Master Subscription Agreement
Master Subscription Agreement
Last updated 18 May 2018.
We have updated Our Master Subscription Agreement. If You are a new Subscriber, then this Master Subscription Agreement will be effective from and including 18 May 2018. If You are an existing Subscriber, We are providing You with prior notice of these changes which will be effective from and including 25 May 2018. View the previous version of this policy.
This Agreement constitutes a binding contract on You and governs Your use of and access to the Services by You, Your Administrators and End-Users, whether in connection with a paid or free trial subscription to the Services.
By accepting this Agreement, either by accessing or using a Service, or authorising or permitting any of Your Administrators or End-Users to access or use a Service, You agree to be bound by this Agreement. If You are entering into this Agreement on behalf of a company, organisation or another legal entity (an “Entity”), You are agreeing to this Agreement for that Entity and representing to Arlo that You have the authority to bind such Entity and its Affiliates to this Agreement, in which case the terms “Subscriber,” “You,” “Your” or a related capitalised term herein shall refer to such Entity and its Affiliates, but subject to section 2.1 below. If You do not have such authority, or if You do not agree with this Agreement, You must not accept this Agreement and may not use any of the Services.
Table of Contents
- 1. Definitions
- 2. General Conditions; Access to and Use of the Services
- 3. Confidentiality; Security and Privacy
- 4. Intellectual Property Rights
- 5. Third Party Services
- 6. Billing; Plan Modifications and Payments
- 7. Promotional Credits Policy
- 8. Cancellation and Termination
- 9. Representations, Warranties and Disclaimers
- 10. Limitation of Liability
- 11. Indemnification
- 12. Assignment, Entire Agreement and Amendment
- 13. Severability
- 14. Relationship of the Parties
- 15. Notices
- 16. Governing Law
- 17. Rights of Third Parties
- 18. Survival
- Schedule 1: Consulting Services Terms and Conditions
- Schedule 2: Data Protection Addendum Agreement
- Appendix 1: Details of Customer Personal Data Processed
- Appendix 2: Arlo Technical and Organisational Security Measures
When used in this Agreement with the initial letters capitalised, in addition to the terms defined elsewhere in this Agreement, the following terms have the following meanings:
Account: means any accounts or instances created by or on behalf of Subscriber or its Administrators within the Services.
Affiliate: means, with respect to a Party, any entity that directly or indirectly controls, is controlled by, or is under common control with such Party, whereby “control” (including, with correlative meaning, the terms “controlled by” and “under common control”) means the possession, directly or indirectly, of the power to direct, or cause the direction of the management and policies of such person, whether through the ownership of voting securities, by contract, or otherwise.
Administrator: means an individual authorised to use a Service through Your Account as an administrator, presenter, or support staff as identified through a unique login.
Agreement: means the Master Subscription Agreement together with any and all Order Forms agreed to by You, and any Additional Features requested by You, as well as any Consulting Services SOW, as well as Schedules 1 and 2 to this Agreement, and all as may be amended or updated from time to time pursuant to section 12.3.
API: means the application programming interfaces developed and enabled by Arlo that permit Subscribers to access certain functionality provided by the Services, including, without limitation, the REST API that enables the interaction with the Services automatically through HTTP requests and the application development API that enables the integration of the Services with other web applications.
Associated Services: means products, services, features and functionality designed to be used in conjunction with the Services but not included in the Service Plan to which You subscribe, including, without limitation, integrations and applications created or developed by Arlo or its Affiliates and made available to You which will be governed by this Agreement unless Arlo otherwise communicates a different agreement to You at the time of Your deployment of or access to the integration or application. For avoidance of doubt, none of the Services or any other product, service, feature or functionality that is expressly stated to be governed by any alternative license, agreement or terms shall be deemed an Associated Service.
Beta Services: means a product, service or functionality provided by Arlo that may be made available to You to try at Your option for a limited time, for no Subscription Fee, and which is clearly designated as a beta, pilot, limited release, for non-production, and for early access, evaluation or by a similar description.
Confidential Information: means all information disclosed by You to Arlo or by Arlo to You which is in tangible form and labelled “confidential” (or with a similar legend) or which a reasonable person would understand to be confidential given the nature of the information and circumstances of disclosure, including, but not limited to, information relating to Arlo’s security policies and procedures. For purposes of this Agreement, this Agreement as well as Service Data shall be deemed Confidential Information. Notwithstanding the foregoing, Confidential Information shall not include information that (a) was already known to the receiving Party at the time of disclosure by the disclosing Party; (b) was or is obtained by the receiving Party by a third party not known by the receiving Party to be under an obligation of confidentiality with respect to such information; (c) is or becomes generally available to the public other than by violation of this Agreement or another valid agreement between the Parties; or (d) was or is independently developed by the receiving Party without use of the disclosing Party’s Confidential Information.
Consulting Services: means consulting and professional services (including any training, success or implementation services) provided by Arlo or its authorised subcontractors as indicated on an Order Form or other written document such as a statement of work “SOW”, as defined below, and which unless agreed otherwise in writing, shall include the terms set out in Schedule 1 to this Agreement.
Consulting Fees: means fees for Consulting Services as may be agreed in writing between us from time to time.
Documentation: means any written or electronic documentation, images, video, text or sounds specifying the functionalities of the Services or describing Service Plans, as applicable, provided or made available by Arlo to You in the applicable Arlo help centre(s) and documentation websites; provided, however, that Documentation shall specifically exclude any “community moderated” forums as provided or accessible through such knowledge base(s).
Deployed Associated Services: has the meaning as given in the definition of “Services” in this section 1.
End-User: means any natural person other than Administrators with whom Subscriber or its Administrators interact using a Service or whom Subscriber or its Administrators permit or allow to use the Services.
Fees: means the Subscription Fees; any Consulting Fees; Special Support Fees and any other costs or charges which We are entitled to invoice You for under the express terms of this Agreement.
Order Form: means any of Our generated service order forms executed or approved by You with respect to Your subscription to a Service, which form may detail, among other things, the number of Administrators authorised to use a Service under Your subscription to a Service and the Service Plan applicable to Your subscription to a Service.
Party: means a party to this Agreement including their successors and permitted assigns, but subject to sections 2.1 (Affiliates) and 17 (Rights of Third Parties).
Payment Agent: means Arlo or a payment agent designated by Arlo.
Personal Data: means any information relating to an identified or identifiable natural person where an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity.
Personnel: means employees and/or non-employee service providers and contractors of the Arlo Group engaged by the Arlo Group in connection with performance hereunder.
Processing/To Process/Processed: means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, subject always to Schedule 2 to this Agreement.
Service(s): means the products and services that are ordered by You online through a link or via an Order Form referencing this Agreement, whether on a trial or paid basis, and made available online by Us, via the applicable subscriber login link and other web pages designated by Us, including, individually and collectively, the applicable Software, updates, API, Documentation, and all applicable Associated Services that You have purchased or deployed or to which You have subscribed (“Deployed Associated Services”) that are provided under this Agreement. “Services” exclude Third Party Services as that term is defined in this Agreement and Associated Services that are not provided under this Agreement. From time to time the names and descriptions of the Services or any individual Service may be changed. To the extent Subscriber is given access to such Service as so described by virtue of a prior Order Form or other prior acceptance of this Agreement, this Agreement shall be deemed to apply to such Service as newly named or described.
Service Data: means electronic data, text, messages, communications or other materials submitted to and stored within a Service by You, Administrators and End-Users in connection with Your use of such Service, which may include, without limitation, Personal Data.
Service Plan(s): means the packaged service plan(s) and the functionality and services associated therewith (as detailed on the Site applicable to the Service) for the Services to which You subscribe.
Site: means a website operated by the Arlo Group, including www.arlo.co, as well as all other websites that the Arlo Group operates.
Software: means software provided by Arlo (either by download or access through the Internet) that allows Administrators or End-Users to use any functionality in connection with the applicable Service.
Subscriber, You, Your: means you Our customer, being the Party other than Arlo signing this Agreement or otherwise agreeing to being bound by its terms.
Subscription Term: means the period during which You have agreed to subscribe to the Service, and if no particular term has been agreed in writing between You and Us, then the term shall be month to month (with each month being a month in New Zealand).
Special Support Fees: means fees at Our standard support rates as published on the Site, which We may, at Our discretion, invoice to You from time to time in respect of support Services requested by You from time to time and which either could have been addressed by You by reading the Documentation, or which are outside the scope of the Documentation and do not relate to any breach on Our part, or as explained in section 2.11.
Subscription Fees: means the fees, as published on the Site, which We charge You relating to Your access to and usage of the Services and calculated based on the number of Your Administrators, registration usage by You, Your Administrators, and End-Users in any given month, any optional recurring extras You have purchased, and each based on the Service Plan You have selected and agreed to, and excludes all other types of Fees.
Third Party Services: means third party products, applications, services, software, networks, systems, directories, websites, databases and information obtained separately by You which a Service links to, or which You may connect to or enable in conjunction with a Service, including, without limitation, Third Party Services which may be integrated directly into Your Account by You or at Your direction.
“We,” “Us” or “Our”: means Arlo as defined below.
Arlo: means Arlo Software Limited, a New Zealand company, or any of its successors or assignees.
Arlo Group: means Arlo Software Limited, a New Zealand company together with all its Affiliates.
2 General Conditions; Access to and Use of the Services
2.1 During the Subscription Term and subject to compliance by You, Administrators and End-Users with this Agreement, You have the limited, non-exclusive, non-transferrable right to access and use the Services consistent with Your Subscription Fees, for Your internal business purposes only. An Affiliate may receive Services under this Agreement provided that such Affiliate directly enters into a Service Order Form. By entering into a Service Order Form hereunder, an Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto. Subscriber will be responsible for its Affiliates’ compliance with this Agreement. We will (a) make the Services and Service Data available to You pursuant to this Agreement and the applicable Order Forms; (b) provide applicable standard customer support for the Services to You at no additional charge as detailed on the applicable Site and Documentation but subject to any Special Support Fees or other Fees payable by You; (c) use commercially reasonable efforts to make the Services available 24 hours a day, 7 days a week, except (i) during planned downtime for upgrades and maintenance to the Services (of which We will use commercially reasonable efforts to notify You in advance both through Our Site and a notice to Your Account owner and Administrators) (“Planned Downtime”); and (ii) for any unavailability caused by circumstances beyond Our reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labour problem (other than one involving Our employees), Internet service provider failure or delay, energy supplier failure or delay, Third Party Services, or acts undertaken by third parties, including without limitation, denial of service attack (“Force Majeure Event”).
2.2 You may not use the Services to manage training and events, registrations, customer service, or other outsourced business process services on behalf of any third party other than Your own End-Users and Affiliates pursuant to section 2.1. Without limiting the foregoing, Your right to access and use the API is also subject to the restrictions and policies implemented by Arlo from time to time with respect to the API as set forth in the Documentation or otherwise communicated to You in writing.
2.3 A high speed Internet connection is required for proper transmission of the Services. You are responsible at Your cost for procuring and maintaining the equipment, software and network connections that connect Your network to the Services, including, but not limited to, “browser” software that supports protocols used by Arlo, including the Transport Layer Security (TLS) protocol or other protocols accepted by Arlo, and to follow procedures for accessing services that support such protocols. We are not responsible for notifying You, Administrators or End-Users of any upgrades, fixes or enhancements to any such software or for any compromise of data, including Service Data, transmitted across computer networks or telecommunications facilities (including but not limited to the Internet) which are not owned, operated or controlled by Arlo. We assume no responsibility for the reliability or performance of any connections as described in this section. Arlo does not warrant that the Services will always be available uninterrupted or error free.
2.4 In addition to complying with the other terms, conditions and restrictions set forth below in this Agreement, You agree not to (a) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Services available to any third party, other than authorised Administrators and End-Users in furtherance of Your internal business purposes as expressly permitted by this Agreement; (b) use the Services to Process data on behalf of any third party other than Administrators or End-Users; (c) modify, adapt, or hack the Services or otherwise attempt to gain unauthorised access to the Services or related systems or networks; (d) falsely imply any sponsorship or association with Arlo or the Arlo Group, (e) use the Services in any unlawful manner, including, but not limited to, violation of any person’s privacy rights; (f) use the Services to send unsolicited or unauthorised bulk mail, junk mail, spam, pyramid schemes or other forms of duplicative or unsolicited messages; (g) use the Services to store or transmit files, materials, data, text, audio, video, images or other content that infringes on any person’s intellectual property rights; (h) use the Services in any manner that interferes with or disrupts the integrity or performance of the Services and its components; (i) attempt to decipher, decompile, reverse engineer or otherwise discover the source code of any Software making up the Services; (j) use the Services to knowingly post, transmit, upload, link to, send or store any content that is unlawful, racist, hateful, abusive, libellous, obscene, or discriminatory; (k) use the Services to store or transmit any “protected health information” as that term is defined in 45 C.F.R. 160.103 (USA), unless expressly agreed to otherwise in writing by Arlo; (l) use the Services to knowingly post transmit, upload, link to, send or store any viruses, malware, Trojan horses, time bombs, or any other similar harmful software (“Malicious Software”); (m) use or launch any automated system that accesses a Service (i.e., bot) in a manner that sends more request messages to a Service server in a given period of time than a human can reasonably produce in the same period by using a conventional on-line web browser; or (n) attempt to use, or use the Services in violation of this Agreement.
2.5 As between You and Arlo, You are responsible for compliance with the provisions of this Agreement by Administrators and End-Users and for any and all activities that occur under Your Account. Without limiting the foregoing, You are solely responsible for ensuring that You hold all third party related rights, permits and consents as may be required for Your use of the Services to store and transmit Service Data (including from all Administrators and End-Users), and that such use is compliant with all applicable laws and regulations relating to You, Administrators and End-Users. You also maintain all responsibility for determining whether the Services or the information generated thereby is accurate or sufficient for Your purposes. Subject to any limitation on the number of individual Administrators available under the applicable Service Plan(s) to which You subscribed or applicable Deployed Associated Service, access to and use of the Services is restricted to the specified number of individual Administrators permitted under Your subscription to the applicable Service. You agree and acknowledge that each Administrators will be identified by a unique username and password (“Login”) and that an Administrator Login may only be used by one (1) individual. You will not share an Administrator Login among multiple individuals. You and Your Administrators are responsible for maintaining the confidentiality of all Login information for Your Account. Arlo reserves the right to periodically verify that Your use of the Arlo Services complies with the Agreement and the Service Plan restrictions on Our Site. Should Arlo discover that Your use of an Arlo Service is not in compliance with this Agreement or the Service Plan restrictions on Our Site, Arlo reserves the right to charge You, and You hereby agree to pay for, said usage in addition to other remedies available to Us.
2.6 In addition to Our rights as set forth in Sections 2 and 8.4, We reserve the right, in Our reasonable discretion, to temporarily suspend Your access to and use of a Service if We suspect or detect any Malicious Software connected to Your Account or use of a Service by You, Administrators or End-Users.
2.7 You acknowledge that Arlo may modify the features and functionality of the Services during the Subscription Term.
2.8 You may not access the Services if You are a direct competitor of the Arlo Group, except with Arlo’s prior written consent. You may not access the Services for the purposes of monitoring performance, availability, functionality, or for any benchmarking or competitive purposes.
2.9 If You register for a free trial for any of the Services, We will make such Services available to You on a trial basis, without any Subscription Fees, until the earlier of (a) the end of the free trial period for which You registered to use the applicable Service(s); (b) the start date of any subscription to such Service purchased by You for such Service(s); or (c) termination of the trial by Us in Our sole discretion. Additional trial terms and conditions may appear on the trial registration web page. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding. Please review the applicable Documentation during the trial period so that You become familiar with the features and functions of the Services under applicable Service Plans before You make Your purchase.
Any Service Data You enter into a Service, and any configurations or customisations made to a Service by or for You, during Your free trial will be permanently lost unless You purchase a Subscription to the same Service as covered by the trial, purchase the applicable Service, or export such Service Data, before the end of the trial period.
2.10 From time to time, We may make Beta Services available to You at no charge. You may choose to try such Beta Services in Your sole discretion. Beta Services are intended for evaluation purposes and not for production use, are not supported, and may be subject to additional terms that will be presented to You. Beta Services are not considered “Services” under this Agreement; however, all restrictions, Our reservation of rights and Your obligations concerning the Service, and use of any Third Party Services shall apply equally to Your use of Beta Services. Unless otherwise stated, any Beta Services trial period will expire upon the earlier of one year from the trial start date or the date that a version of the Beta Services becomes generally available without the applicable Beta Services designation. We may discontinue Beta Services at any time in Our sole discretion and may never make them generally available. We will have no liability for any harm or damage arising out of or in connection with a Beta Service.
2.11 You agree that Our support team are available to assist with requests related to issues or questions You have about the Service that are covered by the scope of topics in Our Help Centre on a “fair use” basis, and considering the content of Our Documentation. If Your requests require knowledge or experience of Your business processes, proprietary knowledge, software, systems, or otherwise require research beyond topics covered by Our Help Centre or in Our Documentation, We may request that You engage Us in Consultancy Services or We may invoice You for Special Support Fees. In particular, “fair use” means that if You or Your Administrators elect not to receive training as part of Your implementation, or when a new Administrator is added to the Service, that We may limit any non-chargeable support to those Administrators where the requests are of a nature that would have been covered as part of a basic training package.
2.12 In the case of technical problems, You and Your Administrators must make all reasonable efforts to investigate and diagnose problems before contacting Our support team. If You still need technical help, please check the support provided in Our Help Centre, Documentation, Twitter (@ArloSoftware) or failing that, email Us at firstname.lastname@example.org. Please note that it is possible that Special Support Fees may apply.
2.13 If We supply You with any third party related applications or packages relating to web controls, integration technology, plug-ins or extensions (whether opensource or otherwise), then You agree:
i. that You are solely responsible for deciding whether to install any upgrades or new releases of those items, and are also solely responsible for testing those items to ensure they function correctly in conjunction with any of Your other systems or software;
ii. that any services We provide in relation to these third party items are on a reasonable endeavours basis only, and that We are not liable in any way to You or any of Your Administrators, End-Users or Affiliates regarding any failure of any of these third party items to operate effectively as You intend;
iii. that ongoing support for any of these items may involve time, input and related cost from the relevant third party provider, and possibly also Arlo if Consulting Services apply or Special Support Fees apply;
iv. that Arlo reserves the right to change any of its APIs which third party applications or packages use from time to time to the extent that outdated applications or package installations may need modifying or upgrading to maintain compatibility and functionality with the latest version of Our Software, Services or other APIs, and in this case, You accept that the remainder of this section 2.13 will apply to any such changes made by Arlo;
v. that You will be liable to pay any third party costs We incur by supplying these items (as part of the Fees); and
vi. that these items do not constitute “Associated Services”.
3 Confidentiality; Security and Privacy
3.1 Subject to the express permissions of this Agreement, each Party will protect each other’s Confidential Information from unauthorised use, access or disclosure in the same manner as each protects its own Confidential Information, but with no less than reasonable care. Except as otherwise expressly permitted pursuant to this Agreement, each Party may use each other’s Confidential Information solely to exercise Our respective rights and perform Our respective obligations under this Agreement and shall disclose such Confidential Information (a) solely to the employees and/or non-employee service providers and contractors who have a need to know such Confidential Information for such purposes and who are bound to maintain the confidentiality of, and not misuse, such Confidential Information; (b) as necessary to comply with an order or subpoena of any administrative agency or court of competent jurisdiction; or (c) as reasonably necessary to comply with any applicable law or regulation. The provisions of this Section 3.1 shall supersede any non-disclosure agreement by and between the Parties and such agreement shall have no further force or effect.
3.2 The Arlo Group will, during Your Subscription Term, maintain reasonable administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Service Data. Those safeguards will include, but will not be limited to, measures for preventing access, use, modification or disclosure of Service Data by Personnel except (a) to provide the Services and prevent or address service, support or technical problems; (b) as compelled by law in accordance with Sections 3.1(b) or 3.1(c); (c) in accordance with the provisions of Section 3.3; or (d) as You expressly permit in writing. As at May 2018, those safeguards are as described at the end of Schedule 2 (Data Protection Addendum) attached to this Agreement. In relation to backing-up Service Data, despite Our obligations as stated in Schedule 2 (Data Protection Addendum) attached to this Agreement, You also agree to export such Service Data from Our Services and systems, as is critical or important to You, on a regular basis to ensure You retain copies of such Service Data yourself at all times.
3.3 To the extent Service Data constitutes Personal Data, You and Us agree and accept that the provisions set out in Schedule 2 (Data Protection Addendum) attached to this Agreement shall apply.
3.4 You agree that the Arlo Group and the third-party service providers that are utilised by the Arlo Group to assist in providing the Services to You shall have the right to access Your Account and to use, modify, reproduce, distribute, display and disclose Service Data to the extent necessary to provide the Services, including, without limitation, in response to Your support requests. Any third-party service providers utilised by the Arlo Group will only be given access to Your Account and Service Data as is reasonably necessary to provide the Services and will be subject to (a) confidentiality obligations which are commercially reasonable and substantially consistent with the standards described in Section 3.2; and (b) Our compliance with Schedule 2 (Data Protection Addendum) attached to this Agreement.
3.5 Whenever You, Your Administrators or End-Users interact with Our Services, We automatically receive and record information on Our server logs from the browser or device, which may include IP address, “cookie” information, the type of browser and/or device being used to access the Services. “Cookies” are identifiers We transfer to the browser or device of Your Administrators or End-Users that allow Us to recognise Administrator or End-User and their browser or device along with how Our Services are being utilised. When We collect this information, We only use this data in aggregate form, and not in a manner that would identify Your Administrators or End-Users personally. For example, this aggregate data can tell Us how often users use a particular feature of the Services, and We can use that knowledge to improve the Services.
3.6 We receive and store any information that You knowingly provide to Us. For example, through the registration process for Our Services and/or through Your Account settings, We may collect Personal Data such as Your name, email address, phone number, credit card information and third-party account credentials (for example, Your log-in credentials for third party sites that integrate with the Services as further detailed in Section 3.8) of You and Your Administrators. In addition, We may communicate with You and Your Administrators. For example, We may send You and Your Administrators product announcements and promotional offers or contact You and Your Administrators about Your use of the Services. If You or an Administrator does not want to receive communications from Us, please indicate this preference by sending an email to email@example.com and provide Us with the name and email address of each Administrator that no longer wishes to receive these communications. All Personal Data We receive from You, Your Administrators, or Your End-Users will be managed in accordance with Schedule 2 (Data Protection Addendum) attached to this Agreement.
3.7 We neither rent nor sell Your Personal Data in personally identifiable form to anyone. However, We may share Your Personal Data with third parties in the following ways:
i. Collecting Usage Data. For the purposes of this section, “Usage Data” means aggregated, encoded or anonymised data that the Arlo Group may collect about a group or category of services, features or users while You, Your Administrators or End-Users use a Service for certain purposes, including analytics, and which does not contain Personal Data, which is used to help understand trends in usage of the Services. In addition to collecting and using Usage Data ourselves, the Arlo Group may share the Usage Data with third parties, including Our subscribers, partners and service providers, for various purposes, including to help Us better understand Our subscribers’ needs and improve Our Services. We may also publish Usage Data to provide relevant information about the Services and for purposes of marketing.
ii. Aggregated Personal Data that is not personally identifiable. We may anonymise the Personal Data of Your Administrators or End-Users so that they cannot be individually identified, and provide that information to Our partners. We may also provide aggregate usage information to Our partners for analytics purposes, who may use such information to help Us understand how often and in what ways people use Our Services. However, We never disclose aggregate information to a partner in a manner that would identify Your Administrators or End-Users personally, as an individual.
3.8 Arlo may also obtain other information, including Personal Data, from third parties and combine that with information We collect through Our Services such as in the case where You use a Third Party Service or where We may have access to certain information from a third party social media or authentication service if You log into Our Services through such service or otherwise provide Us with access to information from such service. Any access that We may have to such information from a third party social or authentication service is in accordance with the authorisation procedures determined by that service. By authorising Us to connect with a Third Party Service, You authorise Us to access and store Your name, email address(es), current city, profile picture URL, and other Personal Data that the Third Party Service makes available to Us, and to use and disclose it in accordance with Schedule 2 (Data Protection Addendum) attached to this Agreement.
4 Intellectual Property Rights
4.1 Each Party shall retain all rights, title and interest in and to all its respective patents, inventions, copyrights, trademarks, domain names, trade secrets, know-how and any other intellectual property and/or proprietary rights (collectively, “Intellectual Property Rights”). The rights granted to You, Administrators and End-Users to use the Service(s) under this Agreement do not convey any additional rights in the Service(s) or in any Intellectual Property Rights associated therewith. Subject only to limited rights to access and use the Service(s) as expressly stated herein, all rights, title and interest in and to the Services and all hardware, Software and other components of or used to provide the Services, including all related Intellectual Property Rights, will remain with Arlo and belong exclusively to Arlo.
4.2 The Arlo Group shall have a fully paid-up, royalty-free, worldwide, transferable, sub-licensable (through multiple layers), assignable, irrevocable and perpetual license to implement, use, modify, commercially exploit, and/or incorporate into the Services or otherwise use any suggestions, enhancement requests, recommendations or other feedback We receive from You, Administrators, End-Users, or other third parties acting on Your behalf.
4.3 Arlo, and the Arlo Group’s other product and service names and logos used or displayed in or on the Services are registered or unregistered trademarks of one or more members of the Arlo Group (collectively, “Marks”), and You may only use applicable Marks in a manner permitted by Us in writing or expressly as part of the Service provided You do not attempt, now or in the future, to claim any rights in the Marks, degrade the distinctiveness of the Marks, or use the Marks to disparage or misrepresent Us, Our services or products.
4.4 All Service Data will remain owned solely by You or Your associated third parties at all times. You grant Us a limited licence to use all Service Data solely for the purpose of supplying the Services to You, Administrators, End-Users, and other third parties acting on Your behalf.
5 Third Party Services
If You decide to enable, access or use Third Party Services, be advised that Your access and use of such Third Party Services are governed solely by the terms and conditions of such Third Party Services, and We do not endorse, are not responsible or liable for, and make no representations as to any aspect of such Third Party Services, including, without limitation, their content or the manner in which they handle, protect, manage or Process data (including Service Data) or any interaction between You and the provider of such Third Party Services. We cannot guarantee the continued availability of such Third Party Service features, and may cease enabling access to them without entitling You to any refund, credit, or Third Party compensation, if, for example and without limitation, the provider of an Third Party Service ceases to make the Third Party Service available for interoperation with the corresponding Service in a manner acceptable to Us. You irrevocably waive any claim against Arlo with respect to such Third Party Services. We are not liable for any damage or loss caused or alleged to be caused by or in connection with Your enablement, access or use of any such Third Party Services, or Your reliance on the privacy practices, data security processes or other policies of such Third Party Services. You may be required to register for or log into such Third Party Services on their respective websites. By enabling any Third Party Services, You are expressly permitting Arlo to disclose Your Login, as well as Service Data as necessary to facilitate the use or enablement of such Third Party Services.
6 Billing; Plan Modifications and Payments
6.1 Unless agreed otherwise in writing separately between You and Us, or unless otherwise indicated otherwise on an Order Form referencing this Agreement, or in any Consulting Services-related SOW, or in Additional Terms (as defined in Section 12.2) and subject to Section 6.2, all Fees associated with Your access to and use of a Services shall be paid in full by You upon commencement of Your Subscription Term, or monthly in arrears as We determine is appropriate, or with respect to a Deployed Associated Service, at the time such Deployed Associated Service is purchased, subscribed to or otherwise deployed. Unless agreed otherwise in writing separately between You and Us, all invoices issued by Us to You for Fees must be paid in full by You without set-off, counterclaim or any deduction whatsoever, within twenty (20) calendar days after the date of Our invoice. If You fail to pay any Fees due on time, or within five (5) business days after Our written notice to You that payment is due or overdue, or if You do not update Your payment information upon Our request, in addition to Our other remedies, We may suspend or terminate access to and use of such Service by You, Administrators and End-Users. We may also charge You interest on all overdue sums at the rate of 15% (fifteen percent) per annum calculated daily until all such sums are paid to Us in full. We may also charge You for Our costs of recovery, including Our legal fees.
6.2 If You choose to upgrade Your Service Plan or increase the number of Administrators authorised to access and use a Service during Your Subscription Term (a “Subscription Upgrade”), any incremental Subscription Fees associated with such Subscription Upgrade will be prorated over the remaining period of Your then current Subscription Term, charged to Your Account and due and payable upon implementation of such Subscription Upgrade. In any future Subscription Term, Your Subscription Fees will reflect any such Subscription Upgrades.
6.3 No refunds or credits for any Fees will be provided to You if You elect to downgrade Your Service Plan, reduce the number of Administrators authorised to access and use a Service, or otherwise reduce Service capacities or quotas agreed in an Order Form, during Your Subscription Term (a “Subscription Downgrade”). A Subscription Downgrade may cause loss of content, features, or capacity of the Service as available to You under Your Account, and Arlo does not accept any liability for such loss.
6.4 Unless otherwise stated, Our Fees exclude all taxes, levies, duties or similar governmental assessments, including value-added, sales, use or withholding taxes assessable by any local, state, provincial or foreign jurisdiction (collectively “Taxes”). You are responsible for paying all transaction related Taxes regarding the supply of Services to You under this Agreement. This obligation excludes any taxes assessable directly against the Arlo Group under applicable law regarding its net revenue flows and related profitability. We will invoice You for such Taxes if We believe We have a legal obligation to do so, or You are liable under this section, and You agree to pay such Taxes if so invoiced, at the same time as Our Fees are due to be paid within. If You believe You are required by law to deduct any Tax from any sum due and payable to Us, then You agree to top up and make good any such shortfall or deficiency so that We receive the full amount due and payable to Us at the time such sum is due to be paid.
6.5 This section will apply if and when We allow You to pay by credit card as addressed in this section. If You pay by credit card or certain other payment instruments, the Services provide an interface for the Account owner to change credit card information (e.g. upon card renewal). The Account owner will receive a receipt upon each receipt of payment by the Payment Agent, or they may obtain a receipt from within the Services to track subscription status. You hereby authorise the Payment Agent to bill Your credit card or other payment instrument in advance on a periodic basis in accordance with the terms of the Service Plan for the Services and for periodic Fees applicable to Deployed Associated Services to which You subscribe until Your subscription to the Services terminates, and You further agree to pay any Fees so incurred. If applicable, You hereby authorise Arlo and the Payment Agent to charge Your credit card or other payment instrument to establish such prepaid credit. You agree to promptly update Your Account information with any changes (for example, a change in Your billing address or credit card expiration date) that may occur. The Payment Agent uses a third-party intermediary to manage credit card processing and this intermediary is not permitted to store, retain or use Your billing information except to process Your credit card information for the Payment Agent.
6.6 Payments made by credit card, debit card or certain other payment instruments for the Services are billed and processed by Arlo’s Payment Agent. To the extent the Payment Agent is not Arlo, the Payment Agent is acting solely as a billing and processing agent for and on behalf of Arlo and shall not be construed to be providing the applicable Service.
6.7 Any Subscriber that mandates Arlo to use a vendor payment portal or compliance portal which charges Arlo a subscription fee or a percentage of any uploaded invoice as a required cost of doing business, shall be invoiced by Arlo for the cost of this fee.
7 Promotional Credits Policy
We may, at Our sole discretion, choose to offer credits for the Services in various ways, including but not limited to, coupons, promotional campaigns and referrals for Arlo services such as training. Arlo reserves the right to award credits at its sole discretion. Credits have no monetary or cash value and can only be used by You to offset Your subsequent payments of the relevant applicable Fee for the applicable Service. Credits may only be applied to those Fees due for the Service specifically identified by Arlo when issuing the credit. Credits can only be used by You and are non-transferable. To the extent that You have been awarded credits, unless the instrument (including any coupon) states an earlier expiration date, credits shall expire and no longer be redeemable twelve (12) months from the date the credit was issued.
8 Cancellation and Termination
8.1 Either Party may elect to terminate Your Account and subscription to a Service as of the end of Your then current Subscription Term by providing notice, in accordance with this Agreement, on or prior to the date thirty (30) days preceding the end of such Subscription Term. Unless Your Account and subscription to a Service is so terminated, Your subscription to a Service (including any and all Deployed Associated Services) will automatically renew for a Subscription Term equivalent in length to the then expiring Subscription Term. Unless otherwise provided for in an Order Form, the Subscription Fees applicable to Your subscription to a Service for any such subsequent Subscription Term shall be the Subscription Fees for the Service Plan and Deployed Associated Services to which You have subscribed or which You have deployed, as applicable, as of the time such subsequent Subscription Term commences.
8.2 No refunds or credits for Subscription Fees or other Fees or payments will be provided to You if You elect to terminate Your subscription to the Service or cancel Your Account prior to the end of Your then effective Subscription Term.
8.3 Except for Your termination under Section 8.5, if You terminate Your subscription to a Service or cancel Your Account prior to the end of Your then effective Subscription Term or We effect such termination or cancellation pursuant to Sections 2, 8.4 and 8.5, in addition to other amounts You may owe Arlo, You must immediately pay any then unpaid Fees associated with the remainder of such Subscription Term. This amount will not be payable by You in the event You terminate Your subscription to a Service or cancel Your Account as a result of a material breach of this Agreement by Arlo, provided that You provide genuine written notice of such breach to Arlo and afford Arlo not less than thirty (30) days to reasonably cure such breach as provided for in Section 8.5 herein.
8.4 We reserve the right to modify, suspend or terminate the Services (or any part thereof), Your Account or Your and/or Administrators’ or End-Users’ rights to access and use the Services, and remove, disable and discard any Service Data if We believe that You, Administrators or End-Users have violated this Agreement. Unless legally prohibited from doing so, We will use commercially reasonable efforts to contact You directly via email to notify You when taking any of the foregoing actions. We shall not be liable to You, Administrators, End-Users or any other third party for any such modification, suspension or discontinuation of Your rights to access and use the Services. Any suspected fraudulent, abusive, or illegal activity by You, Administrators or End-Users may be referred to law enforcement authorities at Our sole discretion. If We have the right to suspend Your access to the Services, this does not limit the operation of section 8.5, and all Subscription Fees and other Fees as agreed shall remain payable by You during the period of such suspension, and without limiting Our rights if We terminate this Agreement.
8.5 Without limiting the remainder of this Agreement, a Party may terminate this Agreement for cause (a) upon fourteen (14) days’ written notice to the other Party of a material breach if such breach remains uncured at the expiration of such period; or (b) if the other Party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. If this Agreement is terminated by You in accordance with this section, We will, to the extent permitted by applicable law, refund You any prepaid fees covering the remainder of the Subscription Term after the effective date of termination but only to the extent You do not owe Us any equivalent amount at that time. If this Agreement is terminated by Us in accordance with this section, You will pay any unpaid fees covering the remainder of the Subscription Term pursuant to all applicable Order Forms. In no event will termination relieve You of Your obligation to pay any fees payable to Us for the period prior to the effective date of termination.
8.6 Upon request by You made within thirty (30) days after the effective date of termination or expiration of this Agreement, We will make Service Data available to You for export or download as provided in the Documentation. After such 30-day period, We will have no obligation to maintain or provide any Service Data, and, as provided in the Documentation, will have the right to delete or destroy all copies of Service Data in Our systems or otherwise in Our possession or control, unless prohibited by law.
9 Representations, Warranties and Disclaimers
9.1 Each Party represents that it has validly entered into this Agreement and has the legal power to do so.
9.2 We warrant that during an applicable Subscription Term (a) this Agreement and the Documentation will accurately describe the applicable administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Service Data; and (b) the Services will perform materially in accordance with the applicable Documentation. For any breach of a warranty above, Your exclusive remedies are those described in section 8.5 herein.
9.3 Except as specifically set forth in section 9.2, the Sites and the Services, including all server and network components are provided on an “as is” and “as available” basis, without any warranties of any kind to the fullest extent permitted by law, and We expressly disclaim any and all warranties, whether express or implied, including, but not limited to, any implied warranties of merchantability, title, fitness for a particular purpose, and non-infringement. You acknowledge that We do not warrant that the Services will be uninterrupted, timely, secure, error-free or free from viruses or other malicious software, and no information or advice obtained by You from Us or through the Services shall create any warranty not expressly stated in this Agreement.
10 Limitation of Liability
10.1 Under no circumstances and under no legal theory (whether in contract, tort, negligence or otherwise) will either party to this Agreement, or their Affiliates, officers, directors, employees, Administrators, service providers, suppliers or licensors be liable to the other Party or any third party for any lost profits, lost sales or business, lost data, business interruption, loss of goodwill, or for any type of indirect, incidental, special, exemplary, consequential or punitive loss or damages, or any other loss or damages incurred by the other Party or any third party in connection with this Agreement, the Services or Consulting Services, regardless of whether such Party has been advised of the possibility of or could have foreseen such damages.
10.2 Notwithstanding anything to the contrary in this Agreement, the Arlo Group’s aggregate liability to You or any third party arising out of this Agreement, the Services or Consulting Services, shall in no event exceed the Fees paid by You (and received by Us) during the twelve (12) months prior to the first event or occurrence giving rise to such liability. You acknowledge and agree that the essential purpose of this section 10.2 is to allocate the risks under this Agreement between the Parties and limit potential liability given the Fees, which would have been substantially higher if We were to assume any further liability other than as set forth herein. We have relied on these limitations in determining whether to provide You with the rights to access and use the Services and/or Consulting Services provided for in this Agreement.
10.3 Some jurisdictions do not allow the exclusion of certain implied warranties or limitation of liability for incidental or consequential damages, which means that some of the above limitations may not apply to You. In these jurisdictions, the Arlo Group’s liability will be limited to the greatest extent permitted by law.
10.4 Any claims or damages that You may have against Arlo shall only be enforceable against Arlo and not any other entity or its officers, directors, representatives or agents.
11.1 We will indemnify and hold You harmless, from and against any claim against You by reason of Your use of a Service as permitted hereunder, brought by a third party alleging that such Service infringes or misappropriates a third party’s valid patent, copyright, trademark or trade secret (an “IP Claim”). We shall, at Our expense, defend such IP Claim and pay damages finally awarded against You in connection therewith, including the reasonable fees and expenses of the attorneys engaged by Arlo for such defence, provided that (a) You promptly notify Arlo of the threat or notice of such IP Claim; (b) We will have the sole and exclusive control and authority to select defence attorneys, and defend and/or settle any such IP Claim; and (c) You fully cooperate with Arlo in connection therewith. If use of a Service by You, Administrators or End-Users has become, or, in Our opinion, is likely to become, the subject of any such IP Claim, We may, at Our option and expense, (a) procure for You the right to continue using the Service(s) as set forth hereunder; (b) replace or modify a Service to make it non-infringing; or (c) if options (a) or (b) are not commercially reasonable or practicable as determined by Arlo, terminate Your subscription to the Service(s) and repay You, on a pro-rata basis, any Subscription Fees previously paid to Arlo for the corresponding unused portion of Your Subscription Term for such Service(s). We will have no liability or obligation under this Section 11.1 with respect to any IP Claim if such claim is caused in whole or in part by (i) compliance with designs, data, instructions or specifications provided by You; (ii) modification of the Service(s) by anyone other than Arlo; or (iii) the combination, operation or use of the Service(s) with other hardware or software where a Service would not by itself be infringing.
The provisions of this Section 11.1 state the sole, exclusive and entire liability of Arlo to You and constitute Your sole remedy with respect to an IP Claim brought by reason of access to or use of a Service by You, Administrators or End-Users.
11.2 You will indemnify and hold Arlo harmless against all loss, damages, costs and expenses suffered or incurred by any member of the Arlo Group or their Directors relating to any claim brought by a third party against Arlo arising from or related to use of a Service by You, Administrators or End-Users in breach of this Agreement, or arising from any breach of this Agreement by You or from any other matter for which You have expressly agreed to be responsible pursuant to this Agreement.
12 Assignment, Entire Agreement and Amendment
12.1 You may not, directly or indirectly, by operation of law or otherwise, assign all or any part of this Agreement or Your rights under this Agreement or delegate performance of Your duties under this Agreement without Our prior consent, which consent will not be unreasonably withheld. We may, without Your consent, assign this Agreement to any member of the Arlo Group or in connection with any merger or change of control of Arlo or the Arlo Group or the sale of all or substantially all of Our assets provided that any such successor agrees to fulfil its obligations pursuant to this Agreement. Subject to the foregoing restrictions, this Agreement will be fully binding upon, inure to the benefit of and be enforceable by the Parties and their respective successors and assigns.
12.2 This Agreement is the entire agreement and understanding between the parties in relation to the subject matter covered by this Agreement, and supersedes all prior oral or written agreements, understandings or arrangements relating to the same. Neither party has relied on the conduct or representations of the other party unless expressly stated in this Agreement. If and to the extent that any terms may be implied into this Agreement by operation of law, then all such terms are excluded to the fullest extent permitted by law. In particular, the following are excluded from this Agreement because the Software and all Services are supplied and acquired in trade, and both parties are in trade:
i. the operation of the Consumer Guarantees Act 1993 (New Zealand);
ii. sections 9, 12A, 13 and 14(1) of the Fair Trading Act 1986 (New Zealand); and
iii. all other statutory and other regulatory provisions, whether in New Zealand or in another country, as might otherwise apply, to the fullest extent as may be permitted by the applicable statute, regulation, or otherwise under the applicable law.
Notwithstanding the foregoing, You may be presented with additional features, functionality, or services as detailed in a supplement hereto or that We offer as part of or distinct from the Services (the “Additional Features”). In those instances, We will notify You of such Additional Features prior to the activation of these features, functionality, or services and the activation of these features, functionality, or services in Your Account will be considered acceptance of the Additional Features. All such Additional Features will be considered incorporated into this Agreement when You or any Administrator authorised as an administrator in Your Account activate the feature, functionality, or service.
12.3 We may amend this Agreement from time to time, in which case the new Agreement will supersede prior versions. We will notify You not less than ten (10) days prior to the effective date of any such amendment and Your continued use of the Services, including without any objection in writing back to Us with 14 (fourteen) days following the effective date of any such amendment will be relied upon by Arlo as Your consent to any such amendment. Our failure to enforce at any time any provision of this Agreement does not constitute a waiver of that provision or of any other provision of this Agreement.
If any provision in this Agreement is held by a court of competent jurisdiction to be unenforceable, such provision shall be modified by the court and interpreted so as to best accomplish the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.
14 Relationship of the Parties
The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship among the Parties.
All notices to be provided by Arlo to You under this Agreement may be delivered in writing (a) by nationally recognised overnight delivery service (“Courier”) or mail to the contact mailing address provided by You on any Order Form; or (b) electronic mail to the electronic mail address provided for Your Account owner. You must give notice to Arlo in writing by Courier or mail to P O Box 33062, Petone, Lower Hut 5046, New Zealand. All notices shall be deemed to have been given immediately upon delivery by electronic mail; or, if otherwise delivered, then upon receipt.
16 Governing Law
This Agreement shall be governed by the laws of New Zealand, without reference to conflict of laws principles. Any disputes under this Agreement shall be resolved in the courts of New Zealand. We may elect to have any dispute between Us resolved by Mediation and/or Arbitration in New Zealand in English, with a single Mediator / Arbitrator, and if We do so elect by written notice to You, then that process will apply. You hereby expressly agree to submit to the exclusive personal jurisdiction of this jurisdiction for the purpose of resolving any dispute relating to this Agreement or access to or use of the Services by You, Administrators or End-Users.
17 Rights of Third Parties
Subject to section 2.1 and Schedule 2 (Data Protection Addendum) attached to this Agreement, the parties agree that a person who is not a party to this Agreement (including any Affiliate, Administrator, End-User) has no right or legal standing to enforce any provision of this Agreement against either party.
Sections 1, 3.1, 4 and 9-18 shall survive any termination of Our agreement with respect to use of the Services by You, Administrators or End-Users. Termination of such agreement shall not limit a Party’s liability for obligations accrued as of or prior to such termination or for any breach of this Agreement.
Schedule 1: Consulting Services Terms and Conditions
If Subscriber has engaged Arlo for the provision of professional services (including any training, success, integration, development, and implementation services, “Consulting Services”) as indicated on an Order Form, or other written document such as a Statement of Work, the provision of such Consulting Services will be governed by the Agreement, including these Consulting Services terms and conditions (“Terms”). Unless otherwise agreed to in a Statement of Work, Subscriber agrees that any Consulting Services must be scheduled for completion by Subscriber within six (6) months following the commencement of the Subscription Term as indicated on the Order Form. In consideration of the foregoing, Subscriber and Arlo, intending to be legally bound, agree to the terms set forth below.
1. Scope. All Consulting Services pursuant to the Agreement provided by Arlo to Subscriber will be outlined in one or more mutually agreed-upon and jointly executed Statement of Work(s) (“SOW(s)”) or Order Forms, each incorporated into the Agreement and describing in detail the scope, nature and other relevant characteristics of Consulting Services to be provided.
2. Retention. Subscriber hereby retains Arlo to provide the Consulting Services described in one or more SOWs, subject to the terms and conditions set forth in the Agreement. Arlo shall not be obligated to perform any Consulting Services until both Parties have mutually agreed upon and executed a SOW with respect to such Consulting Services. After execution of a SOW, the Consulting Services to be provided under that SOW may only be changed through a change order mutually executed by the Parties (“Change Order”).
3. Performance of Consulting Services.
3.1 Each SOW will include reasonable details about Consulting Services, including, at a minimum, the Consulting Fees charged and the Consulting Services provided. Arlo and Subscriber agree to cooperate in good faith to achieve satisfactory completion of the Consulting Services in a timely and professional manner.
3.2 The Parties will each designate a representative to interface and facilitate the successful completion of the Consulting Services (“Subscriber’s Representative” and “Arlo’s Representative”, respectively). Any Subcontractor (defined below) designated by Arlo to perform any portion of the Consulting Services will designate a representative to interface with Subscriber and Arlo on all matters relating to Subcontractor’s performance of Consulting Services (“Subcontractor’s Representative”).
3.3 Arlo will perform the Consulting Services through qualified employees and/or non-employee contractors of Arlo (“Subcontractors” and together with Arlo’s employees for the purposes of these Terms, “Consulting Services Personnel”). Subscriber agrees to provide, at no cost to Arlo, timely and adequate assistance and other resources reasonably requested by Arlo to enable the performance of the Consulting Services (collectively, “Assistance”). Neither Arlo, nor its Subcontractors will be liable for any deficiency in performance of Consulting Services to the extent resulting from any acts or omissions of Subscriber, including but not limited to, Subscriber’s failure to provide Assistance as required hereunder.
3.4 In performing the Consulting Services, Arlo will provide such resources, and utilise Consulting Services Personnel as it deems necessary to perform the Consulting Services or any portion thereof. Subscriber may object to Arlo’s election of Subcontractors by specifying its objection to Arlo, in which case the Parties will cooperate in good faith to appoint another Subcontractor to perform such Consulting Services. Arlo may replace Consulting Services Personnel in its normal course of business, provided that Arlo will be responsible for the performance of Consulting Services by all Consulting Services Personnel.
3.5 Arlo will control the method and manner of performing all work necessary for completion of Consulting Services, including but not limited to the supervision and control of any Personnel performing Consulting Services. Arlo will maintain such number of qualified Consulting Services Personnel and appropriate facilities and other resources sufficient to perform Arlo’s obligations under the Agreement in accordance with its terms.
3.6 With Subscriber’s approval, Arlo may enter (“assume into”) Subscriber’s Account as needed to provide the Consulting Services.
3.7 In the event that Subscriber seeks to change the scope of Consulting Services to be provided under any SOW (including, but not limited to, any changes to the project schedule described in the SOW), Subscriber shall discuss such proposed changes with Arlo. If Arlo elects to perform such changes to the Consulting Services, the Parties shall work together in good faith to execute a Change Order. Arlo shall be entitled to an adjustment in Consulting Fees pursuant to the changes reflected in the Change Order. Arlo shall not be obligated to perform any differing or additional Consulting Services unless the Parties have mutually agreed upon a written Change Order.
3.8 For SOWs that are deliverable/milestone based, upon delivery of all deliverables or completion of all milestones detailed in the SOW, Arlo shall provide Subscriber with written notice (“Completion Notice”). Thereafter, Subscriber shall have five (5) business days after the date of the Completion Notice to provide Arlo with written notice describing any material deliverables, milestones, functionality or other material items, as was agreed in writing, which Subscriber reasonably claims have not been fulfilled. The SOW shall be deemed complete and all deliverables, milestones, functionality and other items will be deemed to have been accepted absent Subscriber’s written notice as per the prior sentence (time being of the essence). Arlo undertakes to complete those deliverables, milestones, functionality or other items which are agreed in writing but are not “material”, as soon as reasonably possible, at its cost, but without limiting the prior sentence. For the avoidance of doubt, a Completion Notice shall not be necessary for SOWs that are Time and Materials based.
4. Consulting Fees; Payment Terms.
4.1 Subscriber will pay Arlo the fees to provide the Consulting Services as detailed or described in an Order Form or SOW (the “Consulting Fees”). Unless agreed upon otherwise in the applicable SOW or Order Form, Arlo shall invoice Subscriber for the Consulting Services provided on a monthly basis. All Consulting Fees are due and payable upon date of invoice, except for Consulting Fees that Subscriber disputes in good faith for reasons articulated in writing by Subscriber within thirty (30) days after receiving such invoice.
4.2 All Consulting Services will be provided on either a time and materials or fixed-fee basis, as indicated in the applicable SOW. Each SOW providing for time and materials based Consulting Fees will contain a detailed estimate of such time and materials necessary for performance of Consulting Services (“T&M Estimate”). Arlo will make a commercially reasonable effort to provide such Consulting Services within such T&M Estimate, up to the number of hours agreed to by the Parties. Arlo will make a reasonable effort to notify Subscriber as soon as practicable if it appears that T&M Estimate may be exceeded. Upon receiving such amended T&M Estimate, Subscriber will assess, and accept or reject the amended T&M Estimate. Unless Subscriber rejects such amended T&M Estimate within five (5) days of delivery, such amended T&M Estimate shall be deemed accepted by Subscriber and Subscriber shall be liable for all Consulting Fees associated with Consulting Services delivered in reliance on such amended T&M Estimate. Any amended T&M Estimate which is or is deemed accepted by Subscriber shall be deemed a Change Order.
4.3 The performance of Consulting Services may be subject to a retainer to be paid in advance by Subscriber upon execution and delivery of the SOW. Such retainer will be applied against Consulting Fees which become payable by Subscriber. Arlo may refuse to perform Consulting Services unless and until such retainer is paid to Arlo.
4.4 In addition to any and all Consulting Fees, Subscriber will reimburse Arlo for any reasonable expenses for travel, lodging, communications, shipping charges and out-of-pocket expenses, including change Consulting Fees to travel and accommodations resulting from Subscriber’s request incurred by Arlo in connection with providing the Consulting Services (“Expenses”). Arlo will provide reasonable documentation for all Expenses as requested by Subscriber. Subscriber shall reimburse Arlo for Expenses within thirty (30) days of submission of the Expenses to Subscriber by Arlo.
4.5 Any unpaid Consulting Fees or Expenses will become overdue thirty (30) days after payment is due and shall be subject to a late fee of one and a half percent (1.5%) per month for each month where payment is not received.
4.6 Cancellation/Changes: Any cancellations/changes less than five (5) days prior to agreed Consulting Services commencement date are subject to forfeiture of Consulting Fees paid and reserved date(s).
5. Relationship of the Parties. Arlo is an independent contractor and will maintain complete control of and responsibility for its Consulting Services Personnel, methods and operations in providing Consulting Services. Arlo at no time will hold itself out as an agent, subsidiary or affiliate of Subscriber for any purpose, including reporting to any government authority. The Agreement will not be construed so as to create a partnership, other joint venture or undertaking, or any agency relationship between the Parties, and neither Party shall become liable for any representation, act or omission of the other Party or have the authority to contractually bind the other Party. Any Consulting Fees, Expenses or other amounts paid by Subscriber to Arlo hereunder shall not be considered salary for pension or wage tax purposes and neither Arlo nor its Consulting Services Personnel will be entitled to any fringe benefits, including sick or vacation pay, or other supplemental benefits of Subscriber, unless otherwise required by law. Subscriber shall not be responsible for deducting or withholding from Consulting Fees or Expenses paid for Consulting Services any taxes, unemployment, social security or other such expense unless otherwise required by law.
6.1 Arlo hereby represents and warrants that:
i. the Consulting Services provided pursuant to the Agreement will be performed in a timely and professional manner by Arlo and its Consulting Services Personnel, consistent with generally-accepted industry standards; provided that Subscriber’s sole and exclusive remedy for any breach of this warranty will be, at Arlo’s option, re-performance of the Consulting Services or termination of the applicable SOW and return of the portion of the Consulting Fees paid to Arlo by Subscriber for the nonconforming portion of the Consulting Services; and
ii. it is under no contractual or other restrictions or obligations which are inconsistent with the execution of the Agreement, or, to its best knowledge, which will interfere with its performance of the Consulting Services.
6.2 The Parties hereby agree that:
Custom applications that reside within the Arlo Service framework, theme customisations, integrations, and programming scripts that are identified and being delivered under a SOW (collectively, “Customised Deliverables”) are provided to Subscriber “as is” and Arlo makes no warranties, express or implied, or any representations to Subscriber or any third party regarding the usability, condition, operation or fitness of the Customised Deliverables. Arlo shall not be responsible, at law or otherwise, for any Customised Deliverables despite any other warranties or guarantees, in the event that Subscriber modifies any Customised Deliverables in a manner not instructed by Arlo. Arlo does not warrant that Subscriber’s or any third party’s access to or use of the Customised Deliverables shall be uninterrupted or error-free, or that it will meet any particular criteria of performance or quality. Arlo expressly disclaims all warranties regarding Customised Deliverables, including, without limitation the implied warranties of merchantability, title, fitness for a particular purpose, non-infringement, compatibility, security or accuracy. Further, Arlo expressly disclaims any responsibility to support or maintain Customised Deliverables and will not do so unless otherwise agreed in writing by the Parties. This disclaimer of warranty and liability is expressly made in addition to any disclaimers made by Arlo or its Affiliates under the Agreement with respect to the Services as applicable to Subscriber and any third party’s use of the Services.
7. Rights to Deliverables; Ownership.
7.1 The Parties hereby agree that the specified Consulting Services to be completed pursuant to any SOW primarily involve the configuration of Subscriber’s subscription to a Service and integration of Subscriber data with and into one or more Services using Pre-existing Technology, Developed Technology, and/or Generic Components (each as defined below). Unless otherwise expressly specified in a SOW, no deliverable provided in connection with the Consulting Services provided pursuant to the Agreement shall constitute a “Work Made For Hire” under the Agreement. In the event that any such deliverable is held to be a Work Made For Hire, Subscriber hereby assigns to Arlo all right, title and interest therein or to the extent such assignment is not permitted or effective, hereby grants to Arlo a perpetual, irrevocable, exclusive, worldwide, fully-paid, sub-licensable (through multiple layers), assignable license to any such deliverable. Additionally, Arlo shall have a perpetual, irrevocable, non-exclusive, worldwide, fully-paid, sub-licensable (through multiple layers), assignable license to incorporate into the Pre-existing Technology, Developed Technology, and/or Generic Components or otherwise use any suggestions, enhancement requests, recommendations or other feedback Arlo receives from Subscriber.
7.2 Without limiting the foregoing, Arlo and its licensors reserve and retain ownership of all Pre-existing Technology, Developed Technology and Generic Components (each as defined below), and Arlo hereby grants to Subscriber a non-exclusive, fully-paid, limited license to use Pre-existing Technology, Developed Technology and Generic Components solely in connection with Subscriber’s use of the Service(s). “Pre-existing Technology” means all of Arlo’s inventions (including those of Arlo’s Affiliates) (whether or not patentable), works of authorship, the Software, Arlo’s API’s, designs, know-how, ideas, concepts, information and tools in existence prior to the commencement of the Consulting Services. “Developed Technology” means ideas (whether or not patentable) know-how, technical data, techniques, concepts, information or tools, and all associated Intellectual Property Rights thereto developed by Arlo and its Affiliates or their Consulting Services Personnel in connection with providing Consulting Services pursuant to the Agreement that derive from, improve, enhance or modify Arlo’s Pre-existing Technology. “Generic Components” means all inventions (whether or not patentable), works of authorship, designs, know-how, ideas, information and tools, including without limitation software and programming tools developed by Arlo and its Affiliates or their Consulting Services Personnel in connection with providing Consulting Services generally to support Arlo’s product and/or service offerings (including, without limitation the Services) and which can be so used without use of Subscriber’s Confidential Information.
Schedule 2: Data Protection Addendum Agreement
This Data Protection Addendum (“Addendum”) forms part of the main contract agreement terms (“Principal Agreement”) between:
(i) Arlo Software Limited, being New Zealand Company number 4833686 (“Arlo”) acting on its own behalf and as agent for each Arlo Affiliate; and
(ii) Arlo’s Customer as described in the signing section of the Principal Agreement acting on its own behalf and as agent for each Customer Affiliate (“Customer”).
This Addendum governs the receipt, processing, and other activity as governed by Applicable Law regarding all Customer Personal Data received by Arlo as the Processor, from the Customer as the Controller.
In consideration of the mutual obligations set out in this Addendum, the parties agree that the terms and conditions set out below shall be added as an Addendum to the Principal Agreement.
Table of Contents
- 1. Definitions
- 2. Commencement and Duration
- 3. Customer Obligations (as Controller)
- 4. Arlo Obligations (as Processor)
- 5. Subprocessing
- 6. Authority
- 7. Data Subjects & any Customer Personal Data Breach
- 8. Audit rights
- 9. Return and destruction of Customer Personal Data
- 10. Liability
- 11. General Terms
1.1. In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:
“Applicable Law” means (a) EU Data Protection Law to the extent that the Customer Personal Data constitutes the Personal Data of an EU Data Subject; or (b) any other applicable law with respect to any Customer related personal data in respect of which Customer is subject to, as notified by Customer and agreed in writing between the parties from time to time so as to form part of this Addendum or which otherwise applies to Arlo;
“Customer” means the customer party signing this Addendum and includes each Customer Group Member who is permitted to use the Services under the terms of the Principal Agreement and uses the Services;
“Customer Group Member” means Customer or any Customer Affiliate; and “Customer Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Customer, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise;
“Customer Personal Data” means all Personal Data Processed by a Contracted Processor on behalf of a Customer entity, as supplied by a Customer entity (including its appointed users) as part of the Services and pursuant to the Principal Agreement;
“Contracted Processor” means Arlo or a Subprocessor but excluding all employees and contractor personnel of Arlo, and all Third Party Services Providers;
“EU Data Protection Law” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
“GDPR” means EU General Data Protection Regulation 2016/679 once effective on 25 May 2018;
“Services” means the services and other activities to be supplied to or carried out by or on behalf of Arlo for a Customer entity pursuant to the Principal Agreement;
“Subprocessor” means any person (including any third party and any Arlo Affiliate), appointed by or on behalf of Arlo or any Arlo Affiliate to Process Customer Personal Data, but excludes all Third Party Services Providers; and
“Arlo Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Arlo, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.
“Third Party Services Provider” means a third party provider of products, applications, services, software, networks, systems, directories, websites, databases and information which the Customer elects to obtain from that third party via optional links provided within the Services, or which Customer may itself otherwise elect to connect to or enable in conjunction with a Services, including, without limitation, any third party services which may be integrated directly into Customer’s platform by Customer or at Customer’s direction.
1.2. The terms, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing”, “Processor”, “Supervisory Authority” and any other terms used in GDPR and not expressly defined in this Addendum shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly, unless otherwise required under Applicable Law.
1.3. The word “include” shall be construed to mean include without limitation, and cognate terms shall be construed accordingly. The terms used in this Addendum shall have the meanings set forth in this Addendum. Capitalised terms not otherwise defined herein shall have the meaning given to them in the Principal Agreement. Except where the context requires otherwise, references in this Addendum to the Principal Agreement are to the Principal Agreement as amended by, and including, this Addendum.
2. Commencement and Duration
2.1. This Addendum shall be legally binding once signed by both parties, being the date noted at the start of this Addendum, and will then continue to apply unless and until the later of:
a) the Principal Agreement terminates for any reason; and
b) each Contracted Processor ceases to process any Customer Personal Data.
3. Customer Obligations (as Controller)
3.1. Each Customer entity, as a Controller:
a) Instructs Arlo and each Arlo Affiliate (and authorises Arlo and each Arlo Affiliate to instruct each Contracted Processor) to:
i. Process Customer Personal Data; and
ii. in particular, transfer Customer Personal Data to any country or territory,
as reasonably necessary for the provision of the Services and consistent with the Principal Agreement and in compliance with the obligations of Arlo and Arlo Affiliates as set out in this Addendum.
b) Warrants and represents at all times throughout the duration of this Addendum:
i. that it is solely responsible for the accuracy of Customer Personal Data and the means by which (and associated lawfulness of) such Customer Personal Data is acquired and used as part of the Services, including as to the Processing by Arlo in accordance with this Addendum, all in accordance with the Applicable Law, particularly with respect to the security, protection and disclosure of Customer Personal Data to Arlo;
ii. that it is and will at all relevant times remain duly and effectively authorised to give the instruction set out in section 3.1(a) on behalf of each relevant Customer Affiliate;
iii. that, if GDPR forms part of the Applicable Law:
A. all Customer Personal Data will comply with GDPR Articles 5(1)(b) to (e) inclusive;
B. in respect of all Customer Personal Data, Article 6(1) of the GDPR is fulfilled by sub Article (b) of that Article (i.e. performance of a contract), and that to the extent that sub Article (a) of that Article 6(1) applies (i.e. consent), that it has complied with Article 7 and all other consent related provisions of GDPR;
C. the nature and scope of all Customer Personal Data is such that the following Articles of GDPR will not apply to this Addendum and are outside the scope of the responsibilities of Arlo and each Arlo Affiliate unless agreed otherwise in writing between the parties: 8, 9, 10, 11, and 23;
D. that the Customer will act in compliance with all Controller-related obligations as set out in GDPR; and
E. without limiting clause 4 below, the Customer will work closely and efficiently with Arlo and each Arlo Affiliate (as may be required) to ensure that the rights of each Data Subject (i.e. as linked to the relevant applicable Customer Personal Data) under Applicable Law are upheld and so that due compliance occurs under Applicable Law.
c) Acknowledges and accepts that, if GDPR forms part of the Applicable Law:
i. Article 35 of GDPR (Data Protection Impact Assessment) does not apply to this Addendum or to the Principal Agreement unless and until either Customer or Arlo writes to the other of them setting out reasonable grounds for the application of this Article. If Articles 35 or 36 of GDPR do apply at any time, then the parties will work together in good faith to progress compliance by each party with those Articles.
ii. Even if Arlo or any Arlo Affiliate is considered to be a joint controller under Article 26 of GDPR, that as between the parties to this Addendum, the relevant Customer entity shall be deemed to be the sole Controller for the purposes of GDPR or other Applicable Law.
d) Shall inform its Data Subjects:
i. about its use of data processors to Process their Customer Personal Data, including Arlo; and
ii. that their Customer Personal Data may be Processed outside of the EU Member States.
e) Shall respond in reasonable time and to the extent reasonably practicable to enquiries by Data Subjects regarding the Processing of their Customer Personal Data by any Customer entity as a Data Controller, and give appropriate instructions to Arlo in a timely manner.
3.2. Customer and each Customer entity undertakes to promptly inform Arlo in writing regarding any communication received from any Supervisory Authority, or any attempt by a Data Subject to enforce his or her rights under Applicable Law as regards any Customer Personal Data.
3.3. Customer acknowledges and confirms for the purposes of Article 28(3) of GDPR that the Customer Personal Data is of a standard nature and does not fall within any special category, nor does any special category of Data Subject apply. Customer acknowledges and accepts the content of Appendix 1 (Details of Customer Personal Data Processed) to this Addendum.
4. Arlo Obligations (as Processor)
4.1. Arlo and each Arlo Affiliate shall at all times throughout the duration of this Addendum:
a) act in compliance with all Processor related obligations as set out in the Applicable Law, in particular, if GDPR forms part of the Applicable Law, in compliance with those provisions set out in Article 28(3) of GDPR from 25 May 2018 onwards, including so as to ensure that all Contracted Processors abide by the same obligations as Arlo under this sub-clause at all times as required (and with Arlo and each Arlo Affiliate remaining liable to Customer at all times in terms of this Addendum);
b) not Process Customer Personal Data other than on the relevant Customer entity’s documented instructions as set out in the Principal Agreement, including as expressly permitted by this Addendum or as otherwise necessary to provide the Service, unless Processing is required by the Applicable Law to which the relevant Contracted Processor is subject, in which case Arlo or the relevant Arlo Affiliate shall to the extent permitted by the Applicable Law inform the relevant Customer entity of that legal requirement before the relevant Processing of that Customer Personal Data;
c) without limiting clause 3 above, work closely and efficiently with each Customer entity (as may be required) to ensure that the rights of each Data Subject (i.e. as linked to the relevant applicable Customer Personal Data) under Applicable Law are upheld and so that due compliance occurs under Applicable Law; and
d) ensure that all persons authorised by Arlo and each Arlo Affiliate to process any Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality regarding that data, which comply with the Applicable Law.
4.2. Arlo shall not transfer Customer Personal Data outside of the EU Member States (or permit that to occur) unless: i) Arlo has first obtained the Customer’s prior written permission to do so; and ii) Arlo takes such measures as are necessary to ensure the transfer is in compliance with the Applicable Law. Such measures may include (without limitation) transferring the Customer Personal Data to a recipient in a Country which has been formally declared under the Applicable Law as having adequate protection measures in place for Personal Data, or to a recipient that has achieved binding corporate rules in compliance with the Applicable Law, or to a recipient in the United States that has certified its compliance with the EU-US Privacy Shield, or to a recipient that has executed standard contractual clauses adopted, approved or otherwise effective under the Applicable Law.
4.3. Arlo warrants its compliance with the content of Appendix 2 (Technical and Organisational Security Measures) to this Addendum as at the date of this Addendum.
4.4. Arlo shall immediately inform the Customer if, in Arlo’s opinion, the Customer entity’s Processing instructions infringe, or could infringe, any law or regulation. In such event, Arlo is entitled to refuse Processing of Customer Personal Data that it believes to be in violation of any law or regulation.
5.1. Each Customer entity authorises Arlo and each Arlo Affiliate to appoint (and permit each Contracted Processor appointed in accordance with this section 5 to appoint) Contracted Processor(s) in accordance with this section 5 and any permissions or restrictions contained in the Principal Agreement or in this Addendum.
5.2. Arlo and each Arlo Affiliate may continue to use those Subprocessors already engaged by Arlo or any Arlo Affiliate as at the date of this Addendum, on the basis that Arlo confirms that such existing Subprocessors currently meet the obligations set in this Addendum in respect of all Subprocessors.
5.3. Arlo shall maintain an up-to-date list of the names and location of all Contracted Processors used for the Processing of Customer Personal Data at Arlo’s Subprocessor web page (the “Subprocessor List”): https://www.arlo.co/legal/subprocessors/ and also available on request to firstname.lastname@example.org. Arlo shall update the Subprocessor List, on its website, to include any Contracted Processor to be appointed, at least 30 days prior to the date on which the Contracted Processor shall commence processing Customer Personal Data. Customer confirms that clauses 5.2 and 5.3 constitute general written authorisation for the purpose of Articles 28(2) GDPR if applicable, and for the purpose of clause 4.2(i) above.
5.4. In the event the Customer objects to the Processing of its Customer Personal Data by any newly appointed Contracted Processor as described in section 5.3, it shall inform Arlo within fourteen (14) calendar days of notice being given on reasonable grounds relating to the protection of Customer Personal Data. In such event, Arlo shall have the right to cure the objection (if required) through one of the following options (to be selected at Arlo’s sole discretion):
a) instruct the Contracted Processor to cease any further processing of the Customer’s Personal Data in which event this Addendum shall continue unaffected, or
b) take such corrective steps as may be required to address the Customer’s objection and to proceed to use the Contracted Processor with regard to Customer Personal Data so as to ensure compliance with this Addendum, or
c) Arlo may cease to provide (or Customer may agree not to use, but subject to (b) above), temporarily or permanently, the particular aspect of the Service that would involve the use of the relevant Contracted Processor with regard to Customer Personal Data, subject to a mutual agreement of the parties to adjust the remuneration of the Service considering the reduced scope of the Services.
Any Customer objection to a Contracted Processor shall be submitted to Arlo by following the directions set forth in the Subprocessor List.
If none of the above options are reasonably available and the objection has not been resolved to the mutual satisfaction of all parties (acting reasonably) within 30 days after Arlo’s receipt of Customer’s objection, then either party may terminate this Addendum (and the Principal Agreement) immediately, by written notice to the other party, and Customer will be entitled to a pro-rata reimbursement of any sums paid in advance for Services to be provided but not yet received by Customer as of the effective date of termination.
5.5. In addition, where the Services provide links to integrations with Third Party Service Providers, and the Customer elects to enable, access or use such third party services, then the Customer entity’s access to and use of such third party services will be governed solely by the terms and conditions and privacy policies of such Third Party Service Provider(s), and Arlo does not endorse, and is not responsible or liable for, and makes no representations as to any aspect of such Third Party Service Providers, including, without limitation, their content or the manner in which the Third Party Service Provider handles Customer Personal Data or any interaction between the Customer (or its Data Subject) and the Third Party Service Provider. Arlo is not liable for any damage or loss caused or alleged to be caused by or in connection with the Customer entity’s enablement, access or use of any such Third Party Service Providers, or the Customer’s reliance on the privacy practices, data security processes or other policies of such Third Party Service Providers. Customer shall indemnify Arlo and all Arlo Affiliates and hold them harmless against all loss suffered by any of them arising from the excluded scope of Arlo’s liability as described in this clause, and which arises in connection with Customer Personal Data.
5.6. Arlo and each Arlo Affiliate shall ensure that each Contracted Processor agrees to protect the Customer Personal Data to a standard consistent with the requirements of this Addendum, as applicable to Processing of Customer Personal Data carried out by that Contracted Processor.
5.7. Arlo may replace a Contracted Processor if the reason for the change is beyond Arlo’s reasonable control. In such instance, Arlo shall notify Customer of the replacement as soon as reasonably practicable, and Customer shall retain the right to object to the replacement Contracted Processor pursuant to Section 5.4 above. Any replacement Contracted Processor must be such that Arlo fulfils its obligations as set out in this Addendum.
6.1. Arlo warrants and represents that, before any Arlo Affiliate Processes any Customer Personal Data on behalf of any Customer entity, Arlo’s entry into this Addendum as agent for and on behalf of that Arlo Affiliate will have been duly and effectively authorised (or subsequently ratified) by that Arlo Affiliate.
6.2. Customer warrants and represents that, before any Customer Personal Data is transferred to Arlo or any Arlo Affiliate any Customer entity, Customer’s entry into this Addendum as agent for and on behalf of that Customer entity will have been duly and effectively authorised (or subsequently ratified) by that Customer entity.
7. Data Subjects & any Customer Personal Data Breach
7.1. Each party shall:
a) promptly notify the other party if they (or any party affiliated to them) receives a compliant or request from a Data Subject under any Applicable Law in respect of Customer Personal Data processed by a Contracted Processor relating to this Addendum; and
b)ensure that it does not respond to that request except on the documented instructions of Customer or the relevant Customer Affiliate (to be reasonably agreed between the parties) or as required by the Applicable Law, in which case Arlo shall to the extent permitted by the Applicable Law, inform Customer of that legal requirement before Arlo or the Contracted Processor responds to the request.
7.2. Each party shall notify the other in writing without undue delay upon becoming aware of a Personal Data Breach affecting Customer Personal Data, providing sufficient information to allow each Customer entity or any other party to meet any obligations to report or inform Data Subjects, or any Supervisory Authority, of the Personal Data Breach under the Applicable Law.
7.3. Each party shall co-operate with the other party (and each Customer entity or each Contracted Processor or Arlo Affiliate as is relevant) and take such commercial steps as are reasonably required to assist the other party in the investigation, mitigation and remediation of each such Personal Data Breach.
8. Audit rights
8.1. To the extent that the Applicable Law allows any Customer entity to conduct any audit of any Contracted Processor, the following provisions will apply:
a) Reasonable advance written notice of not less than twenty working days (for the Contracted Processor) must be given, and which must also state the reasons, the scope, and the specific Applicable Law supporting the request;
b) The parties must then, in good faith and acting reasonably, discuss and agree how and when the audit will take place, and will be subject to any Contracted Processor’s legal rights in the context of such audit request;
c)The audit must be conducted by appropriately qualified and experienced third party personnel of reputable standing, and who are reasonable acceptable to both parties (including Customer and Arlo);
d) The audit must minimise disruption to the relevant Contracted Processor(s);
e) The audit will be conducted at the sole cost of the Customer or the applicable Customer entity (and not Arlo or the Contracted Processor or any Arlo Affiliate), unless the reasonable written conclusions of any audit are that any Contracted Processor is in material breach of this Addendum.
9. Return and destruction of Customer Personal Data
9.1. Upon the termination of Customer access to and use of the Service, Arlo will, up to thirty (30) days following such termination, permit Customer to export their Customer Personal Data, at their expense, in accordance with the capabilities of the Service. Following such period, Arlo shall have the right to delete all Customer Personal Data stored or Processed by Arlo on behalf of Customer in accordance with Arlo’s deletion policies and procedures, save to the extent that Arlo is required by any Applicable Law to retain some or all of the Customer Personal Data. In such event Arlo shall extend the protections of this Addendum to such Customer Personal Data and limit any further processing of such Customer Personal Data to only those limited purposes that require the retention for so long as Arlo maintains the Customer Personal Data.
10.1. The liability provisions contained in the Principal Agreement will apply also to this Addendum other than to the extent that any Applicable Law requires otherwise and does not permit the parties to contract out of that requirement.
10.2. If and to the extent that any Customer entity or any Contracted Processor or any Arlo Affiliate becomes liable (by Court, Tribunal, Arbitration or other similar order from a competent authority with valid jurisdiction) to any Data Subject or other third party in respect of any breach of any Applicable Law then the obligations of each party stated in this Addendum shall be used to fairly and reasonably apportion the proportional bearing of that liability as between the relevant parties. If the parties are unable to reach agreement in this regard, apportionment shall be determined in accordance with the dispute resolution provisions of the Principal Agreement or if none, then as contained in this Addendum.
11. General Terms
11.1. The parties to this Addendum hereby submit to the choice of jurisdiction stipulated in the Principal Agreement with respect to any disputes or claims howsoever arising under this Addendum, including disputes regarding its existence, validity or termination or the consequences of its nullity.
11.2. This Addendum and all non-contractual or other obligations arising out of or in connection with it are governed by the laws of the country or territory stipulated for this purpose in the Principal Agreement, subject always to the correct application of the Applicable Law as required by this Addendum.
11.3. In the event of any conflict between a provision of this Addendum and any provision contained in the Principal Agreement regarding the protection of Customer Personal Data, then the provision of this Addendum shall prevail.
11.4. Either party may by at least 30 (thirty) calendar days’ written notice to the other party from time to time:
a) suggest any variations to this Addendum in order to comply with any change to Applicable Law, including as a result of the decision of a competent authority under that Applicable Law; or
b) propose any other variations to this Addendum which either party reasonably considers to be necessary to address the requirements of any Applicable Law.
11.5. If notice is given under section 11.4, then each party shall promptly co-operate to ensure that equivalent variations are openly discussed and that all reasonable and necessary changes are made to this Addendum as a result.
11.6. Neither Customer nor Arlo shall require the consent or approval of any Customer Affiliate or Arlo Affiliate to amend this Addendum pursuant to clause 11.5 or otherwise.
11.7. Should any provision of this Addendum be deemed by a competent Court or other tribunal to be invalid or unenforceable, then the remainder of this Addendum shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
Appendix 1: Details of Customer Personal Data Processed
Categories of Data Subjects
Customer related Data Subjects will be persons who relate to the fulfilment of one or more of the following functions comprising the Services, the extent of which is determined by Customer at its sole discretion:
- End-Users authorised by Customer to use the Services
- Administrators authorised by Customer to use the Services
- Registrants, applicants, presenters, support staff, prospects, customers and business partners of Customer and Customer End-Users (who are natural persons)
- Employees or contact persons of Customer registrants, applicants, presenters, support staff, prospects, customers and business partners
- Any other function forming part of the Services
Type of Personal Data
Customer or its End-Users may submit Customer Personal Data to the Service, the extent of which is determined by Customer at its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- First and last name
- Contact information (company, email, phone, physical business address)
- ID data
- Professional life data
- Personal life data
- Connection data
- Localisation data
Appendix 2: Arlo Technical and Organisational Security Measures
As of the Date of this Addendum, Arlo, when Processing Customer Personal Data on behalf of Data Controller in connection with the Service, Arlo shall implement and maintain the following technical and organisational security measures for the processing of such Customer Personal Data (“Security Standards”):
1. Physical Access Controls
Arlo shall take reasonable measures to prevent physical access such as security personnel and secured buildings and factory premises, to prevent unauthorised persons from gaining access to Customer Personal Data, or ensure Third Parties operating data centres on its behalf are adhering to such controls.
2. System Access Controls
Arlo shall take reasonable measures to prevent Customer Personal Data from being used without authorisation. These controls shall vary based on the nature of the Processing undertaken and may include, among other controls, authentication via passwords and/or two-factor authentication, documented authorisation processes, documented change management processes and/or logging of access on several levels.
3. Data Access Controls
Arlo shall take reasonable measures to provide that Customer Personal Data is accessible and manageable only by properly authorised staff, direct database query access is restricted and application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to the Customer Personal Data to which they have privilege of access; and, that Customer Personal Data cannot be read, copied, modified or removed without authorisation in the course of Processing.
4. Transmission Controls
Arlo shall take reasonable measures to ensure that it is possible to check and establish to which entities the transfer of Customer Personal Data by means of data transmission facilities is envisaged so Customer Personal Data cannot be read, copied, modified or removed without authorisation during electronic transmission or transport.
5. Input Controls
Arlo shall take reasonable measures to provide that it is possible to check and establish whether and by whom Customer Personal Data has been entered into data processing systems, modified or removed. Arlo shall take reasonable measures to ensure that (i) the Customer Personal Data source is under control of the Data Controller; and (ii) Customer Personal Data integrated into the Service is managed by secured transmission from Data Controller.
6. Data Backup
Backups of databases in the Service are taken on a regular basis, are secured and encrypted to ensure that Customer Personal Data is protected against accidental destruction or loss when hosted by Arlo.
7. Logical Separation
Data from different Arlo subscriber environments is logically segregated on Arlo’s systems to ensure that Customer Personal Data that is collected for different purposes may be Processed separately.