Response Privacy Services Agreement
Version 1.10
Effective June 1, 2023
The following terms and conditions (“Agreement”) between Identity Theft Guard Solutions, Inc. d/b/a IDX, a ZeroFox company (“IDX”) and you (the “Client”) apply to the identity protection services (the “Services”) offered by IDX as mutually agreed to herein by the parties, and shall be effective until or unless there is a signed agreement between the parties otherwise governing the Services. IDX and Client may be referred to collectively as the “parties”.
1. Services. IDX agrees to provide Services as specified in Statement(s) of Work (“Statement of Work” or “SOW”). If the parties agree to the provision by IDX of Services which are not included in the original SOW or which differ from those set forth in the SOW, a new Statement of Work Addendum or Services Addendum to the original SOW describing those services and the fees therefore shall be executed by both parties. All duly executed Statements of Work shall become part of this Agreement. Each SOW shall reflect the responsibilities of IDX and Client with respect to that particular SOW. Client may request additional Services at the pricing set forth in any SOW without the need for an additional SOW. All use of the Services by enrollees will be subject to the terms of service established by IDX from time to time. The content of any communications sent on behalf of Client shall be approved by and be the responsibility of Client, notwithstanding the provision of templates or any other related sources. Client will pay to IDX fees for Services as set forth in a SOW or SOW Addendum. All fees are non-cancelable and nonrefundable. Client will be responsible for, and will promptly pay, all taxes, fees or charges levied or assessed by any governmental authority or agency based upon fees paid under this Agreement, except any taxes which may be levied or assessed on the net income or profit of IDX. Variable use service fees are subject to external costs (such as postage rates, paper, etc.) and therefore are subject to change with 30-day written notice to Client. Client agrees that any outsourced data breach response services (notification, call center, identity/credit monitoring or the like) required by Client during the term of this Agreement will be provided solely by or through IDX.
2. Confidentiality. Each party agrees that it will (a) at all times protect the confidentiality of the other party’s Confidential Information with the same degree of care that it uses to protect its own Confidential Information, and in any event, will not use less than reasonable care; (b) not disclose, without the other party’s prior written consent, the other party’s Confidential Information (as hereinafter defined) to any third party (other than a party’s legal and financial advisors); (c) use the other party’s Confidential Information only to the extent necessary to perform its obligations or exercise its rights under this Agreement; and (d) disclose the other party’s Confidential Information only to those of its employees and legal and financial advisors who need to know such information for purposes of this Agreement. “Confidential Information” means any written, oral or visually observed non-public information concerning the disclosing party’s trade secrets, “know-how”, anything that may be construed as “intellectual property”, business plans, marketing strategy, data breach prevention templates, financial information, customer lists, personally identifiable information, information relating to loyalty programs or loyalty technology, enrollee or members lists, solicitation, membership and marketing methods, the terms and conditions of this Agreement, information that the disclosing party designates as being confidential or which under the circumstances surrounding disclosure the receiving party recognizes should be treated as confidential, and any tangible materials, in any media, incorporating, analyzing or compiling any of the foregoing information. “Confidential Information” does not include information that: (i) is now or subsequently becomes generally available to the public through no fault or breach of the receiving party; (ii) the receiving party can demonstrate to have had lawfully in its possession without an obligation of confidentiality prior to disclosure hereunder; or (iii) is independently developed by the receiving party without the use of any Confidential Information of the disclosing party as evidenced by written documentation. Notwithstanding any provision to the contrary contained in this Section, the receiving party may disclose Confidential Information to the extent required pursuant to a subpoena or order issued by a court of competent jurisdiction or by a judicial, administrative, legislative, regulatory or self-regulating authority or body provided that the receiving party shall use its best efforts to give the disclosing party sufficient prior written notice in order to contest such requirement or order. Each party’s obligations set forth in this Section will remain in effect during the term and 5 years after termination of this Agreement. Each party will promptly return to the other party or destroy (with certification of such destruction upon request) all Confidential Information of the other party in its possession or control upon request from the other party.
3. Warranties. IDX will provide the Services in a commercially reasonable manner in compliance with all applicable state and federal laws, statutes, and regulations now or hereafter in effect, of any applicable governmental authority. IDX will not engage in any unfair or deceptive trade practice involving any of the Services. Each party warrants it has the right and power to enter into this Agreement, that an authorized representative has executed this Agreement, and that each will comply with any applicable laws and regulations pertaining to this Agreement. EXCEPT FOR THE WARRANTIES ABOVE, EACH PARTY DISCLAIMS ALL WARRANTIES (EXPRESS, IMPLIED, ARISING FROM COURSE OF DEALING OR USAGE OF TRADE, OR STATUTORY) WITH REGARD TO ANY SERVICES OR TECHNOLOGIES PROVIDED UNDER THIS AGREEMENT, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. IN NO EVENT WILL IDX, ITS AFFILIATES, OR IDX’S LICENSORS BE LIABLE TO COMPANY, WHETHER IN CONTRACT, BY REASON OF NEGLIGENCE OR OTHERWISE, FOR PUNITIVE, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, OR INDIRECT DAMAGES OR COSTS (INCLUDING LEGAL FEES AND EXPENSES) OR LOSS OF GOODWILL OR PROFIT IN CONNECTION WITH THE SUPPLY, USE OR PERFORMANCE OF OR INABILITY TO USE THE SERVICES, OR OTHERWISE IN CONNECTION WITH THIS AGREEMENT, EVEN IF IDX, ITS AFFILIATES, OR IDX’S LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR COSTS. IN NO EVENT WILL THE AGGREGATE LIABILITY OF IDX FOR ANY MATTER RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT OF FEES PAID OR PAYABLE BY CLIENT TO IDX WITHIN THE SIX-MONTH PERIOD IMMEDIATELY PRECEDING THE DATE THE LIABILITY THAT GAVE RISE TO DAMAGES WAS INCURRED.
4. Indemnities. IDX will be entitled to rely on and act in accordance with any written instructions or directions provided by Client and will incur no liability in doing so. Client will defend, indemnify and hold harmless IDX and its subsidiaries, successors and assigns, and each of their officers, directors, agents, contractors, subcontractors and employees (collectively referred to as the “IDX Indemnities”), from and against any and all third-party claims, liabilities, damages, fines, penalties or costs (including reasonable attorneys’ fees) arising out of or resulting from (i) IDX acting in accordance with any such instructions or directions, and (ii) death of or injury to any person or loss of or damage to any tangible property (excluding the loss of data) arising out of or to the extent resulting from the acts or omissions of Client, (iii) arising from the content of any communications authorized by and sent on behalf of the Client, and (iv) any infringement of a United States letters patent, a trade secret, or any copyright, trademark, service mark, trade name, “intellectual property”, or similar proprietary rights conferred by statute, by common law, or by contract alleged to have occurred as a result of materials provided, by Client. In the event that any claim is made or any action or proceeding is brought against the IDX Indemnities, or any of them, arising out of or connected with this Agreement, any such IDX Indemnities, may, by notice to Client, require that Client resist such claim or take over the defense of any such action or proceeding and employ counsel for such purpose, such counsel to be subject to the prior approval of such IDX Indemnities, which approval shall be deemed to have been given hereby in the case of counsel acting for the insurance underwriters of Client or engaged in such resistance or defense. If IDX or any of its officers, directors, shareholders or employees are required by a court or arbitrator or requested to respond to depositions, discovery demands or testify in depositions or as a witness in any legal action that relates to the Services engaged by Client under this Agreement, Client will reimburse IDX or such individual for reasonable attorneys’ fees and costs, travel and/or other out of pocket expenses incurred in responding to such requests. IDX shall defend, indemnify and hold harmless Client and each of its officers, directors, agents, contractors, subcontractors and employees (collectively referred to as the “Client Indemnities”), from and against any and all third-party claims, liabilities, damages, fines, penalties or costs (including reasonable attorney’s fees), whether by reason of death of or injury to any person or loss of or damage to any tangible or intangible property (including the loss of Client data ) or otherwise, arising out of or resulting solely from the provision of Services by IDX unless such liability results from written instruction or direction by Client. In the event that any claim is made or any action or proceeding is brought against the Client Indemnities, or any of them, arising out of or connected with this Agreement, any such Client Indemnities may, by notice to IDX, require that IDX resist such claim or take over the defense of any such action or proceeding and employ counsel for such purpose, such counsel to be subject to the prior approval of such Client Indemnities, which approval shall be deemed to have been given hereby in the case of counsel acting for the insurance underwriters of IDX or engaged in such resistance or defense.
5. Term & Termination. The term of this Agreement will commence on the Effective Date and will continue for 24 months (the “Initial Term”). Thereafter, this Agreement shall automatically renew for successive terms of twelve (12) months each, (each a “Renewal Term”), unless sooner terminated as follows.
(A) Termination Without Cause. This Agreement shall terminate at the end of the Initial Term or any Renewal Term by notice of intent to terminate given by either party to the other, in writing and at least thirty (30) days prior to the end of the term currently in effect. If such notice is not given by either party, this Agreement shall renew automatically for the next Renewal Term. In the event of termination by Client under this Subsection, Client shall pay to IDX any fees unpaid and due as of the date of notice of termination, and shall pay any further fees which become due prior to the actual termination date of this Agreement.
(B) Termination With Cause. If either party materially breaches this Agreement (except for a default in payments to IDX) and fails to cure such default within thirty (30) days after receiving written notice specifying the default, then the party not in default may terminate this Agreement as of the date specified in such notice. In the event that Client defaults in the payment when due of any amount to IDX, and does not cure such default within ten (10) days after receipt of written notice of such default, IDX may terminate this Agreement as of the date specified in such notice. Notwithstanding any such termination by IDX for nonpayment, Client agrees that it will be liable to IDX for any and all earned but unpaid fees. The rights acquired or obligations incurred by the parties thereto prior to any termination shall not be affected. In the event of any termination under this Subsection, IDX shall be entitled to receive fees accrued and payable to it as of the date of termination.
(C) Services. Following Termination. Notwithstanding anything to the contrary set forth in this Agreement, the parties agree that IDX may offer identity protection services to previously enrolled members of data breach populations so that the members may have opportunity to continue their enrollment at their own expense following termination or expiration of an applicable SOW or of this Agreement.
(D) Survival. In addition to any obligations that survive under Sections 5 (A) and (B) above, Sections 2, 4, 6, 7, 8, 9, 10, and the liability limits of Section 3, shall survive termination of this Agreement.
6. Ownership. Title to and ownership of all systems, software, documentation, proprietary information, utilities, tools, methodologies, specifications, techniques and other materials, know-how, and hardware owned by IDX or in the possession of IDX prior to the Effective Date of this Agreement and/or used or developed by IDX in connection with providing the Services, together with the intellectual property rights therein, shall remain with IDX.
7. Independent Contractor. IDX is an independent contractor. Nothing in this Agreement is intended to construe the existence of a partnership, joint venture, employment or agency relationship between Client and IDX. IDX shall be responsible for providing any salary or other benefits to its personnel. Neither party shall hire or solicit the hiring of, directly or indirectly, the other party’s employees that are involved in the Services during the Initial Term or any Renewal Term of this Agreement, without the written consent of the other party. Either party may make general solicitations to the public (including solicitations by way of job-posting web sites) or solicitations by a retained third party so long as the third party is not directed by a party to this Agreement or one of their Affiliates to make such solicitation to those employees that are involved in the Services.
8. Publicity. All media releases, public announcements and public disclosures by IDX or Client or their respective employees or agents relating to this Agreement, its subject matter or the Services rendered hereunder, including promotional or marketing material (but not including any announcement intended solely for internal distribution at IDX or Client, as the case may be) shall be coordinated with and approved by both parties prior to the release thereof. Neither party will use any name, trade name, trademark, or other designation of the other party in advertising, publicity, promotional, or marketing materials, or any other activity, including announcements about this Agreement, without the express written consent of the other party in each instance.
9. Discrimination. IDX abides by the requirements of 41 CFR §§ 60‐1.4(a), 60‐ 300.5(a) and 60‐741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, national origin, sexual orientation, and/or gender identity. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or disability.
10. Applicable Law. This Agreement shall be construed according to, and the rights of the parties shall be governed by, the law of the State of Oregon without regard to choice of law rules. Venue for any court action arising under this Agreement shall lie exclusively in Multnomah County, Oregon. The parties agree that any and all disputes, claims or controversies arising out of or relating to this Agreement shall be submitted to JAMS, or its successor, for mediation, and if the matter is not resolved through mediation, then it shall be submitted to JAMS, or its successor, for final and binding arbitration pursuant to the terms below. Either party may commence mediation by providing to JAMS and the other party a written request for mediation, setting forth the subject of the dispute and the relief requested. The parties will cooperate with JAMS and with one another in selecting a mediator from the JAMS panel of neutrals and in scheduling the mediation proceedings. The parties agree that they will participate in the mediation in good faith and that they will share equally in its costs. All offers, promises, conduct and statements, whether oral or written, made in the course of the mediation by any of the parties, their agents, employees, experts and attorneys, and by the mediator or any JAMS employees, are confidential, privileged and inadmissible for any purpose, including impeachment, in any arbitration or other proceeding involving the parties, provided that evidence that is otherwise admissible or discoverable shall not be rendered inadmissible or non-discoverable as a result of its use in the mediation. Either party may initiate arbitration with respect to the matters submitted to mediation by filing a written demand for arbitration at any time following the initial mediation session or at any time following 45 days from the date of filing the written request for mediation, whichever occurs first (“Earliest Initiation Date”). The mediation may continue after the commencement of arbitration if the parties so desire. At no time prior to the Earliest Initiation Date shall either side initiate an arbitration or litigation related to this Agreement, except that either party may institute an action in court for injunctive or other equitable relief at any time. The arbitration shall be administered by JAMS in Multnomah County, Oregon pursuant to its Comprehensive Arbitration Rules and Procedures and in accordance with the Expedited Procedures in those Rules. Judgment on the Award may be entered in any court having jurisdiction.
11. Miscellaneous. This Agreement and any applicable SOWs (together with each exhibit and attachment attached thereto) constitute the entire Agreement between IDX and Client on this subject matter. This Agreement shall not be modified except by a subsequently dated written Work Order signed on behalf the parties by their duly authorized representatives and any provision of a purchase order purporting to supplement or vary the provisions hereof shall be void. The waiver by either party of a breach of any provisions contained herein shall be in writing and shall in no way be construed as a waiver of any succeeding breach of such provision or the waiver of the provision itself. The section headings appearing in this Agreement are inserted only as a matter of convenience and in no way define, limit, construe or describe the scope or extent of such section or in any way affect such section. All remedies available to either party for breach of this Agreement are cumulative and may be exercised concurrently or separately, and the exercise of any one remedy shall not be deemed an election of such remedy to the exclusion of other remedies. Should any suit, action or arbitration be commenced in connection with this Agreement, the prevailing party in such suit or action shall be entitled to recover its costs and disbursements, together with such investigation, expert witness and attorneys’ fees incurred in connection with such action as the court or arbitrator may adjudge reasonable. If any of the provisions of the Agreement are ultimately deemed by a court of competent jurisdiction to be illegal, invalid or unenforceable, such provisions shall be deleted and the remaining terms and provisions under the Agreement shall continue in full force and effect. This Agreement shall inure to the benefit of and be binding upon the parties and their respective successors and permitted assigns. Neither party may assign this Agreement or any of its rights or obligations hereunder without the prior written consent of the other party. Notwithstanding the foregoing or anything to the contrary in this Agreement, either party may assign this Agreement to a subsidiary company or a successor in interest resulting from a merger, acquisition, reorganization or sale of all or substantially all of its assets or change of control upon written notice to the other party. Any attempted assignment not authorized hereunder shall be null and void. Either party is excused from performance and shall not be liable for any delay in delivery or for non-delivery, in whole or in part, caused by the occurrence of any contingency beyond the control of the parties including, but not limited to, work stoppages, fires, hurricanes, civil disobedience, riots, rebellions, accident, explosion, flood, storm, pandemic or threat thereof, Acts of God and similar occurrences. The terms of any services agreement duly executed between the parties shall supersede the terms of this Agreement.
IDX will process all Protected Health Information (as defined under the federal Health Insurance Portability and Accountability Act of 1996, Pub. Law 101-191, as amended from time to time) received by IDX from or on behalf of Client in accordance with the Business Associate Agreement (BAA) posted at idx.us/baa, if reference to the BAA included in Client’s SOW for the applicable Services.