FormAssembly, Inc. (sometimes referred to as “FormAssembly”, “we” or “us”) has developed an Internet-based system that runs on proprietary software and may in some instances use third-party software. FormAssembly’s systems are hosted and served on a site on the World Wide Web (the “Service”). The Service contains the proprietary information and materials of FormAssembly, as well as functionality and content that may be licensed from third parties. The Service licenses subscribers (sometimes referred to as “Subscriber” or “you”) to create forms strictly in furtherance of such subscriber’s business purpose. Subscriber may create a form from the Service for its internal business purposes (each a “Form”) and solicit persons to input data into the Form (“User”), persons may access the Form and voluntarily input data into the Form, and FormAssembly shall host such data and deliver the data to Subscriber pursuant to the terms and conditions set forth in this Subscription Agreement (this “Agreement”). All User data is the property of the Subscriber.
1. Acceptance of Agreement. BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM THAT REFERENCES THIS AGREEMENT, YOU REPRESENT AND AGREE THAT (i) YOU ARE AUTHORIZED TO CONSENT TO THESE TERMS ON BEHALF OF SUBSCRIBER, AND (ii) SUBSCRIBER CONSENTS TO BE LEGALLY BOUND BY THESE TERMS. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, YOU MUST NOT USE THE SERVICE. You further agree that checking the box and providing the information requested on the order form constitutes an electronic signature as defined by the Electronic Signatures in Global and National Commerce Act (“E-Sign”) and the Uniform Electronic Transactions Act (“UETA”) and that you have formed, executed, entered into, accepted the terms of and otherwise authenticated this Agreement and acknowledged and agreed that this Agreement is an electronic record for purposes of E-Sign, UETA and the Uniform Computer Information Transactions Act and as such is completely valid, has legal effect, is enforceable, and is binding on, and non-refutable by Subscriber on whose behalf you are acting. This Agreement constitutes the entire and only agreement between us and you, and supersedes all prior or contemporaneous agreements, representations, and understandings with respect to the Service, the content, products or services provided by or through the Service, and the subject matter of this Agreement. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and either signed or accepted electronically by the party against whom the modification, amendment or waiver is to be asserted.
2. Copyright. The content, organization, graphics, design and other matters related to the Service are the property of FormAssembly and are protected pursuant to applicable copyrights, trademarks and other proprietary (including but not limited to intellectual property) rights laws. You are licensed to use our content only as specifically set forth herein. You do not acquire ownership rights to any content, document or other materials viewed, created or downloaded through the Service, with the exception of User information or data. Our posting of information or materials on the Service does not constitute a waiver of any right in such information and materials.
3. Trademarks. FormAssembly marks include, but are not limited to FormAssembly and formassembly.com. The Service may also contain marks and trade names of third parties. Unauthorized use of the marks is strictly prohibited.
4. Grant to Subscriber. Subject to the terms of this Agreement, we grant you a non-exclusive, non-transferable, right and limited license (i) to create Forms; (ii) to access the Service content solely for your internal business purposes; and (iii) to access, query, input, upload, download and otherwise use the data inputted by your Users into the Forms. Subject to the terms of this Agreement, we grant Subscriber a non-exclusive, non-transferable, right and limited license to provide a hypertext link from Subscriber’s site or sites on the World Wide Web to the Service in order to provide Users with access to Form(s). We will transmit to the Subscriber, exclusively, the data provided on the Form(s) created by Subscriber. FormAssembly retains ownership and title of the Service, the related system and software, all materials on the Service (except User data) and any copies thereof. You agree that no title to the Service, the related system and software or intellectual property in the Service or the materials on the Service is transferred to you and that all rights not expressly granted to you hereunder are reserved by FormAssembly. This Agreement is for a license of intellectual property, and not for the sale of goods (even though some tangible items may be provided) and not governed by the Uniform Commercial Code. Upon submission of all registration information and acceptance of this Agreement, Subscriber will receive a password and an account identifier. Your right to use the Service is not transferable. Any password, account number or right given to a Subscriber to obtain information or documents is not transferable.
5. Our Responsibilities. During the term of you subscription pursuant to any Order Form, we shall: (i) offer you support for use of the Service as per the described in the Priority Support terms attached hereto as Exhibit A (“Priority Support”), (ii) use commercially reasonable efforts to make the Service available as per the service levels set forth in the Service Level Agreement, attached hereto as Exhibit B (“SLA”), (iii) provide use of the Service only in accordance with applicable laws and government regulations, (iv) maintain appropriate physical, technical, and administrative safeguards to ensure the security and confidentiality of your data, as further defined in section 10 (“Security of Information”), and (v) maintain insurance policies in accordance with the provisions of Exhibit C (“Insurance Requirements”).
6. Subscriber Responsibilities. Subscriber is fully responsible for maintaining the confidentiality of its password and account identifier. Subscriber shall at all times be responsible and liable for any transactions or activities that occur on its account. Subscriber shall immediately notify us of any unauthorized use of its account or of any other breach of security. You will be solely responsible for Forms, including without limitation, the accuracy and appropriateness of content appearing therein, and the final tabulations and application of information provided by Users on the Form(s). You are also responsible for the security of any personal information derived from the Form(s) and delivered to you from FormAssembly. You may be held legally responsible for any copyright infringement or violations of other proprietary rights that are caused or incurred by your failure to abide by the terms of this Agreement.
7. Subscriber Conduct. Subscriber will not use the Service or a Form for any activity that is unlawful. Subscriber shall abide by all applicable local, state, national and international laws and regulations and be solely responsible for all acts or omissions that occur with respect to your Form(s) and or under your account or password, including the content of your transmissions through or related to the Service. We shall not be liable for the content of transmissions to the Service or relating to the Service or as input into any Form(s). You shall not use the Service or a Form to store, distribute, or solicit any images, sounds, messages or other materials that are infringing, libelous, or otherwise unlawful or tortious, or in violation of third-party privacy rights. You shall not use unsolicited email, unsolicited bulk email (“UBE”, “spam”) or other unlawful means to directly or indirectly solicit persons to input data into a Form. You shall not use the Service to store or transmit viruses, worms, time bombs, Trojan horses or other harmful or malicious code, files, scripts, agents or programs, or to interfere with or disrupt the integrity or performance of the Service or attempt to gain unauthorized access to the Service. You shall not make the Service available to anyone other than Subscriber, or sell, resell, rent or lease the use of the Service. You shall not collect credit card numbers or bank account numbers using unsecure forms or methods unapproved by us. By way of example, and not as a limitation, in connection with the Service, services, or Forms provided by or through us, you will not, directly or indirectly: (a) transmit chain letters, junk email, junk voicemail, junk faxes, spamming or any duplicative or unsolicited messages; (b) harvest or otherwise collect information about others, including email addresses, without their consent; (c) use a false identity or forged email address or header, or otherwise attempt to mislead others as to your identity or the origin of your messages; (d) transmit unlawful, harassing, libelous, threatening, vulgar, obscene or similarly objectionable material of any kind or nature; (e) transmit any material that may infringe the intellectual property rights or other rights of third parties, including trademark, copyright or right of publicity; (f) transmit any material that contains viruses, trojan horses, worms, time bombs, cancelbots, or any other harmful or deleterious programs; (g) interfere with or disrupt networks or websites connected to the Service or violate the regulations, policies or procedures of such networks; (h) attempt to gain unauthorized access to the Service, Service servers, other accounts, computer systems or networks connected to the Service, through password mining or any other means; or (i) interfere with another person’s use and enjoyment of the Service or use and enjoyment of similar services.
8. Suspension of Service. In case of an (i) unauthorized third-party access to the Service, or (ii) a breach of Section 7 (Subscriber Conduct), FormAssembly may temporarily suspend the Subscriber’s or a User’s use of the Service. FormAssembly will provide Subscriber with notice and an opportunity to remedy such violation or threat prior to any such suspension, unless immediate action is necessary to prevent or mitigate a data breach Suspension will be to the minimum extent and of the minimum duration required to prevent or terminate the incident. At Subscriber’s written request, FormAssembly will provide the Subscriber with the reason for the suspension of service and if applicable remediation steps as soon as is reasonably possible.
9. Privacy and Confidentiality of Information. We will not, without the Subscriber’s prior written consent, disclose, and shall keep confidential, any data or information inputted by the Subscriber or the Users of the Forms you create, except for disclosure as required by law or legal service, and to persons who need to know such data or information for purposes of carrying out FormAssembly’s duties under this Agreement and who have been informed of the terms and conditions of this Agreement as to the confidential nature and treatment of the data or information and have agreed to comply herewith.
10. Security of Information. FormAssembly shall maintain and implement reasonable and appropriate security procedures, in accordance with the provisions of Exhibit D (“Security of Information”) and consistent with prevailing industry standards and all applicable law to protect your data and confidential information (including, without limitation, any third party’s information that you are required by law, contract or otherwise to maintain as confidential or private) from any “Security Breach” (as defined below). FormAssembly will use diligent efforts to promptly remedy any Security Breach and prevent any continuation or recurrence of a Security Breach. For purposes hereof, “Security Breach” shall mean any unauthorized access (whether by physical, electronic or any other means) to or unauthorized use of your data and confidential information.
11. Term of Purchased Subscriptions. Subscriber agrees to pay FormAssembly the subscription fee set forth in the Order Form for the term set forth in the Order Form under the following terms and conditions: a. Subscriptions commence on the day the subscription is purchased and continue for the term specified on the Order Form. All subscriptions shall automatically renew for additional periods equal to the expiring subscription term unless a party gives the other written notice of non-renewal at least thirty (30) days prior to the end of the current subscription term. b. The pricing during any renewal term shall be the same as that during the prior term, unless we have given you written notice of a pricing increase at least sixty (60) days before the end of the current term, in which case the pricing increase shall be effective upon renewal and thereafter. If Subscriber is unwilling to pay the new fee, Subscriber may terminate the Agreement by providing written notice to FormAssembly within thirty (30) days of receipt of the notice of the price increase. Such subscription will then expire by its terms upon the expiration of the then current term. c. With respect to a renewal, all amounts must be paid within thirty (30) days of the due date of the invoice or the amounts shall bear interest at the rate of one and one half percent (1 ½%) per month, or at the highest rate allowed by law, whichever is less, from the due date. All amounts are in US Dollars. d. If Subscriber uses a credit card, debit card, PayPal account or other similar method of payment for the initial payment of the subscription fee, Subscriber authorizes FormAssembly to automatically use that same method of payment to pay the applicable subscription fee for any renewal under the terms set forth above.
12. Termination for Cause. Except as otherwise set forth in this Agreement, either party may terminate this Agreement for cause: (i) upon thirty (30) days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. All sections which by their nature should survive the expiration or termination of the Agreement shall continue in full force and effect subsequent to and notwithstanding the expiration or termination of this Agreement.
13. Indemnification. You shall release, indemnify, defend and hold us and our Affiliated Parties harmless from and against any liability, loss, claim, damage and expense, including reasonable attorneys’ fees, arising directly or indirectly from your use of the Service, violation of this Agreement, creation or use of a Form, collection, possession, or use of data derived from a Form, or any service provided or performed or agreed to be performed, or any product sold by, you, your agents, employees or assigns.
We shall release, indemnify, defend and hold you and your partners, attorneys, employees, agents, and affiliates (collectively, “Affiliated Parties”) harmless from and against any liability, loss, claim, damage and expense, including reasonable attorneys’ fees, arising directly or indirectly from our breach of Section 10 (Security of Information), provided that you (a) give prompt written notice of any such claim to us; (b) give us sole control of the defense and resolution of such claim; and (c) provide reasonable information assistance to us in defending such claim.
We shall release, indemnify, defend and hold you and your Affiliated Parties harmless from and against any liability, loss, claim, damage and expense, including reasonable attorneys’ fees, arising from allegations that the Service infringes any intellectual property right of any third party, provided that you (a) give prompt written notice of any such claim to us; (b) give us sole control of the defense and resolution of such claim; and (c) provide reasonable information assistance to us in defending such claim. If the Service is held to infringe, or in FormAssembly’s opinion the Service is likely to be held to infringe any intellectual property rights of a third party, we may at our sole discretion and expense, either: (a) secure the right for Subscriber to continue use of the infringing Service; (b) replace or modify the infringing Service to make it non- infringing, provided such Service contains substantially similar functionality; or (c) terminate the licenses to the infringing Service modules granted hereunder. If we elect to terminate the Subscriber’s subscription under the foregoing provision, as Subscriber’s sole and exclusive remedy, we shall refund to Subscriber any unused, prepaid license fees for the infringing Service modules indicated on the related Order Form.
14. Disclaimer and Limits. THE INFORMATION AND SERVICES FROM OR THROUGH THE SERVICE, INCLUDING OUR HOSTING AND TRANSMITTING DATA, IS PROVIDED “AS IS” AND “AS AVAILABLE,” AND ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED (INCLUDING, BUT NOT LIMITED TO, THE DISCLAIMER OF ANY IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE). THE INFORMATION AND SERVICES, INCLUDING OUR HOSTING AND TRANSMITTING DATA, MAY CONTAIN BUGS, ERRORS, PROBLEMS OR OTHER LIMITATIONS. WE AND OUR AFFILIATED PARTIES ARE NOT LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED ON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE NEGATION OF DAMAGES SET FORTH ABOVE IS A FUNDAMENTAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN US AND YOU. THIS SERVICE AND THE INFORMATION WOULD NOT BE PROVIDED WITHOUT SUCH LIMITATIONS. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM US THROUGH THE SERVICE SHALL CREATE ANY WARRANTY, REPRESENTATION OR GUARANTEE NOT EXPRESSLY STATED IN THIS AGREEMENT. EXCEPT WITH REGARD TO OUR INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 13 (INDEMNIFICATION), OUR MAXIMUM LIABILITY TO YOU UNDER ALL CIRCUMSTANCES WILL BE EQUAL TO THE FEES PAID TO US FOR ANY GOODS, SERVICES OR INFORMATION DURING THE TERM OF THIS AGREEMENT, AND, SPECIFICALLY WITH REGARD TO OUR INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 13, OUR MAXIMUM LIABILITY UNDER ALL CIRCUMSTANCES WILL BE EQUAL TO THE GREATER OF (I) THE FEES PAID TO US FOR ANY GOODS, SERVICES OR INFORMATION DURING THE TERM OF THIS AGREEMENT; AND (II) THE AMOUNT RECOVERABLE UNDER FORMASSEMBLY’S APPLICABLE INSURANCE POLICIES AND ATTRIBUTABLE TO SUCH LOSS, PROVIDED THAT, UNDER NO CIRCUMSTANCES, WILL FORMASSEMBLY’S FAILURE TO MAINTAIN INSURANCE COVERAGE IN ACCORDANCE WITH THE INSURANCE REQUIREMENTS RELIEVE US FROM LIABILITY.
15. Third-Party Services. The Service contains links to other websites. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us. Inclusion of any linked website on our Service does not imply approval or endorsement of the linked website by us. If you decide to leave our Service and access these third-party websites, you do so at your own risk AND WITHOUT WARRANTIES OF ANY KIND BY US, EXPRESSED OR IMPLIED, OR OTHERWISE PERTAINING TO SUCH OTHER WEBSITE, INCLUDING WARRANTIES OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY OR NONINFRINGEMENT. UNDER NO CIRCUMSTANCES ARE WE LIABLE FOR ANY DAMAGES ARISING FROM THE TRANSACTIONS BETWEEN YOU AND THIRD PARTIES OR FOR ANY INFORMATION APPEARING ON ANY WEBSITES LINKED TO OUR SERVICE.
16. Force Majeure. We are not liable for damages for any delay or failure to fulfill our obligations under this Agreement to the extent that the failure is due to a Force Majeure Event. A “Force Majeure Event” means acts of war; domestic and/or international terrorism; civil riots or rebellions; quarantines, embargoes and other similar unusual governmental actions; Internet disruptions, hacker attacks, or communications failures; or extraordinary, unforeseen natural disasters or acts of God. To be excused hereunder, our failure to perform must be beyond our reasonable control, must occur without our fault or negligence, may not be caused directly or indirectly by our own conduct or that of our employees, and could not have been prevented or avoided through the exercise of reasonable diligence.
17. Promotional Materials. During the term of this Agreement, you acknowledge that FormAssembly may list Subscriber’s name, trademarks and service marks on our websites, advertising materials, and lists of customers for the purpose of promoting our services and identifying Subscriber as a current customer of FormAssembly. Subscriber may terminate the rights granted under this Section 17 at any time upon written notice to FormAssembly.
18. Miscellaneous. This Agreement shall be treated as though it were executed and performed in Indianapolis, Indiana, and shall be governed by and construed in accordance with the laws of the State of Indiana (without regard to conflict of law principles). Any cause of action by you with respect to the Service (and/or any information, products or services related thereto) must be instituted within one (1) year after the cause of action arose or be forever waived and barred. All actions shall be subject to the limitations set forth in Section 14 (Disclaimer and Limits) and Section 15 (Third-Party Services). The language in this Agreement shall be interpreted in accordance with its fair meaning and not strictly for or against either party. All legal proceedings initiated by FormAssembly and arising out of or in connection with this Agreement shall be brought solely in Indianapolis, Indiana. You expressly submit to the exclusive jurisdiction of said courts and consent to extraterritorial service of process. We reserve the right to assign our rights in this Agreement in connection with the sale of our assets which relate to our performance pursuant to this Agreement or a merger or acquisition to which we are a party. Should any part of this Agreement be held invalid or unenforceable, that portion shall be construed consistent with applicable law and the remaining portions shall remain in full force and effect. To the extent that anything in or associated with the Service is in conflict or inconsistent with this Agreement, this Agreement shall take precedence. Failure to enforce any provision of this Agreement shall not be deemed a waiver of such provision nor of the right to enforce such provision.
EXHIBIT A – COMPLIANCE CLOUD SERVICE LEVEL AGREEMENT (SLA)
- “Customer Success Manager” or “CSM” means an individual assigned by FormAssembly to Subscriber to act as a point of contact into FormAssembly for support and implementation services-related matters.
- “Critical Issue” means a complete loss of application functionality with no available workaround.
- “High Issue” means a severe loss of application functionality or performance resulting in the interruption of data collection processes or the loss of data, with no available workaround.
- “Response” means the initial response by a Support Specialist to a Support Request reported by a Subscriber’s User. The Response may be an acknowledgement of receipt or may include more substantive information or guidance.
- “Support Specialist” means an individual assigned by FormAssembly to handle Subscriber’s Support Request.
- “Support Request”, or “Case” means the Subscriber request for assistance, as entered into the FormAssembly Support system, available from within the FormAssembly application, or by email at firstname.lastname@example.org.
2. Support Hours
Support will be available to you Monday to Friday, 24 hours per day.
3. Response Time Guarantee
FormAssembly will use commercially reasonable efforts to provide Response within one (1) hour of reception of Support Requests submitted during Support Hours. For Support Requests submitted outside of Support Hours, the one (1) hour period shall start at the beginning of the next Support Hours period.
4. Designated Customer Success Manager (CSM)
The CSM’s role is intended to be flexible to best suit the specific needs of Subscriber. The CSM will serve as a single point of escalation for any support or implementation service matter. In addition, the CSM will conduct periodic business reviews of progress against defined business goals, coordinate implementation services if applicable, facilitate periodic communication with FormAssembly product development team with respect to product roadmap, and at Subscriber’s request, arrange for a quarterly review of all support and implementation related matters.
5. Escalation Procedure
The CSM will be available during US business hours, or at different time by mutual arrangement, to handle escalation requests by email or by phone. Subscriber must submit a Support Request prior to escalating an issue. Phone escalation is limited to Support Requests regarding High or Critical issues.
EXHIBIT B – COMPLIANCE CLOUD SERVICE LEVEL AGREEMENT (SLA)
- “Covered Service” means the FormAssembly Compliance Cloud instance allocated to the Subscriber.
- A “Service Credit” is a pro-rated dollar credit, calculated as set forth below, that we may credit back to future bills of Subscriber.
2. Service Availability
FormAssembly shall make commercially reasonable efforts to maintain availability of the Covered Service 99.9% of the time (the “Service Level Objective”), excluding scheduled maintenance time and extraordinary circumstances as described in Section 6 of this Exhibit.
Compliance with Service Level Objective is measured over a calendar month and is based on total outage time incurred by Subscriber. If the Covered Service is unavailable, an “Outage” corresponding to such incident will be measured from the time of the beginning of unavailability until the Covered Service is restored.
The Covered Service shall be considered “Unavailable” when all of the following occur: a) Subscriber is unable to log in, b) no useful work can be performed, and c) form submissions are no longer processed.
3. Service Availability Report
FormAssembly will provide upon Subscriber’s request a report of actual Services Availability, as recorded by an independent and reputable third-party monitoring service selected by FormAssembly.
4. Service Credit
In the event that we fail to meet the Service Level Objective in any calendar month, we will credit to you an amount equal to the prorated fees as follows:
Outage Duration: Service Credit
At least .1% but less than .3% One (1) Day
At least .3% but less than .5% Two (2) Days
At least .5% but less than .9% Five (5) Days
At least 1% but less than 2% Ten (10) Days
At least 2% Fifteen (15) Days.
For reference, .1% is equal to 43 minutes and 49.7 seconds.
Service Credit may be used solely for future payments due for the Subscription.
For the purpose of this SLA, the following conditions do not count toward any Outage duration and are not eligible for Service Credits.
(a) Planned downtime, of which we shall give at least 48 hours’ notice via email to the primary contact on record, and which we shall schedule to the extent practical during the weekend hours from 6:00 p.m. US Eastern time Friday to 6:00 a.m. US Eastern time Monday.
(b) Suspension of service as provided in the Subscription Agreement.
(c) Any unavailability caused by circumstances beyond our reasonable control, including without limitation, acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (other than those involving our employees), Internet service provider failures or delays.
6. Service Credit Claim
In order to be eligible for a Service Credit with respect to any Outage, the Subscriber must submit a claim to FormAssembly customer support by the end of the billing month following the billing month in which the Outage occurs.
FormAssembly will use all information reasonably available to it to validate such claims and make a good faith judgment on whether the SLA applies to the claim.
EXHIBIT C – INSURANCE REQUIREMENTS
During the term of the Agreement, FormAssembly shall maintain and keep in force, at its own expense, the following minimum insurance coverage and minimum limits:
(a) workers’ compensation insurance, with statutory limits as required by the various laws and regulations applicable to the employees of FormAssembly;
(b) commercial general liability insurance, covering claims for bodily injury, death and property damage, including premises and operations, products, services and completed operations (as applicable to the Service), personal injury, contractual, and broad-form property damage liability coverage, with limits as follows: occurrence limit of not less than $1M and not less than $2M combined aggregate and
(c) Cyber risk insurance with a limit of not less than $2M per occurrence and not less than $5M aggregate.
FormAssembly will provide Client with a certificate of insurance evidencing the above policies upon request. In the event of cancellation or reduction in the limits of liability of the above policies below the applicable floor, FormAssembly shall replace such insurance or limits prior to the effective date of such cancellation or reduction of liability limits, FormAssembly shall be responsible for payment of any and all deductibles and coinsurance provisions from insured claims under its policies of insurance.
EXHIBIT D – SECURITY OF INFORMATION
During the term of the Agreement, FormAssembly shall maintain the confidentiality, integrity and availability of User data and keep in force physical, technical, and administrative safeguards that are no less rigorous than accepted industry practices. FormAssembly shall ensure that all such safeguards, including the manner in which User data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, including the Safeguard Rule of the Gramm-Leach-Bliley Act (GLBA), the New York Department of Financial Services (NYDFS) Cybersecurity Regulations (23 NYCRR 50), and the Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). If FormAssembly will collect, access, use, store, process, dispose of or disclose credit, debit or other payment cardholder information, FormAssembly shall at all times remain in compliance with the Payment Card Industry Data Security Standard (“PCI DSS”) requirements.
At a minimum, FormAssembly’s safeguards for the protection of User data shall include:
i. limiting access of User data to authorized persons;
ii. securing business facilities, data centers, systems and computing equipment, including, but not limited to, all mobile devices and other equipment with information storage capability;
iii. implementing network, device application, database and platform security;
iv. securing information transmission, storage and disposal;
v. implementing authentication and access controls within applications, operating systems and equipment;
vi. encrypting User data stored on any mobile media;
vii. encrypting User data transmitted over public or wireless networks;
viii. segregating User data from information of FormAssembly or its other customers so that User data is not commingled with any other types of information;
ix. implementing appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks consistent with applicable law;
x. providing appropriate privacy and information security training to FormAssembly’s personnel at least once per year,
xi. maintain an information security program with a designated information security officer,
xii. review and maintain applicable policies, procedures and standards at least once per year.
At least once per year, FormAssembly shall conduct an audit of the information technology and information security controls for all facilities used in complying with its obligations under this Agreement, including, but not limited to, obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm based on the recognized industry best practices. Upon Customer’s written request, Service Provider shall make available to Customer for review, as applicable, the audit reports and any reports relating to its certifications. Customer shall treat such audit reports as FormAssembly’s Confidential Information under this Agreement.