CharityLogic Software Service Agreement

Last updated March 2022:

ATTENTION: Please read this Software Service Agreement (the “Agreement”) carefully which sets forth the legally binding terms of use of the CharityLogic software service known as “iCarol” (the “Service”) including limitations on representations, warranties, remedies and liabilities.

THIS IS A LEGAL AGREEMENT BETWEEN YOU, THE END USER, OR ON BEHALF OF ALL END USERS IN YOUR ORGANIZATION (COLLECTIVELY THE “CUSTOMER”, “YOU” OR “YOUR”) AND IF YOU ARE LOCATED IN THE UNITED STATES OR ANYWHERE ELSE OUTSIDE OF CANADA, CHARITYLOGIC CORPORATION, OR IF YOU ARE LOCATED IN CANADA, CHARITYLOGIC INC. (“CHARITYLOGIC”). YOUR ACCEPTANCE IS ON BEHALF OF ANY CORPORATE ENTITY THAT EMPLOYS YOU OR WHICH YOU REPRESENT. YOUR ACCEPTANCE IS IN RESPECT OF ANY SERVICE WHICH YOU ACCESS AND ANY SUBSEQUENT ADD-ON TO THAT SERVICE WHICH OCCURS BEYOND THE DATE OF YOUR INITIAL ACCEPTANCE OF THIS AGREEMENT, HOWEVER EVIDENCED. IF YOU ARE AN EMPLOYEE, CONTRACTOR, OR OTHERWISE USING THE SERVICE ON BEHALF OF AN ORGANIZATION OR ANY OTHER THIRD PARTY, YOU REPRESENT AND WARRANT TO CHARITYLOGIC THAT:

A. YOU ARE THE AGE OF MAJORITY IN YOUR JURISDICTION;
B. YOU HAVE ALL REQUISITE CAPACITY, RIGHT, POWER AND AUTHORITY TO ACCEPT THIS AGREEMENT ON BEHALF OF SUCH ENTITY; AND
C. SUCH ENTITY SHALL BE IRREVOCABLY BOUND BY AND SHALL COMPLY WITH ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT.

IF YOU DO NOT ACCEPT THE TERMS AND CONDITIONS OF THIS AGREEMENT, PLEASE DO NOT SIGN ON, ACCESS OR IN ANY WAY USE THE SERVICE. IF YOU OR ANY USERS OR ANY AUTHORIZED THIRD PARTIES ON YOUR BEHALF, SIGN ON, ACCESS OR USE THE SERVICE OR ACCESS OR USE ANY SUBSEQUENT ADD-ON TO ANY SERVICE IN ANY WAY, YOU WILL BE CONSIDERED TO HAVE ACCEPTED AND AGREED TO THESE TERMS AND CONDITIONS.

1. Definitions

The following terms and conditions shall have the meaning set out below:

a) “Confidential Information” means, with respect to a party hereto, all information or material which: is (A) marked “Confidential,” “Restricted,” or “Proprietary Information” or other similar marking, (B) known by the parties to be considered confidential, proprietary, or is confidential under federal or state law or (C) which should be known or understood to be confidential or proprietary by an individual exercising reasonable commercial judgment in the circumstances. Confidential Information of CharityLogic shall include, without limitation, the Software, the Documentation, Data Schema and any information with respect to the Service that CharityLogic may provide to Customer from time to time, including without limitation, the terms and conditions of this Agreement and all information disclosed by CharityLogic or its service providers relating to the security of its facilities, computer systems and products. With respect to Professional Services that consist of CharityLogic’s data replication service, such service is only for the purpose of providing data replication service on behalf of Customer and the associated source code, other software, database schema, and other technical information related to such data replication service is confidential and proprietary. Confidential Information does not include information to the extent that such information: (i) is or becomes generally known to the public by any means other than a breach of the obligations of a receiving party hereunder; (ii) was previously known to the receiving party as evidenced by its written records; (iii) is rightly received by the receiving party from a third party who is not under an obligation of confidentiality; or (iv) is independently developed by the receiving party without reference to or use of the other party’s Confidential Information and which such independent development can be established using evidence that would be acceptable to a court of competent jurisdiction. For the avoidance of doubt, Confidential Information excludes any information that is protected by applicable law, statute or regulation, including without limitation, HIPAA, which shall be governed by the terms of a Business Associate Addendum attached hereto as Schedule B and the terms of Section 11.

b) “Content” means all data, including without limitation all text, sound, video, image files, and software that is provided by or on behalf of Customer to CharityLogic or its service provider and all other content transmitted, posted, received or created through Customer’s use of the Service or the Software. Content does not include Professional Services Data.

c) “DPA” shall have the meaning set out in Schedule “A”.

d) “Data Protection Requirements” means the GDPR, Local EU/EEA Data Protection Laws, and any applicable laws, regulations, and other legal requirements relating to (a) privacy and data security; and (b) the use, collection, retention, storage, security, disclosure, transfer, disposal, and other processing of any Personal Information.

e) “Data Storage Limit” means the amount of data storage purchased by Customer as specified in Schedule “A” of this Agreement.

f) “Designated Support Contacts” means two (2) individuals designated by Customer with Standard Support to have access to CharityLogic’s support team in accordance with the terms of Section 8 of this Agreement.

g) “Documentation” means user guides, operating manuals, education materials, product descriptions and specifications, technical manuals, supporting materials, and other information relating to the Services or used in conjunction with the Services, whether distributed in print, magnetic, electronic, or video format.

h) “Fees” means the Subscription Fees, and any Professional Services Fees, Conversion Costs and other fees as may be further described in a SOW which may include fees to increase the Data Storage Limit.

i) “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

j) “HIPAA” means the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act (commonly referred to as the “HITECH Act”), and the regulations promulgated under the foregoing from time to time by the United States Department of Health and Human Services (collectively, as amended from time to time, “HIPAA”), which shall be governed by the terms of a Business Associate Addendum (“BAA”) attached hereto as Schedule B and incorporated herein by reference.

k) “Intellectual Property Rights” means any and all proprietary rights under (a) patent law; (b) copyright law; (c) trade-mark law; (e) design patent or industrial design law; or (d) any other statutory provision or common law principle applicable to this Agreement, including trade secret law, which may provide a right in either ideas, formulae, database schema algorithms, concepts, inventions or know-how generally, or the expression or use of such ideas, formulae, algorithms, concepts, inventions or know-how, existing under the laws of any governmental authority, domestic or foreign, including all applications and registrations relating to any of the foregoing.

l) “Local EU/EEA Data Protection Laws” means any subordinate legislation and regulation implementing the GDPR

m) “Microsoft” means Microsoft® Corporation. All references to CharityLogic’s service providers in this Agreement shall include Microsoft. Microsoft and Azure are trademarks of Microsoft Corporation or its affiliates.

n)“Personal Information” means any information relating to an identified or identifiable natural person including PHI as defined below. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

o) “PHI” means Protected Health Information, as defined in Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) 45 C.F.R. § 160.103, and as further defined in Schedule “B”.

p) “Professional Services” means those implementation, configuration and data conversion services described in a Statement of Work.

q) “Professional Services Data” means all data, including all text, sound, video, image files or software, that are provided to Microsoft, by or on behalf of Customer (or that Customer authorizes CharityLogic to obtain from the Subscription Services and which CharityLogic provides to Microsoft or that Customer authorizes Microsoft to obtain from the Subscription Services) or otherwise obtained or processed by or on behalf of Microsoft through an engagement with CharityLogic or Customer to obtain Professional Services or professional services of Microsoft. Professional Services Data includes Support Data

r) “Service” means the web-based service(s) described above commonly referred to as a “Software as a Service” (SaaS) solution to be provided by or on behalf of CharityLogic under this Agreement that includes hosting, monitoring, operating and maintaining the Software as a service at a site owned or controlled by CharityLogic’s service providers and the delivery of non-exclusive access via the Internet to Customer to use the Software, as a service, granted to Customer pursuant to Section 2 hereof. The Service shall also include storing all data entered and maintained by Users through use of the Service subject to the Data Storage Limit.

s) “Service Generated Data” means data generated or derived by Microsoft through the operation of the Subscription Services. Service Generated Data does not include Data, Diagnostic Data (as that term is defined in the DPA), or Professional Services Data.

t) “Software” means the iCarol software product(s) that are owned by or licensed to CharityLogic, delivered as a SaaS solution (i.e. web-based Service). Third Party Components are not included in the definition of Software.

u) “Statement of Work” or “SOW” means a written statement of work that references this Agreement and sets out a description of Professional Services to be provided by CharityLogic to Customer, the applicable Professional Services Fees and Conversion Costs and is signed by an authorized representative of each of the parties.

v) “Subscription Fees” means the annual fees charged by CharityLogic in respect of the right to use the Service as further described in Section 13 of this Agreement.

w) “Support Data” means all data, including without limitation, all text, sound, video, image files, or software, that are provided to Microsoft by or on behalf of Customer (or that Customer authorizes CharityLogic or Microsoft to obtain from the Service) through the provision of any support services for the Service. Personal Information provided to Microsoft by, or on behalf of, Customer in connection with the provision of technical support is also Support Data. Support Data is a subset of Professional Service Data.

x) “Third Party Components” means any third party telecommunications, energy/utility transportation, managed facilities, software applications and/or services that CharityLogic or its service providers has licensed or purchased and provided access to or otherwise made available to Customer as part of the Service. Third Party Components includes but is not limited to Microsoft Azure.

y) “Universal License Terms” shall have the meaning set out in Schedule “A”.

z) “User(s)” means an employee or volunteer of Customer that has been authorized by the Customer to access and use the Service in accordance with Section 2 of this Agreement.

2. Service and Restrictions

a) Service

(i) Authorization. Subject to the terms and conditions of this Agreement, including without limitation, payment by you of all applicable Fees, CharityLogic hereby grants Customer and any User a personal, non-exclusive, non-transferable right to use the Service during the Term, solely for Customer’s own internal business purposes and solely in conjunction with valid user subscriptions to iCarol.com. Customer remains solely liable for the actions of its Users and shall ensure that all Users comply with the terms and conditions of this Agreement. All rights not expressly granted to you in this Agreement are reserved by CharityLogic, its licensors and service providers. CharityLogic reserves the right to change the terms of this Agreement by notifying you or by posting new or amended terms on the iCarol.com website.

(ii) User Acceptance Criteria. CharityLogic reserves the right to have additional User acceptance criteria that may be applied to Users prior to their ability to have access to the Service. CharityLogic shall inform Customer of such criteria but CharityLogic shall be free to implement such criteria at any time without prior written warning to the Customer and/or to Users. Where Users do not accept such and/or agree to such criteria, CharityLogic reserves its rights to not grant to such Users access to the Service. CharityLogic reserves its rights to restrict access to the Service to Users for any violation of any additional terms and conditions to which such Users accept/agree to access the Service.

(iii) Third Party Components.Customer acknowledges that in order to provide the Service CharityLogic or its service providers may be required to purchase access to Third Party Components. Customer further acknowledges that the availability of such Third Party Components is based solely on the best information available to CharityLogic and its service providers as of the Effective Date including third party representations and government regulations and is subject to change during the Term with little or no advance notice. If any necessary Third Party Components are determined by CharityLogic or its service provider to be unavailable as a result of changes to any third party availability, governmental regulations or other condition or circumstances outside of CharityLogic’ or its service providers’ control, then (a) CharityLogic may in its sole discretion modify, change or replace the applicable Third Party Components and otherwise attempt to mitigate the impact of such unavailability of Third Party Components, subject to the right to terminate this Agreement set out in Section 12. CharityLogic reserves the right to modify, change or replace the applicable Third Party Components at any time and Charity Logic may modify the terms and conditions of this Agreement as a result of such changes effective immediately upon posting, subject to the right of Customer to terminate this Agreement in accordance with Section 12 if such changes to the terms and conditions of this Agreement are material in nature.

b) Restrictions. Customer and Users shall not, and shall not permit others to:

(i) give away, rent, license, sublicense, sell, resell, transfer, assign, distribute or otherwise commercially exploit or make available to any third party the Service in any way;

(ii) reverse engineer, decompile, translate or otherwise attempt to derive, or permit or help others to derive the source code relating to all or any part of the Software or Service or attempt to otherwise convert or alter the Software or Service into human readable code, except to the extent applicable law expressly prohibits the foregoing restriction;

(iii) copy, frame, or mirror any part of the Service, other than copying or framing on your own intranet s or otherwise for your own internal business purposes. You shall not access the Service in order to (a) build a competitive product or service, (b) build a product using similar ideas, features, functions or graphics of the Service, or (c) copy any ideas, features, functions or graphics of the Service; provide any other third party, organization or entity access to the Service without written consent from CharityLogic and subject to such third party entering into a separate agreement with CharityLogic. CharityLogic shall be the sole arbiter of what defines the entity to whom this access is granted, regardless of any assumptions or definitions you may make;

(iv) transmit, upload, post, distribute, store or otherwise publish, through use of the Service, any data, material or Information that: (i) contains a software virus, Trojan horse, worm or other harmful or deleterious computer code, files or programs that may adversely affect any hardware or software, or that intercepts or misappropriates any data or information; (ii) is threatening, defamatory, libelous, harassing, profane, is an invasion of privacy, offensive, obscene or harmful; (iii) infringes or otherwise violates any patent, copyright, trademark, trade secret or other intellectual property or proprietary right of any third party; (iv) violates any law, statute, ordinance or regulation; or (v) includes unsolicited bulk e-mails, advertisements or solicitations;

(v) interfere with, attempt to gain unauthorized access to, work around technical limitations in the Service that only allow Customer to use it in certain ways, or disrupt any device, network, account, data, the Service or networks connected to the system used to provide the Service or use the Service in any way that would provide harm to it or impair anyone else’s use of it, and Customer may not download or otherwise remove copies of software or source code from the Service except as explicitly authorized;

(vi) use the Service to store or transmit any material that is infringing, libelous, an invasion of privacy, obscene, offensive, harmful, illegal or would otherwise violate or infringe the rights of any third party;

(vii) use the Service in any situation where failure of the Service could lead to death or serious bodily injury of any person; or

(viii) provide the results of using the Service for the purposes of monitoring its availability, performance, functionality, benchmarking or competitive analysis to any third party.

3. Term

This Agreement shall commence on the date it has been agreed to by clicking the “I agree” button available at https://terms.icarol.com/terms-and-conditions (the “Effective date”) and shall continue for a period of one year (the “Initial Term”). After the Initial Term, this Agreement shall be automatically renewed for successive one-year periods (each a “Renewal Term”), subject to CharityLogic’s then current price structure unless either party provides written notice to the other party of its intention not to renew at least sixty (60) days prior to the end of the then current term, otherwise additional charges may be incurred upon cancellation. The Initial Term and Renewal Term(s) shall collectively be referred to as the “Term”.

4. Customer Responsibilities

a) Use. Customer is entirely liable for all activities conducted by its Users, subject to the following limitations: Customer must (1) supervise the other individuals use of the Service, (2) assume any and all resulting liabilities of such use, including responsibility for any and all content created or accessed on the Service or the Internet, (3) acknowledge that the decision to allow another individual to use the Service is made by Customer and not CharityLogic, (4) ensure that Users agree to any further terms and conditions as may be provided by CharityLogic from time to time for Users; and (5) inform CharityLogic of any information about Users’ actions that may affect either the Service or third party data contained in or used by the Service, or CharityLogic’s ability to provide the Service as contemplated by this Agreement. Customer may not permit usage of the account by individuals in another organization, including any parent, subsidiaries, or affiliates without prior written consent from CharityLogic, which may require such third parties to enter into a separate agreement with CharityLogic.

b) Passwords. Customer agrees to comply with all of CharityLogic’ and its service providers’ security policies and procedures as made available to Customer and as may be amended from time to time by CharityLogic or its service providers. Customer will ensure that all Users adhere to and are responsible for keeping passwords and IDs assigned to it and its Users as secret and confidential and to ensure that all Users are trained in such security policies and procedures prior to their use of the Service. Customer must notify CharityLogic immediately about any possible misuse of its accounts or authentication credentials or any security incident related to the Service. Sharing accounts and logins is prohibited. Should Customer allow Users to share accounts, it shall be deemed a material breach of this Agreement and CharityLogic will not be held liable for any data breach, loss, corruption or other issues resulting from a compromised shared account.

c) Customer Equipment. Customer agrees that it shall be responsible, at its sole expense, for providing all Internet access, including but not limited to obtaining, installing and maintaining all equipment, hardware, network, Internet or direct telecommunications connections and software applications (e.g. web browser) at Customer’s facilities required for Users to access and use the Service. CharityLogic shall not be responsible for the operation of any Internet, network or other communication Service. Customer further acknowledges that access to and the operation of the Service requires Customer’s and Users’ hardware to be of sufficient quality, condition and repair, and Customer agrees to and/or to ensure that Users’ maintain their applicable hardware in the appropriate quality, condition and repair at its sole cost and expense.

d) Third Party Components. Customer agrees to comply with and be bound by the additional terms and conditions applicable to the Third Party Components set out in Schedule “A” to this Agreement.

e) Compliance with Laws. The Service is subject to United States export jurisdiction. Customer hereby represents and warrants to CharityLogic that it and its Users will at all times be in compliance with all applicable local, state, federal and international laws, rules, and regulations including but not limited to those laws regarding restrictions on exports and economic sanctions (including the International Traffic in Arms Regulations, the U.S. Export Administration Regulations, end-user, end use and destination restrictions by Canadian, U.S. and other governments related to the CharityLogic and its service providers products, services and technologies), defamation, libel, harm to reputation, privacy, security, data protection, misuse or failure to protect Personal Information, confidentiality (including confidentiality of communications), unfair competition, Data Protection Requirements, and other actions which could generate liability. Customer is responsible for determining whether the Service is appropriate for storage and processing of information subject to any specific law or regulation and for using the Service in a manner consistent with Customer’s regulatory and legal obligations. Customer is responsible for responding to any request from a third party regarding Customer’s use of the Service, such as a request to take down content under the U.S. Digital Millennium Copyright Act or other applicable laws.

f) Export/Import. The Software, the Service, the Data, and all technical information relating to the Software and the Service may be subject to import or export controls under the laws of any country with jurisdiction over this Agreement. Therefore Customer shall not, in any manner whatsoever, either remove, convey, export, import or transmit the Software, the Service, the Data, Documentation, any technical information or any portions thereof unless Customer has obtained all required authorization from the appropriate governmental authorities of any country with jurisdiction over the transaction and Customer shall otherwise fully comply with this Agreement and all applicable import and export controls, laws and regulations, including those referred to in Section 4.1(e). Without limiting the foregoing, Customer acknowledges and agrees that CharityLogic uses geoblocking tools designed to block access to the Service from any countries identified by the U.S. Department of Commerce as sanctioned destinations at the following link (which may be updated from time to time, including the link itself): https://www.bis.doc.gov/index.php/policy-guidance/country-guidance/sanctioned-destinations. Customer represents and warrants that it and its Users are not named on a U.S. government exclusion list, and Customer further warrants that it shall immediately discontinue use of the Service if Customer or any User using the Service becomes placed on any such list.

g) Data Security. Customer acknowledges and agrees that use of or connection to the Internet is inherently insecure and provides opportunity for unauthorized access by a third party to Customer’s and its Users’ (as well as CharityLogic’s and its service providers’) computer systems, networks and any and all information stored therein. Customer is solely responsible for making an independent determination as to whether the technical and organizational measures for the Service meets Customer’s requirements, including any of its security obligations under applicable Data Protection Requirements, and HIPAA. Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing of its Personal Information as well as the risks to individuals) the security practices and policies implemented by CharityLogic and its service providers provide a level of security appropriate to the risk with respect to its Personal Information. Customer is responsible for implementing and maintaining privacy protections and security measures for components that Customer provides or controls, including without limitation, (A) application level privacy and security settings within the Software; and B) ensuring that (i) Customer’s computer systems are secure and protected from unwanted interference (such as “hackers” and viruses), (ii) all transmissions are screened for viruses or other harmful code prior to transmission to CharityLogic’ servers; and (iii) Data is encrypted. Some content may be subject to governmental regulations or may require security measures beyond those specified by CharityLogic for an offering. Customer will not input or provide such content unless CharityLogic has first agreed in writing to implement additional required security measures. Details regarding CharityLogic’s service provider’s security measures and practices are available at the link set out in Schedule “A” to this Agreement.

CHARITYLOGIC DOES NOT GUARANTEE THE PRIVACY, SECURITY, AUTHENTICITY, AND NON-CORRUPTION OF ANY INFORMATION TRANSMITTED OR STORED IN ANY SYSTEM CONNECTED TO THE INTERNET. WE SHALL NOT BE RESPONSIBLE FOR ANY ADVERSE CONSEQUENCES WHATSOEVER OF CUSTOMER’S OR ITS USERS’ OR OTHER THIRD PARTIES’ CONNECTION TO OR USE OF THE INTERNET, AND CHARITYLOGIC SHALL NOT BE RESPONSIBLE FOR ANY USE BY CUSTOMER OR ANY USER OR OTHER THIRD PARTY OF CUSTOMER’S INTERNET CONNECTION IN VIOLATION OF ANY LAW, RULE OR REGULATION.

h) Trained Users. Customer shall ensure that its personnel are, at relevant stages of the project, educated and trained in the proper use of the Service in accordance with applicable CharityLogic help articles and instructions. If Customer’s personnel are not properly trained as mutually determined by CharityLogic and the Customer, Customer agrees that such personnel will be trained by CharityLogic or the Customer within forty-five (45) days of determination. If Customer desires CharityLogic to perform the required training then CharityLogic shall be compensated in accordance with this Agreement.

5. Content

a) Ownership. Customer retains ownership of the Content entered into the Service by Users. Customer is solely responsible for ensuring the accuracy, quality, integrity, reliability, appropriateness and right to view and use the Content. Customer grants to CharityLogic, its licensors and service providers a world-wide, non-exclusive, royalty-free license to access, use, and store the Content for the purpose of fulfilling its obligations under this Agreement and operating, maintaining and improving the Service and Professional Services, and for Microsoft’s legitimate business operations as detailed and limited in the DPA. Customer also permits any User to access, display, view, store and reproduce the Content solely for the internal business purposes of Customer subject to all applicable laws and regulations.

b) Aggregate Data. Customer grants to CharityLogic a worldwide, non-exclusive, royalty-free license to combine your Content with other customers’ Content to produce aggregate information to use, modify, create derivative works based on such aggregate information, including all and reports, statistics or analysis, and to distribute or otherwise make available such information to third parties. In these cases, CharityLogic will not reveal information that specifically identifies your Users without explicit permission from Customer.

c) Consent. You grant CharityLogic and its third party service providers permission to view, access, collect, use, store, and otherwise process the Content and Professional Services Data for the purposes of operating, maintaining and improving the Service and Professional Services, and for Microsoft’s legitimate business operations as detailed and limited in the DPA. Access to Content by any outside party shall only be in accordance with the terms of this Agreement, the DPA or where required by law. Customer agrees that this Agreement (including the DPA and Universal License Terms) along with the Documentation and Customer’s use and configuration of features in the Service, are Customer’s complete and final documented instructions to CharityLogic and Microsoft for the processing of Personal Information. Customer agrees that this Agreement (including the DPA and Universal License Terms) along with any statement of work agreed between the parties, are Customer’s complete and final documented instructions to CharityLogic and Microsoft for the processing of Personal Information contained with the Content and Professional Services Data. Any additional or alternate instructions must be agreed to according to the process for amending this Agreement set out in Section 17 or the Statement of Work.

d) Content Representations and Warranties Customer represents and warrants to CharityLogic that:

(i) Content, Professional Services Data and Personal Information, that is either provided to or acquired by CharityLogic is owned exclusively by Customer and/or the Customer has full right and title to provide the Content, Professional Services Data and Personal Information to CharityLogic and its service providers or has secured all rights in Content, Professional Services Data and Personal Information necessary for CharityLogic and its service providers to provide the Service to Customer without violating the rights of any third party or otherwise obligating CharityLogic or its service providers to Customer or any third party;

(ii) Content, Professional Services Data and Personal Information, that is either provided to or acquired by CharityLogic is subject to a privacy policy in effect as of the Effective Date and throughout the Term and other third party owners of the Content, Professional Services Data and Personal Information, have provided to Customer their written consent for its collection, use and storage by CharityLogic and its third-party service providers, in accordance with this Agreement and in any jurisdiction in North America;

(iii) Customer complies with all applicable privacy legislation including, without limitation, HIPAA, the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Data Protection Requirements in the performance of its obligations hereunder in respect of any Content, Professional Services Data and Personal Information, collected, used, transferred, created or disclosed pursuant to this Agreement;

(iv) Customer will not provide CharityLogic with Content, Support Data or Personal Information, of any kind for which CharityLogic or its service providers either have no need or does not (or its service providers do not) have the right to collect, use and store under the terms of this Agreement;

(v) Customer will take steps to protect Intellectual Property Rights of CharityLogic where Customer grants Users or enables any other third party access to any aspect of the Service or to the Content; and

(vi) Customer is responsible in all respects for the Content, the Personal Information and the Professional Services Data, whether located on Customer’s systems or otherwise.

6. Indemnity

Customer is solely responsible for its Content, its use, and its Users’ use of the Service in any way, and all legal liability arising out of or relating thereto. Customer shall defend, indemnify and hold CharityLogic and its licensors and service providers, if applicable, and each of their respective officers, directors, employees and agents (the “Indemnities”) harmless from and against any and all losses, costs, damages and expenses (including reasonable attorney’s fees) that the Indemnities may suffer in connection with any demands, claims, actions, suits or proceedings arising out of or in connection with (i) the use of the Service including but not limited to any Third Party Components by Customer or its Users, alone or in combination with anything else; (ii) any breach by Customer or its Users of this Agreement or any violation or failure to comply with applicable laws, rules or regulations; and (iii) Content and Professional Services Data, including but not limited to any third party claims that the inclusion, use, reference, incorporation of or linking to any third party materials or the Customer’s Content and/or Professional Services Data violates such third party’s copyright and/or other intellectual property, privacy or other rights, or that such use is illegal; provided that (i) CharityLogic cooperates with Customer’s reasonable requests for assistance in the defense; and (ii) Customer controls the defense, negotiation and settlement of any such claim. CharityLogic may, however, at its own expense, participate in the defense of any such claims with counsel of its own choosing. Furthermore, in no event will Customer agree to any settlement or judgment that adversely affects any rights of CharityLogic, its licensors or its service providers or that imposes any equitable relief upon or against CharityLogic, its licensors or its service providers without CharityLogic’s prior written consent.

7. Subcontracting

CharityLogic and its service provider may engage third parties to provide certain services on its behalf and Customer consents to the engagement of such third parties as subprocessors, which shall constitute Customer’s prior written consent to the subcontracting by CharityLogic and/or its service provider of the processing of Data (including Personal Information) if such consent is required under the GDPR or other applicable law. CharityLogic’s shall ensure that any such subprocessors are bound by written agreements that require them to provide at least the level of data protection required of CharityLogic’s and its service provider by this Agreement.

8. Support and Professional Services

a) Support. CharityLogic will provide Support Services in accordance with its Support Services Guidelines set out at https://www.icarol.com/icarol-standard-support/. Fees for the Support Services are included in the annual Subscription Fees. An organization deemed by CharityLogic to be an account in good standing is entitled to identify up to two individuals, called Designated Support Contacts, who are permitted to have direct access to the iCarol support team. All other individuals in the organization should refer to a Designated Support Contact at their organization for all questions or issues.

The person at your organization entitled to identify Designated Support Contacts is any person in your system whom you give Admin rights to. Once a change is made, it cannot be changed again for 7 days.

Support inquiries must be made by submitting a case through the iCarol Online Case Management System or by sending an email to support@icarol.com. CharityLogic shall make commercially reasonable efforts to respond to inquiries made by a Support Contact within two business days, unless the inquiry is to notify CharityLogic about an application outage, in which case a response will be less than one calendar day. Standard support is offered to all accounts in good standing as described at https://www.icarol.com/icarol-standard-support/.

b) Professional Services. CharityLogic shall provide the Professional Services, if applicable, in accordance with a SOW. Each SOW is hereby incorporated herein by reference and shall form an integral part of this Agreement. The following standard implementation services are included in the Service and do not require a SOW:

9. Intellectual Property Ownership

CharityLogic and its licensors and service providers are and shall at all times remain the owner of all right, title and interest, including all related Intellectual Property Rights, in and to the Software, the Service, related documentation, materials, logos, names, and materials provided pursuant to the terms of this Agreement as well as any modifications, derivative works, suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by you or any other party to CharityLogic relating to the Software or Service (“Feedback”). Customer warrants that i) it will not provide Feedback that is subject to a license requiring CharityLogic or its service provider to license anything to third parties because CharityLogic or its service provider exercises any of the above rights in Customer’s Feedback; and 2) it owns or otherwise controls all of the rights to such Feedback and that no such Feedback is subject to any third-party rights (including any personality or publicity rights. This Agreement is not a sale and does not convey to you any rights of ownership in or related to the Service or the Intellectual Property Rights owned by CharityLogic. The CharityLogic and iCarol names, the CharityLogic and iCarol logo, and the product names associated with the Service are trademarks of CharityLogic or its third party licensors and service providers, and no right or license is granted for you to use them.

10. Confidentiality Obligations

a) The parties agree to keep confidential any and all Confidential Information with respect to the other party which it has received or may in the future receive in connection with this Agreement and shall only disclose such Confidential Information of the other party (i) to its agents, service providers, business associates or partners, employees or representatives who have a need to know such information (“Representatives”), for the purpose of performance under this Agreement and exercising the rights granted under this Agreement, and who are bound by non-disclosure obligations at least as protective of the other party’s Confidential Information as this Agreement, or (ii) to the extent required by applicable law or during the course of or in connection with any litigation, arbitration or other proceeding based upon or in connection with the subject matter of this Agreement, provided that the receiving party complies with the terms of Section 10(c) of this Agreement. The parties each agree to hold the other party’s Confidential Information in confidence and to take all reasonable steps, which shall be no less than those steps it takes to protect its own confidential and proprietary information, to protect the Confidential Information of the other party.

b) Customer agrees not to use or disclose any information relating to CharityLogic or its service providers’ systems, procedures or operations for Customer’s benefit or for the benefit of any other party. This confidentiality and nondisclosure requirement shall survive termination of this Agreement.

c) In the event that either party (the “Recipient”) is requested or required, by oral question, interrogatories, requests for information, documents or admissions, subpoenas, civil investigative demands or similar process, to disclose any Confidential Information of the other party, it is agreed that the Recipient will provide the other party with a notice of such request(s) immediately, but in no event later than one business day after receipt of such request, so that the other party may seek an appropriate protective order and/or waive the Recipient’s compliance with the requirements of this Paragraph. It is further agreed that, in the absence of either a protective order or the receipt of a waiver hereunder within one (1) business day prior to the time the Recipient of such a request is required to disclose the Information or else stand liable for contempt or suffer other censure or penalty, the Recipient may disclose such Confidential Information without liability under this Paragraph. Customer shall reimburse CharityLogic for all staff time (at its then prevailing rate), copying expenses, legal fees and related costs incurred by CharityLogic in responding to any requests for Customer Confidential Information under this Agreement.

d) Each party remains responsible for the use of Confidential Information by its Representatives and, in the event of discovery of any unauthorized use or disclosure, Customer must promptly notify CharityLogic. A party may disclose the other’s Confidential Information if required by law, but only after it notifies the other party (if legally permissible) to enable the other party to seek a protective order. These obligations apply (1) for Content, until it is deleted from the Subscription Services; and (2) for all other Confidential Information, such obligations shall survive the termination or expiration of this Agreement.

11. Privacy

a) Information and Personal Information. The Service will store and display your first name, last name, email address and the shifts you have signed up for (the “Information”), for the purposes of the Customer. This Information, and any other Information you choose to provide in the Service, either directly by your own action or indirectly through the actions of your Organization or CharityLogic, may also be shared with other users of the Service. CharityLogic will not share your personally identifiable Information with entities other than your Organization without your written consent, unless such entities are engaged in activities directly related to the operation and support of the Service. You are solely responsible for removing your Information from the system, either by your direct actions or by notifying your Organization and CharityLogic in writing of your desire to have your Information removed. CharityLogic practices regarding the collection, storage, processing and sharing of Personal Information are set out in its privacy policy which is available at https://www.icarol.com/privacy-policy/.

b) PHI. It is Customer’s obligation to not store or process any PHI using the Subscription Services or provide any PHI to Company for the performance of professional services until the Business Associate Agreement attached hereto as Schedule “B” is effective as to the applicable service. Any PHI introduced into the Subscription Services by Customer shall be subject to the Company’s Privacy Policies.

c) Data Sovereignty. CharityLogic is located and established in the United States and Canada. CharityLogic’s third party service provider is Microsoft and CharityLogic uses Microsoft’s Azure® online services. Except as described in the OST, Content (including Personal Information and PHI) collected under this Agreement may be transferred, stored and processed in the United States or any other country in which Microsoft or its service providers maintain facilities. Support Data (including Personal Information and PHI) collected under this Agreement may be transferred, stored and processed in the United States or any other country in which Microsoft or its service providers maintain facilities. CharityLogic shall use commercially reasonable efforts to work with Microsoft personnel to configure the Service to store Content on Virtual Machines using Locally-Redundant Storage (LRS). By using our Service or requesting services from us, you understand and consent to the collection, storage, processing and transfer of your Personal Information to those third parties with whom we share it as described in this Agreement, the BAA (in the case of PHI), and our Privacy Policy.

d) Access to Content; Subcontracting. Subject to Section 12(a), at all times during the Term, Customer will have the ability to access, extract and delete Content stored in the Service. CharityLogic’s service provider may engage third parties to provide certain services on its behalf and Customer consents to the engagement of such third parties as subprocessors, which shall constitute Customer’s prior written consent to the subcontracting by CharityLogic and its service provider of the processing of Content and Personal Information if such consent is required under the GDPR or other applicable law.

12. Suspension and Termination

a) Suspension. The Service (including Third Party Components) may be suspended and reinstated, or suspended and terminated under the following circumstances:

(i) Should Customer fail to pay Fees in accordance with the payment terms contained in this Agreement, and persists in the nonpayment after written notice provided by CharityLogic, then CharityLogic may suspend the Service until all Fees are paid and brought current. If failure to pay persists under Section 12(b)(iii) below, CharityLogic may terminate without further liability to Customer;

(ii) If Customer fails (1) to comply with the terms of this Agreement, or (2) industry standard privacy or data security practices or (3) to take other actions as required by CharityLogic in the use of the Service, then the Service will be suspended during the cure period for breach under Section 12(b)(ii) below; thereafter the Service may be terminated hereunder without further liability to Customer;

(iii) CharityLogic may restrict or limit Customer’s access to the Service if CharityLogic reasonably determines that Customer or its Users have engaged in or is likely to engage in (whether knowingly or unknowingly) any prohibited conduct described herein and such conduct, in CharityLogic’ reasonable opinion poses any risk of any kind or nature to CharityLogic or its service providers’ network, business or other customers. As promptly as practicable after becoming aware of Customer’s engagement in any such prohibited conduct, CharityLogic will use reasonable efforts to notify Customer of the restriction or limitation to Customer’s access to the Service unless CharityLogic believes that an immediate suspension is required and will promptly restore Customer’s access after CharityLogic has had reasonable assurance that such conduct has been permanently discontinued. In addition to and without limiting the foregoing, CharityLogic reserves the right to refuse to post or to remove in whole or in part any information or materials provided or submitted by or on behalf of Customer in connection with its use of the Service that CharityLogic determines, in its reasonable discretion, are either in violation of this Agreement or pose any risk of any kind or nature to CharityLogic or its service provider’s network, business or other customers.

(iv) Customer’s access to Third Party Components may be suspended and/or terminated, should CharityLogic, in its sole but reasonable judgment, believe such access is impaired by the vendor’s material price increase, or otherwise negatively affects the Service.

b) Termination. This Agreement may be terminated immediately upon provision of written notice of termination under the following circumstances:

(i) by CharityLogic in the event that Customer has breached its obligations of confidentiality or any Intellectual Property Right or proprietary right of CharityLogic or its service providers;

(ii) by either party, in the event the other party materially breaches any provision of this Agreement, other than Customer’s failure to pay the CharityLogic’ Fees and expenses in a timely manner as required by Section 3, and such breach is not corrected within thirty (30) days following written notice thereof given by the non-breaching party;

(iii) CharityLogic will terminate access to the Service if Customer fails to pay the CharityLogic Fees within sixty (60) days of the due date. If payments of Fees are received thirty (30) days past due two times in any 2 year cycle, then CharityLogic will terminate access to the Service for all accounts that are ten (10) days past due. If access is terminated, full payment must be received and cleared through the bank for access to be reinstated;

(iv) by either party if the other party: (i) becomes insolvent; (ii) becomes the subject of any proceeding under any bankruptcy, insolvency or liquidation law, whether domestic or foreign, and whether voluntary or involuntary, which is not resolved favorably to the subject party within ninety (90) days of commencement thereof; or (iii) becomes subject to property seizure under court order, court injunction or other court order which has a material adverse effect on its ability to perform hereunder; and

(v) by either party if any modification, change or replacement of the original Third Party Components pursuant to Section 2(a)(iii) includes a material price increase with respect to the Service enabled by such Third Party Components or impairs Customer’s ability to utilize the Service in substantially the same manner as they were utilized prior to the modification, change or replacement, in the case of termination by Customer by providing written notice to CharityLogic within twenty (20) days after Customer’s receipt of notification of such material price increase or discovery of such impairment. If any modification to the terms and conditions of this Agreement made by CharityLogic pursuant to Section 2(a)(iii) due to a change in the terms of its agreement with a provider of the Third Party Components are material in nature, then Customer shall have the right to terminate this Agreement upon written notice to CharityLogic given within fourteen (14) days of the date of notice from CharityLogic of such modified terms.

(vi) within thirty (30) days of the Effective Date Customer may terminate this Agreement for any reason by providing written notice to CharityLogic to that effect within such thirty day period.

c) Effects of Termination.

(i) If Customer’s Organization’s Account is terminated by Customer or by CharityLogic, CharityLogic may delete Customer’s Content from the Service.

(ii) All rights to access the Service by Customer, and its Users in this Agreement shall immediately terminate and iCarol will immediately cease to provide access to the Service.

(iii) Except as otherwise expressly provided in this Section 12(c)(iii), Customer will pay all amounts due under this Agreement up to and through the date of termination and all costs reasonably incurred in collecting the amounts due to iCarol (including court costs, attorney fees, and repossession charges to the extent not prohibited by law). If Customer terminates this Agreement within thirty (30) days of the Effective Date in accordance with Section 12(b)(iv), Customer will pay all Fees due under this Agreement up to the effective date of termination and will pay an amount that is equal to fifty percent (50%) of the Subscription Fees applicable to the remainder of the then-current Term unless all Subscription Fees have already been paid in full, in which case Customer will be entitled to receive a refund in an amount that is equal to fifty (50%) of the Subscription Fees paid by Customer to CharityLogic for the Service that is applicable to the remainder of the then-current Term.

13. Billing and Payments

a) Subscriptions Fees are billed annually in advance and are due on or before the first day of the then current term (due date of the invoice). Requests for quarterly billing will be considered on a case by case basis, but a service fee will be assessed. A one-time adjustment of annual billing date to better align billing with Customer’s fiscal billing cycle will be honored for the first bill processed. An annual increase may be applied to Subscription Fees on renewal invoices.

b) All payments are Net 30 days. Any paid Fees are non-refundable except as expressly set out in Section 12(c)(iii).

c) The Fees are exclusive of taxes. Customer agrees to pay all applicable foreign, federal, state, provincial, county or local income taxes, value added taxes, use, personal, property sales and any other taxes, tariff, duty or similar charges that may be levied by a taxing authority (excluding taxes on CharityLogic’s net income). Unless otherwise indicated, all dollar amounts referred to in this Agreement are in lawful money of the United States of America.

14. Usage of the 2-1-1 Taxonomy

If your agency asks and CharityLogic has enabled use of the AIRS 2-1-1 Taxonomy (officially referred to as “A Taxonomy of Human Services: A Conceptual Framework with Standardized Terminology and Definitions for the Field”), you agree to the following conditions:

a) Customer will maintain a current subscription with the Information and Referral Federation of Los Angeles Inc. doing business as 211 of LA County (hereafter referred to as 211 of LA County), and that you will provide evidence to CharityLogic Inc. upon request that your subscription is current.

b) CharityLogic may from time to time report to 211 of LA County, that it has provided access to their 2-1-1 Taxonomy within the iCarol to your organization.

c) Customer is only granted a non-exclusive, non-transferrable right to use the 2-1-1 Taxonomy in iCarol for your own business purposes. Customer may only use the incorporated 2-1-1 Taxonomy in iCarol for so long as Customer is a subscriber to the Taxonomy with 211 of LA County. Customer’s use of the 2-1-1 Taxonomy with and as incorporated into the Service is governed by, and subject to, your subscription agreement with 211 of LA County and the terms and conditions of this Section 14.

d) Customer is prohibited from reproducing any element of the 2-1-1 Taxonomy, except as may be expressly provided in Customer’s agreement with 211 of LA County, and from any sublicensing, timesharing, rental, facility management or service bureau usage of the 2-1-1 Taxonomy.

e) 211 of LA County reserves and retains all right, title and interest (including, without limitation, all intellectual property rights), in and to the 2-1-1 Taxonomy, and all copies thereof.

f) CharityLogic and 211 of LA County shall not be liable for any special, indirect, consequential or incidental damages arising out of usage or distribution of the 2-1-1 Taxonomy.

g) The 2-1-1 Taxonomy contains the copyrights, proprietary and confidential information of 211 of LA County. You agree to maintain the 2-1-1 Taxonomy in confidence and shall protect the 2-1-1 Taxonomy with at least the same degree of care with which Customer uses to protect its own similar proprietary information (but in no event no less than reasonable care).

h) Customer is hereby notified that the Information and Referral Federation of Los Angeles Inc. doing business as 211 of LA County, a non-for-profit corporation, is a third-party beneficiary to this Agreement and that the provisions of this Agreement related to the 2-1-1 Taxonomy are made expressly for the benefit of 211 of LA County and are enforceable by 211 of LA County and CharityLogic Inc.

15. Warranty

a) Limited Warranty. Limited Warranty. CharityLogic warrants to Customer during the Term that the Service shall be performed at the service level availability; and the Software shall substantially conform to the specifications; as stated in CharityLogic’s online documentation provided to Customer, provided that all use of the Service is for the purposes and in the environment for which they were designed and in accordance with such specifications and this Agreement. Customer’s sole remedy in the event the Service do not conform to the foregoing limited warranty is for CharityLogic to use commercially reasonable efforts to correct such non-conformance and the right to terminate this Agreement in accordance with Section 12.

b) Warranty Disclaimer. Warranty Disclaimer. TO THE GREATEST EXTENT PERMITTED BY LAW, EXCEPT FOR THE EXPRESS LIMITED WARRANTY SET OUT IN SECTION 13(A), THE SERVICE, THE SOFTWARE, THE PROFESSIONAL SERVICES AND ANY OTHER PRODUCTS OR SERVICES PROVIDED UNDER THIS AGREEMENT ARE PROVIDED TO CUSTOMER “AS IS” AND THERE ARE NO OTHER WARRANTIES, REPRESENTATIONS OR CONDITIONS, EXPRESSED OR IMPLIED, WRITTEN OR ORAL, ARISING BY STATUTE, OPERATION OF LAW, COURSE OF DEALING, USAGE OF TRADE OR OTHERWISE, REGARDING THEM OR ANY OTHER PRODUCT, SERVICE OR MATERIAL PROVIDED HEREUNDER OR IN CONNECTION HEREWITH.

CHARITYLOGIC, ITS LICENSORS AND SERVICE PROVIDERS DISCLAIM ANY IMPLIED WARRANTIES OR CONDITIONS REGARDING THE SOFTWARE, THE SERVICE, THE PROFESSIONAL SERVICES AND ANY OTHER PRODUCTS, SERVICES AND MATERIALS PROVIDED HEREUNDER OR IN CONNECTION HEREWITH, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABLE QUALITY, MERCHANTABILITY, DURABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NON-INFRINGEMENT.

CHARITYLOGIC DOES NOT REPRESENT OR WARRANT THAT THE SERVICE OR THE SOFTWARE SHALL OPERATE ERROR FREE OR UNINTERRUPTED, SHALL MEET ANY OR ALL OF CUSTOMER’S PARTICULAR REQUIREMENTS, THAT ALL ERRORS OR DEFECTS IN THE SERVICE OR SOFTWARE CAN BE FOUND OR CORRECTED AND THAT CUSTOMER OR ITS USERS WILL BE ABLE TO ACCESS THE SERVICE AT A TIME OR LOCATION OF THEIR CHOOSING. WITHOUT LIMITING THE FOREGOING, CHARITYLOGIC DOES NOT MAKE ANY REPRESENTATIONS OR WARRANTIES WHATSOEVER WITH REGARD TO PRODUCTS OR SERVICES FROM THIRD PARTIES (INCLUDING WITHOUT LIMITATION THE THIRD PARTY COMPONENTS, THE HARDWARE, THIRD PARTY TELECOMMUNICATIONS PROVIDERS, THE OPERATION OF THE INTERNET, NETWORK OR OTHER COMMUNICATION SERVICES) AND ASSUMES NO RESPONSIBILITY OR LIABILITY WITH RESPECT TO THE FOREGOING OR THE APPROPRIATENESS OF YOUR DATA MANAGEMENT SYSTEM OR THE ACCURACY OF DATA CONTAINED IN SUCH SYSTEM.

NO AGREEMENTS VARYING OR EXTENDING ANY EXPRESS WARRANTIES SET FORTH IN THIS AGREEMENT SHALL BE BINDING ON EITHER PARTY UNLESS IN WRITING AND SIGNED BY AN AUTHORIZED SIGNING OFFICER OF CHARITYLOGIC.

16. Limitation of Liability

Under no circumstances shall CharityLogic, its employees, affiliates or contractors be liable for damages that result in any way from any use of your account or the Service or your inability to use the Service or that result from mistakes, omissions, interruptions, deletion of information, errors, defects, delays in operation or transmission, or any failure of performance.

TO THE GREATEST EXTENT PERMITTED BY APPLICABLE LAW, CUSTOMER AGREES THAT THE ENTIRE LIABILITY OF CHARITYLOGIC, INCLUDING ITS LICENSORS AND SERVICE PROVIDERS, AND CUSTOMER’S EXCLUSIVE REMEDY WITH RESPECT TO THE SERVICE, THE SOFTWARE, THE PROFESSIONAL SERVICES AND ANY OTHER PRODUCTS, MATERIALS OR SERVICES SUPPLIED BY CHARITYLOGIC IN CONNECTION WITH THIS AGREEMENT FOR DAMAGES FOR ANY CAUSE AND REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT OR IN TORT, INCLUDING FUNDAMENTAL BREACH OR NEGLIGENCE, SHALL BE LIMITED TO ACTUAL DIRECT DAMAGES AND SHALL NOT EXCEED IN THE AGGREGATE THE SUBSCRIPTION FEES PAID BY CUSTOMER TO CHARITYLOGIC UNDER THIS AGREEMENT DURING THE TWELVE MONTHS PRECEDING THE INCIDENT, OR $10,000, WHICH EVER IS THE LESSER.

CUSTOMER FURTHER AGREES THAT IN NO EVENT SHALL CHARITYLOGIC, ITS LICENSORS, SERVICE PROVIDERS OR ANY OF THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, SHAREHOLDERS OR REPRESENTATIVES BE LIABLE, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT OR IN TORT, INCLUDING FUNDAMENTAL BREACH OR NEGLIGENCE, FOR ANY INDIRECT, PUNITIVE, CONSEQUENTIAL, INCIDENTAL, SPECIAL, OR EXEMPLARY DAMAGES WHATSOEVER, INCLUDING WITHOUT LIMITATION FOR LOST PROFITS, LOSS OF REVENUE, FAILURE TO REALIZE ANTICIPATED SAVINGS, LOST OR DAMAGED DATA, LOSS OF GOODWILL, BUSINESS OPPORTUNITIES OR REPUTATION, OR ECONOMIC LOSS, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH POTENTIAL LOSS OR DAMAGES, OR SUCH LOSSES OR DAMAGES ARE FORESEEABLE.

17. General

In the case where Customer is located in Canada, this Agreement shall be governed by the laws of the Province on Ontario and the federal laws of Canada applicable therein, without regard to the choice or conflicts of law provisions of any jurisdiction, and any disputes, actions, claims or causes of action arising out of or in connection with this Agreement or the Service shall be subject to the exclusive jurisdiction of the courts of the Province of Ontario. In the case where Customer is located outside of Canada, this Agreement shall be governed by the laws of the State of New York, without regard to the choice or conflicts of law provisions of any jurisdiction, and any disputes, actions, claims or causes of action arising out of or in connection with this Agreement or the Service shall be subject to the exclusive jurisdiction of the state and federal courts located in New York. This Agreement expressly excludes the Uniform Commercial Code and the United Nations Convention on Contracts for the International Sale of Goods and any legislation implementing such Convention, if otherwise applicable. Customer and CharityLogic hereby waive, to the fullest extent permitted by applicable law, the right to trial by jury in any action, proceeding or counterclaim filed by any party, whether in contract, tort or otherwise, relating directly or indirectly to this Agreement or any acts or omissions of CharityLogic in connection therewith or contemplated thereby. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision(s) shall be construed, as nearly as possible, to reflect the intentions of the invalid or unenforceable provision(s), with all other provisions remaining in full force and effect. The failure of CharityLogic to enforce any right or provision in this Agreement shall not constitute a waiver of such right or provision unless acknowledged and agreed to by CharityLogic in writing. This Agreement together with the Schedules and all documents referenced in the Schedules is the entire agreement between you and CharityLogic and supersedes all prior or contemporaneous negotiations, discussions or agreements, whether written or oral, between the parties regarding the subject matter contained herein. This Agreement may only be modified by a written amendment signed by an authorized representative of each of the parties subject to the right of CharityLogic to amend this Agreement as set forth in Section 2(a)(iii) and Section 18. Customer may not assign any of its rights or duties under this Agreement without the prior written consent of CharityLogic. This Agreement shall inure to the benefit of and be binding upon the parties to this Agreement and their respective successors and permitted assigns. The parties are and shall at all times remain independent contractors in the performance of this Agreement and nothing herein shall be deemed to create a joint venture, partnership or agency relationship between the parties.

A service fee may be assessed for the review and completion of contracts outside this Agreement.

18. Amendments

CharityLogic reserves the right to add to or change the terms and conditions of this Agreement at any time effective upon posting the revised terms and conditions to the iCarol.com website or as indicated in Schedule “A”. Customer’s continued use of the Service following the posting of such revisions to this Agreement signifies its acceptance to any such changes. Customer is encouraged to check back to this website often.

19. Notice

Any notice required or permitted to be given to any party to this Agreement shall be given in writing and shall be delivered either personally, mailed by prepaid registered post or communicated electronically to the appropriate address or set out below. Any such notice shall be conclusively deemed to have been given and received on the day on which it is delivered or transmitted (or on the next succeeding business day if delivered or received by facsimile after 5:00 p.m. local time on the date of delivery or receipt, or if delivered or received by facsimile on a day other than a business day), if personally delivered or sent by facsimile or, if mailed, on the third business day following the date of mailing, and addressed,

in the case of CharityLogic to:

CHARITYLOGIC C/O HARRIS CORPORATION
1 Antares Drive, Suite 400
Ottawa, Ontario K2E 8C4
Attention: CEO
Telephone: 613-226-5511, extension 2149

and in the case of the Customer to the contact information provided in writing to CharityLogic or CharityLogic may provide information or notices about the Services electronically or through this website which shall be deemed to have been given as of the date it is made available by CharityLogic.

Each party may change its particulars respecting notice, by issuing notice to the other party in the manner described in this Section 19.

Notification of Changes. CharityLogic reserves the right, at its sole discretion, to change, modify, update, add, or remove portions of the Terms of Service at any time, with or without notice to you. Please check these Terms of Service periodically for changes. You will be provided the option to terminate your use of the Service if the Terms of Service is modified in a manner substantially impacting your rights in connection with use of the Service. Your continued use of the Service after the posting of any changes to the Terms of Service will be deemed to be your agreement to those changes.

Schedule “A” – Selected Third Party Components.

Microsoft Azure

Customer agrees that the additional terms set out in Microsoft’s Universal License Terms for Online Services (Azure) and Product Terms (Online Services – Azure), available at https://www.microsoft.com/en-us/licensing/product-licensing/products (the “Universal License Terms”), apply to Customer’s use of the Service and the Microsoft Products and Services Data Protection Addendum (“DPA”) available at https://aka.ms/DPA sets out the parties obligations with respect to processing and security of Content and Personal Information in connection with Customer’s use of the Service and to the processing and security of Professional Services Data and Personal Information in connection with the provision of any professional services and support services performed by Microsoft related to the Service. For clarity, the DPA applies only to the processing of data in environments controlled by Microsoft and its subprocessors, including data sent to Microsoft by the Microsoft products and the Services but does not include data that remains on Customer’s premises or in any Customer selected third party operating environments. The Universal License Terms and the DPA may be changed from time to time. Customer should review such documents carefully, both at time of acceptance of this Agreement and periodically thereafter, and fully understand all terms and conditions applicable to the Service.

Information regarding Microsoft Azure’s data residency and transfer policies is available at the following link: www.microsoft.com/en-us/trustcenter/privacy/where-your-data-is-located.

An overview of how encryption is used in Microsoft Azure (for data at rest and data in transit) is available at the following link: https://docs.microsoft.com/en-us/azure/security/security-azure-encryption-overview.

High Risk Use: Customer must consider whether its specific use of these technologies is safe. The Service is not designed or intended to support any use in which a service interruption, defect, error, or other failure of the Service could result in the death or serious bodily injury of any person or in physical or environmental damage (collectively, “High-Risk Use”). Customer’s High-Risk Use of the Service is at its own risk. Customer agrees to defend, indemnify and hold CharityLogic and Microsoft harmless from and against all damages, costs and attorneys’ fees in connection with any claims arising from a High-Risk Use associated with the Service, including any claims based in strict liability or that CharityLogic and/or Microsoft was negligent in designing or providing the Service to Customer.

The foregoing information, including the links to such information, may be changed from time to time therefore Customer is encouraged to review such information periodically.

IMPORTANT NOTICE: THIS IS A LICENSE TO ACCESS A SOFTWARE SERVICE NOT A SALE. THIS SOFTWARE SERVICE AGREEMENT IS A LEGAL CONTRACT BETWEEN CHARITYLOGIC, CORPORATION IN THE CASE OF CUSTOMERS LOCATED OUTSIDE OF CANADA, OR CHARITY LOGIC, INC. IN THE CASE OF CUSTOMERS LOCATED IN CANADA, YOU AND THE ORGANIZATION YOU REPRESENT. BY CLICKING THE “I ACCEPT” BUTTON LOCATED AT https://terms.icarol.com/terms-and-conditions CUSTOMER SHALL BE DEEMED BY CHARITYLOGIC TO HAVE IRREVOCABLY AGREED TO BE BOUND BY AND COMPLY WITH ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT. YOUR ACCEPTANCE IS IN RESPECT OF ANY SERVICE WHICH YOU ACCESS AND ANY SUBSEQUENT ADD-ON TO THAT SERVICE WHICH OCCURS BEYOND THE DATE OF YOUR INITIAL ACCEPTANCE OF THIS AGREEMENT, HOWEVER EVIDENCED. IF CUSTOMER DOES NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT, CUSTOMER AND ITS USERS WILL NOT BE ABLE TO ACCESS OR USE THE SERVICE. ACCESS OR USE OF THE SERVICE OR ACCESS OR USE OF ANY SUBSEQUENT ADD-ON TO ANY SERVICE BY CUSTOMER OR ANY OF ITS USERS OR AUTHORIZED THIRD PARTIES SHALL BE DEEMED BY CHARITYLOGIC TO BE CUSTOMER’S IRREVOCABLE CONSENT TO BE BOUND BY AND COMPLY WITH ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU ARE AN EMPLOYEE, CONTRACTOR, OR OTHERWISE ACCESSING OR USING THE SERVICE ON BEHALF OF AN ORGANIZATION OR ANY OTHER THIRD PARTY, YOU REPRESENT AND WARRANT TO CHARITYLOGIC THAT:

A. YOU ARE THE AGE OF MAJORITY IN YOUR JURISDICTION;
B. YOU HAVE ALL REQUISITE CAPACITY, RIGHT, POWER AND AUTHORITY TO ACCEPT THIS SOFTWARE SERVICE AGREEMENT TO ACCESS THE SERVICE ON BEHALF OF SUCH ENTITY; AND
C. SUCH ENTITY SHALL BE IRREVOCABLY BOUND BY AND SHALL COMPLY WITH ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT

SCHEDULE “B” – BUSINESS ASSOCIATE ADDENDUM.

THIS BUSINESS ASSOCIATE ADDENDUM (the “Agreement”) is made and entered into between CHARITYLOGIC CORPORATION (“Company”), and Customer (“Customer”).

Customer is a Covered Entity (or is a Business Associate to one or more Covered Entities) pursuant to the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act (commonly referred to as the “HITECH Act”), and the regulations promulgated under the foregoing from time to time by the United States Department of Health and Human Services (collectively, as amended from time to time, “HIPAA”).

Customer and Company have entered into the above Software Services Agreement (the “Services Agreement”) pursuant to which Company will provide certain services to Customer (the “Services”), and in the course of providing the Services, Customer may make available to Company or have Company obtain or create on its behalf information that may be deemed Protected Health Information subject to the provisions of HIPAA and information subject to protection under other federal or state laws.

In order to comply with the applicable provisions of HIPAA and other federal or state laws as applicable, the parties agree as follows:

1. Definitions.

1.2. “Effective Date” means the date on which the Customer agreed to this Agreement to by clicking the “I agree” button available at https://terms.icarol.com/terms-and-conditions

1.3. “Electronic PHI” means PHI that is Electronic Protected Health Information.

1.4. “PHI”” means Protected Health Information received or accessed by Company from or on behalf of Customer or created, transmitted, or maintained by Company for or on behalf of Customer.

2. Permitted Uses. Company may use PHI only as permitted or required by this Agreement and only for the following purposes:

(ii) to carry out its legal responsibilities;

(iii) for the proper business management and administration of Company;

(iv) (iv) to provide Data Aggregation services (as defined at 45 CFR § 164.501) relating to the health care operations of Customer, as permitted by 45 CFR § 164.504(e)(2);

(v) to de-identify any and all PHI obtained by Company under this Agreement in accordance with the standards set forth under HIPAA at 45 CFR § 164.514 and use such de-identified data in accordance with the de-identification requirements of the Privacy Rule; and

(vi) as Required By Law.

3. Permitted Disclosures. Company may disclose PHI only as permitted or required by this Agreement for the following purposes:

(ii)(ii) for the proper business management and administration of Company or to carry out its legal responsibilities, if Required By Law, or if Company has obtained reasonable assurances that the recipient will (A) hold such PHI in confidence, (B) use or further disclose it only for the purpose for which it was received or as Required By Law, and (C) notify Company of any instance of which the recipient becomes aware in which the confidentiality of such PHI has been breached; and

(iii) as otherwise Required By Law.

4. Prohibited Uses and Disclosures.

4.1. Subject to Customer’s compliance with its obligations set forth in Section 16 as applicable, Company shall not use or further disclose PHI in a manner that would violate HIPAA if done by Customer.

4.2. If Customer notifies Company that Customer has agreed to be bound by additional restrictions on the uses or disclosures of PHI pursuant to Section 16, Company shall be bound by such additional restrictions and shall not use or disclose PHI in violation of such additional restrictions.

4.3. Company shall not sell PHI or otherwise receive remuneration, directly or indirectly, in exchange for PHI; provided, however, that this prohibition shall not affect payment to Company by Customer for performance of the Services.

4.4. Company shall not use or disclose PHI for purposes of marketing or fundraising, unless the Services include such marketing or fundraising.

5. Subcontractors and Agents. . Any disclosure to a Subcontractor or agent of Company shall be pursuant to a written agreement between Company and such Subcontractor or agent containing substantially the same restrictions and conditions on the use and disclosure of PHI as are set forth in this Agreement.

6. Minimum Necessary. Customer shall only provide and Company shall only request, access, use, and disclose only the minimum amount of PHI necessary, in accordance with HIPAA, to perform the Services.

7. Certain Privacy Rule Compliance. To the extent that Company is to carry out one or more of Customer’s obligations under Subpart E of Part 164 of HIPAA (generally known as the HIPAA Privacy Rule), Company shall comply with such requirements that apply to Customer in the performance of such obligations.

8. Safeguards. Company at all times shall maintain administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, availability, and integrity of Electronic PHI that it creates, receives, maintains, or transmits in accordance with the regulations set forth at 45 CFR § 164.308, 45 CFR § 164.310, and 45 CFR § 164.312.

9. Breach Investigation and Reporting.

9.2. If pursuant to the evaluation described in Section 9.1, Company reasonably determines that such impermissible use or disclosure constitutes a Breach of PHI that is Unsecured Protected Health Information, Company shall provide Customer, without unreasonable delay but in no case later than 14 days following such determination, with such information, to the extent available, as is required pursuant to HIPAA or as reasonably requested by Customer, including the date of discovery thereof, the identities of affected individuals (or, if such identities are unknown at that time, the classes of such individuals), and a general description of the nature of the incident. Company shall supplement such notice with information not available at the time of the initial notification as promptly thereafter as the information becomes available to Company.

9.3. If pursuant to the evaluation described in Section 9.1 Company determines that such impermissible use or disclosure does not constitute a Breach of PHI that is Unsecured Protected Health Information, Company shall notify Customer in writing of such impermissible use or disclosure of PHI and of such determination promptly following such determination.

9.4. For purposes hereof, an impermissible use or disclosure shall be deemed discovered by Company as of the first day on which such impermissible use or disclosure is known to Company or, by exercising reasonable diligence, would have been known to Company, and Company shall be deemed to have knowledge of an impermissible use or disclosure if such impermissible use or disclosure is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the impermissible use or disclosure, who is a Workforce member of Company or an agent of Company (determined in accordance with the federal common law of agency).

10. Security Incident Reporting. Company shall report to Customer in writing any Security Incident involving Electronic PHI, other than a Security Incident that involves an actual or suspected impermissible use or disclosure of PHI reported pursuant to Section 9, within 30 days of Company’s discovery thereof. The parties acknowledge and agree that this Section constitutes notice by Company to Customer of the ongoing occurrence of events that may constitute Security Incidents but that are trivial, routine, do not constitute a material threat to the security of PHI, and do not result in unauthorized access to or use or disclosure of PHI (such as typical pings and port scans) for which no additional notice to Customer shall be required.

11. Mitigation. To the extent possible, Company shall establish reasonable procedures to mitigate, to the extent practicable, any harmful effect of any Breach or impermissible use or disclosure of PHI in violation of the terms and conditions of this Agreement or applicable law.

12. Access and Amendment. With respect to an Individual as to whom Company maintains PHI, Company shall notify Customer promptly upon receipt of a request from such an Individual for access to or a copy of such Individual’s PHI or to amend such Individual’s PHI. To the extent permitted under HIPAA, and except as otherwise required upon the order of a court of competent jurisdiction, (i) Company shall direct such Individual to make such request of Customer and (ii) Company shall not consent to such access, deliver such copy, or comply with such request except as directed by Customer. With respect to PHI maintained by Company in a Designated Record Set, to the extent required by HIPAA of a Covered Entity, Company shall (i) make available PHI to Customer, as reasonably requested by Customer and in accordance with HIPAA, and (ii) upon receipt of notice from Customer, promptly amend any portion of the PHI so that Customer may meet its amendment obligations under HIPAA.

13. Accounting for Disclosures. Company shall document all disclosures of PHI by Company and information related to such disclosures as would be required for Customer to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with HIPAA. Company shall maintain such information for the applicable period set forth in HIPAA. Company shall deliver such information to Customer or, upon Customer’s request, to the Individual, in the time and manner reasonably designated by Customer, in order for Customer to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with HIPAA.

14. Audit. If Company receives a request, made on behalf of the Secretary of the Department of Health and Human Services, that Company make its internal practices, books, and records relating to the use or disclosure of PHI available to the Secretary of the Department of Health and Human Services for the purposes of determining Customer’s or Company’s compliance with HIPAA, Company promptly shall notify Customer of such request and, unless enjoined from doing so by order of a court of competent jurisdiction in response to a challenge raised by Customer or Company (which challenge Company shall not be obligated to raise), Company shall comply with such request to the extent required of it by applicable law. Nothing in this Agreement shall waive any attorney-client privilege or other privilege applicable to either party.

15. Compliance with Law. Company shall comply with all applicable federal and state laws regarding individually identifiable information contained in or associated with PHI, including without limitation any state data breach laws or other state laws regarding the protection of such information. Nothing in this Agreement shall be construed to require Company to use or disclose PHI without a written authorization from an Individual who is the subject thereof, or written authorization from any other person, where such authorization would be required under federal or state law for such use or disclosure.

16. Obligations of Customer. Customer shall (i) notify Company of any limitation in Customer’s Notice of Privacy Practices to the extent that such limitation may affect Company’s use or disclosure of PHI, (ii) notify Company of any changes in, or revocation of, permission by an Individual to use or disclose PHI, to the extent that such change may affect Company’s use or disclosure of PHI, (iii) notify Company of any restriction on the use or disclosure of PHI to which Customer has agreed in accordance with HIPAA, to the extent that such restriction may affect Company’s use or disclosure of PHI, and (iv) obtain any authorization or consents as may be Required By Law for any of the uses or disclosures of PHI.

17. Term and Termination. This Agreement shall become effective on the Effective Date and shall continue in effect until the earlier to occur of (i) the expiration or termination of the Services Agreement or (ii) termination pursuant to this Section. Either party may terminate this Agreement and the Services Agreement effective immediately if it determines that the other party has breached a material provision of this Agreement and failed to cure such breach within 30 days of being notified by the other party of the breach. If the non-breaching party reasonably determines that cure is not possible, such party may terminate this Agreement and the Services Agreement effective immediately upon written notice to other party.

18. Effect of Termination. Upon termination of the Services Agreement, subject to any applicable provisions of the Services Agreement, Company shall return to Customer or destroy all PHI that Company maintains in any form and retain no copies of such PHI or, if return or destruction is not feasible (including without limitation if Company is required by applicable law to retain any such PHI for a time following termination), notify Customer thereof and extend the protections of this Agreement to the PHI and limit its further use or disclosure to those purposes that make the return or destruction of the PHI infeasible. The requirements of this Section shall survive termination or expiration of this Agreement and shall be in force as long as any PHI remains in the custody or control of Company.

19. Miscellaneous.

Notices.

CHARITYLOGIC C/O HARRIS CORPORATION
1 Antares Drive, Suite 400
Ottawa, Ontario K2E 8C4
Attention: CEO

with a copy to:

2429 Military Road, Suite 300
Niagara Falls, NY 14304
Attn: Privacy Officer

Notices given under this Agreement to Customer shall be sent to Customer at the contact information provided in writing to Company. Customer must include the name, title, email address and organization of the individual to be contacted. Customer shall ensure that such contact information remains up to date during the term of this Agreement. Customer’s failure to submit and maintain current contact information may delay Company’s ability to provide Breach notification under this BAA. Notices may be made electronically and will be deemed delivered (i) when delivered electronically or personally delivered, (ii) on the third business day after deposit, properly addressed and postage pre-paid, when sent by certified or registered U.S. mail to the address provided herein, or (iii) on the next business day when sent with next-business-day instruction by recognized overnight document delivery service to the address provided herein.

Nature of Relationship.

19.3. Waiver. A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of, any right or remedy as to subsequent events.

19.4. Severability. If any one or more of the provisions of this Agreement should be ruled wholly or partly invalid or unenforceable by a court or other government body of competent jurisdiction, the remainder of this Agreement shall not be affected thereby but rather the remainder of this Agreement shall be enforced to the greatest extent permitted by law.

19.5. Entire Agreement. This Agreement, together with the Services Agreement, constitutes the entire agreement between the parties concerning the subject matter hereof. No prior or contemporaneous representations, inducements, promises, or agreements, oral or otherwise, between the parties with reference thereto will be of any force or effect. Each party represents and warrants that, in entering into and performing its obligations under this Agreement, it does not and will not rely on any promise, inducement, or representation allegedly made by or on behalf of the other party with respect to the subject matter hereof, nor on any course of dealing or custom and usage in the trade, except as such promise, inducement, or representation may be expressly set forth herein.

19.6. Amendments. This Agreement may not be modified, nor shall any provision hereof be waived or amended, except in a writing duly signed by authorized representatives of the parties.

19.7. No Third Party Beneficiaries. No provision of this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assigns of the parties, any rights, remedies, obligations, or liabilities whatsoever, and any implication to the contrary is expressly disclaimed by each party.

19.8. Headings; Interpretation. The parties intend that this Business Associate Addendum be interpreted consistent with their intent to comply with HIPAA and other applicable federal and state law. The headings of the sections used in this Agreement are included for convenience only and are not to be used in construing or interpreting this Agreement. In the event of a conflict between the provisions of this Agreement and any provisions of the Services Agreement, the provisions of this Agreement shall control.