Response Privacy Services Agreement

Response Privacy Services Agreement
Effective June 18, 2024

This Response Privacy Services Agreement(this “Agreement”) is between Identity Theft Guard Solutions, Inc., d/b/a IDX, a Delaware (USA) corporation (“IDX”), and the entity or organization that you represent (“Customer”).

You represent and warrant that you are at least 18 years of age and that you have the right, power, and authority to enter into this Agreement on behalf of Customer. This Agreement becomes binding and effective on Customer upon the earliest of when you execute an SOW with IDX.

Capitalized terms not otherwise defined in the text of this Agreement will have the meanings assigned to them in Exhibit A (Definitions).

1. Services
   IDX agrees to provide Services as specified in one or more statements of work each, an “SOW”) executed by the Parties. If the Parties subsequently agree to the provision of Services which are not included in the original SOW or which differ from those set forth in the original SOW, a new SOW or an amendment to the original SOW describing those services and the fees therefore will be required to be executed by both Parties. All duly executed SOWs shall become part of this Agreement. Each SOW shall reflect the responsibilities of IDX and Customer with respect to that particular SOW. Customer may request additional Services at the pricing set forth in any SOW without the need for an additional SOW. IDX will be entitled to rely on and act in accordance with any written instructions or directions provided by Customer and will incur no liability in doing so. All use of the Services by enrollees will be subject to the separate terms of service established by IDX from time to time. The content of any communications sent on behalf of Customer shall be approved by and be the responsibility of Customer, notwithstanding the provision of templates or any other related sources. Variable use service fees are subject to external costs and therefore are subject to change with 30-day written notice to Customer. Customer agrees that any outsourced data breach response services (notification, call center, identity/credit monitoring or the like) required by Customer during the term of this Agreement will be provided solely by or through IDX.
2. Affiliates
   Subject to IDX’s reasonable acceptance (not to be unreasonably withheld, conditioned, or delayed), Customer’s Affiliates may place an SOW under this Agreement.  This Agreement and each such SOW will be a separate agreement between IDX and each Customer Affiliate that signs an SOW.
3. Feedback
   If you provide IDX with any suggestions, requested improvements or feedback regarding the Services (collectively, “Feedback”), IDX may use the Feedback for any purpose without acknowledgement or compensation; provided, however, Customer will not be identified publicly as the source of the Feedback.
4. IDX Proprietary Rights
   IDX is the sole and exclusive owner of all right, title and interest in and to all systems, software, hardware, documentation, tools, know-how, processes, methods, specifications, inventions, user interfaces, libraries and other technology and materials of any kind that are used or provided by IDX to Customer in connection with the provision of Services, and all associated Intellectual Property Rights therein. IDX reserves all rights not otherwise expressly granted in this Agreement.
5. Payments
   Customer shall pay to IDX (or a mutually agreed upon reseller, if applicable) the amounts specified in each SOW, as applicable, in accordance with its terms and this Agreement.  Unless otherwise specified in an SOW, all amounts must be paid in U.S. dollars within thirty (30) days of receipt of each IDX invoice.  All amounts are non-cancelable and non-refundable.
6. Taxes
   All fees and amounts set forth in the SOWs are exclusive of Taxes; Customer shall be responsible for paying all Taxes other than any Taxes on IDX’s income, revenues, gross receipts, personnel, or assets. If Customer is required to deduct or withhold any Taxes under Applicable Law, Customer must pay the amount deducted or withheld as required by Applicable Law and pay IDX an additional amount so that IDX receives payment in full of amounts due under this Agreement as if there were no deduction or withholding.
7. Confidential Information
   As used in this Agreement, “Confidential Information” means any information disclosed by one Party, its Affiliates, or their respective employees, agents, or contractors (the “Discloser”) that is designated as confidential, either orally or in writing, or that, given the nature of the information or circumstances surrounding its disclosure, reasonably should be understood to be confidential. Confidential Information includes without limitation: (a) information relating to the Discloser’s or its Affiliates’ technology, customers, business plans, promotional and marketing activities, finances, and other business affairs; (b) third-party information that the Discloser is obligated to keep confidential; (c) Customer Data; and (d) the terms of this Agreement. Confidential Information does not include any information that: (i) was known to the Party that receives any Confidential Information (the “Recipient”) prior to receiving the same from the Discloser in connection with this Agreement; (ii) is independently developed by the Recipient without reference to or use of the Discloser’s Confidential Information; (iii) is acquired by the Recipient from another source without restriction as to use or disclosure; or (iv) is or becomes publicly available through no fault or action of the Recipient.
8. Confidentiality and Non-Disclosure
   Each Party reserves any and all right, title, and interest, including any Intellectual Property Rights, that it may have in or to its Confidential Information that it may disclose to the other Party under this Agreement. The Recipient shall protect Confidential Information of the Discloser against any unauthorized use or disclosure to the same extent that the Recipient protects its own Confidential Information of a similar nature against unauthorized use or disclosure, but in no event shall use less than a reasonable standard of care to protect such Confidential Information. The Recipient shall use any Confidential Information of the Discloser solely for the purposes for which it is provided by the Discloser. This Section will not be interpreted or construed to prohibit: (a) any use or disclosure which is necessary or appropriate in connection with the Recipient’s performance of its obligations or exercise of its rights under this Agreement; (b) any use or disclosure required by Applicable Law, provided that the Recipient uses reasonable efforts to give the Discloser reasonable advance notice thereof to afford the Discloser an opportunity to intervene and seek appropriate relief for the protection of its Confidential Information; or (c) any use or disclosure made with the consent of the Discloser. In the event of any breach or threatened breach by the Recipient of its obligations under this Section, the Discloser will be entitled to seek injunctive and other equitable relief to enforce such obligations.
9. Term
   Term of this Agreement will commence on the date first made effective and will continue for  so long as there is an SOW in effect.
10. Early Termination
    IDX may terminate any SOW or suspend performance upon written notice to Customer if Customer fails to pay any amount due under the SOW, and such failure continues more than ten (10) days after IDX’s delivery of written notice.  Notwithstanding any such termination by IDX for nonpayment, Customer agrees that it will be liable to IDX for any and all contracted fees. In addition, either Party may terminate this Agreement and all SOWs, effective on written notice to the other Party, if the other Party materially breaches this Agreement, and such breach (if capable of cure) remains uncured thirty (30) days after the non-breaching Party provides the breaching Party with written notice of such breach.
11. Effect of Termination
    Upon expiration or earlier termination of an SOW, and unless terminated by IDX under Section 10 above, IDX shall continue to perform the Services for the duration stated in the applicable SOW, and thereafter: (a) all rights granted to Customer under such SOW, as applicable, will terminate effective as of the effective date of termination; (b) IDX will have no further obligation to provide Services; and (c) Customer will pay to IDX any outstanding amounts payable for Services, together with all other amounts in accordance with the SOW. Further, IDX may delete any and all Customer Data thirty (30) days of completion of each applicable SOW. Notwithstanding anything to the contrary set forth in this Agreement, the Parties agree that IDX may directly or indirectly offer identity protection services to previously enrolled members of data breach populations covered by the Services so that the members may have opportunity to personally continue their enrollment at their own expense following termination or expiration of an applicable SOW or of this Agreement.
12. Survival
    The provisions set forth in the following Sections, and any other right or obligation of the Parties in this Agreement that, by its nature, should survive termination or expiration of this Agreement, will survive any expiration or termination of this Agreement: 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, and 15 through 28.
13. Mutual Warranties
    Each Party represents and warrants that: (a) it has the legal authority to enter into this Agreement, to grant the rights granted by it under this Agreement and to perform its obligations under this Agreement; and (b) the execution (or entering into via click-to-accept) of this Agreement has been duly authorized by the Party.
14. Services Warranty. 
    IDX will provide the Services in a commercially reasonable manner in compliance with all applicable state and federal laws, statutes, and regulations now or hereafter in effect.
15. General Disclaimers
    EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTY OR GUARANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL WARRANTIES, WHETHER IMPLIED, EXPRESS, OR STATUTORY, INCLUDING ANY IMPLIED WARRANTY OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEAILING, USAGE OR TRADE PRACTICE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
16. Indemnification by IDX
    Subject to Section 18, IDX agrees to defend, indemnify and hold harmless Customer and its Affiliates who have placed an SOW hereunder (collectively, “Customer Indemnitees”), from and against any and all claims, damages, obligations, losses, liabilities, costs and expenses (including without limitation reasonable attorneys’ fees) (collectively, “Losses”) arising out of or related to any claim, suit, action or proceeding (each, “Action”) initiated by a third party alleging that provision of the Services in accordance with this Agreement, infringes or misappropriates such third party’s Intellectual Property Rights (a “Customer Infringement Claim”). IDX will have no liability for any Customer Infringement Claim to the extent it arises from: (i) Customer’s breach of this Agreement; (ii) Customer Data; or (iii) IDX’s compliance with Customer’s instructions. If provision of the Services becomes, or in IDX’s reasonable opinion is likely to become, the subject of a Customer Infringement Claim, then IDX may in its discretion and at its own expense: (a) obtain the right to continue providing the Services; (b) modify the Services so that they no longer infringe or misappropriate; or (c) terminate this Agreement and all SOWs related to the infringing matter and refund any prepaid unused fees. The foregoing in this section states IDX’s entire liability and Customer’s exclusive remedies for any claim of intellectual property rights infringement or misappropriation.
17. Indemnification by Customer
    Subject to Section 18, Customer agrees to defend, indemnify and hold harmless IDX and its Affiliates (collectively, “IDX Indemnitees”), from and against any and all Losses arising out of or related to any Action initiated by a third party arising out of or resulting from (i) IDX acting in accordance with any such instructions or directions of Customer duly in performance of its obligations hereunder, (ii) the content of any communications authorized by and sent on behalf of the Customer, or (iii) any allegation that any content provided by Customer to IDX, infringes or misappropriates such third party’s Intellectual Property Rights.  If IDX or any of its officers, directors, shareholders or employees are required by a court or arbitrator or requested to respond to depositions, discovery demands or testify in depositions or as a witness in any legal action that relates to Services duly performed hereunder, Customer will reimburse IDX or such individual for reasonable attorneys’ fees and costs, travel and/or other out of pocket expenses incurred in responding to such requests.
18. Indemnification Procedure
    A Customer Indemnitee or IDX Indemnitee (each an “Indemnitee”) seeking indemnification from the other Party (the “Indemnitor”) shall promptly notify the Indemnitor, in writing of any Action for which it seeks indemnification and cooperate with Indemnitor at Indemnitor’s expense. Indemnitor shall promptly take control of the defense and investigation of such Action and shall employ counsel of its choice to handle and defend the same, at Indemnitor’s expense. An Indemnitee may participate in and observe the proceedings at its own expense with counsel of its own choice. Indemnitor shall not settle an Action without the Indemnitee’s written consent if such settlement shall require action or payment by Indemnitee, which consent shall not be unreasonably withheld, conditioned or delayed.
19. Limitations of Liability
    TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT AS OTHERWISE PROVIDED IN THIS SECTION 19: (a) IN NO EVENT SHALL EITHER PARTY, ITS AFFILIATES OR THEIR EMPLOYEES, AGENTS, CONTRACTORS, OFFICERS OR DIRECTORS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR BUSINESS INTERRUPTION, LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES ARISING OUT OF THE SERVICES OR IN ANY WAY RELATING TO THIS AGREEMENT; AND (b) IN NO EVENT SHALL EITHER PARTY’S CUMULATIVE AND AGGREGATE LIABILITY ARISING OUT OF THE SERVICES OR IN ANY WAY RELATING THIS AGREEMENT EXCEED THE FEES OWED BY CUSTOMER UNDER THE APPLICABLE SOW(S) IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE LIABILITY (THE “CAP”). THE EXCLUSIONS AND LIMITATIONS IN THIS SECTION, INCLUDING THE CAP (COLLECTIVELY, THE “EXCLUSIONS”), APPLY WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR ANY OTHER BASIS, EVEN IF THE NON-BREACHING PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE EXCLUSIONS SHALL NOT APPLY TO IDX’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 16, CUSTOMER’S BREACH OF SECTION 17 OR CUSTOMER’S PAYMENT OBLIGATIONS TO IDX, AS APPLICABLE.
20. Publicity
    Neither Party shall issue or release any announcement, statement, press release or other publicity or marketing materials relating to this Agreement or, unless expressly permitted under this Agreement, otherwise use the other Party’s marks or logos without the prior written consent of the other Party.
21. Force Majeure
    Neither Party shall be liable or responsible to the other Party, nor be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement, when and to the extent such failure or delay is caused by acts of God; flood, fire or explosion; war, terrorism, invasion, riot or other civil unrest; embargoes or blockades in effect on or after the date of this Agreement; or national or regional emergency including but not limited to a global pandemic (each of the foregoing, a “Force Majeure Event”), in each case, provided the (a) event is outside the reasonable control of the affected Party, (b) affected Party provides prompt notice to the other Party, stating the period of time the occurrence is expected to continue, and  (c) affected Party uses diligent efforts to end the failure or delay and minimize the effects of such Force Majeure Event.
22. Independent Parties; No Third-Party Beneficiaries
    The Parties expressly understand and agree that their relationship is that of independent contractors. Nothing in this Agreement shall constitute one Party as an employee, agent, joint venture partner or servant of another. This Agreement is for the sole benefit of the Parties hereto and their respective successors and permitted assigns and nothing herein, express, or implied, is intended to or shall confer on any other person any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement.
23. Assignment
    Neither Party may assign this Agreement, whether by operation of law or otherwise, without the other Party’s prior written consent, provided, however, either Party may assign this Agreement in connection with any merger, consolidation or reorganization involving such Party (regardless of whether it is a surviving or disappearing entity), or a sale of all or substantially all of a Party’s business or assets relating to this Agreement to an unaffiliated third party.  Any purported assignment in violation of this Section is void.  This Agreement is binding upon and inure to the benefit of the Parties hereto and their respective permitted successors and assigns.
24. Anti-Corruption and Export Compliance
    Each Party shall, in connection with this Agreement:  (a) comply with Applicable Laws relating to anti-bribery and anti-corruption, which may include the US Foreign Corrupt Practices Act of 1977 and the UK Bribery Act 2010; and (b) comply with Applicable Laws administered by the U.S. Commerce Bureau of Industry and Security, U.S. Treasury Office of Foreign Assets Control or other governmental entity imposing export controls and trade sanctions, including designating countries, entities and persons in which it would be unlawful to transact business.
25. Governing Law; Venue
    The Parties agree that both the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transaction Act (“UCITA”) are specifically excluded from application to this Agreement. Except to the extent the issue arising under this Agreement is governed by United States federal law, this Agreement shall be governed by and construed and enforced in accordance the applicable governing law, specified below, based on your primary place of business. The courts located in the applicable venue below will have exclusive jurisdiction to adjudicate any dispute arising out of our relating to this Agreement or its formation, interpretation, or enforcement. Each party consents and submits to the exclusive jurisdiction of such courts.
    
    Country of Territory / Governing Law / Jurisdiction and Venue
    European Economic Area and United Kingdom / English Law / London, England
    United States and all other countries / Maryland Law / Baltimore, Maryland
    
    
26. Miscellaneous
    This Agreement, together with all SOWs, is the complete and exclusive statement of the agreement between the Parties and supersedes all proposals, RFPs, RFIs, questionnaires and other communications and agreements between the Parties (oral or written) relating to the subject matter of this Agreement. Any terms and conditions of any other instrument issued by Customer in connection with this Agreement which are in addition to, inconsistent with or different from the terms and conditions of this Agreement shall be of no force or effect.  This Agreement may be modified only by a written instrument duly executed by authorized representatives of the Parties.  The failure of a Party to exercise or enforce any condition, term or provision of this Agreement will not operate as a waiver of such condition, term, or provision. Any waiver by either Party of any condition, term or provision of this Agreement shall not be construed as a waiver of any other condition, term or provision. If any provision of this Agreement is held invalid or unenforceable, the remainder of the Agreement shall continue in full force and effect. The headings in this Agreement are for reference only and shall not affect the interpretation of this Agreement.  For purposes of this Agreement, the words “include,” “includes” and “including” are deemed to be followed by the words “without limitation”; the word “or” is not exclusive; and the words “herein,” “hereof,” “hereby,” “hereto” and “hereunder” refer to this Agreement as a whole.
27. Notices
    Notices required or permitted to be given under this Agreement shall be in writing and shall be deemed to be sufficiently given: (a) one (1) business day after being sent by overnight courier to the mailing  address set forth in this Agreement (or the SOW, if different); (b) three (3) business days after being sent by registered mail, return receipt requested to the mailing  address set forth in this Agreement (or the SOW, if different); or (c) one (1) business day after being sent by email to the email address of Customer’s customary point of contact (provided that (i) the sender does not receive a response that the message could not be delivered or an out-of-office reply and (ii) any notice for an indemnifiable Action must be sent by courier or mail pursuant to clause (a) or (b)). Either Party may change its address(es) for notice by providing notice to the other in accordance with this Section.
28. Business Associate Agreement
    IDX will process all Protected Health Information (as defined under the federal Health Insurance Portability and Accountability Act of 1996, Pub. Law 101-191, as amended from time to time) received by IDX from or on behalf of Customer in accordance with the Business Associate Agreement (BAA) posted at idx.us/baa, if reference to the BAA is expressly included in Customer’s SOW for the applicable Services.

Exhibit A

Definitions.  Capitalized terms not otherwise defined in this Agreement shall have the respective meanings assigned to them in this Exhibit A. 

“Affiliate” means, with respect to a Party, a business entity that directly or indirectly controls, is controlled by or is under common control with, such Party; “control” means the direct or indirect ownership of more than 50% of the voting securities of a business entity.

“Applicable Laws” means any and all governmental laws, rules, regulations or statutes that are applicable to a particular Party’s performance under this Agreement.

“Customer Data” means information, data and content originating with Customer that Customer provides to IDX.

“Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.

“Party” means each of IDX and Customer (or any Contracting Affiliate) and “Parties” shall mean each Party together.

“Personal Information” means information relating to an identified or identifiable natural person, such as name and online identifier, that is protected by Applicable Laws with respect to privacy where the individual resides.

“Services” means the services to be performed by IDX as identified in Section 1.

“SOW” means a separate written SOW placed under this Agreement by Customer or an Affiliate (subject to Section 2).

"Taxes” means all taxes, levies, duties, or charges owed by Customer under Applicable Law resulting from the purchase of the Services by Customer including but not limited to sales, service, value-added, use, excise, consumption, and any other similar taxes.

“Term” means the defined period of time referenced as the term in Section 9, or as otherwise provided in an applicable SOW.