MASTER SAAS AND SERVICE LEVEL AGREEMENT

Download MSLA

Last updated on August 16, 2024

This MASTER SAAS AND SERVICE LEVEL AGREEMENT (“Agreement”) is entered into by and between LiveView Technologies, Inc. (“LVT”), a Delaware Corporation headquartered at 802 East 1050 South, Suite 300, American Fork, Utah 84003, and the individual or legal entity (“Customer”). In this Agreement, LVT and Customer are referred to individually as a “Party” and collectively as the “Parties”.  Capitalized terms used in this Agreement are defined in Section 12 of this Agreement or otherwise within the relevant Sections of this Agreement.

PLEASE READ THE FOLLOWING LVT AGREEMENT CAREFULLY. BY ACCEPTANCE OF THIS AGREEMENT, CUSTOMER AGREES THAT IT HAS READ THIS AGREEMENT AND, AFTER DUE CONSIDERATION, HEREBY AGREES TO BE BOUND BY ALL THE TERMS OF THE AGREEMENT. CUSTOMER REPRESENTS AND WARRANTS: THAT IT IS NOT A LEGAL MINOR; THAT IT IS COMPETENT TO ENTER INTO BINDING CONTRACTS; AND THAT IT IS NOT DEPENDING ON ANY PROMISES OR STATEMENTS OTHER THAN THOSE EXPRESSLY SET FORTH IN THIS AGREEMENT.  IF CUSTOMER IS A COMPANY OR OTHER LEGAL ENTITY, THE PERSON AGREEING TO THIS AGREEMENT HEREBY REPRESENTS AND WARRANTS THAT HE OR SHE HAS THE AUTHORITY TO BIND THE COMPANY OR OTHER LEGAL ENTITY TO THE TERMS OF THIS AGREEMENT.

1.    SYSTEM AND SAAS SOLUTION

1.1  System.  This Agreement contains the terms and conditions that govern and are applicable to Customer’s and its Users access to and use of the SaaS Solution, Hardware, Software, Services, Documentation, and other components of the System. Upon execution of this Agreement and an applicable Schedule by both Parties, LVT hereby grants to Customer and its Users the right to access and use the SaaS Solution, Hardware, Software, Services, Documentation, and other components of the System strictly in accordance with the terms and conditions of this Agreement and the applicable Schedule. Customer’s right to access and use of the SaaS Solution Hardware, Software, Services, Documentation, and other components of the System is granted by LVT to Customer under this Agreement strictly on a non-exclusive, non-transferable, non-sublicensable, and restricted basis only for Customer’s lawful internal business purposes during the applicable Schedule Term (as defined below), and is conditioned upon and subject to Customer’s timely payment to LVT of all Fees due or payable as required under this Agreement and all Schedules and Customer’s and its Users’ full compliance with all terms and conditions of this Agreement and all Schedules. 

1.2 SaaS Solution.  Pursuant to the applicable Schedule, LVT will provide to Customer and its Users access to and use of the SaaS Solution. Customer acknowledges and agrees that the SaaS Solution is currently operated and performed from and through Amazon Web Services (“Service Center”) and that Customer Data will be stored on and processed by equipment and systems at such Service Center; provided however, that the foregoing shall not prohibit LVT’s operation and performance of the SaaS Solution from a different service center or location in the United States, including if LVT determines that such different service center or location is necessary pursuant to LVT’s then-current disaster recovery plan or back up plan. Under the applicable Schedule, LVT shall provide to Customer and its Users access to and use of the SaaS Services via the Internet by use of unique User ID’s and passwords. LVT will provide all such User ID’s and passwords to one or more Customer administrators designated by Customer (“Administrators”) who will distribute such information to the Users. LVT will provide all such User ID’s and passwords to the Administrators following LVT’s receipt from Customer of written notice from the applicable Administrator of the name and e-mail address of each such User requiring a User ID and password. Following Customer’s written request to LVT, LVT will terminate the access and use rights associated with the requested User ID and password.

1.3 Term.  This Agreement shall be effective as of the Effective Date above and shall remain in effect for a period of twelve (12) months, and thereafter this Agreement shall automatically renew and continue for subsequent 12 month periods, unless written notice of non-renewal of this Agreement is provided by one Party to the other Party at least thirty (30) days prior to the expiration of the then-current twelve (12) month period of this Agreement. The initial twelve (12) month period and each subsequent twelve (12) month period of this Agreement is referred to in this Agreement as the “Term” of this Agreement. The Term of this Agreement is subject to earlier termination of this Agreement as provided for in this Agreement.

1.4  Schedules. LVT's provision of the SaaS Solution, Hardware, Software, Services, Documentation, and/or other components of the System to Customer under a Schedule shall commence on the start date specified in such Schedule (or if not specified therein, the date of LVT set up of the Hardware and/or initiation of Services for Customer under such Schedule) and shall continue until the end date specified in such Schedule (“Schedule Term”). Except as otherwise specified in the applicable Schedule, each Schedule shall automatically renew for additional Schedule Terms equal to the applicable expiring Schedule Term or one (1) year (whichever is shorter), unless either Party gives the other Party written notice of non-renewal of such Schedule at least thirty (30) days prior to the expiration of the then-current Schedule Term of such Schedule. If the Schedule Term of any Schedule extends past the Term of this Agreement, then such Schedule shall remain in effect and subject to the terms and conditions of this Agreement until the end of the Schedule Term of such Schedule or until it is earlier terminated pursuant to the terms of such Schedule or this Agreement. If any term or condition of any Schedule conflicts or is inconsistent with any of the terms or conditions of this Agreement, then the provisions of this Agreement shall be controlling and shall govern to the extent of such conflict or inconsistency, except to the extent such provisions of this Agreement are expressly stated in such Schedule to be superseded by the provisions of such Schedule and then in that case such provisions of such Schedule shall prevail solely with respect to the subject matter of such Schedule.

1.5  Customer Network. Customer acknowledges and agrees that it and its Users shall access and use the SaaS Services and Software provided or made available to Customer by LVT under this Agreement strictly in connection with the Hardware within the designated System for which it was provided by LVT to Customer under this Agreement. Set up of any Software by LVT for or on behalf of the Customer shall not include any modifications to the Customer’s network, systems, security, or firewall settings without Customer’s prior approval. LVT shall not be responsible or liable for any setup, operation, maintenance, performance, or compatibility issues for or in connection with Customer’s network or systems, all of which remain the sole responsibility and liability of Customer. LVT may charge Customer additional fees or amounts for services required to be performed by LVT due to any inability to connect the Hardware to Customer’s network or systems, or if any additional Hardware is required to facilitate connectivity between Customer’s network or systems and the Hardware. 

1.6   Third-Party Products and Services. LVT or third parties may from time-to-time make available to Customer third-party products or services, including but not limited to third-party applications and implementation, alert response services, customizations, and other consulting services (“Third-Party Products and Services”). Any purchase or acquisition by Customer of any such Third-Party Products and Services, and any exchange of data, information, or materials between Customer or its Users and any such third party providing any such Third-Party Products and Services, is solely between Customer or the applicable User and such third party, and not LVT. LVT does not make any representations, warranties, or guarantees for or in connection with any such Third-Party Products and Services or provide any maintenance, support, or assistance for any Third-Party Products and Services, whether or not they are designated by LVT as “certified” or otherwise, except as expressly specified in a Schedule regarding such Third-Party Products and Services entered into between Customer and LVT. Customer and LVT (i) will determine the appropriate terms and configuration of any Third-Party Products and Services and (ii) may modify and change the terms and configuration of Third-Party Products and Services by mutual agreement and by giving notice to the third-party service provider. Regarding third-party provided alert response services, the parties agree that Customer will receive alert response communications directly from the third-party alert response service provider; however, Customer should contact LVT for all other communication related to the third-party alert response services.

1.7  Suspension. LVT has and reserves the right to suspend Customer’s and/or any User’s access to or use of the SaaS Solution, Hardware, Software, Services, and/or any other components of the System: (i) for scheduled or emergency maintenance; (ii) immediately if Customer or any User breaches any provision of this Agreement or any Schedule; (iii) as LVT deems reasonably necessary to respond to any actual or potential security threat, breach, or concern, including those that may affect Customer, its Users, or any other LVT customer or users; or (iv) immediately if Customer or any User access to or use of the SaaS Solution, Hardware, Software, Services, or any other components of the System is interfering with or otherwise negatively impacting access to or use of any LVT product or service by any other LVT customers or users or is violating any applicable laws, rules, regulations, or third-party rights.

1.8  Customer Portal. Under this Agreement, LVT may provide Customer with access to an online customer interface portal (“Customer Portal”) for use by Customer in connection with its access to and use of the SaaS Solution, Hardware, Software, Services, and/or other components of the System. Customer’s use of the Customer Portal is subject to LVT’s policies and terms and conditions of use that LVT may establish from time-to-time and make available at the Customer Portal. Through such Customer Portal, Customer will provide to LVT the information requested by LVT, including Customer contact and payment information, and Customer will at all times keep all such Customer information accurate and up to date through the Customer Portal. Customer hereby consents to and grants LVT the right and authority to access and use the contact and other information Customer provides to LVT through the Customer Portal, including any and all e-mail addresses, to contact Customer from time-to-time. Customer will maintain the confidentiality and security of its Customer Portal login credentials provided by LVT to Customer. Customer will promptly notify LVT in writing of any known or reasonably suspected unauthorized access to its Customer Portal account, login credentials, or any other actual or potential breach of security of which Customer has knowledge involving the Customer Portal, SaaS Solution, Hardware, Software, Services, and/or any other component of the System. 

1.9 Cellular Data.  Under this Agreement, LVT will make the SaaS Solution available to Customer and its Users through the use of a cellular data connection selected by LVT. For the SaaS Solution, Customer will have access to unlimited cellular data.

2.   CUSTOMER RESPONSIBILITIES      

2.1  Cooperation.  Customer will reasonably cooperate with LVT in connection with the performance of this Agreement as may be deemed necessary by LVT, which may include Customer making available to LVT such Customer personnel and information as may be reasonably required by LVT to provide the SaaS Solution, Hardware, Software, Services, and/or any other component of the System to Customer. Customer is solely responsible and liable for determining whether the SaaS Solution, Hardware, Software, Services, and/or any other components of the System are sufficient for Customer’s purposes, including but not limited to, whether the SaaS Solution, Hardware, Software, Services, and/or any other components of the System meet or satisfy Customer’s legal and/or regulatory requirements.  

2.2  Software.  Customer's and its Users’ access to or use of the SaaS Solution, Hardware, Software, Services, and/or other components of the System may require Customer and Users to install certain Integration Software on Customer’s and Users computers, network, or systems, or may require Customer and Users to install certain LVT Mobile Software on Customer’s and Users mobile devices, which access and use shall be subject to the terms and conditions of this Agreement and applicable Schedule, including the access and use restrictions set forth in this Agreement and applicable Schedule. 

2.3  Customer Information. Customer acknowledges and agrees that Customer and Users shall be required to provide to and share with LVT certain information for the purposes of LVT providing the SaaS Solution and/or other components of the System under this Agreement or any Schedule, such as usernames, LVT Admin Panel passwords, and other login information. This information may include personal information (such as email addresses and/or telephone numbers) regarding Customer and Users, and LVT will use such information for the purposes of providing the SaaS Solution and/or other components of the System to Customer and Users. Prior to authorizing an individual to become a User, Customer is fully responsible and liable for obtaining the consent and authorization of that individual, in accordance with all applicable laws, to the use of his/her information by LVT for purposes of providing the SaaS Solution and/or other components of the System under this Agreement or any Schedule.

3.   FEES AND PAYMENT

3.1  Fees. Fees payable by Customer to LVT shall be specified in the applicable Schedule. Except as otherwise expressly stated in the applicable Schedule, Customer will pay to LVT the Fees set forth in each Schedule in full.  Such Fees in any Schedule may be increased by LVT by the lesser of the then-current Consumer Price Index for All Urban Consumers (CPI-U) or 3% for any subsequent renewal period of such Schedule. LVT shall send invoices to Customer for Fees due under a Schedule at the Customer address set forth on or in the LVT onboarding documents provided by Customer or at the Customer address set forth in the first paragraph of this Agreement above. 

3.2 Payment.  Unless otherwise expressly stated in the applicable Schedule, all Fees due from or payable by Customer to LVT under each Schedule shall be paid by Customer to LVT in full within thirty (30) days after the date of the LVT invoice therefor. All such Fees are payable by Customer to LVT in United States Dollars. Any such Fees not paid by Customer to LVT when due shall accrue interest at the lesser of 1.5% per month or the maximum interest rate allowed by applicable law until the overdue amount has been paid in full by Customer to LVT. In the event of any expiration or termination of this Agreement by LVT as provided for in this Agreement, no refund or return of any Fees paid by Customer to LVT under this Agreement shall be due or payable in any amount on account of such expiration or termination. In the event of termination of this Agreement by Customer as provided for in this Agreement, Customer shall be entitled as its sole and exclusive remedy, to receive a refund of any pre-paid subscription Fees paid by Customer to LVT for the SaaS Solution or Services not rendered by LVT under this Agreement as of the effective date of such termination. If any LVT invoice due date falls on a weekend, statutory holiday, or banking holiday, then that due date will automatically be deemed to be next business day. Customer shall not withhold or off-set any Fees payment due under any Schedule. Customer shall immediately notify LVT in writing of any disputed Fees amounts in any invoice received by Customer from LVT, and thereafter LVT and Customer shall use reasonable commercial efforts to resolve such disputed Fees amounts in such invoice; provided however, that if the Parties fail to resolve such dispute within sixty (60) days of the date of the disputed invoice, then Customer shall pay to LVT all Fees amounts in such invoice within ninety (90) days of the date of such invoice. Customer shall have no right, and hereby waives all right, to dispute any Fees amounts in any invoice more than ninety (90) days after the date of such invoice. Customer shall not be entitled to, and LVT shall not grant to Customer, any applicable credits (as determined by LVT) toward any Fees that are claimed or requested by Customer from LVT more than ninety (90) days after the date such credits first became creditable to Customer. Subject in all cases to Customer’ obligations to pay Fees to LVT as provided for in this Agreement and any Schedule, Customer may modify the payment method by which it processes or pays LVT invoices from time-to-time upon prior written notice to LVT. If a third-party payment processing service is utilized by Customer, whether online payment portal or vendor payment portal or otherwise, then Customer shall be solely responsible and liable for all use of such payment processing service, including Customer’s payment of any and all fees and amounts due or payable for use of such payment processing service.

3.3  Taxes. The Fees due from or payable by Customer to LVT under each Schedule do not include any applicable taxes, levies, duties, or similar governmental assessments or charges of any nature, including but not limited to value-added, goods and services, harmonized, sales, use or withholding taxes, assessable by any local, state, provincial, federal, or foreign government or jurisdiction (collectively, “Tax(es)”). Customer is solely responsible and liable for paying any and all Taxes, excluding only taxes payable by LVT based on LVT’s net income. If LVT has the legal obligation to pay or collect any Taxes for which Customer is responsible under this Section, then the appropriate Taxes amount shall be paid in full by Customer within thirty (30) days of the date of LVT’s invoice therefor. LVT shall specify in each invoice the Taxes due or payable by Customer to LVT under or in connection with the applicable Schedule. If requested by LVT, Customer shall cooperate with LVT to properly calculate any applicable Taxes under or in connection with the applicable Schedule.  LVT will invoice Customer for such Taxes based on Customer’s locations accessing or using the SaaS Solution, Hardware, Software, Services, and/or other components of the System under this Agreement or any Schedule. LVT invoices to Customer shall include and separately state each applicable Tax and will associate such Tax with the invoice line-item cost to which the Tax applies. If Customer asserts in writing in advance to LVT that any Fees under any Schedule are not subject to or are exempt from Taxes and Customer provides to LVT a valid written tax exemption certificate from the relevant governmental taxing authority(ies) indicating that Customer is in fact not subject to pay or is exempt from paying such Taxes, then LVT will refrain from collecting and remitting such Taxes.  If, however, any Tax(es) assessment results from LVT’s failure to timely collect or remit any Tax(es) due to LVT’s reliance on Customer’s assertion to LVT that no Tax is due or a valid Tax exemption certificate applies to Customer, then Customer shall be solely responsible and liable for payment of any and all such Tax(es), including any interest, penalties, expenses, and costs related to such Tax(es) assessment, and Customer shall defend, indemnify, and hold harmless LVT and its Affiliates from and against any and all such Tax(es) assessment, and from and against any and all costs and expenses incurred by LVT related to any such Tax(es) assessment.

3.4 Credit Card.  If the method of Customer payment of an invoice for Fees from LVT under this Agreement is by Customer credit card, then Customer agrees it shall: (i) keep Customer’s credit card information updated with LVT and (ii) authorize LVT to charge Customer’s credit card for all Fees and other amounts due from or payable by Customer to LVT under the applicable Schedule in advance monthly plus Taxes when due.

3.5  ACH.  If the method of Customer payment of an invoice for Fees from LVT under this Agreement is by ACH, then Customer agrees it shall: (i) complete and sign an ACH authorization form in favor of LVT; and (ii) keep Customer’s bank information for such ACH payment updated with LVT.  

3.6  Carrier Fees.  Customer acknowledges and agrees that: (i) Customer’s and Users’ third-party carriers or service providers may charge fees or amounts for data usage, messaging, telephone calls, or other services that are required for them to access or use the SaaS Solution, Services, and/or other components of the System; and (ii) Customer and Users are solely responsible and liable for any and all such fees, amounts, access, and usage in connection with any such third-party carriers or service providers.

3.7 Insufficient Funds. If any payment of Fees by Customer to LVT under this Agreement is returned based upon insufficient or unavailable funds in the Customer account upon which such payment was drawn, a minimum insufficient funds (“NSF”) charge of thirty-five ($35.00) dollars will be charged by LVT to Customer and will be paid by Customer to LVT as an additional payment to LVT. Any such NSF charge or payment shall not reduce or otherwise affect any of the Fees payment obligations of Customer to LVT under this Agreement or any Schedule. 

3.8  Collections.  Customer acknowledges and agrees that it shall be responsible and liable for and shall reimburse LVT for any and all costs, expenses, fees, and other amounts (including collection expenses, courts costs, and reasonable attorneys’ fees) incurred by LVT to enforce any of Customer’s Fees payment obligations to LVT under this Agreement and any Schedule.

4.   RESTRICTIONS

Customer shall not, and shall not permit any Users nor any third party or individual to: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover or discern the source code, object code or underlying structure, ideas, or algorithms of the SaaS Solution, Hardware, Software, Services, or any other component of the System, and/or any data related to the SaaS Solution, Hardware, Software, Services, or any other component of the System (except to the extent such prohibition is contrary to applicable law that cannot be excluded by agreement of the Parties); (ii) modify, change, revise, translate, or create any derivative works of or based on the SaaS Solution, Hardware, Software, Services, and/or any other component of the System; (iii) share, rent, lease, loan, resell, transfer, license, sublicense, distribute, or otherwise provide access to or use of the SaaS Solution, Hardware, Software, Services, or any other component of the System to or with any third party or individual, or use or otherwise provide the SaaS Solution, Hardware, Software, Services, or any other component of the System for or in any timesharing or service bureau purposes or arrangements; or (iv) access or use the SaaS Solution, Hardware, Software, Services, or any other component of the System other than by Customer and its Users in accordance with this Agreement, the applicable Schedule, and in compliance with all applicable laws, rules, and regulations.

5.  DELIVERY, SET UP, AND USE OF HARDWARE

5.1 Shipping and Set up.  Customer shall pay to LVT any and all shipping and set up Fees, charges, and other amounts for the Hardware under the applicable Schedule which shall be payable by Customer to LVT in accordance with such Schedule. LVT may invoice Customer for, and Customer shall pay to LVT, any and all Fees, charges, and other amounts for additional or add-on Hardware and/or other System components agreed to by Customer and LVT in the applicable Schedule which are delivered or stored by LVT for Customer, and/or for any and all Services performed by LVT for Customer before completion of the Hardware and/or other System components set up, relocation of existing Hardware, activation of the System, or any other Service(s). All unpaid and outstanding Fees, charges, and other amounts payable by Customer to LVT under this Agreement and the applicable Schedule shall be due and payable by Customer to LVT prior to completion of the set up of the Hardware and/or other System components under such Schedule and as a precondition to activation of the SaaS Solution, Services, and/or any other System components under such Schedule.  

5.2 Maintenance and Repair. LVT will provide the Services to Customer as set forth in this Agreement and the applicable Schedule. LVT and its personnel shall use reasonable efforts when at Customer’s location to perform Services in compliance with Customer’s reasonable policies and guidelines regarding site safety and security that have been provided in writing by Customer to LVT reasonably in advance of LVT’s personnel arrival at the relevant Customer location. As part of the Services, upon Customer's request to LVT, LVT will provide to Customer maintenance and repair of the covered Hardware as determined by LVT to be necessary due to Customer’s normal use, wear, and tear of such Hardware. Additional charges shall be applicable and payable by Customer to LVT for any Services for maintenance and repair of such Hardware which are determined by LVT to be necessary due to changes or alterations in the Customer's locations or premises, changes or alterations of or to the Hardware or other components of the System (or any part thereof) made at the request of the Customer, or damage to the Customer’s locations or premises or to the Customer’s alarm system, or any other causes or events beyond the reasonable control of LVT. Any Services for set up, maintenance, or repairs of the Hardware or other components of the System shall be performed by LVT during LVT’s normal working hours of 8:00 A.M. to 4:30 P.M., Monday through Friday, except holidays observed by LVT. Customer acknowledges and agrees that any such Services for set up, maintenance, or repairs are strictly for the specific Hardware or other components of the System covered under this Agreement, and that LVT has no obligation or liability to install, maintain, support, repair, service, replace, operate, or assure the operation of any device or devices of Customer, Users, or any third party or individual.

5.3  Representations and Warranties. Under this Agreement, LVT represents and warrants to Customer that:(i) LVT shall perform the Services in a professional and workman-like manner in accordance with industry practices and standards for similar services using competent LVT personnel having expertise suitable to perform their respective assignments from LVT to provide the Services to Customer under this Agreement;(ii) the SaaS Solution, Hardware, and Software as provided by LVT to Customer under this Agreement and the applicable Schedule shall materially conform to the descriptions and specifications therefor as set forth in the applicable Documentation provided by LVT to Customer in writing under this Agreement; and (iii) LVT will use reasonable efforts through employment of Virus scanning technology to endeavor that no Viruses are contained in the SaaS Solution or Software. 

5.4 Risk of Loss or Damage. LVT hereby acknowledges and agrees that it assumes and shall bear all risk and liability for any and all loss, theft, damage, and/or destruction of any Hardware while such Hardware is in Customer’s possession or control, except for any loss, theft, damage, and/or destruction due to Customer’s gross negligence or willful or intentional harm. In the event of any such loss, theft, damage, or destruction of such Hardware, Customer shall immediately notify LVT in writing thereof and follow LVT’s instructions regarding such Hardware.

5.5 Indemnification by LVT. LVT shall defend, indemnify, and hold harmless Customer from and against any and all claims and demands, and all related losses, damages, liabilities, judgments, awards, suits, costs, and expenses (including reasonable attorneys’ fees and court costs) (collectively, “Customer Claim”) to the extent arising from bodily injury, death, or damage to real or tangible property directly caused by the gross negligence or willful misconduct of LVT or its employees or agents occurring while performing the Services for Customer under this Agreement while present at Customer’s location(s) where such Services are provided by LVT to Customer under this Agreement. Notwithstanding the foregoing, LVT’s obligations and liabilities provided for in this Section shall not apply to any Customer Claim arising from or in connection with any negligence or misconduct of Customer, its employees, or agents, or of any other individuals who are not LVT employees or agents providing the Services to Customer under this Agreement. LVT’s obligations and liabilities provided for in this Section are conditioned upon and subject to Customer: (i) promptly notifying LVT of the relevant Customer Claim in writing; (ii) tendering to LVT the sole and exclusive right to defend or settle such Customer Claim; and (iii) fully cooperating with LVT in LVT’s defense or settlement of such Customer Claim at LVT’s sole cost and expense. Customer shall not enter into any settlement of any Customer Claim without LVT’s express prior written approval.

5.6 DISCLAIMER. CUSTOMER ACKNOWLEDGES AND AGREES THAT THE FEES AND OTHER AMOUNTS LVT CHARGES CUSTOMER UNDER THIS AGREEMENT ARE BASED UPON THE VALUE OF THE SYSTEM LVT PROVIDES TO CUSTOMER UNDER THIS AGREEMENT AND ARE UNRELATED TO THE VALUE OF ANY OF CUSTOMER'S LOCATIONS, PROPERTY, OR PREMISES, ANY PROPERTY OF ANY THIRD PARTY LOCATED IN OR ON CUSTOMER'S LOCATIONS, PROPERTY, OR PREMISES, OR ANY RISK OF LOSS AT ANY OF CUSTOMER'S LOCATIONS, PROPERTY, OR PREMISES. OTHER THAN THE EXPRESS REPRESENTATIONS AND WARRANTIES SET FORTH IN THIS SECTION ABOVE, LVT MAKES NO AND HEREBY EXPRESSLY DISCLAIMS ANY AND ALL REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, LVT DOES NOT REPRESENT OR WARRANT THAT (a) THE SAAS SERVICES, HARDWARE, SOFTWARE, SERVICES, OR ANY OTHER COMPONENTS OF THE SYSTEM OR ANY THIRD-PARTY PRODUCTS AND SERVICES WILL NOT BE COMPROMISED AND/OR CIRCUMVENTED, (b) USING THE SAAS SERVICES, HARDWARE, SOFTWARE, SERVICES, OR ANY OTHER COMPONENTS OF THE SYSTEM OR ANY THIRD-PARTY PRODUCTS OR SERVICES WILL PREVENT ANY LOSS, DAMAGE, EXPENSE, OR INJURY DUE TO ANY CAUSES, INCLUDING WITHOUT LIMITATION ANY BURGLARY, HOLD-UP, ROBBERY, THEFT, CRIME, FIRE, OR OTHERWISE, OR (c) THE SAAS SERVICES, HARDWARE, SOFTWARE, SERVICES, OR ANY OTHER COMPONENTS OF THE SYSTEM OR ANY THIRD-PARTY PRODUCTS AND SERVICES WILL PROVIDE THE PROTECTION REQUIRED OR INTENDED BY CUSTOMER. UNDER THIS AGREEMENT, THE RISK OF ANY AND ALL SUCH LOSS, DAMAGE, EXPENSE, OR INJURY REMAINS SOLELY WITH CUSTOMER, AND NOT LVT. INSURANCE, IF ANY, COVERING ANY SUCH RISK, LOSS, DAMAGE, EXPENSE, OR INJURY SHALL BE THE SOLE RESPONSIBILITY OF CUSTOMER, AND NOT OF LVT. LVT SHALL HAVE NO RESPONSIBILITY OR LIABILITY FOR ANY LOSS, DAMAGE, EXPENSE, OR INJURY DUE DIRECTLY OR INDIRECTLY TO ANY OF THE EVENTS DESCRIBED ABOVE IN THIS SECTION, OR THE CONSEQUENCES FLOWING THEREFROM. CUSTOMER HEREBY RELEASES AND WAIVES TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAW FOR ITSELF AND ITS INSURERS ALL SUBROGATION AND OTHER RIGHTS TO RECOVER FROM LVT ARISING AS A RESULT OF PAYING ANY CLAIM FOR LOSS, DAMAGE OR INJURY OF CUSTOMER, USERS, OR ANY THIRD PARTY OR INDIVIDUAL. THE DISCLAIMERS, PROTECTIONS, LIMITATIONS, AND WAIVERS IN THIS SECTION SHALL ALSO BE APPLICABLE TO LVT’s AFFILIATES, SUPPLIERS, LICENSORS, AND THIRD-PARTY SERVICE PROVIDERS.

6. LIMITATION OF LIABILITY. NOTWITHSTANDING ANYTHING IN THIS AGREEMENT OR ANY SCHEDULE OR EXHIBIT TO THE CONTRARY, IN NO EVENT SHALL LVT BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ANY SCHEDULE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR SPECIAL DAMAGES OF ANY NATURE WHATSOEVER, OR FOR ANY LOST PROFITS, HOWEVER CAUSED. NOTWITHSTANDING ANYTHING IN THIS AGREEMENT OR ANY SCHEDULE OR EXHIBIT TO THE CONTRARY, ANY AND ALL LIABILITY OF LVT UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ANY SCHEDULE SHALL BE LIMITED IN ALL CASES TO DIRECT DAMAGES ONLY WHICH IN THE AGGREGATE SHALL NOT EXCEED THE FEES PAID BY CUSTOMER TO LVT UNDER THIS AGREEMENT IN THE ONE (1) YEAR PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO CUSTOMER’S CLAIM FOR DAMAGES OR LVT LIABILITY. THE DISCLAIMERS AND LIMITATIONS OF LIABILITY IN THIS SECTION SHALL APPLY NO MATTER HOW THE LOSS, DAMAGE, EXPENSE, INJURY, OR OTHER CONSEQUENCE OCCURS, EVEN IF DUE TO LVT’S PERFORMANCE, NONPERFORMANCE, OR BREACH OF ITS OBLIGATIONS UNDER THIS AGREEMENT OR FROM NEGLIGENCE (INCLUDING TORT), ACTIVE OR OTHERWISE, STRICT LIABILITY, VIOLATION OF ANY APPLICABLE LAWS, OR ANY OTHER ALLEGED FAULT ON THE PART OF LVT, ITS EMPLOYEES OR AGENTS. THE DISCLAIMERS AND LIMITATIONS OF LIABILITY IN THIS SECTION SHALL APPLY EVEN IF LVT WAS ADVISED OF THE POSSIBILITY OR LIKELIHOOD OF ANY SUCH LOSS, DAMAGE, EXPENSE, INJURY, OR OTHER CONSEQUENCE. THE DISCLAIMERS AND LIMITATIONS OF LIABILITY IN THIS SECTION SHALL ALSO BE APPLICABLE TO LVT’s AFFILIATES, SUPPLIERS, LICENSORS, AND THIRD-PARTY SERVICE PROVIDERS.

7.  TERMINATION

7.1  Breach.  Either Party may terminate this Agreement upon written notice of such termination to the other Party if the other Party has committed a material breach of the terms or conditions of this Agreement or any Schedule and such Party fails to cure such breach within thirty (30) days of such Party’s receipt of written notice of such breach from the non-breaching Party.

7.2  Bankruptcy.  Either Party may terminate this Agreement upon written notice of such termination to the other Party: (i) upon the institution or if a petition is filed, notice is given, a resolution is passed, or an order is made, in each case by or against the other Party under any applicable laws relating to insolvency, administration, liquidation, receivership, bankruptcy, or any other winding up proceedings; (ii) upon the other Party’s making an assignment for the benefit of creditors or making a voluntary arrangement with its creditors; (iii) upon the other Party’s dissolution or ceasing, or threatening to cease to do business; or (iv) if any event occurs, or proceeding is instituted, with respect to the other Party that has the equivalent or similar effect to any of the events provided for in this Section above.

7.3  Other Termination.  In addition to LVT’s termination rights provided for in this Agreement or the applicable Schedule, LVT shall have the right to terminate this Agreement and/or any Schedule and/or to discontinue any SaaS Solution, Hardware, Software, Service(s), and/or any other components of the System under this Agreement or any Schedule at any time upon written notice of such termination or discontinuance to Customer if: (i) LVT’s connections or connectability to provide the SaaS Solution, Hardware, Software, Services, and/or other components of the System to Customer under this Agreement or any Schedule are/is damaged or destroyed by fire, weather, catastrophe, or any other cause beyond LVT’s reasonable control, or if LVT is unable or if it is impractical for LVT to obtain or maintain any connections, rights, or privileges required for the SaaS Solution, Hardware, Software, Services, and/or other components of the System to transmit signals between the Customer's locations or premises and LVT’s designated locations or premises; (ii) Customer fails to follow and implement LVT’s requirements or recommendations for the repair or replacement of any defective parts of the Hardware and/or other components of the System; (iii) Customer fails to comply with the Documentation or other written operating instructions for the Hardware and/or other components of the System provided by LVT to Customer which LVT in its sole discretion determines results in an undue number of false alarms or malfunctions for or in connection with the Hardware and/or other components of the System; (iv) in LVT’s sole opinion, the Customer locations or premises where the Hardware and/or other components of the System are or are to be installed are unsafe, unsecure, unsuitable, or so modified or altered after set up so as to render continuation of SaaS Solution, Hardware, Software, Service(s), and/or other components of the System unsafe, unsecure, unsuitable, impractical or impossible; or (v) delivery or provision of the SaaS Solution, Hardware, Software, Services, and/or other components of the System, or continued delivery or provision of the SaaS Solution, Hardware, Software, Services, and/or other components of the System, violates of any applicable laws, rules, regulations, or rights of any third party or individual. LVT shall not be responsible or liable for any damages, losses, costs, and/or expenses of Customer or Users which result from or are in connection with any such termination of this Agreement and/or any Schedule and/or any discontinuance of any SaaS Solution, Hardware, Software, Service(s), and/or other components of the System by LVT in accordance with the foregoing in this Section above.

7.4  Post-Termination.  Upon any expiration or termination of this Agreement, in addition to any and all other rights and remedies of LVT under this Agreement, at law, or in equity: (i) Customer shall immediately cease all access to and use of the SaaS Solution, Hardware, Software, Services, Documentation, and other components of the System; (ii) LVT shall at its option have the right to take immediate possession of the Hardware and charge Customer for LVT’s costs and expenses to collect the Hardware plus a 1.0% service charge on all such amounts, or declare immediately due and payable, without additional notice presentment or demand, an amount equal to the total of (a) all unpaid Fees and other amounts due from Customer to LVT hereunder, whether accrued or due for the balance of the applicable Schedule Term not yet due, plus (b) as determined by LVT the anticipated fair market value of the Hardware at the end of the Schedule Term if such Hardware is not returned by Customer to LVT within ten (10) days of the end of such Schedule Term; and (iii) Customer shall ensure that all collected or returned Hardware shall be in good working condition and repair (ordinary wear and tear excepted). Customer acknowledges and agrees that Customer has no and shall have no right of purchase and no equity in the Hardware or any other component of the System under this Agreement or any Schedule, or by operation of law or otherwise.

8.   CONFIDENTIALITY

8.1  Confidential Information. Under this Agreement, the term “Confidential Information” means any information or data disclosed, provided, or made available by one Party (“Disclosing Party”) to the other Party (“Receiving Party”) under or in connection with this Agreement or any Schedule in any form (whether written, electronic, oral, or otherwise) that is marked or labelled as confidential or proprietary to the Disclosing Party, that at the time of disclosure is declared by the Disclosing Party to be confidential or proprietary to the Disclosing Party, or that reasonably should be understood to be confidential or proprietary to the Disclosing Party given the nature of the information or data and the circumstances of its disclosure, including without limitation, any trade secrets, technology, technical information, inventions, know-how, ideas, methods, business, financial and customer information, pricing, forecasts, strategies, and product and service development plans.  Customer Data and Customer Personal Data are hereby deemed to be Customer Confidential Information. The SaaS Solution, Hardware, Software, Services, Documentation, and other components of the System are hereby deemed to be LVT Confidential Information. This Agreement and the Schedules are hereby deemed to be LVT Confidential Information, including the terms and conditions of this Agreement and all Schedules. The Receiving Party acknowledges and agrees that any and all Confidential Information of the Disclosing Party is and shall remain owned by and be the exclusive property of the Disclosing Party and that nothing in the Agreement shall be construed or deemed to grant or convey to the Receiving Party any rights or licenses in or to the Confidential Information of the Disclosing Party except as expressly set forth in this Agreement.

8.2  Non-Disclosure and Non-Use.  The Receiving Party agrees it shall: (i) not disclose or provide any Confidential Information of the Disclosing Party to any third party or individual other than Receiving Party’s employees, agents, and contractors (“Representatives”) with a need to know such Confidential Information of the Disclosing Party and who have entered into written non-disclosure and non-use agreements with the Receiving Party providing for protection of the Disclosing Party’s Confidential Information on terms no less protective and restrictive than those contained in this Section, and (ii) not use Confidential Information of the Disclosing Party except solely as reasonably required for Receiving Party to exercise its rights or fulfill its obligations under or in connection this Agreement and each Schedule. The Receiving Party agrees that it is and shall be responsible and liable for any breach of this Agreement or any Schedule by any of its Representatives. The Receiving Party further agrees that it shall use the same degree of care to protect against unauthorized disclosure and unauthorized use of such Confidential Information of the Disclosing Party that the Receiving Party uses with respect to its own confidential or proprietary information of similar nature, but in no event will the Receiving Party use less than a reasonable degree of care to protect such Confidential Information of the Disclosing Party against unauthorized disclosure and unauthorized use.  For the avoidance of doubt, Customer acknowledges and agrees that LVT uses the services of certain third parties for or in connection with the provision of the SaaS Solution, Hardware, Software, Services, and other components of the System to Customer and Users and that such third parties will have access to Customer’s Confidential Information, subject to LVT’s compliance with this Section.

8.3 Exceptions.  Confidential Information of the Disclosing Party will not include any information or data to the extent the Receiving Party can demonstrate through competent documented evidence that such information or data: (i) is or becomes generally available to the public without any breach of this Agreement by the Receiving Party, or otherwise without any wrongful act of the Receiving Party; (ii) was already in the Receiving Party’s possession or already known by the Receiving Party prior to initial receipt from the Disclosing Party; (iii) was rightfully disclosed to the Receiving Party without restriction by a third party who had no confidentiality or non-disclosure obligations or duties owed to the Disclosing Party; or (iv) was independently developed by the Receiving Party without any use of or reference to any Confidential Information of the Disclosing Party. 

8.4  Legally Required Disclosure. Nothing in this Agreement will prevent the Receiving Party from disclosing Confidential Information of the Disclosing Party to the extent required by judicial or governmental order, provided that, to the extent permitted by applicable law, the Receiving Party shall give the Disclosing Party reasonable prior written notice of such required disclosure and the Confidential Information of Disclosing Party required to be disclosed pursuant to such judicial or governmental order so as to permit the Disclosing Party to contest such disclosure or seek an appropriate remedy for or in connection with such disclosure. If such remedy is not secured by the Disclosing Party, the Receiving Party agrees that it shall furnish only that portion of the Confidential Information of the Disclosing Party which the Receiving Party is legally required to furnish and, in conjunction with the Disclosing Party, to use all reasonable efforts to assure that the information is maintained in confidence by the party to whom it is so furnished.

8.5  Injunctive Relief.  The Receiving Party acknowledges and agrees that any breach of its non-disclosure and non-use obligations provided for in this Section may result in serious and irreparable harm to the Disclosing Party for which the Disclosing Party may not be adequately compensated and for which damages are difficult to accurately measure. Therefore, the Receiving Party acknowledges and agrees that, in addition to all other rights and remedies that the Disclosing Party may have available to it under this Agreement, at law, or in equity, the Disclosing Party shall be entitled to seek the specific performance of such obligations of the Receiving Party and to both temporary and permanent injunctive relief without the necessity of posting any bond or other security.

8.6  Return or Destruction.  The Receiving Party shall, upon any expiration or termination of this Agreement or otherwise upon the written request of the Disclosing Party to the Receiving Party, promptly return to the Disclosing Party, or destroy if so instructed by the Disclosing Party, and provide written certification to the Disclosing Party of such return or destruction, all Confidential Information of the Disclosing Party, without retaining any copy, extract or summary of any part thereof. Notwithstanding the foregoing, the Receiving Party may retain copies of Confidential Information of the Disclosing Party to the extent necessary for purposes of the Receiving Party’s compliance with its ordinary course internal document retention and backup requirements and procedures, provided that such Confidential Information of the Disclosing Party shall remain subject to the Receiving Party’s non-disclosure and non-use obligations provided for in this Section for so long as such Confidential Information of the Disclosing Party is so retained by the Receiving Party.

8.7  Data Protection Addendum. During the term of this Agreement, LVT and Customer shall comply with their respective obligations set forth in the Data Protection Addendum attached to this Agreement as Exhibit A.

9.   INTELLECTUAL PROPERTY RIGHTS; FEEDBACK

9.1  Intellectual Property Rights.  Customer acknowledges and agrees that LVT, its Affiliates, suppliers, or licensors exclusively own and retain any and all Intellectual Property Rights in, to, or relating to the SaaS Solution, Hardware, Software, Services, Documentation, and any and all other components of the System, including any and all Updates, modifications, changes, revisions, improvements, and derivative works thereof. This Agreement does not sell, convey, transfer, or assign to Customer or any User any rights of ownership in or to the SaaS Solution, Hardware, Software, Services, Documentation, or any other components of the System, or in or to any Intellectual Property Rights of LVT, its Affiliates, suppliers, or licensors. LVT, its Affiliates, suppliers, and licensors reserve all rights not expressly granted.

9.2  Performance Data.  As between the Parties, LVT shall exclusively own any and all Performance Data. Notwithstanding anything in this Agreement or any Schedule to the contrary, Customer acknowledges and agrees that LVT has the right to: (i) use and modify Customer Data for the purposes of (a) LVT providing the SaaS Solution, Hardware, Software, Services, and/or other components of the System to Customer and Users under this Agreement and the Schedules, and (b) LVT generating, developing, or creating Performance Data; and (ii) freely use, make available, distribute, market, sell, and otherwise exploit Performance Data for any LVT business purposes, including without limitation, for improving, developing, testing, operating, promoting, and marketing the SaaS Solution, Hardware, Software, Services, and other components of the System and any other LVT products and services.

9.3  Feedback.  Although not obligated to do so, Customer and/or Users may choose to provide to LVT or any of LVT’s personnel feedback, suggestions, ideas, comments, improvements, or other information or data regarding or in connection with the SaaS Solution, Hardware, Software, Services, and/or other components of the System or any other LVT products or services (“Feedback”).  If Customer and/or Users provide any such Feedback to LVT, then Customer and/or Users hereby assign to LVT any and all Intellectual Property Rights of Customer and Users in and to any such Feedback, and Customer and Users hereby waive any and all claims they may have now or may hereafter have in the future in any country or jurisdiction to so-called “rental rights,” “moral rights,” and all rights of “droit moral” in such Feedback (even if such Feedback is altered or changed in a manner not agreeable to Customer or Users). Customer and Users represent and warrant to LVT that Customer and Users have all rights and authorizations necessary or required to make the assignments and waivers provided for in this Section. Customer and Users will at LVT’s cost and expense reasonably assist LVT in its efforts to formalize, register, protect, and/or otherwise perfect LVT’s rights in any such Feedback, including through the execution and delivery of documentation LVT determines is necessary or expedient for LVT to formalize, register, protect, and/or otherwise perfect LVT’s rights in any such Feedback.

10.  GOVERNMENT MATTERS

10.1  Export. Notwithstanding anything in this Agreement or any Schedule to the contrary, Customer shall not use, export, or re-export, or allow the export or re-export of, the SaaS Solution, Hardware, Services, Documentation, and/or any other components of the System, or anything related thereto or any direct product thereof, in violation of any restrictions, laws, or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. Customer represents and warrants to LVT that Customer and Users are not named on any U.S. government denied-party list. Customer and Users shall not access or use the SaaS Solution, Hardware, Software, Services, Documentation, or any other components of the System in or for any U.S. embargoed country.

10.2  Anti-Corruption. Customer acknowledges and agrees that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from LVT or any LVT employee or agent in connection with this Agreement or any Schedule. If Customer learns of any violation of the above restriction in this Section, then Customer will promptly notify LVT in writing thereof.

11.  MISCELLANEOUS

11.1  Severability.  If any provision of this Agreement or Schedule is found to be unenforceable or invalid by an arbitration panel or court of competent jurisdiction as provided for in this Agreement, then such provision will be limited or eliminated to the minimum extent necessary to comply with such finding and the other provisions of this Agreement and Schedules will otherwise remain in full force and effect in accordance with the remaining terms and conditions of this Agreement and Schedules.  

11.2  Assignment. Neither this Agreement, nor any of the rights or obligations under this Agreement, shall be assigned or transferred by Customer to any third party without LVT’s express prior written consent.  LVT may transfer or assign this Agreement, or any of its rights or obligations under this Agreement, to any Affiliate or third party. This Agreement and the Schedules shall be binding upon and shall inure to the benefit of the Parties hereto and their respective permitted successors and permitted assigns.

11.3  Survival. The Sections of this Agreement which by their nature should survive termination or expiration of this Agreement will survive termination or expiration of this Agreement, including Sections 3, 4, 5.4, 5.6, 6, 7, 8, 9, and 11.

11.4 Entire Agreement; Amendment. This Agreement including all Schedules and Exhibits attached hereto is the complete and exclusive statement of the mutual understanding of the Parties relating to the subject matter of this Agreement, and supersedes and replaces any and all previous written and oral agreements, communications, and other understandings between the Parties relating to the subject matter of this Agreement. This Agreement and each Schedule in order to be effective shall have been signed by an authorized representative of each of the Parties.  Any amendments or modifications to this Agreement or any Schedule shall be effective only to the extent they are made expressly in writing signed by each of the Parties.  Any waiver of any of the terms or conditions of this Agreement or any Schedule by a Party shall be effective only to the extent they are made expressly in writing signed by such Party.  No force or effect shall be given to any terms or conditions contained on or in any Customer purchase order or any other Customer form document issued by Customer to LVT under or in connection with this Agreement, even if accepted or not rejected by LVT. No agency, partnership, joint venture, franchise, or employment relationship of any kind is created or entered into between the Parties under or as a result of this Agreement or any Schedule. Customer does not and shall not have any authority or right of any kind to bind LVT, its Affiliates, suppliers, or licensors in any respect whatsoever. 

11.5  Notices. All notices required or permitted to be given between the Parties under this Agreement shall be in writing and shall be deemed to have been duly given to the other Party at its address first listed above in this Agreement: (i) when received, if personally delivered; (ii) when received, if delivered by courier service; and (iii) upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid.

11.6  Force Majeure. Neither Party shall be liable or responsible to the other Party under this Agreement or any Schedule for any failure or delay in fulfilling or performing any of its obligations under this Agreement or any Schedule (except for obligations of Customer to make payments of Fees to LVT hereunder) if and to the extent such failure or delay is caused by or results from events or acts beyond the affected Party’s reasonable control, including without limitation: acts of God; flood, fire or explosion; war, invasion, riot or other civil unrest; pandemics; actions, embargoes or blockades in effect on or after the Effective Date of this Agreement; or national or regional emergency (each of the foregoing, a “Force Majeure Event”). The Party whose performance of its obligations under this Agreement or any Schedule is prevented or delayed by a Force Majeure Event shall give written notice thereof to the other Party, stating the period of time the occurrence of the Force Majeure Event is expected to continue and the affected Party shall use diligent efforts to end the failure or delay and minimize the effects of such Force Majeure Event on the performance of its obligations under this Agreement and applicable Schedule(s).  Without limiting the foregoing, Customer acknowledges and agrees that LVT assumes no and shall have no responsibility or liability for any interruptions, delays, or failures in set up of the Hardware or for the consequences therefrom, however caused, or for any interruptions, delays, or failures of the SaaS Solution, Hardware, Software, Services, and/or any other components of the System or for the consequences therefrom, due to any Force Majeure Event, and LVT shall not be required to provide the SaaS Solution, Hardware, Software, Services, and/or any other components of the System to Customer or Users while such interruption, delay, or failure of the SaaS Solution, Hardware, Software, Services, and/or any other components of the System is due to any such Force Majeure Event.

11.7 Governing Law; Venue. This Agreement and the Schedules shall be governed by the laws of the State of Delaware, and the applicable Federal laws of the U.S.A., without regard to conflict or choice of laws rules or principles. The Parties agree that any dispute between the Parties arising from or relating to this Agreement or any Schedule shall be brought in a court of competent jurisdiction in the State of Utah. Each party waives and agrees not to plead or claim that a dispute brought in such court has been brought in an inconvenient forum. Notwithstanding the foregoing, LVT shall have the right at any time to institute or bring any action or proceeding in any court of competent jurisdiction for collecting past due Fees or seeking injunctive or other equitable relief for or in connection with any Intellectual Property Rights of LVT or any Confidential Information of LVT.

11.8 Prevailing Party.  In any arbitration, or legal action or proceeding between the Parties in connection with this Agreement or any Schedule, the prevailing Party in such arbitration, or legal action or proceeding will be entitled to recover and be awarded its costs and attorneys’ fees incurred by such Party in such arbitration, or legal action or proceeding.

11.9  Remedies.  The rights and remedies of LVT under this Agreement, the Schedules, or otherwise available to LVT at law or in equity, are not exclusive, but rather shall be cumulative and the exercise of any particular right or remedy by LVT shall not preclude the exercise of any other rights or remedies by LVT in addition to, or as an alternative of, such right or remedy.

11.10  Counterparts.  This Agreement and each Schedule may be executed by the Parties in any number of counterpart originals, each of which shall be deemed an original instrument for all purposes, but all of which together shall comprise one and the same instrument. Signed copies of this Agreement and each Schedule may be delivered by a Party to the other Party by facsimile or email, and a facsimile or scanned copy of this Agreement and each Schedule so delivered shall be binding as an original.

12.  DEFINITIONS

12.1 “Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with another entity, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.

12.2 “Customer” means the entity identified at the top of this Agreement as the Customer.

12.3 “Customer Data” means any information or data about Customer or Users that is supplied to LVT by Customer or any User in connection with their access to or use of the SaaS Solution or Services, or which LVT is required to access, use, generate, process, store, or transmit pursuant to this Agreement, including information about Customer’s and Users’ respective devices, computers, and use of the SaaS Solution or Services.

12.4 “Customer Personal Data” means any Customer Data that is personal data as defined under applicable Data Protection Laws.

12.5 “Data Protection Laws” means any applicable data protection laws, regulations, and legally binding codes of practice from time-to-time in force applicable to the performance of a Party’s obligations under this Agreement and any implementing legislation in the jurisdiction in which the Customer is located and any legislation which is analogous to and has the same object as the foregoing, namely the control and protection of data which is personal to individuals.

12.6 "Documentation" means all LVT documentation and/or other materials (including manuals, instructions, training materials, user guides, specifications, flow charts, technical and functional specifications, logic diagrams, and other support materials) for the access, use, operation, and/or functionality of the SaaS Services, Hardware, Software, Services, and/or other components of System provided or made available by LVT to Customer pursuant to this Agreement.  

12.7 “Fees” means any and all fees and other amounts due from or payable by Customer to LVT as set forth on the Payment Schedule in a Schedule or as otherwise provided for in this Agreement or any Schedule.

12.8 “Hardware” means the LVT hardware and/or equipment listed or described in  a Schedule and made available to Customer and Users by LVT under such Schedule and this Agreement, including any and all Updates of the preceding. 

12.9 “Integration Software” means all (i) LVT proprietary software and (ii) open source software used in providing the SaaS Solution or Services which integrates with Customer’s network or application, including SSL or other VPN, Unix operating system, Microsoft application, or web application, as provided in the Documentation and any Updates, upgrades, fixes, or patches of the preceding developed and provided or made available to Customer by LVT under this Agreement from time-to-time.

12.10 “Intellectual Property Rights” means any and all patents, copyrights, trademarks, trade secrets, (including applications and registrations for any of the preceding rights), and any and all other intellectual, proprietary, and industrial property rights of whatever nature in each case in any part of the world and whether or not registered or registerable, for the full period of the applicable afforded rights and any and all extensions and renewals of any of the preceding where applicable.

12.11 “Law(s)” means any and all laws, ordinances, statutes, rules, and regulations of any U.S. federal, state, or local governmental body or unit.

12.12 “LVT Admin Panel” means the LVT web portal currently accessible at https://vms.lvt.com/, which allows Customer’s appointed Administrator(s) to, among other options, enroll and activate Users, issue and manage passcodes and bypass codes, and manage Customer’s and each User’s applicable mobile devices.  

12.13 “LVT Mobile Software” means all LVT proprietary mobile software applications used in providing the SaaS Solution and Services to Customer, and any Updates, upgrades, fixes, or patches of the preceding developed and provided or made available to Customer by LVT under this Agreement from time-to-time.

12.14 “Payment Schedule” means the payment schedule for the Fees due from or payable by Customer to LVT as detailed in the applicable Schedule entered into between the Parties.  The terms of the Payment  Schedule in a Schedule may require Customer payment of such Fees to be paid to LVT either monthly on the first day of the calendar month, by ACH or credit card, annually, or multi-year and invoiced in advance, with payment due and payable in full from Customer to LVT within thirty (30) days of Customer receipt of LVT’s invoice therefor. Such Payment Schedule in a Schedule may also specify, among other things, a description of the SaaS Solution, Hardware, Software, Services, and/or other components of the System, maximum number of Users, initial Schedule Term, Fees, and such other charges and terms as agreed between the Parties in such Schedule.

12.15 “Performance Data” means any and all aggregate de-identified data and information from or relating to Customer’s and Users’ access to and/or use of the SaaS Solution, Hardware, Software, Services, and/or any other components of the System, including any performance, analytics, or statistical data, that LVT may collect, develop, or generate from time-to-time from or relating to Customer’s and Users’ access to and/or use of the SaaS Solution, Hardware, Software, Services, and/or any other components of the System.

12.16 “Personal Information” means any information relating to an identified or identifiable individual, including, but not limited to, name, postal or email address (or other online contact information such as an online user ID), telephone number, Social Security number (or its equivalent), driver’s license number (or other government-issued identification number), date of birth, demographic information, health or medical information, health insurance information, biometric data, account information (including checking, credit card, or other financial account information), personal identification number, access code, password, security questions and answers, next of kin contact information, Internet Protocol (IP) address, or any other unique identifier or one of more factors specific to the individual’s physical, physiological, mental, economic or social identity, in whatever format, including that contained in communications, documents, databases, records, or materials of any kind whether such data is in individual or aggregate form, and regardless of the media in which it is contained, including any of the foregoing that may be (i) disclosed to LVT  by Customer or Users under this Agreement; (ii) processed by LVT  under this Agreement; or (iii) derived by LVT from the information described in (i) or (ii) above in this Section.  Personal Information includes cardholder data from Customer, including transaction authorization information, primary account numbers, service codes, expiration dates, full magnetic stripe data or equivalent on a chip, CAV2/CVC2/CVV2/CID, PIN number and other information within the scope of the Payment Card Industry Data Security Standard of the PCI Security Standards Council.

12.17 “SaaS Solution” means the LVT software-as-a-service solution listed or described in the applicable Schedule and made available to Customer and Users by LVT under such Schedule and this Agreement, including any and all Updates of the preceding.

12.18 “Services” means the set up, maintenance, support, LVT Amin Panel services, and other services provided, supplied, or made available to Customer and Users by LVT under this Agreement or any Schedule, including any and all Updates of the preceding.

12.19 “Schedule” means a written Schedule entered into between Customer and LVT that lists or describes the SaaS Solution, Hardware, Software, Services, Documentation, and/or any other components of the System, and/or any other products and/or services, that are ordered by Customer from LVT pursuant to such Schedule that shall be provided or made available to Customer and Users by LVT under such Schedule and this Agreement.

12.20 “Software” means the Integration Software and LVT Mobile Software, including any and all Updates of the preceding, that LVT provides or makes available to Customer or Users under this Agreement or any Schedule.

12.21 “System” means the SaaS Solution, Hardware, Software, Services, and Documentation provided or made available to Customer and Users by LVT under this Agreement or any Schedule.  

12.22 “Updates” means any and all bug fixes, patches, corrections, enhancements, updates, or upgrades (including new versions) of or for the SaaS Solution, Software, or Services, as the case may be, which are provided or made available to Customer and Users by LVT under this Agreement or any Schedule.

12.23 “User” means any Customer user of the SaaS Solution, Hardware, Software, Services, and/or other components of the System whom Customer has authorized to enroll to access and use the SaaS Solution, Hardware, Software, Services, and/or other components of the System provided or made available to Customer and Users by LVT under this Agreement.

12.24 “Virus” means software computer instructions that: (i) adversely affect or disable the operation, security or integrity of a computing, telecommunications, or other digital operating or processing system or environment, including, without limitation, software, programs, data, databases, computer libraries, and computer and communications equipment, by altering, destroying, disrupting or inhibiting such operation, security or integrity; (ii) without functional purpose, self-replicate without written manual intervention; or (iii) purport to perform a useful function but which actually perform either a destructive or harmful function, or perform no useful function and utilize substantial computer, telecommunications or memory resources.

Exhibit A

Data Protection Addendum

This Data Protection Addendum ("DPA") is entered into under and forms part of the Master SaaS and Service Level Agreement ("Master Agreement") entered into by and between the Customer named in the Master Agreement and LiveView Technologies, Inc. ("LVT"). This DPA shall be effective as of the earlier of the Effective Date of the Master Agreement or the date that Customer Data is first processed (as defined below) by LVT. This DPA is incorporated into the Master Agreement by this reference. Except as modified below, the terms of the Master Agreement shall remain in full force and effect in accordance with the terms of the Master Agreement.

In consideration of the mutual obligations in this DPA, the parties hereto agree as follows:

1. Definitions. The following definitions apply in this DPA. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Master Agreement.

1.1 “CCPA” means the California Consumer Privacy Act of 2018, as may be amended, or superseded from time-to-time, as well as any implementing regulations. This includes the California Privacy Rights Act of 2020 (“CPRA”), which amends the CCPA.

1.2 "Data Subject" means an individual who is the subject of Customer Data.

1.3 Customer Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Customer, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise. 

1.4 Customer Data” means any information or data processed by LVT or any Subprocessor on behalf of a Customer Group Member pursuant to or in connection with the Master Agreement. Without limitation, Customer Data includes Personal Information. 

1.5 Customer Group Member” means Customer or any Customer Affiliate.

1.6 "Personal Information" means any information that (a) identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household; or (b) the applicable Data Protection Laws otherwise define as protected personal information, personal data, or the like.

1.7 "Data Protection Laws" means all applicable federal, state, provincial, municipal, and foreign laws and regulations relating to the processing, protection, or privacy of Personal Information that are applicable to a particular Party’s performance under the Master Agreement, including where applicable, the guidance and codes of practice issued by regulatory bodies (including industry self-regulation) in any relevant jurisdiction. This includes, but is not limited to, the CCPA, as well as any law or regulation that comes into effect after the date of execution of this DPA, including applicable data protection laws such as the California Consumer Privacy Act, the California Privacy Rights Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Utah Consumer Privacy Act, section 5 of the FTC Act, state data breach notification laws, the Controlling the Assault of Non-Solicited Pornography and Marketing (“CAN-SPAM” Act), the Telephone Consumer Protection Act (“TCPA”), and any other similar privacy, cybersecurity data protection laws applicable to the protection and processing of Personal Information that may be enacted during the term of this DPA.

1.7 Security Incident" means any (a) unauthorized, acquisition, loss, access, or use of any Customer Data; or (b) breach of security leading to the accidental or unlawful destruction, loss, alteration, unavailability, unauthorized disclosure of or access to Customer Data. To clarify, the loss, theft, or unavailability of, or unauthorized access, disclosure, acquisition or other processing of Customer Data is a Security Incident whether or not the incident rises to the level of a security breach or incident requiring notification under the Data Protection Laws.

1.8 Subprocessor" means any person or entity (including any third party and any LVT Affiliate but excluding LVT employees) appointed by or on behalf of LVT to process Customer Data on behalf of any Customer Group Member or that LVT otherwise makes Customer Data available for a business purpose.  

1.9 LVT Affiliate" means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with LVT, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.

1.10 collect,” “contractor,” “controller,” “process,” “processor,” “sell,” “share,” “sensitive personal information,” and “service provider” shall be interpreted as defined by that term or the similar and reasonably equivalent terms under applicable Data Protection Laws. Their cognate terms shall be construed accordingly.

Personal Information Types and Processing Purposes

1.11 As between the parties hereto, Customer is the controller of the Customer Data and LVT is the processor or service provider, as applicable. As such, Customer retains control of the Customer Data and remains responsible for its compliance obligations under the applicable Data Protection Laws, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to LVT. 

1.12 Each party hereto shall comply with all applicable Data Protection Laws in the processing of Customer Data and provide the same level of privacy protection as may be required by the applicable Data Protection Laws. 

LVT's Obligations

1.13 Customer Data is disclosed to LVT (or collected by LVT on behalf of a Customer Group Member) only for the limited purpose of providing the SaaS Solution, Services, or as otherwise set forth in the Master Agreement. LVT will only process Customer Data as a processor or service provider, as applicable, and only to the extent, and in such a manner, as is necessary for LVT to provide the SaaS Solution, Services, or as otherwise set forth in the Master Agreement in accordance with Customer's written instructions. Customer and LVT acknowledge and agree that the Master Agreement (including any Schedules, orders made, and statements of work executed thereunder) and this DPA constitute Customer’s instructions to LVT at the time of signing of this DPA.

1.14 LVT is prohibited from (a) selling or sharing the Customer Data; (b) retaining, using, or disclosing the Customer Data for any purpose other than for providing the SaaS Solution, Services, or as otherwise set forth in the Master Agreement as directed by Customer or as otherwise required by Data Protection Laws; (c) retaining, using, or disclosing the information outside of the direct business relationship between LVT and Customer; (d) combining Customer Data with Personal Information that the LVT receives on behalf of another person or entity, or collects from its own interactions with a Data Subject unrelated to the SaaS Solution, Services, or as otherwise set forth in the Master Agreement; and (e) knowingly collecting Customer Data that qualifies as sensitive personal information unless expressly instructed to do so by Customer.

1.15 LVT must promptly notify Customer if LVT determines that it can no longer meet its obligations under applicable Data Protection Laws.  

1.16 LVT will maintain the confidentiality of all Customer Data, will not disclose it to anyone unless Customer, the terms of the Master Agreement or any Schedule, or this DPA specifically authorizes the disclosure, or the disclosure is required by law. If a law requires LVT to process or disclose Customer Data, LVT must first inform Customer of the legal requirement and give Customer an opportunity to object or challenge the requirement, unless the law prohibits such notice.

1.17 LVT will reasonably assist Customer to meet its compliance obligations under the Data Protection Laws, taking into account the nature of LVT's processing and the information available to LVT.

1.18 Any notice or method used by LVT in connection with the collection of Customer Data by LVT must be consistent with LVT’s obligations in the Master Agreement, this DPA, and the applicable Data Protection Laws. Without limitation, any such notice or method must be consistent with LVT being a “service provider” or “processor” to Customer, as those terms are defined under the applicable Data Protection Laws.

1.19 LVT grants to Customer the right, upon notice, to take reasonable and appropriate steps to (a) help ensure that LVT uses Customer Data in a manner consistent with Customer’s obligations under the Data Privacy and Protection Laws; and (b) stop and remediate unauthorized use of Customer Data.

1.20 If the Master Agreement permits LVT to deidentify or anonymize Customer Data or create or use aggregate Data Subject information (collectively, “Deidentified Data”), LVT must do so in a way so that it no longer meets the applicable Data Protection Laws’ definition of Personal Information, and in a manner that cannot be reconstructed to identify any Customer Group Member. LVT will (a) take reasonable measures to ensure that the Deidentified Data cannot be associated with a natural person or Customer Group Member; (b) publicly commit to maintaining and using the Deidentified Data without attempting to re-identify the data; and (c) contractually obligate recipients of Deidentified Data to comply with all provisions of this Section.

1.21 If the Services use or incorporate technology that uses machine learning, artificial intelligence, or other similar technologies (together, “AI Technology”), LVT represents and warrants that it will use reasonable and appropriate safeguards in its design and operation of AI Technology including, without limitation, to identify and mitigate the risk of bias, prevent discrimination, and otherwise meet reasonable industry practices and evolving legal and regulatory obligations applicable to the development and use of AI Technologies.

1.22 LVT shall cooperate with and assist Customer in its response to (and fulfillment of) Data Subject requests. If LVT receives a request directly from a Data Subject to exercise their rights under to applicable Data Protection Laws with respect to their Customer Data, then LVT shall promptly inform the Data Subject that the request cannot be acted upon because it has been sent to a service provider or processor, as applicable. 

2. Complaints and Third-Party Requests

2.1 LVT must promptly notify Customer (but in no event later than three (3) business days) if it receives any complaint, notice, or communication that directly or indirectly relates to (i) Customer’s compliance with the Data Protection Laws; or (ii) LVT’s compliance with the Data Protection Laws related to its processing of Customer Data.  

2.2 LVT will not disclose Customer Data to any third party unless authorized by Customer or required by law. If government or regulatory authority demands access to Customer Data, LVT will notify Customer prior to disclosure, unless such notification is prohibited under applicable law.

2.3 LVT shall implement reasonable safeguards designed to ensure that access to Customer Data is restricted to only those LVT personnel who have a need to know such information to enable LVT to perform its obligations under the Master Agreement and this DPA. LVT’s personnel engaged in the processing of Customer Data shall be informed of the confidential nature of the Customer Data, have received training regarding their responsibilities with respect to Customer Data comprising Personal Information, and are aware of their obligations of confidentiality with respect to Personal Information. Further, LVT will take reasonable steps to ensure the reliability, integrity, and trustworthiness of all of LVT's personnel with access to the Customer Data.

3. Security Practices. LVT must at all times implement reasonable and appropriate technical and organizational measures designed to safeguard Customer Data against unauthorized or illegal access, destruction, use, modification, processing, copying, or disclosure and against accidental loss, destruction, or damage including, but not limited to, the security compliance requirements set forth in Appendix A (“Security Compliance Requirements”) attached to this DPA. LVT must document those measures in writing and periodically review them, at least annually, to ensure they remain current and complete. Further, LVT must take reasonable precautions to preserve the integrity of any Personal Information it processes and to prevent any corruption or loss of the Personal Information, including but not limited to establishing effective back-up and data restoration procedures. 

4. Security Incidents. LVT will within 48 hours notify Customer if it becomes aware of any Security Incident. Upon becoming aware of any Security Incident, LVT will take prompt action to reasonably contain, mitigate risks and further harm, and recover from the Security Incident in a manner that preserves relevant evidence and can support an appropriate subsequent investigation. LVT will also reasonably cooperate with and provide assistance to Customer to support Customer’s review, investigation and response to the Security Incident. This coordination may include: (a) assisting with any forensic investigation or review of the incident; (b) providing Customer with physical access to any facilities and operations affected; (c) facilitating interviews with LVT’s and its Subprocessors’ personnel, former employees and others involved in the matter as may be appropriate; and (d) making available all relevant and non-privileged records, logs, files, data reporting, forensic reports, and other materials required to comply with all Data Protection Laws or as otherwise reasonably required by Customer. LVT will cover all reasonable expenses associated with the performance of the obligations under this Section, unless the matter arose from the Customer’s specific instructions, negligence, willful default, or breach of this DPA, in which case Customer will cover all such reasonable expenses. LVT will also reimburse Customer for actual reasonable expenses incurred by Customer when responding and mitigating damages, to the extent that the Security Incident was caused by LVT.

5. Cross-Border Transfers. LVT shall store Customer Data on servers or equipment located in the United States. However, LVT may authorize Subprocessors located outside of the United States to process Customer Data.

6. Subprocessors

6.1 LVT may authorize a Subprocessor to process the Customer Data only if: (a) the Customer is given an opportunity either to opt out or to object within 30 days after the LVT supplies the Customer with details regarding such Subprocessor; (b) LVT enters into a written contract with the Subprocessor that contains terms substantially the same as those set out in this DPA; and (c) the LVT maintains control over all Customer Data it entrusts to the Subprocessor.

6.2 In the event Customer exercises its right to object to a new Subprocessor as described above in this Section, LVT will use reasonable efforts to make available to Customer a change in the SaaS Solution or Services or recommend a commercially reasonable change to Customer’s configuration or use of the SaaS Solution or Services to avoid processing of Customer Data by the objected-to new Subprocessor without unreasonably burdening the Customer. If LVT is unable to make available such change within a reasonable time period, which shall not exceed thirty (30) days, Customer may terminate the applicable Schedule, order form, or agreement that relates to such SasS Solution or Services which cannot be provided by LVT without the use of the objected-to new Subprocessor by providing written notice of such termination to LVT. LVT will refund to Customer any prepaid fees covering the remainder of the term of such Schedule, order forms, or agreement, as applicable, following the effective date of such Customer termination with respect to such terminated service. 

6.3 Subject to the terms and conditions of sections 6.1 and 6.2, a Subprocessor located outside of the United States may view, monitor, and otherwise process Customer Data. However, no Subprocessor will download Customer Data to any system, service, or other equipment physically located outside of the United States.

7. Term. This DPA will remain in full force and effect so long as: (a) the Master Agreement remains in effect; or (b) LVT retains any Customer Data related to the Master Agreement in its possession or control (the "Term").

8. Data Return and Destruction. Upon written request from Customer to LVT and/or on expiration or termination of the Master Agreement for any reason, within thirty (30) calendar days of receipt of the request or expiration or termination of the Master Agreement, LVT will securely destroy or, if directed in writing by Customer, return and not retain, all or any Customer Data in its possession or control, except that LVT may temporarily retain one copy made for backup purposes in the ordinary course; provided that such archive copy will be subject to the ongoing obligations contained herein and shall be destroyed upon the normal expiration of backup files. LVT shall provide any such returned Customer Data in the format and media reasonably specified by Customer, together with information sufficient for Customer to interpret such information. If any law, regulation, or government or regulatory body requires LVT to retain any documents or materials that LVT would otherwise be required to return or destroy, it will notify Customer in writing of that retention requirement, giving details of the documents or materials that it must retain, the legal basis for retention, and establishing a specific timeline for destruction once the retention requirement ends. LVT may only use this retained Customer Data for the required retention reason or audit purposes. Upon request, LVT will certify in writing that it has destroyed the Customer Data.

9. Assessments; Privacy and Security Reports

9.1 During the Term and for two (2) years after this DPA terminates, upon reasonable written request of Customer, upon at least 30 days’ notice, LVT shall allow, and cooperate with, reasonable assessments by Customer or Customer’s third-party representatives to evaluate LVT’s compliance with the terms of this DPA. The notice requirements herein will not apply if Customer reasonably believes that a Security Incident has occurred or is occurring, or LVT is in breach of any of its obligations under this DPA. Customer’s will limit its right to conduct assessments of LVT to no more than once per calendar year, unless Customer reasonably believes that a Security Incident has occurred or is occurring. 

9.2 At least once per year during the Term, LVT will conduct site audits of its Personal Information processing practices and the information technology and information security controls for all facilities and systems used in complying with its obligations under this DPA, including, but not limited to, obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm based on recognized industry practices. Upon Customer's written request to LVT, LVT will make all of the relevant security audit reports available to Customer for review, which may include as applicable: Statement on Standards for Attestation Engagements (SSAE) No. 18 audit reports for Reporting on Controls at a Service Organization, reports relating to its ISO/IEC 27001 certification and other similar reports. Customer will treat such audit reports as LVT's confidential information under the Master Agreement.

9.3 LVT will promptly address any material issues, concerns, or exceptions noted in assessments or reports or with the development and implementation of a corrective action plan, that addresses any such issues, concerns, or exceptions.

APPENDIX A

Security Compliance Requirements

1. Application of Security Compliance Requirements. These Security Compliance Requirements apply to all Customer Data which is: (A) processed by LVT; (B) provided by or on behalf of Customer to LVT; (C) learned or otherwise used by LVT in connection with the performance of Services; or (D) otherwise collected or gathered from Customer in connection with the Services. Notwithstanding any contrary terms or conditions in the Master Agreement or any agreements between LVT and Customer, any exclusion in the Master Agreement or such agreements to the definition of Confidential Information shall not apply to Customer Data.

2. Generally Applicable Security Compliance Requirements: In all events, with respect to Customer Data, LVT shall:

a. follow the industry practice of ISO 27002:2005, Information Technology – Security Techniques - code of Practice for Information Security Management (“ISO Security Standard”), NIST 800-53, SSAE 18, or a similar industry framework.

b. logically and/or physically segregate Customer Data from the data of any third party (excluding, for the avoidance of doubt, data of Customer and its Affiliates necessary for LVT to fulfill its obligations or exercise its rights in or under the Master Agreement) and implement the rule of least privilege and reasonable industry standard access controls.

c. encrypt (utilizing AES-GSM 256-bit encryption or better) Customer Data if it is stored on network infrastructure owned and/or managed by LVT or on any approved cloud hosted infrastructure, or where Personal Information is transmitted over the internet or on a portable device.

d. when deleting Customer Data, LVT shall comply with “NIST Guidelines for Media Sanitization (Draft SP 800-88)”.

e. implement Multi-Factor Authentication (“MFA”) for any external access to an internal network where Customer Data is accessible.

f. notify the Customer Information Security organization promptly of any Security Incident by sending email to a designated email provided by Customer to LVT in writing, in addition to notifying the primary business contact at Customer. Such notification must be made in conformance with the timing requirements set forth in the DPA. The notification requirements and recipients in this Section 2(F) are in addition to the notification requirements and obligations in the main body of the DPA.

g. take prompt corrective action(s) to remedy a violation of (and to prevent any future violation of) any Security Compliance Requirement.

h. regularly monitor for and take prompt corrective action(s) to remediate any vulnerabilities or security concerns (i) identified by Customer; or (ii) identified by LVT and which present a high or critical risk to the systems that support the Services to Customer and/or Process Customer Data.

i. implement corrective action(s) for each of the above provisions (G) through (H) in a timeframe reasonably appropriate in light of the risk or as otherwise agreed upon with Customer.

j. maintain cybersecurity liability insurance reasonable and appropriate to the nature of LVT’s business and Services provided to Customer.

3. Certification Requirements:  Company shall:

a. comply with both the general certification requirements set forth in this Section and any other applicable certification requirement(s) set forth elsewhere in these Security Compliance Requirements or LVT’s agreement(s) with Customer.

b. provide certification of compliance with the applicable Security Compliance Requirements by either obtaining such certification from an independent information security service company or through an annual self-assessment and certification, as approved by Customer.

c. provide written certification to Customer that Customer Data has been destroyed in accordance with the requirements of this Appendix A.

Get a Demo

Simply put in your email below and we'll set up a time for quick screenshare demo of the LVT Command Center. We'll show you how it works and how powerful it is.