SUBSCRIPTION AGREEMENT
Last modified: March 16, 2020
This Subscription Agreement (including the Data Security Addendum and the Data Processing Addendum, attached hereto) (“Agreement”) is made between the ServiceNow entity (“ServiceNow”) and the customer entity (“Customer”) identified on the ordering document.
BY ACCEPTING THIS AGREEMENT, BY CLICKING A BOX INDICATING ACCEPTANCE, CUSTOMER AGREES TO THE TERMS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERM “CUSTOMER” SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY, OR DOES NOT AGREE WITH THESE TERMS AND CONDITIONS, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SUBSCRIPTION SERVICES.
GENERAL TERMS AND CONDITIONS
1. DEFINITIONS
1.1 “Affiliates” means any person or entity directly or indirectly Controlling, Controlled by, or under common Control with a party, where “Control” means the legal power to direct or cause the direction of the general management of the company, partnership, or other legal entity. Affiliates of Customer are “Customer Affiliates”, and Affiliates of ServiceNow are “ServiceNow Affiliates”.
1.2 “Ancillary Software” means software licensed by ServiceNow to Customer that is deployed on machines operated by or for Customer to facilitate operation of the Subscription Service or interoperation of the Subscription Service with other software, hardware, or services. Ancillary Software may include code that is licensed under third-party license agreements, including open source made available or provided with the Ancillary Software.
1.3 “Claim” means any third-party suit, claim, action, or demand.
1.4 “Confidential Information” means: (a) ServiceNow Core Technology (which is Confidential Information of ServiceNow); (b) Customer Data and Customer Technology (which is Confidential Information of Customer); (c) any information of a party that is disclosed in writing or orally and is designated as Confidential or Proprietary at time of disclosure (and, for oral disclosures, summarized in writing within 30 days of initial disclosure and delivered in written summary form to the receiving party), or that, due to the nature of the information or circumstances of disclosure, receiving party would understand it to be disclosing party’s confidential information; and (d) the specific terms of this Agreement, any Order Form, and any amendment or attachment to any of these, between the parties (which will be deemed Confidential Information of both parties). Confidential Information excludes any information that: (i) is or becomes generally known to the public through no fault or breach of this Agreement by receiving party; (ii) was already rightfully in receiving party’s possession, without restriction on use or disclosure, when receiving party received it under this Agreement; (iii) is independently developed by receiving party without use of disclosing party’s Confidential Information; or (iv) was or is rightfully obtained by receiving party, without restriction on use or disclosure, from a third party not under a duty of confidentiality to disclosing party.
1.5 “Customer Data” means electronic data uploaded by or for Customer or Customer’s agents, employees, or contractors, and processed in the Subscription Service, excluding ServiceNow Core Technology.
1.6 “Customer Technology” means software, methodologies, templates, business processes, documentation, or other material originally authored, invented, or otherwise created by Customer (or on Customer’s behalf, other than by ServiceNow or at ServiceNow’s direction) for use with the Subscription Service, excluding ServiceNow Core Technology.
1.7 “Deliverable” means anything that is created by or on behalf of ServiceNow for Customer in the performance of Professional Services.
1.8 “Documentation” means the then-current ServiceNow product documentation relating to the operation and use of the Subscription Service or Ancillary Software published by ServiceNow at https://docs.servicenow.com or its successor website. Documentation includes technical program or interface documentation, user manuals, operating instructions, and release notes.
1.9 “Free Subscription Services” means Subscription Services that ServiceNow makes available to free of charge.
1.10 “Intellectual Property Rights” means all intellectual property or other proprietary rights worldwide, including patents, copyrights, trademarks, moral rights, trade secrets, and any other intellectual or industrial property, including registrations, applications, renewals, and extensions of such rights.
1.11 “Law” means any applicable law, rule, statute, decree, decision, order, regulation, judgment, code, and requirement of any government authority (federal, state, local, or international) having jurisdiction.
1.12 “Newly Created IP” means Intellectual Property Rights in the inventions or works of authorship that are made by ServiceNow specifically for Customer in the course of performing Professional Services for Customer that are expressly identified as “Newly Created IP” in an SOW, excluding ServiceNow Core Technology.
1.13 “Order Form” means an ordering document signed by Customer and ServiceNow including the opt-in form for Free Subscription Services.
1.14 “Product Overview ” means ServiceNow’s published description of its products and their functionalities, solely to the extent attached to or expressly referenced in an Order Form.
1.15 “Professional Services” means any consulting, development, or educational services provided by or on behalf of ServiceNow pursuant to an agreed SOW or Service Description.
1.16 “Purchased Subscription Services” means Subscription Services Customer Purchases under an Order Form or online purchasing portal, as distinguished from Free Services.
1.17 “Service Description” means the written description for a packaged Professional Service, attached to or referenced in an Order Form.
1.18 “ServiceNow Core Technology” means: (a) the Subscription Service, Ancillary Software, Documentation, and technology and methodologies (including products, software tools, hardware designs, algorithms, templates, software (in source and object forms), architecture, class libraries, objects, and documentation) created by or for, or licensed to, ServiceNow; and (b) updates, upgrades, improvements, configurations, extensions, and derivative works of the foregoing and related technical or end user documentation or manuals.
1.19 “SOW” means a statement of work that describes scoped Professional Services.
1.20 “Subscription Service” means the ServiceNow software-as-a-service offering ordered by Customer under an Order Form including the Free Subscription Services and the Purchased Subscription Services.
1.21 “Subscription Term” means the period of authorized access to and use of the Subscription Service, as set forth in an Order Form.
2. ACCESS AND USE RIGHTS; RESTRICTIONS; PROVISION OF PROFESSIONAL SERVICES; FREE SUBSCRIPTION SERVICES
2.1 ACCESS AND USE RIGHTS. For each Subscription Term, ServiceNow grants the access and use rights set forth in this Section 2 for the ServiceNow Core Technology described in that Order Form.
2.1.1. Subscription Service. Subject to the terms of this Agreement, ServiceNow authorizes Customer to access and use the Subscription Service during the Subscription Term stated in the applicable Order Form, solely for its internal business purposes in accordance with the Documentation. Customer will not otherwise access or use the Subscription Service in a manner that exceeds Customer’s authorized access and use rights as set forth in this Agreement and the applicable Order Form.
2.1.2. ANCILLARY SOFTWARE. ServiceNow grants Customer a limited, personal, worldwide, non-sublicensable, non-transferable (except as set forth in Section 12.1 (Assignment)), non-exclusive, royalty-free license during the Subscription Term to install and execute Ancillary Software on machines operated by or for Customer, solely to facilitate Customer’s authorized access to and use of the Subscription Service.
2.1.3. UPDATES. ServiceNow may continue development of, provide updates to, and otherwise modify the functionality of any part of the ServiceNow Core Technology, and Customer must use the latest available version provided by ServiceNow. ServiceNow may update or otherwise modify the ServiceNow Core Technology in its sole discretion without notice to Customer.
2.2 AFFILIATE ACCESS AND USE.
Customer may, at its option, provide access and use rights to the Subscription Service to one or more Customer Affiliates, subject to all terms in this Agreement. If Customer provides such access and use rights, Customer will be wholly responsible for the acts and omissions of the Customer Affiliate. No Customer Affiliate shall have the right to take any legal action against ServiceNow under this Agreement.
2.3 RESTRICTIONS. With respect to the ServiceNow Core Technology, Customer will not (and will not permit others to): (a) use it in excess of contractual usage limits (including as set forth in an Order Form), or in a manner that circumvents usage limits or technological access control measures; (b) license, sub-license, sell, re-sell, rent, lease, transfer, distribute, time share, or otherwise make any of it available for access by third-parties, except as may otherwise be expressly stated in an Order Form; (c) access it for the purpose of developing or operating products or services for third-parties in competition with the ServiceNow Core Technology; (d) disassemble, reverse engineer, or decompile it; (e) copy, create derivative works based on, or otherwise modify it, except as may be otherwise expressly stated in this Agreement; (f) remove or modify a copyright or other proprietary rights notice in it; (g) use it to reproduce, distribute, display, transmit, or use material protected by copyright or other Intellectual Property Right (including the rights of publicity) without first obtaining permission of the owner; (h) use it to create, use, send, store, or run viruses or other harmful computer code, files, scripts, agents, or other programs, or otherwise engage in a malicious act or disrupt its security, integrity, or operation; or (i) access or disable any ServiceNow or third-party data, software, or network (other than Customer’s instance of the Subscription Service under this Agreement). Before Customer engages in any of the foregoing acts that it believes it may be entitled to, it will provide ServiceNow with 30-days’ prior notice to legalnotices@servicenow.com, and reasonably requested information to allow ServiceNow to assess Customer’s claim. ServiceNow may, in its discretion, provide alternatives that reduce adverse impacts on ServiceNow’s Intellectual Property Rights or other rights.
2.4 PROVISION OF PROFESSIONAL SERVICES. Customer and ServiceNow may enter into one or more SOWs or Order Forms subject to this Agreement, and which may incorporate one or more Service Descriptions for the provision of Professional Services. ServiceNow will perform the Professional Services, subject to the fulfillment of any responsibilities and payments due from Customer, as stated in the SOW or the Order Form.
2.5 FREE SUBSCRIPTION SERVICES. Free Subscription Services will be made available free of charge until the earlier of (a) the end of the Subscription Term for the Free Subscription Services, or (b) the start date of any Purchased Subscription Services ordered by Customer.
NOTWITHSTANDING THE “WARRANTIES; DISCLAIMER OF WARRANTIES” SECTION AND “INDEMNIFICATION BY SERVICENOW” SECTION BELOW, THE FREE SUBSCRIPTION SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND SERVICENOW SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE FREE SUBSCRIPTION SERVICES UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE SERVICENOW’S LIABILITY WITH RESPECT TO THE FREE SUBSCRIPTION SERVICES SHALL NOT EXCEED $1,000.00. WITHOUT LIMITING THE FOREGOING, SERVICENOW AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE FEE SUBSCRIPTION SERVICES WILL MEET CUSTOMER’S REQUIREMENTS, (B) CUSTOMER’S USE OF THE FREE SUBSCRIPTION SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) USAGE DATA PROVIDED THROUGH THE FREE SUBSCRIPTION SERVICES WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE “LIMITED LIABILITY” AND “EXCLUDED DAMAGES” SECTIONS BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO SERVICENOW AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE FREE SUBSCRIPTION SERVICES, ANY BREACH BY CUSTOMER OF THIS AGREEMENT AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.
3. ORDERING
3.1 ORDERS AND PAYMENT. Upon execution by Customer and ServiceNow, each Order Form is non-cancellable and non-refundable, except as provided in this Agreement. Prices stated in each Order Form are final. Subscription Service fees are invoiced annually in advance. Each Subscription Term is a non-divisible, continuous commitment, regardless of the invoice schedule, and pricing is based on a purchase of the entire Subscription Term. Professional Services fees are invoiced on a time and materials basis, monthly in arrears. Customer will pay each invoice within 30 days after the invoice date. If Customer issues a purchase order, then it shall be for the full amount of the Order Form. Any such purchase order submitted by Customer is for its internal purposes only, and ServiceNow rejects, and in the future is deemed to have rejected, any purchase order’s terms to the extent they add to or conflict in any way with this Agreement or the applicable Order Form, SOW, or Service Description, and such additional or conflicting terms will have no effect. On request, ServiceNow will reference the purchase order number on its invoices (solely for administrative convenience), so long as Customer provides the purchase order at least 15 business days before the invoice date. Late payments will accrue interest at a rate of 1.5% per month or the legal maximum interest rate, whichever is lower. Customer will cure a delinquency in payment of any amounts owed under this Agreement within 30 days from the date of ServiceNow’s delinquency notice. If Customer fails to cure or regain compliance under Section 3.2 (Use Verification), ServiceNow may suspend Customer’s use of the Subscription Service or terminate this Agreement for breach, in addition to any other available rights and remedies. All terms of this Section 3.1 apply except as may be expressly stated otherwise in the applicable Order Form, SOW, Service Description, or elsewhere in this Agreement.
3.2 USE VERIFICATION. ServiceNow may remotely review Customer’s use of the Subscription Service, and on ServiceNow’s written request, Customer will provide reasonable assistance to verify Customer’s compliance with the Agreement, and access to and use of the Subscription Service. If ServiceNow determines that Customer has exceeded its permitted access and use rights to the Subscription Service, ServiceNow will notify Customer and within 30 days thereafter Customer shall either: (a) disable any unpermitted use, or (b) purchase additional subscriptions commensurate with Customer’s actual use.
3.3 TAXES. All payments required by this Agreement are stated exclusive of all taxes, duties, levies, imposts, fines, or similar governmental assessments, including sales and use taxes, value-added taxes (“VAT”), goods and services taxes (“GST”), excise, business, service, and similar transactional taxes imposed by any jurisdiction, and the interest and penalties on any and all of these (collectively, “Taxes”). Customer is solely liable for and will pay all Taxes associated with its purchase of, payment for, access to, or use of, any ServiceNow Products. For the avoidance of doubt, Taxes will not be deducted from payments to ServiceNow, except as required by Law, in which case Customer will increase the amount payable as necessary so that, after making all required deductions and withholdings, ServiceNow receives and retains (free from any liability for Taxes) an amount equal to the amount it would have received had no such deductions or withholdings been made. Each party is solely liable for and will pay taxes imposed on its net income. If Customer is a tax-exempt entity or claims exemption from any Taxes under this Agreement, it will include its tax exemption number on, and provide a tax exemption certificate on execution of the Order Form and, after receipt of valid evidence of exemption, ServiceNow will not charge Customer any Taxes from which it is exempt. If ServiceNow is required to invoice or collect Taxes associated with Customer’s purchase of, payment for, access to, or use of, any ServiceNow Products, ServiceNow will invoice Customer for those Taxes, itemized where required by Law. Customer will provide to ServiceNow its VAT or GST identification number(s) on the Order Form for: (a) the country where Customer has established its business; and (b) any other country where Customer has a fixed establishment. Customer will use the ordered ServiceNow Products for Customer’s business use in the foregoing location(s) in accordance with the provided VAT or GST identification number(s).
4. INTELLECTUAL PROPERTY
4.1 SERVICENOW OWNERSHIP. As between the parties, ServiceNow and its licensors exclusively own all right, title, and interest in and to all Intellectual Property Rights in the ServiceNow Core Technology, notwithstanding anything in this Agreement purportedly to the contrary. Except for the access and use rights, and licenses expressly granted in Section 2 of this Agreement, ServiceNow, on behalf of itself and its licensors, reserves all rights in the ServiceNow Core Technology and does not grant Customer any rights (express, implied, by estoppel, through exhaustion, or otherwise). Any ServiceNow Core Technology delivered to Customer or to which Customer is given access shall not be deemed to have been sold, even if, for convenience, ServiceNow makes reference to words such as “sale” or “purchase” in the applicable Order Form or other documents.
4.2 CUSTOMER OWNERSHIP. As between the parties, Customer and its licensors will retain all right, title, and interest in and to all Intellectual Property Rights in Customer Data and Customer Technology. Customer hereby grants to ServiceNow a royalty-free, fully-paid, non-exclusive, non-transferrable (except as set forth in Section 12.1 (Assignment)), worldwide, right to use Customer Data and Customer Technology solely to provide and support the Subscription Service.
4.3 FEEDBACK. ServiceNow encourages Customer to provide suggestions, proposals, ideas, recommendations, or other feedback regarding improvements to the ServiceNow Core Technology (collectively, “Feedback”). If Customer provides such Feedback, Customer grants to ServiceNow a royalty-free, fully paid, sub-licensable, transferable (notwithstanding Section 12.1 (Assignment)), non-exclusive, irrevocable, perpetual, worldwide right and license to use, license, and commercialize Feedback (including by incorporation of such Feedback into ServiceNow Core Technology) without restriction.
4.4 PROFESSIONAL SERVICES. Subject to this Section 4.4, ServiceNow assigns (and in the future is deemed to have assigned) to Customer any Newly Created IP upon payment in full by Customer for the Professional Service under which the Newly Created IP was created. If any ServiceNow Core Technology is incorporated into a Deliverable, ServiceNow grants to Customer a non-exclusive, royalty-free, non-transferable (except as set forth in Section 12.1 (Assignment)), non-sublicensable worldwide license to use the ServiceNow Core Technology incorporated into the Deliverable in connection with the Subscription Service as contemplated under this Agreement during the applicable Subscription Term. Nothing in this Agreement shall be deemed to restrict or limit ServiceNow’s right to perform similar Professional Services for any other party or to assign any employees or subcontractors to perform similar Professional Services for any other party or to use any information incidentally retained in the unaided memories of its employees providing Professional Services.
5. WARRANTIES; DISCLAIMER OF WARRANTIES
5.1 LIMITED SUBSCRIPTION SERVICE WARRANTY. ServiceNow warrants that, during the Subscription Term, Customer’s production instance of the Subscription Service will materially conform to the Product Overview. To submit a warranty claim under this Section 5.1, Customer will submit a support request to resolve the non-conformity as provided in the Subscription Service Guide. If the non-conformity persists without relief more than 30 days after notice of a warranty claim provided to ServiceNow under this Section 5.1, then Customer may terminate the affected Subscription Service, and ServiceNow will refund to Customer any prepaid subscription fees covering that part of the applicable Subscription Term for the affected Subscription Service remaining after the effective date of termination. Notwithstanding the foregoing, this warranty will not apply to any non-conformity due to a modification of or defect in the Subscription Service that is made or caused by any person other than ServiceNow or a person acting at ServiceNow’s direction. This Section 5.1 sets forth Customer’s exclusive rights and remedies (and ServiceNow’s sole liability) in connection with this warranty.
5.2 LIMITED PROFESSIONAL SERVICES WARRANTY. ServiceNow warrants that the Professional Services will be performed in a competent and workmanlike manner, in accordance with accepted industry standards and practices and all material requirements set forth in the SOW or Service Description. Customer will notify ServiceNow of any breach within 30 days after performance of the non-conforming Professional Services. On receipt of such notice, ServiceNow, at its option, will either use commercially reasonable efforts to re-perform the Professional Services in conformance with these warranty requirements or will terminate the affected Professional Services and refund to Customer any amounts paid for the nonconforming Professional Services. This Section 5.2 sets forth Customer’s exclusive rights and remedies (and ServiceNow’s sole liability) in connection with this warranty.
5.3 DISCLAIMER OF WARRANTIES. EXCEPT FOR THE WARRANTIES EXPRESSLY STATED IN THIS SECTION 5, TO THE MAXIMUM EXTENT ALLOWED BY LAW, SERVICENOW DISCLAIMS ALL WARRANTIES OF ANY KIND (EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, ORAL OR WRITTEN, INCLUDING WARRANTIES OF MERCHANTABILITY, ACCURACY, TITLE, NON-INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES ARISING FROM USAGE OF TRADE, COURSE OF DEALING, OR COURSE OF PERFORMANCE). WITHOUT LIMITING THE FOREGOING, SERVICENOW SPECIFICALLY DOES NOT WARRANT THAT THE SUBSCRIPTION SERVICE WILL MEET THE REQUIREMENTS OF CUSTOMER OR OTHERS OR WILL BE ACCURATE OR OPERATE WITHOUT INTERRUPTION OR ERROR. CUSTOMER ACKNOWLEDGES THAT IN ENTERING THIS AGREEMENT, IT HAS NOT RELIED ON ANY PROMISE, WARRANTY, OR REPRESENTATION NOT EXPRESSLY SET FORTH IN THIS AGREEMENT.
6.1 CONFIDENTIALITY OBLIGATIONS. The recipient of Confidential Information will: (a) at all times protect it from unauthorized disclosure with the same degree of care that it uses to protect its own confidential information, and in no event use less than reasonable care; and (b) not use it except to the extent necessary to exercise rights or fulfill obligations under this Agreement. Each party will limit the disclosure of the other party’s Confidential Information to those of its employees and contractors and the employees and contractors of its Affiliates with a need to access such Confidential Information for a party’s exercise of its rights and obligations under this Agreement, and then only to employees and contractors subject to binding disclosure and use restrictions at least as protective as those in this Agreement. Each party’s obligations under this Section 6 will remain in effect during, and for three years after termination of, this Agreement. Receiving party will, at disclosing party’s request, return all originals, copies, reproductions, and summaries of Confidential Information and other tangible materials and devices provided to receiving party as Confidential Information, or at disclosing party’s option, certified destruction of the same. Provisions for return of Customer Data are set forth in Section 11.2 (Return of Customer Data).
6.2 THIRD PARTY REQUESTS. This Agreement will not be construed to prevent receiving party from disclosing the disclosing party’s Confidential Information to a court, or governmental body pursuant to a valid court order, Law, subpoena, or regulation, provided that the receiving party: (a) gives prompt notice (or the maximum notice permitted under Law) before making the disclosure, unless prohibited by Law; (b) provides reasonable assistance to disclosing party in any lawful efforts by disclosing party to resist or limit the disclosure of such Confidential Information; and (c) discloses only that portion of disclosing party’s Confidential Information that is legally required to be disclosed. In addition, receiving party will cooperate and assist disclosing party, at disclosing party’s cost, in relation to any such request and any response to any such communication.
7.1 BY SERVICENOW.
7.1.1. SERVICENOW OBLIGATION. Subject to the limitations in this Section 7, ServiceNow will: (a) defend Customer and Customer Affiliates, and its and their officers, directors, and employees against any Claim: (i) to the extent alleging that any ServiceNow Core Technology accessed or used in accordance with this Agreement infringes any third-party patent, copyright, or trademark, or misappropriates any third-party trade secret; or (ii) to the extent alleging that ServiceNow’s personnel when onsite at Customer’s premises caused death, bodily harm, or damage to tangible personal property due to their negligence or willful misconduct; and (b) pay any settlement amount or any court-ordered award of damages, under the forgoing subsections (a)(i) and (ii) to the extent arising from such Claim.
7.1.2. MITIGATION. To the extent any Claim alleges any part of the ServiceNow Core Technology infringes any third-party patent, copyright, or trademark, or misappropriates any third-party trade secret, ServiceNow may: (a) contest the Claim; (b) obtain permission from the claimant for Customer’s continued use of its instance of the Subscription Service or any applicable ServiceNow Core Technology; (c) avoid such Claim by replacing or modifying Customer’s access to and use of its instance of the Subscription Service or any applicable ServiceNow Core Technology as long as ServiceNow provides a substantially similar Subscription Service; or, if ServiceNow determines the foregoing (a), (b), and (c) are not commercially practicable, then (d) terminate Customer’s access to and use of the affected Subscription Service on 60-days’ prior notice and refund to Customer any prepaid subscription fees covering that part of the applicable Subscription Term for such Subscription Service remaining after the effective date of termination.
7.1.3. LIMITATIONS. Notwithstanding the above, ServiceNow will have no obligation or liability for any Claim under Section 7.1.1(a)(i) to the extent arising in whole or in part from: (a) any access to or use of any ServiceNow Core Technology not expressly authorized under this Agreement, to the extent the Claim would have been avoided without such unauthorized access or use; (b) Customer Data or Customer Technology; or (c) access to or use of the ServiceNow Core Technology: (i) in violation of Law; (ii) after termination under Section 7.1.2(d); (iii) as modified to Customer’s specifications or by anyone other than ServiceNow or its contractors, if the Claim would have been avoided but for such modifications; or (iv) combined with anything not provided by ServiceNow, if the Claim would have been avoided but for such combination.
7.2 CUSTOMER OBLIGATION. Customer will: (a) defend ServiceNow and ServiceNow Affiliates, and its and their officers, directors, and employees against any Claim to the extent alleging that Customer Data, Customer Technology, or a modification to any ServiceNow Core Technology made to Customer’s specifications or otherwise made by or on behalf of Customer by any person other than ServiceNow or a person acting at ServiceNow’s direction (but only if the Claim would have been avoided by use of the unmodified ServiceNow Core Technology), infringes any patent, copyright, or trademark, misappropriates any third-party trade secret, or violates any third-party privacy rights; and (b) pay any settlement amount or any court-ordered award of damages, under the foregoing subsection (a) to the extent arising from such Claim.
7.3 PROCESS. The obligations of ServiceNow and Customer under Sections 7.1 and 7.2 are conditioned on the indemnified party (a) notifying the indemnifying party promptly in writing of any actual or threatened Claim, (b) the indemnified party giving the indemnifying party sole control of the defense of such Claim and of any related settlement negotiations, and (c) the indemnified party cooperating and, at the indemnifying party’s reasonable request and expense, assisting in such defense. Neither party will stipulate, acknowledge, or admit fault or liability on the other’s part without the other’s prior, written consent. The indemnifying party will not publicize any settlement without the indemnified party’s prior, written consent. To the extent the parties perform as required, this Section 7 states each party’s entire liability and the other party’s exclusive remedy for third-party claims and third-party actions.
8. LIMITED LIABILITY
TO THE EXTENT PERMITTED BY LAW, EACH PARTY’S TOTAL, CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT AND THE PRODUCTS AND SERVICES PROVIDED UNDER IT, WHETHER BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL OR EQUITABLE THEORY, WILL BE LIMITED TO THE AMOUNTS PAID BY CUSTOMER FOR USE OF THE PRODUCTS OR PROVISION OF THE SERVICES GIVING RISE TO THE CLAIM DURING THE 12-MONTH PERIOD PRECEDING THE FIRST EVENT GIVING RISE TO LIABILITY. THE EXISTENCE OF MORE THAN ONE CLAIM WILL NOT ENLARGE THIS LIMIT. THE FOREGOING LIMITATION OF LIABILITY SHALL NOT APPLY TO: (A) CUSTOMER’S OBLIGATION TO PAY FOR PRODUCTS, SERVICES OR TAXES; (B) A PARTY’S OBLIGATIONS IN SECTION 7 (INDEMNIFICATION); AND (C) INFRINGEMENT BY A PARTY OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS.
TO THE EXTENT PERMITTED BY LAW, NEITHER SERVICENOW NOR CUSTOMER WILL BE LIABLE TO THE OTHER OR ANY THIRD PARTY FOR LOST PROFITS (DIRECT OR INDIRECT) OR LOSS OF USE OR DATA OR FOR ANY INCIDENTAL, OTHER CONSEQUENTIAL, PUNITIVE, SPECIAL, OR EXEMPLARY DAMAGES (INCLUDING DAMAGE TO BUSINESS, REPUTATION, OR GOODWILL), OR INDIRECT DAMAGES OF ANY TYPE HOWEVER CAUSED, WHETHER BY BREACH OF WARRANTY, BREACH OF CONTRACT, IN TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL OR EQUITABLE CAUSE OF ACTION, EVEN IF SUCH PARTY HAS BEEN ADVISED OF SUCH DAMAGES IN ADVANCE OR IF SUCH DAMAGES WERE FORESEEABLE. THE FOREGOING EXCLUSIONS SHALL NOT APPLY TO: (A) PAYMENTS TO A THIRD PARTY ARISING FROM A PARTY’S OBLIGATIONS UNDER SECTION 7 (INDEMNIFICATION); AND (B) INFRINGEMENT BY A PARTY OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS.
10. GROSS NEGLIGENCE; WILLFUL MISCONDUCT
AS PROVIDED BY LAW, NOTHING HEREIN SHALL BE INTENDED TO LIMIT A PARTY’S LIABILITY IN AN ACTION IN TORT, SEPARATE AND DISTINCT FROM A CAUSE OF ACTION FOR BREACH OF THIS AGREEMENT, FOR THE PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT.
11.1 TERMINATION. This Agreement begins on the Effective Date and continues until terminated under its terms. Each party may terminate this Agreement in its entirety: (a) on 30 days’ prior notice to the other, if at the time of notice there are no Order Forms in effect; (b) immediately on notice if the other party becomes the subject of a petition in bankruptcy or any proceeding related to its insolvency, receivership, or liquidation, in any jurisdiction, that is not dismissed within 60 days of its commencement or an assignment for the benefit of creditors; or (c) immediately on notice if the other party materially breaches this Agreement and does not cure such breach within 30 days after the other party’s receipt of notice of the breach. Either party may terminate an Order Form or SOW on notice if the other party materially breaches this Agreement or the applicable Order Form or SOW for the affected service and does not cure the breach within 30 days after receiving notice of the breach from the non-breaching party. Professional Services are separately ordered from the Subscription Service and are not required for use of the Subscription Service. A breach by a party of its obligations with respect to Professional Services shall not by itself constitute a breach by that party of its obligations with respect to the Subscription Service even if the services are enumerated in the same Order Form.
11.1.1. EFFECT OF TERMINATION OF SUBSCRIPTION SERVICE. On termination or expiration of the Subscription Service, Customer will stop accessing and using, and ServiceNow will stop providing, the Subscription Service and all related rights granted to Customer in this Agreement will terminate immediately, automatically, and without notice. ServiceNow will, within 30 days after the effective date of termination by Customer for ServiceNow’s breach, refund to Customer any prepaid fees received by ServiceNow covering that part of the Subscription Term for the affected Subscription Service, if any, remaining after the effective date of termination. Within 30 days after the effective date of termination by ServiceNow for Customer’s breach, Customer will pay all remaining amounts, if any, payable under this Agreement for the Subscription Term applicable to the terminated Subscription Service regardless of the due dates specified in the Order Form.
11.2 RETURN OF CUSTOMER DATA . Customer is solely responsible for exporting Customer Data prior to expiration or termination of the Subscription Service.
11.3 SURVIVAL. Sections 2.3 (Restrictions), 3.3 (Taxes), 4 (Intellectual Property), 5 (Warranties; Disclaimer of Warranties) (solely in accordance with its terms), 6 (Confidential Information) through 10 (Gross Negligence; Willful Misconduct), 11 (Term and Termination) (solely in accordance with its terms), and 12 (General Provisions), together with any other terms required for their construction or enforcement, will survive termination or expiration of this Agreement.
12.1 ASSIGNMENT. Neither party may assign or novate its rights or obligations under this Agreement, by operation of law or otherwise (any of the foregoing, “Assign”), without the other party’s prior written consent. Notwithstanding the foregoing, on notice and without the other’s consent: (a) either party may in connection with a merger, reorganization, or sale of all or substantially all of such party’s assets or equity, Assign this Agreement in its entirety to such party’s successor; and (b) ServiceNow may Assign this Agreement in its entirety to any ServiceNow Affiliate. Any attempted or purported Assignment in violation of this Section 12.1 will be null and void. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors, and permitted assigns.
12.2 COMPLIANCE WITH LAWS. ServiceNow will comply with all Laws applicable to its provision under the Agreement of the ServiceNow Products, including those applicable to privacy and security of personal information (including mandatory trans-border data transfers and mandatory data breach notification requirements), but excluding Laws specifically applicable to Customer and its industry not generally applicable to information technology service providers regardless of industry. Customer will comply with all Laws applicable to its use of the ServiceNow Products, including those applicable to collection and processing of Customer Data in ServiceNow systems through the Subscription Service. Customer agrees to provide any required disclosures to and obtain any required consents for the transfer of Customer Data to ServiceNow.
12.3 EXPORT COMPLIANCE. Each party will comply with local and foreign export control Laws, including U.S. export control Laws. Customer acknowledges that the ServiceNow Products are subject to U.S. Export Administration Regulations (“EAR”) and that Customer will comply with EAR. Without limiting the foregoing, Customer represents and warrants that: (a) it is not located in, and will not use any ServiceNow Products from, any country subject to U.S. export restrictions (currently including Cuba, Iran, North Korea, Sudan, Syria, and Crimea Region); (b) Customer will not use the ServiceNow Products in the design, development, or production of nuclear, chemical, or biological weapons, or rocket systems, space launch vehicles, sounding rockets, or unmanned air vehicle systems; and (c) Customer is not prohibited from participating in U.S. export transactions by any federal agency of the U.S. government. In addition, Customer is responsible for complying with any local Laws that may impact Customer’s right to import, export, or use ServiceNow Products or any of them.
12.4 US GOVERNMENT RIGHTS. ServiceNow software is commercial computer software (as defined in Federal Acquisition Regulation (“FAR”) 2.101 for civilian agency purchases and Department of Defense (“DOD”) FAR Supplement (“DFARS”) 252.227-7014(a)(1) for defense agency purchases) and ServiceNow services are commercial items. If the software is licensed or services acquired by or on behalf of a civilian agency, ServiceNow provides the software, its documentation, and any other technical data subject to this Agreement consistent with FAR 12.212 (Computer Software) and FAR 12.211 (Technical Data). If software is licensed or services acquired by or on behalf of any DOD agency, ServiceNow provides the software, its documentation, and any other technical data subject to this Agreement consistent with DFARS 227.7202-3. If this is a DOD prime contract or DOD subcontract, the DOD agency Customer may acquire additional rights in technical data under DFARS 252.227-7015(b). This U.S. Government Rights clause is in lieu of, and supersedes, any other FAR, DFARS, or other clause or provision that addresses government rights in computer software or technical data.
12.5 NOTICE. Except as otherwise provided in this Agreement, all notices will be in writing and deemed given on: (a) personal delivery; (b) when received by the addressee if sent by a recognized overnight courier (receipt requested); (c) the third business day after mailing; or (d) the first business day after sending by email with confirmation of receipt, except that email will not be sufficient for notices regarding a Claim or alleged breach. Notices will be sent as set forth on the first page of this Agreement or as subsequently updated in writing.
12.6 FORCE MAJEURE. ServiceNow is not, and may not be construed to be, in breach of this Agreement for any failure or delay in fulfilling or performing the Subscription Service, when and to the extent such failure or delay is caused by or results from acts beyond ServiceNow’s reasonable control, including: strikes, lock-outs, or other industrial disputes; trespass, sabotage, theft or other criminal acts export bans, sanctions, war, terrorism, riot, civil unrest, or government action; failure of Internet connectivity or backbone or other telecommunications failures, in each case outside of ServiceNow’s local network; breakdown of plant or machinery; nuclear, chemical, or biological contamination; fire, flood, natural disaster, extreme adverse weather, or other acts of God (each a “Force Majeure Event”). ServiceNow will use reasonable efforts to mitigate the effects of such Force Majeure Event.
12.7 HIGH RISK ACTIVITY. The ServiceNow Products are not designed for any purpose requiring fail-safe performance, including stock trading, financial transaction processing, operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life support machines, weapons systems, or other management or operation of hazardous facilities or applications for which failure could result in death, personal injury, or severe physical, property, or environmental damage (each, a “High Risk Activity”). ServiceNow, its licensors, and suppliers expressly disclaim all warranties of fitness for any such use.
12.8 WAIVER AND AMENDMENT. Failure by a party to enforce any part of this Agreement will not be deemed a waiver of future enforcement of that or any other provision. A waiver of any right is effective only if in a writing signed by an authorized representative of the waiving party. Any modification of this Agreement must be in writing and signed by authorized representatives of both parties.
12.9 SEVERABILITY. If any term of this Agreement is held invalid, unenforceable, or void by a court of competent jurisdiction, such term will be enforced to the maximum extent permissible, such holding will not affect the remaining terms, and the invalid, unenforceable, or void term will be deemed amended or replaced by a valid, legal, and enforceable term that matches the intent of the original language as closely as possible.
12.10 RELATIONSHIP. The parties are independent contractors. Nothing in this Agreement will be construed to create a partnership, joint venture, agency, or other relationship. Neither party has any right or authority to assume or create any obligation of any kind, express or implied, in the other party’s name or on its behalf. No third-party is a third-party beneficiary of, or liable under, this Agreement, and no third-party is responsible for any obligations or liability arising out of Customer’s use of the ServiceNow Core Technology.
12.11 GOVERNING LAW; JURISDICTION AND VENUE. If Customer is located in the United States, Canada, or Mexico this Agreement will be governed by the Laws of the State of California, without regard to its conflict of laws principles. The parties irrevocably consent to the exclusive jurisdiction of, and venue in, any federal or state court of competent jurisdiction located in Santa Clara County, California, for the purposes of adjudicating any dispute arising out of or related to this Agreement. Each party expressly consents to service of process by registered mail. To the extent permitted by Law, choice of law rules and the United Nations Convention on Contracts for the International Sale of Goods will not apply. Notwithstanding the foregoing, either party may at any time seek and obtain appropriate legal or equitable relief in any court of competent jurisdiction for claims regarding such party’s Intellectual Property Rights.
12.12 COUNTRY SPECIFIC PROVISIONS. For any Customer domiciled outside the United States, Canada, or Mexico, the country-specific provisions following this Section 12 shall replace or supplement the equivalent provisions of the Agreement depending on the following: (a) if Customer is executing its Order Form with ServiceNow Nederland B.V., then “the Netherlands” provisions apply; (b) if Customer is executing its Order Form with ServiceNow UK Ltd., then the “United Kingdom” provisions apply; and (c) if Customer is executing its Order Form with ServiceNow Australia Pty Ltd, then the “Australia” provisions apply; and (d) if Customer is executing its Order Form with ServiceNow Brasil Gerenciamento de Serviços Ltda., then the “Brazil” provisions apply.
12.13 EQUITABLE REMEDIES. The receiving party’s disclosure of Confidential Information except as provided in this Agreement, or a party’s infringement or misappropriation of the other party’s Intellectual Property Rights may result in irreparable injury for which a remedy in money damages may be inadequate. In the event of such actual or threatened disclosure, infringement or misappropriation, disclosing party may be entitled to seek an injunction to prevent the breach or threatened breach without the necessity of proving irreparable injury or the inadequacy of money damages, in addition to remedies otherwise available to disclosing party at law or in equity.
12.14 CONSTRUCTION. ServiceNow is obligated to provide ServiceNow Products only in the English language, unless otherwise agreed in writing. The parties have expressly requested that this Agreement and all related documents be drafted in English. Les parties confirment avoir expressément exigé que le présent contrat et les documents de ServiceNow qui y sont attachés soient rédigés en anglais. Section headings are for convenience only and are not to be used in interpreting this Agreement. This Agreement has been negotiated by the parties and their respective counsel and will be interpreted fairly in accordance with its terms and without any strict construction in favor of or against either party. Lists of examples following “including”, “e.g.”, “such as”, or “for example” are interpreted to include “without limitation”, unless qualified by words such as “only” or “solely.” Unless stated or context requires otherwise: (a) all internal references are to this Agreement, its parties, and its Exhibits; (b) “days” means calendar days; (c) “may” means that the applicable party has a right, but not a concomitant duty; (d) all monetary amounts are expressed and, if applicable, payable, in U.S. dollars; (e) “current” or “currently” means “as of the Effective Date” but “then-current” means the present time when the applicable right is exercised or performance rendered or measured; (f) the word “or” will be deemed to be an inclusive “or”; (g) URLs are understood to also refer to successor URLs, URLs for localized content, and information or resources linked from within the websites at such URLs; (h) a writing is “signed” when it has been hand-signed (i.e., with a pen), accepted by clicking a box indicating acceptance or electronically signed using an electronic signature service by duly authorized representatives of both parties; (i) a party’s choices, elections, and determinations under this Agreement are in its sole discretion; (j) the singular includes the plural and vice versa; (k) a reference to a document includes any amendment, replacement, or novation of it; and (m) a reference to a thing includes a part of that thing (i.e., is interpreted to include “in whole or in part”).
12.15 ENTIRETY. This Agreement (together with the Order Forms, Product Overviews, SOWs, and Service Descriptions, all of which are also deemed incorporated by this reference) is the parties’ entire agreement regarding its subject matter and supersedes all prior or contemporaneous oral or written agreements, representations, understandings, undertakings, negotiations, letters of intent, and proposals, with respect to such subjects. The terms of this Agreement apply to the exclusion of any other terms Customer seeks to impose or incorporate, or that may be implied by trade, custom, practice, or course of dealing. Customer acknowledges it has not relied on any statement, promise, or representation made or given by or on behalf of ServiceNow that is not expressly stated in this Agreement. Customer’s orders are not contingent, and Customer has not relied, on the delivery of any future functionality regardless of any verbal or written communication about ServiceNow’s possible future plans.
THE NETHERLANDS
1. The following language shall replace Section 12.11 of the General Terms and Conditions:
If Customer is executing its Order Form with ServiceNow Nederland B.V., this Agreement shall be governed by the laws of The Netherlands without regard to its conflict of laws principles. The parties hereby irrevocably consent to the nonexclusive jurisdiction of, and venue in, any court of competent jurisdiction located in Amsterdam, The Netherlands for the purposes of adjudicating any dispute arising out of this Agreement. Each party hereto expressly consents to service of process by registered mail. To the extent permitted by law, choice of law rules and the United Nations Convention on Contracts for the International Sale of Goods shall not apply. Notwithstanding the foregoing, either party may at any time seek and obtain appropriate legal or equitable relief in any court of competent jurisdiction for claims regarding such party’s intellectual property rights.
UNITED KINGGDOM
1. The following language shall replace Section 12.11 of the General Terms and Conditions:
If Customer is executing its Order Form with ServiceNow UK Ltd., this Agreement shall be governed by the laws of the England and Wales without regard to its conflict of laws principles. The parties hereby irrevocably consent to the nonexclusive jurisdiction of, and venue in, any court of competent jurisdiction located in London, England for the purposes of adjudicating any dispute arising out of this Agreement. Each party hereto expressly consents to service of process by registered mail. To the extent permitted by law, choice of law rules and the United Nations Convention on Contracts for the International Sale of Goods shall not apply. Notwithstanding the foregoing, either party may at any time seek and obtain appropriate legal or equitable relief in any court of competent jurisdiction for claims regarding such party’s intellectual property rights.
AUSTRALIA
1. The following language shall be added as a new Section 5.4 of the General Terms and Conditions:
COMPLIANCE WITH CONSUMER LAWS. To the extent, if any, that the terms and conditions of the Competition and Consumer Act 2010 (Cth), including the Australian Consumer Law, or other statutory Law prevents ServiceNow from excluding certain liability as set forth in the Agreement, such liability will be limited to the extent permitted by such Law to one or more of the following: (a) in respect of a supply of services, to: (i) the supplying of the services again, or (ii) the payment of the cost of having the services supplied again; and (b) in respect of a supply of goods, to: (i) the replacement of the goods or the supply of equivalent goods, (ii) the repair of the goods, (iii) the payment of the cost of replacing the goods or of acquiring equivalent goods, or (iv) the payment of the cost of having the goods repaired. Notwithstanding any other provision of this Agreement or any Order Form to the contrary, nothing therein will derogate from any requirement to provide a refund under the Australian Consumer Law. If Customer is acquiring services as a “consumer” for the purposes of the Australian Consumer Law, the benefits given by any warranties that are a “warranty against defects” (as such term is defined in the Australian Consumer Law) are in addition to any other rights and remedies available to Customer under a law in relation to the services to which such warranty relates and, in such case, “Our services come with guarantees that cannot be excluded under the Australian Consumer Law. For major failures with the service, you are entitled:
· to cancel your service contract with us; and
· to a refund for the unused portion, or to compensation for its reduced value.
You are also entitled to be compensated for any other reasonably foreseeable loss or damage. If the failure does not amount to a major failure you are entitled to have problems with the service rectified in a reasonable amount of time and, if this is not done, to cancel your contract and obtain a refund for the unused portion of the contract.”
2. The following language shall replace section 12.11 of the General Terms and Conditions:
GOVERNING LAW; JURISDICTION AND VENUE. This Agreement shall be governed by the laws of the state of New South Wales, Australia without regard to its conflict of laws principles. The parties hereby irrevocably consent to the exclusive jurisdiction of, and venue in, any federal or state court of competent jurisdiction located in New South Wales, Australia for the purposes of adjudicating any dispute arising out of this Agreement. Each party hereto expressly consents to service of process by registered mail. To the extent permitted by law, choice of law rules and the United Nations Convention on Contracts for the International Sale of Goods shall not apply. Notwithstanding the foregoing, either party may at any time seek and obtain appropriate legal or equitable relief in any court of competent jurisdiction for claims regarding such party’s intellectual property rights.
BRAZIL
1. The following language shall replace Section 3.3. of the General Terms and Conditions:
TAXES. ServiceNow offers a remotely hosted service, so under this Agreement Customer may initiate purchases from, and pay from, any of its Affiliates inside or outside of Brazil, and may use and access the Subscription Service and receive Professional Services inside or outside of Brazil, without restriction and as controlled by Customer (with the exception of US embargoed countries as described in Section 12.13 (Export Compliance)). Different Taxes may apply depending on where the services are purchased and paid for, and in some cases, where the services are accessed or used.
For purchases of, payment for, access to, and use of the Subscription Service and Professional Services in Brazil, the following terms shall apply: “Taxes” shall mean all taxes, duties, levies, imposts, fines or similar governmental assessments including sales and use taxes, excise, business, service, and similar transactional taxes imposed by any taxing jurisdiction in Brazil and the interest and penalties thereon. ServiceNow shall issue a valid tax invoice to Customer and this invoice shall be inclusive of all Taxes as applicable by Brazilian Law. Where required by Brazilian Law, Customer will withhold Taxes with no impact on the final price. If withholding tax should apply to any purchase or Order Form, any pricing limitation herein or in an Order Form may be subject to renegotiation for future Order Forms.
For purchases of, payment for, access to or use of the Subscription Service and Professional Services from outside of Brazil by a foreign affiliate or a foreign place of business of Customer or its affiliates, the following terms shall apply: “Taxes” shall mean all taxes, duties, levies, imposts, fines or similar governmental assessments including sales and use taxes, excise, business, service, and similar transactional taxes imposed by any taxing jurisdiction and the interest and penalties thereon, value-added taxes (“VAT”), goods and service taxes (“GST”). Customer shall be responsible for and bear Taxes associated with its purchase of, payment for, access to or use of the Subscription Service and Professional Services. Taxes shall not be deducted from the payments to ServiceNow, except as required by Law, in which case Customer shall increase the amount payable as necessary so that after making all required deductions and withholdings, ServiceNow receives and retains (free from any Tax liability) an amount equal to the amount it would have received had no such deductions or withholdings been made. Each party is responsible for and shall bear taxes imposed on its net income. If ServiceNow is required to invoice or collect Taxes associated with Customer’s purchase of, payment for, access to or use of the Subscription Service or Professional Services, ServiceNow will issue an invoice to Customer including the amount of those Taxes, itemized where required by Law. Customer shall provide to ServiceNow its VAT or GST identification number(s) on the Order Form for: (a) the country where Customer has established its business; and/or (b) any other country where Customer has a fixed establishment. Customer shall use the ordered Subscription Service and Professional Services for Customer's business use in the foregoing location(s) in accordance with the provided VAT or GST identification number(s). The parties’ obligations under this Section shall survive the termination or expiration of this Agreement.
TAX EXEMPTION. Customer hereby represents that it is not a tax-exempt entity, nor claims exemption from any Taxes under this Agreement. In the event that Customer claims exemption from any Taxes under this Agreement, Customer shall provide a tax exemption number on the Order Form and a certificate upon execution of the Order Form and, after receipt of valid evidence of exemption, ServiceNow shall not charge Customer any Taxes from which it is exempt.
2. The following language shall replace Section 12.11 of the General Terms and Conditions:
GOVERNING LAW; JURISDICTION AND VENUE. If Customer is executing its Order Form with ServiceNow Brasil Gerenciamento de Serviços Ltda., this Agreement shall be governed by the Laws of Brazil, without regard to its conflict of laws principles. The parties irrevocably consent to the exclusive jurisdiction of, and venue in, any court of competent jurisdiction located in the city of São Paulo, state of São Paulo, Brazil, for the purposes of adjudicating any dispute arising out of or related to this Agreement. To the extent permitted by Law, choice of law rules and the United Nations Convention on Contracts for the International Sale of Goods will not apply. Notwithstanding the foregoing, either party may at any time seek and obtain appropriate legal or equitable relief in any court of competent jurisdiction for claims regarding such party’s Intellectual Property Rights.
DATA SECURITY ADDENDUM
1. SECURITY PROGRAM
While providing the Subscription Service, ServiceNow will maintain a written information security program of policies, procedures and controls aligned to ISO27002, or substantially equivalent standard, governing the processing, storage, transmission and security of Customer Data (the “Security Program”). The Security Program includes industry-standard practices designed to protect Customer Data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
1.1 SECURITY ORGANIZATION. ServiceNow shall designate a Chief Information Security Officer responsible for coordinating, managing, and monitoring ServiceNow’s information security function, policies, and procedures.
1.2 POLICIES. ServiceNow’s information security policies shall be (i) documented; (ii) reviewed and approved by management, including after material changes to the Subscription Service; and (iii) published, and communicated to personnel, contractors, agents, and third-parties with access to Customer Data, including appropriate ramifications for non-compliance.
1.3 RISK MANAGEMENT. ServiceNow shall perform information security risk assessments as part of a risk governance program that is established with the objective to regularly test, assess and evaluate the effectiveness of the Security Program. Such assessment shall be designed to recognize and assess the impact of risk(s) and implement identified risk reduction or mitigation strategies to address new and evolving security technologies, changes to industry standard practices, and changing security threats. ServiceNow shall have the risk program audited annually by an independent third-party in accordance with Section 2.1 (Certifications and Attestations) of the Data Security Addendum.
2. CERTIFICATIONS AND ATTESTATIONS
2.1 AUDIT. ServiceNow shall establish and maintain sufficient controls to meet certification and attestation for the objectives stated in ISO 27001, ISO 27018, SSAE 18 / SOC 1 and SOC 2 Type 2 (or equivalent standards) for the information security management system supporting the Subscription Service. At least once per calendar year, ServiceNow shall obtain an assessment against such standards and audit methodologies by an independent third-party auditor and make the executive reports available to the Customer upon written request.
3. PHYSICAL, TECHNICAL, AND ADMINISTRATIVE SECURITY MEASURES
3.1 PHYSICAL SECURITY MEASURES.
3.1.1. DATA CENTER FACILITIES. (a) Physical access restrictions and monitoring that shall include a combination of any of the following: multi-zone security, man-traps, appropriate perimeter deterrents (e.g. fencing, berms, guarded gates), on-site guards, biometric controls, CCTV, and secure cages; and (b) fire detection and fire suppression systems both localized and throughout the data center floor.
3.1.2. SYSTEMS, MACHINES AND DEVICES. (a) Physical protection mechanisms; and (b) entry controls to limit physical access.
3.1.3. MEDIA. ServiceNow shall use NIST 800-88 Industry standard (or substantially equivalent) destruction of sensitive materials, including Customer Data, before such media leaves ServiceNow’s data centers for disposition.
3.2 TECHNICAL SECURITY MEASURES.
3.2.1. ACCESS ADMINISTRATION. Access to the Subscription Service by ServiceNow employees and contractors is protected by authentication and authorization mechanisms. User authentication is required to gain access to production and sub-production instances. Individuals are assigned a unique user account. Individual user accounts shall not be shared. Access privileges are based on job requirements using the principle of least privilege access and are revoked upon termination of employment or consulting relationships. Access entitlements are reviewed by management quarterly. Infrastructure access includes appropriate user account and authentication controls, which may include the required use of VPN connections, complex passwords with expiration dates, account lock-out enabled, and a two-factored authenticated connection. Customer is responsible for disable and removing any demonstration accounts within its instance prior to using the Subscription Service.
3.2.2. SERVICE ACCESS CONTROL. The Subscription Service provides user and role-based access controls. Customer is responsible for configuring such access controls within its instance.
3.2.3. LOGGING AND MONITORING. ServiceNow shall provide a logging capability that captures login and actions taken by users in the application. Customer has full access to application audit logs within their instance, including successful and failed access attempts to Customer’s instance(s). Customer is responsible for exporting application audit logs to Customer’s syslog server through available built-in platform features.
3.2.4. FIREWALL SYSTEM. An industry-standard firewall is installed and managed to protect ServiceNow systems by residing on the network to inspect all ingress connections routed to the ServiceNow environment. ServiceNow reviews firewall rules quarterly..
3.2.5. VULNERABILITY MANAGEMENT. ServiceNow conducts quarterly security risk evaluations to identify critical information assets, assess threats to such assets, determine potential vulnerabilities, and provide for remediation. When software vulnerabilities are revealed and addressed by a vendor patch, ServiceNow will obtain the patch from the applicable vendor and apply it within an appropriate timeframe in accordance with ServiceNow’s then-current vulnerability management and security patch management standard operating procedure and only after such patch is tested and determined to be safe for installation in all production systems.
3.2.6. ANTIVIRUS. ServiceNow updates antivirus, anti-malware, and anti-spyware software on regular intervals and centrally logs events for effectiveness of such software.
3.2.7. CHANGE CONTROL. ServiceNow evaluates changes to platform, applications, and production infrastructure to minimize risk and are implemented following ServiceNow’s standard operating procedure.
3.2.8. DATA SEPARATION. Customer Data shall be maintained within a logical single-tenant architecture on multi-tenant cloud infrastructure that is logically and physically separate from ServiceNow’s corporate infrastructure.
3.2.9 CONFIGURATION MANAGEMENT. ServiceNow shall implement and maintain standard hardened configurations for all system components within the Subscription Service. ServiceNow shall use industry standard hardening guides, such as the Center for Internet Security, when developing standard hardening configurations.
3.2.10 DATA ENCRYPTION IN TRANSIT. ServiceNow shall use industry standard encryption to encrypt Customer Data in transit over public networks to the Subscription Service
3.2.11. DATA ENCRYPTION AT REST. ServiceNow shall provide encryption at rest capability for column level encryption, which Customer may enable at its sole discretion.
3.2.12 SECURE SOFTWARE DEVELOPMENT. ServiceNow shall implement and maintain secure application development policies and procedures aligned with industry standard practices such as the OWASP Top Ten (or a substantially equivalent standard). All personnel responsible for secure application design and development will receive appropriate training regarding ServiceNow’s secure application development practices.
3.2.13 SECURE CODE REVIEW. ServiceNow shall perform a combination of static and dynamic testing of code prior to a major release to Customers. Vulnerabilities shall be addressed in accordance with its then current software vulnerability management program. Software patches are regularly made available to customers addressing known vulnerabilities.
3.2.14 ILLICIT CODE. Except for the functions and features expressly disclosed in ServiceNow's documentation provided or made available to Customer, the Subscription Service shall not knowingly contain viruses, malware, worms, date bombs, time bombs, shut-down devices, that may result in, either: (a) any inoperability of the Subscription Service; or (b) any interruption, interference with the operation of the Subscription Service (collectively, “Illicit Code”). If the Subscription Service is found to contain any Illicit Code that adversely affects the performance of the Subscription Service or causes a material security risk to Customer Data, ServiceNow shall, as Customer’s exclusive remedy, use commercially reasonable efforts to remove the Illicit Code or to advise and assist Customer to remove such Illicit Code.
3.3 ADMINISTRATIVE SECURITY MEASURES.
3.3.1. DATA CENTER INSPECTIONS. ServiceNow performs routine reviews of data centers to confirm that the data centers continue to maintain appropriate security controls necessary to comply with the Security Program.
3.3.2. PERSONNEL SECURITY. ServiceNow performs background screening on all employees and all contractors who have access to Customer Data in accordance with ServiceNow’s then-current applicable standard operating procedure and subject to Law.
3.3.3. SECURITY AWARENESS AND TRAINING. ServiceNow maintains a security and privacy awareness program that includes appropriate training and education of ServiceNow personnel, including any contractors or third parties that may access Customer Data. Training is conducted at time of hire and at least annually throughout employment at ServiceNow.
3.3.4. VENDOR RISK MANAGEMENT. ServiceNow maintains a vendor risk management program that assesses all vendors that access, store, process, or transmit Customer Data for appropriate security and privacy controls and business disciplines.
3.3.5 SOFTWARE AND ASSET INVENTORY. ServiceNow shall maintain an inventory of all software components (including, but not limited to, open source software) used in the Subscription Service, and inventory all media and equipment where Customer Data is stored.
3.3.6 WORKSTATION SECURITY. ServiceNow shall implement and maintain security mechanisms on personnel workstations, including firewalls, anti-virus, and full disk encryption. ServiceNow shall restrict users from disabling security mechanisms.
4. SERVICE CONTINUITY
4.1 DATA MANAGEMENT; DATA BACKUP. ServiceNow will host Customer’s access to and use of purchased instances of the Subscription Service in data centers that attained SSAE 18 Type 2 attestations or have ISO 27001 certifications (or equivalent or successor attestations or certifications) for the Subscription Term. Each data center includes full redundancy (N+1) and fault tolerant infrastructure for electrical, cooling and network systems. The deployed servers are enterprise scale servers with redundant power to ensure maximum uptime and service availability. Each Customer instance is supported by a network configuration with multiple connections to the Internet. ServiceNow backs up all Customer Data in accordance with ServiceNow’s standard operating procedure.
4.2 BUSINESS CONTINUITY. ServiceNow shall maintain a business continuity plan (“BCP ”) to minimize the impact to its provision and support of the Subscription Service from of an event. The BCP shall: (i) include processes for protecting personnel and assets and restoring functionality in accordance with the time frames outlined therein; and (ii) be tested annually and updated based on any deficiencies, identified during such tests.
4.3 PERSONNEL. In the event of an emergency that renders the customer support telephone system unavailable, all calls are routed to an answering service that will transfer to a ServiceNow telephone support representative, geographically distributed to ensure business continuity for support operations.
5. MONITORING AND INCIDENT MANAGEMENT
5.1 MONITORING, MANAGEMENT AND NOTIFICATION.
5.1.1. INCIDENT MONITORING AND MANAGEMENT. ServiceNow will monitor, analyze, and respond to security incidents in a timely manner in accordance with ServiceNow’s standard operating procedure. ServiceNow’s security group will escalate and engage response teams as may be necessary to address an incident.
5.1.2. BREACH NOTIFICATION. ServiceNow will report to Customer any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data (a “Breach”) without undue delay following determination by ServiceNow that a Breach has occurred.
5.1.3. REPORT. The initial report will be made to Customer’s business contact registered with ServiceNow. As information is collected or otherwise becomes available, ServiceNow shall provide without undue delay any further information regarding the nature and consequences of the Breach to allow Customer to notify relevant parties, including affected Data Subjects, government agencies, and data protection authorities in accordance with Data Protection Laws. The report will include the name and contact information of the ServiceNow contact from whom additional information may be obtained. ServiceNow shall inform Customer of the measures that it will adopt to mitigate the cause of the Breach and to prevent future Breaches.
5.1.4. CUSTOMER OBLIGATIONS. Customer will cooperate with ServiceNow by providing any information that is reasonably requested to resolve any security incident, including any Breaches, identify its root cause(s), and prevent a recurrence. Customer is solely responsible for determining whether to notify the relevant supervisory or regulatory authorities and impacted Data Subjects and for providing such notice.
5.2 USE OF AGGREGATE DATA. ServiceNow may collect, use, and disclose quantitative data derived from Customer’s use of the Subscription Service (“Transactional Data”) in support of its business operations, including to develop, improve and support its products and services. Any collection, use and disclosure of Transactional Data will not contain Customer Data or identify Customer’s users. ServiceNow’s use of Transactional Data will be aggregated such that any external disclosure will not identify Customer.
5.3 COOKIES. When providing the Subscription Service, ServiceNow uses cookies to: (a) track session state; (b) route a browser request to a specific node when multiple nodes are assigned; and (c) recognize a user upon returning to the Subscription Service. Customer shall be responsible for providing notice to, and collecting any necessary consents from, its authorized users of the Subscription Service for ServiceNow’s use of cookies.
6. PENETRATION TESTS.
ServiceNow contracts with third-party vendors to perform a penetration test on the ServiceNow application per family release to identify risks and remediation that help increase security. ServiceNow shall make executive reports available to Customer upon written request.
7. SHARING THE SECURITY RESPONSIBILITY
7.1 PRODUCT CAPABILITIES. The Subscription Service allows Customer to: (a) authenticate users before access; (b) integrate with SAML solutions (c) encrypt passwords; (d) allow users to manage passwords; and (e) prevent access by users with an inactive account. Customer manages each user’s access to and use of the Subscription Service by assigning to each user a credential and user type that controls the level of access to the Subscription Service. Customer is solely responsible for reviewing ServiceNow’s Security Program and making an independent determination as to whether it meets Customer’s requirements, taking into account the type and sensitivity of data it processes within the Subscription Service. Customer shall be responsible for implementing encryption and access control functionalities available within the Subscription Service for protecting all Customer Data containing sensitive data, including credit card numbers, social security and other government-issued identification numbers, financial and health information, Personal Data (including any data deemed sensitive or “special categories of personal data” under Data Protection Laws). Customer is solely responsible for its decision not to encrypt such data and ServiceNow will have no liability to the extent that damages would have been mitigated by Customer’s use of such encryption measures. Customer is responsible for protecting the confidentiality of each user’s login and password and managing each user’s access to the Subscription Service. Customer shall be responsible for implementing ServiceNow’s documented security best practices and hardening guidelines for securing its ServiceNow instances.
7.2 LIMITATIONS. Notwithstanding anything to the contrary in this Data Security Addendum or other parts of the Agreement, ServiceNow’s obligations herein are only applicable to the Subscription Service. This Data Security Addendum does not apply to: (a) information shared with ServiceNow that is not Customer Data; (b) data in Customer’s VPN or a third-party network; (c) any data processed by Customer or its users in violation of the Agreement or this Data Security Addendum; or (iv) Integrated Products. For the purposes of this Data Security Addendum, “Integrated Products” shall mean ServiceNow-provided integrations to third-party products or any other third-party products that are used by Customer in connection with the Subscription Service and are not considered a sub-processor of ServiceNow. Customer agrees that its use of such Integrated Products will be in accordance with its contractual agreement with the provider of such Integrated Products.
DATA PROCESSING ADDENDUM
1. DEFINITIONS
1.1 “Data Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of Processing of Personal Data. For purposes of this DPA, Data Controller is Customer and, where applicable, its Affiliates either permitted by Customer to submit Personal Data to the Subscription Service or whose Personal Data is Processed in the Subscription Service.
1.2 “Data Processor” means the natural or legal person, public authority, agency, or other body which Processes Personal Data on behalf of the Data Controller. For purposes of this DPA, Data Processor is the ServiceNow entity that is a party to the Agreement.
1.3 “Data Protection Laws” means all applicable laws and regulations regarding the Processing of Personal Data and includes GDPR.
1.4 “Data Subject” means an identified or identifiable natural person.
1.5 “GDPR” means the European Union’s General Data Protection Regulation (2016/679).
1.6 “Instructions” means Data Controller’s documented data Processing instructions issued to Data Processor in compliance with this DPA.
1.7 “Personal Data” means any information relating to a Data Subject uploaded by or for Customer or Customer’s agents, employees, or contractors to the Subscription Service as Customer Data.
1.8 “Process” or “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.9 “Sub-Processor” means any legal person or entity engaged in the Processing of Personal Data by Data Processor. For the avoidance of doubt, ServiceNow’s colocation datacenter facilities are not Sub-Processors under this DPA.
2. SCOPE OF THE PROCESSING
2.1 COMMISSIONED PROCESSOR. Data Controller appoints Data Processor to Process Personal Data on behalf of Data Controller as described in the Agreement and in accordance with the Instructions.
2.2 INSTRUCTIONS. The Agreement constitutes Data Controller’s written Instructions to Data Processor for Processing of Personal Data. Data Controller may issue additional or alternate Instructions provided that such Instructions are: (a) consistent with the purpose and the scope of the Agreement; and (b) confirmed in writing by Data Controller. For the avoidance of doubt, Data Controller shall not use additional or alternate Instructions to alter the scope of the Agreement. Data Controller is responsible for ensuring its Instructions to Data Processor comply with Data Protection Laws.
2.3 NATURE, SCOPE AND PURPOSE OF THE PROCESSING. Data Processor shall only Process Personal Data in accordance with Data Controller’s Instructions and to the extent necessary for providing the Subscription Service, each as described in the Agreement.
2.4 CATEGORIES OF PERSONAL DATA AND CATEGORIES OF DATA SUBJECTS. Data Controller may submit Personal Data to the Subscription Service as Customer Data, the extent of which is determined and controlled by Data Controller in its sole discretion and is further described in Appendix 1.
3. DATA CONTROLLER
3.1 SECURITY RISK ASSESSMENT. Data Controller agrees that in accordance with Data Protection Laws and before submitting any Personal Data to the Subscription Service, Data Controller will perform an appropriate risk assessment to determine whether the security measures within the Subscription Service provide an adequate level of security, taking into account the nature, scope, context and purposes of the processing, the risks associated with the Personal Data and the applicable Data Protection Laws. Notwithstanding anything else to the contrary in the Agreement, Data Controller is solely responsible for determining the adequacy of the security measures within the Subscription Service in relation to the Personal Data Processed. As further described in Section 7.1 (Product Capabilities) of the Data Security Addendum, the Subscription Service includes, without limitation, column level encryption functionality and role-based access control, which Data Controller may use in its sole discretion to ensure a level of security appropriate to the risk of the Personal Data. For clarity, Data Controller may influence the scope and the manner of Processing of its Personal Data by its own implementation, configuration (i.e., different types of encryption) and use of the Subscription Service, including any other products or services offered by ServiceNow and third-party integrations.
3.2 CUSTOMER’S AFFILIATES. The obligations of Data Processor set forth herein will extend to Customer’s Data Controller Affiliates to which Customer provides access to the Subscription Service or whose Personal Data is Processed within the Subscription Service, subject to the terms of the Agreement. Customer shall at all times be liable for its Affiliates’ compliance with this DPA and all acts and omissions by a Data Controller Affiliate are considered acts and omissions of Customer; and
3.3 COMMUNICATION. Unless otherwise provided in this DPA, all requests, notices, cooperation, and communication, including Instructions issued or required under this DPA (collectively, “Communication”), must be in writing and between Customer and ServiceNow only and Customer shall inform the applicable Data Controller Affiliate of any Communication from ServiceNow pursuant to this DPA. Customer shall be solely responsible for ensuring that any Communications (including Instructions) it provides to ServiceNow relating to Personal Data for which a Customer Affiliate is Data Controller reflect the relevant Customer Affiliate’s intentions.
4. DATA PROCESSOR
4.1 DATA CONTROLLER’S INSTRUCTIONS. Data Processor will have no liability for any harm or damages resulting from Data Processor’s compliance with Instructions received from Data Controller. Where Data Processor believes that compliance with Data Controller’s Instructions could result in a violation of Data Protection Laws or is not in the ordinary course of Data Processor’s obligations in operating the Subscription Service, Data Processor shall promptly notify Data Controller thereof. Data Controller acknowledges that Data Processor is reliant on Data Controller’s representations regarding the extent to which Data Controller is entitled to Process Personal Data.
4.2 DATA PROCESSOR PERSONNEL. Access to Personal Data by Data Processor will be limited to personnel who require such access to perform Data Processor’s obligations under the Agreement and who are bound by obligations to maintain the confidentiality of such Personal Data at least as protective as those set forth herein and in the Agreement.
4.3 DATA SECURITY MEASURES. Data Processor shall maintain appropriate technical and organizational safeguards to protect the security, confidentiality, and integrity of Customer Data, including any Personal Data contained therein, as described in Section 2 (Physical, Technical, and Administrative Security Measures) of the Data Security Addendum. Such measures are designed to protect Customer Data from loss, alteration, unauthorized access, acquisition, use, disclosure, or accidental or unlawful destruction.
4.4 DATA PROCESSOR ASSISTANCE. Data Processor will assist Data Controller in ensuring compliance with Data Controller’s obligations pursuant to Articles 32 to 36 of GDPR taking into account the nature of Processing by providing Data Controller with reasonable information requested pursuant to the terms of this DPA. For clarity, Data Controller is solely responsible for carrying out its obligations under GDPR and this DPA. Data Processor shall not undertake any task that can be performed by Data Controller.
4.5 DATA PROTECTION CONTACT. ServiceNow and its Sub-Processor Affiliates (defined below) will maintain a dedicated data protection team to respond to data protection inquiries throughout the duration of this DPA and can be contacted at privacy@servicenow.com.
5. REQUESTS MADE FROM DATA SUBJECTS AND AUTHORITIES
5.1 REQUESTS FROM DATA SUBJECTS. During the Subscription Term, Data Processor shall provide Data Controller with the ability to access, correct, rectify, erase, or block Personal Data, or to transfer or port such Personal Data, within the Subscription Service, as may be required under Data Protection Laws (collectively, “Data Subject Requests”).
5.2 RESPONSES. Data Controller will be solely responsible for responding to any Data Subject Requests, provided that Data Processor shall reasonably cooperate with the Data Controller to respond to Data Subject Requests to the extent Data Controller is unable to fulfill such Data Subject Requests using the functionality in the Subscription Service. Data Processor will instruct the Data Subject to contact the Customer in the event Data Processor receives a Data Subject Request directly that it can reasonably and definitively verify is related to the Customer.
5.3 REQUESTS FROM AUTHORITIES. In the case of a notice, audit, inquiry, or investigation by a government body, data protection authority, or law enforcement agency regarding the Processing of Personal Data, Data Processor shall promptly notify Data Controller unless prohibited by applicable law.
6. BREACH NOTIFICATION
Data Processor will report to Data Controller any Breach of Customer Data, including any Breach of Personal Data contained therein, in accordance with Section 5.1.2 (Breach Notification) of the Data Security Addendum.
7. CUSTOMER AUDIT RIGHTS
Data Processor shall enable Customer to conduct an audit of ServiceNow in accordance with Section 2.1 (Audit) of the Data Security Addendum.
8. SUB-PROCESSORS
8.1 USE OF SUB-PROCESSORS. Data Controller authorizes Data Processor to engage Sub-Processors appointed in accordance with this Section 8.
8.1.1. SERVICENOW AFFILIATES. Data Controller agrees that Data Processor may use any of its Affiliates in the Processing of Personal Data, the current list of which is available on the ServiceNow website (collectively, “Sub-Processor Affiliates”) and may be updated from time to time.
8.1.2. NEW SUB-PROCESSORS. Prior to Data Processor or a Data Processor Affiliate engaging a Sub-Processor, Data Processor shall: (a) notify Data Controller through ServiceNow’s community portal or another mechanism used to notify its general customer base; and (b) ensure that such Sub-Processor has entered into a written agreement with Data Processor (or the relevant Data Processor Affiliate) requiring that the Sub-Processor abide by terms no less protective than those provided in this DPA. Upon written request by Data Controller, Data Processor shall make a summary of the data processing terms available to Data Controller. Data Controller may request in writing reasonable additional information with respect to Sub-Processor’s ability to perform the relevant Processing activities in accordance with this DPA.
8.2 RIGHT TO OBJECT. Data Controller may object to Data Processor’s proposed use of a new Sub-Processor by notifying Data Processor within 5 days after receipt of Data Processor’s notice if Data Controller reasonably determines that such Sub-Processor is unable to Process Personal Data in accordance with the terms of this DPA (“Controller Objection Notice”). Data Processor shall notify Data Controller within 30 days from receipt of the Controller Objection Notice if Data Processor intends to provide the applicable Subscription Service with the use of the Sub-Processor at issue, and Customer may terminate the applicable Order Form between ServiceNow and Customer with respect to the Subscription Service that require use of the Sub-Processor at issue upon written notice to ServiceNow within 45 days of the date of Controller Objection Notice, and ServiceNow shall, as its sole obligation, refund any prepaid, unused fees for the Purchased Subscription Services.
8.3 LIABILITY. Use of a Sub-Processor will not relieve, waive, or diminish any obligation Data Processor has under the Agreement, and Data Processor is liable for the acts and omissions of any Sub-Processor to the same extent as if the acts or omissions were performed by Data Processor.
9. INTERNATIONAL DATA TRANSFERS
9.1 STANDARD CONTRACTUAL CLAUSES AND ADEQUACY. Where required under Data Protection Laws, Data Processor or Data Processor’s Affiliates shall require Sub-Processors to abide by (a) the Standard Contractual Clauses for Data Processors established in third countries; or (b) another lawful mechanism for the transfer of Personal Data as approved by the European Commission.
9.2 PRIVACY SHIELD. ServiceNow, Inc. shall comply with the EU-U.S. and Swiss-U.S. Privacy Shield Framework set forth by the United States Department of Commerce with respect to the Processing of Personal Data transferred from the European Economic Area and Switzerland to the United States.
APPENDIX 1
DETAILS OF PROCESSING
Duration of Processing
Data Processor will Process Personal Data for the duration of the Agreement and in accordance with Section 4 (Data Processor) of this DPA.
Data Subjects
Data Controller may submit Personal Data to the Subscription Service, the extent of which is solely determined by Data Controller, and may include Personal Data relating to the following categories of Data Subjects:
Categories of Personal Data
Data Controller may submit Personal Data to the Subscription Service, the extent of which is solely determined by Data Controller, and may include the following categories:
Special Categories of Personal Data
Data Controller may submit Special Categories of Personal Data to the Subscription Service, the extent of which is solely determined by Data Controller in compliance with Data Protection Law, and may include the following categories, if any:
Processing Operations
The personal data transferred will be subject to the following basic processing activities:
· All activities necessary for the performance of the Agreement.