Master Services Agreement
ndtHOST, LLC dba SD Data Center
This Master Services Agreement (the “MSA“), between ndtHOST, LLC, a Florida limited liability company d/b/a SD Data Center (“SD Data Center“) and the Customer as defined in the Quote, is effective as of the earlier of: i) the date it is fully-executed by both parties, or ii) the date that Customer first accepts any SD Data Center services provided under the MSA’s terms.
1.1 General. This MSA sets forth the terms and conditions of SD Data Center’s delivery and Customer’s receipt of Services provided by SD Data Center. Quotes for specific goods or services are generated by an automated system based on Customer input. Quotes prepared by SD Data Center describe the specific goods or Services to be provided, term and price and, when accepted by Customer, constitute acceptance of SD Data Center’s offer to form a binding contract for such Services. The terms and conditions of this MSA, the SD Data Center Acceptable Use Policy (“AUP”), the elements of the SD Data Center Service Level Agreement (“SLA”) specific to the services ordered by Customer and, where necessary and appropriate, any Business Associate Agreement (“BAA”) are expressly incorporated by reference into each, such that acceptance of the Quote constitutes acceptance of all such terms, which collectively shall be the Contract. Any terms set forth in this MSA which apply specifically to a scope of work not ordered by Customer on a Quote will not apply to Customer.
1.2 Definitions. Capitalized terms used and not elsewhere defined have the following meanings:
“Acceptable Use Policy (AUP)” means the SD Data Center Acceptable Use Policy governing Customer’s use of Services, including, but not limited to, online conduct, and the obligations of Customer and its Representatives in the SD Data Center.
“Cause” means (i) the failure of a party to perform a material obligation under the agreement, which failure is not remedied: (a) for payment defaults by customer, within five (5) days of separate written notice from SD Data Center of such default; or (b) the other party becomes the subject of a voluntary or involuntary petition in bankruptcy or any voluntary or involuntary proceeding relating to insolvency, receivership, liquidation, or composition for the benefit of creditors, if such petition or proceeding is not dismissed within sixty (60) days of filing; or (c) for any other material breach, within 30 days after written notice.
“Customer Technology” means Customer’s proprietary technology, including Customer’s Internet operations design, content, software tools, hardware designs, algorithms, software (in source and object forms), user interface designs, architecture, class libraries, objects and documentation (both printed and electronic), know-how, trade secrets and any related intellectual property rights throughout the world (whether owned by Customer or licensed to Customer from a third party.
“SD Data Center(s) ” means any of the facilities used by SD Data Center to provide the Services.
“SD Data Center Technology” means SD Data Center’s proprietary technology, including SD Data Center Services, software tools, hardware designs, algorithms, software (in source and object forms), user interface designs, architecture, class libraries, objects and documentation (both printed and electronic), network designs, know-how, trade secrets and any related intellectual property rights throughout the world (whether owned by SD Data Center or licensed to SD Data Center from a third party) and also including any derivatives, improvements, enhancements or extensions of SD Data Center Technology conceived, reduced to practice, or developed during the term of this MSA by either party that are not uniquely applicable to Customer or that have general applicability in the art.
“Notice of Services Activation” means the written notice delivered by SD Data Center to Customer indicating the Services Activation Date.
“Quote(s)” means any of the forms specifying the Services and prices of Services, to be provided by SD Data Center to Customer, which, when approved by Customer and accepted by SD Data Center completes the contract for Services as described on the Quote(s).
“Authorized Representative Form” means the list that contains the names and contact information of Customer and individuals authorized by Customer to enter the SD Data Center, as delivered by Customer to SD Data Center and amended in writing from time to time by Customer.
“Representatives” mean the individuals identified in writing on the Authorized Representative Form and authorized by Customer to enter the SD Data Center.
“Services” means the specific scope of work to be provided by SD Data Center as described on the Quote(s).
- Agreement and Services Term
This MSA shall remain in effect until terminated according to Section 7, or as otherwise allowed by its terms.
- Delivery of Services
3.1 General. Upon accepting a Quote, Customer agrees to receive and pay for, and SD Data Center agrees to provide, the Services specified on the Quote during the term specified.
3.2 Additional Work. Upon written request from Customer, SD Data Center may, but is not obligated to, perform additional work for Customer not included within the scope of Services. Additional Work could include, as an example, remote hands support for a temporary period. SD Data Center shall notify Customer of fees for any Additional Work prior to providing such Services. Customer agrees to pay SD Data Center the fees charged by SD Data Center for Additional Work.
- Payments and Fees
4.1 Fees and Expenses. Customer will pay all fees and expenses due according to the prices and terms listed in the Quote(s). The prices listed in the Quote(s) will remain in effect during the term indicated in the Quote(s).
4.2 Credit Approval. Provision of Services is subject to SD Data Center’s credit approval of Customer. SD Data Center may require Customer to provide a deposit or other security. Additionally, during the Term, if the Customer’s financial circumstances or payment history becomes unacceptable to SD Data Center, SD Data Center may require adequate assurance of future payment as a condition of continuing SD Data Center’s provision of Services. Customer’s failure to provide adequate assurances required by SD Data Center is a material breach of the MSA and shall be grounds for immediate termination of this MSA and all executory Quote(s), but shall not otherwise affect Customer’s obligation to pay for all services rendered up to the date of termination. Customer hereby agrees that SD Data Center may provide Customer’s payment history or other billing/charge information to credit reporting agencies or industry clearinghouses within SD Data Center’s sole discretion and without additional notice to Customer.
4.3 Payment Terms. On the Services Activation Date for each Services, Customer will be billed an amount equal to all non-recurring charges indicated in the Quote(s) and the monthly recurring charges for the first month of the term. Monthly recurring charges for all other months will be billed in advance of the provision of Services. All other charges for Services received and expenses incurred during a month (e.g., time and materials billing fees, travel expenses, etc.) will be billed at the end of the month in which the Services were provided. Payment for all fees and expenses is due upon receipt of each SD Data Center invoice. All payments will be made in the United States in U.S. dollars.
4.4 Late Payments. Any payment not received within thirty (30) days of the due date will accrue interest at a rate of two percent (2%) per month, or the highest rate allowed by applicable law, whichever is lower. If Customer is delinquent in its payments, SD Data Center may in its sole discretion and in addition to any other remedies it may have, upon written notice to Customer, modify the payment terms to require full payment before the provision of all Services or require other assurances to secure Customer’s payment obligations under this MSA.
4.5 Taxes. All fees charged by SD Data Center for Services are exclusive of all taxes and similar fees now in force or enacted in the future imposed on the transaction or the delivery of Services, all of which Customer will be responsible for and will pay in full.
- Confidential Information and Intellectual Property
5.1 Confidential Information
5.1.1 Nondisclosure of Confidential Information. Each party acknowledges that it will have access to certain confidential information of the other party concerning the other party’s business, plans, customers, technology, and products, and other information held in confidence by the other party (“Confidential Information”). Confidential Information will include all information in tangible or intangible form that is marked or designated as confidential or that, under the circumstances of its disclosure, should be considered confidential. Confidential Information will also include, but not be limited to, SD Data Center Technology, Customer Technology, and the terms and conditions of this MSA and all documents incorporated by reference into this MSA. Each party agrees that it will not use in any way, for its own account or the account of any third party, except as expressly permitted by, or required to achieve the purposes of, this MSA, nor disclose to any third party (except as required by law or to that party’s attorneys, accountants and other advisors as reasonably necessary), any of the other party’s Confidential Information. Each party also agrees that it will take reasonable precautions to protect the confidentiality of the other party’s Confidential Information, at least as stringent as it takes to protect its own Confidential Information.
5.1.2 Exceptions. Information will not be deemed Confidential Information under this MSA if such information: (i)is known to the receiving party prior to receipt from the disclosing party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (ii)becomes known (independently of disclosure by the disclosing party) to the receiving party directly or indirectly from a source other than one having an obligation of confidentiality to the disclosing party; (iii)becomes publicly known or otherwise ceases to be secret or confidential, except through a breach of this MSA by the receiving party; or (iv)is independently developed by the receiving party. The receiving party may disclose Confidential Information pursuant to the requirements of a governmental agency or by operation of law, provided that it gives the disclosing party reasonable prior written notice sufficient to permit the disclosing party to contest such disclosure.
5.2 Intellectual Property
5.2.1 Property Ownership. Except for the rights expressly granted in this MSA, this MSA does not transfer from SD Data Center to Customer any SD Data Center Technology, and all right, title and interest in and to SD Data Center Technology will remain solely with SD Data Center. Except for the rights expressly granted in this MSA, this MSA does not transfer from Customer to SD Data Center any Customer Technology, and all right, title and interest in and to Customer Technology will remain solely with Customer. SD Data Center and Customer each agrees that it will not, directly or indirectly, reverse engineer, decompile, disassemble or otherwise attempt to derive source code or other trade secrets from the other party.
5.2.2 Knowledge. Notwithstanding anything to the contrary in this MSA, neither party is prohibited from utilizing any skills or knowledge of a general nature acquired during the course of providing the Services, including, without limitation, information publicly known or available or that could reasonably be acquired without breaching an obligation of confidentiality in similar business relationships.
5.3. Survival. The terms of this section 5 shall survive the termination of this MSA and any Quote(s) for a period of three years from the later of the last provision Services by SD Data Center or payment therefore by Customer.
- Warranties, Representations, and Obligations
6.1 SD Data Center Warranties and Representations
126.96.36.199 Performance and Authority. SD Data Center represents and warrants that (i) it has the legal right and authority to enter into this MSA and perform its obligations under this MSA, and (ii) the performance of its obligations and delivery of the Services to Customer will not violate any applicable U.S. laws or regulations, or cause a breach of any agreements with any third parties. In the event of a breach of the warranties set forth in this section paragraph, Customer’s sole remedy is termination pursuant to Section 7.
6.1.2 Service Warranties
188.8.131.52 Service Level Warranty. SD Data Center warrants that it will provide each Service at or above the service levels defined in the applicable Quote, subject only to exceptions set forth in applicable Service Level Agreements, if any.
184.108.40.206 Remedies. In the event that SD Data Center fails to provide Services at the level detailed in the Service Level Agreement, Customer’s only remedies are those set forth in the SLAs applicable to that specific Service. In order to receive any of the detailed remedies, Customer must notify SD Data Center in accordance with the terms and conditions as outlined in SD Data Center’s Service Level Agreement. The aggregate maximum remedy for all failures to provide Services at the level required by particular SLAs that occur in a single calendar month shall not exceed the maximum set forth in such SLAs or total billings for that month whichever is less.
6.1.3 Service Performance Warranty
220.127.116.11 No Other Warranty. Except for the express warranties set forth in Section 6, the Services are provided on an “as is” basis, and Customer’s use of the Services is at its own risk. SD Data Center does not make, and hereby disclaims, any and all other express or implied warranties, including, but not limited to, warranties of merchantability, no infringement and title, and any warranties arising from a course of dealing, usage, or practice. SD Data Center does not warrant that the Services will be entirely uninterrupted, error-free, and/or secure.
18.104.22.168 Disclaimer of Liability for Actions of Third Parties. SD Data Center does not and cannot control the flow of data to and from SD Data Center’s network or the Internet. Such flow depends in large part on the performance of Internet services provided or controlled by third parties or on features of the Internet beyond any person’s control. At times, actions or inactions of third parties can impair or disrupt customer’s connections to the Internet (or portions thereof). SD Data Center will use commercially reasonable efforts to take all actions it deems appropriate to remedy and avoid such events. Except to the extent of a Service Level Agreement, SD Data Center does not warrant or represent that service disruptions or delays will not occur. SD Data Center disclaims all liability resulting from or related to such events to the extent caused by third-parties.
6.2 Customer Warranties, Representations, and Obligations
6.2.1 Performance and Authority. Customer represents and warrants that (i) it has the legal right and authority to enter into this MSA and perform its obligations under this MSA, and (ii) the performance of its obligations and use of the Services (by Customer, its customers and users) will not violate any applicable laws, regulations or SD Data Center’s Acceptable Use Policy (the “AUP”) or cause a breach of any agreements with any third parties or unreasonably interfere with other SD Data Center customers’ use of SD Data Center Services.
6.2.2 Breach of Warranties. In the event of any breach of any of the aforementioned or subsequent warranties, in addition to any other remedies available at law or in equity, SD Data Center will have the right, in its sole reasonable discretion, to suspend immediately any related Services if deemed reasonably necessary by SD Data Center to prevent any harm to SD Data Center and its business. SD Data Center may, in its discretion, provide notice and opportunity to cure if practicable depending on the nature of the breach. Once such breach is cured and upon reasonable assurances that Customer has taken sufficient measures to prevent recurrence, SD Data Center may, in its discretion, restore the Services.
6.2.3 Compliance. Customer agrees that it will use the Services only for lawful purposes and in accordance with this MSA. Customer will comply at all times with all applicable laws and regulations and the AUP, as updated by SD Data Center from time to time. SD Data Center may change the AUP upon reasonable notice to Customer, and in any event upon fifteen (15) days’ notice. Customer agrees that it has received, read, and will comply with the AUP. Customer acknowledges that SD Data Center exercises no control over content passing through Customer’s data networks or sites. Customer is solely responsible of for ensuring compliance with the AUP.
6.2.4 Data Center Access. Except with the advanced written consent of SD Data Center, Customer’s access to the SD Data Center(s) will be limited to Authorized Representatives identified to SD Data Center in writing on an Authorized Representative Form. Customer may designate up to three persons as Authorized Representatives, and more than three if necessary to fulfill Customer’s obligations to SD Data Center. Authorized Representatives may access the SD Data Center(s) once SD Data Center issues an appropriate access badge or when accompanied by an authorized SD Data Center representative. SD Data Center reserves the right to deny any person access to the SD Data Center in its sole discretion. Customer shall indemnify and hold harmless SD Data Center for all acts and omissions of Customer’s Authorized Representatives.
6.2.5 Resale Restrictions. Customer shall not represent itself as SD Data Center nor resell SD Data Center services as SD Data Center. Customer may utilize the services provided by SD Data Center to deliver services to their customer(s) under their own company name.
7.1 Termination for Cause. Cause to terminate any Contract for non-payment, may, in SD Data Center’s sole discretion constitute immediate Cause to terminate any open Contract. Otherwise, where Cause (as defined in this MSA) exists for any reason other than non-payment, such cause shall only serve as cause to terminate the specific Contract under which such cause arose.
7.2. Early Termination. Unless otherwise specified in this MSA or agreed by SD Data Center, in the event Customer elects to terminate Services with SD Data Center, for reason of convenience, Customer agrees to i) provide at least 60 (sixty) day written notice to SD Data Center and ii) immediately pay SD Data Center all fees owed for past Services as well as all monthly fees for those months remaining in the term of any open Contract.
7.3 Effect of Termination. Upon the effective date of termination of this MSA:
7.4 SD Data Center will immediately cease providing the Services
7.4.1 Any and all payment obligations of Customer under this MSA for Services provided through the date of termination will immediately become due.
7.4.2 Within ten (10) days of such termination, each party will return all Confidential Information of the other party in its possession and will not make or retain any copies of such Confidential Information except that each party may, if necessary and only for so long as is necessary, retain one (1) copy of the other party’s Confidential Information for archival purposes to (i) comply with legal record keeping requirements, (ii) evidence compliance of agreements between the parties, (iii) pursue or respond to warranty claims and/or (iv) assist in legal proceedings involving the parties. Each party agrees to continue to comply with the covenants of confidentiality and use restrictions contained herein for so long as it maintains possession of the archived documents, even if such retention continues beyond the termination of this MSA.
7.5 Termination Support. Notwithstanding the provisions of this section, upon the termination of this MSA for any reason, SD Data Center will provide to Customer termination support relating to the Services, at SD Data Center’s then current standard rates, as may be reasonably requested in writing by Customer. SD Data Center’s obligation to provide support is limited to a period of fifteen (15) days. Customer will pay SD Data Center, on the first day of termination Support and as a condition to SD Data Center’s obligation to provide termination support to Customer.
7.7 Section and Provision Survival. The following sections and stated provisions will endure any expiration or termination of this MSA: Sections 4, 5, 22.214.171.124, 7, 8, 9, and 11 (excluding Section 11.2).
- Liability Limitations
8.1 Personal Injury. Each Representative and any other person visiting a SD Data Center does so at his or her own risk. SD Data Center assumes no liability whatsoever for any harm to such persons resulting from any cause other than the negligence or willful misconduct of SD Data Center.
8.2 Consequential Damages Waiver. Except for a breach of Section 5.1 (“Confidential Information”) of this agreement, in no event will either party be liable or responsible to the other for any type of incidental, exemplary, special, punitive, indirect or consequential damages, including, but not limited to, lost revenue, lost profits, replacement goods, loss of technology, rights or services, loss of data, or interruption or loss of use of service or equipment, even if advised of the possibility of such damages, whether arising under theory of contract, tort (including negligence), strict liability or otherwise.
8.3 Absolute Limitation of Liability. Regardless of any other term or condition of this MSA, any Quote issued in connection herewith, or any other document relating in any way to the Services, under no circumstances shall SD Data Center’s liability to Customer exceed the greater of: i) $10,000 (TEN THOUSAND U.S. DOLLARS), or ii) the total of all sums paid by Customer to SD Data Center for Services under this MSA, regardless of the theory or basis of recovery, including tort, contract, indemnification or otherwise. The Customer understands and agrees that pricing and other terms of the Services have been offered specifically with respect to this clause, and that but for this limitation of liability, such terms would be different. This limitation of liability may not be waived or modified UNLESS the Parties specifically agree to a different limitation of liability in a writing signed by each that expressly references this clause 8.3.
9.1 Indemnification. Customer will indemnify, defend and hold SD Data Center, its affiliates and customers harmless from and against any and all Losses resulting from or arising out of any Action brought against SD Data Center, its affiliates or customers alleging any damage or destruction to the SD Data Center(s), SD Data Center equipment or other customers’ equipment caused by the negligence or willful misconduct of Customer, its Representatives or designees.
10.1 Customer Minimum Levels. Customer agrees to keep in full force and effect during the term of this MSA: (i) comprehensive general liability insurance in an amount not less than $100,000 per occurrence for bodily injury and property damage, with combined limits of not less than $1,00,000, and (ii) worker’s compensation insurance in an amount not less than that required by applicable law. Customer agrees that it will ensure and be solely responsible for ensuring that its agents (including contractors and subcontractors) maintain insurance coverage at levels no less than those required by applicable law and customary in Customer’s industry.
SD Data Center does not provide insurance coverage for customer owned equipment. To the extent that Customer desires insurance for any of its own equipment, Customer is solely responsible for securing such coverage.
- Additional Agreement Provisions
11.1 No Lease. This MSA is a services agreement and is not intended to and will not constitute a lease of any real property. Customer acknowledges and agrees that (i) any access or use of SD Data Center(s) is only a license in accordance with this MSA; (ii) Customer has not been granted any real property interest in the SD Data Center(s); (iii) Customer has no rights as a tenant or otherwise under any real property or landlord/tenant laws, regulations, or ordinances; (iv) this MSA, to the extent it involves the use of space leased by SD Data Center, shall be subordinate to any lease between SD Data Center and its landlords; and (v) the expiration or termination of any such lease shall terminate this MSA as to such property subject to Customer retaining any rights or claims it may have against SD Data Center arising from the expiration or termination of such lease.
11.2 Force Majeure. Except for the obligation to make payments, neither party will be liable for any failure or delay in its performance under this MSA due to any cause beyond its reasonable control, including, but not limited to, acts of war, acts of God, earthquake, flood, embargo, riot, sabotage, labor shortage or dispute, governmental act or failure of the Internet (not resulting from the actions or inactions of SD Data Center), provided that the delayed party: (a) gives the other party prompt notice of such cause, and (b)uses its reasonable commercial efforts to promptly correct such failure or delay in performance. If SD Data Center is unable to provide Services for a period of fifteen (15) consecutive days because of a continuing Force Majeure Event, Customer may cancel the Services and this MSA on written notice to SD Data Center. Such termination will be effective on the date specified in the written notice.
11.3 Marketing. Customer agrees that during the term of this MSA SD Data Center may publicly refer to Customer, orally and in writing, as a Customer of SD Data Center. Any other reference to Customer by SD Data Center requires the written consent of Customer.
11.4 Government Regulations. Customer will not export, re-export, transfer, or make available, whether directly or indirectly, any regulated item or information to anyone outside the U.S. in connection with this MSA without first complying with all export control laws and regulations, which may be imposed by the U.S. Government and any country or organization of nations within whose jurisdiction Customer operates or does business.
11.5 Non-Solicitation. During the Term of this MSA and continuing through the first anniversary of the termination of this MSA, each party agrees that it will not, and will ensure that its affiliates do not, directly or indirectly, solicit or attempt to solicit for employment any persons employed by either party or contracted by either party to perform under this MSA.
11.6 Governing Law and Dispute Resolution. This MSA and the rights and obligations of the parties created hereby will be governed by and construed in accordance with the internal laws of the State of Florida without regard to its conflict of law rules and specifically excluding from application to this MSA that law known as the United Nations Convention on the International Sale of Goods. The parties will endeavor to settle amicably by mutual discussions any disputes, differences, or claims whatsoever related to this MSA. Failing such amicable settlement, any controversy, claim, or dispute arising under or relating to this MSA, including the existence, validity, interpretation, performance, termination or breach thereof, shall finally be settled by arbitration in accordance with the Arbitration Rules (and if Customer is a non-U.S. entity, the International Arbitration Rules) of the American Arbitration Association (“AAA”). This MSA will be enforceable, and any arbitration award will be final, and judgment thereon may be entered in any court of competent jurisdiction. The arbitration will be held in Brevard County, Florida, USA. Notwithstanding the foregoing, claims for preliminary injunctive relief, other pre-judgment remedies, and claims for Customer’s failure to pay for Services in accordance with this MSA may be brought in a state or federal court in the United States with jurisdiction over the subject matter and parties.
11.7 Severability. In the event any provision of this MSA is held by a tribunal of competent jurisdiction to be contrary to the law, the remaining provisions of this MSA will remain in full force and effect.
11.8 Waiver. The waiver of any breach or default of this MSA, or the failure to exercise any right provided for in this MSA, will not constitute a waiver of any subsequent breach, default, or right, and will not act to amend or negate the rights of the waiving or non-exercising party.
11.9 Assignment. Customer may not assign its rights or delegate its duties under this MSA in whole or in part without the prior written consent of SD Data Center, which consent shall not be unreasonably withheld, delayed or conditioned, and any attempted assignment or delegation without such consent will be void. SD Data Center may assign this MSA in whole or part, provided that it promptly notifies Customer of such assignment and Customer shall thereafter have the right to terminate this MSA upon 30 (thirty) days’ notice if it reasonably determines that said assignee is not capable of performing the duties of service-provider hereunder. SD Data Center also may delegate the performance of certain Services to third parties, including SD Data Center’s wholly owned subsidiaries, provided SD Data Center controls the delivery of such Services to Customer and remains responsible to Customer for the delivery of such Services. This MSA will bind and inure to the benefit of each party’s successors and permitted assigns.
11.10 Notices. Any notice or communication required or permitted to be given under this MSA may be delivered by hand, deposited with an overnight courier, confirmed facsimile, or mailed by registered or certified mail, return receipt requested, postage prepaid, in each case to the address of the receiving party as listed on the Quote(s) or at such other address as may hereafter be furnished in writing by either party to the other party. Such notice will be deemed to have been given as of the date it is delivered, mailed, faxed, or sent to SD Data Center corporate offices, whichever is earlier.
11.11 Relationship of Parties. SD Data Center and Customer are independent contractors and this MSA will not establish any relationship of partnership, joint venture, employment, franchise or agency between SD Data Center and Customer. Neither SD Data Center nor Customer will have the power to bind the other or incur obligations on the other’s behalf without the other’s prior written consent, except as otherwise expressly provided in this MSA. Unless SD Data Center otherwise expressly agrees in conjunction with a specific Business Associate Agreement, SD Data Center shall not be a “Business Associate” within the meaning of the HITECH Act (42 USC §17931), or any regulations implementing that law.
11.12 HIPAA. SD Data Center does not require or intend to access Customer Data in its performance hereunder, including but not limited to any confidential health related information of Customer’s clients, which may include group health plans, that constitutes Protected Health Information (PHI), as defined in 45 C.F.R §160.103 under the Health Insurance Portability and Accountability Act of 1996 (HIPAA Rules). To the extent that any exposure to PHI is incidental to SD Data Center’s provision of Service and not meant for the purpose of accessing, managing the PHI or creating or manipulating the PHI, such exposure is allowable under 45 C.F.R §164.502(a)(1)(iii).
11.13 GDPR (General Data Protection Regulation). To the extent that the GDPR is applicable (which is determined by variables such as type of Services purchased, when and where Services are used, what type of data is transmitted or received via the Services, etc.), the Customer agrees as follows:
- Customer is the Controller (as defined within the GDPR) and SDDC is the Processor (as defined within the GDPR) of all data sent or received by Customer through the Services. This Agreement constitutes written instructions from the Customer (as Controller) to SDDC (as Processor) with respect to the processing of data.
- Customer is responsible for:
- the subject matter and duration of the processing;
- the nature and purpose of the processing;
- the type of personal data and categories of data subject; and
- the obligations and rights of the controller.
- SDDC, acting exclusively subject to the written instructions of the Customer (unless required by law to act without such instructions), is responsible for:
- ensuring that those processing the data are subject to a duty of confidence;
- taking appropriate measures to ensure the security of processing;
- assisting the Customer in providing subject access and allowing data subjects to exercise their rights under the GDPR upon reasonable request;
- assisting the Customer in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments upon reasonable request;
- submitting to audits and inspections, providing the Customer with necessary and appropriate information to ensure that Customer and SDDC are meeting applicable GDPR Article 28 obligations;
- notifying Customer in the event of personal data breach as soon as SDDC reasonably becomes aware of the same; and
- either deleting or returning, in SDDC’s sole discretion, all personal data to the Customer as requested at the end of the contract; and
- Customer represents and warrants to SDDC that Customer has provided to SD all information necessary for SDDC to meet its record-keeping obligations under GDPR Article 30.2.
- Customer represents and warrants that SDDC shall not be required to appoint a data protection officer pursuant to GDPR Article 37 because:
- processing of personal data under this Agreement is not carried out by a public authority or body;
- the core activities of the controller or the processor do not consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; and
- the core activities of the controller or the processor do not consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.
- Nothing in this Section 11.13:
- relieves SDDC of its own direct responsibilities and liabilities under the GDPR for data other than data sent or received by Customer through the Services; and
- reflects any indemnity other than as expressly agreed.
11.14 Entire Understanding. This MSA, including Quote(s) and all documents incorporated into this MSA by reference, constitute the entire agreement between the parties with respect to the subject matter hereof, and supersede all of the prior agreements and undertakings, both written and oral, among the parties, or any of them, with respect to the subject matter of this MSA. Any additional or different terms in any Quote(s) or other response by Customer shall be deemed objected to by SD Data Center without need of further notice of objection, and shall be of no effect or in any way binding upon SD Data Center.
11.15 Amendments. This MSA may be amended or changed only by a written document signed by authorized representatives of SD Data Center and Customer in accordance with this Section.
11.16 Conflicting Terms. In the event of a conflict between or among the terms in this MSA, the Quote(s) and any other Contract document made a part thereof, the precedence of the Contract documents shall be: the Quote(s) with the latest date, this MSA and then the other document.