Heartfelt IT Terms of Service

This Master Services Agreement (the “MSA”) is between Provider and the Client found on the applicable quotation, proposal or order, (the “Order”) and, together with the Order, the terms and conditions, and relevant Service Attachments forms the Agreement between the parties (the “Terms”). Client accepts these Terms by signing an Order, using the services, or continuing to use the services after being notified of a change to these Terms. If there is a conflict between the Order, this Master Services Agreement, any Service Attachment, or Exhibit, the Order will control.

The parties agree as follows:

The services to be delivered by Provider (the “Services”) and the fees for those Services, and the specific terms applicable to those Services are described in the Order or in one or more Service Attachments referencing this Agreement.

Except for Supplemental Services or Project Services (described below), and unless otherwise agreed in writing, the services Provider will deliver to Client are limited to those Services specifically identified in the Order and described in the Service Attachments or Schedule of Services. In the event of any conflict between the terms of a Service Attachment or Description and this Agreement, the terms in the Service Attachment or Schedule of Services control. In the event of any conflict between the terms this Agreement and of an Order and any Service Attachment or Schedule of Services, the terms of the Order control. 

Provider may decline to perform any services requested by Client that are in violation of any applicable law or that are not typically associated with the Services provided by Provider. 

“Supplemental Services” include additional services and equipment Client may need on a “one[1]off” or emergency basis that are not included within the scope of the Services described in an Order or the applicable Service Attachments. You will incur additional Service Fees for Supplemental Services. We will notify Client of any such additional Service Fees and will obtain Client’s approval prior to providing them. However, Provider has no obligation to determine the need for or to provide any Supplemental Services. All Supplemental Services are provided on an “as-is” basis and include no warranties of any kind, whether express or implied. In addition, if Provider determines that any additional services Client requests would be inappropriate for treatment as Supplemental Services under this paragraph, Provider may deliver to Client a proposed Service Attachment for Project Services or a Proposal prior to providing Supplemental Services.

Provider may opt to provide only best-effort support to client Line of Business applications or software, subject to the Order.

In some cases, Client may ask Provider to deliver services outside the scope of any Order or Service Attachment and inappropriate for treatment as Supplemental Services. Examples of such services include major system upgrades, new computer, machine or device setup, network changes, datacenter moves or setups, or installations. In those cases, Provider will prepare a separate Service Attachment for Project Services describing the proposed scope of those services and Provider’s fee to deliver them.

Installation dates are estimates only. Client shall be responsible for preparation and maintenance of the site for such Project Services or installations, including, but not limited to, providing necessary electrical power and communication lines and proper air conditioning and humidity control.

Fees for Services are set forth in Order or Statement of Work. Unless otherwise indicated in writing, all Services will be performed on a time-and-materials basis at Provider’s then-current rates.

Except as may be specified in an Order, Provider may adjust the Service Fees charged under this Agreement as follows:

• End-User or Network Growth. During the term of an Order, if the number of users or devices in Client’s environment or the Service or Equipment types or quantities to be covered within the scope of the Order exceeds the numbers, types or quantities previously ordered, Provider may apply a pro rata adjustment to the total Service Fees. You shall pay all Service Fees owed as they become due following any such adjustment.
• Similarly, during the term of an Order, if the number of users or devices in Client’s environment or the Service or Equipment types or quantities to be covered within the scope of the Order is less than the numbers, types or quantities previously ordered, upon request, Provider will apply a pro rata adjustment to the total Service Fees. You shall pay all Service Fees owed as they become due following any such adjustment.
• However, under no circumstances may any such adjustments result in a number of users or devices in Client’s environment or in any Service or Equipment types or quantities to be covered within the scope of the Order that is less than the numbers, types or quantities ordered at the time Client signed that Order.
• "User" means Client's employees, consultants, contractors or agents who are authorized to use the Service and have been supplied user identifications and passwords by Client (or by Provider upon Client's request). Users do not include any customers of Client or other third parties.
• “Device” means any equipment included in the Services, whether owned by Client or provided by Provider for Client’s use, including, but not limited to computers, printers, servers, routers, and mobile or handheld microcomputers as well as the software necessary to operate such equipment.
• At any time after the parties sign an Order, Provider may adjust its rates and charges or impose additional rates and charges to recover amounts required or permitted by governmental or quasi-governmental authorities to collect from others or pay to others in support of statutory or regulatory funds or programs. You shall pay all Service Fees owed as they become due following any such adjustment.
• Service Fee Rate Increases. At any time after the parties sign an Order, Provider may elect to raise the fees that it charges under that Order. If the increase is greater than 10% annually, we shall give Client no less than thirty (30) days’ notice of any such increase in fees to be charged. Following Client’s receipt of such notice, Client may terminate the Order.
• Third-Party Services. Client understands and agrees that Provider uses third-party solutions and service providers to perform some or all of the managed services offered to Client (“Third-Party Service Providers”).
  PROVIDER IS NOT RESPONSIBLE FOR THE ACTS OR OMISSIONS OF THIRD-PARTY SERVICE PROVIDERS. CLIENT’S RIGHTS REGARDING CLAIMS AGAINST THIRD-PARTY SERVICE PROVIDERS SHALL BE GOVERNED BY SUCH SERVICE PROVIDER’S END USER LICENSE AGREEMENT OR TERM AND CONDITIONS. Provider’s current Third-Party Service providers and the governing terms and conditions related to those services are listed on the Schedule of Third-Party Services which may be updated by Provider without further notice to Client and is incorporated by reference as if fully set forth in this Agreement.
• Off-Boarding. Subject to the 60-day cancellation, Client’s cancellation, termination, or transition of the Services to Client’s control or to another service provider (“Off-Boarding”) may trigger a billable project. Any Off-Boarding projects will be subject to a separate Order or Project Service Attachment or Statement of Work, which will be billed at Provider’s then-prevailing rates.
• Client Delay. If Provider is unable to commence delivery of the Services on the Service Start Date (defined below) because of any failure on Client’s part including but not limited the failure to provide access to Client’s resources in a timely manner, Client nonetheless will begin to incur Service Fees, which Client shall pay in accordance with this Service Attachment and the Master Services Agreement, beginning on the Service Start Date.

Client shall pay Provider’s reasonable out-of-pocket expenses, including incremental third-party service fees, travel expenses, lodging, meals, or other similar expenses, which may be incurred by Provider in performing Services. Any such “Pass-Through Expenses” will be billed at cost and are one-time fees.

Client shall pay the full amount reflected on any invoice as owed to Provider on the first (1st) day of each month. Without waiving any of its other remedies, Provider reserves the right to suspend services if payment is not received within thirty (30) days following Client’s receipt of that invoice. Client shall pay a late charge of one- and one-half percent (5%) per month or the maximum lawful rate, whichever is less, for all invoiced amounts not paid within thirty (30) days following Client’s receipt of that invoice (the “Payment Deadline”).

If Client disputes in good faith all or any portion of the amount owed to us, or if Client otherwise requests any adjustment to an invoiced amount, Client must notify Provider in writing, prior to the Payment Deadline, of the nature and basis of the dispute and/or adjustment. If Provider is unable to resolve the dispute prior to the Payment Deadline, Client nevertheless shall pay the entire invoiced amount by the Payment Deadline. If Provider ultimately determines that such amount should not have been paid, Provider shall apply a credit equal to such amount against any Service Fees owed for the following month.

Special rates may apply for services requested outside of normal business hours or on holidays. Special rates are one-and-one-half (1.5) times normal hourly rates, with a one-hour minimum. Holiday hour rates are two (2) times normal hourly rates, with a one-hour minimum.

Unless otherwise indicated on an invoice, all charges and fees owed under this Agreement are exclusive of any applicable sales, use, excise or services taxes that may be assessed on the provision of the Services. In the event that any taxes are assessed on the provision of any of the Services, Client shall pay the taxes directly to the taxing authority or shall reimburse Provider for their payment.

This Agreement commences on the Order Effective Date, and it will remain in effect for a term of 24 months or until either party terminates it as permitted below.

If the Order specifies no Initial Term with respect to any or all Services, then Provider will deliver those Services on a 36-month basis until one party provides written notice to the other party of its intent to terminate those Services, in which case Provider will cease delivering those Services at the end of the next calendar month following receipt such written notice is received by the other party.

Either party may terminate this MSA for any reason or no reason upon at least thirty (60) days advance, written notice given to the other party. However, termination of this MSA will not, by itself, result in the termination of any Order or Service Attachments, and this MSA will remain in effect notwithstanding any notice of termination unless and until all Orders and/or Service Attachments are terminated or expire according to their terms.

Unless otherwise agreed, Provider will perform all Services solely as an independent contractor and not as an employee, agent or representative of Client.

Unless specifically identified in a separate Statement of Work, any writing or work of authorship, regardless of medium, created or developed by Provider or Client in the course of performance under this Agreement and related to existing works owned by Provider is a “Provider Work,” is not to be deemed a “work made for hire,” and is and will remain the sole, exclusive property of Provider. To the extent any Provider Work for any reason is determined not to be owned by Provider, Client hereby irrevocably assigns and conveys to Provider all of its copyright in such Provider Work. Client further hereby irrevocably assigns to Provider all of its patent, copyright, trade secret, know-how and other proprietary and associated rights in any Provider Work.

If any Provider Work is located on hardware or equipment owned by Client, Provider hereby grants Client a perpetual, non-exclusive, revocable, royalty-free license to use any Provider Work during the term of this Agreement (“Limited License”). The Limited License will be immediately and automatically revoked without the need for notice in the event that either party terminates the Services or this Agreement.

You shall not:

• Modify, copy or create derivative works based on the Services or on the Provider Technology;
• Build a product or service using similar ideas, features, functions or graphics of the Service, or
• Copy any ideas, features, functions or graphics of the Service.

Additional license restrictions may be set forth in the Service Attachments.

Client hereby assigns to Provider any and all suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by Client or Client’s users relating to any proposed improvements of or modifications to the Services.

During the course of performance under this Agreement, either party may be exposed to or may acquire the other’s proprietary or confidential information. Each party shall hold all such “Confidential Information” in strict confidence and shall not disclose any such information to any third party.

Confidential Information includes but is not limited to: (a) with respect to Provider, Provider’s unpublished prices for Services, audit and security reports, server/network configuration designs, firewall and other hardware configurations, passwords, all business plans, technical information or data, product ideas, methodologies, calculation algorithms and analytical routines, and other proprietary technology, (b) with respect to Client, content transmitted to or from, or stored by Client on, Provider’ servers, and (c) with respect to both parties, other information that is conspicuously marked as “confidential” or if disclosed in non-tangible form, is verbally designated as “confidential” at the time of disclosure and confirmed as confidential in a written notice given within one (1) day of disclosure.

Notwithstanding the preceding provision, Confidential Information does not include:

• Information that at the time of disclosure is, without fault of the recipient, available to the public by publication or otherwise;
• Information that either party can show was in its possession at the time of disclosure and was not acquired, directly or indirectly, from the other;
• Information received from a third party with the right to transmit same without violation of any secrecy agreement with the other party; and
• Information that must be disclosed pursuant to court order or by law.

No copy of the Order, this MSA, any Service Attachment or description, discussions, negotiations, terms or conditions relating to the Order, the MSA, Service Attachment, or any other information relating to the Order, this MSA, or any Service Attachment may be disclosed to any third party, except by reason of legal, accounting or regulatory requirements, without the prior written consent of the parties hereto.

Notwithstanding the preceding provisions, Provider may publicly refer to Client, orally and in writing, as a Client of Provider. Any other reference to Client by Provider may be made only pursuant to a written agreement between the parties.

“Equipment” means any computer, networking or telephony equipment, racking, or associated hardware or other equipment (if any) that Provider installs on Client’s premises or that Provider ships to Client’s location to facilitate the delivery of Services. Equipment does not include any hardware or devices that Provider may sell to Client or that Provider procures on Client’s behalf.

Provider is and will remain the sole owner of any Equipment, which is provided on a rental or temporary basis only. This agreement transfers to Client no Equipment ownership rights of any kind.

Provider retains sole discretion to determine the appropriate Equipment and associated software and/or technology, if any, to be used at Client’s location, provided that Provider’s determination does not materially impair the availability or delivery of services under this Agreement. Provider also retains sole discretion to determine the necessity of maintenance, repairs and/or improvement of the Equipment.

Except as otherwise may be specified in an applicable Service Attachment, Provider makes no independent representations or warranties with respect to the Equipment. Any third-party warranties are Client’s exclusive remedies with respect to such Equipment. In the event of an Equipment malfunction, Provider will take commercially reasonable steps to ensure that Client receives the benefit of any manufacturer warranties applicable to the Equipment in use at Client’s location.

Client shall take reasonable care of the Equipment and shall not damage it, tamper with it, move or remove it, attempt to repair it, or attempt to install any software on it. Client is financially responsible, up to the full replacement value of all Equipment, for all damage to or loss of the Equipment used at Client’s location, other than loss or damage caused by Provider. In addition, Client shall obtain and maintain insurance with a reputable insurer for the full replacement value of the Equipment. Such policy or policies of insurance must cover the Equipment against loss or damage (including, without limitation, accidental loss or damage) and must name Provider as an insured beneficiary with respect to the Equipment. Upon demand, Client must produce evidence that such insurance is being maintained and is valid.

Client is responsible for providing the necessary power, network connection and appropriate environment to support the Equipment.

Client shall not remove any sign, label or other marking on the Equipment identifying Provider as the owner of the Equipment. Client does not acquire and will not acquire any rights of ownership in the Equipment by virtue of this Agreement, and Client does not have and will not have, by operation of law or otherwise, any lien or other similar right over or in relation to the Equipment.

On termination of any Agreement pursuant to which Client obtained any Provider-owned Equipment, Client shall allow Provider and its employees and contractors reasonable access to its premises to remove the Equipment. Alternatively, upon Provider’s request, Client shall return the Equipment to Provider via the carrier of Provider’s choice, for which Provider will pay all applicable shipping charges.

“Software” means all and any software installed on the Equipment or provided by Provider for installation on Client’s computer equipment to facilitate the delivery of the Services.

This Agreement does not transfer any right, title, or interest in the Software to Client. Client’s use of the Software is subject to all applicable terms of any end-user license agreement pertaining to the Software, a copy of which will be made available to Client, upon request.

You shall not, and shall not permit any third party, to:

• distribute or allow others to distribute copies of the Software or any part thereof to any third party,
• tamper with, remove, reproduce, modify or copy the Software or any part thereof,
• provide, rent, sell, lease or otherwise transfer the Software or any copy or part thereof or use it for the benefit of a third party, or
• reverse assemble, reverse compile or reverse engineer the Software or any part thereof, or otherwise attempt to discover any Software source code or underlying proprietary information except as may be permitted by law.

Client shall provide in a timely and professional manner, and at no cost to Provider, assistance, cooperation, complete and accurate information and data, equipment, access to applicable computer and telecommunications facilities, networks, firewalls, servers, programs, files, documentation, passwords, a suitable work environment, and other resources requested by Provider to enable it to perform the Services (collectively, “Assistance”). Provider shall not be liable for any deficiency in performing the Services if such deficiency results from Client’s failure to provide full Assistance as required hereunder. Assistance includes, but is not limited to, designating a project manager or contact person to interface with Provider during the course of Services.

Unless otherwise specifically agreed to in an applicable Order, Client represents and warrants that Client has title to or has a license or the right to use or modify the Software and has a license or right to permit Provider to use, access or modify any software that Client has requested Provider to use, access or modify as part of the Services.

It is the Client’s responsibility to independently ensure that ALL software in use by Client is properly licensed, and Client agrees to maintain records of applicable licenses. Provider will not promote the use of, or knowingly support software which is not properly licensed by Client. Assistance with software audits or licensing compliance matters are billable at Provider’s then prevailing hourly rates.

Provider shall not be responsible or liable to Client for any consequences from the use of software no longer under manufacturer product support or no longer supported by the software publisher (“Unsupported Software”).

THEREFORE, CLIENT AGREES TO HOLD PROVIDER HARMLESS FROM ANY LOSS, INJURY OR DAMAGE TO CLIENT OR ANY HARDWARE, SOFTWARE, AND/OR COMPUTER DATA OF CLIENT CAUSED BY ANY USE OF UNSUPPORTED SOFTWARE.

Client shall supply Provider necessary access to its personnel, appropriate documentation and records and facilities in order for Provider to timely perform the Services.

Broadband Internet access must be provided. Provider must be provided with remote access (via VPN or other reasonable remote access) to covered equipment. Appropriate cabling to all covered computers and devices must be provided. Appropriate air conditioning and ventilation for all covered computers and devices must be provided, in order to maintain temperature and air quality as specified by the applicable hardware manufacturers. Power surge protection must be provided for all covered computers and devices. Provider must be allowed convenient and timely access to the Equipment covered under this Agreement, adequate working space and facilities within a reasonable distance of the equipment, and access to and use of all information, internal resources, and facilities determined necessary to service the equipment.

Client may be required to conduct preliminary diagnostic steps or provide additional information related to a support request, prior to a technician being dispatched to Client's facility. Client must agree to assign one employee to be liaison or contact person to Provider in order to make communications between both parties effective.

Client grants to Provider the explicit right to remotely access Client’s network systems without the need to obtain expressed permission or consent each time remote access is established.

Unless expressly undertaken by Provider in writing, Client is responsible for any Third-Party Service Provider service fees, charges and to arrange for disconnection or termination and payment of charges related to the disconnection or termination of any related services with Client’s current carrier(s) or service provider(s).

Unless otherwise specifically agreed to in an applicable Order, it is Client’s sole responsibility to determine whatever actions deemed necessary to make Client’s data and voice networks and circuits secure from unauthorized access. Hardware firewall must be in place. Wireless data traffic in the environment must be securely encrypted. Provider is not responsible for the security of Client’s network and circuits from third parties, or for any damages that may result from any unauthorized access to Client’s network.

Client has an affirmative obligation to protect Client’s network environment, and to train its employees for spam, malware, phishing, virus protection, and prevention from criminal acts of third parties.

Provider is not responsible for criminal acts of third parties, including but not limited to hackers, phishers, crypto-locker, and any network environment subject to ransom.

If a security system for Client’s network is included within the Services to be provided by Provider, Provider agrees to use commercially reasonable efforts to protect Client’s network from malicious attack by computer viruses, computer worms and/or computer hackers (collectively, “malicious activities”). However, Client understands that no security system can guarantee complete protection against malicious activities as such attacks often involve the intentional action by third parties to invade and injure computer systems.

THEREFORE, CLIENT AGREES TO HOLD PROVIDER HARMLESS FROM ANY LOSS, INJURY OR DAMAGE TO CLIENT OR ANY HARDWARE, SOFTWARE, AND/OR COMPUTER DATA OF CLIENT CAUSED BY SUCH MALICIOUS ACTIVITIES.

Provider is not responsible for criminal acts of third parties, including but not limited to intrusions or unauthorized access of any kind, hackers, phishers, crypto-locker, and any network environment subject to ransom.

CLIENT AGREES TO PAY RANSOM OR HOLD PROVIDER HARMLESS FOR ANY ACTIVITY AFFECTING NETWORK SECURITY ON CLIENT’S ENVIRONMENT RELATED TO THIRD-PARTY CRIMINAL ACTIVITY, NETWORK SECURITY OR PRIVACY. Any costs or fees to rebuild or service machines will be billed at provider’s then prevailing hourly rates.

Client shall notify Provider immediately, in writing, by electronic mail or by calling the Provider customer support line, if Client becomes aware at any time that the Services are being stolen or used fraudulently. Failure to do so in a timely manner may result in the immediate termination of the Services and additional charges to billed to Client. Client will be liable for all use of the Service using Equipment stolen from Client and any and all stolen Service or fraudulent use of the Services. Credits will not be issued for charges resulting from fraud that arises out of third parties hacking into any Equipment. This includes, but is not limited to, modem hijacking, wireless hijacking or other fraud arising out of a failure of Client’s internal/corporate procedures.

Provider will not issue credit for invoiced charges for fraudulent use resulting from Client’s negligent or willful acts or those of an authorized user of Client’s service.

THEREFORE, CLIENT AGREES TO HOLD PROVIDER HARMLESS FROM ANY LOSS, INJURY OR DAMAGE TO CLIENT OR ANY THEFT OF SERVICE AND OR CLIENT CAUSE BY SUCH THEFT OF SERVICE.

Client Equipment must be in working order and maintained under a manufacturer’s warranty or maintenance contract. Provider is not responsible for client equipment that is not maintained under manufacturer’s warranty or maintenance contract or that is otherwise out of order. All fees, warranties, and liabilities against Provider assumes equipment is under manufacturer’s warranty or maintenance contract or is in working order.

Provider in its reasonable opinion and supported by manufacturer information, may designate certain equipment as obsolete or defective, and therefore exclude it from coverage under this Agreement.

Client is responsible for the physical security of its on-premises hardware and software systems.

Unless specifically otherwise agreed to in an applicable Order or Service Attachment, Client must maintain an independent backup of all files that are sent to either the cloud or a data backup service. A backup solution must be in place, with backup copies stored off-site. It is the Client’s responsibility to verify that backups are made regularly, as well as the integrity of the backups. Provider shall not be held liable in the event of data loss, backup software failure, backup selection, backup hardware failure, backup media failure, or backup system failure even in the event that Provider was tasked to perform the backups. Client will be solely responsible for all lost data.

An anti-malware solution must be in place, updated, with valid update subscription. Provider is not responsible for any harm that may be caused by Client’s access to third party application programming interfaces or the execution or transmission of malicious code or similar occurrences, including without limitation, disabling devices, drop dead devices, time bombs, trap doors, Trojan horses, worms, viruses and similar mechanisms. Any costs or fees to rebuild or service machines are provided and sold separately by Provider.

Hardware and Software Configurations All Hardware and Software Configurations implemented by Provider shall belong to Provider, and shall constitute Provider’s Confidential Information.

In addition to its other confidentiality obligations under an applicable Service Attachment, Provider shall not use, edit or disclose to any party other than Client any Client Data (defined below), except as otherwise requested by Client, or required by court order or applicable law. For purposes of this provision, all data stored on the virtualized machines assigned to Client, including locally stored personal data of individual employees, will be considered Client Data by Provider.

As between Provider and Client, all Client Data is owned exclusively by Client. Client Data constitutes Confidential Information subject to the Terms. Provider may access Client's User accounts, including Client Data, solely to respond to service or technical problems or otherwise at Client's request. 

Although it is under no obligation to do so, from time to time, Provider may make recommendations regarding regulatory compliance, safety and security related to Client’s network and practices (e.g., multi-factored authentication). If Client fails to adopt or implement the recommended protocols, Client is responsible for any and all damages related to regulatory, security, privacy, or data protection, including but not limited to fines, data breach notification, malware or ransomware costs, restoration, forensic investigation, restoring backups, or any other costs or damages related to Client’s refusal to implement the recommended protocols.

If Provider provides password management services to Client, Client shall be responsible and liable for any unauthorized use of passwords.

THEREFORE, CLIENT AGREES TO HOLD PROVIDER HARMLESS FROM ANY LOSS, INJURY OR DAMAGE TO CLIENT OR ANY THEFT OF PASSWORDS CAUSED BY SUCH USE OF THE PASSWORD SERVICES BY CLIENT.

Provider monitors the availability and performance of its internal firewall and network security. This process involves monitoring for intrusion attempts and potential security breaches. In order to minimize a possible compromise of security, all services and applications exposed to the Internet on Provider's servers are updated with all commonly available security hotfixes and best practices. As appropriate, Provider proactively evaluates, investigates and reports security-related incidents to the appropriate authorities. Provider also monitors and proactively manages the anti-virus protection of its servers and applications using industry-recognized anti-virus software systems.

We warrant that the Services will be performed in a professional and workmanlike manner and as described in an applicable Service Attachment or Description. All Services will be deemed to be accepted unless Client notifies Provider in writing within ten (10) working days after performance that the Services did not conform to this warranty. Provider promptly will correct any non-conformities and will notify Client in writing that the non-conformities have been corrected.

PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE PERFORMED ERROR-FREE OR UNINTERRUPTED, THAT PROVIDER WILL CORRECT ALL SERVICES ERRORS, OR THAT THE SERVICES WILL MEET CLIENT’S REQUIREMENTS OR EXPECTATIONS, OR THAT THE SERVICE WILL BE COMPLETELY SECURE. THERE ARE RISKS INHERENT IN INTERNET CONNECTIVITY THAT COULD RESULT IN THE TEMPORARY LOSS OF SERVICE AVAILABILITY. PROVIDER IS NOT RESPONSIBLE FOR ANY ISSUES RELATED TO THE PERFORMANCE, OPERATION OR SECURITY OF THE SERVICES THAT ARISE FROM CLIENT’S CONTENT OR THIRD-PARTY CONTENT OR SERVICES PROVIDED BY THIRD PARTIES. PROVIDER SHALL HAVE NO OBLIGATION WITH RESPECT TO A WARRANTY CLAIM (i) IF NOTIFIED OF SUCH A CLAIM AFTER THE WARRANTY PERIOD OR (ii) IF THE CLAIM IS THE RESULT OF THIRD-PARTY HARDWARE OR SOFTWARE FAILURES, OR THE ACTIONS OF CLIENT OR A THIRD PARTY.

FOR ANY BREACH OF THE SERVICES WARRANTY, CLIENT’S EXCLUSIVE REMEDY AND PROVIDER’S ENTIRE LIABILITY SHALL BE THE CORRECTION OF THE DEFICIENT SERVICES THAT CAUSED THE BREACH OF WARRANTY, OR, IF PROVIDER CANNOT SUBSTANTIALLY CORRECT THE DEFICIENCY IN A COMMERCIALLY REASONABLE MANNER, CLIENT MAY END THE DEFICIENT SERVICES AND PROVIDER WILL REFUND TO CLIENT THE FEES FOR THE TERMINATED SERVICES THAT CLIENT PRE-PAID TO PROVIDER FOR THE PERIOD FOLLOWING THE EFFECTIVE DATE OF TERMINATION.

TO THE EXTENT NOT PROHIBITED BY LAW, CLIENT ACKNOWLEDGES THESE WARRANTIES ARE EXCLUSIVE AND THERE ARE NO OTHER EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS BY THE PROVIDER OR ANY THIRD-PARTY VENDORS’ INCLUDING FOR SOFTWARE, HARDWARE, SYSTEMS, NETWORKS OR ENVIRONMENTS OR FOR MERCHANTABILITY, SATISFACTORY QUALITY AND FITNESS FOR A PARTICULAR PURPOSE, AND THAT THOSE THIRD-PARTY VENDORS DISCLAIM ANY AND ALL LIABILITY, WHETHER DIRECT, INDIRECT OR CONSEQUENTIAL, ARISING FROM THE SERVICES.

PROVIDER MAY LINK TO OR OFFER THIRD-PARTY SERVICES FOR RESALE. ANY PURCHASE, ENABLING, OR ENGAGEMENT OF THIRD-PARTY SERVICES, INCLUDING BUT NOT LIMITED TO IMPLEMENTATION, CUSTOMIZATION, CONSULTING SERVICES, E-MAIL, WEB HOSTING, SERVER HOSTING, PHONE SERVICE, AND ANY EXCHANGE OF DATA BETWEEN CLIENT AND ANY THIRD-PARTY SERVICE, IS SOLELY BETWEEN CLIENT AND THE APPLICABLE THIRD-PARTY SERVICE PROVIDER AND IS SUBJECT TO THE TERMS AND CONDITIONS OF SUCH THIRD-PARTY PROVIDER.

PROVIDER DOES NOT WARRANT THIRD-PARTY SERVICES AND IS NOT RESPONSIBLE OR LIABLE FOR SUCH SERVICES OR ANY LOSSES OR ISSUES THAT RESULT FROM CLIENT’S USE OF SUCH SERVICES. IF CLIENT PURCHASES, ENABLES OR ENGAGES ANY THIRD-PARTY SERVICE FOR USE IN CONNECTION WITH THE SERVICES, CLIENT ACKNOWLEDGES THAT PROVIDER MAY ALLOW THIRD-PARTY SERVICES PROVIDERS TO ACCESS CLIENT DATA USED IN CONNECTION WITH THE SERVICES AS REQUIRED FOR THE INTEROPERATION OF SUCH THIRD-PARTY SERVICES WITH THE SERVICES. CLIENT REPRESENTS AND WARRANTS THAT CLIENT’S USE OF ANY THIRD-PARTY SERVICE SIGNIFIES CLIENT’S INDEPENDENT CONSENT TO THE ACCESS AND USE OF CLIENT’S DATA BY THE THIRD-PARTY SERVICE PROVIDER, AND THAT SUCH CONSENT, USE, AND ACCESS IS OUTSIDE OF PROVIDERS’S CONTROL. PROVIDER WILL NOT BE RESPONSIBLE OR LIABLE FOR ANY DISCLOSURE, MODIFICATION OR DELETION OF DATA RESULTING FROM ANY SUCH ACCESS BY THIRD-PARTY SERVICE PROVIDERS.

Provider shall comply with all laws applicable to Provider in its role as a Managed IT Provider. For the avoidance of doubt, unless otherwise provided in a separate Data Processing Agreement (“DPA”), Provider is not responsible for complying with the laws applicable to Client or Client’s industry. Client shall comply with all laws applicable to Client or in Client’s industry.

Although it is under no obligation to do so, from time to time, Provider may make recommendations regarding legal requirements and regulatory compliance protocols related to Client’s network and practices. If Client fails to adopt or implement the recommended legal requirements or regulatory compliance protocols, Client is responsible for any and all damages related to legal and regulatory compliance. Even if Client does take Provider’s advice regarding legal requirements and regulatory compliance protocols, Provider does not take responsibility for any legal requirements and regulatory compliance protocols or audits.

Client shall not solicit for employment with Client any Provider employee with whom Client has had direct contact in connection with the Services during the Term of this Agreement and for twelve (12) months following termination of this Agreement.

Client acknowledges that injury resulting from any breach of this provision would be significant and irreparable and that it would be extremely difficult to ascertain the actual amount of damages resulting from such breach. Therefore, in the event of a violation of this provision, in addition to any other right Provider may have at law or in equity, Client shall make a one-time payment to Provider in the amount of one hundred percent (100%) of the affected employee's base salary for one year, which accurately reflects the reasonable value of the employee’s time and costs. We agree that such amount is not intended as a penalty and is reasonably calculated based upon the projected costs the injured party would incur to identify, recruit, hire and train suitable replacements for such personnel.

Each party shall attempt to settle amicably by mutual discussions any disputes, differences, or claims related to this Agreement within sixty (60) days of the date any such dispute arises.

Failing such amicable settlement, any such dispute, including claim related to the existence, validity, interpretation, performance, termination or breach of this Agreement, is to be settled by arbitration in accordance with the Arbitration Rules of the International Centre for Dispute Resolution (ICDR). The arbitration will be conducted in English and will have one (1) arbitrator.

The Arbitrator will not have the authority to award punitive damages to either party. Each party will bear its own expenses, but shall share equally the expenses of the Arbitration Tribunal and the AAA. Any arbitration award will be final, and judgment thereon may be entered in any court of competent jurisdiction. The arbitration will be held in Ottawa, Ontario, or at another location upon which the parties may agree. Notwithstanding the foregoing, claims for preliminary injunctive relief, other pre-judgment remedies, and claims for Client’s failure to pay for Services may be brought in a state or federal court in the United States with jurisdiction over the subject matter and parties.

No claims may be made more than six (6) months after the date by which the fault or failure should reasonably have been discovered; failure to make such a claim within the six (6) month period shall forever bar the claim.

Unless Provider is bringing an action for Client’s failure to make payments for Services not otherwise in dispute, Provider will continue to provide Services under this Agreement, and Client shall continue to make payments to us, in accordance with this Agreement, during the period in which the parties seek resolution of the dispute.

In the event that there is any dispute, difference, or claim related to this Agreement that is resolved either through arbitration or through litigation, the prevailing party will be entitled to an award of reasonable attorneys’ fees incurred while defending or prosecuting such dispute, difference, or claim.

Client shall defend, indemnify and hold Provider harmless against all costs and expenses, including reasonable attorney’s fees, associated with the defense or settlement of any claim that:

• Provider’s use, access or modifications of any software that Client has requested that Provider use, access or modify as part of the Services infringes any patent, copyright, trademark, trade secret or other intellectual property right;
• Any claim related to software licensing and software licensing compliance; or
• Any claim related to any federal, state, or international law or regulation involving data privacy, data protection, or data breach to which Client is subject.

Client shall pay any judgments or settlements based on any such claims.

Subject to the limitation of liability set forth in the section titled LIMITATION OF LIABILITY, Provider agrees to indemnify and hold Client harmless from and against all loss, liability, and expense including reasonable attorney’s fees caused by Provider’s:

• negligent act, error, omission, or misrepresentation;
• breach of any contractual term implied by law;
• other act, error or omission giving rise to civil liability arising out of business activities performed for Client.

EXCEPT AS MAY BE DESCRIBED IN AN APPLICABLE SERVICE DESCRIPTION OR IN A SERVICE AGREEMENT FOR PROJECT SERVICES, PROVIDER LIABILITY UNDER THIS AGREEMENT IS LIMITED TO ANY ACTUAL, DIRECT DAMAGES INCURRED BY CLIENT AND WILL NOT EXCEED THE GREATER OF (1) THE PROCEEDS OF ANY PROVIDER’S PROFESSIONAL LIABILITY INSURANCE MAINTAINED BY PROVIDER UNDER ITS APPLICABLE INSURANCE POLICIES, OR (2) THE AMOUNTS PAID BY CLIENT TO PROVIDER UNDER THIS AGREEMENT AND ALL SCHEDULES OF SERVICES DURING THE SIX (6) MONTH PERIOD IMMEDIATELY PRECEDING THE ACCRUAL OF ANY SUCH CLAIM. IN THE EVENT OF AN INSURANCE COVERAGE DISPUTE, PROVIDER IS NOT REQUIRED TO DISPUTE THE COVERAGE DETERMINATION AND IS NOT REQUIRED TO FILE A DECLARATORY JUDGMENT ACTION.

IN NO EVENT IS EITHER PARTY TO BE HELD LIABLE TO THE OTHER PARTY FOR ANY INCIDENTAL, CONSEQUENTIAL, SPECIAL, INDIRECT OR PUNITIVE DAMAGES OR CLAIMS, INCLUDING BUT NOT LIMITED TO LOST PROFITS, LOST SAVINGS, LOST PRODUCTIVITY, LOSS OF DATA, LOSS FROM INTERRUPTION OF BUSINESS, LOSS OF PROGRAMS OR INFORMATION, AND THE LIKE THAT RESULT FROM THE USE OR INABILITY TO USE THE SERVICES OR FROM MISTAKES, THE SERVICES NOT MEETING CLIENT’S REQUIREMENTS OR EXPECTATIONS, OMISSIONS, TRANSLATIONS AND SYSTEM WORDINGS, FUNCTIONALITY OF FILTERS, MIGRATION ISSUES, INTERRUPTIONS, DELETION OF FILES OR DIRECTORIES, HARDWARE FAILURES, UNAVAILABILITY OF BACKUPS, ERRORS, DEFECTS, DELAYS IN OPERATION, TRANSMISSION, SECURITY BREACH, OR THIRD-PARTY SERVICE FAILURES, EVEN IF PREVIOUSLY ADVISED OF THEIR POSSIBILITY AND REGARDLESS OF WHETHER THE FORM OF ACTION IS IN CONTRACT, TORT OR OTHERWISE. PROVIDER WILL NOT BE LIABLE FOR ANY KIND OF AUTHORIZED ACCESS OR ANY HARM THAT MAY BE CAUSED BY CLIENT’S ACCESS TO THIRD PARTY APPLICATION PROGRAMMING INTERFACES OR THE EXECUTION OR TRANSMISSION OF MALICIOUS CODE OR SIMILAR OCCURRENCES, INCLUDING WITHOUT LIMITATION, DISABLING DEVICES, DROP DEAD DEVICES, TIME BOMBS, LOGIC BOMBS, TRAP DOORS, TROJAN HORSES, WORMS, VIRUSES, HACKERS, PHISHERS, CRYPTO-LOCKERS, RANSOMWARE, AND SIMILAR MECHANISMS. CLIENT AGREES THAT THE TOTAL LIABILITY OF PROVIDER AND CLIENT’S SOLE REMEDY FOR ANY CLAIMS FOR DAMAGES REGARDING THE SERVICES UNDER THIS AGREEMENT, INCLUDING ANY SCHEDULE, OR OTHERWISE IS LIMITED TO PROCEEDS IN SECTION APPLICABLE INSURANCE COVERAGE.

CLIENT ACKNOWLEDGES AND AGREES THAT PROVIDER WOULD NOT ENTER INTO THIS AGREEMENT FOR THE CONSIDERATION GIVEN BY CLIENT BUT FOR THE LIMITATIONS OF LIABILITY AND DAMAGES CONTAINED IN THIS AGREEMENT. CLIENT ACKNOWLEDGES AND AGREES THAT THE RIGHT TO RECEIVE THE SERVICES IN EXCHANGE FOR THE LIMITATIONS IN THIS AGREEMENT AND THE OTHER CONSIDERATION GIVEN BY CLIENT FOR THE SERVICES CONSTITUTES A BARGAIN THAT IS FAIR AND REASONABLE.

Client Obligations: Client shall maintain a minimum of One Million Dollars (CAD $1,000,000) in insurance coverage through its respective carriers. Such insurance must include, at a minimum, commercial general liability, workers compensation coverage, and first-party cyber liability.

Provider Obligations: Provider agrees to maintain during the Term, professional liability insurance including errors and omissions with aggregate limits of at least One Million Dollars (CAD $1,000,000). Client’s insurance shall be primary over Provider’s insurance. Client agrees to waive and to require its insurers to waive any rights of subrogation or recovery they may have against Provider, its agents, officers, directors and employees.

Upon request by Client, Provider may assist Client with: 1) the preparation of applications for insurance; or 2) provide technical assistance to Client in connection with providing information for the underwriting of insurance. Client acknowledges and agrees that Client is solely responsible for reviewing the information for accuracy and Client will be solely responsible for adverse actions taken by insurance carriers in connection with underwriting or claims administration.

Provider agrees that any electronic data or personal information submitted by Client to Provider as a part of the Service (“Client Data”) remains the property of Client and/or its end user or other third party. Provider agrees that it will comply with all applicable United States data privacy and data security laws that the Services are subject to and as stated herein.

Client agrees not to provide any data to Provider subject to the PIPEDA without first entering into an appropriate Data Processing Agreement with Provider that specifically references PIPEDA.

Client agrees not to provide any data to Provider subject to the California Consumer Privacy Act (“CCPA”) without first entering into an appropriate Data Processing Agreement with Providerthat specifically references CCPA.

Client agrees not to provide any data to Provider subject to the Gramm-Leach-Bliley Act (“GLBA”) or Health Insurance Portability and Accountability Act (“HIPAA”) without first entering into an appropriate Data Processing Agreement with Provider that specifically references GLBA.

Client agrees not to provide any data to Provider from any data subject of the European Union or the United Kingdom that is regulated under the General Data Protection Regulation (“GDPR”) or similar data protection regulation without first entering into an appropriate Data Processing Agreement with Provider that specifically references GDPR.

For Clients who require the processing of CCPA, GLBA, HIPAA, GDPR, or United Kingdom data processing or similar data privacy and/or data protection regulation, Client must enter into an applicable agreement with Provider in the form of a data processing agreement (the “Data Processing Addendum”). Each data privacy or data protection regulation may contain its own separate addendum (or combined addendum) depending on Provider or Client’s regulated activities.

Provider reserves the right to identify observed holidays and adjust its holiday schedules from time to time. When a holiday falls on a weekend, Provider may close on the closest business day in observance of that holiday. After-hours emergency support is still available during these times, and Client will be charged for Services at Provider’s then-prevailing Holiday support rates.

Except as otherwise provided under this Agreement, all notices, demands or requests to be given by any party to the other party shall be in writing and shall be deemed to have been duly given on the date delivered in person, or sent via fax, courier service, electronic mail, or on the date of the third business day after deposit, postage prepaid, in the Canada Post, and addressed as set forth on the applicable Order.

The address to which such notices, demands, requests, elections or other communications are to be given by either party may be changed by written notice given by such party to the other party pursuant to this Section.

Provider will not be liable for any failure of performance of the Services due to causes beyond its reasonable control, including, but not limited to, fire, flood, electric power interruptions, national or regional emergencies, epidemics, pandemics, public health emergencies, stay-at-home orders, furloughs, quarantines, or other restriction or prohibition, civil disorder, acts of terrorism, riots, strikes, Acts of God, or any law, regulation, directive, or order of the United States government, or any other governmental agency, including state and local governments having jurisdiction over Provider or the Services provided hereunder (the “Affected Performance”).

Any party whose performance is so affected shall give written notice to the other party describing the Affected Performance. The parties promptly shall confer, in good faith, to agree upon equitable, reasonable action to minimize the impact on both parties of such condition. If the delay caused by the force majeure event lasts for a period of more than thirty (30) days, the parties shall attempt to negotiate an equitable modification to the Agreement pertaining to the Affected Performance. If the parties are unable to agree upon an equitable modification, then either party may serve thirty (30) days’ written notice of termination on the other party with respect only to the portion of the Agreement relating to the Affected Performance. Client shall pay Provider for that portion of the Affected Performance that was completed or that was in the process of being completed through the effective termination date of the Affected Performance.

No delay in exercising, no course of dealing with respect to, and no partial exercise of, any right or remedy hereunder will constitute a waiver of any right or remedy, or future exercise thereof.

Neither party may assign this Agreement, in whole or in part, or any of its rights or obligations hereunder without the prior written consent of the other party. However, Provider may assign or otherwise transfer its rights, interests and obligations under this Agreement without Client’s consent in the event of a change in control of 50% or more of the equity of Provider, the sale of substantially all the assets of Provider, or the restructuring or reorganization of Provider or its affiliate entities. If Client transfer its rights, interests and obligations under this Agreement without Provider consent then such assignment will not be valid, and Client shall remain responsible for all Fees under this Agreement and any Attachment regardless of whether Client continues to derive any benefit from the Services. In addition, unless otherwise agreed, Provider may contract with third parties to deliver some or all of the Services, and no such third-party contract is to be interpreted as an assignment of this Agreement. However, Provider will use commercially reasonable efforts to ensure that any and all such third parties abide by all of the terms of this Agreement, and, except as otherwise agreed, Provider will remain solely responsible for the fulfillment of all of Provider’s obligations under this Agreement. This Agreement is binding upon the parties, their successors and permitted assigns.

Client hereby grants Provider the right to reference Client’s name, industry, logo, and URLs in its marketing literature, website, and/or correspondence to potential new clients, so as to identify Client as a customer of Provider for marketing purposes and for Provider’s benefit. Such information is not considered Confidential Information subject to non-disclosure.

Client hereby grants Provider the right to utilize Client information to send alerts, notifications, news, and general correspondence to Client to provide the Services.

The parties’ respective duties and obligations with respect to proprietary rights, intellectual property rights, and non-disclosure and confidentiality will survive and remain in effect, notwithstanding the termination or expiration of this Agreement.

Provider may, from time to time, in its sole discretion, and for any reason, amend the Order, the Master Services Agreement and any Service Attachments other Schedule of Services posted on Provider’s web page. However, the Master Services Agreement and Service Attachments in effect as of the date that Client signed the Order are the agreements that will govern the relationship until this Agreement expires or one of the parties terminates it. This Agreement may be modified or amended only by a writing signed by both parties.

This MSA is to be governed by and construed in accordance with the laws of Ontario, Canada.

If any term or provision of this agreement is declared invalid by a court of competent jurisdiction, the remaining terms and provisions will remain unimpaired, and the invalid terms or provisions are to be replaced by such valid terms and provisions that most nearly fulfill the parties’ intention underlying the invalid term or provision.

This Agreement is for the sole benefit of the parties hereto and their respective successors and permitted assigns, and nothing herein is to be construed to give any person or entity, other than the parties hereto and their respective successors and permitted assigns, any legal or equitable rights hereunder.

Neither Party, nor any of its respective partners, principals, shareholders, members, officers, directors, employees, affiliates, subsidiaries, agents, or representatives, shall initiate or participate in any action or conduct tending to injure, bring into disrepute, ridicule, damage, or destroy the goodwill of Provider or Client, or the other’s affiliates. The foregoing shall not be construed to prevent or prohibit a Provider or Client, or any of its respective partners, principals, shareholders, members, officers, directors, employees, affiliates, subsidiaries, agents, or representatives, from: (i) exercising its rights under this Agreement; (ii) complying with a legal obligation or a professional responsibility; or, (iii) reporting, providing, or disclosing information to federal, state, municipal, or local government agencies, authorities, or officials in the ordinary course of business or as required by law.

Further, in the event Provider or Client or any of its respective partners, principals, shareholders, members, officers, directors, employees, affiliates, subsidiaries, agents, or representatives breach this Section, the non-breaching party and its respective partners, principals, shareholders, members, officers, directors, employees, affiliates, subsidiaries, agents, and representatives shall no longer be bound by the obligations set forth under this Section.

This Master Services Agreement, the Order, the Service Attachments or Descriptions, and any other attachments thereto (collectively, the “Agreement”) set forth Provider’s entire understanding with respect to the subject matter hereof and are binding upon both parties, their successors, and their permitted assigns, in accordance with the terms of the Agreement.

There are no understandings, representations or agreements other than those set forth herein. Each party, along with its respective legal counsel, has had the opportunity to review this agreement.

Accordingly, in the event of any ambiguity, such ambiguity will not be construed in favor of, or against either party.

This Service Attachment is between Provider (sometimes referred to as “we,” “us,” or “our”), and the Client found on the applicable Order (sometimes referred to as “you,” or “your”) and, together with the Order, Master Services Agreemehearnt, and other relevant Service Attachments or Schedule of Services, forms the Agreement between the parties the terms to which the parties agree to be bound.

The parties further agree as follows:

This Service Attachment is effective on the date specified on the Order (the “Service Start Date”). Unless properly terminated by either party, this Attachment will remain in effect through the end of the term specified on the Order (the "Initial Term").

This Agreement commences on the Order Effective Date, and it will remain in effect for a term of 24 months or until either party terminates it as permitted below.

If the Order specifies no Initial Term with respect to any or all Services, then Provider will deliver those Services on a 36-month basis until one party provides written notice to the other party of its intent to terminate those Services, in which case Provider will cease delivering those Services at the end of the next calendar month following receipt such written notice is received by the other party.

"RENEWAL" MEANS THE EXTENSION OF ANY INITIAL TERM SPECIFIED ON AN ORDER FOR AN ADDITIONAL TWELVE (12) MONTH PERIOD FOLLOWING THE EXPIRATION OF THE INITIAL TERM, OR IN THE CASE OF A SUBSEQUENT RENEWAL, A RENEWAL TERM. THIS SERVICE ATTACHMENT WILL RENEW AUTOMATICALLY UPON THE EXPIRATION OF THE INITIAL TERM OR A RENEWAL TERM UNLESS ONE PARTY PROVIDES WRITTEN NOTICE TO THE OTHER PARTY OF ITS INTENT TO TERMINATE AT LEAST SIXTY (60) DAYS PRIOR TO THE EXPIRATION OF THE INITIAL TERM OR OF THE THEN-CURRENT RENEWAL TERM. ALL RENEWALS WILL BE SUBJECT TO PROVIDER’S THEN-CURRENT TERMS AND CONDITIONS.

If the Order specifies no Initial Term with respect to any or all Services, then we will deliver those Services on a month-to-month basis. We will continue to do so until one party provides written notice to the other party of its intent to terminate those Services, in which case we will cease delivering those Services at the end of the next calendar month following receipt such written notice is received by the other party.

Client may terminate this agreement for cause following sixty (60) days’ advance, written notice delivered to Provider upon the occurrence of any of the following:

• Provider fails to fulfill in any material respect its obligations under the Agreement and fail to cure such failure within thirty (30) days following Provider’s receipt of Client’s written notice.
• Provider terminates or suspends its business operations (unless succeeded by a permitted assignee under the Agreement).

If Client has satisfied all of its obligations under this Service Attachment, then no sooner than ninety (90) days following the Service Start Date, Client may terminate this Service Attachment without cause during the Initial Term upon sixty (60) days’ advance, written notice, provided that Client pays Provider a termination fee equal to fifty percent (50%) of the recurring, Monthly Service Fees remaining to be paid from the effective termination date through the end of the Initial Term, based on the prices identified on the Order then in effect.

Provider may elect to terminate this Service Attachment upon thirty (30) days’ advance, written notice, with or without cause. Provider has the right to terminate this Service Attachment immediately for illegal Client conduct. Provider may suspend the Services upon ten (10) days’ notice if Client violates a third-party’s end user license agreement regarding provided software. Provider may suspend the Services upon fifteen (15) days’ notice if Client’s action or inaction hinder Provider from providing the contracted Services.

As long as Client is current with payment of: (i) the Fees under this Attachment, (ii) the Fees under any Project Services Attachment or Statement of Work for Off-Boarding, and/or (iii) the Termination Fee prior to transitioning the Services away from Provider’s control, then if either party terminates this Service Attachment, Provider will assist Client in the orderly termination of services, including timely transfer of the Services to another designated provider. Client shall pay Provider at our then-prevailing rates for any such assistance. Termination of this Service Attachment for any reason by either party immediately nullifies all access to our services. Provider will immediately uninstall any affected software from Client’s devices, and Client hereby consent to such uninstall procedures.

Upon request by Client, Provider may provide Client a copy of Client Data in exchange for a data-copy fee invoiced at Provider’s then-prevailing rates, not including the cost of any media used to store the data. After thirty (30) days following termination of this Agreement by either party for any reason, Provider shall have no obligation to maintain or provide any Client Data and shall thereafter, unless legally prohibited, delete all Client Data on its systems or otherwise in its possession or under its control.

Provider may audit Client regarding any third-party services. Provider may increase any Fees for Off-boarding that are passed to the Provider for those third-party services Client used or purchased while using the Service.

Client agrees that upon Termination or Off-Boarding, Client shall pay all remaining third-party service fees and any additional third-party termination fees.

To qualify for Heartfelt IT’s IT Concierge Service, the following requirements must be met. If they are not met, they will be added to Onboarding Step 2.

• The Client is to provide existing IT Infrastructure configuration documents, which should include Windows domain admin passwords, security firewalls and gateways passwords, website domain information, Exchange information, as well as all usernames/passwords of any third-party applications that may be used.
• All Servers with Microsoft Windows Operating Systems must be running Windows 2016 Server or later, Exchange Server 2016 or later, and have all the latest Microsoft Service Packs and Critical Updates installed.
• All Desktop PC’s and Notebooks/Laptops with Microsoft Windows Operating Systems must be running Windows 11 Professional Edition or later and have all the latest Microsoft Service Packs and Critical Updates installed.
• Access to computers should be authorized by Microsoft Entra ID.
• All business users should be provided with MS365 Business Professional licenses or later and authorized by Microsoft Endra ID.
• The environment must have a currently licensed, Vendor Supported Hardware Firewall between the Internal Network and the Internet.
• All Wireless data traffic in the environment must be securely encrypted.
• There must be an outside static IP address assigned to a network device, allowing RDP or VPN remote access.

Service rendered under this Agreement does not include:

• Parts, equipment or software not covered by vendor/manufacturer warranty or support.
• Hardware components, consumables, accessories related to printers (Ex. Toners and paper)
• Install Move Add Change (IMAC). All charges will be agreed upon in advance of service
• The cost of any parts, equipment, shipping, parking/travel charges of any kind
• The cost of any software, licensing, or software renewal or upgrade fees
• The cost of any 3rd party vendor or manufacturer support or incident fees
• The cost to bring client name’ environment up to minimum service standards
• Failure due to acts of God, building modifications, power failures or other adverse environmental conditions or factors
• Service and repair made necessary by the alteration or modification of equipment other than that authorized by Heartfelt IT, including software installations or modifications of equipment made by anyone other than Heartfelt IT
• Security audits and security audit questionnaires
• Onsite support for non-covered locations
• Responsibility for home internet connections
• Cabling or moving equipment
• Website hosting

Information contained in this document is provided under an exclusive, perpetual non-disclosure agreement and cannot be copied, transmitted, excerpted, or otherwise communicated to anyone without the prior written consent of Heartfelt IT.

This package contains proprietary and trade secret information. All data furnished in connection with this package is intended for use in evaluating potential business opportunities with Heartfelt IT and is considered proprietary information.

Intended recipients of this document shall have the right to duplicate, use, or disclose the data contained herein to the extent necessary to perform their duties in the interest of formulating a business relationship with Heartfelt IT, but may not use this information as the basis to obtain competitive quotes from other vendors.

These restrictions do not limit the right to use information contained herein if said data is obtained from another source, without restriction. These restrictions apply to all media comprising this package.

Clients are prohibited from making direct offers of employment and/or offering contracts for service to employees and/or independent contractors (together “Workers”) of Heartfelt IT while such Workers are employed by or providing services to Heartfelt IT.

If Client makes such an offer to a Worker, then Client shall be liable to provide a payment to Heartfelt IT as liquidated damages in accordance with the following schedule:

1. If Client maintains the Service Agreement for a period of at least one year after acquiring the Worker, then Client shall pay to Heartfelt IT an amount equal to 25% of the acquired Worker’s total remuneration received from Heartfelt IT in the twelve months preceding such acquisition.
2. If Client does not maintain the Service Agreement for a period of at least one year after the acquiring the Worker, then Client shall pay to Heartfelt IT an amount equal to 50% of the acquired Worker’s total remuneration received from Heartfelt IT in the twelve months preceding such acquisition.

If the Worker has been employed for less than twelve months at the time of acquisition, then the Worker’s total remuneration shall be annualized based on the pro rata amount of time spent in employment.

Client acknowledges that the actual damages likely to result from breach of this covenant are di cult to estimate on the date of this agreement and would be di cult for Heartfelt IT to prove. The parties intend that Client’s payment of the liquidated damages amount would serve to compensate Heartfelt IT for any breach by Client of its obligations under this covenant, and they do not intend for it to serve as punishment for any such breach by Client.

This Data Processing Agreement (the “Agreement”) between Provider (sometimes referred to as “Provider,” “we,” “us,” or “our”), and the Client found on the applicable Master Services Agreement, Order, or Service Description (sometimes referred to as “you,” or “your,”) and, together with the Order, Proposal, Master Services Agreement, and other relevant Service Attachments or Descriptions, forms the Agreement between the parties the terms to which the parties agree to be bound.

The parties agree as follows:

PIPEDA - This Canadian Data Privacy Agreement (the “Agreement”) reflects the requirements of the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”) of 2004 and its implementing regulations, as amended or superseded from time to time (S.C. 2000, c. 5). This Agreement makes clear that Provider is acting as a “Service Provider” for PIPEDA purposes.

This Agreement shall only apply and bind the Parties if and to the extent of the activity between the Parties is considered “Commercial Activity under PIPEDA. This Agreement prevails over any conflicting terms of the Agreement, but does not otherwise modify the Agreement. All capitalized terms not defined in this Agreement shall have the meanings set forth in the PIPEDA. Client enters into this Agreement on behalf of itself and, to the extent required under the PIPEDA, in the name and on behalf of Client’s Authorized Affiliates (defined below).

“Affiliate” means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.

“Authorized Affiliate” means any of Clients’ Affiliate(s) permitted to or otherwise receiving the benefit of the Services pursuant to the Scope and Applicability of this Agreement.

“Applicable Law” means all present and future laws, statutes, ordinances, regulations, judgement, orders, rules, directions of any court or governmental authority that are enforceable in Canada, and includes Applicable Privacy Law;

“Applicable Privacy Law” means any privacy legislation that may be applicable in the circumstances, which may include the Personal Information Protection and Electronic Documents Act (“PIPEDA”), provincial legislation deemed substantially similar to PIPEDA and/or provincial health information legislation;

“Commissioner” means the Information and Privacy Commissioner as applicable;

“Conflicting Foreign Order” means any order, subpoena, directive, ruling, judgment, injunction, award or decree, decision, request or other requirement issued from a foreign court, agency of a foreign state or other authority outside Canada or any foreign legislation the compliance with which would or could potentially breach Applicable Privacy Law;

“Confidentiality Agreement” means a standard agreement between Provider and its Personnel, signed as part of Provider’s operating procedures, requiring that Personnel comply with the requirements of Applicable Privacy Law, and other Applicable Law, in a manner which is intended to ensure compliance by Provider and its Personnel under this Agreement;

“Contact Information” means information to enable an individual at a place of business to be contacted and includes the name, position name or title, business telephone number, business address and business email of the individual;

“Excluded Information” or “Excluded Records” means information, documents or recorded information that (a) relate solely to Provider’s internal administration, finances, management, or labor and employment matters, unless they contain Personal Information about an individual other than Personnel or other third parties with whom Provider has dealings unrelated to the subject matter of the Agreement; or (b) Client confirms in writing are excluded from the application of this Agreement;

“Material Breach” includes, without limitation, (i) non-compliance by Provider with any provision of this Agreement relating to or resulting from the collection, use, disclosure, storage, disposal or destruction of any Personal Information or Records in contravention of Applicable Privacy Law and/or this Agreement; and (ii) non-compliance by Provider to take reasonable steps to cure any contravention of Applicable Privacy Law and/or this Agreement to the satisfaction of Client within 30 days after written notice is given to Provider describing the breach in reasonable detail or otherwise within 30 days of Provider becoming aware of the breach;

“Permitted Purpose” means access to Records or Personal Information that is necessary for provision of the Services (as defined in the Agreement);

“Personal Health Information” means personal health information about an individual as defined by Applicable Privacy Law;

“Personal Information” means recorded information about an identifiable individual, excluding Contact Information and Excluded Information, that is collected or created by Provider or otherwise obtained or held by or accessible to Provider as a result of the Agreement or any previous agreement between Client and Provider dealing with the same subject matter as the Agreement, and specifically includes Personal Health Information;

“Personnel” means any employees, officers, directors, contractors, subcontractors, associates, representatives or other persons engaged by Provider for the purposes of fulfilling Provider’s obligations under the Agreement;

“Privacy Representative” means the designate of Provider or Client with responsibility for compliance with Applicable Privacy Law and this Agreement;

“Record” includes books, documents, maps, drawings, photographs, letters, vouchers, papers and any other thing on which Personal Information is recorded or stored by graphic, electronic, mechanical or other means which are collected or produced by Provider in the course of delivering Services or otherwise performing its obligations under the Agreement, but does not include Excluded Records.

Provider agrees that, in relation to the collection, use, processing, sharing, disclosure, storage, security, destruction and management or administration of Personal Information and Records, it is subject to and will comply with the requirements of Applicable Privacy Law and this Agreement, including any applicable order or security requirements prescribed by the Commissioner or a court. Provider will ensure that it and its Personnel are familiar with its and their obligations under Applicable Privacy Law.

Provider acknowledges that Personal Health Information may be disclosed to Provider for the sole purpose of performing the Services. Provider shall exercise all reasonable precautions to protect Personal Health Information from unauthorized access, disclosure, copying, use or modification, storage and retention and, in any event, treat any information which is Personal Health Information in accordance with Applicable Privacy Law. In particular, the use of Personal Health Information must be restricted to the purposes and activities as outlined in Applicable Privacy Law.

Provider agrees that if it is a “service provider”, “information manager”, “information management service provider” or “agent” as defined in Applicable Privacy Law, as a result of the type of Services that it is providing to Client under the Agreement, Provider agrees to comply with its obligations under Applicable Privacy Law in that regard.

Provider agrees to maintain a privacy policy in compliance with Applicable Privacy Law.

Provider specifically assumes all responsibility for the Personnel and for the breach by any one or more of them of any provision of Applicable Privacy Law or this Agreement.

The Parties acknowledge and agree that as between Client and Provider:

• All right, title, interest and control in and to all Records shall remain with Client. No proprietary right or other interest respecting the Records, other than as expressly set out herein, is granted to Provider under this Agreement or the Agreement, by implication or otherwise. Provider is granted temporary access to the Personal Information on the terms and conditions of this Agreement, for the sole and express purpose of performing the Services and for no other use or purpose. Where Provider provides services under contract with one or more other parties in which such other parties also assert control over the same or overlapping Records, Client will work with such other parties to resolve each other’s rights and obligations with respect to such Records and Provider will not be considered to be in breach of this Agreement by reason of its inability to provide unfettered control over the Records to Client.
• It is the responsibility of Client to identify and have directly or indirectly obtained any consent from, or given any notice to, individuals as required under Applicable Privacy Laws, for Provider’s collection, use, processing, sharing, disclosure, storage, security, destruction, management or administration of Personal Information. If Client requires Provider to collect Personal Information on its behalf pursuant to this Section, Client will identify to Provider any requirements of Applicable Privacy Law regarding collection of the Personal Information.

Provider will only collect, use and disclose Personal Information on behalf of Client as necessary for the performance of the Services or as otherwise authorized by Client in writing or required or authorized by Applicable Law.

Provider will ensure that neither it nor its Personnel collects, creates, copies, reproduces, uses, stores, discloses or provides access to any Personal Information except in compliance with this Agreement and Applicable Privacy Law and for purposes directly related to or necessary for the performance of the Services or as otherwise required by Applicable Law.

If Provider receives a request under Applicable Privacy Law for access to or correction of Personal Information from a person other than Client, Provider will promptly advise the person to make the request to Client and provide the name and contact information for Client’s Privacy Representative, and Provider shall notify Client of any such request.

Where Client communicates to Provider that it has received a request for access to Personal Information, Provider will locate and supply to Client any and all Records in its custody that fall within the scope of the request. Provider will comply with this obligation within a reasonable period that allows Client to comply with its obligations under Applicable Privacy Law.

If Provider engages in the collection, maintenance or updating of Personal Information or the creation of Records on behalf of Client under the Agreement, Provider will make every reasonable effort to ensure the accuracy and completeness of such Personal Information generally and as required by Applicable Privacy Law.

Provider must protect Personal Information to ensure compliance with Applicable Privacy Law, by making reasonable security arrangements against such risks as theft, loss or unauthorized access, collection, use, disclosure or disposal.

Provider will ensure that its Personnel are granted access to the Personal Information only where such access is necessary for the performance of the Services, and subject to the following terms:

• Prior to access, Provider has entered into its standard Confidentiality Agreement with its Personnel or Provider’s Personnel has expressly agreed to comply with Provider’s internal documents acknowledging the obligations of protecting Personal Information pursuant to this Agreement and Applicable Privacy Law;
• Provider will revoke the access rights of any person who engages in the unauthorized collection, use or disclosure of Personal Information or otherwise breaches the Confidentiality Agreement or Applicable Privacy Law; and
• Provider will ensure Personnel with access to Personal Information are familiar and comply with the obligations of Provider under this Agreement and Applicable Privacy Law.

Provider acknowledges that if it uses subcontractors to perform any services for Client that it will require subcontractor to be bound by terms equivalent to this Agreement and Applicable Privacy Law.

Client hereby acknowledges and consents that Personal information and Records may be collected, used, processed, shared, disclosed, stored, secured, destroyed, managed or administered from outside of Canada by Provider using cloud computing of other information technology infrastructure selected by Provider and managed using third parties, and that Client has provided all required notices and information and/or obtained all required consents and approvals for such collection, use, processing, sharing, disclosure, storage, security, destruction, management and administration outside of Canada.

If Provider or anyone to whom Provider transmits Personal Information pursuant to a Permitted Purpose becomes legally compelled or otherwise receives a demand to disclose Personal Information other than permitted by Applicable Privacy Law, including without limitation pursuant to any Conflicting Foreign Order, unless prohibited by law, Provider will not do so unless and until:

• Client has been notified of such requirement;
• the parties have appeared before a Canadian Court; and
• the Canadian Court has ordered the disclosure.

Provider is responsible to ensure that it obtains such contractual rights or makes other such arrangements with its Personnel or such other third parties to whom it may grant access to Personal Information as may be necessary to enable it to comply with the provisions of this Section. Nothing in this Agreement will be interpreted or construed to prohibit Provider from complying with any valid court order made under the laws of Canada applicable in the Province.

Notwithstanding the provisions of this Agreement, Provider retains the right to use and disclose aggregated and De-Identified Data in any manner. “De-Identified Data” means information (or any portion thereof) that has been the subject of reasonable efforts to de-identify, aggregate and/or anonymize such data with the result that no individual, entity or particular Record can be identified, such that it is no longer Personal Information as defined in Applicable Privacy Laws.

Provider will appoint a Privacy Representative and such person will have sufficient authority to make decisions and execute documents on behalf of Provider as may be required from time to time for the administration of this Agreement. Provider shall promptly provide Client the name and contact details of its Privacy Representative and shall notify Client of any change of its Privacy Representative.

Provider will provide Client with prompt written notice of any actual or anticipated Material Breach, including full particulars of such breach.

Provider will cooperate with Client in preventing the occurrence or recurrence of any breach of this Agreement or Applicable Privacy Law, including, if requested to do so: by preparing a written proposal to address or prevent further occurrences within Provider’s systems.

Upon reasonable request by Client, Provider will provide information to a Commissioner pertaining to Provider’s handling of Personal Information demonstrating that Provider is compliant with this Agreement, the Agreement and Applicable Privacy Law, including:

• Provider’s privacy policy; and
• information regarding any complaints against Provider to a Commissioner.

Provider will reasonably cooperate at Client’s cost with Client in the event of any audit, investigation, inquiry, complaint, suit or other legal proceeding regarding any actual or alleged breach of Applicable Privacy Law or this Agreement, for a Material Breach.

Notwithstanding anything in the Agreement to the contrary, Provider and Client hereby agree that a Material Breach by Provider will give rise to a right on the part of Client to terminate the Agreement immediately upon written notice.

Except as otherwise specified in the Agreement, Provider will retain the Personal Information and Records until it is provided with a written direction from Client regarding its return or destruction.

Upon the expiry or earlier termination of the Agreement or, at any time upon the written request of Client, Provider will promptly:

• return or deliver all Records, including any copies thereof, to Client; or
• destroy, according to Client`s instructions, all documents or other Records, including any copies thereof, in any form or format whatsoever in Provider’s possession constituting or based upon Personal Information.

After a request is made under this Section, Provider will not retain any Records for any purpose without the prior written consent of Client. If, for any reason, Provider fails to return or destroy any Record in accordance with this Section, Provider’s obligations pursuant to this Agreement will continue in full force and effect.

The parties acknowledge and agree that either party may disclose the Agreement or portions thereof as may be required pursuant to Applicable Privacy Law.

If a provision of this Agreement or the Agreement conflicts with a requirement of Applicable Privacy Law, the conflicting provision of the Agreement (or direction) will be inoperative to the extent of the conflict.

Unless otherwise expressly provided in the Agreement, if a provision of this Agreement is inconsistent or conflicts with a provision of the Agreement, the conflicting or inconsistent provision in the Agreement will be inoperative to the extent of the conflict.

Provider’s obligations under this Agreement will continue despite the expiry or earlier termination of the Agreement until such time as the Personal Information and Records are returned to Client or securely destroyed in accordance with this Agreement.