timely manner. Pantheon further warrants the Services shall operate in accordance with the Documentation and any defective Services, as Subscriber specifies in writing to Pantheon within thirty (30) days of the Effective Date, shall be corrected by Pantheon at no cost to Subscriber to operate in accordance with the Documentation as Subscriber’s sole and exclusive remedy for such defect in warranty.
6.3 Disclaimer of Warranties. EXCEPT AS EXPRESSLY PROVIDED IN THIS SECTION 6, THE SERVICES, AND ANY CONTENT CONTAINED IN OR ACCESSED THROUGH THE SERVICES ARE PROVIDED “AS IS.” PANTHEON SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. WITHOUT LIMITING THE FOREGOING, PANTHEON MAKES NO EXPRESS OR IMPLIED WARRANTY OF ANY KIND THAT THE SERVICES, SHALL MEET SUBSCRIBER’S, END USERS’ OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, DATA OR OTHER SERVICES, OR BE COMPLETE, FREE OF HARMFUL CODE, TIMELY, UNINTERRUPTED OR ERROR-FREE. ANY THIRD PARTY CONTENT, DATA, PRODUCTS OR SERVICES OR ANY OPEN SOURCE SOFTWARE OR CODE THAT MAY BE ACCESSED BY SUBSCRIBER AVAILABLE THROUGH THE SERVICES ARE MADE AVAILABLE “AS IS" AND SHALL BE SUBJECT TO THE APPLICABLE LICENSE AGREEMENTS BETWEEN SUBSCRIBER AND SUCH THIRD PARTY AND ARE NOT SUBJECT TO THIS AGREEMENT. PANTHEON DOES NOT ENDORSE OR MAKE ANY OTHER REPRESENTATIONS OR PROMISES REGARDING SUCH THIRD PARTY MATERIALS.
7. INDEMNIFICATION
7.1 Pantheon shall defend, indemnify, and hold you harmless, including your employees, officers, directors, representatives from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to any third party claim concerning infringement of third party US or European registered intellectual property rights by Pantheon. Subscriber shall defend, indemnify, and hold Pantheon harmless, including our employees, officers, directors, representatives, our licensors and service providers, and each of their respective employees, officers, directors, and representatives from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to: (a) Subscriber or any End Users’ use of the Services (including any activities under your account and use by your employees, agents, subcontractors, or customers); (b) violation of Pantheon’s AUP; (c) Subscriber Content or the combination of Subscriber Content with other applications, content or processes, including any claim involving alleged infringement or misappropriation of third-party rights by your Subscriber Content or by the use, development, design, production, advertising or marketing of Subscriber Content; or (d) a dispute between Subscriber and any End User, employee, agent, contractor, or other third party.
7.2 Process. Each party shall promptly notify the indemnifying party of any claim under this Section 7 (a “Claim”), but a failure to do so shall not prejudice indemnified party’s rights hereunder. Indemnifying party shall choose legal counsel to defend the Claim, provided that these decisions are reasonable and promptly communicated to indemnified party. Indemnified party must comply with reasonable requests for assistance and cooperation in the defense of any Claim. Indemnifying party shall not settle a Claim without indemnified party’s consent, although such consent may not be unreasonably withheld or delayed. Indemnifying party must promptly pay defense expenses incurred hereunder.
8. LIMITATIONS OF LIABILITY.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY, ITS EMPLOYEES, OFFICERS, DIRECTORS, REPRESENTATIVES OR ITS AFFILIATES (FOR PURPOSES OF THIS SECTION ONLY “PANTHEON”), BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES WHATSOEVER ARISING OUT OF THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER PECUNIARY LOSS. THIS LIMITATION APPLIES EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. NOTWITHSTANDING THE FOREGOING, THE MAXIMUM AGGREGATE LIABILITY OF EITHER PARTY AND THE MAXIMUM AGGREGATE AMOUNT WHICH MAY BE AWARDED TO AND COLLECTED BY THE OTHER PARTY WITH RESPECT TO CLAIMS UNDER THIS AGREEMENT SHALL NOT EXCEED TWELVE (12) MONTHS OF FEES FOR SERVICES UNDER APPLICABLE ORDER FORM FROM WHICH THE FIRST CLAIM AROSE.
9. FEES AND PAYMENTS.
9.1 Fees. Any applicable fees for use of the Services shall be in U.S. dollars before applicable taxes or statutory withholdings required by law. All fees are non-refundable unless expressly stated in the Order Form or this Agreement. Subscriber represents that it is a lawful account holder authorized to make any payments hereunder to Pantheon. All payments are made without the right of setoff or chargeback. The Parties agree that, at the time this Agreement is entered, it would be extremely difficult or impracticable to ascertain Pantheon’s damages resulting from lost business opportunities or otherwise should any monetary amount not be paid in full when due. The Parties reasonably estimate that, in addition to all other remedies available to Pantheon, fair compensation for any amount past due shall bear interest at the rate of 1.5% per month, unless such amount exceeds the interest rate permitted under applicable law, in which case the interest rate shall be the highest rate permitted under such law. Such interest shall accrue from its due date until paid. Subscriber shall pay any taxes arising out of this Agreement expressly excluding taxes on Pantheon’s net income and all employer reporting and payment obligations with respect to Pantheon’s personnel. Subscriber shall promptly provide any documentation for withholdings under law affecting any amounts payable to Pantheon hereunder. Pantheon reserves the right to contract with a third party for the purpose of processing payments. Such third party may impose additional terms and conditions governing payment processing.
9.2 Failure to Pay. If Subscriber fails to pay amounts owed to Pantheon in accordance with this Agreement, Pantheon may suspend without notice or liability any performance under this Agreement until such payment is received by Pantheon. If Subscriber fails to pay any such amount following five (5) days’ notice, Pantheon may terminate all or a portion of the Services without further notice or any liability. Pantheon may further engage the services of a collection agent to recover non-payment.
9.3 Modification of Fees. Pantheon may change its prices at any time. Any pricing set out in the Order Form shall apply for the quantities and items as specified therein for your current Subscription Plan.
10. TERMINATION.
10.1 Term. The term of this Agreement commences on the Effective Date and shall apply for the duration of Subscriber’s use of the Services unless terminated earlier in accordance with this Agreement (the “Term”). The term of any Subscription Plan shall commence as set out in the Order Form and shall apply for the duration of Subscriber’s Subscription Plan unless terminated earlier in accordance with this Agreement.
10.2 Right to Terminate. Pantheon may immediately terminate the Services at any time for any violation of Section 1.4 (Use of Services – Restrictions), Section 4 (Data Processing Standards of any PI), or Section 5 (Intellectual Property Rights). Subject to Section 9 and Subscriber’s compliance with this Agreement, Subscriber may terminate Services under an Order Form at any time. Without limiting the foregoing, if you fail to perform any material provision of this Agreement, and Pantheon gives written notice to you that if the default is not cured within ten (10) business days (the “Cure Period”), the Agreement shall be terminated, and the default is not cured to the reasonable satisfaction of Pantheon during such period, then the Agreement shall automatically terminate at the end of the Cure Period.
10.3 Effects of Termination. Upon termination of any Subscription Plan or Services under this Agreement, your right to use the Services, including access to the UI, and any Subscriber Content or Third Party Content shall immediately cease. Sections 1.4 (Restrictions), 3 (Confidentiality), 5 (Intellectual Property Rights) , 7 (Warranty Disclaimer), 8 (Limitation of Liability), 9 (Fees and Payments), 10.3 (Effects of Termination), 11 (DMCA), 12 (Miscellaneous), 13 (Terms and Definitions) shall survive termination of this Agreement. Pantheon shall not retain any Subscriber Confidential Information following termination of Services except as may be required for compliance with applicable law.
11. COMPLIANCE WITH LAWS
11.1 Compliance with Laws. Each Party shall comply with all applicable anti-corruption laws and regulations, including without limitation the US Foreign Corrupt Practices Act and the UK Bribery Act of 2010. Each Party shall promptly report any known or suspected conflicts of interest that may arise between the parties. Subscriber shall ensure Subscriber Content and any use thereof with the Services complies at all times with applicable laws.
11.2 DMCA. Pantheon respects intellectual property rights. We hereby expressly reserve the right, in our sole and absolute discretion, to terminate accounts or access rights if we have reason to believe that intellectual property rights have been violated under the process set out in our AUP for compliance with DMCA.
11.3 Export Controls Laws. Subscriber acknowledges that the Services are subject to export control laws and regulations of the United States (“U.S.”) and shall abide by those laws and regulations. Under U.S. export control laws and regulations, unless authorized by the U.S. government, the Services may not be downloaded or otherwise exported, re-exported, or transferred to sanctioned countries, to parties listed on a U.S. government restricted party list, or for prohibited end uses. Subscriber represents, warrants and covenants that neither Subscriber nor Subscriber’s personnel: (a) are located in, or a resident or a national of, a sanctioned country; (b) are on any of the U.S. government lists of restricted parties; and (c) will, unless otherwise authorized under U.S. export control regulations, use the software in any prohibited end use, including, without limitation, design, analysis, simulation, estimation, testing, or other activities related to nuclear, chemical/biological weapons, rocket systems or unmanned air vehicles applications. Licensee understands that the requirements and restrictions of U.S. law as applicable to Licensee may change over time, and that, to determine the precise controls applicable to the software, it is necessary to refer to the U.S. Export Administration Regulations and the U.S. Department of Treasury, Office of Foreign Assets Control sanction regulations.
12. MISCELLANEOUS
12.1 Complete Agreement. This Agreement, along with any Order Form(s) incorporating this Agreement by reference, any Supplemental Terms as set out herein and the AUP, constitute the entire agreement regarding the subject matter herein between Subscriber and Pantheon and replaces all prior or contemporaneous understandings or agreements, written or oral, regarding the subject matter hereof. Purchase orders shall be for the sole purpose of defining quantities, prices and describing the Services to be provided under this Agreement and to this extent only are incorporated as a part of this Agreement and all other terms in purchase orders are rejected. Subscriber’s access to and use of certain other products or services by Pantheon may be subject to additional terms (“Supplemental Terms”), and such Supplemental Terms shall apply as set out herein, be referenced in the Order Form or be presented for acceptance when such services are added by Subscriber. If this Agreement is inconsistent with the Supplemental Terms, the Supplemental Terms shall control with respect to such services.
12.2 No Waiver of Rights. No provision of this Agreement, unless such provision otherwise provides, shall be waived by any act, omission or knowledge of either Party or its agents or employees, except by an instrument in writing expressly waiving such provision and signed by a duly authorized officer of such Party. The failure of either Party to exercise in any respect any right provided for herein shall not be deemed a waiver of any further rights hereunder.
12.3 Force Majeure. Pantheon shall not be liable for any delay or failure to perform any obligation under this Agreement where the delay or failure results from any cause beyond our reasonable control, including acts of God, labor disputes or other industrial disturbances, systemic electrical, mechanical, telecommunications, or other utility failures or degradation, earthquake, storms or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism, or war.
12.4 Assignment and Transferability of Agreement. This Agreement is not assignable, transferable or sub-licensable by Subscriber, any adjudicator, or any third party, except with Pantheon’s express prior written consent. Pantheon may assign this Agreement in whole or in part at any time without Subscriber’s consent to a parent, affiliate, or subsidiary or to a successor provided that the terms of this Agreement shall be binding upon and inure to the benefit of such assignee party by Pantheon.
12.5 Relationship of Parties. The relationship between Pantheon and Subscriber are that of independent contractors, each as separate legal entities. Neither is an agent, representative, partner, or in a joint venture with the other Party under contract or by law. Except as set out in the Agreement, neither party may represent to any third party that it has any authority to act on behalf of the other Party.
12.6 Notice. The Parties accept e-mail notices as effective under this Agreement. Any notice shall be in writing and shall be deemed effective when sent to the last known address provided unless notice was given to the other Party otherwise. Notices to Pantheon shall be provided by email to [email protected] or by hard copy to Customer Support, Pantheon Systems, Inc., 717 California Street, 3rd Floor, San Francisco, CA 94108. Notices to you shall be sent to the email address maintained by Subscriber with Pantheon.
12.7 Injunctive Relief. You acknowledge that monetary damages would not be an adequate remedy for your breach of certain provisions of this Agreement, including, but not limited to, Section 1, Section 3, Section 5, and other provision pertaining to the protection of any intellectual property or Proprietary Rights of Pantheon. Accordingly, if you breach or threaten to breach any of your obligations relating thereto, other than payment when due, Pantheon shall be entitled, without showing or proving any actual damage sustained, to a stipulated temporary restraining order, and shall thereafter be entitled to apply for a preliminary injunction, permanent injunction, and/or order compelling specific performance, to prevent the breach of your obligations under this Agreement. Nothing in this Agreement shall be interpreted as prohibiting Pantheon from pursuing or obtaining any other remedies as otherwise available to it for such actual or threatened breach, including recovery of damages through litigation. If any legal action is brought to enforce this Agreement, Pantheon shall be entitled to receive its attorneys' fees, court costs, and other collection expenses, in addition to any other relief it may receive.
12.8 Third Party Beneficiaries. This Agreement is for the sole benefit of the Parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other person or entity any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement.
12.9 Publicity. The pricing and any applicable discounts made available hereunder are conditioned on Subscriber’s consent to use its name and other indicia in Pantheon’s customer list and promotional, and marketing materials and activities.
12.10 Remedies. In the event that any action, suit, or other legal or administrative proceeding is instituted or commenced by either party against the other party arising out of or related to this Agreement, the prevailing party is entitled to recover its reasonable attorneys’ fees and court costs from the non-prevailing party.
13 APPLICABLE LAWS AND DISPUTES
13.1 Applicable Law. The Parties agree the laws of the State of California, without regard to principles of conflict of laws, shall exclusively govern this Agreement except as otherwise stated. The Parties expressly agree to the jurisdiction of state and federal courts located in San Francisco, California in any legal action, suit or proceeding hereunder except as otherwise stated.
13.2 Legal Disputes. The Parties shall cooperate to settle matters amicably under this Agreement. Except for matters of injunctive relief under Section 12.7 where such requirement shall not be a prerequisite, any claim, controversy or dispute between the Parties under this Agreement including the validity, construction or enforcement, breach, tort or quasi-claim, the Parties agree the matter shall be referred to an independent mediator agreed upon by the Parties. Where the Parties cannot agree on a mediator within ten (10) business days, either Party may file a claim and both Parties submit to the jurisdiction and requirements of the American Arbitration Association in accordance with its Commercial Arbitration Rules, and judgment on the award rendered by the arbitrator(s) may be entered in any court meeting the requirements of Section 13.1 as each Party’s sole and exclusive remedy hereunder. The Parties agree to participate in good faith in any mediation or arbitration begun under this section. Any mediation or arbitral award shall be binding upon the Parties, and shall be final and non-appealable except for (a) matters of Confidentiality or Intellectual Property Rights, which may be appealed in all cases following a decision from arbitration proceedings, or (b) otherwise solely on the grounds provided under the applicable Alternative Dispute Resolution and Arbitration Laws, Rules and Procedures.
14. OTHER DEFINITIONS
“API” means an application program interface.
“Confidential Information” means any and all non-public information or other information, given the nature of the information or circumstances surrounding its disclosure, reasonably should be understood to be confidential, disclosed by a Party (“Disclosing Party”) to the other Party (“Receiving Party,”) which may include without limitation: (a) patent and patent applications, (b) trade secrets and product roadmap or discussions regarding features and enhancements and (c) proprietary and confidential information, ideas, media, drawings, works of authorship, inventions, know-how, processes, algorithms, software programs and software source documents related to the current, future, and proposed products and services of Pantheon or its business partners including their technology, business plans and promotions (d) information concerning research, development, design details and specifications, engineering, financial information, procurement requirements, purchasing, manufacturing, customer lists, investors, employees, business and contractual relationships, business forecasts, sales and merchandising, and marketing plans.
“Documentation” means the user guides and operations manuals provided with the Services at https://pantheon.io/docs/.
“End User” means any third party that directly or indirectly: (a) accesses, modifies or uses your Subscriber Content; or (b) otherwise modifies, accesses or uses the Services under your Subscription Plan.
“Order Form” is the list of products or services with any applicable pricing, quantities, and terms of your Subscription Plan provided by Pantheon to you incorporating by reference the terms of this Agreement, whether online, on paper or in digital format. For avoidance of doubt, any sandbox, beta or otherwise unpaid access to the Services shall be subject to this Agreement.
“Personal Information” (or “PI”) is information, in any form, that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
“Proprietary Rights” means any and all of the following: (a) all rights using all technologies, electronic or otherwise and whether now known or hereafter created, associated with works of authorship throughout the universe, including but not limited to patents, designs, copyrights, moral rights, mask works, algorithms and other industrial property rights; (b) trademark and trade name rights and similar rights and all business goodwill associated therewith; (c) trade secret rights; (d) all other intellectual and industrial property rights (of every kind and nature throughout the Universe and however designated and whether now known or hereafter created, including, but not limited to, logos, “rental” rights, rights of publicity, and rights to remuneration), whether arising by operation of law, contract, license, treaty or otherwise; and (e) all registrations, initial applications, renewals, extensions, continuations, divisions or reissues hereof now or hereafter in force (including without limitation any rights in any of the foregoing).
“Restricted Data” shall mean (i) protected health information under the Health Insurance Portability and Accountability Act and medical information governed by provincial, state or other healthcare privacy laws; (ii) government-issued identification numbers, including Social Security numbers, driver’s license numbers and other state-issued identification numbers; (iii) information regulated under the Gramm-Leach Bliley Act; (iv) payment card data, including credit card or debit card numbers regulated by the Payment Card Industry Data Security Standards (“PCI DSS”); (v) “sensitive personal data” or “special categories of personal data,” consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation; (vi) biometric data regulated by biometric privacy laws; or (vii) other data requiring a standard of protection more stringent or specific than reasonable technical, physical, and procedural safeguards against disclosure.
“Services” means the Subscription Plan, Software Tools, Professional Services or Support offered to Subscriber (and, if Subscriber is entering this Agreement solely for the development of websites for third parties, i.e., an “Agency,”, Subscription Plans offered to such Agency’s customers subject to certain Supplemental Terms as set out in the Order Form). Services do not include Third Party Content or Subscriber Content.
“Software Tools” means the platform that provided by Pantheon under this Agreement for the development, maintenance, and oversight of one or more websites (including, without limitation, development environment, workflow integration tools, dashboard, site access controls and search), the Documentation, the UI, and any other web product or service provided by Pantheon under this Agreement. Software Tools do not include Third Party Content or Subscriber Content.
“Subscriber Content” means content that Subscriber or any End User (a) accesses or uses on the Services, (b) causes to interface with the Services, or (c) uploads to the Services under its account or otherwise transfers, processes, uses or stores in connection with such account. For the purposes of this definition, “Subscriber Content” means, without limitation, software, object code, source code, audio, video, animations, text, graphics, logos, tools, photographs, images, illustrations, and Subscriber added API(s), dashboard(s), administration tools, and graphical interface(s).
“Subscription Plan” means paid or unpaid access to any website hosting plan provided by Pantheon as set out in an Order Form.
“Third Party Content” means content made available to you by any third party on the UI or in conjunction with the Services. For the purposes of this definition, “Third Party Content” means, without limitation, third party software, source code, object code, audio, video, animations, text, graphics, logos, tools, photographs, images, illustrations, and API(s), dashboard(s), administration tools, and graphical interface(s).
“UI” or “User Interface” means all Pantheon-created content, including but not limited to software or source code, audio, video, animations, text, graphics, logos, tools, photographs, images, animations, illustrations, the Pantheon programming code and APIs, dashboard(s), administration tools, and graphical interface(s), all as created and/or used by or on behalf of Pantheon in connection with provision of the Services. UI does not include Third Party Content or Subscriber Content.
15. ADDITIONAL TERMS.
15.1 Pantheon Insurance Coverage. Pantheon shall at its own expense, at all times during the term of this Agreement and after termination as specified below, maintain in effect the following types and limits of insurance and with insurers with an A.M. Best rating of A-VII or better.
Workers’ Compensation insurance with statutory limits and Employer’s Liability insurance with limits of $1,000,000 each accident, per employee for disease, and per disease.
Commercial General Liability insurance covering all operations by, or on behalf of, Pantheon, providing insurance for bodily injury, property damage, personal and advertising injury, as those terms are defined by Commercial General Liability insurance policies, with limits of not less than one million dollars ($2,000,000) per occurrence, and four million dollars ($4,000,000) general aggregate, and including Subscriber and Subscriber Indemnified Parties as additional insureds, but only to the extent of liabilities falling within Pantheon’s indemnification obligations under this Agreement. Such coverage shall include Subscriber as an additional insured and apply to such additional insured and on primary and non-contributory basis, but each such extension of coverage shall only apply to the extent of liabilities falling within Pantheon’s indemnification obligations pursuant to the terms of the Agreement.
Business Automobile Liability Insurance, including, bodily injury, passenger liability (where applicable) and third party property damages for all owned, hired (or rented) and non-owned vehicles, with limits of $2,000,000 each accident combined single limit.
Cyber Liability and Technology Errors and Omissions insurance, covering negligent acts errors and omissions in the performance of services with limits of $5,000,000 per claim or series of related claims and in the aggregate. The insurance will also include coverage for loss caused by Pantheon’s failure to prevent unauthorized access to, or use of, systems or networks containing private or confidential information of Subscriber; to prevent the transmission of a computer virus; and to provide authorized users access to the Subscriber’s website, applications, or communications network. Additionally, the insurance will provide reimbursement towards notification costs for a security breach as required under data breach notification law. Such coverage shall be extended either by an extended reporting period or by subsequent renewals of coverage to cover a period of three years after termination of the Agreement.
Excess Liability insurance providing addition limits of Employer’s Liability insurance, Commercial General Liability insurance, and Business Automobile Liability insurance on a follow form basis, with limits of $3,000,000 per occurrence and in the aggregate.
Pantheon’s Workers Compensation, Employers Liability and Commercial General Liability insurance will contain a waiver of subrogation against Subscriber, but only to the extent of liabilities falling within Pantheon’s indemnification obligations pursuant to the terms of this Agreement. Pantheon shall furnish certificates of insurance evidencing renewal or replacement coverage to Subscriber within a reasonable time of placement of any such policies. Pantheon shall give Subscriber at least thirty (30) days’ prior written notice to Subscriber of non-renewal or cancellation of any required policy.
15.2 Transition Assistance. Within ten (10) days of any termination or expiration of this Agreement or any Order Form, Pantheon shall use reasonable efforts to promptly wind up the Services and cancel any Subscriber-specific expenses. If requested in a timely manner, Pantheon shall make available to Subscriber (at agreed upon hourly rates or a price consistent with the cost of the Services under this Agreement) reasonable transition assistance to any successor to the Services.
Software Evaluation Agreement
Version 7.0
Effective July 23, 2021
DownloadTable of Contents
- Evaluation License and Use.
- License Grant. Subject to Subscriber's compliance with this SELT, Pantheon hereby grants Subscriber a limited, revocable, non-exclusive, non-transferable, non-sublicensable and in object code form only a license to use the Evaluation Materials that Pantheon may deliver or make available to Subscriber solely for the Permitted Use during the Evaluation Period.
- No Technical Support. Pantheon has no obligation under this SELT to provide Support relating to the Evaluation Software. Subscriber is solely responsible for taking appropriate measures to back up and manage Subscriber's systems and data.
- Subscriber Obligations. Upon reasonable request by Pantheon including in some cases participation in interviews with their employees or End Users, Subscriber shall make available information or resources regarding Subscriber’s use of the Evaluation Materials.
- Fees. Unless otherwise agreed by the Parties or specified in an Order Form, for the duration of the Evaluation Period, there is no additional charge for any licensed use by Subscriber of the Evaluation Materials pursuant to this SELT.
- Term and Termination.
- Term. This SELT commences as of the Effective Date and will continue in effect until the expiration of the Evaluation Period (the "Term").
- Termination. This SELT may be terminated:
- By Pantheon, without notice for Subscriber’s breach of this SELT;
- By Pantheon at any time without cause, and without incurring any obligation, liability, or penalty by reason of such termination with 10 days’ notice to the other Party; and
- By either Party in the event of a claim that any Evaluation Materials or use of such materials infringes the rights of a third party.
- Disabling Evaluation Materials. The Evaluation Materials may be suspended, replaced or superseded by Pantheon during the Evaluation Period.
- Limitations of Liability. IN NO EVENT WILL PANTHEON OR ANY OF ITS EMPLOYEES, OFFICERS, DIRECTORS, REPRESENTATIVES OR ITS AFFILIATES, BE LIABLE, WHETHER DIRECT, CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE, UNDER OR IN CONNECTION WITH THIS SELT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE.
- Miscellaneous.
- Public Announcements. Subscriber shall not issue or release any announcement, statement, press release, or other publicity or marketing materials relating to the Evaluation Materials or this SELT without the prior written consent of Pantheon. Pantheon may, at its discretion, include Subscriber's name and other indicia in promotional and marketing materials.
- Definitions.
- "Evaluation Materials" means the Evaluation Software and the associated Documentation, Software Tools and UI necessary to use the Evaluation Software not separately licensed to Subscriber by Pantheon, and any and all (a) copies, reproductions, modifications, enhancements, adaptations, translations, and other derivative works thereof, and (b) inventions, improvements, know-how, specifications, performance characteristics, designs, plans, methods, procedures, processes, techniques, software, technology, concepts, information, or materials whatsoever comprising, relating to, based on, or arising out of, the Evaluation Software, in whole or in part and however and by whomever originated, including, without limitation, by any technology or device or by Pantheon, Subscriber, an End User, or any other Person.
- "Evaluation Period" means the period that begins on the Effective Date and ends when Evaluation Material is made generally available to the public by Pantheon, or when earlier terminated by Pantheon at its reasonable discretion.
- "Evaluation Software" means Pantheon's evaluation version of the services as set out in the Order Form in object code form only.
- "Permitted Use" means solely for the testing, demonstration, trial, and other evaluative, but not any developmental or productive, use of the Evaluation Materials, including, but not limited to, the assessment of the Evaluation Software's compatibility with the Subscriber's systems, data and environment for the benefit of Subscriber.
Terms of Service
Version 11.0
Effective July 23, 2021
DownloadTable of Contents
The Terms of Service Agreement (this “Agreement”) contains the terms and conditions that govern your access to and use of this Web Site and our Service Offerings (as defined below) and is an agreement between Pantheon Systems, Inc. (“Pantheon,” “we,” “us,” or “our”) and you. This Agreement takes effect when you click an “I Accept” button or check box presented with these terms or, if earlier, when you use any of the Service Offerings (the “Effective Date”). You represent to us that you (a) have read, understand, and agree to be bound by this Agreement; (b) are lawfully able to enter into contracts (e.g., you are not a minor). If you are using the Service Offerings on behalf of an entity, you are agreeing to this Agreement for that entity and representing to Pantheon that you have the authority to bind that entity to this Agreement (in which case “you” and “Subscriber” will refer to that entity, and, together with other users of the Web Site, “Subscribers”), unless that entity has a separate contract in effect with us, in which event the terms of that contract will govern use by the entity. If you do not agree to be bound by this agreement, you may not access or use this Web Site or the Service Offerings.
Your use of, and participation in, certain services offered by Pantheon may be subject to additional terms (“Supplemental Terms”), and such Supplemental Terms will either be listed in the Agreement or will be presented to you for your acceptance when you sign up to use the supplemental service. If the Agreement is inconsistent with the Supplemental Terms, the Supplemental Terms shall control with respect to such service. This Agreement and any applicable Supplement Terms are referred to herein as the “Agreement.”
This agreement limits the remedies that may be available to you in the event of a dispute.
Please note that this Agreement is subject to change by Pantheon in its sole discretion at any time. When changes are made, Pantheon will make a new copy of this Agreement available at its Web Site. We will also update the “Last Updated” date at the top of this Agreement. If we make any material changes, and you have created an account with us, we will also either send an e-mail to you at the last e-mail address you provided pursuant to this Agreement or post the updated Agreement on the UI (defined below). Any changes to the Agreement will be effective immediately for new users of the Web Site and/or Service Offerings and will be effective thirty (30) days after posting notice of such changes on the Web Site for existing Subscribers, provided that any material changes shall be effective for Subscribers who have an account with us upon the earlier of thirty (30) days after posting notice of such changes on the Web Site or thirty (30) days after dispatch of an e-mail notice of such changes to such Subscribers. Pantheon may require you to provide consent to the updated Agreement in a specified manner before use of the Web Site or the Service Offerings is permitted. If you do not agree to any change(s) after receiving notice of such change(s), you shall stop using the Web Site and the Service Offerings. Otherwise, your continued use of the Web Site and/or the Service Offerings constitutes your acceptance of such change(s).
Capitalized terms used in this Agreement shall have the meaning set forth in Section 17 or as otherwise defined within the Agreement.
1. USE OF THE SERVICE OFFERINGS
Subject to the terms and conditions of this Agreement, Pantheon will provide the Service Offerings that you select, solely for your own use, and not for the use or benefit of any third party (other than as provided under Section 2 (Resale of Subscription Plans). Service Offerings shall include, but not be limited to, any Services Pantheon performs for Subscriber, as well as the offering of any Subscriber Content on the UI.
1.2 Access to Service Offerings. Pantheon will use reasonable efforts to ensure that the Subscription Plans and Software Tools are available twenty-four hours a day, seven days a week. However, there will be occasions when the Subscription Plans, Software Tools, and/or the Web Site will be interrupted for maintenance, upgrades and repairs or due to failure of telecommunications links and equipment. Pantheon will take reasonable steps to minimize such disruption where it is within Pantheon’s reasonable control. You agree that Pantheon will not be liable in any event to you or any other party for any suspension, modification, discontinuance or lack of availability of the UI, the Service Offerings, Subscriber Content or Third Party Content. You are responsible for obtaining, maintaining and ensuring compatibility of any equipment or ancillary services needed to connect to, access the UI or otherwise use the Service Offerings, including without limitation, hardware, software, routers, wireless, networking devices, firewalls, modems, broadband service, and long distance or local telephone service. Pantheon may change, suspend or discontinue the Service Offerings at any time, including the availability of any feature, database, or UI. Pantheon may also impose limits on certain features and services or restrict your access to parts or all of the Service Offerings without notice or liability. Pantheon retains the right to create limits on use and storage in its sole discretion at any time with or without notice.
1.3 Subscribers Registration. Subscriber will be required to register with Pantheon and select a password and Pantheon URL by providing Pantheon with accurate, complete, and updated registration information, including Subscriber’s e-mail address. Failure to do so shall constitute a material breach of this Agreement. Subscriber may not use as a Pantheon URL a name that is subject to any third-party rights without appropriate authorization. Pantheon reserves the right to refuse registration of, or cancel, a Pantheon URL in its discretion. Subscriber is solely responsible for any use of or action taken under Subscriber’s password and accepts full responsibility for all activity conducted through Subscriber’s account and hereby releases Pantheon from any and all liability concerning such activity. Subscriber shall notify Pantheon immediately of any actual or suspected loss, theft, or unauthorized use of Subscriber’s account or password.
1.4 Restrictions. Except as expressly authorized pursuant to this Agreement, including Section 2 (Resale of Subscription Plans), Subscribers and each End User may not and may not permit others to: (a) sell, rent, lease, license, sublicense, or assign the Service Offerings, or any part thereof to others without Pantheon’s prior written permission; (b) access or use the Service Offerings in a way intended to avoid incurring fees or exceeding usage limits or quotas; (c) transfer the Service Offering, in whole or in part, or any copy thereof to another party, unless you receive written permission from an authorized agent of Pantheon; (d) reverse engineer, decompile, disassemble, or otherwise derive the source code from the Software Tools or Service Offerings, or any part thereof, without Pantheon’s prior written permission; (e) copy, modify or prepare derivative works of the Service Offerings, or any part thereof; (f) provide or permit access to the Service Offerings or any part thereof except for the sole use of End User; (g) copy, distribute or otherwise use the Service Offerings or any part thereof in any manner which competes with or substitutes for Pantheon's distribution of the Service Offerings; (h) use the Service Offerings to send unsolicited e-mails, bulk mail, spam or other materials to users of the UI or any other individual; (i) use the Service Offerings in any libelous, defamatory, abusive, threatening, harassing, hateful, offensive, or manner that otherwise violates this Agreement, any law, or right of any third party, (j) use the Service Offerings in High Risk Activities or Other Prohibited Activities; (k) attempt to breach Pantheon’s security or authentication measures, whether by passive or intrusive techniques; (l) perform or publish any performance or benchmark tests or analyses relating to the Service Offerings, or the use thereof; or (m) cover or obscure any page or part of the Service Offerings via HTML, CSS, scripting, or any other means.
The parties agree to comply with Pantheon’s privacy policy (“Privacy Policy”) set forth at https://www.pantheon.io/privacy, as modified from time to time.
2. RESALE OF SUBSCRIPTION PLANS
2.3 Your Failure to Pay for Clients. Pantheon reserves the right to terminate the Subscription Plans, or any renewal thereof, provided by Pantheon to you or that you resold to a Client, in the event that you fail to pay the applicable fees for such Subscription Plan within ten (10) days after such payment becomes due hereunder.
2.4 Client Violations. You are responsible for your Clients’ use of Subscriber Content and the Subscription Plan. You will ensure that all Clients comply with the Pass Through Terms and that the terms of your Agency Reseller Agreement with each Client are consistent with this Agreement. If you become aware of any violation of the Pass Through Terms by a Client, you will immediately terminate such Client’s access to the Subscription Plan.
2.5 No Warranties. You may not make any representations or warranties regarding the functionality or performance of the Service Offerings that exceed the terms set forth in this Agreement, and you agree to indemnify and hold Pantheon harmless pursuant to the terms of Section 8 for any claims or lawsuits resulting from such action.
2.6 Access to Usernames and Passwords. You agree that you will not disclose user names or passwords to unauthorized users.
2.7 Audit. You will maintain accurate records relating to resales of the Subscription Plans during the Term of this Agreement and for three (3) years after the expiration or termination of this Agreement. Pantheon, or persons designated by Pantheon, will, at any time during such period, be entitled to audit such records during normal business hours and on reasonable prior notice, in order to verify Subscribers’ compliance with the terms of this Section 2.
2.8 Marks. Pantheon hereby grants to you a limited, non-transferable, royalty-free license to use its trademarks and logos (“Marks”) solely in connection with the fulfillment of your resale rights under this Agreement, and at all times subject to Pantheon’s specifications as set forth at https://pantheon.io/pantheon-trademark-standards-use and the terms and conditions of this Agreement. You acknowledge and agree that Pantheon holds all right, title and ownership in and to the Pantheon Marks and the goodwill pertaining thereto.
3. SUPPORT
Pantheon’s description of available support services (“Support”) is made available at https://pantheon.io/docs/getting-support. Your selection of Support to be performed and associated fees will be set forth on the Web Site. Pantheon will make reasonable efforts to provide the Support described in the applicable then-current support description posted on Pantheon’s support web site (each, a “Support Description”). Pantheon may change a Support Description at any time by posting a new Support Description on its support web site. This Agreement only covers Support described in the Support Description. No other support will be provided under this Agreement.
3.2 Technical Assistance. Pantheon will make reasonable efforts to provide customer with the technical assistance described in the applicable Support Description; support does not include on-site assistance. Response targets identified in a Support Description for response times are only targets and are not binding on Pantheon.
4. DATA PROCESSING UNDER GENERAL DATA PROTECTION REGULATION.
4.1 Definitions applicable to this Section 4. The terms "controller", "processor", "data subject", "personal data", "processing" (and "process") and "special categories of personal data" shall have the meanings given in Applicable Data Protection Law.
4.6 Subcontracting. Subscriber consents to Pantheon engaging third party subprocessors to process the personal data for the Permitted Purpose provided that: (i) Pantheon maintains an up-to-date list of its subprocessors and will make that list available to Subscriber upon request or by posting such list to Pantheon’s website; (ii) Pantheon imposes data protection terms on any subprocessor it appoints that require it to protect the personal data to the standard required by Applicable Data Protection Law; and (iii) Pantheon remains liable for any breach of this clause that is caused by an act, error or omission of its subprocessor. Subscriber may object to Pantheon's appointment or replacement of a subprocessor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such event, Pantheon will either not appoint or replace the subprocessor or, if this is not possible, Subscriber may suspend or terminate Agreement (without prejudice to any fees incurred by Subscriber prior to suspension or termination).
4.7 Cooperation and data subjects’ rights. Pantheon shall provide reasonable and timely assistance to Subscriber (at Subscriber’s expense) to enable Subscriber to respond to: (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, inquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the personal data. In the event that any such request, correspondence, inquiry or complaint is made directly to Pantheon, Pantheon shall promptly inform Subscriber providing full details of the same.
4.8 Data Protection Impact Assessment. Pantheon shall provide reasonable cooperation to Subscriber (at Subscriber's expense) in connection with any data protection impact assessment that Subscriber may be required under Applicable Data Protection Law.
4.10 Deletion or return of Data. Upon termination or expiration of the Agreement, Pantheon shall destroy all personal data in its possession or control according to the provisions for Subscriber Content set forth in Section 10.
5. PROPRIETARY RIGHTS;
5.2 License. Subject to the terms and conditions of this Agreement, Pantheon grants you a limited, revocable, non-exclusive, non-sublicensable, non-transferrable license to do the following during the Term: (i) access and use the Subscription Plans and Software Tools solely in accordance with this Agreement; and (ii) use the UI solely in connection with your permitted use of the Service Offerings. The Service Offerings may contain open source software components which are licensed under the terms of the applicable open source software licenses and not this Agreement.
5.3 Retention of Rights in Downloaded UI. Subscriber may download or copy the UI, and other items displayed on the UI for download, for personal use only, provided that Subscriber maintains all copyright and other notices contained in such UI. In the event you download Software Tools from the UI, the Software Tools and the UI, including any files, images incorporated in or generated by the Software Tools and the UI, and the data accompanying the Software Tools and the UI is licensed to you by Pantheon or third-party licensors for your personal, noncommercial use, and no title to the Software Tools or the UI shall be transferred to you.
6. SUBSCRIBER RESPONSIBILITIES
6.2 End User Violations. You will be deemed to have taken any action that you permit, assist or facilitate any person or entity to take related to this Agreement, Subscriber Content or use of the Service Offerings. You are responsible for End Users’ use of Subscriber Content and the Service Offerings. You will ensure that all End Users comply with your obligations under this Agreement and that the terms of your agreement with each End User are consistent with this Agreement. If you become aware of any violation of your obligations under this Agreement by an End User, you will immediately terminate such End User’s access to Subscriber Content and the Service Offerings.
6.3 End User Support. You are responsible for providing customer service (if any) to End Users (other than End Users authorized by us and Subscriber to receive paid support from us) or any Client. Pantheon does not provide any support or services to End Users or Clients unless Pantheon has a separate agreement with you or an End User or Client obligating Pantheon to provide support or services.
6.4 Restriction on Use of Service Offerings and/or UI. Subscriber is responsible for all of its activity in connection with the Service Offerings and accessing the UI. Any fraudulent, abusive, or otherwise illegal activity or any use of the Service Offerings or UI in violation of this Agreement shall be a material breach of this Agreement.
7. WARRANTY DISCLAIMER
7.3 Third Party Websites. Unless explicitly otherwise provided, Pantheon does not make any representation or warranty whatsoever about any third-party site that is linked to the UI, or endorse the products or services offered on such site.
8. INDEMNIFICATION
9. LIMITATIONS OF LIABILITY.
10. SUBSCRIBER CONTENT.
11. FEES AND PAYMENTS.
11.2 Failure to Pay. If Subscriber fails to pay fees in accordance with this Agreement, Pantheon may suspend fulfilling its obligations under this Agreement until such payment is received by Pantheon, including, without limitation, terminate the Service Offerings provided by Pantheon pursuant to any Subscription Plan, decrease Service Offerings or features accessible by Subscriber or any Client, restrict access to Subscriber or Client sites, suspend operation of any Subscriber sites or Subscriber’s or Clients’ access to all or part of the Service Offerings, all without notice or liability.
11.3 Modification of Fees. Pantheon may change its prices at any time but will provide you reasonable notice of any such changes by posting the new prices on the UI with or without notice, or by emailing you notice. If you do not wish to pay the new prices, you may cancel the services prior to the change going into effect.
12. TERMINATION.
13. CONFIDENTIALITY.
14. DMCA.
15. MISCELLANEOUS
15.3 Enforceability of Agreement. Subscriber certifies to Pantheon that if Subscriber is an individual (i.e., not a corporate entity), Subscriber is at least 13 years of age. No one under the age of 13 may provide any personal information to Pantheon (including, for example, a name, address, telephone number or e-mail address). Subscriber also certifies that it is legally permitted to use the Service Offerings and access the UI, and takes full responsibility for the selection and use of the Service Offerings and access of the UI. This Agreement is void where prohibited by law, and the right to access the Service Offerings is revoked in such jurisdictions. Pantheon makes no claim that the UI may be lawfully viewed or that Service Offerings may be downloaded outside of the United States. Access to the Service Offerings may not be legal by certain persons or in certain countries. If you access the UI from outside the United States, you do so at your own risk and you are responsible for compliance with the laws of your jurisdiction.
15.4 No Waiver of Rights. No provision of this Agreement, unless such provision otherwise provides, will be waived by any act, omission or knowledge of Pantheon or its agents or employees, except by an instrument in writing expressly waiving such provision and signed by a duly authorized officer of Pantheon. The failure of either party to exercise in any respect any right provided for herein shall not be deemed a waiver of any further rights hereunder.
15.5 Force Majeure. Pantheon will not be liable for any delay or failure to perform any obligation under this Agreement where the delay or failure results from any cause beyond our reasonable control, including acts of God, labor disputes or other industrial disturbances, systemic electrical, mechanical, telecommunications, or other utility failures or degradation, earthquake, storms or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism, or war.
15.6 Severability of Provisions. If any provision of this Agreement is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and enforceable.
15.7 Assignment and Transferability of Agreement. This Agreement is not assignable, transferable or sub-licensable by Subscriber except with Pantheon’s prior written consent. Pantheon may assign this Agreement in whole or in part at any time without Subscriber’s consent.
15.10 Scope of Agreement. Subscriber’s relationship to Pantheon is that of an independent contractor, and neither party is an agent or partner of the other. You will not have, and will not represent to any third party that you have, any authority to act on behalf of Pantheon and further indemnifies and holds Pantheon harmless for any claims or lawsuits resulting from such action.
15.11 Notice and Contact Information. Any notice to Pantheon that is required or permitted by this Agreement shall be in writing and shall be deemed effective upon receipt, when sent by confirmed e-mail to [email protected] or when delivered in person by nationally recognized overnight courier or mailed by first class, registered or certified mail, postage prepaid, to Pantheon Systems, Inc., 717 California Street, Third Floor, San Francisco, CA, 94108. Except as otherwise set forth herein, any notice to you shall be in writing and shall be deemed effective when sent by e-mail to the last e-mail address you provided pursuant to this Agreement.
16. Legal Disputes.
You and Pantheon agree that any claim or dispute at law or equity that has arisen, or may arise, between you and Pantheon (including any claim or dispute between you and a third-party agent of Pantheon) that relates in any way to or arises out of this or previous versions of this Agreement, your use of or access to the Service Offerings, the actions of Pantheon or its agents, or any products, services or support sold, offered, or purchased from Pantheon will be resolved in accordance with the provisions set forth in this Legal Disputes section.
16.2. Applicable Law.
You agree that, except to the extent inconsistent with or preempted by federal law, the laws of the State of California, without regard to principles of conflict of laws, will govern this Agreement and any claim or dispute that has arisen or may arise between you and Pantheon, except as otherwise stated in this Agreement.
16.3. Agreement to Arbitrate
You and Pantheon each agree that any and all disputes or claims that have arisen, or may arise, between you and Pantheon (including any disputes or claims between you and a third-party agent of Pantheon) that relate in any way to or arise out of this or previous versions of the Agreement, your use of or access to the Service Offerings, the actions of Pantheon or its agents, or any products, services, or support sold, offered, or purchased from Pantheon shall be resolved exclusively through final and binding arbitration, rather than in court. Alternatively, you may assert your claims in small claims court, if your claims qualify and so long as the matter remains in such court and advances only on an individual (non-class, non-representative) basis. The Federal Arbitration Act governs the interpretation and enforcement of this Agreement to Arbitrate.
Prohibition of Class and Representative Actions and Non-Individualized Relief
YOU AND PANTHEON AGREE THAT EACH OF US MAY BRING CLAIMS AGAINST THE OTHER ONLY ON AN INDIVIDUAL BASIS AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, OR REPRESENTATIVE OR PRIVATE ATTORNEY GENERAL ACTION OR PROCEEDING. UNLESS BOTH YOU AND PANTHEON AGREE OTHERWISE, THE ARBITRATOR MAY NOT CONSOLIDATE OR JOIN MORE THAN ONE PERSON'S OR PARTY'S CLAIMS, AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CONSOLIDATED, REPRESENTATIVE, CLASS, OR PRIVATE ATTORNEY GENERAL ACTION OR PROCEEDING. ALSO, THE ARBITRATOR MAY AWARD RELIEF (INCLUDING MONETARY, INJUNCTIVE, AND DECLARATORY RELIEF) ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO PROVIDE RELIEF NECESSITATED BY THAT PARTY'S INDIVIDUAL CLAIM(S). ANY RELIEF AWARDED CANNOT AFFECT OTHER USERS. If a court decides that applicable law precludes enforcement of any of this paragraph's limitations as to a particular claim for relief, then that claim (and only that claim) must be severed from the arbitration and may be brought in court, subject to your and Pantheon's right to appeal the court's decision. All other claims will be arbitrated.
16.3.2 Arbitration Procedures
Arbitration is more informal than a lawsuit in court. Arbitration uses a neutral arbitrator instead of a judge or jury, and court review of an arbitration award is very limited. However, an arbitrator can award the same damages and relief on an individual basis that a court can award to an individual. An arbitrator should apply the terms of the Agreement as a court would. All issues are for the arbitrator to decide, except that issues relating to arbitrability, the scope or enforceability of this Agreement to Arbitrate, or the interpretation of Section 16.3.1 of this Agreement to Arbitrate ("Prohibition of Class and Representative Actions and Non-Individualized Relief"), shall be for a court of competent jurisdiction to decide.
The arbitration will be conducted by the American Arbitration Association ("AAA") under its rules and procedures, including the AAA's Consumer Arbitration Rules (as applicable), as modified by this Agreement to Arbitrate. The AAA's rules are available at www.adr.org.
A party who intends to seek arbitration must first send to the other, by certified mail, a completed form Notice of Dispute ("Notice"). You may request a Notice by contacting Pantheon. The request for the Notice and the completed Notice to Pantheon should be sent to Pantheon at the address set forth in Section 15.11, Attn: Legal Department, Re: Notice of Dispute. Pantheon will send any Notice to you to the physical address we have on file associated with your Pantheon account; it is your responsibility to keep your physical address up to date. All information called for in the Notice must be provided, including a description of the nature and basis of the claims the party is asserting and the relief sought.
If you and Pantheon are unable to resolve the claims described in the Notice within 30 days after the Notice is sent, you or Pantheon may initiate arbitration proceedings. A form for initiating arbitration proceedings is available on the AAA's site at www.adr.org. In addition to filing this form with the AAA in accordance with its rules and procedures, the party initiating the arbitration must mail a copy of the completed form to the opposing party. You may send a copy to Pantheon at the address set out in Section 15.11 attention Pantheon Legal Department. In the event Pantheon initiates an arbitration against you, it will send a copy of the completed form to the physical address we have on file associated with your Pantheon account. Any settlement offer made by you or Pantheon shall not be disclosed to the arbitrator.
The arbitration hearing shall be held in the county in which you reside or at another mutually agreed location. If the value of the relief sought is $10,000 or less, you or Pantheon may elect to have the arbitration conducted by telephone or based solely on written submissions, which election shall be binding on you and Pantheon subject to the arbitrator's discretion to require an in-person hearing, if the circumstances warrant. In cases where an in-person hearing is held, you and/or Pantheon may attend by telephone, unless the arbitrator requires otherwise.
The arbitrator will decide the substance of all claims in accordance with applicable law, including recognized principles of equity, and will honor all claims of privilege recognized by law. The arbitrator's award shall be final and binding and judgment on the award rendered by the arbitrator may be entered in any court having jurisdiction thereof.
Payment of all filing, administration and arbitrator fees will be governed by the AAA's rules, unless otherwise stated in this Agreement to Arbitrate.
With the exception of any of the provisions in Section 16.3.1 of this Agreement to Arbitrate ("Prohibition of Class and Representative Actions and Non-Individualized Relief"), if an arbitrator or court decides that any part of this Agreement to Arbitrate is invalid or unenforceable, the other parts of this Agreement to Arbitrate shall still apply.
Future Amendments to the Agreement to Arbitrate
Notwithstanding any provision in the Agreement to the contrary, you and we agree that if we make any amendment to this Agreement to Arbitrate (other than an amendment to any notice address or site link provided herein) in the future, that amendment shall not apply to any claim that was filed in a legal proceeding against Pantheon prior to the effective date of the amendment. The amendment shall apply to all other disputes or claims governed by the Agreement to Arbitrate that have arisen or may arise between you and Pantheon.
16.4. Judicial Forum for Legal Disputes
Unless you and we agree otherwise, in the event that the Agreement to Arbitrate above is found not to apply to you or to a particular claim or dispute, as a result of a decision by the arbitrator or a court order, you agree that any claim or dispute that has arisen or may arise between you and Pantheon must be resolved exclusively by a state or federal court located in San Francisco, California. You and Pantheon agree to submit to the personal jurisdiction of the courts located within San Francisco, California for the purpose of litigating all such claims or disputes.
17. TERMS AND DEFINITIONS
“Agency Reseller Agreement” has the meaning set forth in Section 2.2 (Resale).
“API” means an application program interface.
“Applicable Data Protection Law” shall mean (i) prior to 25 May 2018, the EU Data Protection Directive (Directive 95/46/EC); and (ii) on or after 25 May 2018, the EU General Data Protection Regulation (Regulation 2016/679).
“Authorized Person” has the meaning set forth in Section 4.4.
“Claim” has the meaning set forth in Section 8.1.
“Client” has the meaning set forth in Section 2.1 (Agencies).
“Confidential Information” means all nonpublic information disclosed by Pantheon, our business partners or our or their respective employees, contractors or agents, or disclosed by you, that is designated as confidential or that, given the nature of the information or circumstances surrounding its disclosure, reasonably should be understood to be confidential. Confidential Information includes: (a) nonpublic information relating to our or our business partners’ technology, customers, business plans, promotional and marketing activities, finances, business metrics (e.g., growth rates), business methodologies, our intellectual property, pricing, product roadmaps and other business affairs; (b) third-party information that Pantheon is obligated to keep confidential; and (c) the nature, content and existence of any discussions or negotiations between you and Pantheon. Notwithstanding the foregoing, Confidential Information does not include Subscriber Content or any information that: (i) is or becomes publicly available without breach of this Agreement; (ii) can be shown by documentation to have been known to the receiving party at the time of its receipt from the disclosing party; (iii) is received from a third party who did not acquire or disclose the same by a wrongful or tortious act; or (iv) can be shown by documentation to have been independently developed by the receiving party without reference to the Confidential Information.
“Documentation” means the user guides and operations manuals provided with the Service Offerings.
“EEA” has the meaning set forth in Section 4.3.
“Effective Date” has the meaning set forth in the first paragraph of this Agreement.
“End User” means any individual or entity that directly or indirectly through another user: (a) accesses or uses your Subscriber Content; or (b) otherwise accesses or uses the Service Offerings under your account.
“Feedback” has the meaning set forth in Section 5.5.
“High Risk Activities” means uses such as the operation of nuclear facilities, air traffic control, or life support systems, or other uses where the use or failure of the Service Offerings could lead to death, personal injury, or environmental damage.
“Other Prohibited Activities” means storing or processing any Customer Data that is subject to the International Traffic in Arms Regulations maintained by the Department of State, or using the Service Offerings to operate or enable any telecommunications service or allow Customer End Users to place calls or to receive calls from any public switched telephone network.
“Pass Through Terms” has the meaning set forth in Section 2.2 (Resale).
“Permitted Purpose” has the meaning set forth in Section 4.2.
“Privacy Policy” has the meaning set forth in the first paragraph of this Agreement.
“Security Incident” has the meaning set forth in Section 4.5.
“Service Offerings” means the Subscription Plan, Software Tools, or Support offered to Subscriber (and, if Subscriber is an Agency, Subscription Plans offered to such Agency’s customers). Service Offerings do not include Third Party Content or Subscriber Content.
“Software Tools” means the software tools that allow for development, maintenance, and oversight of one or multiple websites on a subscription basis (including, without limitation, development environment, workflow integration tools, dashboard, site access controls and search), the Documentation, the Marks, the UI, and any other web product or web service provided by Pantheon under this Agreement. Software Tools do not include Third Party Content or Subscriber Content.
“Subscriber” has the meaning set forth in the first paragraph or this Agreement, and in Section 2.2 (Resale).
“Subscriber Content” means content that Subscriber or any End User (a) runs on the Service Offerings, (b) causes to interface with the Service Offerings, or (c) uploads to the Service Offerings under its account or otherwise transfers, processes, uses or stores in connection with such account. For the purposes of this definition, “Subscriber Content” means, without limitation, software or source code, audio, video, animations, text, graphics, logos, tools, photographs, images, illustrations, Subscriber programming code and API(s), dashboard(s), administration tools, and graphical interface(s).
“Subscription Plan” means a paid subscription-based website hosting plan.
“Supplemental Terms” has the meaning set forth in paragraph 2 of this Agreement.
“Support” has the meaning set forth in Section 3.1.
“Support Description” has the meaning set forth in Section 3.1.
“Term” means the agreed upon length of the Agreement between you and Pantheon as set forth in the applicable documentation.
“Third Party Content” means content made available to you by any third party on the UI or in conjunction with the Service Offerings. For the purposes of this definition, “Third Party Content” means, without limitation, software or source code, audio, video, animations, text, graphics, logos, tools, photographs, images, illustrations, Third Party programming code and API(s), dashboard(s), administration tools, and graphical interface(s).
“UI” or “User Interface” means all Pantheon-created content, including but not limited to software or source code, audio, video, animations, text, graphics, logos, tools, photographs, images, animations, illustrations, the Pantheon programming code and APIs, dashboard(s), administration tools, and graphical interface(s), all as created and/or used by or on behalf of Pantheon in connection with provision of the Service Offerings. UI does not include Third Party Content or Subscriber Content.
“Web Site” means https://www.pantheon.io and any successor website of Pantheon.
Reseller Terms of Service
Version 9.0
Effective June 3, 2020
DownloadTable of Contents
ONLY APPLICABLE TO RESELLERS
These Supplemental Terms (“Supplemental Terms”) are for the resale of subscription plans by a Subscriber under a separately entered services agreement (“Agreement”) entered between Pantheon Systems, Inc. (“Pantheon,” “we,” “us,” or “our”) and a Subscriber who for purposes of these Supplemental Terms shall be an authorized reseller (“Subscriber” or “you”). These Supplemental Terms take effect on the earlier of: the last date a party signs, when you click an “Accept” button or by your use of any of the Services (the “Effective Date”). All capitalized terms are as defined in the Agreement except as set out herein.
1.AGENCIES
Certain Subscribers may either only build websites for third parties or build websites for third parties in addition to their own websites. Such Subscribers are defined as “Agencies” hereunder. Only entities that are direct signatories to this Agreement with Pantheon may be Agencies. Agencies that purchase Subscription Plans for the websites they develop may resell the Subscription Plans provided by Pantheon to their third party customers who agree to be bound by certain obligations Subscriber owes to Pantheon (each, a “Client”). From time to time, Pantheon may opt to exclude certain offerings from those that may be resold.
2. RESALE CONDITIONS
2.1 Authorized resale. Agencies may resell Subscription Plans to Clients that will be operating their own websites, provided that the following conditions are met: (a) Subscriber pays Pantheon its then current fee for each such Subscription Plan and any renewal thereof; (b) Agency obtains the Client’s agreement to be bound by the obligations imposed on Subscriber under the Agreement (the “Pass Through Terms”) and (c) Pantheon is made a third party beneficiary of the Pass Through Terms. Pricing, billing, support, and all other terms and conditions are solely between you and your Client. Your agreement with your Client will include language that specifically exempts third parties, including Pantheon, from any liability (the “Agency Reseller Agreement”). You shall promptly notify Pantheon of any violations of this Agreement or the Agency Reseller Agreement by any Clients.
2.2 Your Failure to Pay for Clients. Pantheon reserves the right to terminate the Subscription Plans, or any renewal thereof, provided by Pantheon to you or that you resold to a Client, if you fail to pay the applicable fees for such Subscription Plan within ten (10) days after such payment becomes due hereunder.
2.3 Client Violations. You are responsible for your Clients’ use of the Services and Subscription Plan. You shall ensure that all Clients comply with the obligations set out in the Agreement. If you become aware of any violation by a Client of the Agreement or these Supplemental Terms, you will immediately indemnify Pantheon as set out below, require Client to comply, and if necessary, terminate such Client’s access to the Subscription Plan.
2.4 No Warranties. You may not make any representation or warranty regarding the functionality or performance of the Services that exceed the terms set forth in the Agreement, and you shall indemnify and hold Pantheon harmless pursuant to the terms of Section 8 for any claims or lawsuits resulting from such action.
2.5 Access to Usernames and Passwords. You shall not disclose user names or passwords to unauthorized users.
2.6 Audit. You will maintain accurate records relating to resales of the Subscription Plans under these Supplemental Terms and for three (3) years after the expiration or termination of the last Subscription Plan hereunder. Pantheon or its agent(s) shall be entitled to audit such records during normal business hours and on reasonable prior notice, in order to verify Subscribers’ compliance with the terms of this Section 2.
2.7 Marks. Pantheon hereby grants to you a limited, non-transferable, royalty-free license to use its trademarks and logos (“Marks”) solely in connection with the fulfillment of your resale rights under these Supplemental Terms, and at all times subject to Pantheon’s specifications as set forth at https://pantheon.io/pantheon-trademark-standards-use and the Agreement. You acknowledge and agree that Pantheon holds all right, title and ownership in and to the Pantheon Marks and the goodwill pertaining thereto.
2.8 Indemnification. You will defend, indemnify, and hold us harmless, including our employees, officers, directors, representatives, our licensors and service providers, and each of their respective employees, officers, directors, and representatives from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to any third party claim in connection with these Supplemental Terms.
Privacy Policy
Version 5.0
Non-Disclosure Agreement
Version 6.2
Effective July 7, 2020
DownloadTable of Contents
Non-Disclosure Agreement
- 	
- As used herein, the “Confidential Information” of Pantheon will mean any and all technical and non-technical information disclosed by Pantheon to the Receiving Party, which may include without limitation: (a) patent and patent applications, (b) trade secrets, and (c) proprietary and confidential information, ideas, media, drawings, works of authorship, inventions, know-how, processes, algorithms, software programs and software source documents related to the current, future, and proposed products and services of Pantheon, such as information concerning research, development, design details and specifications, engineering, financial information, procurement requirements, purchasing, manufacturing, customer lists, investors, employees, business and contractual relationships, business forecasts, sales and merchandising, and marketing plans. 	
- Subject to Section 3, the Receiving Party agrees that at all times it will hold in strict confidence and not disclose to any third party any Confidential Information of Pantheon, except as approved in writing by Pantheon, and will use the Confidential Information of Pantheon for no purpose other than the Permitted Use. Receiving Party will limit access to the Confidential Information of Pantheon to only those of the Receiving Party’s employees or authorized representatives having a need to know and who have signed confidentiality agreements containing, or are otherwise bound by, confidentiality obligations at least as restrictive as those contained herein. 	
- The Receiving Party will not have any obligations under this Agreement with respect to a specific portion of the Confidential Information of Pantheon if the Receiving Party can demonstrate with competent evidence that such portion of Confidential Information (a) was in the public domain at the time it was disclosed to the Receiving Party; (b) entered the public domain subsequent to the time it was disclosed to the Receiving Party, through no fault of the Receiving Party; (c) was in the Receiving Party’s possession free of any obligation of confidence at the time it was disclosed to the Receiving Party; (d) was rightfully communicated to the Receiving Party free of any obligation of confidence subsequent to the time it was disclosed to the Receiving Party by Pantheon; or (e) was developed by employees or agents of the Receiving Party independently of and without reference to any information communicated to the Receiving Party by Pantheon. 	
- Notwithstanding the above, the Receiving Party may disclose certain Confidential Information of Pantheon as permitted by law, or if required by a valid order of a court or other governmental body with jurisdiction, provided that the Receiving Party provides Pantheon with reasonable prior written notice of such order and makes a reasonable effort to obtain, or to assist Pantheon in obtaining, a protective order preventing or limiting the disclosure and/or requiring that the Confidential Information so disclosed be used only for the purposes for which the law or regulation required. 	
- The Receiving Party will immediately notify Pantheon upon discovery of any loss or unauthorized disclosure of the Confidential Information of Pantheon. 	
- Immediately upon completion of the Receiving Party’s authorized use of the Confidential Information, or upon written request of Pantheon, the Receiving Party will return to Pantheon or destroy all documents and other tangible materials representing Pantheon’s Confidential Information and all copies thereof, and certify that such Confidential Information has been deleted and expunged. 	
- The Receiving Party acknowledges and agrees that the Confidential Information of Pantheon is owned by and shall remain the sole and exclusive property of Pantheon. The Receiving Party recognizes and agrees that nothing contained in this Agreement will be construed as granting any property rights, by license or otherwise, to any Confidential Information of Pantheon, or to any invention or any patent, copyright, trademark, or other intellectual property right that has issued or that may issue, based on such Confidential Information. 	
- The Receiving Party will not reproduce the Confidential Information of Pantheon in any form except as required to accomplish the intent of this Agreement. Any reproduction by the Receiving Party of any Confidential Information of Pantheon will remain the property of Pantheon and will contain any and all confidential or proprietary notices or legends that appear on the original, unless otherwise authorized in writing by Pantheon. 	
- The Receiving Party agrees that during the course of communications pursuant to this Agreement, the Receiving Party will not make any unauthorized use or disclosure of any confidential or proprietary information or trade secrets of any other person or entity to whom it owes an obligation of confidentiality with respect to such information, including but not limited to, any current or former employer. 	
- The Receiving Party’s obligations under this Agreement will survive termination of the discussions or dealings between the Parties related to the Permitted Use and will be binding upon the Receiving Party’s heirs, successors, and assigns. 	
- This Agreement will be governed by and construed in accordance with the laws of California without reference to conflict of laws principles. Any disputes under this Agreement may only be brought in the state courts and the Federal courts located in San Francisco, California, and the Parties hereby consent to the exclusive personal jurisdiction and venue of these courts. 	
- The Receiving Party acknowledges that its breach of this Agreement may cause irreparable damage to Pantheon and hereby agrees that the Pantheon will be entitled to seek injunctive relief under this Agreement, as well as such further relief as may be granted by a court of competent jurisdiction. 	
- If any provision of this Agreement is found to be unenforceable or invalid, such unenforceability or invalidity will not render this Agreement unenforceable or invalid as a whole and, in such event, such provision will be changed and interpreted so as to best accomplish the objectives of such unenforceable or invalid provision within the limits of applicable law or applicable court decisions. 	
- Receiving Party will assign or transfer any rights or obligations under this Agreement without the prior written consent of the other Party, except that a Party may assign this Agreement without such consent to its successor in interest by way of merger, acquisition or sale of all or substantially all of its assets. 	
- This Agreement represents the entire agreement and understanding between the Parties with respect to the subject matter hereof and supersedes all prior discussions relating to the subject matter of this Agreement. This Agreement is entered into without any reliance on any promise or representation, written or oral, other than those expressly contained herein, and may not be modified or amended in any way except by a writing signed by duly authorized officers of the Parties hereto. This Agreement may be executed in counterparts, which shall be deemed to be part of one original, and facsimile and electronic acceptance processes and electronic signatures shall be equivalent to original signatures.
Change Order to Vendor Master Services Agreement
Version 9.0
Effective May 5, 2020
DownloadTable of Contents
Change Order
Pantheon | Vendor |
By: Date: Title: | By: Date: Title: |
Non-Disclosure Agreement (US)
Version 9.0
Effective July 27, 2021
DownloadTable of Contents
Non-Disclosure Agreement (US)
- As used herein, the “Confidential Information” of Pantheon will mean any and all technical and non-technical information disclosed by Pantheon to the Receiving Party, which may include without limitation: (a) patent and patent applications, (b) trade secrets, and (c) proprietary and confidential information, ideas, media, drawings, works of authorship, inventions, know-how, processes, algorithms, software programs and software source documents related to the current, future, and proposed products and services of Pantheon, such as information concerning research, development, design details and specifications, engineering, financial information, procurement requirements, purchasing, manufacturing, customer lists, investors, employees, business and contractual relationships, business forecasts, sales and merchandising, and marketing plans.
- Subject to Section 3, the Receiving Party agrees that at all times it will hold in strict confidence and not disclose to any third party any Confidential Information of Pantheon, except as approved in writing by Pantheon, and will use the Confidential Information of Pantheon for no purpose other than the Permitted Use. Receiving Party will limit access to the Confidential Information of Pantheon to only those of the Receiving Party’s employees or authorized representatives having a need to know and who have signed confidentiality agreements containing, or are otherwise bound by, confidentiality obligations at least as restrictive as those contained herein.
- The Receiving Party will not have any obligations under this Agreement with respect to a specific portion of the Confidential Information of Pantheon if the Receiving Party can demonstrate with competent evidence that such portion of Confidential Information (a) was in the public domain at the time it was disclosed to the Receiving Party; (b) entered the public domain subsequent to the time it was disclosed to the Receiving Party, through no fault of the Receiving Party; (c) was in the Receiving Party’s possession free of any obligation of confidence at the time it was disclosed to the Receiving Party; (d) was rightfully communicated to the Receiving Party free of any obligation of confidence subsequent to the time it was disclosed to the Receiving Party by Pantheon; or (e) was developed by employees or agents of the Receiving Party independently of and without reference to any information communicated to the Receiving Party by Pantheon.
- Notwithstanding the above, the Receiving Party may disclose certain Confidential Information of Pantheon as permitted by law, or if required by a valid order of a court or other governmental body with jurisdiction, provided that the Receiving Party provides Pantheon with reasonable prior written notice of such order and makes a reasonable effort to obtain, or to assist Pantheon in obtaining, a protective order preventing or limiting the disclosure and/or requiring that the Confidential Information so disclosed be used only for the purposes for which the law or regulation required.
- The Receiving Party will immediately notify Pantheon upon discovery of any loss or unauthorized disclosure of the Confidential Information of Pantheon.
- Immediately upon completion of the Receiving Party’s authorized use of the Confidential Information, or upon written request of Pantheon, the Receiving Party will return to Pantheon or destroy all documents and other tangible materials representing Pantheon’s Confidential Information and all copies thereof, and certify that such Confidential Information has been deleted and expunged.
- The Receiving Party acknowledges and agrees that the Confidential Information of Pantheon is owned by and shall remain the sole and exclusive property of Pantheon. The Receiving Party recognizes and agrees that nothing contained in this Agreement will be construed as granting any property rights, by license or otherwise, to any Confidential Information of Pantheon, or to any invention or any patent, copyright, trademark, or other intellectual property right that has issued or that may issue, based on such Confidential Information.
- The Receiving Party will not reproduce the Confidential Information of Pantheon in any form except as required to accomplish the intent of this Agreement. Any reproduction by the Receiving Party of any Confidential Information of Pantheon will remain the property of Pantheon and will contain any and all confidential or proprietary notices or legends that appear on the original, unless otherwise authorized in writing by Pantheon.
- The Receiving Party agrees that during the course of communications pursuant to this Agreement, the Receiving Party will not make any unauthorized use or disclosure of any confidential or proprietary information or trade secrets of any other person or entity to whom it owes an obligation of confidentiality with respect to such information, including but not limited to, any current or former employer.
- The Receiving Party’s obligations under this Agreement will survive termination of the discussions or dealings between the Parties related to the Permitted Use and will be binding upon the Receiving Party’s heirs, successors, and assigns.
- This Agreement will be governed by and construed in accordance with the laws of California without reference to conflict of laws principles. Any disputes under this Agreement may only be brought in the state courts and the Federal courts located in San Francisco, California, and the Parties hereby consent to the exclusive personal jurisdiction and venue of these courts.
- The Receiving Party acknowledges that its breach of this Agreement may cause irreparable damage to Pantheon and hereby agrees that the Pantheon will be entitled to seek injunctive relief under this Agreement, as well as such further relief as may be granted by a court of competent jurisdiction.
- If any provision of this Agreement is found to be unenforceable or invalid, such unenforceability or invalidity will not render this Agreement unenforceable or invalid as a whole and, in such event, such provision will be changed and interpreted so as to best accomplish the objectives of such unenforceable or invalid provision within the limits of applicable law or applicable court decisions.
- Neither Party will assign or transfer any rights or obligations under this Agreement without the prior written consent of the other Party, except that a Party may assign this Agreement without such consent to its successor in interest by way of merger, acquisition or sale of all or substantially all of its assets.
- This Agreement represents the entire agreement and understanding between the Parties with respect to the subject matter hereof and supersedes all prior discussions relating to the subject matter of this Agreement. This Agreement is entered into without any reliance on any promise or representation, written or oral, other than those expressly contained herein, and may not be modified or amended in any way except by a writing signed by duly authorized officers of the Parties hereto. This Agreement may be executed in counterparts, which shall be deemed to be part of one original, and facsimile and electronic acceptance processes and electronic signatures shall be equivalent to original signatures.
Pantheon Systems, Inc. (Pantheon) Signature: Name: Title: Date: 717 California Street San Francisco, CA 94115 | Receiving Party: Signature: Name: Title: Date: Address: |
Vendor Agreements Guidelines
Version 13.0
Effective July 27, 2021
DownloadTable of Contents
Welcome to Pantheon Legal Center for Vendor Agreements!
- Submit a Statement of Work Request (SOW) or Vendor Work Order (WO), as applicable: Vendors who would like to bid or offer a service to Pantheon may fill up this form. Linked to both forms is our Global Services Agreement. (For vendor contracts with a contract value of more than $3,000; or the contract term is more than 30 days; or if vendor has any access to Pantheon's sensitive information; or other high contractual risks, the SOW shall be used. If your services do not meet any of these qualifications, the Vendor WO shall be used. If in doubt, please contact your Pantheon POC or [email protected])
- Sign additional required documents for data access: Vendors with access to Pantheon's data as a business requirement must additionally sign the following:
- Change Orders: If changes are needed to your existing SOW on Pantheon's standard template, submit these requests by Change Order.
- Once vetted by the company, Pantheon stakeholder will send vendor the link to the Vendor Requirement Form.
Customer Data Processing Agreement
Version 12.0
Effective April 15, 2021
DownloadTable of Contents
Client Data Processing Agreement
PANTHEON SYSTEMS, INC. “PANTHEON ” By: Name: Title: Date: | CUSTOMER Customer Legal Name: By: Name: Title: Date: |
SCHEDULE 1
- Employees, agents, advisors, contractors, and freelancers of Customer, who are natural persons.
- Customers, business partners, Customers and subcontractors of Customer, who are natural persons.
- Employees or contact persons of Customer’s customers, business partners, Customers and subcontractors.
- Name (first, last, middle, nickname etc.)
- Contact information (email, phone, physical address)
- [INCLUDE ADDITIONAL CATEGORIES OF DATA PROCESSED]
- Customer and Pantheon Systems, Inc. (“Pantheon”) executed a Data Processing Agreement (“DPA”) on [date signed]
- In accordance with Section 1798.140(w)(2)(B) of the California Consumer Privacy Act (“CCPA”), Service Provider certifies that it will comply with the terms and conditions of this DPA. Service Provider specifically represents and warrants that:
- It will retain, use, and disclose Customer Data in the manner permitted by the DPA, Agreement, and Data Protection Laws and Regulations and
- It is prohibited from selling Customer’s Personal Information and will refrain from taking any action that would cause a transfer of Customer’s Personal Information to qualify as a “sale” of personal information under the CCPA.
________________________________
“Customer” or “SERVICE PROVIDER”
(a) | ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; |
(b) | ‘the data exporter’ means the controller who transfers the personal data; |
(c) | ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC; |
(d) | ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract; |
(e) | ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established; |
(f) | ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. |
1. | The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary. |
2. | The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. |
3. | The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses. |
4. | The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law. |
(a) | that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State; |
(b) | that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses; |
(c) | that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract; |
(d) | that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; |
(e) | that it will ensure compliance with the security measures; |
(f) | that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; |
(g) | to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; |
(h) | to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; |
(i) | that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and |
(j) | that it will ensure compliance with Clause 4(a) to (i). |
(a) | to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; |
(b) | that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; |
(c) | that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred; |
(d) | that it will promptly notify the data exporter about:
|
(e) | to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred; |
(f) | at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority; |
(g) | to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter; |
(h) | that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent; |
(i) | that the processing services by the sub-processor will be carried out in accordance with Clause 11; |
(j) | to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter. |
1. | The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered. |
2. | If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses. |
3. | If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses. |
1. | The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
|
2. | The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law. |
1. | The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law. |
2. | The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law. |
3. | The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b). |
2. | The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses. |
3. | The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established, namely … |
4. | The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority. |
1. | The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore. |
2. | The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1. |
- Employees, agents, advisors, contractors, and freelancers of Customer, who are natural persons.
- Customers, business partners, Customers and subcontractors of Customer, who are natural persons.
- Employees or contact persons of Customer’s customers, business partners, Customers and subcontractors.
- Name (first, last, middle, nickname etc.)
- Contact information (email, phone, physical address)
- [INCLUDE ADDITIONAL CATEGORIES OF DATA PROCESSED]
DATA EXPORTER [CUSTOMER PLEASE SIGN] Name: Authorized Signature |
DATA IMPORTER Name: Whitney Stein Authorized Signature |
- Information Security Management. Pantheon has a dedicated information security team consisting of a Director of Information Security, a team of Security Engineers responsible for the management of information security throughout the organization, and cross-functional executive leadership responsible for maintaining security and compliance throughout the organization. Pantheon’s Information Security Compliance Committee (ISCC) meets at least quarterly to review changes in the requirements for information security arising from changes in law, contractual requirements and the underlying business at Pantheon. The ISCC reviews and makes any necessary corresponding adjustments to policies, governance and program administration at least annually. Pantheon has further developed a body of written policies to establish a common understanding of rules and procedures governing the development, deployment, operation and management of the Pantheon WebOps offering to its customers.
- Business Continuity and Backups. Pantheon applies a consistent unified framework for the adoption, documentation and maintenance of business continuity plans. Pantheon’s business continuity plans are designed to address priorities for testing and maintenance of Pantheon’s business and information security requirements. Business continuity procedures are reviewed by the ISCC for potential or identified threats and tested annually with any findings assigned to information security professionals responsible for implementing additional safeguards. Regarding Pantheon’s provision of services to Data Controller, website data in Pantheon systems is backed up daily to Pantheon’s subprocessor and encrypted at rest. These backups are available to Data Controller for download, export or self-service rollback and recovery. Pantheon further applies regular database backups for production web development services backup data. Secondary sites are kept in a warm stated, ready to be failed over to, as configured by Data Controller. Pantheon performs a test restore of backup data on an annual basis to validate the business continuity program.
- Access Controls. Pantheon applies measures designed to provide access to systems and data to only those individuals who have a specific authorized purpose for such use and with specific controls that protect personal data from being read, copied, modified or removed without authorization during processing or use and after storage to the extent required under the applicable customer agreement(s):
- Platform Access Controls. Pantheon will encrypt Data Controller Personal Data not intended for public or unauthenticated viewing when transferring Data Controller Personal Data over public networks. Pantheon will make available to Data Controller such tools as may be necessary and available to Pantheon to support further application of cryptographic protocol, such as TLS or SSH, for the secure transfer of Data Controller Personal Data to and from the Services over public networks. Pantheon applies standard encryption technologies to protect Data Controller data both at rest and in transit where appropriate. Pantheon establishes sessions to the Pantheon web servers utilizing Hypertext Transfer Protocol Secure (HTTPS) and automates adding and renewing Transport Layer Security (TLS) certificates for custom domains added to customer websites. Pantheon users authenticate to production servers over secure shell (SSH) encryption protocol using a uniquely assigned SSH key-pair in which the private key is enabled only with the internal user’s unique username and SSH key stored in a hardware token. Pantheon will monitor use of privileged access and maintain security information an event management measures designed to i) identify unauthorized access and activity, ii) facilitate an appropriate response, and iii) to enable internal and independent third-party audits of compliance with documented Pantheon Risk Management and Information Security policy. Logs, in which privileged access and activity are recorded, will be retained in compliance with Pantheon’s records retention standards. Pantheon will maintain measures designed to protect against unauthorized access, modification and accidental or deliberate destruction of such logs.
- Systems Access Controls. In respect of any systems used to access Pantheon platform information containing Data Controller data, this paragraph shall apply. Access to system information is protected by multiple authentication and authorization mechanisms. Pantheon leverages SAML to manage access to corporate resources. Pantheon’s vulnerability assessment consists of scanning server resources, identifying vulnerabilities, assessment of the vulnerabilities, and remediation. Vulnerability scans are performed periodically. To the extent supported by native device or operating system functionality, Data Processor will maintain computing protections for systems containing Data Controller Personal Data and all end-user systems that include, but may not be limited to, endpoint firewalls, full disk encryption, signature-based antivirus and malware detection and removal that shall i) be regularly updated by central infrastructure and ii) logged to a central location, time based screen locks, and endpoint management solutions that enforce security configuration and patching requirements. In accordance with Pantheon’s IT policies, all computers must either have antivirus software installed or alternative means to validate system integrity. Updates are pushed automatically and managed by the IT department.
- Physical Security. The platform environment is administered remotely and all access must be performed through connections secured by strong authentication with applicable subprocessors (cf., Platform Access Controls above). Accordingly, Pantheon’s subprocessors are required to maintain physical security at data center locations related to the services Pantheon provides to Data Controller. In lieu of any Data Processor or Data Controller audit access, each subprocessor provides industry standard reports which Pantheon will reasonably demand and assist Data Controller is gathering upon request. At a minimum, such physical access controls at all Pantheon and subprocessor locations shall consist of physical entry controls, such as barriers, card or digitally controlled entry points, surveillance cameras, and added security during non-working hours, to protect against unauthorized entry.
DATA EXPORTER [CUSTOMER PLEASE SIGN] Name: Authorized Signature |
DATA IMPORTER Name: Whitney Stein Authorized Signature |
Statement of Work - Site Migration
Version 3.0
Effective April 9, 2020
DownloadTable of Contents
Statement of Work - Site Migration
Purpose: Pantheon professional services team is being engaged by Subscriber to support moving Subscriber’s current sites over to Pantheon Services.
A. Pantheon Scope. All terms not defined in this statement of work (“SOW”) shall have the meaning ascribed to them in the Order Form. Subscriber and Pantheon hereby add the following activities to be performed by Pantheon pursuant to the Order Form (“Professional Services”):
1. Pantheon will migrate those sites listed in Attachment A - “Sites within Scope” to this SOW as confirmed through the kick-off meeting. Any sites not listed in Attachment A or otherwise exceeding the number of sites specified in the Order Form requiring migration hereunder shall require a Change Order and additional scoping.
a. Initial kick-off meeting as scheduled by Pantheon with Subscriber to confirm timeline, deliverables, project team, and project scope in the format set out in Attachment B - “Project Requirements” to this SOW;
B. Exclusions. Migration of sites specified in Attachment A are on an as-is basis, except as set out in Section A.2 above. The following activities are expressly excluded from Professional Services under this SOW:
1. Migration of functionality based on resources that are not available on the Pantheon platform (e.g., code that relies on specific PHP extensions or code that relies on specific server packages that are not currently on Pantheon, java, python, perl not on platform);
2. Performance or caching optimization;
3. Preservation of git history;
4. Updating of custom or contrib modules/plugins;
5. Troubleshooting or fixing issues that already existed on source server; and
6. Adding any new functionality that didn't previously exist on the site (e.g., implementation work).
C. Subscriber Responsibilities. Subscriber shall actively participate in the following manner:
1. Provide a site inventory for each site in Attachment A prior to the kick-off meeting;
2. Join and participate in the dedicated migration support channel that will be provided in Pantheon’s slack instance;
Attachment A - Sites within Scope
To be completed at the kick-off meeting by Pantheon
The sites specified below are within scope for purposes of this SOW:
Name | URL |
Attachment B - Project Requirements
To be completed at the kick-off meeting by Pantheon
A. Pantheon Team. The Pantheon team and other key roles participating for purposes of this SOW shall consist of the following initial assignments:
Initial Assignment | Role | Scope |
Pantheon Migrations, Program Manager | Escalations | |
Pantheon Migrations, Engagement Manager | Perform Pantheon scope | |
Pantheon Migrations, Engagement Manager | Perform Pantheon scope | |
Pantheon Migration Partner | If applicable, will be identified |
B. Timeline. The estimated timeline for the Professional Services below is subject to Subscriber’s availability and requirements for the Professional Services remaining unchanged from the kick-off meeting. Pantheon Professional Services shall not exceed the scope specified in this SOW without a subsequent signed written amendment and adjustment to the Fees.
Migration Process Overview (single-site migration)
[Pantheon to maintain updates here starting with the kick-off meeting]
Process Overview | Owner (Pantheon vs. Subscriber) | Start Date and Duration* |
Migration Kickoff | Pantheon and Subscriber | 1 - 1.5 hours |
Information Collection | Subscriber | Approximately 1 week |
Initial Migration | Pantheon | Approximately 1 week |
User Acceptance Testing | Pantheon and Subscriber | Approximately 2 weeks |
Launch Planning | Pantheon and Subscriber | Approximately 1 week |
Launch / Post Launch | Pantheon and Subscriber | 48 hours |
*Migration timelines will be affected by additional complexities. For instance, 1-2 additional weeks per secure integration, Advanced CDN configuration, or custom application engagements will be necessary. For 2-5 sites, allow an additional 2 weeks. Add approximately 2 weeks for each additional 5 sites.
C. Adjustments to Project Scope. This SOW shall include the following adjustments to the Professional Services. Except as specifically set out below, Pantheon shall not be responsible for any additional activities except as set out in the standard Pantheon Professional Services SOW.
1. None, unless otherwise specified.
D. Deliverables. Except as specifically set out below, this SOW does not include any specific Deliverables, which are defined as the tangible work product of the Professional Services performed by Pantheon on behalf of Subscriber under this SOW.
1. None, unless otherwise specified.
E. Any known issues or limitations. Pantheon and Subscriber have identified the following issues or limitations during the course of the kick-off meeting as specified below. Any other material issues or limitations shall result in a separate signed written SOW between the parties.
Statement of Work - Managed Updates
Version 3.0
Effective July 11, 2020
DownloadTable of Contents
Statement of Work - Managed Updates
Purpose: Pantheon’s professional services team is being engaged by Subscriber to apply updates to the core and contrib modules/plugins of Drupal and WordPress. These updates are detected and validated to provide a model for the timely update of sites and apply visual regression testing.
A. Pantheon Scope. All terms not defined in this statement of work (“SOW”) shall have the meaning ascribed to them in the Order Form. Subscriber and Pantheon hereby add the following activities to be performed by Pantheon pursuant to the Order Form (“Professional Services”):
- Pantheon will update sites only as specified in the inclusion list and confirmed in writing by Pantheon through the kick-off meeting as set out in Attachment A - “Sites within Scope” to this SOW. Any sites not listed in Attachment A are excluded from the scope of this SOW.
- Managed updates for sites specified in Attachment A shall consist of:
- Initial kick-off meeting as scheduled by Pantheon with Subscriber to confirm timeline, deliverables, project team, and project scope in the format set out in Attachment B - “Project Requirements” to this SOW;
- Performing initial updates and patches (patches applicable to Drupal 8 only) to the sites and applicable core and contrib modules listed in Attachment A;
- Updates shall be applied in accordance with Pantheon’s development workflow tools;
- For any failures during testing process, provide the following: (i) prompt alerts of failure by email (ii) support identification of the root cause of error, (iii) recommendations around possible solutions to be decided by Subscriber, and (iv) designate an engagement manager to support Subscriber in the event of a failure to apply an update;
- Provide visual Regression testing of up to 20 urls;
- Apply updates to the git repository for any Pantheon efforts under this SOW;
- Monitor and provide security updates to applicable core and contrib modules within 3 business days of detection;
- Monitor and provide other updates in scope (as set out in Attachment B) within one week of their release.
B. Exclusions. Services are provided in accordance with Section A.2 above. The following activities are expressly excluded from Professional Services under this SOW:
- Application issues that may arise from implementing the Services is out of scope; and
- Any integration scope of services would require a separate custom development workflow (available separately as a service offering).
C. Subscriber Responsibilities. Subscriber shall actively participate in the following manner:
- Provide the Pantheon team with timely updates regarding Attachments A and B hereto; and
- At Subscriber’s option, perform user acceptance testing with multidev during the 3 business day period before updates are deployed for the Services hereunder.
Attachment A - Sites within Scope
To be completed at the kick-off meeting by Pantheon
The sites specified below are within scope for purposes of this SOW:
Name | URL |
Included core and contrib modules for updates | |
Applicable URLs for Visual regression test | |
Attachment B - Project Requirements
To be completed at the kick-off meeting by Pantheon
Initial Assignment | Role | Scope |
Managed Updates Process Overview
Provided below is an overview of the process for managed updates:
Process Overview | Owner (Pantheon vs. Subscriber) | Start Date and Duration* |
Subscriber understands that the Pantheon Team for this SOW has usual business hours and is available between Monday to Friday, 8am to 5pm EST. Outside of these hours, Subscriber may reach out to Pantheon's support team.
E. Any known issues or limitations. Pantheon and Subscriber have identified the following issues or limitations during the course of the kick-off meeting as specified below. Any other material issues or limitations shall result in a separate signed written SOW between the parties.
Statement of Work - Advanced Global CDN
Version 6.0
Effective February 1, 2021
DownloadTable of Contents
- Pantheon will provide AGCDN services as listed in Attachment A - “AGCDN Services within Scope” to this SOW as confirmed through the kick-off meeting. Any sites not listed in Attachment A or otherwise exceeding the number of sites specified in the Order Form requiring migration hereunder shall require a Change Order and additional scoping.
- AGCDN Services included in Attachment A shall consist of:
- Initial kick-off meeting as scheduled by Pantheon with Subscriber to confirm timeline, deliverables, project team, and project scope in the format set out in Attachment B - “Project Requirements” to this SOW;
- Customization or configuration of AGCDN based on Attachment A.
- Updates to the core and contrib modules/plugins of Drupal and WordPress;
- Site Migration from Subscriber’s current sites to Pantheon Services; and
- AGCDN Services that are not in scope, as specified in Attachment A.
- Join and participate in the dedicated AGCDN support channel that will be provided in Pantheon’s slack instance;
- Provide Pantheon AGCDN team with necessary access to current host or to code, database, and files;
- Perform any user acceptance testing within the timeline specified in Attachment B;
- Perform DNS cutover within the timeline specified in Attachment B.
Within Scope? Yes/No | AGCDN SERVICES |
Image Optimization (IO) | |
Geo Block or Allow Listing | |
IP Block or Allow Listing | |
Non-Pantheon Origins | |
Custom Rewrites | |
URL Redirects | |
Non SSL | |
Domain Masking | |
Custom TLS Certificates | |
Add on: Web Application Firewall (WAF) | |
Others: | |
Others: | |
Others: |
- Pantheon Team. Pantheon will make available resources to provide the Professional Services described in this SOW, which may include consultation and configuration.
- Timeline. The estimated timeline for the Professional Services below is subject to Subscriber’s availability and requirements for the Professional Services remaining unchanged from the kick-off meeting. Pantheon Professional Services shall not exceed the scope specified in this SOW without a subsequent signed written amendment and adjustment to the Fees.
Process Overview | Owner (Pantheon vs. Subscriber) | Start Date and Duration* |
AGCDN Kickoff | Pantheon and Subscriber | 1 - 1.5 hours |
Information Collection | Subscriber | Approximately 1 week |
Initial Configuration or Customization | Pantheon | Approximately 3 weeks |
User Acceptance Testing | Pantheon and Subscriber | Approximately 2 weeks |
Launch Planning | Pantheon and Subscriber | Approximately 1 week |
Launch** / Post Launch | Pantheon and Subscriber | 48 hours |
- Deemed Acceptance. Subscriber will be deemed to have accepted the AGCDN Services if Subscriber fails to notify Pantheon in writing prior to the end of the User Acceptance Testing Period that it has passed or failed its User Acceptance Tests.
- Adjustments to Project Scope. This SOW shall include the following adjustments to the Professional Services. Except as specifically set out below, Pantheon shall not be responsible for any additional activities except as set out in the standard Pantheon Professional Services SOW.
- None, unless otherwise specified.
- Deliverables. Except as specifically set out below, this SOW does not include any specific Deliverables, which are defined as the tangible work product of the Professional Services performed by Pantheon on behalf of Subscriber under this SOW.
- None, unless otherwise specified.
- Change Management. Pantheon shall provide 4 hours of change management per quarter, scheduled between Mondays to Fridays, 9am to 5pm Eastern Standard time. Change Management usage is not applicable for new feature development, front end work, or other tasks generally reserved for normal support services. Change Management usage requested in excess of 4 hours shall be billed according to Pantheon’s Professional Services rates. Unused hours shall automatically expire at the end of each quarter.
- New Features. Subscriber can request new features at no additional charge. “New Features” is defined as a service not scoped in Attachment A and would take more than the Subscriber’s balance of Change Management hours in the current quarter. New Features will require a new Statement of Work between the parties.
- Any known issues or limitations. Pantheon and Subscriber have identified the following issues or limitations during the course of the kick-off meeting as specified below. Any other material issues or limitations shall result in a separate signed written SOW between the parties.
Pantheon SOC 2 Type 2 Report Final
Version 2.0
Vendor Data Processing Agreement
Version 1.0
Vendor Data Processing Agreement
Version 13.0
Effective January 23, 2021
DownloadTable of Contents
Vendor Data Processing Agreement
- The subject matter of Processing of Pantheon Data by Vendor is the performance of the Services consistent with the Business Purpose. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data, and categories of Data Subjects Processed under this DPA are further specified in Schedule 2 (Details of the Processing) to this DPA.
- Annually, Vendor will certify to Pantheon that Vendor has Processed Personal Data and Pantheon Data received from Pantheon in accordance with the CCPA, in the form provided in Schedule 4.
- a description of the nature of the incident, including where possible the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned;
- the name and contact details of Vendor’s data protection officer or another contact point where more information can be obtained;
- a description of the likely consequences of the Security Incident; and
- a description of the measures taken or proposed to be taken by Vendor to address the incident including, where appropriate, measures to mitigate its possible adverse effects.
7. Return and Deletion of Pantheon Data
Pantheon Systems, Inc. “Pantheon ” By: Name: Title: Date: | VENDOR Vendor Legal Name: By: Name: Title: Date: |
- Employees, agents, advisors, contractors, and freelancers of Vendor, who are natural persons.
- Vendors, business partners, vendors and subcontractors of Vendor, who are natural persons.
- Employees or contact persons of Vendor’s customers, business partners, vendors and subcontractors.
- Name (first, last, middle, nickname etc.)
- Contact information (email, phone, physical address)
- [INCLUDE ADDITIONAL CATEGORIES OF DATA PROCESSED]
- Vendor and Pantheon Systems, Inc. (“Pantheon”) executed a Data Processing Agreement (“DPA”) on [INSERT DATE] 20__.
- In accordance with Section 1798.140(w)(2)(B) of the California Consumer Privacy Act (“CCPA”), Service Provider certifies that it will comply with the terms and conditions of the Addendum. Service Provider specifically represents and warrants that:
- comply with the applicable CCPA provisions, as amended from time to time, in the Processing of Personal Information;
- Process Personal Information only on behalf of Pantheon and pursuant to Pantheon’s instruction for the specific purpose of performing the Services in the Agreement;
- shall not retain, use, or disclose Personal Information for any other purpose other than for the specific purpose of performing the services specific in the Agreement; including for a Business Purpose;
- shall not further Collect, Sell, or use Personal Information without Pantheon’s prior express written consent, and only as necessary to perform the Business Purpose.
- Service Provider represents and warrants that it shall immediately notify the Pantheon in writing, if it:
- determines or reasonably suspects its inability to comply with its obligation set forth in the Data Processing Agreement;
- cannot ensure compliance with the Pantheon’s instructions for use of Personal Information.
- Upon any such notice to the Pantheon, Service Provider shall immediately cease all use of Personal Information hereunder, and Pantheon is entitled to suspend to terminate the Data Processing Agreement.
“VENDOR” or “SERVICE PROVIDER”
- ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
- ‘the data exporter’ means the controller who transfers the personal data;
- ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
- ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
- ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
- ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
- The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
- The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
- The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
- The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
- that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
- that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
- that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
- that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
- that it will ensure compliance with the security measures;
- that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
- to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
- to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
- that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
- that it will ensure compliance with Clause 4(a) to (i).
- to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
- that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
- that it will promptly notify the data exporter about:
- any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
- any accidental or unauthorised access; and
- any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
- to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
- at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
- to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
- that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
- that the processing services by the sub-processor will be carried out in accordance with Clause 11;
- to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.
- The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
- If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities. - If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.
- The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
- to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
- to refer the dispute to the courts in the Member State in which the data exporter is established.
- The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
- The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
- The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).
- The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses[1]. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
- The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
- The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established, namely …
- The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
- The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
- The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.
- Employees, agents, advisors, contractors, and freelancers of Vendor, who are natural persons.
- Vendors, business partners, vendors and subcontractors of Vendor, who are natural persons.
- Employees or contact persons of Vendor’s customers, business partners, vendors and subcontractors.
- Name (first, last, middle, nickname etc.)
- Contact information (email, phone, physical address)
- Health and medical information
- [INCLUDE ADDITIONAL CATEGORIES OF DATA PROCESSED]
Vendor Requirement Form US
Version 18.0
Effective July 24, 2021
DownloadTable of Contents
Complete Vendor Name | |
Vendor Contact person | |
Vendor Contact number | |
Country of Registered Business | |
Vendor Email address | |
Signature | |
Date submitted |
Vendor AR Contact Name | |
Vendor AR Email Address |
Fully accomplished W-9 (Download form here) | |
Brief description on the service/product the vendor supplies and reason needed | |
Pantheon Contact Person email | |
Agreed upon payment terms | |
Signed Statement of Work, GSA, Contract with Pantheon | |
Name of Pantheon Approver (refer to 'Notice of Award' email) | |
Date of award |
Supplier Code of Conduct
Version 3.0
Effective August 6, 2020
DownloadTable of Contents
- Any act that may create a dangerous situation for the employee, suppliers and others in any work related setting;
- Insubordination or other disrespectful conduct towards other employees, clients or suppliers;
- Sexual or other unlawful or unwelcome harassment;
- Conduct that could materially and adversely affect Pantheon’s customer relations, operations or business prospects;
- Failure to follow safety rules, regulations or procedures and not reporting any unsafe conditions;
- Violation of Workplace Violence Policy, including making threats, engaging in altercations or violent, abusive or disorderly conduct toward employees, customers or vendors or possessing, using, selling or buying weapons of any kind in work-related settings, during working hours, or while performing work-related functions;
- Violation of Drug and Alcohol Free Workplace Policy, including possession, use, sale or purchase of alcohol, drugs, including marijuana or the misuse of prescription medication in any work-related setting, during working hours, or while performing work related functions;
- Conviction of a crime that reflects unfitness for the job or threatens anyone’s health and safety or property;
- Embezzlement, theft, misuse, destruction or removal of property belonging to Pantheon or others without proper authorization in any work-related setting;
- Falsifying, altering, or making a material omission on employment, contractual, medical, payroll, financial or time keeping records;
- Violation of policy regarding use of the company’s computer, electronic-mail, Internet, phones and voicemail systems;
- Poor performance, unsatisfactory work quality or quantity, sleeping on the job;
- Unexcused, excessive absenteeism or tardiness or without advance notice;
- Violation of conflict of interest rules, including, accepting money, or accepting personal gifts from clients, vendors or suppliers in exchange for services;
- Unauthorized disclosure of Pantheon’s confidential, proprietary and trade secret information with the specific acknowledgment hereto that you will continue to protect such information and assign all rights, title and interest to any intellectual property developed in the course of your work to Pantheon as may be further specified in your supplier agreement with Pantheon; and
- Violation of any of Pantheon’s policies or procedures, including any of the policies described in this Code of Conduct, as revised from time to time.
Vendor Work Order Pantheon US
Version 8.0
Effective December 10, 2020
DownloadTable of Contents
Purchase From Vendor Name: Vendor Complete Business Address: | Ship To Pantheon Systems, Inc. 717 California Street San Francisco, California 94108 |
Vendor Contact Name: Vendor Contact Number: Vendor Contract email: | Pantheon Contact Name: Pantheon Contact Number: Pantheon Contract email: |
- Scope of Service:
Item # | Item Description (Required) | Deliverable | Due Date | Quantity | Unit Price | Total Price |
Ex: 1 | Vendor to provide photoshoot services to Pantheon on July 1, 2020 from 8AM-10AM | 50 pcs of photos in JPEG | July 1, 2020 | 2 hrs | $500/hr | $1,000.00 |
Statement of Work Request
Version 20.0
Effective December 10, 2020
DownloadTable of Contents
- PURPOSE. The aim of this SOW is for the Vendor to provide:
- TERM. This SOW is deemed to have commenced on the SOW Effective date and shall expire on
unless terminated earlier in whole or in part in accordance with the terms of the Agreement or the terms of the SOW. - PROJECT SCOPE. The SOW covers the following services and deliverables (“Services”). Vendor agrees Services shall only commence upon the full execution of this SOW.
Deliverables | Description | Format | Delivery Date |
| | | |
| | | |
Vendor | Pantheon _______________________ |
By: Name: Title: Date: Tax I.D. / Company Register No.: | By: Name: Title: Date: |
Global Services Agreement
Version 3.0
Effective November 4, 2020
DownloadTable of Contents
This Services Agreement (the “Agreement”) is entered into as of the effective date as specified in a SOW entered hereunder by and between Pantheon Systems, Inc. with a business address at 717 California Street, Second Floor, San Francisco, CA 94108, (“Pantheon”) and a vendor entity as defined in such SOW entered hereunder ("Vendor").
- Engagement of Services. Pantheon may from time to time issue project(s) through the issuance of a Statement of Work (“SOW”) substantially in the form attached as Exhibit A. Vendor will use its best efforts to render the services and products set forth in the SOW (collectively, the “Services”). In performing the Services, Vendor agrees to: (a) perform the Services in a good and workmanlike manner consistent with industry standards reasonably applicable to the performance thereof, using personnel with the requisite levels of education, skill and experience to perform the Services; (b) provide its own equipment, tools and other materials at its own expense; (c) perform the Services in a timely and professional manner consistent with good industry standards; and (d) perform the Services at a location, place and time which Pantheon deems appropriate, which may include working on Pantheon premises from time to time.
- Subcontract. This Agreement is personal to Vendor, and Vendor may not subcontract or otherwise delegate its obligations under this Agreement without Pantheon’s prior written consent. Before any Vendor subcontractor performs Services in connection with this Agreement, the subcontractor and Vendor must have entered into a written agreement expressly for the benefit of Pantheon containing clauses substantially equivalent to this Section 1, Section 5 (Confidentiality Obligation), and all indemnity, liability, and assignment of rights provisions.
- Retained Based on SOW. Pantheon has retained Vendor to assist Pantheon in connection with and under the direction and supervision of Pantheon, to develop, advise, perform and at times correspond with Pantheon and its affiliates and business partners, regarding organizational strategies and/or operations, and to provide various professional services in connection with Pantheon’s business as assigned and/or requested by Pantheon.
- Manner of Services. The Parties hereby acknowledge and confirm that all of Vendor’s Services to Pantheon will continue to be at the prompting and under the overall direction and supervision of Pantheon; and that Pantheon is responsible for the creative ideas used to create any works, products, or recommendations resulting from the performance of this Agreement.
- Fees and Expenses. Pantheon will pay Vendor in accordance to Section 2 of this Agreement. For any other expenses, Vendor must obtain Pantheon’s written approval prior to incurring such expenses, unless otherwise specified in any SOW in connection with this Agreement. Upon termination of this Agreement for any reason, Pantheon will pay Vendor for all Services specified in a SOW that have been completed and accepted, up to and including the effective date of such termination. Such payment may be on a proportional basis in the event Vendor has not completed the Services set forth in the SOW.
- Payment and Invoice. Pantheon will pay the undisputed invoices and pre-approved expenses within thirty (30) days of Pantheon’s receipt of Vendor’s itemized invoice. Vendor shall submit invoices to Pantheon on the last day of each month, unless otherwise specified in the SOW in connection to this Agreement.
- Other Compensation. Vendor shall not be entitled to any other compensation in connection with the performance of Services and/or in connection with the rights granted herein and/or the exploitation of any works unless agreed to in writing.
- Disputed Invoices. In the event that Pantheon, in good faith, disputes any item in an invoice, Pantheon shall notify the Vendor in writing, no later than thirty (30) days after the receipt of the invoice. The parties shall negotiate to resolve the disputed items. Pantheon shall have the right to withhold payment of the disputed invoice without interest. Pantheon will pay the amount within thirty (30) days after the resolution of dispute. Pantheon reserves rights of set-off and withholding from any amounts otherwise due to Vendor. Nonpayment of a disputed invoice shall not constitute a breach by Pantheon or permit suspension services by Vendor.
- Timely Submittal of Invoices. Vendor shall submit invoices, including expense reimbursement information, in a timely manner and in accordance with Pantheon’s invoicing submission requirements. In no event shall Pantheon be liable for any fees, costs, expenses or other charges that are not invoiced as required under this Agreement within ninety (90) days after the month in which the associated services were performed or in which such fees, costs, expenses or charges were incurred or should have been accrued. Within thirty (30) days after termination or expiration of this Agreement or any SOW, Vendor shall submit to Pantheon a final itemized invoice for any fees, costs, expenses or other payments theretofore arising out of or in connection with this Agreement or such SOW, as applicable. Upon payment of such amounts so invoiced, Pantheon shall have no further liability or obligation to Vendor whatsoever for any further fees, costs, expenses, or other payment arising out of or in connection with any such SOW or this Agreement. Submission timing and invoicing requirements are subject to change by Pantheon with reasonable notice to Vendor.
- Benchmarks. Pantheon shall have the right during the term of this Agreement and/or any SOW to benchmark the fees and quality for the products/services being rendered by the Vendor to Pantheon. Pantheon will conduct benchmarking exercises not more frequently than every six (6) months during the term. Benchmarking aims to verify that Pantheon is receiving competitive market pricing and service level quality with respect to the management, delivery, and receipt of the products/services. Should the result of the benchmarking exercise show substantially lower costs/price than the current cost/price provided by the Vendor, Vendor shall endeavor to provide better costs/price to Pantheon, that are aligned to the benchmarking exercise.
- Independent Contractor Relationship. Vendor’s relationship with Pantheon will be that of an independent contractor, and nothing in this Agreement should be construed to create a partnership, joint venture, or employer-employee relationship. Vendor is not the agent of Pantheon and is not authorized to make any representation, contract, or commitment on behalf of Pantheon. The manner and means by which Vendor chooses to complete the Services are in Vendor's sole discretion and control. Vendor will not be entitled to any of the benefits which Pantheon may make available to its employees, such as group insurance, profit-sharing or retirement benefits. Vendor will be solely responsible for all tax returns and payments required to be filed with or made to any local and/or national agency, VAT, or other tax authority with respect to Vendor’s performance of Services and receipt of fees under this Agreement. Pantheon will regularly report amounts paid to Vendor as required by laws and regulations. Because Vendor is an independent contractor, Pantheon will not withhold or make payments for social security, make unemployment insurance or disability insurance contributions, obtain worker’s compensation insurance or perform similar duties reserved for employers on Vendor’s behalf. Vendor agrees to accept exclusive liability for complying with all applicable local and/or national laws and/or regulations governing independent contractors, including obligations such as payment of taxes, social security, disability and other contributions based on fees paid to Vendor, its agents or employees under this Agreement.
- TAXES. Vendor agrees it shall be responsible for any and all federal, state and/or local taxes payable by Vendor, and will timely file tax returns and pay taxes thereon at the time and in the amount required by law. In addition, Vendor agrees it shall fully defend, indemnify and hold harmless Pantheon from the payment of any monies, taxes, interest and/or penalties that are required by any government agency at any time as the result of the payment of any compensation pursuant to the terms of this Agreement. Vendor has not relied on any advice from Pantheon as to the necessity for withholding or taxability of the payment(s) under this Agreement, whether pursuant to federal, state or local tax statutes or otherwise. Vendor acknowledges that Pantheon has not made any representations regarding the taxability of any compensation received under this Agreement.
- CONFIDENTIALITY OBLIGATIONS.
- Confidential Information. Each party (“Receiving Party”) will treat as confidential and properly safeguard any and all information, documents, papers, programs and ideas relating to the other party (“Disclosing Party”), its proprietary information, financial information, employee data, technical data, trade secrets or know-how, including, but not limited to, research, product plans, products, customers, customer lists, prospect lists, suppliers, vendors, partners, reports, software (source code and object code), developments, inventions, processes, formulas, pricing models, methods, technology, designs, drawings, and other business information, disclosed to the Receiving Party and designated by the Disclosing Party as confidential or which should be reasonably understood to be confidential (“Confidential Information”). Confidential Information does not include information which is known to either party at the time of disclosure as evidenced by written records, has become publicly known and made generally available through no wrongful act of the other party, or has been rightfully received from a third party who is authorized to make such disclosure. The Receiving Party shall inform the Disclosing Party of all requests for or inquiries into the Disclosing Party’s Confidential Information by third parties and shall only provide same when legally compelled to do so after notice to the Disclosing Party and providing the Disclosing Party with sufficient time to permit the Disclosing Party to seek a protective order, and such disclosure shall not be deemed a breach of this Section 5. This provision shall survive the termination of this Agreement.
- Use of Confidential Information. Vendor will not, during or subsequent to the term of this Agreement, use Pantheon’s Confidential Information for any purpose whatsoever other than the performance of the Services or disclose Pantheon’s Confidential Information to any unauthorized third party. Confidential Information shall remain the sole property of the Disclosing Party. Each party shall take all reasonable precautions to prevent any unauthorized disclosure of such Confidential Information.
- Restrictions on Use. Vendor agrees that Vendor will not, during the term of this Agreement, improperly use or disclose any proprietary information or trade secrets of any former or current employer or other person or entity with which Vendor has an agreement or duty to keep in confidence information acquired by Vendor in confidence, if any, and that Vendor will not bring onto the premises of Pantheon or the premises where the Vendor performs the Services, any unpublished document or proprietary information belonging to such employer, person or entity unless consented to in writing by such employer, person or entity.
- Third Party Information. Vendor recognizes that Pantheon has received and in the future will receive from third parties heir confidential or proprietary information subject to a duty on Pantheon’s part to maintain the confidentiality of such information and to use it only for certain limited purposes (“Third Party Information”). Vendor agrees that Vendor owes Pantheon and such third parties, during the term of this Agreement and thereafter, a duty to hold all such confidential or proprietary information in the strictest confidence and not to disclose it to any person, firm or corporation or to use it except as necessary in carrying out the Services for Pantheon consistent with Pantheon’s agreement with such third party.
- Pantheon PI. “Personal Information” (or “PI”) is information, in any form, that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
- Return of Information. Upon the termination of this Agreement, or upon Pantheon’s earlier request, Vendor will deliver to Pantheon all of Pantheon’s property and all copies of Confidential Information in tangible or intangible form that Vendor may have in Vendor’s possession or control.
- DATA PRIVACY AND SECURITY.
- Data Privacy. In the event that sharing of any PI is necessary, Parties agree that each Party will comply with all applicable federal, state and international laws, rules, regulations, and directives regarding the collection, use, disclosure, and/or processing of personal information pursuant to the Agreement, including but not limited to Regulation EU 2016/679 or “GDPR” and the California Consumer Privacy Act (CCPA) (collectively, “Data Protection Laws”) and that each Party will comply with their respective obligations thereunder to maintain the confidentiality of any PI in accordance with applicable law. Both Parties shall ensure that they each have in place appropriate technical and organizational security measures to protect the personal data disclosed as required by the nature of the Services governed by this Agreement.
- Transfers of Personal Data. Vendor shall not transfer Pantheon PI across any country border unless it is (a) strictly unavoidable for the proper performance of the Services, and (b) notified to Pantheon in writing prior to any such transfer (unless expressly specified in the relevant Statement of Work). Where the Services involve the transfer of PI from any European Economic Area (EEA) Member State, the United Kingdom or Switzerland to any country or recipient (other than a subprocessor) not recognized by the European Commission as providing an adequate level of protection for PI, the applicable standard contractual clauses for the Transfers of Personal Data to Processors Established in Third Countries, dated 5 February 2010 (2010/87/EU), as amended or replaced from time to time (the “Standard Clauses”), will apply and are hereby incorporated by reference into this Agreement. For purposes of the Standard Clauses, (a) Pantheon will act as the data exporter and Vendor will act as the data importer and “service provider” as set out in the California Consumer Privacy Act (1798.100); (b) any subprocessors (as defined under GDPR) will be subject to Clause 11 (Sub-processing) of the Standard Clauses; (c) Appendix 1 of the Standard Clauses will be populated with the information set forth in the relevant Service Agreement or Catalogue; and (d) Appendix 2 of the Standard Clauses will be populated with Annex 2 (Security Requirements). If the Standard Clauses are amended or replaced from time to time, then the foregoing Standard Clauses and Appendix references will be deemed updated as appropriate. To the extent that there is a conflict between this Agreement and the Standard Clauses, the Standard Clauses will prevail. In the event that the Standard Clauses or other applicable transfer mechanisms become invalid, they will be replaced with other valid instruments prescribed by applicable Data Protection Laws.
- Data Breach. If Vendor has collected or used PI, Vendor shall immediately notify Pantheon within twenty four (24) hours in the event of a known or suspected breach of security of a Vendor system or database that contains PI or any other Confidential Information, or the detection of suspicious activity, or suspected or actual loss or theft of any such data, or access by any unauthorized third party to such data, and will furnish all available information and assistance to Pantheon regarding such breach sufficient for Pantheon to evaluate the likely consequences and any legal or regulatory requirements arising out of the event. Notification must include full details of any security incident or breach relevant to Pantheon data processing, and Vendor shall use its best efforts to immediately terminate any security breaches or suspicious activity, and must do all such acts and things reasonably necessary to remedy or mitigate the effects of the security incident or data breach, and will continuously update Pantheon on developments relating to such security incidents or data breaches. Vendor shall not allow any security breach or suspicious activity to persist for any amount of time or for any reason except as required by law, or as deemed reasonably necessary by Vendor to determine the identity of the perpetrator and to stop such breach or suspicious activity from continuing.
- Notice. Vendor shall promptly notify Pantheon regarding (a) any legally binding request for disclosure of the Pantheon PI by a law enforcement authority unless otherwise prohibited to do so; and (b) any request received directly from the data subjects and will not respond to such requests until authorized or requested by Pantheon to do so.
- Intellectual Property Rights. Nothing in this Agreement will function to transfer any of Pantheon’s intellectual property rights to the Vendor, subject to copyright and other intellectual property rights under United States and foreign laws and international conventions. Vendor agrees not to engage in the use, copying, or distribution of Pantheon owned Intellectual Property. Any Intellectual Property rights and/or product created by virtue of this Agreement shall be fully and solely owned by Pantheon. All work product of every kind performed by any Vendor personnel on behalf of Pantheon shall be the sole and exclusive property of Pantheon (“Pantheon Work Product”).
- Vendor Representations and Warranties. Vendor hereby represents and warrants that:
(a) it has complied with all the requirements of the law/ordinances and pertinent rules and regulations governing its business operations, Services, and Products; (b) it understands and shall comply with (1) the rules, restrictions, requirements and definitions of applicable Data Protection Laws, including without limitation the GDPR and CCPA and (2) it agrees to refrain from taking any action that would cause any transfers of PI to or from Pantheon to qualify as a sale of personal information under applicable Data Protection Laws all applicable laws, regulations, regulatory requirements, and codes of practice in connection with its data processing obligations under this Agreement and shall not do, cause or permit to be done, anything which may cause or otherwise result in a breach by Pantheon of the same; (c) it has read Pantheon’s Privacy Policy statement (https://pantheon.io/privacy) and shall treat all personal data in a manner consistent with such policy; (d) it pays the wages or salaries of its personnel/workers as well as benefits, premiums and protection in accordance with the provisions of applicable laws, decrees, rules and regulations promulgated by competent authority; (e) it will take all necessary precautions to prevent injury to any persons (including employees and contractors of Pantheon) or damage to property (including Pantheon property) during the term of this Agreement; (f) should Pantheon permit Vendor to use any Pantheon equipment, tools, or facilities during the term of this Agreement, Vendor shall be responsible for any injury to any person (including death) or damage to property (including Pantheon property) arising out of such use; (g) it has full right and power to enter into and perform this Agreement and to grant the licenses as described herein; (h) Vendor does not and will not employ personnel, and/or deploy resources who are listed in the denied or restricted parties/persons list created and compiled by respective government authorities/agencies and/or organizations; (j) Vendor is not based nor conducting operations in any location that is specified in the list of sanctioned countries created and compiled by the government of the United States of America; and (k) Vendor has no outstanding agreement or obligation that is in conflict with this Agreement or that would preclude Vendor from complying with the provisions set forth herein, nor will Vendor enter into any such conflicting agreement during the term of this Agreement and; (l) it has read, understood and accept Pantheon's Supplier Code of Conduct ( https://pantheon.pactsafe.io/VendorAgreements.html#contract-bkdnxa-d ). - SETTLEMENT OF DISPUTES. Any dispute arising between the Parties hereto in respect of the interpretation of this Agreement and the performance of obligations hereunder shall be settled amicably by mutual consultations as far as practicable. In the event a claim, controversy or dispute between the Parties arises out of or in connection with this Agreement or the transactions and business contemplated hereby, including the validity, construction or enforcement thereof, whether by way of contractual breach, tort or quasi-delict, the Parties agree that the matter will be referred to an independent mediator agreed upon by the Parties. Where the Parties cannot agree on a mediator, the Parties agree to submit the dispute to either ad hoc or institutional arbitration, the choice of venue, law and rules of procedure of which shall be mutually agreed upon. All dispute resolution proceedings and records shall be in English. Issuance of an arbitration demand shall suspend the effect of any default entailed by such claim, controversy or dispute and any judicial or administrative proceedings instituted in connection therewith, for the duration of the arbitration proceedings. The Parties agree to participate in good faith in any mediation or arbitration begun under this section. Any mediation or arbitral award shall be binding upon the Parties, and shall be final and non- appealable except on grounds provided under the applicable Alternative Dispute Resolution and Arbitration Laws, Rules and Procedures. It is understood that where the Parties have mutually agreed upon a mode of dispute resolution, the same shall be the exclusive remedy, except that Parties shall be entitled to obtain equitable relief, such as injunctive relief, from any court of competent jurisdiction based on the provisions stated in Section 16.2 (Governing Law) in order to protect its rights while such proceeding is pending or in support of any award made pursuant to such arbitration.
- Indemnification and Liability.
- Indemnification. Vendor will indemnify and hold harmless Pantheon, its officers, directors, employees, sublicensees, customers and agents (collectively, “Pantheon Parties”) from any and all claims, losses, liabilities, damages, penalties, fines, expenses and costs (including attorneys’ fees and court costs) (collectively, “Claims”) arising out of or in connection with: (a) the Vendor’s breach of this Agreement; (b) any breach of Vendor’s systems or networks, including but not limited to unauthorized access, physical theft, malware, denial of service attack or other forms of data security incidents; (c) any negligence or willful misconduct of the Vendor, its employees, subcontractors or agents; (d) Vendor’s data processing activities under this Agreement including without limitation those arising out of any third party demand, claim or action, or any breach of contract, negligence, fraud, willful misconduct, breach of statutory duty or non- compliance with any part of the Data Protection Laws by Vendor or its employees, agents or contractors; (e) any person, firm, or corporation that may be injured or damaged due to any negligence or willful misconduct of Vendor, its employees, subcontractors, and agents; and (f) any claim of infringement of the Deliverables or Services on the intellectual property rights of any third party. The Vendor shall, to the maximum extent permitted by applicable law, defend, indemnify and hold harmless Pantheon against any and all claims or damages including reasonable attorneys' fees and costs of court-approved settlements actually and necessarily incurred by Pantheon in connection with the defense of any action, suit or proceeding and in connection with any appeal, which has been brought against Pantheon by an employee, or agent of the Vendor. The foregoing indemnification obligations are conditioned on Pantheon giving Vendor written notice of any such Claim and allowing Vendor to participate in the defense thereof at its expense. From the date of written notice from Pantheon to Vendor of any such Claim, Pantheon shall have the right to withhold from any payments due to Vendor under this Agreement the amount of any defense costs, plus additional reasonable amounts as security for Vendor’s obligations under this Section 10.
- LIABILITY. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL PANTHEON, ITS AFFILIATES, OR ANY PANTHEON PARTY, BE LIABLE TO THE VENDOR OR ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES WHATSOEVER ARISING OUT OF THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER PECUNIARY LOSS. THIS LIMITATION APPLIES EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.NOTWITHSTANDING THE FOREGOING, THE MAXIMUM AGGREGATE LIABILITY OF PANTHEON PURSUANT TO THIS AGREEMENT AND THE MAXIMUM AGGREGATE AMOUNT WHICH MAY BE AWARDED TO AND COLLECTED BY VENDOR WITH RESPECT TO CLAIMS UNDER THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID BY PANTHEON UNDER THIS AGREEMENT.
- INSURANCE. Prior to commencing any Services, Vendor shall procure and maintain all types of limits of insurance required by applicable law and, further, adequate insurance commensurate with the risks presented by the performance of Vendor’s obligations under this Agreement, and which shall cover damages resulting from Vendor’s violation of its obligations, negligence and willful misconduct in performance of Service, including, without limitation, claims for bodily injury, death or property damage caused to any person or persons. If Vendor is providing professional services, Vendor shall also maintain appropriate types and amounts of professional liability or errors and omissions coverage given the Services to be performed.
- Term; Termination.
- Term of the Agreement. This Agreement will remain in effect for one year from effective date and automatically renewed on a monthly basis unless terminated by either party according to this Section 12 of this Agreement. For avoidance of doubt, Vendor’s fees and expenses shall be governed by SOWs and PO’s executed during the Term.
- Termination by Pantheon. Pantheon may terminate this Agree ment: (a) at its convenience upon thirty (30) days prior written notice to Vendor; (b) upon fifteen (15) days prior written notice if Vendor materially breaches this Agreement and does not cure such breach within thirty (30) days after receiving written notice of such breach; or (c) immediately upon Vendor’s breach of Sections 5 (Confidentiality Obligations), 7 (Intellectual Property Rights), or 12.5 (Non-Interference with Business).
- Termination by Vendor. Vendor may terminate this Agreement (a) upon thirty (30) days prior written notice to Pantheon if there is no uncompleted SOW in effect; or (b) upon fifteen (15) days prior written notice if Pantheon materially breaches this Agreement and does not cure such breach within thirty (30) days after receiving written notice.
- Payment upon Termination. Payment for any Services rendered shall be in accordance with Section 2 (Fees and Payment).
- Non-Interference with Business. During the term of this Agreement and for a period of one (1) year following termination of this Agreement, Vendor agrees not to solicit or induce any Pantheon employee or contractor to terminate or breach any employment, contractual or other relationship with Pantheon.
- Return of Pantheon Property. Upon termination of the Agreement, Vendor shall cease providing all Services, and within one (1) business day, or earlier as requested by Pantheon, Vendor will deliver to Pantheon any and all equipment, drawings, notes, memoranda, specifications, devices, formulas, and documents, together with all copies thereof, and any other materials that contain, disclose or comprise the Pantheon Work Product, Confidential Information or Third Party Information. Vendor shall further refund any prepaid fees provided to Vendor under this Agreement or any applicable SOW hereto that is subject to such termination.
- Service Level Agreements. In case the Vendor fails to deliver, or complete the whole or part of the Services within the agreed upon date of completion, service level or delivery date (as applicable) expressly as stated in the SOW, the Vendor shall be liable for liquidated damages and shall pay 1/10th of 1% of the total fees as indicated in the SOW and/or PO for each day of delay, determined after the issuance of the service acceptance or acceptance of delivery by Pantheon unless otherwise stated in the SOW in connection with this Agreement. Pantheon shall be entitled to deduct the corresponding amount of liquidated damages provided herein from any amount due to the Vendor, and the Vendor hereby expressly authorizes Pantheon to deduct any such amount when proper. This shall be without prejudice to the right of the Pantheon to resort to any other remedy which it may be entitled to. The SLA does not apply in the event that failure to deliver, or complete the whole or part of the Services is (a)caused by factors beyond the reasonable control and not involving any fraud, fault or negligence on the part of the Vendor; or (b) that resulted from Pantheon’s equipment or third-party equipment, or both.
- CONFLICT OF INTEREST. Vendor recognizes that it may, from time to time throughout the term of this Agreement, provide services to companies that are in competition with Pantheon. Vendor hereby agrees that this will not limit its ability to provide services in relation to this Agreement, or in any way interfere with its performance under this Agreement. Vendor will immediately notify Pantheon in writing of any such interference that may arise during the term of this Agreement as soon as it arises. Pantheon will have the right to terminate this Agreement without incurring any liabilities, if Pantheon deems that any actual or potential engagement will interfere with the performance of this Agreement. Vendor agrees to indemnify and hold Pantheon and its affiliates harmless from loss or liability incurred to the extent directly arising from the material breach by Vendor of any agreement with any third party.
- INTENTIONALLY LEFT BLANK.
- General Provisions.
- Notice. All notices, requests and other communications under this Agreement must be in writing, and must be mailed by registered or certified mail, postage prepaid and return receipt requested, or delivered by e-mail, fax or by hand to the party to whom such notice is required or permitted to be given. If mailed, any such notice will be considered to have been given five (5) business days after it was mailed, as evidenced by the postmark. If delivered by e-mail, fax or by hand, any such notice will be considered to have been given when received by the party to whom notice is given, as evidenced by written and dated documentation of the receiving party (such as an e-mail message or fax confirmation page). The mailing address for notice to either party will be the address on the first page of this Agreement. Either party may change its mailing address by notice as provided by this section.
- Governing Law. This Agreement will be governed and interpreted in accordance with applicable laws of the following territories, excluding any applicable conflict of law provisions:
- If Vendor is working on-site in Pantheon’s San Francisco office, in the State of California, or if no other choice of law condition is met: Laws of the State of California;
- If Vendor is working in Europe: Laws of England and Wales;
- If Vendor is working in Philippines: Laws of the Republic of the Philippines; and If Vendor is working in other Asian Countries: Laws of the Republic of Singapore.
- However, a party shall have the right to apply for injunctive relief before a court of competent jurisdiction to enforce rights in its intellectual property rights and confidential information. The parties agree that the U.N. Convention for the International Sale of Goods will have no force or effect on this Agreement.
c. Assignment. Vendor may assign this Agreement or any rights or obligations hereunder with the prior written consent of Pantheon, which consent shall not be unreasonably withheld or delayed. Notwithstanding the foregoing, Pantheon may assign its rights and obligations under this Agreement to a parent, affiliate, or subsidiary or to a successor, whether by way of merger, sale of all or substantially all of its assets or business or otherwise. Any attempted assignment of this Agreement not in accordance with this subsection shall be null and void. All of the terms and provisions of this Agreement will be binding upon and will inure to the benefit of the Parties and their respective successors and permitted assigns. - d. No Third-Party Beneficiaries. Except as stated in this Agreement, this Agreement will not benefit or create any right or cause of action in or on behalf of any person or entity other than the parties.
- Modification and Waiver. No modification of this Agreement is effective unless signed by the parties. No waiver by Pantheon of any breach of this Agreement shall be a waiver of any preceding or succeeding breach; no waiver by Pantheon of any right under this Agreement shall be construed as a waiver of any other right.
- Severability. The provisions of this Agreement are severable. If any provision of this Agreement is adjudicated to be invalid or unenforceable, the remainder of this Agreement shall remain in full force and any such provision shall be deemed changed and interpreted to accomplish the intent of the original provision.
- Injunctive Relief. Each party acknowledges it would be difficult to fully compensate for damages that may result from the breach or threatened breach of the provisions of Sections on Confidentiality Obligations and Intellectual Property Rights. Thus, the non-breaching party will be entitled to seek injunctive relief, including temporary restraining orders, preliminary injunctions and permanent injunctions to enforce such provisions. Seeking injunctive relief will not, however, diminish the non-breaching party’s right to seek other legal, contractual or equitable remedies, or to claim and recover damages.
- Anti-Corruption and Bribery. Each party shall comply with all applicable anti-corruption laws and regulations, including without limitation the US Foreign Corrupt Practices Act and the UK Bribery Act of 2010. Vendor undertakes and warrants to Pantheon that it, shall not, directly or through third parties, give, promise or attempt to give, or approve or authorize the giving of, anything of value to any person or any entity for the purpose of:
- securing any improper advantage for Pantheon;
- inducing or influencing a public official improperly to take action or refrain from taking action in order for any party hereunder to obtain or retain business, or to secure the direction of business to either party; or
- inducing or influencing a public official to use his/her influence with any government or public international organization for such purpose.
- Publicity. Vendor will not disclose the existence or terms of this Agreement or the business relationship between Pantheon and Vendor to any third party without prior written approval of Pantheon. This restriction includes use of Pantheon’s name, likeness or logo.
- Reports. Vendor agrees that during the term of this Agreement it will keep Pantheon advised as to Vendor’s progress in performing the Services hereunder and that Vendor will, as reasonably requested by Pantheon, prepare written reports and participate in status calls regarding the Services.
- Audit. Vendor agrees that Pantheon shall have the right, from time to time, upon written notice to Vendor, to conduct an investigation, and audit of Vendor’s policies, books, records and accounts as they pertain to Vendor’s performance and compliance herein. Vendor agrees to cooperate fully with such investigation, the method of which shall be at the sole discretion of Pantheon.
- Entire Agreement. This Agreement is the final, complete and exclusive agreement of the parties with respect to the subject matter hereof; it contains the entire understanding between the parties, and supersedes and merges all prior discussions between the parties with respect to the subject matter. No prior agreement, negotiations, brochures, arrangements, or understanding pertaining to any such matter shall be effective for any purpose unless expressed herein. The terms of this Agreement will govern all SOWs and Services undertaken by Vendor for Pantheon. In the event of any conflict between this Agreement and any SOW, the SOW shall control, but only with respect to the Services therein.
- Negotiated Agreement. The parties hereby acknowledge that the terms and language of this Agreement were the result of negotiations among the Parties. This Agreement shall not be construed against any party on the grounds that such party drafted this Agreement. Any controversy over construction of this Agreement shall be decided without regard to events of authorship or negotiation.
- Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which taken together shall constitute one and the same Agreement. All signed faxed or emailed copies of the Agreement shall be deemed as valid as originals.
- Change Order. This Agreement, and the provisions and scope of the Services set forth in SOW shall not be changed in any material respect without a mutually agreed upon change order executed by an authorized representative of each party. Unless otherwise agreed to by the parties and set forth in Exhibit B, all additional services set forth in Exhibit B shall be billable as indicated in the change order.
- Survival. Sections 3 through 16 shall survive upon termination of this Agreement.
IN WITNESS WHEREOF THE PARTIES HAVE EXECUTED THIS AGREEMENT AS OF THE EFFECTIVE DATE OF THE APPLICABLE STATEMENT OF WORK ENTERED HEREUNDER. THIS AGREEMENT IN INCORPORATED INTO SUCH SOW BY REFERENCE.
Vendor Work Order Pantheon PH
Version 2.0
Effective December 10, 2020
DownloadTable of Contents
Purchase From Vendor Name: Vendor Complete Business Address: | Ship To 24th Floor BGC Corporate Center 11th Avenue cor 30th Street Bonifacio Global City, Taguig Philippines |
Vendor Contact Name: Vendor Contact Number: Vendor Contract email: | Pantheon Contact Name: Pantheon Contact Number: Pantheon Contract email: |
- Scope of Service:
Item # | Item Description (Required) | Deliverable | Due Date | Quantity | Unit Price | Total Price |
Ex: 1 | Vendor to provide photoshoot services to Pantheon on July 1, 2020 from 8AM-10AM | 50 pcs of photos in JPEG | July 1, 2020 | 2 hrs | $500/hr | $1,000.00 |
Vendor Requirement Form PH
Version 9.0
Effective July 24, 2021
DownloadTable of Contents
Complete Vendor Registered Name | |
Company TIN # | |
Vendor Primary Contact person | |
Vendor email address | |
Vendor Contact number | |
Registered Business Address | |
Country of Registered Business | |
Signature | |
Date submitted |
Vendor AR Contact Name | |
Vendor AR Email Address | |
Vendor AR Contact Number |
Contact Person for withholding tax certificate or concerns | |
Contact Person's email address | |
Contact Person's Number |
BIR Certificate of Registration and Business Permit (if applicable) | |
Brief description on the service/product the vendor supplies and reason needed | |
Pantheon Contact Person email | |
Agreed upon payment terms | |
Signed Statement of Work, GSA, Contract with Pantheon | |
Name of Pantheon Approver |
Supplemental Agreement for Contractors under Vendor
Version 5.0
Effective June 16, 2021
DownloadTable of Contents
This Supplemental Agreement (the “Agreement”), which is effective as of the date signed by the Consultant below, is by and between PANTHEON SYSTEMS, INC., a Delaware corporation with business address at 717 California Street, Second Floor, San Francisco, California 94108, United States of America (“Pantheon”); and individual as defined in the signature block further below (the “Consultant”).
Pantheon’s Ownership of Work Product
1. For the purpose of this Agreement, the following terms are defined as follows:
2. The Consultant hereby agrees that:
Acceptance of Pantheon Policies
3. The Consultant understands, accepts, acknowledges and shall, at all times, comply with the Supplier Code of Conduct related to the Consultant’s activities with Pantheon.
4. The Consultant understands that Pantheon shall provide access to certain processes, systems, and information that is proprietary and confidential to Pantheon. The Consultant shall, at all times, comply with the policies set out in Section 5 and as may be supplemented and updated from time to time by electronic mail. Further, the Consultant understands any such updates, supplements or amendments shall be applicable immediately unless otherwise requiring notice under applicable law, in which case such policies shall be applicable within thirty (30) days of Pantheon’s notification to the Consultant.
5. The Consultant hereby acknowledges that he/she has received and read the policies listed below.
Miscellaneous
Supplemental Agreement for Independent Contractors
Version 3.0
Effective June 16, 2021
DownloadTable of Contents
Affirmation of Pantheon’s Ownership of Work Product
- For the purpose of this Agreement, “Work Product” means (a) all Intellectual Property,1 in any stage of development, that the Consultant conceives, creates, develops, or reduces to practice in connection with performing the services for Pantheon, whether past, present or future; and (b) all tangible embodiments (including models, presentations, prototypes, reports, samples, and summaries) of each item of such Intellectual Property.
- The Consultant hereby affirms Section 5 (Work Product), including all subsection therein, of the Professional Services Agreement and Statements of Work previously agreed upon by the parties. Particularly, the Consultant affirms that:
2.1 All Work Product, whether past, present or future, is the sole and exclusive property of Pantheon;
2.2 The Consultant irrevocably and unconditionally assigns to Pantheon all right, title, and interest worldwide in and to the Work Product and all Intellectual Property Rights2 thereto and
Acceptance of Pantheon Policies
Miscellaneous
Contractor Agreements Guidelines
Version 3.0
Effective June 17, 2021
DownloadTable of Contents
Welcome to Pantheon Legal Center for Contractors!
- Sign Non-Disclosure Agreement (NDA): Signed by a contractor prior to any engagement with Pantheon.
- Sign the Global Services Agreement
- Sign additional required documents for data access: Contractors with access to Pantheon's data as a business requirement must additionally sign the following:
- Data Processing Agreement and
- Supplemental Agreement for IT policies acknowledgment. For a copy of Pantheon's IT policies, you may contact [email protected].
- Sign additional required documents for data access: Contractors with access to Pantheon's data as a business requirement must additionally sign the following
- Supplemental Agreement for IT policies acknowledgment. For a copy of Pantheon's IT policies, you may contact [email protected].
- Sign Non-Disclosure Agreement (NDA): Signed by a contractor prior to any engagement with Pantheon.
- Sign the Global Services Agreement
- Sign additional required documents for data access (as needed): Contractors with access to Pantheon's data as a business requirement must additionally sign the following:
- Data Processing Agreement and/or
- Supplemental Agreement for IT policies acknowledgment. For a copy of Pantheon's IT policies, you may contact [email protected].
Contractor Data Processing Agreement
Version 2.0
Effective June 16, 2021
DownloadTable of Contents
Services (“Principal Agreement“) between
Pantheon Systems Inc.
_____________________
_____________________
_____________________
(the “Data Processor”)
(together as the “Parties”)
- 1.1.4 “Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other jurisdiction, including, but not limited to, the “California Consumer Privacy Act of 2018” or “CCPA” (meaning the California Consumer Privacy Act of 2018, as amended from time to time (Cal. Civ. Code §§ 1798.100 to 1798.199)).
Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Company Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Company Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
(a) disclosure is required by law;
(b) the relevant information is already in the public domain.
Pantheon Systems Inc. Signature ________________________________ Name: ________________________________ Title: _________________________________ Date Signed: _________________________________ | Processor Signature ________________________________ Name _________________________________ Title _________________________________ Date Signed _________________________________ |
- The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)[1] for the transfer of personal data to a third country.
- The Parties:
- the natural or legal person(s), public authority/ies, agency/ies or other body/ies
- the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter each “data importer”)
- These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
- The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.
- These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46 (2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to
- These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
- Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
- Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
- Clause 8 - Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g);
- Clause 9 - Clause 9(a), (c), (d) and (e);
- Clause 12 - Clause 12(a), (d) and (f);
- Clause 13;
- Clause 15.1(c), (d) and (e);
- Clause 16(e);
- Clause 18 - Clause 18(a) and (b).
- Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
- Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
- These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
- These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
- An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
- Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.
- The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.
- The data exporter has informed the data importer that it acts as processor under the instructions of its controller(s), which the data exporter shall make available to the data importer prior to processing.
- The data importer shall process the personal data only on documented instructions from the controller, as communicated to the data importer by the data exporter, and any additional documented instructions from the data exporter. Such additional instructions shall not conflict with the instructions from the controller. The controller or data exporter may give further documented instructions regarding the data processing throughout the duration of the contract.
- The data importer shall immediately inform the data exporter if it is unable to follow those instructions. Where the data importer is unable to follow the instructions from the controller, the data exporter shall immediately notify the controller.
- The data exporter warrants that it has imposed the same data protection obligations on the data importer as set out in the contract or other legal act under Union or Member State law between the controller and the data exporter[2].
- The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter “personal data breach”). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subject. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing
- The data importer shall grant access to the data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
- In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify, without undue delay, the data exporter and, where appropriate and feasible, the controller after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the data breach, including measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.
- The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify its controller so that the latter may in turn notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.
- the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;
- the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of Regulation (EU) 2016/679;
- the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
- the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person.
- The data importer shall promptly and adequately deal with enquiries from the data exporter or the controller that relate to the processing under these Clauses.
- The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the controller.
- The data importer shall make all information necessary to demonstrate compliance with the obligations set out in these Clauses available to the data exporter, which shall provide it to the controller.
- The data importer shall allow for and contribute to audits by the data exporter of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. The same shall apply where the data exporter requests an audit on instructions of the controller. In deciding on an audit, the data exporter may take into account relevant certifications held by the data importer.
- Where the audit is carried out on the instructions of the controller, the data exporter shall make the results available to the controller.
- The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice.
- The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request.
- OPTION 1: SPECIFIC PRIOR AUTHORISATION The data importer shall not subcontract any of its processing activities performed on behalf of the data exporter under these Clauses to a sub-processor without the prior specific written authorisation of the controller. The data importer shall submit the request for specific authorisation at least [Specify time period] prior to the engagement of the subprocessor, together with the information necessary to enable the controller to decide on the authorisation. It shall inform the data exporter of such engagement. The list of sub-processors already authorised by the controller can be found in Annex III. The Parties shall keep Annex III up to date.
- Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the controller), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third-party beneficiary rights for data subjects.[4] The Parties agree that, by complying with this Clause, the data importer fulfils its obligations under Clause 8.8. The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses.
- The data importer shall provide, at the data exporter’s or controller’s request, a copy of such a sub-processor agreement and any subsequent amendments. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy.
- The data importer shall remain fully responsible to the data exporter for the performance of the sub-processor’s obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the subprocessor to fulfil its obligations under that contract.
- The data importer shall agree a third-party beneficiary clause with the sub-processor whereby - in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent - the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.
- The data importer shall promptly notify the data exporter and, where appropriate, the controller of any request it has received from a data subject, without responding to that request unless it has been authorised to do so by the controller.
- The data importer shall assist, where appropriate in cooperation with the data
- In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the controller, as communicated by the data exporter.
- In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
- Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:
- lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;
- refer the dispute to the competent courts within the meaning of Clause 18.
- The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
- The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
- The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.
- Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
- The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.
- Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data exporter or the data importer (or its sub-processor) causes the data subject by breaching the third-party beneficiary rights under these
- The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub-processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer’s responsibility for the damage.
- Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
- The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.
- The data importer may not invoke the conduct of a sub-processor to avoid its own
- [Where the data exporter is established in an EU Member State:] The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority.
- The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries,
- The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
- The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
- the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
- the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards[6];
- any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
- The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
- The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.
- The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a). The data exporter shall forward the notification to the controller.
- Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation , if appropriate in consultation with the controller. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the controller or the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.
- The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:
- receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
- becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
- If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
- Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.). The data exporter shall forward the information to the controller.
- The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
- Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.
- The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
- The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request. The data exporter shall make the assessment available to the controller.
- The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.
- The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
- In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
- The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:
- the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
- the data importer is in substantial or persistent breach of these Clauses; or
- the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.
- Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
- Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
- Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
- The Parties agree that those shall be the courts of _______________ (specify Member State).
- A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.
- The Parties agree to submit themselves to the jurisdiction of such courts.
- Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295 of 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision […]. ↑
- See Article 28(4) of Regulation (EU) 2016/679 and, where the controller is an EU institution or body, Article 29(4) of Regulation (EU) 2018/1725. ↑
- The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union's internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union ↑
- This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. ↑
- The data importer may offer independent dispute resolution through an arbitration body only if it is established in a country that has ratified the New York Convention on Enforcement of Arbitration Awards. ↑
- As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or ↑
Non-Disclosure Agreement (PH)
Version 4.0
Effective July 27, 2021
DownloadTable of Contents
- As used herein, the “Confidential Information” of Pantheon will mean any and all technical and non-technical information disclosed by Pantheon to the Receiving Party, which may include without limitation: (a) patent and patent applications, (b) trade secrets, and (c) proprietary and confidential information, ideas, media, drawings, works of authorship, inventions, know-how, processes, algorithms, software programs and software source documents related to the current, future, and proposed products and services of Pantheon, such as information concerning research, development, design details and specifications, engineering, financial information, procurement requirements, purchasing, manufacturing, customer lists, investors, employees, business and contractual relationships, business forecasts, sales and merchandising, and marketing plans.
- Subject to Section 3, the Receiving Party agrees that at all times it will hold in strict confidence and not disclose to any third party any Confidential Information of Pantheon, except as approved in writing by Pantheon, and will use the Confidential Information of Pantheon for no purpose other than the Permitted Use. Receiving Party will limit access to the Confidential Information of Pantheon to only those of the Receiving Party’s employees or authorized representatives having a need to know and who have signed confidentiality agreements containing, or are otherwise bound by, confidentiality obligations at least as restrictive as those contained herein.
- The Receiving Party will not have any obligations under this Agreement with respect to a specific portion of the Confidential Information of Pantheon if the Receiving Party can demonstrate with competent evidence that such portion of Confidential Information (a) was in the public domain at the time it was disclosed to the Receiving Party; (b) entered the public domain subsequent to the time it was disclosed to the Receiving Party, through no fault of the Receiving Party; (c) was in the Receiving Party’s possession free of any obligation of confidence at the time it was disclosed to the Receiving Party; (d) was rightfully communicated to the Receiving Party free of any obligation of confidence subsequent to the time it was disclosed to the Receiving Party by Pantheon; or (e) was developed by employees or agents of the Receiving Party independently of and without reference to any information communicated to the Receiving Party by Pantheon.
- Notwithstanding the above, the Receiving Party may disclose certain Confidential Information of Pantheon as permitted by law, or if required by a valid order of a court or other governmental body with jurisdiction, provided that the Receiving Party provides Pantheon with reasonable prior written notice of such order and makes a reasonable effort to obtain, or to assist Pantheon in obtaining, a protective order preventing or limiting the disclosure and/or requiring that the Confidential Information so disclosed be used only for the purposes for which the law or regulation required.
- The Receiving Party will immediately notify Pantheon upon discovery of any loss or unauthorized disclosure of the Confidential Information of Pantheon.
- Immediately upon completion of the Receiving Party’s authorized use of the Confidential Information, or upon written request of Pantheon, the Receiving Party will return to Pantheon or destroy all documents and other tangible materials representing Pantheon’s Confidential Information and all copies thereof, and certify that such Confidential Information has been deleted and expunged.
- The Receiving Party acknowledges and agrees that the Confidential Information of Pantheon is owned by and shall remain the sole and exclusive property of Pantheon. The Receiving Party recognizes and agrees that nothing contained in this Agreement will be construed as granting any property rights, by license or otherwise, to any Confidential Information of Pantheon, or to any invention or any patent, copyright, trademark, or other intellectual property right that has issued or that may issue, based on such Confidential Information.
- The Receiving Party will not reproduce the Confidential Information of Pantheon in any form except as required to accomplish the intent of this Agreement. Any reproduction by the Receiving Party of any Confidential Information of Pantheon will remain the property of Pantheon and will contain any and all confidential or proprietary notices or legends that appear on the original, unless otherwise authorized in writing by Pantheon.
- The Receiving Party agrees that during the course of communications pursuant to this Agreement, the Receiving Party will not make any unauthorized use or disclosure of any confidential or proprietary information or trade secrets of any other person or entity to whom it owes an obligation of confidentiality with respect to such information, including but not limited to, any current or former employer.
- The Receiving Party’s obligations under this Agreement will survive termination of the discussions or dealings between the Parties related to the Permitted Use and will be binding upon the Receiving Party’s heirs, successors, and assigns.
- This Agreement will be governed by and construed in accordance with the laws of the Philippines. Any disputes under this Agreement may only be brought in the courts located in Metro Manila, and the Parties hereby consent to the exclusive personal jurisdiction and venue of these courts.
- The Receiving Party acknowledges that its breach of this Agreement may cause irreparable damage to Pantheon and hereby agrees that the Pantheon will be entitled to seek injunctive relief under this Agreement, as well as such further relief as may be granted by a court of competent jurisdiction.
- If any provision of this Agreement is found to be unenforceable or invalid, such unenforceability or invalidity will not render this Agreement unenforceable or invalid as a whole and, in such event, such provision will be changed and interpreted so as to best accomplish the objectives of such unenforceable or invalid provision within the limits of applicable law or applicable court decisions.
- Neither Party will assign or transfer any rights or obligations under this Agreement without the prior written consent of the other Party, except that a Party may assign this Agreement without such consent to its successor in interest by way of merger, acquisition or sale of all or substantially all of its assets.
- This Agreement represents the entire agreement and understanding between the Parties with respect to the subject matter hereof and supersedes all prior discussions relating to the subject matter of this Agreement. This Agreement is entered into without any reliance on any promise or representation, written or oral, other than those expressly contained herein, and may not be modified or amended in any way except by a writing signed by duly authorized officers of the Parties hereto. This Agreement may be executed in counterparts, which shall be deemed to be part of one original, and facsimile and electronic acceptance processes and electronic signatures shall be equivalent to original signatures.
Pantheon Systems PH, Inc. (Pantheon) Signature: Name: Title: Date: Address: 24th Floor, BGC Corporate Center, 11th Avenue corner 30th Street, Bonifacio Global City, Taguig | Receiving Party: Signature: Name: Title: Date: Address: |