ReposiTrak

Park City Group

Last Updated Date January 25, 2022

These Terms and Conditions (this “Agreement “), constitutes the binding, legal agreement between ReposiTrak, Inc. (“ReposiTrak “, “we “, “us “, or “our “) and the Person identified on or in connection with this Agreement (“you“) and governs your access to and use of the ReposiTrak Services. Capitalized terms used in this Agreement will have the meanings set forth for these terms in the introductory paragraphs below and in Appendix A attached hereto.

This Agreement may be accepted by (1) you clicking a box indicating acceptance when it is presented to you when accessing the Services online; (2) you and ReposiTrak or PCG, as applicable to the specific Services, fully executing a Subscription Agreement that incorporates this Agreement; or (3) you accessing or using any part of the Services.

  1. The Services

1.1. ReposiTrak Services. The ReposiTrak Services are those services set forth in a Services Description which you accept or acknowledge by clicking a box indicating acceptance of a specific Service when it is presented to you when accessing the Services online; or (2) you and ReposiTrak fully executing a Subscription Agreement describing the Services (collectively, the “ReposiTrak Services “).

1.2. Accessing the Cloud-Based Services.

1.2.1. Access to Cloud-Based Services. Subject to and conditioned on your and your Authorized Users’ compliance with the terms and conditions of this Agreement and any applicable Subscription Agreement, during the Term, we will use commercially reasonable efforts to provide you and your Authorized Users with access to the cloud-based Services, for which you subscribed and paid to access, twenty-four (24) hours per day, seven (7) days per week, fifty-two (52) weeks per year, except for: (a) Scheduled Downtime, (b) Service downtime or degradation due to a Force Majeure Event, (c) any other circumstances beyond our reasonable control, including your or any Authorized User’s use of Third Party Materials, misuse of the Services or use of the Services other than in compliance with this Agreement and the Documentation, or (d) any suspension or termination of your or any Authorized User’s access to or use of the Services as permitted by this Agreement. This Section 1.2.1 only applies to Services involving you accessing software on our servers, and expressly excludes any (i) non-software Services or (ii) Services involving software hosted on your, or your designee’s, computers, servers or the like.

1.2.2. Access Credentials and Authorized Users. You and your Authorized Users will create your own password(s), and may receive additional Access Credentials, which must be used in order to access and use the Services. You agree that any information you provide in creating login accounts is complete and accurate, and you agree to keep it up to date. For example, we provide some notices by email to your login account, and you agree to keep that email current and valid as a method for providing notices under this Agreement. Each Authorized User who accesses the Services through your login account(s) must be your employee, consultant, contractor or agent. Authorized User subscriptions are for named Authorized Users only and cannot be shared or used by more than one Authorized User, but may be transferred to new Authorized Users from Authorized Users who no longer require ongoing use of the Services, for example, when the employee with access to the Website is replaced by a new employee.

1.2.3. Controls and Additional Responsibilities.

1.2.3.1. Controls. You will employ all physical, administrative and technical controls, screening and security procedures and other safeguards necessary to: (a) securely administer the distribution and use of all Access Credentials and protect against any unauthorized access to or use of the Services; and (b) control the content and use of User Data, including the uploading or other provision of User Data for the Services.

1.2.3.2. Responsibility. You have and will retain sole responsibility for: (a) all User Data, including its content and use (including any use by us in accordance with this Agreement); (b) all information, instructions and materials provided by or on behalf of you and any Authorized User in connection with the Services; (c) your information technology infrastructure, including computers, software, databases, electronic systems (including database management systems) and networks, whether operated directly by you or through the use of third-party services (“Your Systems“); (d) the security and use of your and your Authorized Users’ Access Credentials; and (e) all access to and use of the Services and Materials directly or indirectly by or through Your Systems or your or your Authorized Users’ Access Credentials, with or without your knowledge or consent, including all results obtained from, and all conclusions, decisions and actions based on, such access or use.

1.2.4. Program Data. The Services may include us providing you with access to certain Program Data in connection with your access to the applicable Services. Provided that you remain in compliance with this Agreement, we hereby grant to you the non-exclusive, non-transferable, revocable license to access and use, during the Term, the Program Data for your internal business operations and analysis only, and you may not sublicense, distribute, sell or otherwise transfer the Program Data, except that you may disclose Program Data to your third party consultants, solely for use in connection with your internal business. Any consultant receiving Program Data will be subject to the restrictions contained in this Agreement, and you will be responsible for ensuring that each consultant which obtains Program Data is aware of and complies with the terms of this Agreement.

1.2.5. Technical & Maintenance Support Services. We will provide you with technical and maintenance support services in accordance with our Technical & Support Infrastructure Manual on the Website, as amended from time to time.

1.3. Services and System Control. Except as otherwise expressly provided in this Agreement, as between the parties:

1.3.1. Control. We have and will retain sole control over the operation, provision, maintenance and management of the Services and Materials, including the: (a) Systems; (b) location(s) where any of the Services are performed; (c) selection, deployment, modification and replacement of the Services Software; and (d) performance of Services maintenance, upgrades, corrections and repairs; and

1.3.2. You have and will retain sole responsibility for all access to and use of the Services and Materials by any Person by or through Your Systems or any other means controlled by you and your Authorized Users, including any: (i) information, instructions or materials provided by any of them to the Services or us; (ii) results obtained from any use of the Services or the Materials; and (iii) conclusions, decisions or actions based on such use.

1.4. Changes. We reserve the right, in our sole discretion, to make any changes to the Services and Materials that we deem necessary or useful to: (a) maintain or enhance (i) the quality or delivery of Services to our customers, (ii) the competitive strength of or market for the Services or (iii) the Services’ cost efficiency or performance; or (b) to comply with applicable Law.

1.5. Subcontractors. We may from time to time in our discretion engage third parties to perform the Services (“Subcontractors“), including, without limitation, using Subcontractors to provide hosting, data storage, technical support or other services.

1.6. Suspension or Termination of Services. We may, directly or indirectly, and by use of a Disabling Device or any other lawful means, suspend, terminate or otherwise deny your, any Authorized User’s or any other Person’s access to or use of all or any part of the Services or Materials, without incurring any resulting obligation or liability, if: (a) we receive a judicial or other governmental demand or order, subpoena or law enforcement request that expressly or by reasonable implication requires us to do so; or (b) we believe, in our reasonable discretion, that you or any Authorized User: (i) has failed to comply with any term of this Agreement; (ii) has accessed or used the Services beyond the scope of the rights granted or for a purpose not authorized under this Agreement or in any manner that does not comply with any Documentation; or (iii) you or any Authorized User is, has been, or is likely to be involved in any fraudulent, misleading or unlawful activities; (c) your use of the Services disrupts, or threatens to disrupt, use of the Service by other subscribers; or (d) this Agreement expires or is terminated. This Section 1.6 does not limit any of our other rights or remedies whatsoever, including any rights or remedies at law, in equity or under this Agreement.

1.7. Fees.

1.7.1. You will pay us the fees for the ReposiTrak Services as set forth in the Billing Summary or Subscription Agreement. You represent and warrant that you have all necessary authorization to purchase and will pay for the Services.

  1. Data Privacy and Confidentiality

2.1. Privacy.

2.1.1. Data Protection Commitment. ReposiTrak undertakes to Process Personal Data pursuant to all applicable requirements under the EU General Data Protection Regulation (“GDPR“), including adherence to security measures required pursuant to Article 32 of the GDPR.

2.1.2. Data Processing Role. You and ReposiTrak acknowledge that for the purposes of GDPR compliance and this Agreement, ReposiTrak is the Data Controller.

2.1.3. Data Processing. ReposiTrak undertakes to process the Personal Data pursuant to all applicable requirements under the GDPR. Exhibit A sets out the subject-matter, nature and purpose of Processing undertaken by ReposiTrak, as well as the duration of Processing and the types of Personal Data and categories of Data Subject Processed.

2.1.4. Confidentiality. ReposiTrak agrees to require its employees, Processors, and contractors to be subject to confidentiality undertakings in relation to Personal Data.

2.1.5. Security. ReposiTrak shall, in relation to Personal Data, implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to prevent accidental or unlawful destruction, loos, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed. ReposiTrak publishes a SOC2 Type II report that attests to compliance with criteria relevant to security, availability, processing integrity and confidentiality.

2.1.6. Third-party Service Providers. ReposiTrak may engage third-party service providers (“Processors“) to Process Personal Data to facilitate its provision of ReposiTrak Services. ReposiTrak agrees to carry out due diligence to ensure its Processors are capable of providing the level of protection required under the GDPR and applicable data protection law, including implementing appropriate technical and organizational measures for Processing the Personal Data and ensuring protection of the rights of Data Subjects.

2.1.7. Data Transfer to Third Countries or International Organizations. You authorize ReposiTrak to transfer your Personal Data to a third country or international organization to Process the Personal Data on condition that ReposiTrak ensures adequate protections are in place as required under the GDPR for such transfer as per Appendix 1. ReposiTrak is in the process of certifying with the U.S. Department of Commerce that it adheres to the privacy shield principles for the EU-U.S. Privacy Shield Framework and complies with its requirements regarding the collection, use, and retention of personal information transferred from the European Union to the United States.

2.1.8. Rights of Data Subjects. ReposiTrak complies with the rights of Data Subjects under the GDPR or applicable law and will respond to a Data Subject’s exercise of rights accordingly.

2.1.9. Data Breach and Other Compliance Obligations. In the event of any Personal Data Breach or compromise of the security confidentiality or integrity of the Personal Data, ReposiTrak will inform you of the breach as required under applicable law. In addition, ReposiTrak will make available all information necessary to demonstrate or maintain compliance with data protection, as required under applicable law.

2.1.10. Retention of Data. Personal Data shall be retained by ReposiTrak for a reasonable time in accordance with its provision of Services. Upon request, ReposiTrak shall provide specific information on how its retention policy applies to the Personal Data provided by you. Upon termination of ReposiTrak’s Services under this Agreement, and upon request by you, ReposiTrak shall return the Personal Data provided by you if such request is made to ReposiTrak within 30 days. After 30 days, ReposiTrak shall perform its standard delete function. The Personal Data will only be further retained as allowed under applicable law or required under regulatory provisions mandating record retention.

2.2. Confidentiality.

2.2.1. The Recipient hereby agrees that it will not use or disclose any Confidential Information received from the Discloser other than as expressly permitted under the terms of this Agreement or as expressly authorized in writing by the Discloser. The Recipient will use the same degree of care to protect the Discloser’s Confidential Information as it uses to protect its own confidential information of like nature, but in no circumstances less than reasonable care. The Recipient will not disclose the Discloser’s Confidential Information to any person or entity other than Recipient’s officers, principals, employees and subcontractors who need access to such Confidential Information in order to effect the intent of this Agreement and who are bound by confidentiality terms no less restrictive than those in this Agreement.

2.2.2. The restrictions set forth in Section 2.2.1 will not apply to any Confidential Information that the Recipient can demonstrate (a) was known to it prior to its disclosure by the Discloser; (b) is or becomes publicly known through no wrongful act of the Recipient; (c) has been rightfully received from a third party authorized to make such disclosure without restriction; (d) is independently developed by the Recipient; (e) has been approved for release by the Discloser’s prior written authorization; or (f) has been disclosed by court order or as otherwise required by law, provided that the party required to disclose the information provides prompt advance notice thereof, to the extent practicable or permitted by Law, to enable the Discloser to seek a protective order or otherwise prevent such disclosure. In addition, notwithstanding anything in Section 2.2.1 to the contrary, you acknowledge and agree that we may use and disclose (a) Supplier’s Confidential Information (including, without limitation, User Data other than credit card and bank account information) to Hubs (and any other Hubs in a products’ supply chain(s) as provided in Section 1.2.3.1) and their employees, agents, directors, trustees and officers in connection with our performance of the Services and our rights and obligations under this Agreement, (b) Confidential Information to our Affiliates, Subcontractors and their employees, agents, directors, trustees and officers, and (c) without limiting any of the foregoing, Confidential Information to third parties in connection with a product recall after providing you with written notice of, and a reasonable opportunity for you to directly make, the intended disclosure unless we are precluded by court order, applicable law or other legal process from providing such notice.

  1. Accessing and Using the Website and Services.

3.1. Limitations. You will not, and will not enable or knowingly allow any Person to access or use the Services or Materials except as expressly permitted by this Agreement and the Documentation. For purposes of clarity and without limiting the generality of the foregoing, you will not, except as this Agreement expressly permits: (a) modify, copy, create derivative works, reproduce or improve the Services or Materials in whole or in part; (b) reverse engineer, decompile, disassemble, decode, adapt or otherwise attempt to derive or gain access to the source code form or structure of the Service Software; (c) bypass or breach any security device or protection used by the Services or Materials other than by an Authorized User through the use of his or her own then valid Access Credentials, attempt to gain unauthorized access to the Services or Materials, or perform any penetration testing or security scans of the Services; (d) use the Services as a competitor or use the Services for competitive analysis or the development, provision or use of a competing software service or product or any other purpose that is to our detriment or commercial disadvantage; (e) provide, rent, lease, lend, license, sublicense, assign, distribute, publish, transfer or otherwise make available any Services or Materials to any Person, including on or in connection with the Internet or any time-sharing, service bureau, software as a service, cloud or other technology or service except as expressly authorized in a Supplier agreement; (f) input, upload, transmit or otherwise provide to or through the Services or Systems, any information or materials that are unlawful or injurious, or contain, transmit or activate any Harmful Code; (g) remove, delete, alter or obscure any proprietary notices or labels displayed on the Services or Materials; (h) damage, destroy, disrupt, disable, impair, interfere with or otherwise impede or harm in any manner the Services, Systems or our provision of services to any third party, in whole or in part; (i) access or use the Services or Materials in any manner or for any purpose that infringes, misappropriates or otherwise violates any Intellectual Property Right or other right of any third party (including by any unauthorized access to, misappropriation, use, alteration, destruction or disclosure of the data of any other subscriber), or that violates any applicable Law; (j) harass, threaten, intimidate, impersonate or attempt to impersonate any other person, falsify your contact or other information, misrepresent a relationship with any Person or otherwise attempt to mislead others as to the identity of the sender or the origin of any content or communication; (k) knowingly provide or submit false or misleading information; (l) use the Services if you are under the age of eighteen (18); (m) sell, share, or otherwise transfer your account username, password or other information, or your rights or obligations under this Agreement except as expressly permitted by this Agreement; or (n) use the Services for any unlawful purpose. You will (i) ensure that your Authorized Users comply with this Agreement; (ii) use commercially reasonable efforts to prevent unauthorized access to or use of the Services and Materials; and (iii) use the Services only in accordance with the Documentation and applicable Laws.

3.2. Corrective Action and Notice. If you become aware of any actual or threatened activity prohibited by Section 3.1, you will, and will cause your Authorized Users to, immediately: (a) take all reasonable and lawful measures within their respective control that are necessary to stop the activity or threatened activity and to mitigate its effects (including, where applicable, by discontinuing and preventing any unauthorized access to the Services and Materials and permanently erasing from their systems and destroying any data to which any of them have gained unauthorized access); and (b) notify us of any such actual or threatened activity. Without limiting the foregoing, we may, in our sole reasonable discretion, delete any content that violates the terms and conditions of this Agreement or any Subscription Agreement, the Documentation or any of our policies relating to the Services.

3.3. Effect of Customer Failure or Delay. We are not responsible or liable for any delay or failure of performance caused in whole or in part by your delay in performing, or failure to perform, any of your obligations under this Agreement or any Subscription Agreement (each, a “Customer Failure”).

  1. Intellectual Property Rights

4.1. Consent to Use User Data . You hereby irrevocably grant all non-exclusive licenses, permissions and rights in or relating to User Data: (a) to us, our Subcontractors and the Personnel as are necessary or useful to perform the Services and any Supplemental Services; (b) to us as necessary or useful to enforce this Agreement and exercise our rights and perform our obligations hereunder. You represent, warrant and covenant that you own or otherwise have and will have the necessary rights and consents in and relating to the User Data so that, as received by us and used in accordance with this Agreement, they do not and will not infringe, misappropriate or otherwise violate any IP Rights, or any privacy or other rights of any third party or violate any applicable Law.

4.2. Reservation. Except as otherwise provided herein, this Agreement does not grant either party any rights, title or interest, implied or otherwise, to the other’s IP Rights. Except as expressly set forth in this Agreement, you own all IP Rights in your User Data and, as between us, we own all IP Rights in the Website, Services, our trademarks and Data. If you provide any suggestions, feedback, or improvements to the Website, and Services, we will have the right to use and have others use such suggestions, feedback, and improvements for any purpose.

  1. Suspension and Termination

5.1. Suspension of Services. In the event of non-payment for Services or of other fees due to ReposiTrak, after providing you with notice of non-payment, we also may temporarily suspend or terminate your access to the Services or withhold further performance of the Services.

5.2. Termination. We may terminate this Agreement and any Subscription Agreement, effective on written notice to you, if you breach any of your obligations under Section 2 or 3. Either party may terminate this Agreement and any applicable Subscription Agreement, effective on written notice to the other party, if the other party materially breaches this Agreement or the applicable Subscription Agreement, and such breach: (i) is incapable of cure; or (ii) being capable of cure, remains uncured thirty (30) days after the non-breaching party provides the breaching party with written notice of such breach; and (c) either party may terminate this Agreement and any applicable Subscription Agreement, effective immediately upon written notice to the other party, if the other party: (i) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (ii) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency Law; (iii) makes or seeks to make a general assignment for the benefit of its creditors; or (iv) applies for or has appointed a receiver, trustee, custodian or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.

5.3. Effect of Termination.

5.3.1. Upon expiration or termination of this Agreement for any reason (a) we will make your User Data available to you in accordance with Section 5.4 and return any documents to you within a reasonable time after we receive your written request, (b) we may disable access to the Services and Materials by you and your Authorized Users, and all applicable licenses and other rights granted to you and your Authorized Users will immediately terminate, and (c) you will immediately cease all use of the Services, Materials and our Confidential Information, and (i) within ten (10) days return to us, or at our written request destroy, all documents and tangible materials containing, reflecting, incorporating or based on Materials or our Confidential Information; and (ii) permanently erase all Materials and our Confidential Information from all systems you directly or indirectly control; and (iii) certify to us in a signed written instrument that you have complied with the requirements of this Section 5.3. Termination will not relieve you of the obligation to pay any fees due or payable to us prior to the effective date of termination, such as annual fees, implementation fees, training fees, or User subscription fees, and such fees will become immediately due and payable. Notwithstanding anything to the contrary in this Agreement, we may retain any of your Confidential Information to the extent and for so long as required by our document retention policies and applicable Law so long as we retain such Confidential Information in accordance with Section 2.2 of this Agreement.

5.4. Your Access to User Data after Termination. Except in the case of suspension of the Services or termination of this Agreement for nonpayment by you, we will make your User Data available to you for up to ninety (90) days after termination. After that ninety (90) day period, we will have no further obligation to make such data available to you and, except for the information we may maintain in accordance with our document retention policies and applicable Law, your User Data will be deleted consistent with our data retention policies and procedures. Should you desire longer term storage of your data, archival services are available.

  1. Disclaimers

6.1. Subject to your satisfaction of the requirements of the Agreement, we will make the Services available during the Term. THE FOREGOING WARRANTY IS EXCLUSIVE. THE SERVICES AND MATERIALS ARE PROVIDED “AS IS.” NOT WITHSTANDING ANYTHING IN THIS AGREEMENT OR ELSEWHERE TO THE CONTRARY, WE MAKE NO WARRANTIES, AND HEREBY DISCLAIM ALL WARRANTIES, OF ANY KIND, EITHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, REGARDING THE SERVICES AND THE MATERIALS OR THAT THE SERVICES OR MATERIALS WILL BE UNINTERRUPTED, ERROR FREE OR THAT ANY CONTENT, INCLUDING YOUR USER DATA, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE DISCLAIM ALL WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, TITLE OR ANY WARRANTIES ARISING OUT OF ANY COURSE OF DEALING OR USAGE. WITHOUT LIMITING THE FOREGOING, WE MAKE NO WARRANTY OF ANY KIND THAT THE SERVICES OR MATERIALS, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET THE REQUIREMENTS OF YOU, ANY AUTHORIZED USER OR ANY OTHER PERSON, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE OR ERROR FREE. ALL THIRD-PARTY MATERIALS AND PRODUCTS ARE PROVIDED “AS IS” AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD PARTY MATERIALS OR PRODUCTS IS STRICTLY BETWEEN YOU AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY MATERIALS OR PRODUCTS.

6.2. YOU ACKNOWLEDGE AND AGREE THAT NEITHER US NOR ANY SERVICES, THIRD-PARTY SERVICES, OR MATERIALS PROVIDED BY US WILL BE CONSTRUED AS US PROVIDING BUSINESS, FINANCIAL, INVESTMENT, LEGAL OR OTHER ADVICE TO YOU, USERS, OR ANY THIRD PARTY. EACH PARTY WILL BE SOLELY AND INDIVIDUALLY RESPONSIBLE TO COMPLY WITH ALL LAWS AND REGULATIONS RELATING TO ITS RESPECTIVE BUSINESS OPERATIONS.

  1. Mutual Indemnification

7.1. Our Indemnities.

7.1.1. We will defend, indemnify and hold you and each of your officers, directors, employees, agents, successors and assigns harmless against any Losses arising from or relating to a third party claim alleging that your use of the Services infringes or misappropriates any U.S. patent, copyright, or trade secret of a third party. The foregoing indemnity does not extend to claims arising from or relating to (i) third-party services or claims covered by your indemnification obligations under Section 7.2 of this Agreement, (ii) negligence or more culpable act or omission (including recklessness or willful misconduct) by a Person other than us, (iii) your breach of this Agreement, (iv) use of the Services in a manner not authorized by this Agreement or that does not conform with any usage instructions or guidelines in the Documentation; (iv) use of the Services in combination with any products, materials, equipment or services supplied by a Person other than us if the infringement or misappropriation would have been avoided by the use of the Services not so combined, or (iii) any modifications or changes to the Services by or on behalf of Persons other than us if the infringement would have been avoided without such modification or change. In the event of a claim or threatened claim, we at our sole option, may: (a) revise the Services so that they are no longer infringing, (b) obtain the right for you to continue using the Services, or (c) terminate this Agreement upon thirty (30) days prior written notice and refund any unused fees you have prepaid to us.

7.1.2. We will defend, indemnify and hold you and each of your officers, directors, employees, agents, successors and assigns harmless against any Losses arising from or relating to a third party claim (a) relating to allegation of facts that, if true, would constitute a breach by us of any of our representations, warranties, covenants or obligations under this Agreement; or (b) relating to gross negligence or more culpable act or omission (including recklessness or willful misconduct) by us in connection with this Agreement.

7.2. Your Indemnity. You will defend, indemnify and hold us, our Affiliates, and our Subcontractors, and each of the foregoing’s officers, directors, employees, agents, successors and assigns harmless against any Losses arising from or relating to a third party claim (a) relating to your User Data, including any use of User Data by or on behalf of us, our Subcontractors and our Affiliates in accordance with this Agreement; (b) relating to any other materials or information (including any documents, data, specifications, software, content or technology) provided by or on behalf of your or any Authorized User, including our compliance with any specifications or directions provided by or on behalf of you or any Authorized User to the extent prepared without any contribution by us; (c) relating to allegation of facts that, if true, would constitute a breach by you of any of your representations, warranties, covenants or obligations under this Agreement; (d) relating to gross negligence or more culpable act or omission (including recklessness or willful misconduct) by you, any Authorized User, or any third party on behalf of you or any Authorized User, in connection with this Agreement (e) alleging that modifications to the Services made by or on your behalf, or use of the Services by you or an Authorized User in breach of this Agreement infringes or misappropriates any U.S. patent, copyright, or trade secret or violates applicable law, or (f) relating to any Product offered for sale, sold or purchased by you in connection with the MarketPlace Services.

7.3. Procedures. The party seeking to be indemnified (the “Indemnified Party“) will give prompt written notice to the other party (the “Indemnifying Party“) of any claim for which indemnification may be required under this Agreement. The Indemnifying Party, at its own cost and expense, will be entitled to assume the defense and control of any such claim. Notwithstanding, the Indemnified Party will have the right to be represented by its own counsel at its own cost in such matters. Neither the Indemnifying Party nor the Indemnified Party will settle or dispose of any such matter in any manner that would adversely affect the rights or interests of the other party (including the obligation to indemnify hereunder) without the prior written consent of the other party, which will not be unreasonably withheld or delayed. Each party will reasonably cooperate with the other party and its counsel in the course of the defense of any such suit, claim or demand, such cooperation to include without limitation using reasonable efforts to provide or make available documents, information and witnesses.

7.4. Sole Remedy. You understand and acknowledge that the provisions set forth in this Section 7 REPRESENT THE SOLE AND EXCLUSIVE LIABILITY OF US AND YOUR EXCLUSIVE REMEDY FOR ANY TYPE OF CLAIM DESCRIBED IN THIS SECTION.

  1. Limitation of Liability

8.1. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL WE OR ANY OF OUR AFFILIATES, SUBCONTRACTORS, LICENSORS OR PRODUCT OR SERVICE PROVIDERS BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY AND OTHERWISE, FOR ANY: (A) LOSS OF PRODUCTION, USE, BUSINESS, REVENUE OR PROFIT, OR DIMINUTION IN VALUE; (B) LOSS RELATING TO A HUB’S COMPLIANCE PLAN’S FAILURE TO MEET ITS REQUIREMENTS OR COMPLY WITH APPLICABLE LAW; (C) ANY PROCUREMENT OF A SUBSTITUTE SERVICE OR GOODS OR SERVICES, (D) ANY INVESTMENTS, EXPENDITURES, OR COMMITMENTS MADE BY YOU IN CONNECTION WITH THIS AGREEMENT OR YOUR USE OR ACCESS TO THE SERVICES; OR (E) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE. FOR THE AVOIDANCE OF DOUBT, THIS SECTION 8, AND THE LIMITATIONS OF LIABLITY CONTAINED HEREIN SHALL NOT APPLY TO CLAIMS FOR INDEMNIFICATION BY EITHER PARTY PURSUANT TO SECTION 7 OF THE AGREEMENT.

8.2. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE COLLECTIVE AGGREGATE LIABILITY OF US OR ANY OF OUR AFFILIATES, SUBCONTRACTORS, LICENSORS OR PRODUCT OR SERVICE PROVIDERS UNDER OR IN CONNECTION WITH THIS AGREEMENT, THE APPLICABLE SUBSCRIPTION AGREEMENT AND/OR THEIR SUBJECT MATTER, UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY AND OTHERWISE, EXCEED THE GREATER OF THE FEES PAID OR PAYABLE TO US UNDER THE APPLICABLE SUBSCRIPTION AGREEMENT OR THIS AGREEMENT, OVER THE FIRST TWENTY-FOUR (24) MONTHS OF ITS TERM, BY YOU.

  1. Miscellaneous

9.1. Counterparts; Fax Signatures. This Agreement may be accepted as set forth in the introduction above. Any amendment may be executed simultaneously in any number of counterparts, each of which will be deemed an original, but all of which together constitute one and the same agreement. The parties agree that facsimile or electronic signatures are valid signatures for enforcement of this Agreement and any Supplemental Agreement.

9.2. Governing Law Arbitration; Venue. The validity, construction and interpretation of this Agreement and any Supplemental Agreement will be governed by the laws of the State of Utah. Except for the right of either party to apply to a court for a temporary restraining order, a preliminary injunction, or other equitable relief, any controversy, claim or action arising out of or relating to this Agreement and any Supplemental Agreement, including the determination of the scope or validity of this section, will be settled by binding arbitration in Salt Lake County, Utah before one arbitrator. The arbitration shall be administered by JAMS pursuant to its Comprehensive Arbitration Rules and Procedures and in accordance with the Expedited Procedures in those Rules. Judgment on the award may be entered in any court having jurisdiction. The parties consent to the jurisdiction and venue of the federal and state courts located in Salt Lake County, Utah for any action permitted under this paragraph, challenge to this paragraph, or judgment upon the award entered.

9.3. Waiver of Jury Trial. Each party irrevocably and unconditionally waives any right it may have to a trial by jury in respect of any legal action arising out of or relating to this Agreement, any Supplemental Agreement, and the transactions contemplated hereby and thereby.

9.4. Equitable Relief. You acknowledge and agree that a breach or threatened breach by you of any of your obligations under Section 2 or 3 of this Agreement would cause us irreparable harm for which monetary damages would not be an adequate remedy and agree that, in the event of such breach or threatened breach, we will be entitled to equitable relief, including a restraining order, an injunction, specific performance and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity or otherwise.

9.5. Assignment. You will not assign or otherwise transfer any of your rights, or delegate or otherwise transfer any of your obligations or performance, under this Agreement or any Supplemental Agreement, in each case whether voluntarily, involuntarily, by operation of law or otherwise, without our prior written consent, except that you may assign this Agreement and any Supplemental Agreement, without consent but upon written notice to us, in connection with any merger, consolidation or reorganization involving you. Any purported assignment, delegation or transfer in violation of this Section 9.5 is void. This Agreement and any Supplemental Agreement is binding upon and inures to the benefit of the parties hereto and their respective permitted successors and assigns.

9.6. Force Majeure. In no event will either party be liable or responsible to the other party, or be deemed to have defaulted under or breached this Agreement or any Supplemental Agreement, for any failure or delay in fulfilling or performing any term of this Agreement or any Supplemental Agreement (except for any payment obligation), when and to the extent such failure or delay is caused by any circumstances beyond such party’s reasonable control (a “Force Majeure Event”), including acts of God, flood, fire, earthquake or explosion, war, terrorism, invasion, riot or other civil unrest, embargoes or blockades in effect on or after the date of this Agreement or any Supplemental Agreement, national or regional emergency, strikes, labor stoppages or slowdowns or other industrial disturbances, passage of Law or any action taken by a governmental or public authority, including imposing an embargo, export or import restriction, quota or other restriction or prohibition or any complete or partial government shutdown, or national or regional shortage of adequate power or telecommunications or transportation. Either party may terminate this Agreement and any Supplemental Agreement if a Force Majeure Event affecting the other party continues substantially uninterrupted for a period of thirty (30) days or more.

9.7. Independent Contractors. The parties are and will remain independent contractors. Neither party has any authority to act on behalf of the other party nor to bind it, nor shall the parties be construed to be partners, employer-employee, or agents of each other.

9.8. Notices. (A) To You: We may provide any notice to you under this Agreement and any Subscription Agreement by email to you at the email address then associated with your account and will be effective upon posting or sending. We may also provide notice to you under this Agreement and any Subscription Agreement by (3) certified or registered mail, return receipt requested or (4) U.S. express mail, or national express courier with a tracking system, to the address then associated with your account, and will be effective upon delivery to your address then associated with your account. Accordingly, it is your responsibility to keep your contact information current. You will be deemed to have received any notice sent to the contact information associated with your account whether or not you actually receive it; (B) To Us: Notices given to us must be (1) by email to us at the following email address legal@parkcitygroup.com, or (2) in writing and delivered by (i) certified or registered mail, return receipt requested; or (ii) U.S. express mail, or national express courier with a tracking system, to Legal Dep’t, Park City Group, 5282 S Commerce Dr., Ste. D-292, Murray, UT 84107. Notices will be deemed given on the day actually received by us.

9.10. Entire Agreement. This Agreement, together with any applicable Subscription Agreement, constitutes the entire agreement between us and you with respect to the subject matter hereof; it supersedes all prior negotiations, agreements, and undertakings between the parties with respect to such subject matter.

9.11. Survival. Notwithstanding anything in this Agreement to the contrary, the introduction of this Agreement, Appendix A of this Agreement (and any definitions for terms set forth elsewhere in this Agreement) and Sections 1.2.4, 1.6, 1.7, 2, 3, 4, 5.4, 6, 7, 8 and 9 of this Agreement will survive expiration or termination of this Agreement and any Subscription Agreement.

9.12. Export Controls. By using the Services, you agree to comply with all applicable export and re-export restrictions and regulations of the United States Department of Commerce and of all other United States governmental and foreign agencies and authorities in connection with your use of the Services. In particular, but without limitation, the Services may not, in violation of any Laws, be exported or re-exported (1) into any United States-.embargoed country, or (2) to anyone on the United States Treasury Department’s list of Specially Designated Nationals or on the United States Department of Commerce’s Table of Denial Orders. You represent and warrant that you are not located in any such country and are not on any such list.

9.13. No Third-party Beneficiaries. Except as expressly provided otherwise in this Agreement or any applicable Supplemental Agreement, this Agreement and any applicable Supplemental Agreement are for the sole benefit of the parties hereto and their respective permitted successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other Person any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of this Agreement.

Appendix A

Definitions

  1. Access Credentials” means any user name, identification number, password, license or security key, security token, PIN or other security code, method, technology or device used, alone or in combination, to verify an individual’s identity and authorization to access and use the Services.
  2. Affiliate” means, with respect to any person or entity, any other person or entity that controls, is controlled by or is under common control with such person or entity. For purposes of this Agreement and any Supplemental Agreement, a person or entity shall be in “control” of an entity if it owns or controls at least fifty percent (50%) of the equity securities of the subject entity entitled to vote in the election of directors (or, in the case of an entity that is not a corporation, for the election of the corresponding managing authority), or otherwise has the power to control the management and policies of such other entity
  3. Authorized User” means your employees, consultants, contractors or agents who (a) you identify when setting up your account using the Services, and (b) who have a bona fide need to access and use the Services.
  4. Billing Summary” means our document setting forth the fees and other applicable payment terms for the Services. The Billing Summary will be provided online in connection with your subscription to the Services.
  5. Confidential Information” means any and all information disclosed by either party (the “Discloser“) to the other (the ” Recipient“), which is marked “confidential” or “proprietary” or which should reasonably be understood by the Recipient to be confidential or proprietary, including, but not limited to, User Data, any information that relates to business plans, services, marketing or finances, research, product plans, products, developments, inventions, processes, designs, drawings, engineering, formulae, markets, software (including source and object code), hardware configuration, computer programs, and algorithms of the Discloser. Our Confidential includes all Materials and the financial terms and existence of this Agreement.
  6. Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  7. Data” means data about the configuration and use of the Services, and information provided to you only via login at the Website other than as derived from User Data.
  8. Data Subject” means an identifiable natural personal who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  9. Disabling Device” means any software, hardware or other technology, device or means (including any back door, time bomb, time out, drop dead device, software routine or other disabling device) used by us or our designee to disable access to or use of the Services automatically with the passage of time or under the positive control of us or our designee.
  10. Documentation” means any manuals, instructions or other documents or materials that we provide or make available to you in any form or medium and which describe the functionality, components, features or requirements of the Services or Materials, including any aspect of the installation, configuration, integration, operation, use, support or maintenance thereof.
  11. Harmful Code” means any software, hardware or other technology, device or means, including any virus, worm, malware or other malicious computer code, the purpose or effect of which is to (a) permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede in any manner any (i) computer, software, firmware, hardware, system or network or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality or use of any data processed thereby, or (b) prevent you or any Authorized User from accessing or using the Services or Systems as intended by this Agreement. Harmful Code does not include any Disabling Device.
  12. IP Rights” means all current and future worldwide intellectual property rights under patent law, copyright law, trade secret law, trademark law, moral rights law, and other similar rights.
  13. Losses” means any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs or expenses of whatever kind, including reasonable attorneys’ fees and the costs of enforcing any right to indemnification under this Agreement and any Supplemental Agreement and the cost of pursuing any insurance providers.
  14. Materials” means the Service Software, Documentation, Systems, any samples or templates (e.g., indemnification or hold harmless forms) provided in connection with the Technical Support, Program Data, and any and all other information, data, documents, materials, works and other content, devices, methods, processes, hardware, software and other technologies and inventions, including any deliverables, technical or functional descriptions, requirements, plans or reports, that are provided or used by us or any Subcontractor in connection with the Services or otherwise comprise or relate to the Services or Systems. For the avoidance of doubt, Materials include Anonymous Data, Program Data and any information, data or other content derived from our monitoring of your access to or use of the Services, but do not include User Data.
  15. Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’).
  16. Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  17. Personal Information” means any information relating to an identified or identifiable natural person (“Individual”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Under specific laws, personal information may include any information relating to a household.
  18. Personnel” means all individuals involved in the performance of Services as employees, agents or independent contractors of us or any Subcontractor.
  19. Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  20. Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  21. Program Data” means certain data that we, in our sole discretion, make accessible to customers through the Services. Program Data is our Confidential Information.
  22. Scheduled Downtime” means scheduled downtime for routine maintenance of the Services.
  23. Services” means the services and items we provide under this Agreement and any applicable Subscription Agreement. You may only access the specific Services that you specifically subscribe to when entering into this Agreement and any applicable Subscription Agreement. The main functions of the Services are described in the Documentation
  24. Systems” means the information technology infrastructure used by or on behalf of us in performing the Services, including all computers, software, hardware, databases, electronic systems (including database management systems) and networks, whether operated directly by us or through the use of third-party services.
  25. Territory” means the United States.
  26. Third Party Materials” means materials and information, in any form or medium, including any open-source or other software, documents, data, content, specifications, products, equipment or components of or relating to the Services that are not proprietary to us.
  27. User Data” means the information, data and content submitted by Users into the Services, including information derived from such submissions, account information, credit card information, bank account information, accounting information, transactions and reports.
  28. Website(s)” means parkcitygroup.com, repositrak.com or any subsequent website used by us to provide the Services.

EXHIBIT A

SCOPE OF PROCESSING

This Exhibit A details the scope of the processing of personal data as required under Article 28(3) of the GDPR.

  1. SUBJECT-MATTER OF THE PROCESSING
  • Business-to-business communication
  • ReposiTrak platform
  • Related services
  1. NATURE AND PURPOSE OF THE PROCESSING
  • Compliance and risk management
  • ReposiTrak Marketplace®
  • Supply-chain solutions
  • Technical support
  • Customer service
  • Marketing
  • Education and informational services
  • Web analytics
  • Security monitoring
  • Payments
  1. TYPES OF PERSONAL DATA
  • Contact information e.g. name, address, phone number, email address
  • Payment information
  • Information related to employment e.g. employer name, employer address, job title, job role
  • Compliance information relevant to meeting compliance standards for a specific compliance program
  • Supply-chain information
  • Technical information e.g. IP address, device ID, locale, language, browser type
  • Navigational information e.g. options selected on a website
  1. CATEGORIES OF DATA SUBJECT
  • Hub Representatives
  • Hub Employees
  • Hub Customer Representatives
  • Supplier Representatives
  • Supplier Employees
  • Other Supply Chain Representatives
  1. DURATION OF THE PROCESSING

The duration of the processing shall be for the time period required for ReposiTrak to fulfil its obligations for services rendered under the Agreement.