Access to, and use of, the Products and Services (as defined below) is subject to and expressly conditioned upon acceptance of these terms of use (the “Agreement”) by the entity identified in the applicable Purchase Agreement (the “Customer”). This Agreement is a legally binding document effective as of the date of its acceptance by Customer (the “Effective Date”) entered into between Customer and Terranova Worldwide Corporation (“Terranova”) and governs the access to and use of the Products and Services by Customer and the Authorized Users (as defined below). By indicating its acceptance of this Agreement or by accessing or using the Products and Services, Customer agrees to be bound by all terms and conditions contained in this Agreement.
INTENDING TO BE LEGALLY BOUND, THE PARTIES AGREE AS FOLLOWS:
1. DEFINITIONS
The following terms have the following meanings:
1.1 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. For purposes of this definition, "control" means the power to direct or cause the direction of the management or policies of such entity, whether through the ownership of a majority of voting securities, by contract or otherwise.
1.2 “Authorized Users” means Customer's or its Affiliates' employees, consultants, contractors, agents, suppliers, or other third parties who are authorized by Customer or its Affiliates to access and use the Products and Services and who have been supplied access credentials for such purpose.
1.3 “Confidential Information” means all confidential or proprietary information of a party (the "Disclosing Party") disclosed to the other party (the "Receiving Party"), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Without limiting the scope of this confidentiality undertaking, the parties acknowledge and agree that: (a) Customer Confidential Information includes the Customer Data and Customer Content; (b) Terranova Confidential Information includes the Products and Services; and (c) Confidential Information of each party includes the terms and conditions of this Agreement, pricing, as well as marketing plans, budgets, financial information, technology, technical information, methods, processes, techniques, designs, computer programs and other business information disclosed by such party.
1.4 “Customer Content” has the meaning set out in Section 4.3.
1.5 “Customer Data” means, excluding Terranova Confidential Information, Documentation, and Downloadable Content, all data unique to Customer which is submitted, posted, displayed, or transmitted by Customer to Terranova through Customer’s use of Terranova’s online platforms or other use of the Products and Services.
1.6 “Disclosing Party” has the meaning set out in Section 1.4.
1.7 “Documentation” means any written or electronic documentation, images, video, text or sounds describing or explaining the functionalities of the Products and Services provided or made available by Terranova to Customer in the applicable Terranova help center(s); provided, however, that Documentation specifically excludes any “community moderated” forums as provided or accessible through such knowledge base(s).
1.8 “Downloadable Content” has the meaning set out in Section 2.2.
1.9 “Feedback” has the meaning set out in Section 4.1.
1.10 “Force Majeure Event” has the meaning set out in Section 10.8.
1.11 “Marks” has the meaning set out in Section 4.2.
1.12 “MSA” has the meaning set out in Section 7.1
1.13 “Phishing Simulator” means Terranova’s online phishing simulation platform.
1.14 “Purchase Agreement” means a document that is subject to this Agreement and is executed by Customer and Reseller and that confirms and documents the quantity and price of subscriptions to Products and Services purchased by Customer.
1.15 “Receiving Party” has the meaning set out in Section 1.4.
1.16 “Reseller” means the Terranova authorized reseller selling the subscriptions to access and use the Products and Services to Customer.
1.17 “Subscription Term” has the meaning set out in Section 9.1.
1.18 “Terranova Parties” has the meaning set out in Section 4.1.
2. PRODUCTS AND SERVICES
2.1 Provision of Products and Services. Terranova will make the purchased Products and Services available to Customer pursuant to this Agreement and allow the Authorized Users to access and use the Products and Services during the Subscription Term. Terranova may from time to time update the Products and Services but agrees not to make any changes to the Products and Services during the Subscription Term that would result in a material reduction of the content or functionality of the Products and Services. Customer's use of the Products and Services includes the right to access all functionalities available in the purchased Products and Services during the Subscription Term. Subsequent enhancements to the Products and Services made generally available to all subscribing customers will be also made available to Customer at no additional charge. This Agreement will apply to any updates, upgrades and new modules or offerings subsequently provided by Terranova to Customer as part of any purchased Products and Services.
2.2 Terms of Use for Downloadable Content. When the Products and Services purchased by Customer contain downloadable content owned by Terranova or its licensors such as SCORM files, videos, posters and communications tools (the “Downloadable Content”), Terranova hereby grants Customer a limited, non-exclusive and non-transferrable right and license to use and reproduce the Downloadable Content during the Subscription Term solely for Customer’s internal training purposes, for the quantities specified in the Purchase Agreement and in accordance with the Purchase Agreement. Notwithstanding the foregoing, Customer does not have the right to modify or create derivative works from the Downloadable Content. Customer agrees to demonstrate and prove, upon Terranova’s demand and to Terranova’s satisfaction, the number of Authorized Users that are using or have used the Products and Services (including the SCORM files) during the Subscription Term. Customer agrees to pay to the Reseller any underpaid fees revealed by such verification.
Customer will permanently delete or otherwise destroy any Downloadable Content at the expiration of the Agreement or the relevant Purchase Agreement and will, upon demand, provide a sworn statement by an officer of Customer confirming such deletion or destruction.
2.3 Availability. Subject to the terms and conditions set out in Schedule A, Terranova will host and operate the infrastructure to make the Products and Services available to Customer 24 hours a day, 7 days a week within minimal downtime and deploy commercially reasonable efforts to achieve the quarterly availability target set out in Schedule A.
2.4 Technical Support. Reseller is responsible to provide technical support services in connection with the purchased Products and Services through email, telephone, and online meetings in accordance with the terms of the Purchase Agreement. All requests for technical support services must be addressed directly to Reseller.
2.5 Use of Customer Data. Subject to this Agreement, including Terranova' confidentiality obligations, Customer hereby authorizes Terranova to use the Customer Data and perform such acts with respect to the Customer Data as is necessary for Terranova to provide the Products and Services to Customer. For clarity, Terranova will not use the Customer Data for any purpose other than providing the Products and Services.
2.6 Data Security, Privacy and Personal Information Protection. Terranova agrees to maintain administrative, physical and technical safeguards for the protection of the confidentiality and integrity of Customer Data and will process personal information contained in the Customer Data in accordance with the provisions of Schedule B.
2.7 Customer's Responsibilities.
2.7.1 Permitted Use, Restrictions. Customer must not allow access to, or use of, the Products and Services by anyone other than Authorized Users. Customer is responsible for its Authorized Users' compliance with this Agreement, for its Authorized Users' use of the Products and Services, and for ensuring that Authorized Users maintain the confidentiality of their access credentials. Customer agrees that it will not: (a) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time-share or otherwise commercially exploit the Products and Services or make the Products and Services available to any third party, other than to Authorized Users or as otherwise contemplated by this Agreement; (b) use the Products and Services to collect, transmit or process any material that is infringing, obscene, threatening, libelous, or otherwise unlawful or tortious, including material that is harmful to children or violates third party privacy rights; (c) use the Products and Services to send, store, publish, post, upload or otherwise transmit any malware, corrupted files or other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any systems, data, personal information or property of another; (d) interfere with or disrupt the integrity or performance of the Products and Services; (e) attempt to gain unauthorized access to the Products and Services or their related systems or networks; (f) use or knowingly permit others to use any security testing tools in order to probe, scan or attempt to penetrate or ascertain the security of the Products and Services; (g) access the Products and Services for the purpose of building a similar or competitive product; (h) copy, translate, create a derivative work of, reverse engineer, reverse assemble, disassemble, or decompile the Products and Services or any part thereof or otherwise attempt to discover any source code or modify the Products and Services.
2.7.2 Customer Data. Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Customer Data. Customer represents and warrants that it has obtained all rights, permissions, and consents necessary for the collection, processing, use and transfer of the Customer Data in conjunction with Terranova’ provision of the Products and Services.
2.7.3 Usage of Phishing Simulator. If the Products and Services purchased by Customer include the Phishing Simulator, the following terms apply: (a) the Phishing Simulator does not store any information directly provided by users being subjected to simulated phishing attempts. The Phishing Simulator collects such information as the IP address of the user, browser type, operating system, etc., which can then be incorporated in the reports generated by the platform; (b) Customer agrees to use the Phishing Simulator only in compliance with applicable laws, including intellectual property laws. For greater clarity, the Customer agrees that, when operating the Phishing Simulator, it will only make use of third-party text, graphic or other protected content with the permission of its owner or pursuant to an exception existing under applicable law, such as fair use, fair dealing or other similar exceptions, that allows for the use of protected content for educational purposes; (c) Customer acknowledges that the Phishing Simulator can only be used for training purposes, with the objective of increasing the awareness of users to phishing attacks; (d) Customer may only use the Phishing Simulator internally, with its employees, and at all times in compliance with its internal policies; and (e) Customer may only use the Phishing Simulator to send electronic mail messages to addresses belonging to domains owned by it or under its control.
2.7.4 Usage of Gmail Phish Submitter add-on. Phish Submitter allows end users to report phishing simulations emails and other suspicious messages. Emails reported via Phish Submitter are immediately forwarded to security response team.
3. FEES AND PAYMENT TERMS
3.1 Fees. The fees and payment terms for the Products and Services are as set forth in the applicable Purchase Agreement.
4. OWNERSHIP RIGHTS
4.1 Products and Services. Terranova and the service providers used by Terranova to provide and deliver the Products and Services (together the "Terranova Parties") own, or are authorized to use and exploit, all rights, titles and interests in and to the Products and Services, including all related intellectual property rights. Terranova reserves all rights not expressly granted to Customer under this Agreement. Neither Customer nor any Authorized User will delete or in any manner alter the copyright, trademark, and other proprietary notices of Terranova appearing on the Products and Services or any portion thereof. Additionally, Terranova can freely and without compensation use suggestions, enhancement requests, recommendations or other feedback provided by Customer and its Authorized Users relating to the Products and Services ("Feedback"), and Customer hereby grants Terranova an irrevocable, worldwide, royalty-free right to use or implement all Feedback (or any portion of it), including all intellectual property rights associated with it.
4.2 Customer Trademarks. If requested by Customer to personalize the interface of the Products and Services, Customer grants to Terranova a limited, royalty-free, right and license to display Customer’s trademarks provided or otherwise identified by the Customer (the “Marks”) but solely as instructed by Customer and for the duration of the Subscription Term. Terranova agrees that, with respect to its use of the Marks: (a) as between the parties, all rights, title and interest in the Marks are owned by the Customer, (b) Terranova will do nothing inconsistent with such ownership, and (c) all uses of the Marks will inure to the sole benefit of and be on behalf of the Customer.
4.3 Customer Data and Content. As between Terranova and Customer, Customer is the owner of all rights, titles and interests in and to the Customer Data and of all text, images, audio or video materials, trademarks and other materials provided or created by the Customer (the “Customer Content”) including all intellectual property rights therein.
4.4 Statistical Information. Terranova may monitor Customer's use of the Products and Services and use data related to Customer's use yet only in an aggregate and anonymous manner, to compile statistical and performance information related to the provision and operation of the Products and Services or to support benchmarking or the development of future features of the Products and Services. Customer agrees that Terranova may make such aggregated and anonymous information publicly available, provided that such information does not incorporate any Customer Data and/or identify Customer or its Confidential Information. Terranova is the owner and retains all intellectual property rights in such statistical and performance information.
5. CONFIDENTIALITY
5.1 Treatment of Confidential Information. The Receiving Party must use the same degree of care to protect the confidentiality of the Disclosing Party's Confidential Information that it uses to protect its own Confidential Information (but in no event less than reasonable care) and not use or disclose any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, except with the Disclosing Party's permission.
5.2 Exceptions. Confidential Information does not include information that: (i) is or becomes publicly available without breach of any obligation owed to the Disclosing Party; (ii) is already known to the Receiving Party at the time of its disclosure by the Disclosing Party, without a breach of any obligation owed to the Disclosing Party; (iii) following its disclosure to the Receiving Party, is received by the Receiving Party from a third party without breach of any obligation owed to the Disclosing Party; or (iv) is independently developed by the Receiving Party without reference to or use of the Disclosing Party's Confidential Information.
5.3 Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent required by applicable law, regulation or legal process. Unless such compelled disclosure is to enforce the provisions of this Agreement, the Receiving Party must, however: (i) provide the Disclosing Party with prompt written notice of the requirement to disclose, (ii) provide the Disclosing Party with reasonable assistance in the event the Disclosing Party wishes to oppose or contest such disclosure, and (iii) limit its disclosure to what is strictly required by law, regulation or legal process.
5.4 Injunctive Relief. The Parties agree that any unauthorized disclosure of Confidential Information may cause immediate and irreparable injury to the Disclosing Party and that, in the event of such breach, the Disclosing Party will be entitled, in addition to any other available remedies, to seek immediate injunctive and other equitable relief.
6. WARRANTIES AND DISCLAIMERS
6.1 WARRANTY. Each party warrants that it has the legal authority to enter into this Agreement. Terranova warrants to Customer that the Products and Services will materially conform with the relevant Documentation. Customer’s sole remedy, and Terranova’s entire liability, for a breach of this warranty will be to repair the Products and Services within a commercially reasonable timeframe to bring them substantially into conformance with the relevant Documentation.
6.2 Disclaimers. The only warranties for the Products and Services are set out in section 6.1 and the Terranova Parties do not formulate any other warranties in connection with this Agreement or the Products and Services. Without limiting the foregoing, except as expressly set out in section 6.1 and to the maximum extent permitted by applicable law, the Terranova Parties expressly disclaim all implied warranties. The Terranova Parties do not represent or warrant that: (a) Customer’s employees, contractors and other persons that will be using products and services will achieve a determinable improvement in information security awareness from their use of the Products and Services; in other words, while Terranova builds its products and services using best practices in the relevant fields, Terranova ultimately has no control over how well the Products and Services are used by Customer and the consequences such use or misuse may have on employees, contractors and other persons that are using them; or (b) the Products and Services will be error-free. The Products and Services may be subject to limitations, delays, and other problems inherent in the use of the internet and electronic communications. The Terranova parties are not responsible for any delays, delivery failures, or other damages resulting from such problems.
7. INDEMNIFICATION
7.1 Indemnification by Terranova. Terranova, at its expense, will defend and pay any settlement amounts and damages, costs and expenses (including reasonable attorneys' fees) awarded by a court of final jurisdiction arising out of any third-party claim, suit or proceeding alleging that Customer's use of the Products and Services in accordance with this Agreement infringes a third party's copyright or Canadian or U.S. patent issued as of the Effective Date. The foregoing obligations do not apply with respect to a claim of infringement if such claim arises out of (i) Customer's use of infringing Customer Data; (ii) use of the Products and Services in combination with any software, hardware, network or system not supplied by Terranova where the alleged infringement relates to such combination; (iii) any modification or alteration of the Products and Services other than by Terranova; or (iv) Customer's continued use of the Products and Services after Terranova notifies Customer to discontinue use because of an infringement claim. If any claim which Terranova is obligated to defend has occurred, or in Terranova' determination is likely to occur, Terranova may, in its sole discretion and at its option and expense (a) obtain for Customer the right to use the allegedly infringing item, (b) substitute a functionally equivalent, non-infringing replacement for such item, (c) modify such item to make it non-infringing and functionally equivalent, or (d) terminate this Agreement and refund to Reseller any prepaid amounts attributable to the period of time between the date Customer was unable to use the Products and Services due to such claim and the remaining days in the then-current Subscription Term.
7.2 Indemnification by Customer. Customer, at its expense, will defend and pay any settlement amounts or damages awarded by a court of final jurisdiction arising out of any third-party claim, suit or proceeding (i) alleging that the Customer Data infringes any data or privacy protection law, trade secret, trademark, copyright, or patent issued as of the Effective Date; or (ii) arising from occurrence of the conditions set forth in Section 7.1(i)-(iv) above.
7.3 Conditions. The parties' obligations under this Section 6 are contingent upon the indemnified party (i) giving prompt written notice to the indemnifying party of any claim under this Section, (ii) giving the indemnifying party sole control of the defense or settlement of the claim, and (iii) cooperating in the investigation and defense of such claim(s). The indemnifying party must not settle or consent to judgment in any such claim that adversely affects the rights or interests of the indemnified party or imposes additional obligations on the indemnified party, without the prior express written consent of the indemnified party. The rights and remedies set forth in this Section 6 are the sole obligations of the indemnifying party and exclusive remedies available to the indemnified party in the event of an applicable third-party claim.
8. LIABILITY
8.1 Limitation of Liability. Except as set out in section 8.3 below, in no event will Terranova’s liability arising out of or related to this Agreement, whether pursuant to contractual or extracontractual liability, tort or under any other theory of liability, exceed the amount paid to Terranova by reseller for the Products and Services purchased by Customer under the applicable purchase Agreement in the 12 months preceding the incident giving rise to such liability.
8.2 Exclusion of liability. In no event will either Party be liable to the other Party for any indirect, punitive, special, exemplary, incidental, consequential or other damages of any type or kind (including loss of data, revenue, proFIs, use or other economic advantage) arising out of, or in any way connected with the Products and Services or this Agreement, including but not limited to the use or inability to use the Products and Services, or for any content obtained from or through the Products and Services, any interruption, inaccuracy, error or omission, regardless of cause, even if Terranova and/or its licensors have been previously advised of the possibility of such damages or could have reasonably foreseen them.
8.3 Exceptions. The limitation of Section 8.1 above does not apply to any liability resulting from a party's indemniFIcation obligations set forth in Section 7 or breach of confidentiality obligations, which liability is limited to a cap of $100,000.
9. TERM AND TERMINATION
9.1 Term. This Agreement commences as of the Effective Date and remains in force until the expiration or termination of the last Purchase Agreement then in force. Customer's right to access and use the Products and Services begins on the latest of (i) the start date specified in the applicable Purchase Agreement or (ii) the Effective Date; and such right continues for the duration specified in such Purchase Agreement (the "Subscription Term").
9.2 Termination for Cause. This Agreement may be terminated by either party for cause as follows: (i) upon 30 days written notice if the other party breaches or defaults under any material provision and does not cure such breach prior to the end of such 30 day period, (ii) effective immediately and without notice if the other party ceases to do business, or otherwise terminates its business operations, except as a result of an assignment permitted hereunder. Terranova may temporarily cease performance of its obligations during any Customer cure period.
9.3 Effects of Termination. Upon expiration or termination of this Agreement or a Purchase Agreement: (i) Customer’s and the Authorized Users’ right to access and use the applicable Products and Services, including all Downloadable Content, as well as all licenses granted to Customer herein, will terminate immediately, and (ii) Customer must permanently destroy all copies of the applicable Downloadable Content and Terranova Confidential Information and upon request certify in writing that no copies have been retained by it.
9.4 Retrieval of Customer Data. Upon termination or expiration of the Subscription Term and provided no amount is then owed to Terranova by Customer, upon Customer's request made within 30 days after the applicable date of termination or expiration, Terranova will make Customer Data available for download by Customer in the applicable format. After such 30-day period, Terranova will have no obligation to maintain or provide any Customer Data and will thereafter, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control.
9.5 Survival. Except to the extent expressly provided to the contrary herein, Sections 4 through 10 will survive the termination of this Agreement.
10. GENERAL
10.1 Relationship. Terranova and Customer are independent contractors, and this Agreement does not create a partnership, joint venture, employment or agency relationship between the parties. This is a non-exclusive arrangement.
10.2 Entire Understanding; Modifications. This Agreement constitutes the entire agreement between the parties and supersede all prior and contemporaneous agreements, proposals or representations, oral or written, regarding the subject matter covered by this Agreement. Notwithstanding any language to the contrary therein, no terms or conditions stated in Customer's purchase order or in any other ordering documentation will be incorporated into or form any part of this Agreement, and all such terms or conditions will be null and void. Any modification to this Agreement shall be made in writing and executed by both parties.
10.3 Waiver. No waiver of any breach of this Agreement, and no course of dealing between the parties, will be construed as a waiver of any subsequent breach of this Agreement.
10.4 Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, the provision will be modified and interpreted by the court so as best to accomplish the intent of the original provision. The invalidity or unenforceability of any provision will not affect any of the other provisions of this Agreement.
10.5 Governing Law and Venue.
10.5.1 If Customer is domiciled in the United States: the governing laws will be the laws of the State of Delaware, excluding its conflict of law rules. The courts located in the State of Delaware will have exclusive jurisdiction to adjudicate any dispute relating to this Agreement and each party hereby irrevocably consents to the exclusive jurisdiction of such courts; or
10.5.2 If Customer is domiciled in France: the governing laws will be the laws of France excluding their conflict of law rules. The courts located in France will have exclusive jurisdiction to adjudicate any dispute relating to this Agreement and each party hereby irrevocably consents to the exclusive jurisdiction of such courts; or
10.5.3 If Customer is domiciled in the United Kingdom or in a member country of the European Union (except France): the governing laws will be the laws of England and Wales, excluding their conflict of law rules. The courts located in England and Wales will have exclusive jurisdiction to adjudicate any dispute relating to this Agreement and each party hereby irrevocably consents to the exclusive jurisdiction of such courts; or
10.5.4 If Customer is domiciled anywhere else: the governing laws will be the laws of the Province of Quebec, Canada, excluding its conflict of law rules. The courts located in Montreal, Province of Quebec, Canada will have exclusive jurisdiction to adjudicate any dispute relating to this Agreement and each party hereby irrevocably consents to the exclusive jurisdiction of such courts.
10.6 Assignment. Neither party may assign this Agreement to any third party without the prior written consent of the other party, such consent not to be unreasonably withheld. Notwithstanding the foregoing, either party (the “Assignor”) may assign and transfer this Agreement and its rights and obligations hereunder to an Affiliate or in connection with any sale of a portion of its business or assets, including by merger, asset sale or otherwise, but only if the acquirer of such assets or business agrees to be liable towards the other party for all the obligations and undertakings under this Agreement and agrees to be bound thereby in lieu of the Assignor. Any purported assignment in violation of this Section shall be void. This Agreement binds and benefits the parties, their respective successors and permitted assigns. There are no third-party beneficiaries to this Agreement.
10.7 Notices. Terranova may give notice to Customer by means of electronic mail to Customer's e-mail address on record in Terranova' account information, or by written communication sent by postal mail or nationally recognized overnight delivery service to Customer's address on record in Terranova' account information. Customer may give notice to Terranova by electronic mail or by written communication sent by postal mail or nationally recognized overnight delivery service addressed to Terranova Worldwide Corporation, 1545 de l’Avenir Blvd., suite 102, Laval, Quebec, Canada, H7S 2N5, Attention: President, with a copy to [email protected]. Notice will be deemed to have been given upon receipt or, if earlier, two business days after mailing, as applicable.
10.8 Force Majeure. Except for performance of a payment obligation, no party will be liable under this Agreement for delays, failures to perform, damages, losses or destruction, or malfunction of any equipment, or any consequence thereof, caused or occasioned by, or due to a cause beyond a party’s reasonable control (a “Force Majeure Event”). If the Force Majeure Event continues for more than 30 days, then either party may terminate the Agreement for convenience upon written notice to the other party.
SCHEDULE A
1. SERVICE LEVELS.
1.1 Availability. The availability target for the online training platform or Phishing Simulator is at least 99.9% of the time (the “Availability Target”). The actual availability is calculated each calendar quarter as follows:
Availability =
Where:
- “Total”: means the total number of minutes in the calendar quarter minus the number of minutes of Excluded downtime during such quarter;
- “Excluded” means:
- Any planned downtime; Terranova will use commercially reasonable efforts to schedule all planned downtime during 5PM to 8 AM on Saturdays (in the relevant datacenter’s time zone); or
- Any downtime due to a Force Majeure Event
- “Downtime”: means downtime that is not Excluded
1.2 Issue Escalation. In the event Terranova fails to meet the Availability Target for two consecutive quarters, Customer may elevate the issue to the relationship managers identified below and thereafter to the senior management identified below:
- 1st escalation step: Stéphanie Ouellette, Chief Customer Officer (CCO)
- 2nd escalation step: Mathieu Ouellette, Enterprise Sales VP
SCHEDULE B
Privacy and Personal Information Protection
Under this Schedule B and applicable laws regulating the Processing of Personal Information (“Applicable Privacy Laws”), Customer is the data controller and Terranova is the data processor.
Customer and Terranova warrant that they will comply with all obligations under Applicable Privacy Laws in connection with the Processing of Personal Information that is collected by or disclosed to it under the Agreement.
1. DEFINITIONS
The terms “Personal Information”, “Process” and “Processing” have the meaning under Applicable Privacy Laws, and “Customer Personal Information” means Personal Information disclosed to Terranova by Customer, including all Personal Information about or concerning Authorized Users.
Unless otherwise specifically provided, all terms with a capital letter have the same meaning than under the Agreement. If a term is not defined, it will have the meaning given under Applicable Privacy Laws.
- Subject matter and Purpose of the processing:
- Where the Customer has purchased the Training Platform: Terranova will process the data provided by the Customer for the purpose of providing Customer and Authorized Users access to a web-based training The Training Platform enables Customer to send security awareness training to employees, track attendance and quiz results, and reporting.
- Where the Customer has purchased the Phishing Platform: Terranova will process the data provided by the Customer for the purpose of providing Customer and Authorized Users access to a Phishing The Phishing Platform enables Customer to send simulated phishing messages, track simulation results and reporting.
- Where the Customer has purchased Professional and/or Managed Services: Terranova will process the data provided by the Customer for the purpose of providing all or some of the activities in any of the two products described above on behalf of the Customer, as set forth in this Agreement.
- Duration of the processing: During the Subscription
- Type of Personal Information processed: Professional coordinates (name, physical and email addresses, IP address and phone number) of Authorized Users.
- Categories of data subject: Customer’s Authorized Users.
2. DATA PROCESSING OBLIGATIONS
Terranova agrees that, in relation to Customer Personal Information, it must (a) only Process it for the purposes of providing the Products and Services to Customer; (b) not disclose Customer Personal Information to any other person without Customer’s prior written consent, unless the disclosure is required by applicable law (and Terranova immediately notifies Customer, unless such notification is prohibited by that law); (c) take appropriate action to ensure any Terranova personnel who Process Customer Personal Information understand and comply with the Terranova’s privacy and confidentiality obligations under the Agreement and this Schedule; (d) upon request, provide all reasonable assistance to Customer to facilitate the exercise of rights of data subjects; (e) provide information reasonably required by Customer to meet its obligations under Applicable Privacy Laws and to demonstrate compliance with this Schedule; and (f) promptly notify Customer as soon as it has received a complaint from any individual regarding the way his or her Personal Information has been processed and cooperate when Customer is investigating any claim related to individual complaints.
3. PERSONAL INFORMATION TRANSFERS
Terranova must not transfer the Customer Personal Information outside of the country where it is hosted as of the Effective Date, unless approved in writing by Customer. If the Customer Personal Information is hosted in the territory within the European Union on the Effective Date, Terranova will not transfer the Customer Personal Information outside the territory of the European Union, unless authorized in writing by the Customer.
4. INFORMATION SECURITY AND BREACH NOTIFICATION
4.1. Terranova has put into place and agrees to maintain during the Subscription Term appropriate, technical and organizational measures to secure Customer Personal Information, having regard to the risk of accidental or unauthorized access, loss, destruction, misuse, modification, disclosure or damage to Personal Information
4.2. If Terranova has knowledge of any (i) accidental loss or destruction of, or unauthorized disclosure of or access to Customer Personal Information; or (ii) data security breach on any of the systems used in the provision of the Products and Services, Terranova must (A) expeditiously report such incident to Customer; (B) mitigate, to the extent practicable, any harmful effect of such disclosure or access that is known to Terranova or its subcontractors; (C) cooperate with Customer in providing any notices to affected individuals regarding the incident, as directed by Customer; and (D) cooperate with any investigation into the incident that is subsequently undertaken by any data privacy authority, in consultation with
- Terranova’s contact: Frederic Laferriere, Director Client Support
[email protected] - Customer’s contact: As provided by Customer to Terranova or in the relevant Purchase Agreement.
5. COMPLIANCE
Terranova will provide Customer (and its auditors and other advisers) with all reasonable co-operation and assistance in relation to any compliance request pursuant to this Schedule B, including as a result of a request by any regulatory body.
6. SUB-PROCESSORS
In the event Terranova wishes to delegate the Processing of Customer Data to a new sub-processor or change a previously appointed sub-processor, Terranova will provide a notice of such appointment or change in appointment to Customer. All sub-processors retained by Terranova and having access to unencrypted Customer Personal Information will be retained pursuant to written agreements providing terms and obligations equivalent to that of this Schedule B and the relevant portions of the Agreement.
As of the Effective Date, the sub-processors used by Terranova, and approved by Customer, are the following:
North America:
- Microsoft Azure (datacenter located in Québec, Canada): infrastructure and application hosting;
- AWS: email delivery;
- SendGrid (USA): email delivery; and
- JangoMail (USA): email delivery.
Europe:
- Microsoft Azure (data center located in Ireland): infrastructure and application hosting; and
- AWS (Ireland): email delivery.