Terms and Conditions
THESE ESIGNLIVETM SERVICE TERMS (the “Agreement”) IS A LEGAL AGREEMENT BETWEEN SILANIS TECHNOLOGY INC., A NEW BRUNSWICK CORPORATION, WITH REGISTERED OFFICES AT 8200 DECARIE BLVD., SUITE 300, MONTREAL QC H4P 2P5, DOING BUSINESS UNDER THE TRADE NAME “eSignLive”, (“eSignLive”), AND GOVERN USE OF THE SERVICE BY CUSTOMER (“Customer”).
BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE, BY EXECUTING A ORDER FORM THAT REFERENCES THIS AGREEMENT OR BY TAKING ANY STEPS TO SETUP, CONFIGURE, INTEGRATE WITH, OR USE THE SERVICE, CUSTOMER AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT: YOU ARE DULY AUTHORIZED TO ACCEPT THIS AGREEMENT ON SUCH ENTITY’S BEHALF AND TO BIND SUCH ENTITY;. IN SUCH A CASE, REFERENCES TO “CUSTOMER” IN THIS AGREEMENT SHALL MEAN SUCH ENTITY. IF YOU DO NOT HAVE THE AUTHORITY OR IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT, YOU MUST NOT ACCEPT THIS AGREEMENT AND YOU MAY NOT USE THE SERVICE.
EXCEPT WITH ESIGNLIVE’S PRIOR WRITTEN CONSENT IN EACH INSTANCE, CUSTOMER MAY NOT ACCESS THE SERVICE IF CUSTOMER SELLS, LICENSES, DISTRIBUTES OR MARKETS AN ELECTRONIC SIGNATURE PRODUCT OR SERVICE (“COMPETITOR”). ACCORDINGLY, BY ACCEPTING THIS AGREEMENT, YOU REPRESENT AND WARRANT THAT YOU ARE NOT A COMPETITOR.
ESIGNLIVE MAY MODIFY THIS AGREEMENT OR OTHER TERMS REFERENCED IN THIS AGREEMENT AT ESIGNLIVE’S DISCRETION AT ANY TIME BY POSTING THE CHANGES ON ESIGNLIVE’S WEBSITE, BY SENDING NOTICE VIA AN EMAIL TO THE EMAIL ADDRESS CUSTOMER PROVIDES UPON REGISTRATION, BY INCLUDING A MESSAGE ON AN INVOICE, OR BY ANY OTHER NOTICE METHOD AS WOULD REASONABLY COME TO CUSTOMER’S ATTENTION. CUSTOMER’S SOLE RECOURSE IF IT DOES NOT ACCEPT THE MODIFICATION IS TO TERMINATE THE SERVICE IN ACCORDANCE WITH SECTION 9. THE REVISED AGREEMENT WILL BECOME EFFECTIVE FIVE (5) DAYS FOLLOWING CUSTOMER NOTIFICATION UNLESS CUSTOMER EXPRESSLY ACCEPTS THE REVISED AGREEMENT EARLIER. CUSTOMER’S CONTINUED ACCESS TO AND USE OF THE SERVICE AFTER THE MODIFICATION HAS COME INTO EFFECT CONSTITUTES ITS ACCEPTANCE OF THE MODIFICATION AND CUSTOMER AGREES THAT (I) CUSTOMER WILL BE DEEMED TO HAVE ACCEPTED THE MODIFICATION, WITH NO ADDITIONAL WRITTEN AGREEMENT OR EXPRESS ACKNOWLEDGEMENT REQUIRED; AND (II) CUSTOMER WILL CONTINUE TO BE RESPONSIBLE FOR APPLICABLE FEES UNLESS CUSTOMER TERMINATES THIS AGREEMENT IN ACCORDANCE WITH SECTION 9. CUSTOMER IS RESPONSIBLE FOR REGULARLY REVIEWING THE ESIGNLIVE WEBSITE FOR ANY MODIFICATION TO THIS AGREEMENT.
“Account” means a unique account established for Customer’s use by eSignLive.
“Administrator” means Customer’s employee(s) or authorized agent(s) designated as the Customer contact for management and support of the Service.
“Affiliate” means any entity that controls, is controlled by or is under common control with a party to this Agreement, where control means, for purposes of this definition, with respect to any entity, the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such entity, whether through the ownership of voting securities (or other ownership interest), by contract or otherwise.
“Confidential Information” means all information disclosed by a party (the “Discloser”) to the other party (the “Recipient”) as set forth in Section 11.
“Data” means any data transmitted or provided to eSignLive by or on behalf of Customer, Users or Participants, in its use of the Service. Data includes all Documents initiated and/or signed through the Service and report content relating thereto.
“Document” means a single file representing a form, document or other record, not to exceed 10 megabytes of Data (the “Document Limit”), and capable of being viewed, electronically signed, sent or received or stored through the Service.
“Evidence Summary Report” refers to a summary which includes data related to the Document review and signing process, such as time and date, actions incorporated into the pages, IP addresses and other related metadata.
“Expenses” means any reasonable out-of-pocket costs and fees, actually incurred by eSignLive and approved by Customer, while providing Professional Services to Customer, including fees and costs related to travel, lodging, and meals.
“Malicious Code” means viruses, spiders, worms, time bombs, trojan horses and other harmful or malicious code, instructions, files, scripts, agents or programs or any other code intended to cause harm or disruption to computer systems.
“Named User” means Customer’s employee or agent who has been given login access credentials to the Account by the Administrator for purpose of accessing the Service. to initiate Documents for electronic signature on behalf of Customer “Named User” does not include Participants.
“Order Form” means an ordering document or online order form incorporating this Agreement by reference and executed by the parties identifying the Service and any usage limitations.
“Participant” means a person or company, internal or external to Customer, identified and invited by a User, whose access to the Service is limited to participating in the electronic signing or review of Documents.
“Professional Services” means any consulting, implementation or configuration services to be performed by eSignLive and described in an Order Form or Statement of Work (“SOW”) executed by the parties.
“Service” means the eSignLiveTM electronic signature service as described in this Agreement.
“Service Levels” means the service level availability standards specified in this Agreement.
“Support Service” means telephone help desk or email support available to Customer during eSignLive’s normal business hours as described in this Agreement and Exhibit D.
“System” means the eSignLive website, the computer equipment including the servers, software, and other technology, used by eSignLive to provide the Service.
“Term” means the period of time set forth in the Order Form for which Customer subscribes to the Service.
“Transaction” means a container or package associated with a unique transaction identifier and comprised of a maximum of ten (10) Documents (the “Transaction Limit”) initiated or sent to one or more Participants through the Service by a User as further described in Section 2.5
“Trial, Preview or Sandbox” refers to non-productive limited use of the Service in a trial, sandbox or preview mode or environment for testing, demonstration and integration testing purposes.
“Users” means collectively the Administrator(s) and Named User(s).
2. SERVICE TERMS
2.1. Non-Exclusive Right to Use. Subject to this Agreement and the terms of the applicable Order Form, eSignLive makes the Service available to Customer on a non-exclusive subscription basis. Customer may grant access to the Service to its Named Users and such Named Users may invite Participants to use the Service for the electronic signing of Documents.
2.2. Account Creation; Access. Upon execution of the Order Form, eSignLive will establish an Account. eSignLive will automatically establish the Account and store Data within the data center it deems optimal if not otherwise specified in the Order Form. The Administrator shall be responsible for administering the Account, including the assignment and maintenance of Named User usernames and passwords. Customer (i) remains responsible for any access to the Service through the Account, (ii) is obligated to protect and not to disclose to third parties the usernames and passwords it establishes for its Account, and, (iii) shall take reasonable steps to ensure that each User abides by the terms and conditions of this Agreement. If Customer becomes aware of any suspected or actual violation of the Service and/or System, abuse, unauthorized use or access, Service vulnerability, security incident, confidentiality or privacy breach, then Customer shall promptly notify eSignLive customer support at firstname.lastname@example.org.
2.3. Trial, Preview or Sandbox Use. If Customer is participating in Sandbox, Preview or Trial use of the Service as indicated in an Order Form or via an online website, eSignLive will make the Service available to Customer until the earlier of (a) the end of the free Sandbox, Preview or Trial use period as indicated on the Order Form, (b) the start date of any Order Forms executed by Customer for productive use of the Service, or (c) cessation or suspension of the Service at eSignLive’s option. Any Data produced under the Service or provided to eSignLive during the Sandbox, Preview or Trial use is not recoverable or available upon the expiration or termination of the aforementioned period. NOTWITHSTANDING SECTION 10, DURING THE SANDBOX, PREVIEW OR TRIAL PERIOD THE SERVICE IS PROVIDED “AS-IS”, WITHOUT ANY WARRANTY, SERVICE LEVELS, LIABILITY OR INDEMNITY OBLIGATIONS PROVIDED BY ESIGNLIVE.
2.4. Document Limits. Unless otherwise specified in the Order Form, any Documents in excess of the Document Limit will create one or more additional new Documents for which Customer will pay the applicable Document Fee.
2.5. Transaction Limits. Unless otherwise specified in the Order Form, any Documents in excess of the Transaction Limit will create one or more additional new Transactions, for which Customer will pay the applicable Transaction Fee.
2.6. Service Use Guidelines. Customer will not and will not permit any of its Users or Participants, or deliberately enable any other third party, to:
(a) use the Service in connection with any illegal, defamatory, harassing, libelous, threatening, or obscene material or purpose or to send any message or material that in any way violates or infringes upon the intellectual property rights or the privacy or publicity rights of any person or entity or that may otherwise be unlawful or give rise to civil or criminal liability;
(b) send or allow any Malicious Code through the Service and/or System;
(c) copy, publish or reproduce the Service and/or System for others to copy or use any component thereof except as expressly permitted herein;
(d) distribute, re-distribute, sublicense, assign, share, sell, resell, time-share, rent, lease or otherwise make the Service available to any third party (except as expressly contemplated in Section 6), or grant a security interest in the Service;
(d) interfere or attempt to interfere in any manner with the functionality or proper working of the Service and/or System, or disrupt the integrity or performance of the Service and/or System or any data contained therein;
(e) circumvent any contractual, technical or logical use, Customer or User restrictions agreed upon or existing in the Service and/or System or attempt to gain unauthorized access to, or use of, any part of the Service and/or System;
(f) perform any form of stress, load, performance, security or other vulnerability or penetration tests on the Service and/or System.
2.7. Service Conditions. Use of the Service by Customer, its Users and Participants is subject to the following conditions:
(a) Customer maintains control of or access to Documents and sole control over the content, quality, and format of any Document, and eSignLive assumes no liability or responsibility for a User’s failure or inability to electronically sign any Document or within any particular period of time;
(b) eSignLive shall not be considered a party to any Document, and eSignLive makes no representation or warranty regarding any Document, transaction, agreement or contract sought to be effected or executed using the Service;
(c) Customer is solely responsible for ensuring that Customer’s use of the Service complies with all applicable laws, including any electronic signature, consumer, data protection, data privacy and trade control laws and that any particular Document can be legally executed or formed by electronic signature procedures available through the Service;
(d) Customer may elect to deploy features within the Service designed to verify the identity of the Participants (“Authentication Measures”). eSignLive: (i) will apply only those Authentication Measures (if any) selected by Customer, (ii) makes no representations or warranties regarding the appropriateness of such Authentication Measures and whether Participants have the necessary knowledge or ability to successfully meet such Authentications Measures, and (iii) assumes no liability or responsibility for the circumvention by any Participant or other person of any Authentication Measure;
(e) For Customer initiated email communications through the Service, Customer shall comply with the United States CAN-SPAM Act, Canada’s Anti-Spam Law, the E.U. Directive on Privacy and Electronic Communications, or any other similar regulations and other applicable laws. Customer is solely responsible to provide its Participants with the ability to opt-out of e-mail communications generated through the Service and Customer shall comply with its Participants communication preferences;
(f) Customer shall refer to the Service by its URL, as required, and not reply upon eSignLive’ s IP address. eSignLive expressly reserves the right to alter its IP addressing at any time with no prior notification to Customer or any other party, including but not limited for purposes of disaster recovery data or center relocation;
(g) eSignLive does not monitor the Documents or content processed through the Service, but it may suspend any use of the Service, if eSignLive reasonably and in good faith believes Customer use violates the terms of this Agreement or applicable laws or regulations. eSignLive will use commercially reasonable efforts to notify Customer prior to any such suspension or disablement, unless eSignLive: (i) is prohibited from doing so under applicable law, court order or under legal process; or (ii) deems it necessary to delay notice in order to prevent imminent harm to the Service, or a third party;
(h) eSignLive may modify the Service from time to time, in its discretion, without notice to the Customer, for the purpose of improving Service features, functions or performance, provided that no such modification shall materially reduce the level or quality of the Service, as offered as of the Effective Date. Notwithstanding the foregoing, eSignLive may apply any improvements and modifications to the Service and/or System required to maintain eSignLive’s legal and regulatory requirements, as well as security standards including, but not limited to, any security standards listed in Schedule C. It is Customer’s sole responsibility to maintain the security of Customer’s computer systems and comply with any industry standard minimum security requirements to gain access to the Service;
(i) except for Data and the limited Personal Information that may be provided by Customer to eSignLive to the extent necessary to administer the business relationship between the parties (such as for invoicing and billing purposes), Customer warrants that it shall at no time transfer or provide or otherwise make accessible any Personal Information (as defined in Schedule C) to eSignLive, including, without limitation, for the purpose of receiving any support and maintenance services;
(j) eSignLive shall not be obligated to provide any Data to any Participants or third parties. Customer acknowledges that it is solely responsible for the management of its own record and data retention record policy, including for determining how long any Data and other records are required to be retained or stored under any applicable laws, regulations, or legal or administrative agency processes.
(k) Customer is solely responsible for obtaining and maintaining any hardware and software, for contracting with an Internet service provider, a telecommunications carrier or other service provider for services necessary to establish Customer’s connection or access to the Internet and the Service.
(l) During the term of this Agreement, Documents and or Transactions shall be automatically archived ninety (90) days from completion and/or execution. Once archived, Documents and/or Transactions may be accessed by Customer by contacting eSignLive’s customer support department.
3. PROVISION OF THE SERVICE. eSignLive shall use commercially reasonable efforts to make the Service available to Customer pursuant to this Agreement on a 24/7 basis in accordance with the Service Levels. Nothing contained herein shall limit eSignLive’s right to grant access or otherwise distribute or make available the Service, in whole or in part, to any third party. eSignLive shall provide technical support to two (2) Administrators responsible for Customer side support and the coordination of technical requests for the use of the Service, and provide Professional Services, if any, purchased by Customer. Changes related to Customer’s Administrators may be notified to eSignLive in writing. Customer will be solely responsible for providing all support to Named Users and Participants.
4. PROFESSIONAL SERVICES
4.1. Provision of Professional Services. From time to time, eSignLive may provide Professional Services to Customer as described in an Order Form or a SOW which incorporates this Agreement by reference. Unless provided otherwise on an Order Form or a SOW, Customer shall pay eSignLive: (i) a fee for such Professional Services
at eSignLive’s then-current rates and (ii) all Expenses incurred by eSignLive.
4.2. Obligations. In connection with the Professional Services, Customer will (i) cooperate with eSignLive, (ii) provide eSignLive such assistance as eSignLive may reasonably request; and (iii) fulfill its responsibilities set forth in the project plan. Customer will appoint a contact to the eSignLive project manager responsible for the project. The Customer contact, or a designated alternate, must be available on site or by phone at all times that Professional Services are being provided and shall be knowledgeable with respect to the project plan. Customer will provide eSignLive accurate and complete information necessary for the implementation of the project. Customer will pay eSignLive’s then-current standard rates for any remedial work resulting from inaccurate or incomplete information provided by Customer. Professional Services will be performed remotely or on site as agreed between the parties. Customer must notify the eSignLive project manager promptly of any problem, deficiency or dissatisfaction with respect to the delivery of Professional Services. Customer acknowledges and agrees a delay of more than forty-eight (48) hours in any phase of the Professional Services as set forth in a project plan related to an act or omission of Customer, including but not limited to Customer’s failure to fulfill its obligations here in or listed in the project plan, may result in the delay of the scheduled completion or other phases of the project. Customer agrees to pay eSignLive compensation for the extended work at eSignLive’s then standard rates for the required personnel. Customer will not be responsible for compensating for any extension period that is caused by circumstances solely within eSignLive’s control. All unused prepaid Professional Services shall expire one (1) year from the relevant Order Form Effective Date or SOW and shall be forfeited without refund or credit to Customer.
5. DATA SECURITY. eSignLive has implemented administrative, technical and physical safeguards to protect the security, confidentiality and integrity of the Data in its possession, as set out in Schedule C. Without limiting the above, eSignLive shall not: (i) modify the Data; or (ii) disclose the Data to third parties, except as necessary to perform the Service, or as expressly permitted by Customer in this Agreement or otherwise in writing. If this Agreement is terminated pursuant to Section 9, eSignLive may delete Customer’s Data from the Service after the termination or expiration of this Agreement or upon Customer’s earlier written request.
6. USE BY AFFILIATES. Customer may: (a) use the Service in connection with its Affiliate’s business within the limitations applicable to Customer; or (b) allow one or more of its Affiliates access to the Service solely to the same extent as granted to Customer in this Agreement, provided Customer is authorized to bind such Affiliate. Customer shall notify eSignLive of Customer’s Affiliate’s intent to use the Service at least thirty (30) days prior to permitting access. Customer shall ensure that each of its Affiliates using the Service receives a copy of, and complies with this Agreement. If Affiliate and eSignLive enter into a separate Order Form for Affiliates use of the Service, then Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto. Customer shall remain liable to eSignLive for any breach of this Agreement by its Affiliates.
7. PROPRIETARY RIGHTS
7.1 Exclusive Ownership; Restrictions. All trademarks, service marks, patents, copyrights, trade secrets and all other intellectual property, moral rights and proprietary rights in and to the Service and/or documentation accompanying the Service are and will remain the exclusive property of eSignLive or its licensors, whether or not specifically recognized or perfected under applicable law. Customer will not take any action that jeopardizes eSignLive’s or its licensors’ proprietary rights or acquire any right in the Service or accompanying documentation except the limited use rights expressly set forth in this Agreement. Customer shall not (i) modify, copy, display, republish or create derivative works based on the Service, the underlying software or any content; (ii) frame, scrape, link to or mirror any content forming part of the Service; (iii) reverse engineer the Service or the underlying software; or (iv) access the Service or allow others to access the Service in order to (a) build a competitive product or service, (b) build a product using similar ideas, features, functions or graphics of the Service, or (c) copy any ideas, features, functions or graphics of the Service.
7.2. Rights in Data. As between Customer and eSignLive, Customer owns all Data. Customer hereby grants to eSignLive a non-exclusive, worldwide, sub-licensable right to use the Data to the extent necessary to perform the Service or as expressly permitted by Customer in this Agreement or otherwise in writing.
7.3. Suggestions. To the extent Customer provides or otherwise communicates any suggestions, enhancement requests, recommendations or otherwise provides feedback on the Services (collectively, “Comments”), Customer hereby grants eSignLive a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual, unrestricted license to use and/or incorporate the Comments and all underlying ideas contained in the Comments into the Service (or other product offerings) and create any derivative works thereof.
7.4. Intellectual Property. Customer acknowledges that all intellectual property rights or other proprietary rights in or to any deliverables that eSignLive may create for Customer, in the course of providing Professional Services or otherwise, are and will remain the exclusive property of, and solely owned by, eSignLive or its licensors. eSignLive grants to Customer a royalty-free license to use and execute the deliverables solely in connection with Customer’s use of the Service as permitted in this Agreement.
8. PAYMENT TERMS
8.1. Fees. Customer agrees to pay all fees set forth in the applicable Order Form for the Service (“Subscription Service Fees”) or in any SOW (“Professional Services Fees”) (collectively, “Fees”) for Customer’s use of the Service within thirty (30) days from invoice date. Customer shall remit payment in U.S. dollars unless specifically authorized in another currency in the Order Form. Customer’s non-use of the Service will not be deemed a basis for refusing to pay any Fees invoiced by eSignLive in accordance with this Agreement. Upon Customer’s failure to pay any Fee when due, eSignLive reserves the right to (i) immediately suspend the Service until all amounts due are paid to eSignLive; and/or (ii) terminate this Agreement within thirty (30) days after the unpaid invoice is due. All amounts due and unpaid shall bear interest at the rate of one and a half percent (1.5%) per month or the legal rate allowed by law, whichever is higher. Customer’s insolvency shall accelerate the date of all payments and render any committed Fees immediately due and payable.
8.2 Automated Billing. If Customer has provided a credit card or debit card (the “Payment Card”) to eSignLive as part of Customer’s account setup for Customer’s preauthorized payments, Customer authorizes eSignLive to charge Customer’s Payment Card for all outstanding Fees and outstanding account balances due under the Agreement. If Customer’s preauthorized payment fails, eSignLive may immediately deactivate Customer’s account without notice and collect Fees owing using other collection mechanisms. Customer is solely responsible for all Fees incurred under its Account. If Customer has subscribed to the Service via eSignLive’s website portal, then Customer shall (a) keep the billing, payment card and payment information Customer provides to eSignLive (including name, credit card number and expiry date, mailing address, email address and telephone number) accurate and up to date; (b) promptly advise eSignLive if Customer’s payment card information changes due to loss, theft, cancellation or otherwise and be responsible for any Fees submitted before eSignLive could reasonably act on Customer notice; (c) remain liable for failure to pay any Fees owed to eSignLive due to Customer’s failure to provide eSignLive with up to date billing information. Additionally, Customer agrees that it must contact eSignLive support department within thirty (30) days of the charge date, if Customer has any questions regarding any Fees that have been applied to Customer’s account.
8.3. Taxes. In addition to the Fees, Customer shall pay any applicable taxes. Subscription Service and Professional Services Fees are exclusive of taxes, duties and similar assessments in any jurisdiction based on gross revenue, delivery, possession and/or use of the Services, or the execution of performance of this Agreement, except on net income, net worth or franchise taxes assessed on eSignLive. Subject to these exceptions, Customer will pay all customs duties, taxes and similar governmental charges or provide eSignLive with a certificate of exemption acceptable to the appropriate taxing authority. Should the Fees payable to eSignLive be subject to withholding tax or any deduction within the Customer’s jurisdiction, Customer agrees that the payment may be increased by such an amount to ensure that eSignLive receives and retains the net fee it would have received had no such withholding or deduction been made.
9. TERM AND TERMINATION
9.1. Term. The term of this Agreement will commence on the Effective Date and will end on the expiration date of the last outstanding Order Forms then in effect, unless terminated earlier pursuant to the other provisions of this Section 9 (“Term”).
9.2. Order Form Non-Renewal. Either party may cancel and terminate an upcoming Order Form Renewal Term by providing prior written notice at least sixty (60) days prior to the expiration date of such Order Form. If no such notice is received, then the Service will automatically renew for additional periods of the same length (each a “Renewal Term”) at the then current rates for the Subscription Service Fees.
9.3 Automatic Renewal for Customers Subscribing via eSignLive website. After the initial term, the Service will automatically renew for Renewal Terms of the same length, unless Customer terminates the Service by notifying eSignLive at least ninety (60) days in advance of the anniversary of a Renewal Term. By purchasing the Service, Customer authorizes eSignLive and its Affiliates to automatically charge Customer’s Payment Card upon the expiration of the initial term, or any Renewal Term thereof, at the prices in effect at the time of renewal as published on eSignLive’s website (plus applicable taxes), without any additional action by Customer. Customer may cancel the automatic renewal feature at any time by contacting Customer Support at email@example.com or by calling 1-888-745-2647 #5. Automatic renewals are not eligible for promotions or discounts. If Customer cancels prior to the expiration of the then current Term, Customer will not be entitled to a refund for any amounts prepaid and/or committed for the Service.
9.4. Termination for Convenience. Subject to Section 9.7, Customer may terminate any Order Form for convenience with thirty (30) days notice by notifying eSignLive in writing of its desire to terminate the Service. Termination of an Order Form is effective on the date Customer specifies in such notice.
9.5. Termination for Cause. Without limiting other remedies, either party may terminate this Agreement upon written notice if the other party materially breaches this Agreement and such breach is incapable of cure; or being capable of cure, remains uncured for thirty (30) days after the breaching party receives detailed written notice thereof.
9.6. Termination for Insolvency. Either party may terminate this Agreement by written notice to the other party if the other party (i) becomes insolvent or admits inability to pay its debts generally as they become due; (ii) becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law, which is not fully stayed within seven (7) business days or is not dismissed or vacated within forty-five (45) days after filing; (iii) is dissolved or liquidated or takes any corporate action for such purpose; (iv) makes a general assignment for the benefit of creditors; or (v) has a receiver, trustee, custodian or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.
9.7. Effect of Expiration; Termination. The Service will terminate as of the effective date of termination of the applicable Order Form. Notwithstanding Sections 9.2 through 9.4, termination or non-renewal of any Order Form shall not relieve Customer of its obligation to pay any Subscription Service or Professonal Services Fees accrued or payable for the current Term or any future committed Term. Termination of this Agreement will not prejudice or affect any right of action or remedy which will have accrued to eSignLive up to and including the effective date of termination of the Agreement. For thirty (30) days following the termination or expiration of an Order Form, Customer may retrieve Data and delete stored copies.
10. REPRESENTATIONS AND WARRANTIES
10.1. Mutual Representations and Warranties. Each party represents and warrants to the other that: (i) it has the full power and legal authority to enter into this Agreement and perform its obligations hereunder and the consent of a third party is not necessary for this Agreement to be binding on the parties; and (ii) each person signing this Agreement on behalf of an entity is duly authorized to bind such entity.
10.2. eSignLive’s Warranties. eSignLive warrants that (i) the Service will conform to the Service specifications set out in Schedule A, and (ii) it shall be responsible for the performance of its subcontractors.
10.3. Customer’s Warranties. Customer warrants that: (i) it has not falsely identified itself nor provided any false information to gain access to and use of the Service and eSignLive’s Confidential Information; (ii) it has obtained all necessary consents from relevant individuals in accordance with applicable laws in order to provide the Data to eSignLive and process the Data with or through the Service in the manner described in this Agreement; (iii) it will not transfer to eSignLive nor store any protected health information (as defined under the HIPAA Administrative Simplification Regulations at: 45 C.F.R. § 160.103) within the Service, unless explicitly permitted in the applicable Order Form signed by both parties.
11. DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY
WARRANTY LIMITATIONS. EXCEPT FOR THE LIMITED WARRANTIES SET FORTH IN SECTION 11, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, (i) THE SERVICE IS PROVIDED “AS IS” AND ANY AND ALL WARRANTIES, REPRESENTATIONS, INDEMNITIES AND GUARANTEES WITH RESPECT TO THE SERVICE, WHETHER EXPRESS OR IMPLIED, ARISING BY LAW, STATUTE, USAGE OF TRADE, OR COURSE OF DEALING OR OTHERWISE, INCLUDING WITHOUT LIMITATION THE WARRANTIES OF MERCHANTABILITY, INTEGRITY OF DATA, PERFORMANCE, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, TITLE AND NON-INFRINGEMENT ARE HEREBY OVERRIDDEN, EXCLUDED AND DISCLAIMED. WITHOUT IN ANY WAY LIMITING THE FOREGOING, ESIGNLIVE DOES NOT REPRESENT OR WARRANT THAT THE SERVICE WILL ALWAYS BE AVAILABLE, ACCESSIBLE THROUGH ANY PARTICULAR IP ADDRESS, UNINTERRUPTED, TIMELY, SECURE, ACCURATE, COMPLETE AND ERROR-FREE OR WILL OPERATE WITHOUT PACKET LOSS, NOR DOES ESIGNLIVE WARRANT ANY CONNECTION TO OR TRANSMISSION FROM THE INTERNET. CUSTOMER ACKNOWLEDGES THAT IN USING THE SERVICE, SENSITIVE CONFIDENTIAL AND/OR PROPRIETARY INFORMATION WILL TRAVEL THROUGH PUBLIC OR THIRD PARTY INFRASTRUCTURE WHICH ESIGNLIVE HAS NO CONTROL OVER AND FOR WHICH ESIGNLIVE WILL ASSUME NO LIABILITY. WITHOUT LIMITING THE FOREGOING, ESIGNLIVE MAKES NO WARRANTY OR ASSURANCE OF ANY KIND FOR THIRD PARTY PRODUCTS AND SERVICES, INCLUDING SERVICES DERIVED FROM THIRD-PARTY SOFTWARE AS WELL AS OPEN SOURCE SOFTWARE. “OPEN SOURCE SOFTWARE” MEANS ANY SOFTWARE FOR WHICH THE HUMAN-READABLE PROGRAM INSTRUCTIONS KNOWN AS SOURCE CODE ARE MADE FREELY AVAILABLE TO THE PUBLIC TO INSPECT, COPY, MODIFY AND DISTRIBUTE. OPEN SOURCE SOFTWARE (IF ANY) IS MADE AVAILABLE SUBJECT TO ANY APPLICABLE THIRD PARTY LICENSE AGREEMENT ACCOMPANYING SUCH SOFTWARE. ALL PROFESSIONAL SERVICES ARE MADE AVAILABLE AND PROVIDED “AS IS” AND “AS AVAILABLE”, WITHOUT CONDITION, ENDORSEMENT, GUARANTEE, REPRESENTATION OR WARRANTY OF ANY KIND BY ESIGNLIVE, AND SUBJECT TO ESIGNLIVE THEN-CURRENT APPLICABLE PROFESSIONAL SERVICE FEES.
11.1. LIMITATION OF LIABILITY.
11.2.1 NEITHER PARTY NOR ITS AFFILIATES, LICENSORS OR SUPPLIERS SHALL, UNDER ANY CIRCUMSTANCES, HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY INDIRECT, RELIANCE, INCIDENTAL, PUNITIVE, EXEMPLARY, SPECIAL OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING BUT NOT LIMITED TO LOSS OF REVENUE OR PROFITS, LOST OR DAMAGED DATA, SERVICE DOWNTIME, CHANGE IN IP ADDRESS, BUSINESS INTERRUPTION, REPLACEMENT OR RECOVERY COSTS OR OTHER COMMERCIAL OR ECONOMIC LOSS, EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, WHETHER THEY ARE FORESEEABLE OR UNFORESEEABLE, AND WHETHER ARISING OUT OF BREACH OR FAILURE OF AN EXPRESS OR IMPLIED WARRANTY, BREACH OF CONTRACT, MISREPRESENTATION, NEGLIGENCE, STRICT LIABILITY IN TORT OR OTHERWISE.
11.2.2 EXCEPT AS SPECIFICALLY STATED IN SECTION 11.2.3 OR SECTION 12, IN NO EVENT WILL THE TOTAL AGGREGATE LIABILITY OF ESIGNLIVE AND ITS AFFILIATES FOR ANY AND ALL CLAIMS, ACTIONS OR PROCEEDINGS BASED ON BREACH OR REPUDIATION OF CONTRACT, BREACH OF WARRANTY, NEGLIGENCE, TORT, STATUTORY DUTY, OR OTHERWISE ARISING OUT OF OR IN CONNECTION WITH THE AGREEMENT EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY CUSTOMER FOR THE SERVICE IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT OR CIRCUMSTANCE GIVING RISE TO SUCH LIABILITY.
11.2.3 Liability for Customer Data Incident. If Customer incurs any liability, damages or costs resulting from eSignLive’s gross negligence or willful misconduct in preventing unauthorized access to or disclosure of Data (“Data Breach”) then eSignLive’s liability as described in Section 11.2.2 shall be increased to three (3) times the limitation stated therein. In addition, within thirty (30) of a Data Breach, Customer may elect to terminate this Agreement and any applicable Schedule and receive a pro-rata refund of the Subscription Service Fees pre-paid under the Agreement for the remaining terminated portion of the Term. This Section 11.2.3 sets forth Customer’s sole and exclusive remedy and eSignLive’s sole and exclusive liability for any Data Breach.
12.1. eSignLive Indemnity. If any claim, suit, proceeding, or action is brought by any third party (“Claim”) against Customer claiming that the Service infringes a patent, trade secret or copyright, eSignLive will indemnify and defend Customer at eSignLive’s expense and pay the liabilities, damages and costs, including reasonable attorney’s fees (“Losses” ) finally awarded by a court of competent jurisdiction or agreed upon by eSignLive in any settlement (including reasonable attorneys’ fees), provided (i) Customer notifies eSignLive promptly upon learning that the claim may be asserted, (ii) eSignLive has sole control over the defense of the claim and any negotiation for its settlement or compromise, and (iii) Customer takes no action that, in eSignLive’s reasonable judgment, is contrary to its interests. If a claim may or has been asserted, Customer will permit eSignLive, at eSignLive option and expense, to (x) procure the right to continue using the Service, (y) replace or modify the Service to eliminate the infringing component while providing functionally equivalent performance, or (z) refund on pro rata basis to Customer the Subscription Service Fees actually paid to eSignLive for such Service but unused by Customer. eSignLive will have no indemnity obligation to Customer if the patent, trade secret or copyright infringement claim is based on or arising from (aa) the combination, operation, or use of the Service with products, services, software programs, hardware, data, equipment, or other items or products not supplied by eSignLive; (bb) Customer required configuration, designs and specifications; or (cc) any claim resulting from or related to the Documents or Data. This Section 12.1 sets forth Customer’s sole and exclusive remedy and eSignLive’s sole and exclusive liability for any actual or alleged infringement or misappropriation claim related to the Service.
12.2. Customer Indemnity. Customer agrees to indemnify and defend eSignLive and its Affiliates, and their respective officers, directors, employees and agents from and against any Claims and pay any Losses, arising out of or in connection with (i) Customer’s violation of any rights of any third party, (iii) Customer’s misuse of the Service or any eSignLive intellectual property. Promptly upon receiving notice of a claim, eSignLive shall (i) give Customer prompt written notice of the claim; (ii) give Customer sole control of the defense and settlement of the Claim (provided that Customer may not settle or defend any claim unless it unconditionally releases eSignLive of all liability and does not impose any monetary obligation or disruption to the Service); and (iii) provide to Customer, at Customer’s cost, all reasonable assistance in the defense or settlement of such claim.
13. INSURANCE. eSignLive shall maintain throughout the Term, at its expense, insurance coverage in commercially reasonable amounts, duration and types relevant to its business and operations.
14. CONFIDENTIAL INFORMATION
14.1. Confidential Information. Confidential Information” as used in this Agreement shall mean all information disclosed by either party (“Discloser”) directly or indirectly in any form whatsoever, including but not limited to, written, oral or visual, in machine readable or other tangible form, relating to its business. Confidential Information includes but is not limited to patents, trade secrets, research and development plans, current and future products, product pricing, customers lists, markets, business plans, financial data, contractual terms, documentation, records, studies, reports, know-how, test results, software, and software source code. Confidential Information does not include any information that: (a) was known to Recipient before receiving it from Discloser; (b) is independently developed by Recipient without use of or reference to any Confidential Information of Discloser; (c) is acquired by Recipient from another source that did not receive it in confidence from Discloser to this Agreement; or (d) is or becomes part of the public domain through no fault or action of Recipient.
14.2. Protection of Confidential Information. Recipient shall use no less than the same means it uses to protect its similar Confidential Information, but in any event not less than reasonable means, to prevent the disclosure and to protect the confidentiality of the Confidential Information of Discloser. Discloser agrees that it will not disclose to a third party, except on a need-to-know basis to its attorneys, auditors and consultants who are under confidentiality obligations at least as restrictive as contained herein or use Recipient’s Confidential Information, except for the purposes of this Agreement and as authorized in this Agreement. Each party may disclose Confidential Information to its Affiliates in connection with the performance or administration of its obligations under this Agreement. While maintaining the confidentiality of Customer’s Confidential Information pursuant to this Agreement, Customer hereby permits eSignLive to use Data for aggregation and business intelligence purposes, including for eSignLive to develop new features or functionalities that will benefit users of the Service.
14.3. Required Disclosure. If Recipient is required by law to disclose Discloser’s Confidential Information or the terms of this Agreement other than as permitted under Section 14.1, Recipient will give prompt written notice to Discloser before making the disclosure, unless prohibited from doing so by the legal or administrative process, and assist the Discloser to obtain where reasonably available an order protecting the Confidential Information from public disclosure.
14.4. Remedies. Recipient acknowledges that any actual or threatened breach of this Section 14 may cause irreparable, non-monetary injury to the Discloser, the extent of which may be difficult to ascertain. Accordingly, the Discloser is entitled to (but not required to) seek injunctive relief in addition to all remedies available to the Discloser at law and/or in equity, to prevent or mitigate any breaches of this Agreement or damages that may otherwise result from those breaches. Absent written consent of the Discloser to the disclosure, the Recipient, in the case of a breach of this Section 14, has the burden of proving that the Discloser’s Confidential Information is not, or is no longer, confidential and that the disclosure does not otherwise violate this Section 14.
15. Force Majeure. Except for Customer’s payment of Fees, neither party is liable for delay in the performance of its duties, obligations or responsibilities hereunder due to force majeure. A force majeure impediment is an unforeseen event which occurs after acceptance of orders, and which is beyond a party’s reasonable control, such as strikes, blockade, war, mobilization, natural disaster, refusal of license by government or other stipulations or restrictions by the authorities, Internet service provider failures, delays or availability issues (including downtime or service outages) or any other similar or dissimilar cause beyond the control of a party (collectively, a “Force Majeure Event”).
16.1. Trade Controls. Customer acknowledges that the Service and related technical information, documents and materials are provided by eSignLive hereunder subject to compliance with Canadian, United States and European Union export controls and trade sanctions laws and regulations (“Trade Controls”). Customer shall: (i) comply strictly with the legal requirements established under these Trade Controls with respect to its access to, use and disposition of the Service and related technical information, documents and materials; (ii) cooperate with eSignLive in any audit or inspection that relates to these Trade Controls; (iii) not use, make available, provide or otherwise deal, directly or indirectly, with the Service or any related technical information, documents or materials, in, in connection with, or for the benefit of any destination, company or person restricted or prohibited by these Trade Controls including, but not limited to, persons in Cuba, the Crimea region of Ukraine, Iran, North Korea, Sudan or Syria, and any prohibited end-users targeted under applicable Trade Controls.
16.2. Notices. Any notice required or permitted in this Agreement must be in writing and must be given by (i) personal delivery, (ii) a nationally-recognized, next-day courier service, (iii) first-class registered or certified mail, postage prepaid to the party’s address specified in this agreement, or to the address that a party has notified to be that party’s address for the purposes of this section. Notice given in accordance with this agreement will be effective upon receipt by the party to which it is given or, if mailed, upon the earlier of receipt and the fifth Business Day following mailing or by electronic mail (but, in the case of electronic mail must be sent to firstname.lastname@example.org, only if followed by transmittal by national overnight courier or hand for delivery on the next Business Day).
16.3. Entire Agreement. Except as otherwise specifically agreed by the parties, this Agreement, together with the Schedules and any applicable Order Forms, constitutes the entire agreement between the parties with respect to the Service, and this Agreement supersedes any other agreement or discussions, oral or written, and may not be changed except by a written signed agreement. eSignLive shall not be bound by any other provisions in Customer’s purchase orders, online procurement or invoicing portals or other documents which are inconsistent with or in addition to the provisions hereof, except when expressly agreed to in writing by an authorized representative of eSignLive. To the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any exhibit or addendum hereto or any Order Form or Statement of Work, the terms of this Agreement shall prevail over such addendum, Order Form or Statement of Work.
16.4. Severability. If any provision of this Agreement is declared by a court of competent jurisdiction to be invalid, illegal, or unenforceable, either in its entirety or in a particular application, such provision or unenforceable portion shall be severed from this Agreement and the other provisions shall remain in full force and effect.
16.5. No Waiver. Any amendment or waiver of any terms and conditions in this Agreement and in any Order Form shall be binding only when agreed to by the parties in writing.
16.6. Assignment. Customer may not assign or transfer its rights or duties in whole or in part to a third party without the written consent
of eSignLive. Any waiver or modification of this Agreement shall be in writing and signed by eSignLive.
16.7. Applicable Law and Venue. This Agreement shall be governed by and interpreted in accordance with the laws of (i) the Province of Quebec, if Customer is located in Canada, (ii) the laws of Switzerland, if Customer is located in the European Union, or (iii) the laws of the State of Illinois, if Customer is not located those countries listed under (i) or (ii). The following shall have sole and exclusive jurisdiction over any action, claim, demand, proceeding or lawsuit whatsoever arising under or in relation to this Agreement or its subject matter: (i) the courts of the district of Montreal, if Customer is located in Canada; (ii) the District courts of Zurich, if Customer is located in the European Union, (iii) the courts of the State of Illinois located in the county of DuPage County or the federal court of the United States situated therein, if Customer is not located those countries listed under (i) or (ii). The parties exclude from this Agreement the application of the United Nations Convention on Contracts for the International Sale of Goods. eSignLive may seek injunctive relief or file for collection of debt in courts with appropriate jurisdiction as may be necessary.
16.8. Survival. The terms, conditions and warranties contained in this Agreement which by their nature and context are intended to survive the performance hereof shall so survive the expiration or termination of this Agreement.
16.9. Choice of Language. The parties confirm that it is their wish that this Agreement, as well as all other documents relating hereto, including all notices, be drawn up in the English language only. Les parties aux présentes confirment leur volonté que cette convention, de même que tous les documents, y compris tout avis, qui s’y rattachent, soient rédigés en langue anglaise.
16.10 Counterparts and Electronic Signatures. This Agreement may be executed by means of electronic signature, or in any number of counterparts, where all such counterparts taken together will be deemed to constitute one and the same instrument. A signed copy of this Agreement delivered by facsimile, e-mail or other means of electronic transmission is deemed to have the same legal effect as delivery of an original signed copy of this Agreement.
The Service is a software platform for creating and managing the execution of digital transactions with electronic signing and delivery of Documents. Several features and options are available through the Service which may include (which are defined in the technical documentation related to the Service):
– A web-based e-signing process that provides options for the presentation and review of Documents, methods of signature capture and user authentication, data capture and form fields.
– Workflows, reminders and notifications, attachments and e-delivery of the Documents to Participants.
– Transaction management features for preparing and sending documents manually through the user interface or using transaction templates, and the ability to monitor and manage documents that are in progress or completed.
– Electronically signed Documents in PDF format with each e-signature digitally signed for comprehensive security and detection of any Document changes along with an embedded audit trail.
– Electronic evidence stores web pages along with the flow based actions taken by Participants during the signing/delivery process, and can be reviewed to show what was displayed and signing actions. An Evidence Summary Report is also provided and both the electronic evidence and summary are protected by digital signing.
– A REST API along with Java and .Net SDKs to allow integrating third-party and custom applications with the Service.
– Support for native mobile applications and pre-built connectors to applications such as Salesforce and Microsoft Dynamics
The Service provides customers with three different environments to support their development, testing and production needs. Each environment serves a specific purpose and has its own characteristics. These environments and their respective characteristics may change at eSignLive’s discretion.
– Production usage of the current version of the Service;
– Documents are not watermarked;
– Subject to the Service Levels.
– Integration development and testing of the current version of the Service;
– Documents are watermarked to make them unsuitable for production usage;
– Not subject to the Service Levels and security requirements & safeguards set out in the Agreement and Schedule C; as such, Customer acknowledges that no production Data is to be uploaded to the Sandbox environment.
– “Preview” access to functionality planned in the next upcoming major release and regression testing of integrations before the new major release is deployed in production;
– Documents are watermarked as to make them unsuitable for production usage;
– Not subject to the Service Levels and security requirements & safeguards set out in the Agreement and Schedule C; as such, Customer acknowledges that no production Data is to be uploaded to the Preview environment.
SERVICE LEVEL AVAILABILITY
A. Availability: Except for Maintenance Windows or as otherwise permitted herein, the Service will be available continuously at least 99.999% of the time on a monthly basis (“Availability”). The Service is considered unavailable when the Service is not accessible through the Internet at the point the data center connects to the public Internet for a reason other than a Force Majeure for a period of at least five (5) minutes.
General availability will be calculated per calendar month, as follows:
Total –Unplanned Downtime – Maintenance Window * 100
Total – Maintenance Window
• Total constitutes the total number of minutes for the month
• Unplanned Downtime constitutes unscheduled downtime lasting 5 minutes or more
• Maintenance Window means the following:
a window in which the Service may be unavailable due to scheduled maintenance: Saturday or Sunday, from 12:00am (midnight) to 6:00am in the relevant time zone of the applicable data center, and up to an additional ninety (90) minutes per month of emergency maintenance at any time. whenever reasonably possible Service and System Maintenance is conducted in a manner so as to not impact Service availability
1. For any partial calendar month within the Term, general availability will be calculated based on the entire calendar month. Should eSignLive fail to achieve such Availability during any calendar month, Customer may receive a credit for the Subscription Service Fees paid for said month for each day or fraction thereof when the Service is not Available equivalent to 1/30th of the applicable monthly Subscription Service Fee, provided Customer properly requests such credit. The credit granted shall be Customer’s sole and exclusive remedy and eSignLive’s sole and exclusive liability for any unavailability or downtime of the Service.
2. Customer must submit a request for credit for the Service unavailability by sending an email to email@example.com stating the following: (i) billing information, including company name and billing address, billing contact and billing contact phone number; and (ii) dates and time periods for each instance of downtime that Customer experienced in the relevant calendar month. Credit may only be made on a calendar month basis, and only when Customer makes the credit request within ten (10) days of the end of the calendar month when unavailability is experienced. All credit requests will be verified against eSignLive system records. Should any credit request be disputed, eSignLive will provide Customer a record of Service availability for the period in question. Any credit owed will be applied against Customer’s current or future invoices and is not refundable.
PRIVACY AND SECURITY
“Personal Information” means any information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual. Data may contain Personal Information.
“Personnel” refers to eSignLive’s employees and consultants having access to Data or systems used to provide the Services under this Agreement.
eSignLive shall maintain a comprehensive information security program designed to protect the security and confidentiality of Data and protect against any reasonably anticipated threats or hazards to the security or integrity of such Data.
C. Information Security Requirements
eSignLive shall comply with the following security measures with regard to its production environment:
1. Administrative Safeguards:
a) Information Security Policies. eSignLive shall have in place a comprehensive information security policy framework, including but not limited to policies and standards (herein collectively referred to as “Security Policies”), aligned with industry standard practices, as applicable. Such Security Policies shall address matters of information security and meet reasonably relevant/applicable statutory, regulatory and contractual requirements and have, as applicable, supporting guidelines, processes and procedures in place that set forth how eSignLive will meet its security commitments. Security Policies shall include appropriate administrative, technological and physical safeguards to: (i) protect against threats to the security and confidentiality of Data, including unauthorized use, access or disclosure; (ii) ensure a consistent level of protection for Data during both normal operations and extraordinary circumstances, such as when eSignLive’ is operating under a business continuity or disaster scenario; (iii) limit access to Data to those with a “need to know”; and (iv) ensure the secure disposal of Data. Security Policies shall be approved by senior management, communicated to Personnel and reviewed on an annual basis to ensure accuracy and completeness, and to take into account changing standards and evolving threats and hazards. Security Policies shall have provisions for disciplinary measures in case of violation.
b) Confidentiality. Personnel, contractors and consultants shall be subject to obligations of confidentiality which meet the intent of those found in this Agreement.
c) Personnel security. Personnel shall have clearly defined job descriptions that include security requirements and responsibilities and such job descriptions shall be reviewed periodically to ensure their accuracy and completeness. Personnel shall undergo a background check to the extent permitted by applicable law, which includes, but is not limited to, identity verification, a criminal record check, past employment verification, education records verification, reference checks, as well as screening against the Office of Foreign Assets Controls of the U.S. Department of the Treasury’s “Specially Designated Nationals List”. Personnel shall sign a non-disclosure agreement. Personnel shall also sign a “Privileged User Agreement”, as well as the Company’s” The Code of Conduct Certification Form”, both forms to be renewed on a yearly basis. Personnel shall attend the ”Code of Conduct” training and ”Information Security and Privacy Awareness” sessions on an annual basis.
d) Access control. eSignLive shall maintain procedures and controls to authenticate and limit access to the systems used to provide the Service to authorized individuals. Access to such systems shall be granted on a need-to-know basis, applying the least privilege principle, as applicable. Personnel with administrative privileges shall be required to use multifactor authentication in order to get access to such systems. Personnel shall not access or view any Data unless required to provide the Services under the Agreement. Access shall be removed promptly upon termination, or upon position change, as required.
e) Risk management. eSignLive shall have in place a process to and conduct regular and comprehensive assessments of reasonably foreseeable internal and external risks and vulnerabilities to the confidentiality, integrity and availability of Data that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such Data, and design and implement safeguards to reduce these risks and vulnerabilities to a reasonable and appropriate level.
f) Change management. eSignLive shall have in place a formalized change management process which requires the identification, documentation, testing, approval and post-implementation review of application and infrastructure changes that may impact system security, stability, availability or otherwise have an adverse effect on the Service. Proposed changes shall be evaluated to determine if they present a security risk and what mitigating actions must be performed. Access to production systems shall be strictly limited and developers shall not have the ability to migrate changes into the production environment.
g) Incident management. eSignLive shall have in place an incident management framework designed to respond quickly and efficiently to all types of internal and external security and operational events that threaten the confidentiality, integrity or availability of the system used to provide the Services and any Data contained therein.
h) Business continuity and disaster recovery. The Service shall be designed with the resources reasonably necessary to support availability of the Services in accordance with the Service Levels, and in a way that would enable recovery within the established Recovery Time Objective (RTO) following a service interruption. Testing of necessary components shall be performed as reasonably required to ensure recoverability.
i) Organizational audits. At least annually during the Term, eSignLive shall have, at its sole expense, a reputable qualified third party conduct a Service Organization Control (SOC) 2 assessment of the Service to assess the suitability of the design and the operating effectiveness of the controls to meet the Trust Services Principles and Criteria for Security established by CPA Canada/AICPA’s TSP section 100, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Technical Practice Aids). Such assessment shall reasonably cover all sites being used to provide the Services, herein referred to as an “Organizational Audit”. In addition to including a description and assessment of the controls in place, the Organizational Audit report will also include a description of organizational, operational and business controls relating to the Services, within the general framework of the type of Organizational Audit in question. If the report identifies any deficiencies, eSignLive shall prepare a plan of action to correct the deficiencies based on their criticality. Such plan shall at a minimum include: (i) details of actions to be taken by eSignLive and/or eSignLive’ subcontractors to correct the deficiencies, and (ii) target dates for successful correction of the deficiencies. eSignLive shall make available to Customer a copy of the SOC 3 report summarizing the findings of such Organizational Audit, upon written request.
2. Technical safeguards:
a) Data segregation. eSignLive shall ensure that Data is stored, used, accessed and disposed of in a secure environment, and logically segregated at all times from its other clients’ data, including when operating under a business continuity or disaster recovery scenario.
b) System configuration. The system used to provide the Service shall be segmented into separate network zones protected by firewalls or equivalent mechanisms to mitigate the risk of unauthorized access and to stop the spread of malware infections at internal and external access points. eSignLive shall maintain procedures and controls for the secure installation, configuration, operation and maintenance of information systems (e.g., workstations, servers, networks and applications), including procedures for change management, patch management and vulnerability management. System components shall be configured according to hardening guidelines and feature antivirus and intrusion detection systems, as applicable.
c) Application development. eSignLive shall use separate environments for the purposes of development, testing, staging and production, so that any changes to infrastructure and software are developed and tested in a separate environment before being implemented into production, and to reduce risk of inadvertent changes to a production environment. eSignLive shall perform code reviews and analyses of its software on a regular basis to reduce the likelihood of any vulnerability being deployed into production.
d) Monitoring. eSignLive shall maintain procedures and controls for detecting, preventing and responding to attacks, intrusions or other systems failures, including actions to be taken in the event of suspected or detected unauthorized access to Data. eSignLive shall have in place and maintain tools, including but not limited to a Security Incidents and Events Management (SIEM) system, to allow for appropriate ongoing monitoring of the health and security of the Service, including the detection of possible security threats and incidents. Such tools shall monitor system availability, resource usage, security events, unauthorized system changes and unusual activity, and have automated notifications sent to on-call personnel for system and security issues in real time. Monitored events shall be correlated centrally and event logs shall be reviewed regularly to allow for prompt identification of issues, for capacity planning and for appropriate action to be taken in a timely period in respect of any issues detected from such reviews.
e) Vulnerability management. In order to identify potential Service vulnerabilities, eSignLive shall conduct vulnerability assessments on a regular basis. Such assessments shall include penetration testing of the network boundary as well as application vulnerability testing. Security patches and updates shall be applied as required according to their criticality.
f) Security Testing. At least annually, or aligned with delivery of major releases, and at eSignLive’ sole discretion, eSignLive shall retain a qualified, reputable third party to perform penetration testing of the Service and to prepare a report of its findings. If the report identifies any deficiencies, eSignLive shall prepare a plan of action to correct the deficiencies based on their criticality. Such plan shall at a minimum include: (i) details of actions to be taken by eSignLive and/or subcontractors to correct the deficiencies, and (ii) target dates for successful correction of the deficiencies.
g) Use of encryption. eSignLive shall use appropriate encryption, using industry-accepted algorithms and key lengths, to protect Data stored in the Service, or transmitted over public networks, in connection with the Services.
h) Use of portable storage. Unless explicitly requested by Customer or required to provide Services under this Agreement, and protected by encryption, Data shall not be copied onto computer systems or media not permanently housed in secure Hosting Facilities (including laptop computers, portable storage devices or removable media such as USB disks, DVDs and tapes).
3. Physical and Environmental safeguards:
a) eSignLive work area. Access to areas at a eSignLive site from which the Service is managed and can be accessed shall be physically restricted to authorized Personnel only, and controlled through the use of access badges. Visitors and third parties shall only be allowed to access to such eSignLive work area once they have been properly identified and authorized.
4. Hosting Facilities
a. eSignLive shall host equipment used to provide the Services in a physically secure area with access restricted to authorized personnel, herein referred to as “Hosting Facilities”. Hosting Facilities shall have adequate physical security measures such as, but not limited to, perimeter controls which include a provision to detect unauthorized access, access logging, strong authentication, video surveillance and visitor sign-in.
b. Hosting Facilities shall be reasonably protected against external/environmental threats such as fire, flood or other forms of natural or man-made disasters. Protection measures shall include controls such as smoke and fire detection alarm systems and/or automatic fire suppression systems.
c. Hosting Facilities shall have protection in place for servers, network and other electronic equipment against power related problems.
d. eSignLive shall periodically review the physical and environmental controls to ensure they remain adequate to host the equipment used to provide the Services.
e. Where any hardware or media is no longer being used to provide the Services, eSignLive or its subcontractor will promptly render irrecoverable any Data on that hardware or media, as applicable.
5. Privacy Requirements:
a) Access and Correction Requests. eSignLive will refer to Customer all access or correction requests for Personal Information and reasonably cooperate with Customer in its response to those requests, as applicable.
b) Breach Notification and Investigation. In the event that eSignLive becomes aware that the security, confidentiality or integrity of any Data has been compromised, or that such Data has been or is reasonably expected to be subject to a use or disclosure not authorized by this Agreement (“Data Breach”), eSignLive shall use commercially reasonable efforts to immediately, in writing, in accordance with the notice requirements set out in the Agreement, but in no event more than forty-eight (48) hours (where feasible) following discovery or notification of such Data Breach, report to Customer and, if required by law or regulation, to any other party. eSignLive shall also (i) promptly investigate and conduct a reasonable analysis of the cause(s) of the Data Breach, (ii) to the extent such cause is within eSignLive’ control, develop and implement an appropriate plan to limit the effect and remediate the cause of the Data Breach; and (iii) reasonably cooperate with Customer in respect of any investigation and/or efforts to comply with any notification or other regulatory requirements applicable to the Data Breach. Subject to any confidentiality and/or contractual agreements eSignLive may have with other parties, eSignLive will give Customer any information Customer reasonably requests about the incident.
c) Privacy Coordinator. eSignLive will appoint a privacy coordinator to oversee eSignLive’ compliance with its privacy and information security obligations under this Agreement and to act as Customer’s primary point of contact for privacy and information security matters. eSignLive will notify Customer of the privacy coordinator’s identity and contact information, upon written request.
D. This Schedule is subject to change, without notice, at eSignLive’s discretion as data security methods and regulations evolve.
SCHEDULE D CUSTOMER SUPPORT
“Issue” means any problem or failure that materially decreases the functionality or performance of the Service and is caused by the software, systems, networks, other components, facilities or services that are supplied as part of the Service. Issues do not include any problem or failure caused by the use or improper use or operation of software, systems, networks, other components, facilities or services that are not part of the Service but are used to connect to, integrate with or otherwise make use of the Service.
“Resolution” means a change to the application software, a change to the hosting systems, software or network, or any other change to the components, configuration or services constituting the Service that resolves the Issue. Resolution also includes any testing by eSignLive and Customer prior to applying the Resolution to the Service.
Support Level Response:
a) Support and Monitoring Hours: For Issues other than Severity Level 1 Issues, support for responding to and working on Issues will be provided during normal business hours (“Business Day”) which are from 8:00am to 8:00pm Eastern Time during weekdays (not including Canada and U.S. public holidays). For Severity Level 1 Issues, support for responding to and working on Issues will be provided on a 24 x 7 basis.
b) Reporting of Issues: To report an Issue, only the Administrator may contact eSignLive support by phone or email. Severity Level 1 issues may be reported directly. All other Severity Level Issues must include a reasonable detailed written description of the decrease in functionality or performance of the Service, and the impact on the efficacy of the Service.
c) Personnel and Communication: eSignLive and the Customer will provide the necessary and appropriate personnel as required to find a Resolution. eSignLive and Customer will cooperate to obtain or supply information and data, and run tests in order to assist in finding a Resolution in a timely manner. eSignLive will communicate its progress on finding a Resolution to the Customer on a basis appropriate to the Severity Level.
|ISSUE SEVERITY LEVELS AND RESPONSE|
|Severity Level Definition||Description of Service Level Response|
|Level 1: An Issue that causes stoppage of the use of the Service when being used in a production capacity.||eSignLive shall respond to a call for the Issue within thirty (30) minutes. Immediate attention shall be given to the reported Issue. eSignLive will work continuously (i.e., on a 24 x 7 basis) to resolve the Issue until a temporary or permanent Resolution is found. The Resolution will be applied to the Service immediately.|
|Level 2: An Issue that causes (a) intermittent disruption of the use of the Service when being used in a production capacity, or (b) substantial stoppage of Customer’s development or implementation activities related to the Service.||eSignLive shall respond to a call for the Issue within thirty (30) Business Minutes. Attention shall be given to the reported Issue within one (1) Business Hour of receipt of Customer’s written report. eSignLive will work continuously during Business Hours to resolve the Issue until a Resolution is found. The Resolution will be applied to the Service immediately.|
|Level 3: An Issue that causes an inconvenience in (a) the use of the Service when being used in a production capacity, or (b) Customer’s development or implementation activities related to the Service.||eSignLive shall respond to a call or email for an issue within four (4) Business Hours. Attention shall be given to the reported Issue within one (1) Business Day of receipt of Customer’s written report. eSignLive will use commercially reasonable efforts to resolve the Issue until a Resolution is found. The Resolution will be applied to the Service within two (2) Business Days.|
|Level 4: An Issue that causes no stoppage or inconvenience in (a) the use of the Service when being used in a production capacity, or (b) Customer’s development or implementation activities related to the Service.||eSignLive shall respond to a call or email for an Issue within one (1) Business Day. Attention shall be given to the reported Issue after receipt of Customer’s written report. eSignLive will use commercially reasonable efforts to resolve the Issue until the Resolution is found. The Resolution will be applied to the Service during a scheduled maintenance period.|