User Agreement

TERMS OF USE

This is a legally binding agreement. Please read these terms and conditions carefully. By clicking the button on the online registration web page to accept this agreement, you represent that you have the full legal authority to enter this agreement on behalf of the party identified in the registration process, and in that capacity you acknowledge such party’s agreement to be bound by the terms and conditions set forth or referenced below.

This agreement (the “Agreement”) for use of the Platform (as defined below) is between Gun.io Incorporated, a Delaware corporation (“Gun.io”), and the party (the “Licensee”) indicated during the online registration process (such process and the information provided during such process as amended from time to time through Licensee’s login to its account in the Platform, the “Registration”). This Agreement is effective upon Licensee’s acceptance of it in the course of the Registration (the “Effective Date”). The information entered by or on behalf of Licensee during the Registration is incorporated herein and made a part of this Agreement.

 

1. Certain Definitions

Affiliate” means, as to a party, any other entity that directly or indirectly controls, is under common control with, or is controlled by, such party; as used in this definition, “control” and its derivatives mean possession, directly or indirectly, of power to direct the management or policies of an entity.

Confidential Information” means any information of any type in any form that

(i) is disclosed to or observed or obtained by one party from the other party (or from a person the recipient knows or reasonably should assume has an obligation of confidence to the other party) in the course of, or by virtue of, this Agreement and

(ii) either is designated as confidential or proprietary in writing at the time of such disclosure or within a reasonable time thereafter (or, if disclosure is made orally or by observation, is designated as confidential or proprietary orally by the person disclosing or allowing observation of the information) or is of a nature that the recipient knew or reasonably should have known, under the circumstances, would be regarded by the owner of the information as confidential or proprietary.  Without limiting any other provisions of this Agreement, and whether or not otherwise meeting the criteria described herein, the Platform, Licensee Data, and content of this Agreement (other than the fact of its existence and the identities of the parties hereto) shall be deemed conclusively to be Confidential Information. For purposes of this Agreement, however, the term “Confidential Information” specifically shall not include any portion of the foregoing that

(i) was in the recipient’s possession or knowledge at the time of disclosure and that was not acquired directly or indirectly from the other party,

(ii) was disclosed to the recipient by a third party not having an obligation of confidence of the information to any person or body of which the recipient knew or which, under the circumstances, the recipient reasonably should have assumed to exist, or

(iii) is or, other than by the act or omission of the recipient, becomes a part of the public domain not under seal by a court of competent jurisdiction.  A selection or combination of information will not meet any of the foregoing exceptions solely because some or all of its individual component parts are so excepted and will meet such exception(s) only if the selection or combination itself is so excepted. In the event of any ambiguity as to whether information is Confidential Information, the foregoing shall be interpreted strictly and there shall be a rebuttable presumption that such information is Confidential Information. 

Documentation” means all documentation (whether printed or in an electronic retrieval format) supplied or made available to Licensee by Gun.io for use with or in support of the Platform or its implementation, including without limitation any and all revisions, modifications, and updates thereof as may be supplied or made available by Gun.io to Licensee during the Term of this Agreement and all copies thereof made by or on behalf of Licensee.

Hosting Services” means the provision, administration, and maintenance of servers and related equipment, the provision of bandwidth at the hosting facility, and the operation of the Platform for access and use by Licensee Users pursuant to this Agreement.

Licensed Materials” means the Platform and the Documentation.

Licensee Data” means all data entered into the Platform (i) by Licensee Users or (ii) by or on behalf of Licensee pursuant to a conversion or migration of data from another system, in each case as such data is maintained in the Platform from time to time.

Licensee User” means Licensee, if an individual, or an employee or individual independent contractor of Licensee or of an Affiliate of Licensee duly authorized by Licensee to use the Platform pursuant to Gun.io’s then-current procedure for such authorization.

Loss” means all losses, liabilities, damages, awards, settlements, claims, suits, proceedings, costs and expenses (including reasonable legal fees and disbursements and costs of investigation, litigation, expert witness fees, settlement, judgment, interest, and penalties).

Platform” means the online service and application offered by Gun.io, accessed at https://app.gun.io, together with any associated software applications, database structures and queries, interfaces, tools, and the like, together with any and all revisions, modifications, and updates thereof, as made available by Gun.io to Licensee pursuant to this Agreement.

System Administrator” means the individual identified as such in the Registration or such substitute designated by Licensee from time to time in accordance with Gun.io’s then-current procedures therefor.

 

2. Term

This Agreement shall commence as of the Effective Date and shall expire when terminated as provided in this Agreement (the “Term”). 

 

3. License to Licensee

Subject to terms and conditions of this Agreement, Gun.io grants to Licensee a nonexclusive, nontransferable (except as otherwise provided herein) license during the Term of this Agreement for a User to access and use the Platform and relevant Documentation in accordance with the terms of this Agreement solely for Licensee’s internal business purposes.

 

4. Services

Subject to terms and conditions of this Agreement and provided Licensee is not in material breach of its obligations hereunder, Gun.io shall provide the following Services during the Term:

A. Hosting

Gun.io shall provide the Hosting Services; provided, however, that the Hosting Services may be interrupted and the Platform unavailable for use for reasonable periods from time to time for Gun.io to perform scheduled or unscheduled system maintenance, for Gun.io to address security threats or security incidents, or due to the acts or omissions of third parties or the fault of Gun.io.

B. Support

Gun.io shall provide to Licensee Users consultation and assistance with operational and technical support issues arising from use of the Platform during Gun.io’s then-current normal business hours pursuant to requests for support services submitted by telephone or e-mail at such numbers and e-mail addresses as Gun.io shall provide to Licensee from time to time.

C. Maintenance

In response to a reported error, Gun.io shall use commercially reasonable efforts to correct the error or to provide a reasonable workaround sufficient to alleviate any substantial adverse effect of the problem on the utility of the Platform, provided that Licensee assists Gun.io in its efforts by making available, as reasonably requested by Gun.io, information, documentation, access to personnel, and testing.

D. Enhancements

From time to time at its discretion, Gun.io may implement releases of the Platform that contain changes, updates, patches, fixes, enhancements to functionality, and/or additional functionality.  Gun.io in its sole discretion will determine whether to include in the Platform, as part of the maintenance Services hereunder, features or functionality not originally specified for the Platform, and Gun.io shall have no obligation to disclose or offer to Licensee any such features or functionality.

E. Supported Use and Environment

Gun.io’s support and maintenance obligations pursuant to this Agreement are conditioned upon access to and use of the Platform by Licensee Users in accordance with the Documentation and using browsers and other information technology meeting the criteria set forth in the Documentation, published on Gun.io’s web site, or otherwise provided or made available to Licensee by Gun.io from time to time.  Upon reasonable notice to Licensee from time to time, Gun.io may revise the specifications described in this paragraph or implement new such specifications to address the evolution of such technology.



5. Licensee Responsibilities and Restrictions.

A. Licensee Connection to Platform

Licensee shall be responsible for selecting, obtaining, and maintaining any equipment and ancillary services needed to access the Platform, in each case meeting any information technology environment criteria described in the Documentation, published on Gun.io’s web site, or otherwise provided or made available to Licensee by Gun.io from time to time.

B. System Administrator

Licensee acknowledges and agrees that the System Administrator, utilizing mechanisms provided therefor within the Platform, will have the sole responsibility for authenticating and provisioning access to the Platform for other Licensee Users and for disabling access to the Platform for Licensee Users. Licensee shall cause the System Administrator to perform such authentication in accordance with generally-accepted information security standards and shall cause the System Administrator to disable such access immediately upon the termination of employment or engagement of any Licensee User by Licensee or its Affiliate or when a Licensee User otherwise is no longer eligible to use the Platform pursuant to this Agreement.  Licensee shall notify Gun.io immediately, by telephone and in writing, to disable access to the Platform for System Administrator who is so terminated or otherwise is no longer eligible to use the Platform pursuant to this Agreement.

C. Account Passwords and Data Security

Licensee shall maintain and cause to be maintained the confidentiality of all user IDs and passwords of Licensee Users, including implementing and enforcing policies and procedures as reasonable and appropriate thereto, and Licensee at all times shall maintain (and shall cause any Affiliate having Licensee Users to maintain) adequate technical, physical, and administrative safeguards, including access controls and system security requirements and devices, to ensure that access to the Platform by or through Licensee is limited to Licensee Users.  Licensee shall be solely responsible for all use or misuse of the user IDs of Licensee Users, and except as otherwise required by applicable law Gun.io shall have no obligation to monitor for or report any use or attempted use of the user IDs of Licensee Users. All such user IDs and passwords are deemed to be Confidential Information of both Licensee and Gun.io. Licensee shall take reasonable steps to ensure that Licensee Users not share user IDs or passwords.

D. Restrictions

Except as may be expressly authorized in this Agreement, Licensee shall not do, nor shall it authorize any person to do, any of the following:

(i) use the Licensed Materials for any purpose or in any manner not specifically authorized by this Agreement;

(ii) make any copies or prints, or otherwise reproduce or print, any portion of the Licensed Materials, whether in printed or electronic format;

(iii) distribute, republish, download, display, post, or transmit any portion of the Licensed Materials;

(iv) create or recreate the source code for, or re-engineer, reverse engineer, decompile, or disassemble any Licensed Materials that is computer software;

(v) modify, adapt, translate, or create derivative works from or based upon any part of the Licensed Materials, or combine or merge any part of the Licensed Materials with or into any other software, document, or work

(vi) refer to or otherwise use any part of the Licensed Materials as part of any effort to develop a product or service having any functional attributes, visual expressions, or other features or purposes similar to those of Licensed Materials;

(vii) remove, erase, or tamper with any copyright, logo, or other proprietary or trademark notice printed or stamped on, affixed to, or encoded or recorded in the Licensed Materials, or use a proxy, reverse proxy, or any other such mechanism that is intended to, or has the effect of, obscuring any of the foregoing or confusing a Licensee User as to Gun.io’s rights in the Platform,

(viii) fail to preserve all copyright and other proprietary notices in any copy of any portion of the Licensed Materials made by or on behalf of Licensee;

(ix) sell, market, license, sublicense, distribute, rent, loan, or otherwise grant to any third party any right to possess or utilize any portion of the Licensed Materials without the express prior written consent of Gun.io (which may be withheld by Gun.io for any reason or conditioned upon execution by such party of a confidentiality and non-use agreement and/or other such other covenants and warranties as Gun.io in its sole discretion deems desirable)

(x) use the Licensed Materials to gain or attempt to gain access to any software applications, computer systems, or data not expressly authorized under this Agreement;

(xi) knowingly use the Platform to store, receive, or distribute any information that violates any applicable law; or

(xii) attempt to do or assist any party in attempting to do any of the foregoing.

E. Disclaimer

Gun.io shall not be liable to Licensee for any Loss arising out of or relating to Licensee’s failure to comply with its obligations set forth in this Section 5.



6. Ownership

A. Licensee Data

As between Gun.io and Licensee, Licensee has and retains exclusive ownership of all Licensee Data and all intellectual property and proprietary rights therein.

B. Licensed Materials

As between Gun.io and Licensee, Gun.io has and retains exclusive ownership of the Licensed Materials and all intellectual property and proprietary rights therein.  Licensee acknowledges that the foregoing constitute valuable assets and may constitute trade secrets of Gun.io or its licensors.

C. Suggestions, Joint Efforts, and Statistical Information

Licensee may suggest, and the parties may discover or create jointly, findings, inventions, improvements, discoveries, or ideas that Gun.io, at its sole option, may incorporate in the Licensed Materials or in other products or services that may or may not be made available to Licensee.  Any such finding, invention, improvement, discovery, or idea, whether or not patentable, that is conceived or reduced to practice during the Term of this Agreement, whether by a party alone or by the parties jointly, arising from or related to this Agreement or the Licensed Materials shall be and remain solely property of Gun.io and may be used, sold, licensed, or otherwise provided by Gun.io to third parties, or published or otherwise publicly disclosed, in Gun.io’s  sole discretion without notice, attribution, payment of royalties, or liability to Licensee. Licensee acknowledges and agrees that Gun.io has and retains exclusive and valid ownership of all anonymized statistical information regarding Licensee Users’ use of the Platform. Licensee hereby assigns to Gun.io any and all right, title, and interest in and to any such findings, inventions, improvements, discoveries, ideas, and statistical information. Unless otherwise expressly agreed in writing, Licensee shall not obtain any right, title, or interest (other than the license expressly set forth herein) in or to anything created or developed by Gun.io in connection with or incident to this Agreement. 



7. License to Use Licensee Data

Licensee grants to Gun.io a non-exclusive, transferrable, worldwide, royalty-free license to use and disclose Licensee Data as follows: 

(a) during the Term, to provide, monitor, correct, and improve the Application and to perform services related thereto, including without limitation, to the extent permitted by applicable law, (A) de-identifying Customer Data such that there is no reasonable basis to believe that the information can be used, alone or in combination with other reasonably available information, to identify any individual or to identify Customer as the source of such data; and (B) aggregating Customer Data with other data; and

(b) in perpetuity to use, reproduce, prepare derivative works of, and distribute such aggregated data for any lawful purpose and to grant sublicenses for the foregoing.

Licensee represents and warrants that it owns or has the legal right and authority, and will continue to own or maintain the legal right and authority, to grant to Gun.io during the Term the license set forth herein.  Licensee further represents and warrants that it has provided all necessary notices to process the Licensee Data and to transfer the Licensee Data to Gun.io. Licensee shall indemnify, defend, and hold harmless Gun.io, its Affiliates, and their respective directors, officers, employees, and agents from and against any Loss arising from or related to a claim of a third party with respect to a breach of the foregoing representations and warranties of Licensee.



8. Confidentiality 

A. Security of Confidential Information

Each party possessing Confidential Information of the other party will maintain all such Confidential Information under secure conditions, using reasonable security measures and in any event not less than the same security procedures used by such party for the protection of its own Confidential Information of a similar kind.  

B. Non-Disclosure Obligation

Except as otherwise may be permitted by this Agreement, neither party shall disclose any Confidential Information of the other party to any third party without the express prior written consent of the other party; provided, however, that either party may disclose appropriate portions of Confidential Information of the other party to those of its employees, contractors, agents, and professional advisors having a substantial need to know the specific information in question in connection with such party’s exercise of rights or performance of obligations under this Agreement provided that all such persons:

(i) have been instructed that such Confidential Information is subject to the obligation of confidence set forth by this Agreement and

(ii) are bound by contract, employment policies, or fiduciary or professional ethical obligation to maintain such information in confidence.

C. Compelled Disclosure

If either party is ordered by a court, administrative agency, or other governmental body of competent jurisdiction to disclose Confidential Information, or if it is served with or otherwise becomes aware of a motion or similar request that such an order be issued, then such party will not be liable to the other party for disclosure of Confidential Information required by such order if such party complies with the following requirements:

(i) if an already-issued order calls for immediate disclosure, then such party immediately shall move for or otherwise request a stay of such order to permit the other party to respond as set forth in this paragraph;

(ii) such party immediately shall notify the other party of the motion or order by the most expeditious possible means;

(iii) such party shall not oppose a motion or similar request by the other party for an order protecting the confidentiality of the Confidential Information, including not opposing a motion for leave to intervene by the other party; and

(iv) such party shall exercise reasonable efforts to obtain appropriate assurance that confidential treatment will be accorded the Confidential Information so disclosed.

D. Non-Use Obligation

Except as expressly authorized in this Agreement, during the Term of this Agreement and forever thereafter (or for such shorter period as may be imposed by applicable law), neither party shall use any Confidential Information of the other party, except at the request of and for the benefit of such other party, without the express prior written consent of the other party.

E. Copying of Confidential Information

Except as otherwise may be permitted by this Agreement, neither party shall copy or otherwise reproduce any part of any Confidential Information of the other party, nor attempt to do so, without the prior written consent of the other party.  Any embodiments of Confidential Information of a party that may be generated by the other party, either pursuant to or in violation of this Agreement, will be deemed to be solely the property of the first party and fully subject to the obligations of confidence set forth herein.

F. Proprietary Legends

Without the other party’s prior written consent, neither party shall remove, obscure, or deface on or from any embodiment of any Confidential Information any proprietary legend relating to the other party’s rights.

G. Reports of Misappropriation

Each party shall report to the other party without unreasonable delay any act or attempt by any person of which such party has knowledge or reasonably suspects

(i) to use or disclose, or copy Confidential Information without authorization from the other party or

(ii) to reverse assemble, reverse compile, or otherwise reverse engineer any part of the Confidential Information.

H. Post-Termination Procedures

Except with respect to Licensee Data as provided in Section 11(c) or as otherwise expressly provided in this Agreement, promptly upon the expiration or any termination of this Agreement or other expiration or termination of a party’s right to possess and/or use Confidential Information, each party shall turn over to the other party (or destroy and certify the same in writing, if agreed in writing by the other party) any embodiments of any Confidential Information of the other party.


9. Representations and Warranties; Disclaimers

A. REPRESENTATION AND WARRANTY DISCLAIMERS.

THE LICENSED MATERIALS AND ALL SERVICES PROVIDED OR TO BE PROVIDED UNDER THIS AGREEMENT ARE PROVIDED “AS IS,” WITH ALL FAULTS, AND CUSTOMER ASSUMES THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LICENSED MATERIALS. GUN.IO DISCLAIMS, ANY AND ALL WARRANTIES, CONDITIONS, OR REPRESENTATIONS (EXPRESS OR IMPLIED, ORAL OR WRITTEN) WITH RESPECT TO THE LICENSED MATERIALS OR ANY PART THEREOF OR THE SERVICES, INCLUDING WITHOUT LIMITATION ANY AND ALL IMPLIED WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, OR FITNESS OR SUITABILITY FOR ANY PURPOSE (WHETHER OR NOT GUN.IO KNOWS, HAS REASON TO KNOW, HAS BEEN ADVISED, OR OTHERWISE IS IN FACT AWARE OF ANY SUCH PURPOSE), WHETHER ALLEGED TO ARISE BY LAW, BY REASON OF CUSTOM OR USAGE IN THE TRADE, BY COURSE OF DEALING, OR OTHERWISE. GUN.IO EXPRESSLY DISCLAIMS ANY WARRANTY OR REPRESENTATION TO ANY PERSON OTHER THAN CUSTOMER.  

B. Other Disclaimers

Licensee will be exclusively responsible as between the parties for, and Gun.io makes no representation or warranty with respect to, determining whether the Licensed Materials will achieve the results desired by Licensee, ensuring the accuracy of any Licensee Data, and selecting, procuring, installing, operating, and maintaining the technical infrastructure for Licensee’s access to and use of the Licensed Materials (other than with respect to the Hosting Services).  Gun.io shall not be liable for, and shall have no obligations with respect to, any aspect of the Licensed Materials that is modified by any person other than Gun.io or its contractors, use of the Licensed Materials other than in accordance with the most current operating instructions provided by Gun.io, errors or other effects of problems, defects, or failures of software or hardware not provided by Gun.io or of acts or omissions of Licensee or any third party. Licensee acknowledges that the operation of the Licensed Materials will not be error free in all circumstances and that all defects in the Licensed Materials may not be corrected.


10. Breach; Termination; Disposition of Data

A. Notice of Breach; Cure Period

In the event of a breach of a provision of this Agreement, the notice and cure procedures set forth in this paragraph shall apply.  The non-breaching party shall give the breaching party notice describing the breach and stating the time, as provided herein, within which the breach must be cured.  If a provision of this Agreement sets forth a cure period for the breach in question, then that provision shall take precedence over any cure period set forth in this paragraph.  No cure period shall be required, except as may be provided otherwise in this Agreement, if this Agreement sets forth specific deadline dates for the obligation allegedly breached.  If the breach is of an obligation to pay money, the breaching party shall have five business days to cure the breach after written notice thereof by the non-breaching party. If the breach is a material breach of an obligation relating to the other party’s Confidential Information, including Licensee’s use or disclosure of the Platform other than in compliance with the license granted in this Agreement, then the non-breaching party, in its sole discretion, may specify in the notice of breach that no cure period will be permitted.  If the breach is other than a breach of the kind described above in this paragraph, then the cure period will be 30 days after the notice of the breach by the non-breaching party.

B. Termination

If a breach of any provision of this Agreement has not been cured at the end of the applicable cure period, if any (or upon such breach if no cure period is permitted), then the non-breaching party thereupon may terminate this Agreement by notice to the other party.  Termination of this Agreement by Gun.io for breach by Licensee shall terminate all licenses granted to Licensee herein. This Agreement and the licenses granted to Licensee herein shall terminate automatically, to the extent permitted by applicable law in the jurisdiction or jurisdictions in question, if Licensee makes an assignment for the benefit of its creditors, files a petition for bankruptcy, receivership, reorganization, or other like proceeding under any present or future debtor relief law (or is the subject of an involuntary such petition or filing that is not dismissed within 60 days after the effective filing date thereof), or admits of a general inability to pay its debts as they become due.  Any termination of this Agreement shall be in addition to, and not in lieu of, any other rights or remedies available at law or in equity.

C. Disposition of Licensee Data

Upon Licensee’s written request within 30 days following the expiration or any termination of this Agreement, Gun.io shall destroy the Licensee Data; provided, however, that to the extent Gun.io is required by applicable law or legal process to retain any portion of the Licensee Data, or to the extent that destruction of any Licensee Data is infeasible, Gun.io shall retain such Licensee Data as though it were Confidential Information for such time as is required by such law or process or until destruction is no longer infeasible, after which Gun.io promptly shall destroy the Licensee Data.

 

11. Risk Allocation

A. EXCLUSION OF INDIRECT DAMAGES

IN NO EVENT WILL GUN.IO BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (A) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (B) INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (C) LOSS OF GOODWILL OR REPUTATION; (D) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (E) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE REGARDLESS OF WHETHER GUN.IO WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE.

B. MAXIMUM AGGREGATE LIABILITY

IN NO EVENT WILL GUN.IO’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED $1,000.

C. Intentional Risk Allocation

Each party acknowledges that the provisions of this Agreement were negotiated, as a material part of the agreement memorialized herein, to reflect an informed, voluntary allocation between them of all risks (both known and unknown) associated with the transactions involved with this Agreement.  The warranty disclaimers and limitations in this Agreement are intended, and have as their essential purpose, to limit the circumstances of liability. The remedy limitations and the limitations of liability are separately intended, and have as their essential purpose, to limit the forms of relief available to the parties.


12. Marketing

Gun.io may identify Licensee as an Gun.io customer and display Licensee’s logos in its marketing materials and advertisements, on its web site, and in presentations.  Gun.io shall not acquire any intellectual property rights in any such logos, trademarks, service marks, or other indicia of origin.


13. Certain Data Activities

A. Privacy Policy

Licensee acknowledges and agrees that Licensee has read and understood Gun.io’s Privacy Policy, and Licensee consents to and authorizes the processing, use, and disclosure of personal information as set forth therein.

B. International Data Transfers

Licensee acknowledges and agrees that Personal Data will be transferred to the United States of America, a jurisdiction that has been determined not to offer an adequate level of data protection by the European Commission, and Licensee consents to such transfers.  Licensee further acknowledges and agrees that Gun.io’s Sub-Processor for cloud storage and related services may in limited instances transfer Personal Data from Gun.io’s cloud solution to other jurisdictions for which the European Commission has not adopted an adequacy decision.  To facilitate such transfers, the parties hereby enter into the Standard Contractual Clauses attached hereto as Exhibit 1, which are incorporated by reference herein. The parties shall work together to ensure that they (or the relevant Sub-Processor) have a legally-approved mechanism in place to facilitate such data transfers.

C. GDPR

The parties acknowledge and agree that, where the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) applies, Licensee and Gun.io are acting as independent controllers for purposes of the GDPR.  To the extent Licensee

(a) provides a photograph that is biometric information or reveals racial or ethnic origin or religious or philosophical beliefs or

(b) provides information regarding trade union membership, Licensee specifically consents to the processing of such special categories of personal data by Gun.io for the purposes of providing the Services.

D. CCPA

Licensee hereby directs Gun.io to disclose Licensee’s personal information to third parties in connection with the Services.  Such third parties shall include organizations using Gun.io to locate and retain developers.


14. Other Provisions

A. Notice

Except as otherwise expressly provided herein, notices shall be given under this Agreement in writing in the English language, signed by the party giving the same, and shall be given

(i) personally (in which case such notices shall be deemed given when so delivered),

(ii) by certified or registered U.S. Mail, properly addressed and postage pre-paid, from within the United States (in which case such notices shall be deemed given on the third business day after deposit),

(iii) by generally recognized overnight courier, properly addressed and pre-paid, with next business day instruction (in which case such notices shall be deemed given on the next business day after deposit), or

(iv) if to Licensee, at Gun.io’s  election, by e-mail (in which case such notice shall be deemed given upon transmission unless Gun.io receives a non-delivery email message within a reasonable time thereafter). Such notices shall be sent to Gun.io at Attn: VP Operations, Gun.io, 1200 Clinton St. Suite 225, Nashville, TN 37203 and to Licensee at the address for notices or email address designated in the Registration or as provided in clause

(iv) of this the preceding sentence. Either party may change its address for purposes of notice by written notice thereof to the other party.

B. Nature of Relationship; Subcontractors

Gun.io shall provide all Services hereunder as an independent contractor to Licensee.  Subject to the provisions of this Agreement regarding confidentiality, Gun.io may perform its obligations hereunder through its employees and through subcontractors.  Nothing contained herein shall be deemed to create any agency, partnership, joint venture, or other relationship between the parties or any of their affiliates, and neither party shall have the right, power, or authority under this Agreement to create any duty or obligation on behalf of the other party.

C. Force Majeure

Neither party shall be liable for any failure to perform its obligations under this Agreement if such failure arises, directly or indirectly, out of causes reasonably beyond the direct control of such party and not due to such party’s own fault or negligence or that of its contractors or representatives or other persons acting on its behalf, and which cannot be overcome by the exercise of due diligence and which could not have been prevented through commercially reasonable measures, including acts of God, acts of terrorists or criminals, acts of domestic or foreign governments, change in any law or regulation, fires, floods, explosions, epidemics, disruptions in communications, power, or other utilities, strikes or other labor problems, riots, or unavailability of supplies.

D. Governing Law; Venue

This Agreement shall be construed and enforced in accordance with the laws of the state of Tennessee (other than its conflicts of law provisions) and venue shall be exclusively in the federal or state courts sitting in Tennessee.

E. Jury Trial Waiver

THE PARTIES SPECIFICALLY WAIVE ANY RIGHT TO TRIAL BY JURY IN ANY COURT WITH RESPECT TO ANY CONTRACTUAL, TORTIOUS, OR STATUTORY CLAIM, COUNTERCLAIM, OR CROSS-CLAIM AGAINST THE OTHER ARISING OUT OF OR CONNECTED IN ANY WAY TO THIS AGREEMENT, BECAUSE THE PARTIES HERETO, BOTH OF WHICH ARE REPRESENTED BY COUNSEL, BELIEVE THAT THE COMPLEX COMMERCIAL AND PROFESSIONAL ASPECTS OF THEIR DEALINGS WITH ONE ANOTHER MAKE A JURY DETERMINATION NEITHER DESIRABLE NOR APPROPRIATE.

F. Injunctive Relief

Each party acknowledges that any violation of its covenants in this Agreement relating to the other party’s Confidential Information and intellectual property would result in damage to such party that is largely intangible but nonetheless real and that is incapable of complete remedy by an award of damages.  Accordingly, any such violation shall give such party the right to a court-ordered injunction or other appropriate order to enforce specifically those covenants without bond and without prejudice to any other rights or remedies to which such party may be entitled as a result of a breach of this Agreement.

G. Assignment

Licensee may transfer or assign some or all of its rights and/or delegate some or all of its obligations under this Agreement only with the express prior written consent of Gun.io, which may be granted or withheld in Gun.io’s sole discretion; provided, however, that if Licensee is not a natural person, Licensee may assign all of its rights hereunder indivisibly to an entity that controls, is controlled by, or is under common control with Licensee (“control” meaning possession, directly or indirectly, of a majority of an entity’s voting interests) or to a purchaser of substantially all of Licensee’s assets so long as such assignee (i) agrees in writing to comply with Licensee’s obligations under, and to be bound by, this Agreement (this clause does not in itself authorize Licensee to delegate its duties under this Agreement) and (ii) promptly notifies Gun.io in writing of the same. Any purported transfer or assignment by Licensee of any right under this Agreement otherwise than in accordance with the provisions of this paragraph shall be null and void and a breach of this Agreement.  This Agreement shall be fully assignable by Gun.io in its sole discretion.

H. Successors and Assigns

This Agreement will be binding upon and inure to the benefit of the parties and their successors and assigns permitted by this Agreement.

I. No Third-Party Beneficiaries

Except as otherwise expressly set forth herein, nothing in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever.

J. Entire Agreement

This Agreement constitutes the entire agreement between the parties concerning the subject matter hereof.  No prior or contemporaneous representations, inducements, promises, or agreements, oral or otherwise, between the parties with reference thereto will be of any force or effect.  Each party represents and warrants that, in entering into and performing its obligations under this Agreement, it does not and will not rely on any promise, inducement, or representation allegedly made by or on behalf of the other party with respect to the subject matter hereof, nor on any course of dealing or custom and usage in the trade, except as such promise, inducement, or representation may be expressly set forth herein.

K. Survival

The covenants herein concerning Confidential Information, indemnification, post-termination procedures, and any other provision that, by its nature, is intended to survive this Agreement shall survive any termination or expiration of this Agreement.

L. Amendment and Waiver

Except as otherwise expressly provided herein, no modification or amendment to this Agreement will be valid or binding unless in writing and duly executed by the party or parties to be bound thereby.  The failure of either party at any time to require performance by the other party of any provision of this Agreement shall in no way affect the right of such party to require performance of that provision.  Any waiver by either party of any breach of this Agreement shall not be construed as a waiver of any continuing or succeeding breach of such provision, a waiver of the provision itself, or a waiver of any right under this Agreement.

M. Severability

If any provision of this Agreement is ruled wholly or partly invalid or unenforceable by a court or other body of competent jurisdiction, then

(i) the validity and enforceability of all provisions of this Agreement not ruled to be invalid or unenforceable will be unaffected;

(ii) the effect of the ruling will be limited to the jurisdiction of the court or other body making the ruling;

(iii) the provision held wholly or partly invalid or unenforceable shall be deemed amended, and the court or other body is authorized to reform the provision, to the minimum extent necessary to render them valid and enforceable in conformity with the parties’ intent as manifested herein; and

(iv) if the ruling or the controlling principle of law or equity leading to the ruling subsequently is overruled, modified, or amended by legislative, judicial, or administrative action, then the provision in question as originally set forth in this Agreement shall be deemed valid and enforceable to the maximum extent permitted by the new controlling principle of law or equity. 

N. Headings

The headings of the sections used in this Agreement are included for convenience only and are not to be used in construing or interpreting this Agreement.

 


EXHIBIT 1

STANDARD CONTRACTUAL CLAUSES FOR THE TRANSFER OF PERSONAL DATA FROM THE COMMUNITY TO THIRD COUNTRIES 
(CONTROLLER TO CONTROLLER TRANSFERS)

Data Transfer Agreement between Licensee (hereinafter “data exporter”) and Gun.io (hereinafter “data importer”), each a “party”; together “the parties”.

DEFINITIONS
For the purposes of the clauses:

(a) “personal data”, “special categories of data/sensitive data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority/authority” shall have the same meaning as in Directive 95/46/EC of 24 October 1995 (whereby “the authority” shall mean the competent data protection authority in the territory in which the data exporter is established);

(b) “the data exporter” shall mean the controller who transfers the personal data;

(c) “the data importer” shall mean the controller who agrees to receive from the data exporter personal data for further processing in accordance with the terms of these clauses and who is not subject to a third country’s system ensuring adequate protection;

(d) “clauses” shall mean these contractual clauses, which are a free-standing document that does not incorporate commercial business terms established by the parties under separate commercial arrangements.

The details of the transfer (as well as the personal data covered) are specified in Annex B, which forms an integral part of the clauses.

1. OBLIGATIONS OF THE DATA EXPORTER

The data exporter warrants and undertakes that:

(a) The personal data have been collected, processed and transferred in accordance with the laws applicable to the data exporter.

(b) It has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses.

(c) It will provide the data importer, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the data exporter is established.

(d) It will respond to enquiries from data subjects and the authority concerning processing of the personal data by the data importer, unless the parties have agreed that the data importer will so respond, in which case the data exporter will still respond to the extent reasonably possible and with the information reasonably available to it if the data importer is unwilling or unable to respond. Responses will be made within a reasonable time.

(e) It will make available, upon request, a copy of the clauses to data subjects who are third party beneficiaries under clause III, unless the clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter shall inform data subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authority. However, the data exporter shall abide by a decision of the authority regarding access to the full text of the clauses by data subjects, as long as data subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter shall also provide a copy of the clauses to the authority where required.

2. OBLIGATIONS OF THE DATA IMPORTER

The data importer warrants and undertakes that:

(a) It will have in place appropriate technical and organizational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected.

(b) It will have in place procedures so that any third party it authorizes to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data importer, including a data processor, shall be obligated to process the personal data only on instructions from the data importer. This provision does not apply to persons authorized or required by law or regulation to have access to the personal data.

(c) It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and it will inform the data exporter (which will pass such notification on to the authority where required) if it becomes aware of any such laws.

(d) It will process the personal data for purposes described in Annex B, and has the legal authority to give the warranties and fulfill the undertakings set out in these clauses.

(e) It will identify to the data exporter a contact point within its organization authorized to respond to enquiries concerning processing of the personal data, and will cooperate in good faith with the data exporter, the data subject and the authority concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I(e).

(f) At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil its responsibilities under clause III (which may include insurance coverage).

(g) Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular business hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion.

(h) It will process the personal data, at its option, in accordance with:

(i) the data protection laws of the country in which the data exporter is established, or

(ii) the relevant provisions (1) of any Commission decision pursuant to Article 25(6) of Directive 95/46/EC, where the data importer complies with the relevant provisions of such an authorization or decision and is based in a country to which such an authorization or decision pertains, but is not covered by such authorization or decision for the purposes of the transfer(s) of the personal data (2), or

(iii) the data processing principles set forth in Annex A.


Data importer to indicate which option it selects: Option (iii) the data processing principles set forth in Annex A. Initials of data importer:  TN for Gun.io

(i) It will not disclose or transfer the personal data to a third party data controller located outside the European Economic Area (EEA) unless it notifies the data exporter about the transfer and

(i) the third party data controller processes the personal data in accordance with a Commission decision finding that a third country provides adequate protection, or

(ii) the third party data controller becomes a signatory to these clauses or another data transfer agreement approved by a competent authority in the EU, or

(iii) data subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards, or

(iv) with regard to onward transfers of sensitive data, data subjects have given their unambiguous consent to the onward transfer.

3. LIABILITY AND THIRD PARTY RIGHTS

(a) Each party shall be liable to the other parties for damages it causes by any breach of these clauses. Liability as between the parties is limited to actual damage suffered. Punitive damages (i.e. damages intended to punish a party for its outrageous conduct) are specifically excluded. Each party shall be liable to data subjects for damages it causes by any breach of third party rights under these clauses. This does not affect the liability of the data exporter under its data protection law.

(b) The parties agree that a data subject shall have the right to enforce as a third party beneficiary this clause and clauses I(b), I(d), I(e), II(a), II(c), II(d), II(e), II(h), II(i), III(a), V, VI(d) and VII against the data importer or the data exporter, for their respective breach of their contractual obligations, with regard to his personal data, and accept jurisdiction for this purpose in the data exporter’s country of establishment. In cases involving allegations of breach by the data importer, the data subject must first request the data exporter to take appropriate action to enforce his rights against the data importer; if the data exporter does not take such action within a reasonable period (which under normal circumstances would be one month), the data subject may then enforce his rights against the data importer directly. A data subject is entitled to proceed directly against a data exporter that has failed to use reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses (the data exporter shall have the burden to prove that it took reasonable efforts).

4. LAW APPLICABLE TO THE CLAUSES

These clauses shall be governed by the law of the country in which the data exporter is established, with the exception of the laws and regulations relating to processing of the personal data by the data importer under clause II(h), which shall apply only if so selected by the data importer under that clause.

5. RESOLUTION OF DISPUTES WITH DATA SUBJECTS OR THE AUTHORITY

(a) In the event of a dispute or claim brought by a data subject or the authority concerning the processing of the personal data against either or both of the parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.

(b) The parties agree to respond to any generally available non-binding mediation procedure initiated by a data subject or by the authority. If they do participate in the proceedings, the parties may elect to do so remotely (such as by telephone or other electronic means). The parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes.

(c) Each party shall abide by a decision of a competent court of the data exporter’s country of establishment or of the authority which is final and against which no further appeal is possible.


6. TERMINATION

(a) In the event that the data importer is in breach of its obligations under these clauses, then the data exporter may temporarily suspend the transfer of personal data to the data importer until the breach is repaired or the contract is terminated.

(b) In the event that:

(i) the transfer of personal data to the data importer has been temporarily suspended by the data exporter for longer than one month pursuant to paragraph (a);

(ii) compliance by the data importer with these clauses would put it in breach of its legal or regulatory obligations in the country of import;

(iii) the data importer is in substantial or persistent breach of any warranties or undertakings given by it under these clauses;

(iv) a final decision against which no further appeal is possible of a competent court of the data exporter’s country of establishment or of the authority rules that there has been a breach of the clauses by the data importer or the data exporter; or

(v) a petition is presented for the administration or winding up of the data importer, whether in its personal or business capacity, which petition is not dismissed within the applicable period for such dismissal under applicable law; a winding up order is made; a receiver is appointed over any of its assets; a trustee in bankruptcy is appointed, if the data importer is an individual; a company voluntary arrangement is commenced by it; or any equivalent event in any jurisdiction occurs then the data exporter, without prejudice to any other rights which it may have against the data importer, shall be entitled to terminate these clauses, in which case the authority shall be informed where required. In cases covered by (i), (ii), or (iv) above the data importer may also terminate these clauses.

(c) Either party may terminate these clauses if (i) any Commission positive adequacy decision under Article 25(6) of Directive 95/46/EC (or any superseding text) is issued in relation to the country (or a sector thereof) to which the data is transferred and processed by the data importer, or (ii) Directive 95/46/EC (or any superseding text) becomes directly applicable in such country.

(d) The parties agree that the termination of these clauses at any time, in any circumstances and for whatever reason (except for termination under clause VI(c)) does not exempt them from the obligations and/or conditions under the clauses as regards the processing of the personal data transferred.

7. VARIATION OF THESE CLAUSES

The parties may not modify these clauses except to update any information in Annex B, in which case they will inform the authority where required. This does not preclude the parties from adding additional commercial clauses where required.

8. DESCRIPTION OF THE TRANSFER

The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.

 

ANNEX A

DATA PROCESSING PRINCIPLES

1. PURPOSE LIMITATION: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorized by the data subject.

2. DATA QUALITY AND PROPORTIONALITY: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.

3. TRANSPARENCY: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter.

4. SECURITY AND CONFIDENTIALITY: Technical and organizational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.

5. RIGHTS OF ACCESS, RECTIFICATION, DELETION AND OBJECTION: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organizations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organization may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.

6. SENSITIVE DATA
: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.

7. DATA USED FOR MARKETING PURPOSES: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to “opt-out” from having his data used for such purposes.

8. AUTOMATED DECISIONS: For purposes hereof “automated decision” shall mean a decision by the data exporter or the data importer which produces legal effects concerning a data subject or significantly affects a data subject and which is based solely on automated processing of personal data intended to evaluate certain personal aspects relating to him, such as his performance at work, creditworthiness, reliability, conduct, etc. The data importer shall not make any automated decisions concerning data subjects, except when:

(a) (i) such decisions are made by the data importer in entering into or performing a contract with the data subject, and

(ii) the data subject is given an opportunity to discuss the results of a relevant automated decision with a representative of the parties making such decision or otherwise to make representations to that parties, or

(b) where otherwise provided by the law of the data exporter.

 

ANNEX B

DESCRIPTION OF THE TRANSFER

DATA SUBJECTS. The personal data transferred concern the following categories of data subjects:

The data exporter and any of data exporter’s employee’s

PURPOSES OF THE TRANSFER(S). The transfer is made for the following purposes:

The transfer is intended to enable the performance of the relationship between parties as contemplated by the underlying agreement between the parties.

CATEGORIES OF DATA. The personal data transferred concern the following categories of data:

The data exporter’s user account credentials, name, address, telephone number, photograph, professional/employment information, and information collected via cookies and similar technologies

RECIPIENTS. The personal data transferred may be disclosed only to the following recipients or categories of recipients:

  • Data importer and its customers, employees, service providers, professional advisors, agents, and affiliates
  • Third parties when responding to subpoenas, warrants, court orders or other legal process, or to comply with relevant laws
  • Third parties when establishing or exercising our legal rights, defending against a legal claim, investigating, preventing, or taking action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our contract
  • Third parties as needed to protect vital interests
  • Third parties as needed in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company assets
  • Third parties authorized by data exporter

SENSITIVE DATA (if appropriate). The personal data transferred concern the following categories of sensitive data:

Photographs provided by data exporter may constitute biometric data, reveal racial or ethnic origin, or reveal religious or philosophical beliefs.  Data exporter may also provider information regarding trade union membership.

DATA PROTECTION REGISTRATION INFORMATION OF DATA EXPORTER (where applicable).

Not applicable.

ADDITIONAL USEFUL INFORMATION (storage limits and other relevant information).

Any personal data transferred between the parties may only be retained for the period of time permitted under the Terms of Use. The parties agree that each party will, to the extent that it, along with the other party, acts as a data controller with respect to personal data, reasonably cooperate with the other party to enable the exercise of data protection rights as set forth in the General Data Protection Regulation and local data protection laws.

CONTACT POINTS FOR DATA PROTECTION ENQUIRIES

Data Importer:  As set forth in the Terms of Use to which these Clauses are attached

Data Exporter:  As provided by data exporter during account registration under the Terms of Use to which these Clauses are attached