Master Subscription Agreement

THIS AGREEMENT GOVERNS YOUR USE OF THE PROOF OF IMPACT SERVICES.  BY ACCEPTING THIS AGREEMENT, EITHER BY INDICATING YOUR ACCEPTANCE OR BY EXECUTING AN ORDER FORM OR STATEMENT OF WORK THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT AND WILL BE REFERRED TO AS “YOU” OR “COMPANY” IN THIS AGREEMENT. “PARTY” OR “PARTIES” SHALL MEAN, INDIVIDUALLY, CUSTOMER OR POI AS THE CONTEXT REQUIRES AND, COLLECTIVELY, CUSTOMER AND POI

IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS “YOU” AND “COMPANY” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE HOSTED SERVICES.

POI Technologies LLC, doing business as “Proof of Impact” (“POI”) provides customizable technology, services and analytics solutions to track, measure, and verify impact. These deliverables are executed by members of the POI team.  The purpose of this letter which includes Schedule A hereto (this “Agreement”) is to confirm the engagement of POI, with respect to impact technology services to “Company”, the terms and conditions set forth herein.

 

  1. Scope of Services.  Subject to the Data Processing Policy found in Schedule A, POI shall provide Company with impact data collection, tracking and technology Services as set forth in the Service Order SoW.  
  2. Fees
    1. In consideration of the Services to be rendered hereunder, Company hereby agrees to pay POI the Fees, established by POI and set forth in the  Service Order SoW. 

    2. POI shall provide Company monthly invoices which shall set forth in reasonable detail the Fees therein stated, with such supporting documentation as Company may reasonably request. Payments pursuant to this Agreement shall be made within fourteen (14) days after the date of receipt of an Invoice by Company from POI.
  3. Term. This Agreement shall commence on the date hereof for a period of 12 months. Thereafter, commencing on the one year anniversary of this Agreement, either party may terminate by providing the other with no less than three months’ written notice of termination.  The expiration or termination of the term of this Agreement shall not adversely affect POI’s right to receive any compensation or other amounts owed hereunder accrued prior to the date of such expiration or termination.  POI’s Fees are exclusive of all taxes, levies, or duties imposed by taxing authorities, and Company shall be responsible for payment of all such taxes, levies, or duties, even if such amounts are not listed by POI. If payment is not received by the due date, POI reserves the right to, in addition to taking any other action at law or equity, to (i) suspend Company’s access to the Hosted Services until overdue amounts are paid in full, and (ii) terminate the applicable Contract.
  4. Confidential Information
    1. Scope of Confidentiality. Each party agrees to regard and preserve as confidential all business, technical, financial and customer information related to the activities of the other party (the “Disclosing Party”), that may be obtained by such party (the “Receiving Party”) from any source or may be developed as a result of this Agreement (“Confidential Information” of the Disclosing Party). The Receiving Party agrees to hold such information in trust and confidence for the Disclosing Party and not to disclose such Confidential Information to any person, firm or enterprise, or use, directly or indirectly, any such Confidential Information other than in furtherance of the purposes of this Agreement for its own benefit or the benefit of any other party, unless otherwise authorized in writing by the Disclosing Party, and even then, to limit access to and disclosure of such Confidential Information to the Receiving Party’s employees, consultants (who themselves are under a duty of confidentiality) and professional advisors on a need-to-know basis only. Confidential Information shall not be considered confidential if such information: (i) is, or becomes, generally available to the public other than as a direct or indirect result of the information being disclosed by the Receiving Party in breach of this Agreement (except that any compilation of otherwise public information in a form not publicly known shall still be treated as Confidential Information); (ii) it was available to the Receiving Party on a non-confidential basis prior to disclosure by the Disclosing Party; (iii) it was, is, or becomes available to the Receiving Party on a non-confidential basis from a person who, to the Receiving Party’s knowledge, is not under any confidentiality obligation in respect of that information; (iv) it was lawfully in the possession of the Receiving Party before the information was disclosed by the Disclosing Party; (v) it is developed by or for the Receiving Party independently of the information disclosed by the Disclosing Party; (vi) is the subject of an request, investigation, review or the like by a competent government regulator or is the subject of a court or other tribunal proceeding; or, (vii)  the parties agree in writing that the information is not confidential.
    2. Remedy. Each party acknowledges and agrees that, in the event of a breach or threatened breach of any of the foregoing provisions, the other party will have no adequate remedy in damages and, accordingly, shall be entitled to injunctive relief against such breach; provided, however, that no specification of a particular legal or equitable remedy shall be construed as a waiver, prohibition or limitation of any other legal or equitable remedies in the event of a breach hereof.
  5. Limitation on Liability. 
    1. POI employees, consultants, directors, officers, agents, professional advisors and Affiliates, and the stockholders, partners, members, Affiliates, directors, officers, consultants, professional advisors and employees of any of the foregoing (each such person being referred to as a “Covered Person”) shall have no liability arising out of or connected with, or claimed to arise out of or to be connected with, any act performed or omitted to be performed under this Agreement or otherwise relating to the business or affairs of Company or its Affiliates, provided such act or omission was taken in good faith by such Covered Person and did not constitute gross negligence or willful misconduct on the part of the relevant Covered Person.
    2. Subject to clauses 4(b) and  5(c), neither party shall be liable to the other under (or in connection with) the Agreement (whether for breach of contract, negligence, misrepresentation, statutory duty or otherwise) and regardless of the nature of the claim, for any amounts in the aggregate exceeding $15,000, or the last three full months of fees paid under this Agreement by the Company, whichever is lower. 
    3. Notwithstanding clause 5(b), nothing in this Agreement either limits or excludes the liability of: (i) either Party in relation to an indemnity given by it under section 6; or (ii) the Company for its section 2 payment obligations. Further, the parties agree that nothing in this Agreement is intended to or has the effect of limiting or excluding liability in any way or to an extent that is prohibited by applicable law.
  6. Indemnification.
    1. Indemnification by POI. POI will indemnify, hold harmless and defend the Company from and against any and all Losses arising out of or relating to any claim from a third party (other than one of the Company’s Affiliates) arising from or relating to any proven infringement of the intellectual property rights of such third party by the Company’s use of the Services in accordance with this Agreement. This indemnity is subject to the Company (i) providing POI with prompt written notice of any claim; (ii) providing POI with sole control and defense of the claim, including any settlement; (ii) not making any admission of liability or otherwise knowingly acting in any manner which prejudices POI’s ability to fully defend the claim; (iii) providing POI with any reasonable cooperation POI requires. POI may (at any time) in POI’s sole discretion: (i) modify the Service so that it no longer infringes or misappropriates, (ii) obtain a license for the Company’s continued use of that Service in accordance with this Agreement, or (iii) terminate the Company’s subscription or other use to that Service upon written notice and refund the Company any prepaid fees or relating to such part of the Services which have not been provided by the effective date of termination. This section 6(a) shall not apply to the extent the relevant claim arises as a result of any: (i) use or exploitation of the Services by the Company or any of its authorized user in any manner which breaches this Agreement; or (ii) combination or integration of the Services with anything not provided by POI where such combination or integration of the Services is not otherwise contemplated by this Agreement.
    2. Indemnification by The Company. The Company will indemnify, keep indemnified, hold harmless and defend POI from and against any and all Losses arising out of or relating to any and all liabilities, damages, losses, costs, fees (including legal fees), and expenses relating to any third-party legal proceeding to the extent arising from (a) any Content or Data routed into or used with the Services solely by the Company, Service Users or anyone acting on the Company’s behalf, (b) the Company’s misuse or Service User’s misuse of the Services, or (c) the Company’s violation or Service User’s violation of this Agreement.
  7. Amendment; Waiver. Except as otherwise provided herein, this Agreement may be amended, and any right or claim hereunder waived, only by a written instrument signed by POI and Company. 
  8. Governing Law and Dispute Resolution.
    1. This Agreement and all acts and transactions pursuant hereto and the rights and obligations of the parties hereto and any claim therefrom shall be governed, construed and interpreted in accordance with the laws of the State of Delaware, without giving effect to principles of conflicts of law.  Each of the parties to this Agreement consents to the exclusive jurisdiction and venue of United States District Court for the Eastern District of Virginia or the Circuit Court of Virginia, County of Fairfax. The parties waive any objection based on Forum Non Conveniens and any objection to venue in connection therewith.
    2. Each party hereby irrevocably waives, to the fullest extent permitted by applicable law, any and all right to trial by jury in any legal proceeding arising out of or relating to this Agreement or the transactions contemplated hereby.
    3. All notices required or shall be deemed to have been duly given when delivered e-mail with delivery receipt.
  9. Definitions

In this Agreement, capitalized terms shall have the meanings set out below or if not defined herein, the meanings set forth elsewhere in the Agreement:

Affiliate” an entity that directly or indirectly controls, is directly or indirectly controlled by, or is under common direct or indirect control with, a party. For purposes of this Agreement, “control” of any entity shall mean ownership of a majority of the voting equity interests or profit interests in such entity.

Content” messages, information, data, text, software, music, audio, photographs, graphics, video, messages or other materials stored or transmitted via the Services in any medium.

Fees” the charges payable for the Services including but not limited to Recurring Fees, Non-Recurring Fees and One-Time Fees.

Fine” any and all fines, penalties, refunds, charges, debits, deductions, legal fees and costs incurred by or other sums payable to a Service Provider or regulator.

Losses” all losses, damages, liabilities, costs, expenses, Fines and penalties (including without limitation reasonable legal fees and costs).

Non-Recurring Fees includes but is not limited to usage based fees and any Service Provider pass through fees.

One-Time Fees” one-off fees, including but not limited to set-up fees.

Recurring Fees non-usage based fees, including but not limited to minimum fees and lease fees..

Service(s)” services provided by POI under the Agreement, including but not limited to the Company’s use of and access to the platform, software (including any and all software development kits, API and all other software and tools provided to the Company) and/or documentation.

Agreement” means these General Terms of Service, (applicable to agreements with an EU nexus only or if otherwise agreed between the parties) the Data Processing Policy and any Service Order, and other document(s) signed by both Parties, referencing the Agreement.

Service Order the document provided by POI (and entered into by both the Company and POI) which details the applicable Services, Fees and other Service related terms.

Service Provider” any entity (including without limitation, a mobile network operator, mobile virtual network operator, signaling provider, messaging aggregator or hosting provider, that directly or indirectly provides a service to POI or any of its Affiliates) that is used in relation to the provision of any of the Services.

Service User means any user of the Services, whether or not the Company has a contractual relationship with such user including (without limitation) any of the Company’s customers (or any other third Parties to whom the Services are subsequently resold or made available) or any of the Company’s Affiliates, suppliers, employees, contractors, agents.

 

Schedule A

Data Processing Policy

 

This Data Processing Policy (“Policy”) sets out the terms and conditions that will apply to the processing of personal data by POI on behalf of the Company, in connection and in furtherance with the Agreement.  This Policy contains the mandatory clauses required by Article 28(3) of the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) for contracts between controllers and processors.

AGREED TERMS

  1.       Definitions and interpretation

1.1 In this Policy, the term ‘Data Protection Legislation’ means all applicable privacy and data  protection  laws  including:  (i)  any  data  protection legislation  from  time  to  time  in  force  in  the  UK and European Union  including  the UK Data Protection Act 2018 or any successor legislation; (ii) (for so long as and to the extent that the law of the European Union has legal effect in the UK) the GDPR and any other directly applicable European Union regulation relating to privacy, as amended, replaced or updated from time to time.

1.2   The terms ‘controller’, ‘processor’, ‘personal data’, ‘data subject’, ‘Special Categories of Personal Data’ and ‘processing’ shall have the meaning set out in the Data Protection Legislation (and the terms Process and Processed shall be construed accordingly).

1.3      This Policy is subject to the Agreement and is incorporated into the Agreement. Interpretations and defined terms set forth in the Agreement apply to the interpretation of this Policy.

1.4 In the case of conflict or ambiguity between any of the provisions of this Policy and the provisions of the Agreement, the provisions of this Policy will prevail.

1.5 A reference to writing or written includes email.

  1.       Personal data types and processing purposes

2.1 The Company and POI acknowledge that for the purpose of the Data Protection Legislation, the Company is the ‘controller’ and POI is the ‘processor’.  POI and the Company shall each comply with all Data Protection Legislation in processing personal data in connection with the Agreement.

2.2 The Company retains control of the personal data and remains responsible for its compliance obligations under the applicable Data Protection Legislation, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to POI.  The Company shall comply with all of POI’s reasonable security rules and regulations in place from time to time in respect of access to and use of the Services including those relating to restrictions on password use.   POI shall own anonymized aggregate results derived from the Company data used specifically for market level research and analytics.

2.3 This clause describes the subject matter, duration, nature and purpose of processing and the personal data categories and data subject types in respect of which POI may process in connection with the Agreement.

  1.     Subject matter of processing: processing of personal data in connection with the provision of the Services under the Agreement;
  2.         Duration of Processing: for the duration of the Agreement;

iii.     Nature of Processing: the processing of personal data as provided by the Company utilizing text algorithms that apply analytical techniques to clean, aggregate, restructure, and transform raw data, and to summarize a data subject’s data footprint with aggregated insights and results from the data provided. The aggregated insights are ascertained by analysing data using segmentation and predictive algorithms, including regression, classification and clustering information to enable better decision making.  POI may store anonymized and/or enriched impact data on a blockchain. The Company may opt out of such tokenization of such enriched impact data.

POI will undertake best efforts to store personal data provided by Company in respect of the Services in accordance with any reasonable written instructions received by POI from Company.

  1.       Purpose: for the purpose of providing the Services under the Agreement;
  2.     Personal Data Categories: As a general proposition, POI does not process personal data. However, if such processing on the part of POI occurs either per specific instruction of the Company or inadvertently, such personal data this may include name, Agreement details, date of birth, residence and domicile and any other details that the Company provides to POI.  The Company agrees that it shall ensure that no Special Categories of Personal Data (or “sensitive personal data”) are provided to, or collected by, POI in connection with the Agreement and the Company’s clients and prospective clients.
  3.       POI’s obligations

3.1   Without prejudice to the generality of clause 2.1, POI shall, in relation to any personal data processed in connection with the performance by POI of its obligations under the Agreement:

(a)      process that personal data only on the written instructions of the Company unless POI is required by Applicable Laws to otherwise process that personal data.  Where POI is relying on laws of a member of the UK, the European Union or European Union law as the basis for processing personal data, POI shall promptly notify the Company of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit POI from so notifying the Company;

(b)      ensure  that  it  has  in  place  appropriate  technical  and organisational measures to protect against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorized or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures;

(c)      ensure that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential; and

(d)      where such personal data processed is subject to the Data Protection Legislation, not transfer any personal data outside of the European Economic Area unless the prior written consent of the Company has been obtained and the following conditions are fulfilled:

(i)              the Company or POI has provided appropriate safeguards in relation to the transfer;

(ii)              the data subject has enforceable rights and effective legal remedies;

(iii)             POI complies with any obligations it may have under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and,

(iv)             POI   complies with reasonable instructions notified to it in advance by the Company with respect to the processing of the personal data;

(e)      assist the Company, at the Company’s cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

(f)      notify the Company without undue delay on becoming aware of a personal data breach;

(g)      at the written direction of the Company, delete or return personal data and copies thereof to the Company on termination of the Agreement unless required by Applicable Law to store the personal data; and

(h)      maintain complete and accurate records and information to demonstrate its compliance with this clause 3.

3.2 POI will conduct site audits of its personal data processing practices and the information technology and information security controls for all facilities and systems used in complying with its obligations under this Policy, including, but not limited to, obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm based on recognized industry best practices.

3.3 POI may only authorize a third party (subcontractor) to process the personal data in connection with the Agreement if:

  1.     the Company is provided with an opportunity to object to the appointment of each subcontractor within 5 days after POI supplies the Company with full details regarding such subcontractor;
  2.     POI enters into a written contract with the subcontractor that contains terms substantially the same as those set out in this Policy, in particular, in relation to requiring appropriate technical and organisational data security measures, and, upon the Company’s written request, provides the Company with copies of such contracts;

iii.        POI maintains control over all personal data it entrusts to the subcontractor;

and

  1.       the subcontractor’s contract terminates automatically on termination of Contract for any reason.

3.4 Where the subcontractor fails to fulfil its obligations under such written agreement, POI remains fully liable to the Company for the subcontractor’s performance of its agreement obligations.

  1.       Term and termination

4.1 This Policy will remain in full force and effect so long as:

  1.         the Agreement remains in effect; or
  2.     POI retains any personal data related to the Agreement in its possession or control.

4.2 Any provision of this Policy that expressly or by implication should come into or continue in force on or after termination of the Agreement in order to protect personal data will remain in full force and effect.