SUBSCRIPTION SERVICES AGREEMENT

This agreement is between a Legito legal entity specified in (a) the relevant invoice in the case of online payment inside the Legito application or (b) the relevant purchase order in the case of other than online payment in the Legito application (Legito), and the Customer agreeing to these terms (Customer).

1. SOFTWARE SERVICE.

This agreement and the applicable order provide Customer and its Affiliates (defined below) access to and usage of an Internet-based software service, including, without limitation, its features, functions, and user interface, and underlying software, as specified on an order (Service). Implementation services (Implementation Services) may also be provided by Legito if specified under an order.

2. USE OF SERVICE.

Customer Owned Data. All data, files, documents, templates and other content uploaded or created by Customer to the Service remains the property of Customer, as between Legito and Customer (Customer Data). Customer represents and warrants to Legito that Customer has provided all required notices and has obtained all required licenses, permissions, and consents regarding Customer Data for use within the Service under this agreement. Customer grants Legito the right to use the Customer Data solely for purposes of performing under this agreement. During the term of this agreement, Legito will provide Customer Data upon request, if Customer cannot export such Customer Data from within the Service.

Affiliates and Contractors. Customer, including its Affiliates, may enter into orders with Legito and its Affiliates.  An Affiliate entering into an order agrees to be bound by this agreement as if it were an original party hereto. Customer may allow its Affiliates and contractors to use the Service, provided Customer is responsible for their  compliance with the terms of this agreement, and use by its Affiliates and contractors is solely for Customer’s or Affiliate’s benefit. Affiliate means any company controlled by or under common control with the subject entity, directly or indirectly, with an ownership interest of at least 50%.

Customer Responsibilities. Customer: (i) must keep its passwords secure and confidential and use industry-standard password management practices; (ii) is solely responsible for Customer Data and all activity in its account in the Service; (iii) must use commercially reasonable efforts to prevent unauthorized access to its account and notify Legito promptly of any such unauthorized access; and (iv) may use the Service only in accordance with the Service’s technical documentation and applicable law.

Legito Support. Legito must provide Customer support for the Service under the terms of Legito’s Customer Support Policy (Support), attached as Exhibit A.

30-Day Trial Version. If Customer has registered for a trial use of the Service, Customer may access the Service for a 30-day time period (unless extended by Legito in writing). The Service is provided ‘AS IS’, with no warranty during this time period. All Customer Data will be deleted after the trial period, unless Customer converts its account to a paid Service.

Third Party Service. The Service interoperates with certain third-party services (Third Party Service) (DocuSign, Salesforce.com, HubSpot, etc.), and it depends on continuing availability of and access to Third Party Service, including application programming interfaces, for full functionality of the Service. Customer is responsible for obtaining all rights and the payment of all fees associated with all Third-Party Service for purposes of this agreement (except that Customer may purchase additional subscription capacity for certain Third-Party Services from Legito). Legito can provide more information regarding Third Party Services upon request.

3. SERVICE LEVEL AGREEMENT AND WARRANTY.

Availability Warranty. Legito warrants to Customer that Legito will maintain the availability of the Service as provided in the chart below (excluding maintenance outages, outages beyond Legito’s reasonable control, and outages that result from any Customer technology issues).

Credit for Availability Warranty.

– 99 – 95% = 10% of monthly fee.

– 94.99 – 90% = 25% of monthly fee.

– Less than 90% = 50% of monthly fee.

*Maximum amount of the credit is 100% of the fee for such month.

CUSTOMER’S EXCLUSIVE REMEDY AND LEGITO’S SOLE OBLIGATION FOR ITS FAILURE TO MEET THIS WARRANTY WILL BE FOR LEGITO TO PROVIDE A CREDIT FOR THE APPLICABLE MONTH, AS PROVIDED IN THE CHART ABOVE (IF THIS AGREEMENT IS NOT RENEWED, THEN A REFUND FOR THE MONTH), PROVIDED THAT CUSTOMER NOTIFIES LEGITO OF SUCH BREACH WITHIN 30 DAYS OF THE END OF THAT MONTH.

Warranty. Legito warrants to Customer that: (i) Legito will not materially decrease the overall security of the Service; (ii) the Service will perform materially in accordance with its technical documentation; and (iii) Legito will not materially decrease the overall functionality of the Service or the scope of Support. For any breach of this warranty,Customer’s exclusive remedies are those described in the “Mutual Termination for Material Breach” and “Effect of Termination” sections set forth in this agreement.

MAJOR OUTAGE. NOTWITHSTANDING THE FOREGOING, IF THE SERVICE IS AVAILABLE LESS THAN 98% FOR AT LEAST 2 CONSECUTIVE MONTHS OR ANY 3 MONTHS IN A 6-MONTH PERIOD (OTHER THAN WITH RESPECT TO THE SLA EXCLUSIONS), THEN UPON WRITTEN NOTICE, CUSTOMER MAY TERMINATE THE APPLICABLE ORDER AND LEGITO WILL REFUND ANY UNUSED AND PREPAID FEES FOR THE SERVICE, CONDITIONED ON CUSTOMER EXERCISING THIS TERMINATION RIGHT WITHIN 3 MONTHS OF THE FIRST DATE CUSTOMER CAN EXERCISE THIS TERMINATION RIGHT FOR THE APPLICABLE SLA VIOLATIONS.

Implementation Services Warranty. Legito warrants that, for a period of 30 days from delivery, it has performed the Implementation Services in conformance with generally accepted practices within the software services industry. Customer must notify Legito of any breach of this warranty no later than 30 days after delivery of the Implementation Services. CUSTOMER’S EXCLUSIVE REMEDY AND LEGITO’S ENTIRE LIABILITY UNDER THIS WARRANTY WILL BE FOR LEGITO TO RE-PERFORM ANY NON-CONFORMING PORTION OF THE IMPLEMENTATION SERVICES, OR IF LEGITO CANNOT REMEDY THE BREACH, THEN REFUND THE PORTION OF THE FEE ATTRIBUTABLE TO SUCH NON-CONFORMING PORTION OF THE IMPLEMENTATION SERVICES. THIS WARRANTY WILL NOT APPLY TO THE EXTENT CUSTOMER, ITS CONTRACTORS, OR AGENTS HAVE MODIFIED ANY ITEM.

DISCLAIMER. LEGITO DISCLAIMS ALL OTHER WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, AND FITNESS FOR A PARTICULAR PURPOSE. WHILE LEGITO TAKES REASONABLE PHYSICAL, TECHNICAL, AND ADMINISTRATIVE MEASURES TO SECURE THE SERVICE, LEGITO DOES NOT GUARANTEE THAT THE SERVICE CANNOT BE COMPROMISED. CUSTOMER UNDERSTANDS AND AGREES THAT THE SERVICE MAY NOT BE ERROR-FREE AND THE USE MAY BE INTERRUPTED, AND LEGITO IS NOT RESPONSIBLE OR LIABLE FOR ANY THIRD-PARTY SERVICE ISSUES.

4. PAYMENT.

Fees and Payment. Customer must pay all fees as specified on the order, but if not specified, then within 30 days of receipt of an invoice. The fees are exclusive of sales, use, withholding, VAT and other similar taxes, and Customer  is responsible for payment of such taxes at the rate and in the manner for the time being prescribed by law. If  Legito  has the legal obligation to pay or collect taxes for which Customer  is responsible under this section, Legito  will invoice Customer  and Customer  will pay that amount unless Customer  provides Legito  with a valid tax exemption certificate authorized by the appropriate taxing authority. This agreement contemplates one or more orders for the Service, which orders are governed by the terms of this agreement.

Nonpayment. If an invoiced amount is 30 days or more past due, Legito may suspend Service and Support until the amount is paid in full, provided Legito has given Customer at least 15 days’ prior written notice that its account is past due.

5. MUTUAL CONFIDENTIALITY.

Definition of Confidential Information. Confidential Information means all non-public information disclosed by a party (Discloser) to the other party (Recipient), whether orally, visually, or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure (Confidential Information). Legito’s Confidential Information includes, without limitation, the Service, pricing information, and the Software and Documentation (defined below). Customer’s Confidential Information includes, without limitation, the Customer Data.

Protection of Confidential Information. Recipient must use the same degree of care that it uses to protect the confidentiality of its
own confidential information of like kind (but not less than reasonable care) to: (i) not use any Confidential Information of Discloser for any purpose outside the scope of this agreement; and (ii) limit access to Confidential Information of Discloser to those of its and its Affiliates’ employees
and contractors who need that access for purposes consistent with this agreement and who have signed confidentiality
agreements with Recipient containing protections not materially less protective of the Confidential Information than
those in this agreement.

Exclusions. Confidential Information excludes information that: (i) is or becomes generally known to the public without breach of any obligation owed to Discloser; (ii) was known to the Recipient before its disclosure by the Discloser without breach of any obligation owed to the Discloser; (iii) is received from a third party without breach of any obligation owed to Discloser; or (iv) is independently developed by the Recipient without use of or access to the Confidential Information. The Recipient may disclose Confidential Information to the extent required by law or court order, but will provide Discloser with advance notice to seek a protective order.

Data Security Measures.

  • Security Measures. Legito: (i) implements and maintains reasonable security measures appropriate to the nature of the Customer Data including, without limitation, technical, physical, administrative, and organizational controls, designed to maintain the confidentiality, security, and integrity of the Customer Data; (ii) implements and maintains industry standard systems and procedures for detecting, preventing, and responding to attacks, intrusions, or other systems failures and regularly tests, or otherwise monitors the effectiveness of the safeguards’ key controls, systems, and procedures; (iii) designates an employee or employees to coordinate implementation and maintenance of its Security Measures (as defined below); and (iv) identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of the Customer Data that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of safeguards in place to control these risks (collectively, Security Measures).
  • Notice of Data Breach. If Legito becomes aware that Customer Data was accessed or disclosed in breach of this agreement, Legito will so notify Customer without undue delay, immediately act to eliminate the breach and preserve forensic evidence, and provide available information to Customer regarding the nature and scope of the breach.

6. PROPERTY.

Reservation of Rights. Legito and its licensors are the sole owners of the Service and the Software and Documentation, including all associated intellectual property rights, and they remain only with Legito. Customer may not remove or modify any proprietary marking or restrictive legends in the Service or Software and Documentation. Legito reserves all rights that are not expressly granted in this agreement.

Restrictions. Customer may not: (i) sell, resell, rent, or lease the Service or use it in a service-provider capacity; (ii) use the Service to store or transmit unsolicited marketing emails, libelous, or otherwise objectionable, unlawful, or tortious material, or to store or transmit infringing material in violation of third-party rights; (iii) interfere with or disrupt the integrity or performance of the Service; (iv) attempt to gain unauthorized access to the Service or its related systems or networks; (v) reverse engineer the Service or the Software and Documentation except as allowed by applicable law despite this limitation; or (vi) access the Service or use the Software and Documentation to build a competitive service or product, or copy any feature, function, or graphic for competitive purposes. Legito may suspend Service to Customer if Legito believes in good faith that  Customer’s use of the Service poses an imminent threat to the security, availability or legality of the Service; in such event, Legito will work with Customer to address the issue and restore Service as quickly as possible.

Statistical Information. Legito may compile statistical information related to the performance of the Service and may make such information publicly available, provided that such information does not identify Customer Data or Customer, and there is no means to re-identify Customer Data. Legito retains all intellectual property rights in such information.

7. TERM AND TERMINATION.

Term. This agreement continues until the 30th day after all orders have expired, unless earlier terminated as provided below.

Mutual Termination for Material Breach. If either party is in material breach of this agreement, the other party may terminate this agreement at the end of a written 30-day notice/cure period, if the breach has not been cured.

Return of Customer Data.

  • Within 30 days after termination, upon request Legito will make the Service available for Customer to export Customer Data as provided in Section 2(a).
  • After such 30-day period, Legito has no obligation to maintain the Customer Data and may destroy it.

Effect of Termination. If this agreement is terminated for Legito’s breach, Legito will refund Customer fees prepaid for the remainder of the term of all orders after the termination effective date.  If this agreement is terminated for Customer’s breach, Customer will pay any unpaid fees for the term of all orders.  Upon request, following any termination of this agreement, each party will destroy or return all of the other party’s property that it holds, subject to the “Return of Customer Data” section above.

8. LIABILITY LIMIT.

EXCLUSION OF INDIRECT DAMAGES. TO THE MAXIMUM EXTENT ALLOWED BY LAW, LEGITO IS NOT LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT (INCLUDING, WITHOUT LIMITATION, COSTS OF DELAY; LOSS OF OR UNAUTHORIZED ACCESS TO DATA OR INFORMATION; AND LOST PROFITS, REVENUE, OR ANTICIPATED COST SAVINGS), EVEN IF IT KNOWS OF THE POSSIBILITY OR FORESEEABILITY OF SUCH DAMAGE OR LOSS.

TOTAL LIMIT ON LIABILITY. TO THE MAXIMUM EXTENT ALLOWED BY LAW, EXCEPT FOR LEGITO’S INDEMNITY OBLIGATIONS, LEGITO’S TOTAL LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT (WHETHER IN CONTRACT, TORT, OR OTHERWISE) DOES NOT EXCEED THE AMOUNT PAID BY CUSTOMER WITHIN THE 12-MONTH PERIOD PRIOR TO THE EVENT THAT GAVE RISE TO THE LIABILITY.

9. INDEMNIFICATION FOR THIRD-PARTY CLAIMS.

Legito will defend or settle any third-party claim against Customer to the extent that such claim alleges that Legito technology used to provide the Service infringes a copyright, patent, trademark, or other intellectual property right, if Customer promptly notifies Legito of the claim in writing, cooperates with Legito in the defense, and allows Legito to solely control the defense or settlement of the claim. Costs. Legito will indemnify and hold harmless Customer from any infringement claim defense costs it incurs in defending Customer under this indemnity, Legito-negotiated settlement amounts agreed to by Legito, and court-awarded damages. Process. If such a claim appears likely, then Legito may modify the Service, procure the necessary rights, or replace it with the functional equivalent. If Legito determines that none of these are reasonably available, then Legito may terminate the Service and refund any prepaid and unused fees. Exclusions. Legito has no obligation for any claim arising from: Legito’s compliance with Customer’s specifications; a combination of the Service with other technology or aspects where the infringement would not occur but for the combination; Customer Data; or technology or aspects not provided by Legito.  THIS SECTION CONTAINS CUSTOMER’S EXCLUSIVE REMEDIES AND LEGITO’S SOLE LIABILITY FOR INTELLECTUAL PROPERTY INFRINGEMENT.

If a third party claims against Legito that any part of the Customer Data infringes or violates that party’s patent, copyright, or other right, Customer will defend Legito against that claim at Customer’s expense and pay all costs, damages, and attorneys’ fees that a court finally awards or that are included in a settlement approved by Customer, provided that Legito promptly notifies Customer of the claim in writing, cooperates with Customer in the defense, and allows Customer to solely control the defense or settlement of the claim.

10. GOVERNING LAW AND FORUM.

This agreement is governed by the laws of the country (state if applicable) where the Legito company has its registered office (without regard to conflicts of law principles) for any dispute between the parties or relating in any way to the subject matter of this agreement. Any suit or legal proceeding must be exclusively brought in the relevant courts according to the Legito’s registered office, and the Customer submits to this personal jurisdiction and venue. Nothing in this agreement prevents either party from seeking injunctive relief in a court of competent jurisdiction. The prevailing party in any litigation is entitled to recover its attorneys’ fees and costs from the other party.

OTHER TERMS.

Entire Agreement and Changes. This agreement and the order constitute the entire agreement between the parties and supersede any prior or contemporaneous negotiations or agreements, whether oral or written, related to this subject matter. Customer is not relying on any representation concerning this subject matter, oral or written, not included in this agreement. No representation, promise, or inducement not included in this agreement is binding. No modification or waiver of any term of this agreement is effective unless both parties sign it, however this agreement may be modified through an online process provided by Legito.

No Assignment. Neither party may assign or transfer this agreement to a third party, nor delegate any duty, except that the agreement and all orders may be assigned, without the consent of the other party, as part of a merger or sale of all or substantially all a party’s businesses, assets, not involving a competitor of the other party, or at any time to an Affiliate.

Export Compliance (if applicable). The Service and Confidential Information may be subject to export laws and regulations of the United States and other jurisdictions.  Each party represents that it is not named on any U.S. government denied-party list.  Neither party will permit its personnel or representatives to access any Service in a U.S.-embargoed country or in violation of any applicable export law or regulation.

Independent Contractors. The parties are independent contractors with respect to each other.

Enforceability and Force Majeure. If any term of this agreement is invalid or unenforceable, the other terms remain in effect. Neither party is liable for its non-performance due to events beyond its reasonable control, including but not limited to natural weather events and disasters, labor disruptions, and disruptions in the supply of utilities.

Money Damages Insufficient. Any breach by a party of this agreement or violation of the other party’s intellectual property rights could cause irreparable injury or harm to the other party. The other party may seek a court order to stop any breach or avoid any future breach of this agreement.

No Additional Terms. Legito rejects additional or conflicting terms of a Customer’s form-purchasing document.

Order of Precedence. If there is an inconsistency between this agreement and an order, the order prevails.

Survival of Terms. All provisions of this agreement regarding payment, confidentiality, indemnification, limitations of liability, proprietary rights and such other provisions that by fair implication require performance beyond the term of this agreement must survive expiration or termination of this agreement until fully performed or otherwise are inapplicable. The UN Convention on Contracts for the International Sale of Goods does not apply.

Feedback. If Customer provides feedback or suggestions about the Service, then Legito (and those it allows to use its technology) may use such information without obligation to Customer.

EXHIBIT A

DATA PROCESSING AGREEMENT

I. Data Processing

    1. In respect of personal data processed in the application at Legito’s hosted servers, the parties agree that Customer is the data controller and Legito is the data processor.
    2. Customer Data is and will be the sole property of the Customer. This Agreement does not grant Legito ownership to, or in, any Customer Intellectual Property Rights or any other rights or licenses in respect to the Customer Data.
    3. Legito must process any personal data in the Customer Data in accordance with GDPR (if applicable), in particular with Article 28 of GDPR (if applicable), as follows:
      1.3.1 Legito shall process and use any personal data in the Customer Data strictly for the purpose of operating Customer’s Workspace, and the provision of related services according to this Agreement (the scope of the processing) for the duration of this Agreement (duration of processing). Legito will process all types and categories of personal data inserted to the Customer’s Workspace, such as (i) contract data, including names of representatives and signatories, contractual/legal relationships and contract history, and (ii) contact details (type of personal data) from suppliers and customers of Customer (categories of data subject). Customer acknowledges that The application is a highly customizable software and Customer may therefore control which types of personal data are process by the Legito. Legito will process personal data until such data will be deleted from the database related to the Legito’s Workspace by (a) action of the Customer in the Workspace or (b) action by the Legito upon Customer’s request.
      1.3.2 Upon Customer’s request, Legito shall (a) process personal data as per Customer’s instructions (“Data Processing Instructions”), (b) demonstrate compliance with the relevant GDPR obligations and allow audits, including inspections, conducted by the Customer or another auditor mandated by the Customer and/or (c) assist Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 GDPR, taking into account the nature of processing and the information available to the processor.
      1.3.3 If Data Processing Instructions will not be in accordance with the technologies currently used in The application, architecture or infrastructure of The application, or database structure of The application, Legito shall notify the Customer of such fact without reasonable time and if Customer confirms the respective Data Processing Instructions, Legito may terminate this Agreement.
      1.3.4 Should the Data Processing Instructions cause an additional expense for Legito (the “DPI Costs”), the Legito shall notify the Customer of such DPI Costs, and if Customer confirms the DPI’s instructions, Legito shall invoice the Customer for the DPI Costs and the Customer shall reimburse the Legito for the DPI Costs.
      1.3.5 Customer shall have access to The application features which shall provide Customer with the ability to extract, delete, update, or correct personal data as per GDPR (if applicable).
      1.3.6 Legito shall implement and apply adequate technical and organizational measures, as required by article 32 of the GDPR (if applicable).
      1.3.7 Legito shall ensure that only necessary personnel have access to the server’s operating system and database and that all such personnel are contractually obligated to keep the Customer Data confidential.
      1.3.8 Legito may engage sub-processors in connection with the services or the operation and development of The application. The use of sub-processors does not release Legito from its obligations under this Agreement, and Legito remains liable for the failure of its sub-processors to comply with the obligations of this Agreement. Legito shall ensure that all sub-processors are contractually obligated to keep the Customer Data confidential and act according to the GDPR, in particular according to the provisions of Article 4 of this Agreement. The list of sub-processors is available upon Customer’s request sent electronically to the Legito’s email address helpdesk@the application.com.
      1.3.9 Legito shall notify Customer of all engaged sub-processors. For the purpose of this clause, notification means listing all such engaged sub-processors on Legito’s webpage accessible to Customer upon Customers request. Customer may raise reasonable objections to a new sub-processor, in which case the Parties will negotiate to reach a mutually acceptable solution.
      1.3.10 Legito may not transfer Customer Data to a third country outside the Server Location without Customer’s express written consent.
      1.3.11 The list of the current technical and organizational measures, as required by Article 32 of the GDPR, is available at the website of the Legito at the following internet address:
      https://www.legito.com/blog/developers/technical-and-organizational-measures-gdpr/
      1.3.12 Legito has an appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to data subject’s requests under GDPR..
      1.3.13 At the choice of the Legito, the Customer deletes or returns to the Customer all the personal data related to the Customer’s Workspace after the end of the provision of services (software) relating to processing and deletes existing copies unless the European Union and/or any European Union member state law requires storage of the personal data.

II. Security and Customer Data Protection

  1. Legito shall make reasonable efforts to secure The application (including the server on which the application is running if such server is hosted by The application) with appropriate market standard software and/or hardware against cyber-attacks and other unauthorized access to Customer Data by a third-party.
  2. If, despite Legito’s reasonable efforts to secure The application, Customer Data is disclosed as a result of a cyber-attack and other unauthorized access to Customer Data, Legito shall not be liable for any disclosure of Customer Data as a result of such cyber-attack and other unauthorized access to Customer Data.
  3. Legito shall inform Customer about any cyber-attack or other unauthorized access which resulted in the disclosure of the Customer Data no later than eight (8) hours after Legito realizes such incident occurred.

OTHER EXHIBITS


TERMS OF CONDITION OF OTHER LEGITO PRODUCTS