Additional Services Agreement

Additional Service Agreement (“ASA”) for Episerver Find™ and Episerver Social™

PLEASE READ THROUGH THE ADDITIONAL TERMS AND CONDITIONS FOR EPISERVER FIND AND/OR EPISERVER SOCIAL BELOW BEFORE THE CUSTOMER USE SOFWARE SERVICE(S), SOFTWARE(S), LINKED PAGES, CONTENT, PRODUCTS, ONLINE AND OFFLINE COMPONENTS (“ADDITIONAL SOFTWARE SERVICE(S)”) IDENTIFIED IN ONE OR MORE ORDERING DOCUMENTS, INCLUDING, BUT NOT LIMITED TO, MASTER SERVICES AGREEMENT(S) (“MSA”), MASTER LICENSE AGREEMENT (“MLA”) OR ORDER(S) (“ORDER(S)”). BY ACCEPTING, SIGNING (DIGITALLY OR OTHERWISE), OR IN ANY WAY AFFIRMING THE MSA, MLA OR ORDER, OR BY INTERACTING OR IN ANY OTHER WAY USING THE ADDITIONAL SOFTWARE SERVICE(S) OR ANY COMPONENT OFFERED BY EPISERVER, CUSTOMER ACCEPTS THE TERMS AND CONDITIONS BELOW, THAT THE AGREEMENT, INCLUDING ALL ORDERS, BECOMES A BINDING OBLIGATION ON THE CUSTOMER AND THAT THE CUSTOMER HAS AGREED THAT THESE ADDITIONAL TERMS AND CONDITIONS IN ADDITION TO THE EUSA (COLLECTIVELY REFERRED TO AS THE “AGREEMENT”), IS THE COMPLETE AND EXCLUSIVE STATEMENT OF THE AGREEMENT BETWEEN THE PARTIES AND SUPERSEDES ALL OTHER PROPOSALS AND PRIOR AGREEMENTS, ORAL OR WRITTEN, BETWEEN THE PARTIES RELATING TO THE SUBJECT MATTER HEREIN. In the event of a conflict between the Order(s), ASA, and EUSA, the Order(s) shall control with the ASA secondary, and the EUSA tertiary. All capitalized terms not defined herein shall have the meanings attributed in the Order(s), and EUSA.

1. Additional Software Services

1.1 During the Subscription Term set forth in an Order, Episerver grants to Customer a non-transferable, non-exclusive, worldwide right to permit those individuals authorized by Customer or on Customer's behalf, and who are Customer's employees, Affiliates or Episerver-approved contractors ("Users"), to access and use the Additional Software Services subject to the terms of the Agreement.

1.2 Additional Software Services are Episerver Software Services providing Episerver Find and/or Episerver Social capabilities, and in addition to being subject to the Episerver EUSA, these further terms and conditions below apply specifically to Episerver Find and/or Episerver Social (“Additional Software Services). Customer may find the applicable Episerver EUSA here - http://www.episerver.com/legal/episerver-dxc-eusa/

2. Restrictions and Representations

2.1 Third -Party Sites. To the extent that Customer requests or otherwise causes the Additional Software Services to be integrated with or make use of data from third party websites Customer agrees Episerver does not have control over the terms of use, privacy policies, operation, intellectual property rights, performance or content of any third-party sites. Accordingly, unless specifically stated in a MSA, Episerver disclaims all responsibility and liability for any use of third party sites or any information collected from such third-party sites and any damages or other harm whether to Customer or end users. Third party sites include but are not limited to, FacebookTM, InstagramTM, LinkedInTM, TwitterTM and GoogleTM.

2.2 In addition to the representations of Customer Data under Section 3.4 of the EUSA, Customer shall be responsible and liable for the authenticity, accuracy and manner of capture and publication of Customer Data published through Additional Software Services.

3. Data Protection, Ownership and Use

3.1 License to Customer Data for Additional Software Service(s). Customer grants Episerver a limited, non-exclusive, royalty-free, irrevocable, world-wide license to use Customer Data as necessary to provide, improve, monitor and develop the Additional Software Services for the term of the Agreement, and an irrevocable license to use Customer Data for analytics purposes. Unless it has been aggregated or anonymized, Customer Data will only be disclosed as necessary to provide the Services.

3.2 Personal Data. In this Section 3.2 the terms “personal data”, “process”, “data subject”, “data controller” and “data processor" shall have the meanings given to them, if Customer is Domiciled in the United Kingdom or Northern Ireland in the UK Data Protection Act 1998, or if Customer is Domiciled elsewhere in the EEA the Swedish Personal Data Act (1998:204) (PDA) (Personuppgiftslag) (the “DPA”). The parties acknowledge and agree that Customer shall be the data controller and Episerver shall be the data processor for the purposes of Additional Software Service(s) and the DPA. In connection with the Agreement, each Party shall observe their respective obligations which arise under the DPA or any other applicable legislation.

3.2.1 Episerver shall

3.2.1.1 process all personal data supplied by Customer or collected on Customer’s behalf only in accordance with Customer’s instructions and shall not process the personal data for any other purpose or in any other manner;

3.2.1.2 not transfer personal data outside the European Economic Area (EEA) without Customer’s prior written consent;

3.2.1.3 ensure that only such of its employees or agents who may be required by Episerver to assist it in meeting its obligations under this Agreement shall have access to the personal data;

3.2.1.4 take all reasonable steps to ensure the reliability of any of its employees or agents who have access to the personal data and shall ensure that all employees used by it for the purposes of this Agreement are informed of the confidential nature of the personal data and have undergone training in the law of data protection and in the care and handling of personal data.

3.2.1.5 ensure that appropriate technical and organizational safeguards are taken to protect against unauthorized disclosure or unlawful processing of the personal data and against accidental loss or destruction of, or damage to, the personal data. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction or damage to the personal data and having regard to the nature of the personal data which is to be protected;

3.2.1.6 enter into appropriate contractual agreements with subcontractors and take suitable monitoring measures in order to guarantee the protection and security of the personal data;

3.2.1.7 require any such subcontractor to comply with the provisions of this Agreement in which case Episerver remains responsible for any acts or omissions of any such subcontractor as if such act or omission were performed by Episerver;

3.2.1.8
Episerver current subcontractors;

3.2.1.9 immediately notify Customer if Episerver receives a request from a data subject for access to the personal data relating to that data subject. Episerver shall provide Customer with such assistance as Customer may request in relation to such requests. Episerver shall not respond to any such request without Customer’s prior written consent;

3.2.1.10 on termination of this Agreement, immediately cease processing the personal data and at Customer option, arrange for the prompt and safe return and/or destruction of all the personal data together with all copies in Episerver’s possession or control and, where requested by Customer, certify that such destruction has taken place.

3.2.2 Customer shall

3.2.2.1 obtain all necessary consents for Episerver to collect or use Customer’s users’ personal data or other data in connection with the Additional Software Services; and

3.2.2.2 maintain a privacy policy that accurately reflects Customer’s use of the personal data.

3.2.3 Customer is entitled, either itself or using an independent third party Customer has commissioned, to perform escorted audits at Episerver's commercial premises to verify whether Episerver is processing data in compliance with the Agreement. Such audits will be permitted not more than once per twelve (12) month period unless required by a regulatory body of competent authority, with no less than sixty (60) day notice of these audits must be provided and at cost to Customer. Episerver will cooperate in good faith in the course of any such audit. Customer warrants that such audit shall not impede or interfere with Episerver’s ability to service other customers, partners or agents.

4. Additional Warranty for Additional Software Services

4.1 In addition to the warranties granted between Parties in the Episerver EUSA, Customer represents and warrants that (i) in relation to the Additional Software Services, Customer will comply with all applicable laws, codes, regulations and ordinances in all material respects; (ii) Customer has any and all consents and authorizations as may be necessary for Episerver to provide the Additional Software Services; (iii) each of Customer websites where the Additional Software Services are deployed contains a privacy policy that discloses the usage of third-party technology and the data collection and usage resulting from the Additional Software Services (it being understood that this clause will not be deemed to require those privacy policies to expressly identify Episerver or any Additional Software Services, unless otherwise required by law, rule or regulation) and complies with all applicable privacy laws, rules and regulations; and (iv) Customer websites upon which the Additional Software Services are deployed do not contain any material which is defamatory, promotes illegal activity, or contains hate speech.