CVENT QUICKMOBILE LICENSING TERMS AND CONDITIONS

Version: March 11, 2019

1. LICENSE:

1.1 License Grant:

Cvent FZ-LLC (“Cvent”) hereby grants to Customer (“Customer“, “You“, “Your“) a non-sublicensable, non-transferable, non-exclusive right to access and use its “Licensed Software” which is comprised principally of: (i) the content management portal at https://home.quickmobile.center/ (“EventCenter”) for input of data and other content by You; and (ii) a web-based and/or mobile application-based component (the “App”), a specific instance of which may be customized by You for a specific event or events and made available for download and use by attendees of the event(s) for the period of time and/or the event(s) agreed in writing by Cvent and the Customer and as set forth on the Proposal (the “Term”). The Customer may not resell or use the Licensed Software to provide services to third parties. Additional license fees shall be payable for access and use of the Licensed Software that has not been agreed in writing by Cvent and Customer.

1.2 Terms of Use; Agreement; Third Party Approval:

The use of the Licensed Software by Customer and any end users thereof (“End-Users”) may be subject to (a) executing the Cvent Proposal that incorporates Cvent’s standard terms of use for such Licensed Software (“Terms”) as may be amended from time to time and posted at www.quickmobile.com/license, and (b) the approval of third parties (such as Apple Inc. with respect to use of the Licensed Software in connection with Apple Inc.’s “App Store”). You may not access the Licensed Software if You are a direct competitor of Cvent, except with Cvent’s prior written consent. These Terms and the Proposal together comprise a binding written agreement between You and Cvent, effective as of the date of mutual execution of the Proposal by You and Cvent (the “Agreement”). In the event of any conflict between the provisions contained in a Proposal and these Terms, the provisions in the Proposal shall take precedence (provided, however, that the fact that a provision appears in an Proposal but not these Terms, or in these Terms but not the applicable Proposal, shall not be deemed to be a conflict for purposes of this sentence).

1.3 If the Term spans several years and the Proposal specifies annual fees, then fees are due in each year of the Proposal (“Contract Year”) or as otherwise specified. The Proposal will renew at the end of its Term as specified (and not on a per year basis) for another Term, equal to the length of the Term specified in the Proposal, unless You provide timely notice of nonrenewal as specified in the applicable Proposal.

1.4 Customer Obligations:

Customer shall provide any text, images, audio, video, designs or other data, content, materials and information reasonably necessary to enable Cvent to perform the contracted services (“Customer Data”). Failure to provide all Customer Data required for successful operation of the Licensed Software does not invalidate the Agreement or Your obligation to pay for the Licensed Software. Cvent will provide You with documents and templates listing the type and format of the information needed to upload Customer Data into the Licensed Software. Customer Data may also include information or materials which You obtain from third party social networking sites and cause to be presented through the Licensed Software. Cvent may adjust any agreed timetable or delivery schedule, as reasonably necessary, due to any failure or delay by Customer to perform its obligations under this Agreement. Customer will at all times comply fully with all laws, including with respect to the performance of this Agreement, and the collection, use and storage of all Customer Data.

2. THE LICENSED SOFTWARE:

2.1 Customer Data:

a) Customer is solely responsible for the Customer Data and represents and warrants that:

(i) it will not provide to Cvent or transmit through the Licensed Software any Customer Data or any other information, data or material that: (a) infringes or violates any intellectual property rights, publicity/privacy rights, law or regulation; (b) contains any viruses or programming routines intended to damage, surreptitiously intercept or expropriate any system, data or personal information; or (c) contains violent, nude, partially nude, discriminatory, unlawful, infringing, hateful, pornographic or sexually suggestive photos or other content;
(ii) all Customer Data is correct and current, is owned by You or You have the right to grant the license set forth below in these Terms;
(iii) all placements of Customer Data have been approved for Cvent’s use; and
(iv) Your execution, delivery and performance of the Agreement will not violate, conflict with, or require additional consent under any applicable law or contractual arrangement that You are a party to.

b) Cvent is under no obligation to review Customer Data for accuracy or potential liability. All use of the Licensed Software in conjunction with any Customer Data is the responsibility of Customer, and You shall defend, indemnify and hold Cvent harmless from and against all claims, damages, liabilities, fines, costs and expenses including reasonable legal fees incurred by Cvent or which are agreed by Cvent to be paid by way of settlement or compromise, arising out of any third-party claim due to a breach of the foregoing representations and warranties or any violation of applicable law by You. You grant Cvent a limited, non-exclusive right and license to use the Customer Data (including copyright, trademark, patent, publicity or other rights) for Cvent to provide the Licensed Software and the right to disclose the Customer Data to third-party service providers to operate the Licensed Software.

2.2 Mobile Platforms:

a) Use of the Licensed Software to deploy an App for Your event(s) will be subject to rules and procedures established by the third parties that operate and control the applicable online marketplaces for mobile device applications (collectively, including Apple and Google, the “Mobile Marketplaces”).

b) You acknowledge and agree that:

i. You, Your employees and any agents acting on Your behalf shall abide at all times by such rules and procedures and any changes thereto;
ii. Cvent has no control over such rules and procedures, and cannot be responsible for ensuring performance or availability of any Mobile Marketplace;
iii. Cvent is not liable for any delays in the delivery or deployment of Your Apps caused by changes to, or Your failure to adhere strictly to, any such rules or procedures; and
iv. Cvent is not liable for any delays in the delivery or deployment of Your Apps due to a lack of availability or downtime of any Mobile Marketplace.

c) Without limiting the generality of the foregoing, You agree:

i. not to use Your Apps for the purpose of sending unsolicited messages to end users or for the purpose of phishing or spamming, including, but not limited to, engaging in any types of activities that violate anti-spamming laws and regulations, or that are otherwise improper, inappropriate or illegal; and
ii. not to make use of push notifications in a manner which is excessive, as may be determined by the applicable Mobile Marketplace.

2.3 Build Process and Minimum Timelines:

You will be assigned a Customer Success Manager (CSM) shortly after submission of Your signed Proposal. The CSM will collaborate with You to schedule delivery dates for You to provide event information, graphics and other Customer Data for configuring the App for Your event(s) (the “Delivery Schedule”). Cvent is not responsible for delays resulting from any failure by You to comply with the agreed upon Delivery Schedule. If the Proposal spans multiple events, You shall be responsible for notifying Your CSM of each event at least sixty (60) days prior to the desired launch date for such event within the App(s) in order to ensure timely delivery. A timely release of Your App requires that all Customer Data be submitted and approved for submission to the Mobile Marketplaces no later than 14 days prior to Your agreed upon App launch date. The EventCenter shall continue to be available to You to add and modify the Customer Data before, during and after publication.

2.4 Review and Submission:

a) All Customer Data must be submitted through the EventCenter, and, unless otherwise specified as an additional Service in Your Proposal, You are solely responsible for the build of the App through the EventCenter.

b) You will have access to Cvent support staff as stated in Section 4 (Support), and You will have an opportunity to review and make changes prior to submission of the App to the applicable Mobile Marketplaces.

c) The App needs to be submitted to the applicable Mobile Marketplaces, and You acknowledge and agree that Cvent shall bear no expenses and assumes no risk or liability for any administrative actions performed by Cvent needed to submit the App to the applicable Mobile Marketplaces on Your account, if applicable.

d) You may choose to publish your App in one of the following three ways:

i. Engage Cvent to publish your event(s) in the Mobile Marketplace within Cvent’s container app – Cvent Events. By engaging Cvent to publish your event for you, you consent to providing Cvent the necessary information to access to the applicable Mobile Marketplace (i.e., through access to the developer account) to publish your App on your behalf. Cvent will use its commercially reasonable effort to obtain approval by the Mobile Marketplace, within the mutually agreed timeline.

ii. Publish your own branded multi-event app, and in order to do so either of the following methods may be agreed upon:

A. Self-publish your App on your own, and for this you shall need –

. Apple and Google Developer Accounts (non-enterprise)
. Internal resources familiar with Apple App Store and Google Play distribution
. For Apple, Access to a Mac and the knowledge on how to create the required certificates and provisioning profiles

B. Authorize Cvent to publish your App in the Mobile Marketplace on your behalf, and for this you shall need –

. Apple and Google Developer Accounts (non-enterprise)
 Authority to add Cvent as an admin, to access and manage your Developer Account. However, Cvent shall bear no expenses and assumes no risk or liability for any administrative actions taken by Cvent in its limited capacity of submitting the application through your Developer Account.

iii. Self-publish your App in your internal app store, circumventing the pubic Mobile Marketplace. In this case too, you will need the additional resources as stated in clause 2.4(d)(ii)(A). In addition, you will need –

 Apple Enterprise Developer Account vs a standard Apple Developer Account
 Internal resources familiar with Apple Enterprise app distribution outside the public Apple App Store

e) You acknowledge and agree that in the event you choose to publish your App as set forth in clauses 2.4(d)(ii) and 2.4(d)(iii) above, the primary control of the developer account shall remain with you and as such:

i. you will be solely responsible to ensure compliance with all the rules and procedures established by Apple and Google.
ii. you shall secure your Enterprise Distribution License and an Enterprise Developer Account at your sole expense; and maintain it securely with all data privacy procedures in place to safeguard the Customer Data.
iii. Cvent will bear no responsibility for any delays in publishing or rejection of your App by Apple or Google, and any such delay will not modify your obligations to Cvent including, but not limited to, your payment obligations. If your App is rejected by a Mobile Marketplace, you may engage Cvent to publish in Cvent’s container app.
iv. If you terminate or do not renew this Agreement, you must not publish any App created under this Agreement in any manner.

2.5 Upgrades:

During the term of the Agreement, if Cvent upgrades the version of the App or EventCenter You are using under the Agreement, You will not be charged an upgrade fee. Should Cvent offer additional optional software modules in the future that complement the App or EventCenter, You may elect to purchase the optional software modules for an additional fee.

2.6 Additional Graphics:

Cvent provides optional graphics arts services (“Additional Graphics”) which may be used by You to supplement the Customer Data including to create splash screen, icons, banners, and background, for an additional fee.

2.7 Supported Devices, Operating Systems and Software Releases:

2.7.1 Devices:

a) Cvent currently provides native, compiled Apps for the following devices: iPhone, iPod Touch, iPad, Android phones and Android tablets. Submission is made to Apple iTunes / App Store and Google Play Store only.

b) Cvent also provides a web application version of the App that can be accessed from any mobile device, including BlackBerry devices, or a regular computer with a good Internet connection and a compatible browser. Some features may not be available on all supported devices or the web application version.

2.7.2 Operating Systems:

Cvent provides technical support for Apps on the current major release and immediately preceding major release of iOS and Android OS.

2.7.3 Software Releases:

Cvent provides technical support for Cvent Apps which are based on the most current release of the App or prior versions of the App for releases occurring up to six (6) months prior to the current release. Customers will be provided opportunities to upgrade their existing Apps to the most current App release.

2.8 Licensed Software Features:

Licensed Software features include an event schedule, exhibitor list, speaker list, maps, networking opportunities, exhibitor and sponsor advertising opportunities, integration with social media platforms, and access to the EventCenter to manage Customer Data and run metrics on App usage. Optional features and services (including Click scavenger hunt photo game, live polling, Social Wall curated social content, integration with third party databases, and Premium Quick Event) are available if specified on the applicable Proposal.

2.9 User Ids:

Cvent will assign You one or more user IDs and passwords that will enable You to access administrative login to the Licensed Software. Customer shall take reasonable precautions to protect against theft, loss or fraudulent use of such IDs and passwords. Customer agrees that it will use the Licensed Software only for lawful purposes and in accordance with these Terms of Use. Each user ID is unique to the assigned individual and may not be shared with others, including other personnel of Customer. Customer shall not reverse engineer, disassemble or decompile the Licensed Software or cause or permit the reverse engineering, disassembly or de-compilation of the Licensed Software.

2.10 Use Restrictions:

Customer will not, and will not attempt to: (a) reverse engineer, disassemble or decompile any component of the Licensed Software; (b) interfere in any manner with the operation of the Licensed Software or the hardware and network used to operate the Licensed Software; (c) sublicense or transfer any of Customer’s rights under this Agreement, or otherwise use the Licensed Software for the benefit of a third party or to operate a service bureau; (d) modify, copy or make derivative works based on any part of the Licensed Software; or (e) otherwise use the Licensed Software in any manner that exceeds the scope of use permitted under Section 1.1 hereof. The Customer may not conduct vulnerability scans or penetration testing of the Licensed Software or Cvent’s systems without the prior express permission in writing of Cvent.

3. FEES, PAYMENT AND SUSPENSION OF SERVICES.

3.1 Fees:

As consideration for the provision of the Licensed Software and Services provided by Cvent under this Agreement, Customer will pay Cvent the aggregate fees agreed in writing by the parties (the “Fees”) and as set forth in the applicable Proposal in accordance with the terms agreed in writing by the parties or, if not so specified, within thirty (30) days of invoice.

3.2 Payment shall be by check unless otherwise specified on your Proposal. Except where prohibited by applicable law, if You pay any fees due hereunder via credit or debit card, then Cvent reserves the right to charge You an additional fee equal to three percent (3%) of the amount charged, and You hereby consent to such charge being made against the credit or debit card. Cvent may impose a special handling charge of 3-5% if special invoicing requirements apply (such as EDI, third party systems such as Ariba, or other dedicated invoicing systems). Annual fees are charged per annum. As an example, if the Proposal Term spans three years, you will be charged the annual amount three times.

3.3 Expenses:

Customer will reimburse Cvent for all reasonable, pre-approved out-of-pocket expenses, incurred by Cvent in the performance of its obligations under this Agreement.

3.4 Other Payment Terms:

All Fees owed by Customer in connection with this Agreement are exclusive of, and Customer shall pay, all sales, use, excise and other taxes that may be levied upon Customer in connection with this Agreement, except for employment taxes and taxes based on Cvent’s net income. All past due payments will accrue interest due at a rate of two percent (2%) per month on the unpaid balance from the due date until paid in full, unless the applicable maximum rate chargeable is less, in which case that rate shall apply. Cvent reserves the right (in addition to any other rights or remedies Cvent may have) to discontinue the Licensed Software and Customer’s access to the Licensed Software if any Fees or expenses are more than ten (10) days overdue until such amounts are paid in full.

3.5 Cvent reserves the right to increase recurring fees payable hereunder at any time upon sixty (60) days prior written notice provided that such increase is no greater than the Annual Price Cap as defined in the applicable Proposal. Notwithstanding anything contained herein to the contrary, any Professional Services (as defined below) fees will not be subject to the Annual Price Cap. “Professional Services” shall mean data conversion, data mapping, implementation, site planning, configuration, integration and deployment of service, training, project management and other consulting services.

4. SUPPORT:

4.1 During the term of the Agreement, Cvent agrees to provide You with email and telephone access to the Cvent Support Center all year round seven day a week and 24 hours a day i.e. 24X7X365. If You have more than one EventCenter login, You agree to appoint an Authorized Support Contact who will contact the Cvent Support Team directly on behalf of Your other EventCenter users.

4.2 Upon expiration of the current Term of the Agreement, or in the event you choose not to renew the Agreement with Cvent, the App(s) for Your event(s) must be removed from all distribution sources (depending on the means by which your App is published pursuant to clause 2.4(d) above) and Mobile Marketplaces, and Cvent shall retain no obligation to support, update or maintain such App(s).

5. CONFIDENTIAL INFORMATION:

5.1 Definition:

“Confidential Information” means all information regarding a party’s business, including, without limitation, technical, marketing, financial, employee, planning, and other confidential or proprietary information, disclosed under this Agreement, that is clearly identified as confidential or proprietary at the time of disclosure or that the receiving party knew or should have known, under the circumstances, was considered confidential or proprietary. Without limiting the foregoing, Confidential Information of Cvent includes the Licensed Software and the existence and terms of this Agreement.

5.2 Obligation:

Each party agrees (a) to hold the other party’s Confidential Information in strict confidence, (b) to limit access to the other party’s Confidential Information to those of its employees or agents having a need to know and who are bound by confidentiality obligations at least as restrictive as those contained herein, and (c) not to use such Confidential Information for any purpose except as expressly permitted hereunder. Notwithstanding the foregoing, the receiving party will not be in violation of this Section 5.2 with regard to a disclosure that was in response to a valid order or requirement by a court or other governmental body, provided that the receiving party gives the other party with prior written notice of such disclosure in order to permit the other party to seek confidential treatment of such information.

5.3 Exceptions:

The restrictions on use and disclosure of Confidential Information set forth above will not apply to any Confidential Information which (a) is or becomes a part of the public domain through no act or omission of the receiving party, (b) was in the receiving party’s lawful possession prior to the disclosure, as shown by the receiving party’s written records, (c) is independently developed by the receiving party without reference to the disclosing party’s Confidential Information, as shown by the receiving party’s written records, or (d) is lawfully disclosed to the receiving party by a third party not subject to a restriction on disclosure.

5.4 You acknowledge that mobile devices may be lost or stolen, and the transmission, processing or storage of sensitive information on such devices creates certain security risks that Cvent cannot mitigate, including without limitation onward dissemination of Customer Data by attendees of the event(s). Therefore, Customer agrees that Cvent is not responsible for the unauthorized dissemination of any Customer Data distributed to a mobile device through the Licensed Software.

6 OWNERSHIP:

6.1 Licensed Software and Technology:

Customer acknowledges that Cvent retains all right, title and interest in and to the Licensed Software and all software, materials, formats, interfaces, information, data, content and information and technology used by Cvent or provided to Customer in connection with the Licensed Software and any modifications to or derivative works of any of the foregoing (the “Cvent Technology”), and that the Cvent Technology is protected by intellectual property rights owned by or licensed to Cvent. Other than as expressly set forth in this Agreement, no license or other rights in the Cvent Technology are granted to the Customer, and all such rights are hereby expressly reserved by Cvent. Cvent shall have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use or incorporate into the Licensed Software any suggestions, enhancement requests, recommendations or other feedback provided by Customer relating to the Licensed Software. Without limiting the foregoing in this Section 5.1, Customer may not replicate, improve, modify, or create variations of any Cvent Technology or Cvent Confidential Information. Customer may not make, use, sell, exploit, commercialize or seek patent protection for any compositions or matter relating to the Cvent Technology or Cvent Confidential Information, new applications and uses for the Cvent Technology and/or Cvent Confidential Information, and combinations of the Cvent Technology with other products or software.

6.2 Customer Data:

i. Data, including, but not limited to, hotel information, program information, contact information, and other related data, may be provided by Customer in order to facilitate their use of the Licensed Software. As a policy, we do not examine any of Your data except at Your request and only for the purposes of providing You with technical support, hence Customer shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness and ownership of all of the data it submits to the Licensed Software.

ii. Customer retains all right, title and interest in and to the Customer Data. Cvent will only use Customer Data in the course of providing the Licensed Software and contracted services under this Agreement. Customer will be solely responsible for providing all Customer Data required for the proper operation of the Licensed Software and the performance of the contracted services and grants to Cvent all necessary licenses in and to such Customer Data solely for such purposes. Cvent will not knowingly use or access any Customer Data unless authorized to do so by Customer and, in such circumstances, Cvent will access and use such Customer Data only as required to perform requested services on behalf of Customer.

iii. Cvent will only use Your data for the purpose of providing software and services as contemplated hereunder and in accordance with Cvent’s Privacy Policy (available at https://www.quickmobile.com/legal/privacy) and all applicable data privacy laws and regulations laws (collectively, “Data Privacy Policy and Rules”). Both You and Cvent will comply in all material respects with the Data Privacy Rules and will provide such help and cooperation as is reasonably necessary or requested to the other to comply with the same. For the avoidance of doubt, Customer is responsible for obtaining any legally required consents to process personal data, or to process and transfer data in compliance with any other legally permitted conditions for processing personal data. Furthermore, to the extent Cvent processes Customer Personal Data of Data Subjects located in the EEA or Switzerland on behalf of a Customer or a Customer Affiliate, or Customer or Cvent are otherwise subject to EU Data Protection Laws, the Parties will comply with the provisions in the Data Protection Addendum annexed as Annexure A.

iv. Upon Customer’s written request made within 30 days after the effective date of expiration or termination of this Agreement, Cvent will, provided Customer is not in breach of any of its obligations under the Agreement and upon Customer’s payment of the applicable fees, make available to You for download a file of Your data in its then current format. After such 30-day period, Cvent shall have no obligation to maintain or provide any data and shall thereafter, unless legally prohibited, delete all Your data maintained in its production systems, provided Cvent may retain archival copies of Your data on offline backup media for a reasonable period of time not to exceed two (2) years following expiration or termination of any Proposal.

6.3 Sensitive Personal Information:

i. Notwithstanding any provision to the contrary in the Agreement, You acknowledge and agree that use of the Licensed Software to transmit, process or store Sensitive Personal Information (as defined below) is unnecessary for use of the Licensed Software and therefore You shall be solely responsible for any such use of the Licensed Software by You or Your employees, agents, subcontractors or clients, and Cvent shall bear no risk or liability for same.

ii. “Sensitive Personal Information” shall be defined as:

a) passport numbers or other government issued ID numbers, date of birth and/or gender, except solely to the extent required by applicable regulations of the relevant government regulatory body;

b) health or medical information (other than food allergies or medical contact information);

c) financial account information; and

d) other information which a reasonable person would recognize as being highly sensitive (but excluding, for avoidance of doubt, contact information such as name, mailing address, email address, and phone number).

6.4 Analysis:

Subject to the terms of this Section, Customer acknowledges and agrees that Cvent may use all data inputted into or collected by the Services, including but not limited to data related to Service utilization and Customer Data, on a historical, aggregated and anonymous basis (collectively, “Aggregate Data”) in compliance with applicable laws and Cvent’s Privacy Policy to provide the Services and for any commercial purposes, including but not limited to the distribution and provision of the Aggregate Data to other Cvent customers and for the preparation and distribution of benchmarking, research, and/or analytical materials. Aggregate Data shall not identify Customer as the source of any specific data, pattern or finding, nor shall it include any personally identifiable information of any individual users of the Licensed Software. Cvent shall maintain appropriate security measures for all Aggregate Data in accordance with the terms and conditions of this Agreement. Cvent will be the sole and exclusive owner of all right, title and interest to such Aggregate Data and, notwithstanding anything to the contrary, shall be free to use and disclose on a world-wide and royalty-free basis the Aggregate Data for its business purposes including, but not limited to, publicizing usage of the Services, providing information on general industry trends, and providing benchmarking data to Cvent customers.

7 SUBSCRIPTION RIGHT:

7.1 Subscription Right:

7.1.1 Subject to Your acceptance and continuing adherence to these Terms, Cvent grants You a worldwide, non-exclusive, non-transferable, and revocable subscription right, without the right to grant sublicenses, to access and use the Licensed Software during the Term hereof solely for the purpose of configuring and deploying an App for Your event(s).

7.1.2 The Licensed Software may only be used for the number of events specified on Your Proposal, and, if you exceed the contracted number of events as specified on Your Proposal, You will be charged using the then-current rates for the overage.

7.1.3 Except for the foregoing subscription right, no other rights to any component of the Licensed Software are granted hereunder.

7.2 No Title:

This subscription right confers no title or ownership in the Licensed Software or any component thereof. This subscription right is not a sale of any rights in the Licensed Software including any instances of the App published for Your event(s). The Licensed Software is owned by Cvent and You must treat it like any other copyrighted material.

7.3 No Subsidiaries:

This Agreement is for Use on behalf of a single company or organization. You may not use this software on behalf of multiple companies or organizations. Supplemental subsidiary subscription right is available for an additional fee.

7.4 No De-compilation:

You may not copy or modify the App, reverse engineer it or disassemble/de-compile the App.

7.5 Not for Resale:

You agree that You will not use the App or any component of the Licensed Software for hire on behalf of another individual or organization or in any other resale capacity.

7.6 No Source Code:

You will not receive or have access or subscription right to any source code for the App.

7.7 Changes and Environment:

7.7.1 Changes:

Access is limited to the version of the Licensed Software in Cvent’s production environment. Cvent may from time to time at its sole discretion update the Licensed Software and reserves the right to add and/or substitute functionally equivalent features in the event of product unavailability, end-of-life, or changes to software requirements.

7.7.2 Environment:

Cvent will provide Customer online access to and use of the Licensed Software via the Internet by use of a Customer-provided browser. The Licensed Software will be hosted on a server that is maintained by Cvent or its designated third-party supplier or data center. Customer is solely responsible for obtaining and maintaining at its own expense, all equipment needed to access the Licensed Software, including but not limited to Internet access and adequate bandwidth.

8 TERM AND TERMINATION.

8.1 Term:

This Agreement will commence on the date agreed by the parties and continue for the Term.

8.2 Termination for Breach:

Either party may terminate this Agreement (i) upon written notice if the other party materially breaches the Agreement and does not cure such breach (if curable) within thirty (30) days after written notice of such material breach; or (ii) if the other party becomes the subject of a petition in bankruptcy or any proceeding relating to insolvency, liquidation or receivership.

8.3 Prohibited Uses:

You will not use the Licensed Software in any manner which exceeds the scope of Your subscription right, or which violates Your obligations under Section 2 (Customer’s Use of The Licensed Software) of these Terms, or for any illegal purpose or in a manner which in Cvent’s reasonable judgment creates a foreseeable risk of harm to the Licensed Software, other Cvent customers or third parties (all the foregoing “Prohibited Uses”). If You do use the Licensed Software for any Prohibited Uses, Cvent may immediately suspend or terminate Your access to the Licensed Software. Cvent may also take any self-help remedies necessary to prevent continued Prohibited Uses, including, but not limited to, deleting infringing content and/or removing access to contact information of individuals who lodge complaints with Cvent or Cvent ‘s web-hosting company. You are still responsible for full payment of your Proposal even if Your access to the Licensed Software is suspended or terminated for Prohibited Uses.

8.4 Cvent reserves the right to suspend or discontinue support services hereunder (without terminating this Agreement) in the following circumstances:

i. Your requests for support are overly excessive or duplicative of prior requests for issues that have already been addressed by Cvent;
ii. Your requests relate to the general use of the Licensed Software that are addressed via Cvent’s training tools and resources or which a person, using reasonable efforts, can perform after completing Cvent’s training tools or resources; or
iii. You are abusive or offensive toward Cvent’s personnel.

8.5 Except as otherwise specified on the Proposal or other document provided to You by Cvent, Section 8.2, Section 8.3, Section 8.4 and Section 9.2 provides the entirety of each party’s termination rights under the Agreement.

8.6 Effect of Termination:

Upon the termination of this Agreement for any reason, (a) any amounts owed to Cvent under this Agreement before such termination will become immediately due and payable; and (b) each party will return to the other all property (including any Confidential Information) of the other party in its possession or control. Except as expressly set forth herein, all amounts paid or payable under this Agreement are non-refundable to the maximum extent permitted by applicable law. You shall cease using the Licensed Software and any other components of the Licensed Software and shall destroy all copies of the same in any form. All disclaimers of warranties and limitations of liability shall survive any termination of the Agreement.

8.7 Survival:

Sections of this Agreement which ought reasonably to survive will survive the termination or expiration of this Agreement.

9 REPRESENTATIONS AND WARRANTIES; DISCLAIMER:

9.1 Cvent represents and warrants to You that Cvent is the owner of the Licensed Software being provided to You or otherwise has the right to grant to You the rights set forth in the Agreement.Cvent’s sole liability and Customer’s sole remedy with respect to a breach of the foregoing warranty shall be Cvent’s commercially reasonable efforts to rectify the non-conformity.

9.2 Customer represents and warrants that it is not and will not provide access to the Licensed Software to any entity incorporated in or resident in a country subject to economic or trade sanctions by the U.S. State Department and/or OFAC or are listed as a “Specially Designated National,” a “Specially Designated Global Terrorist,” a “Blocked Person,” or similar designation under the OFAC sanctions regime. Any breach of this Section 9.2 shall be deemed a material breach of this Agreement and Cvent may immediately terminate this Agreement.

9.3 EXCEPT FOR ANY REPRESENTATIONS AND WARRANTIES EXPRESSLY SET FORTH IN THIS AGREEMENT, CVENT MAKES NO WARRANTY, REPRESENTATION OR CONDITION OF ANY KIND CONCERNING THE LICENSED SOFTWARE, CONTRACTED SERVICES, OR CVENT TECHNOLOGY. ACCORDINGLY, THE LICENSED SOFTWARE, CONTRACTED SERVICES, THE CVENT TECHNOLOGY AND ALL OTHER DATA, MATERIALS, AND DOCUMENTATION PROVIDED IN CONNECTION WITH THIS AGREEMENT BY CVENT AND ITS SUPPLIERS ARE PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTIES, REPRESENTATIONS OR CONDITIONS OF ANY KIND. CVENT AND ITS SUPPLIERS MAKE NO OTHER WARRANTIES, REPRESENTATIONS OR CONDITIONS, EXPRESS OR IMPLIED, BY OPERATION OF LAW OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OR CONDITIONS OF NONINFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR ANY IMPLIED WARRANTIES OR CONDITIONS ARISING OUT OF COURSE OF PERFORMANCE, COURSE OF DEALING OR USAGE OF TRADE. CVENT DOES NOT WARRANT THAT THE LICENSED SOFTWARE, OR CONTRACTED SERVICES WILL BE PROVIDED ERROR-FREE, UNINTERRUPTED, COMPLETELY SECURE, OR VIRUS-FREE.

10 INDEMNITY BY CVENT:

10.1 If any action is instituted by a third party against Customer based upon a claim that the Licensed Software, as provided by Cvent, infringes a patent or copyright, Cvent shall defend such action at its own expense on behalf of Customer and shall pay all damages attributable to such claim which are finally awarded against Customer by a court of competent jurisdiction or or agreed to be paid in a written settlement agreement signed by Cvent arising out of such claim. Cvent may, at its option and expense, and as Customer’s exclusive remedy hereunder, (a) procure for Customer the right to continue using the Licensed Software, (b) replace or modify the Licensed Software so that it is no longer infringing but continues to provide comparable functionality, or (c) terminate this Agreement and Customer’s access to the Licensed Software and refund any amounts previously paid for the Licensed Software attributable to the remainder of the then-current term of this Agreement. Cvent shall have no liability to Customer for any infringement action which arises out of a breach of the terms and conditions of this Agreement by Customer, or of (i) the use of the Licensed Software other than in accordance with the Agreement; (ii) use of the Licensed Software after it has been modified by Customer or a third party without Cvent’s prior written consent, or (iii) use of the Licensed Software in combination with any other service, software or process not provided by Cvent; (iv) any third party products, services, hardware, software or other materials; or (v) any obligation by You to defend or indemnify Cvent. This section sets forth the entire obligation of Cvent and the exclusive remedy of Customer against Cvent or any of its suppliers for any alleged infringement or adjudicated infringement or misappropriation of any patent, copyright or other intellectual property right or proprietary right by the Licensed Software.

10.2 Conditions:

Any party that is seeking to be indemnified under the Agreement (an “Indemnified Party”) must (a) promptly notify the other party (the “Indemnifying Party”) of any third-party claim, suit, or action for which it is seeking an indemnity hereunder (a “Claim”) specifying the nature of the Claim and such relief as is sought therein. The Indemnifying Party may, at its sole discretion, at any time upon written notice thereof to the Indemnified Party undertake to conduct all proceedings or negotiations in connection therewith, assume the defense thereof, and if it so undertakes, it shall also undertake all other required steps or proceedings to settle or defend any such action, including the employment of counsel. In such an event, the Indemnified Party shall cooperate with the Indemnifying Party in all reasonable respects in connection with the defense of any such action. The Indemnified Party shall have the right to employ separate counsel and participate in the defense thereof at its own expense. However, if an Indemnified Party fails to notify the Indemnifying Party promptly, the Indemnifying Party will be relieved of its obligations under this Section 10 only if and to the extent that its ability to defend the Claim is materially prejudiced by such failure. The Indemnifying Party may settle or compromise a Claim without the Indemnified Party’s prior approval of any such settlement or compromise only if (A) such settlement involves no finding or admission of any breach by an Indemnified Party of any obligation to any third party, (B) such settlement has no effect on any other claim that may be made against an Indemnified Party or any defense that an Indemnified Party may assert in any such claim, and (C) the sole relief provided in connection with such settlement is monetary damages that are paid in full by the Indemnifying Party. Upon the Indemnifying Party’s assumption of the defense of such Claim, the Indemnified Party will cooperate with the Indemnifying Party in such defense, at the Indemnifying Party’s expense.

11 LIMITATION OF LIABILITY:

11.1 TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE OR INDEMNIFY THE OTHER PARTY FOR ANY LOST PROFITS, LOSS OF BUSINESS, BUSINESS INTERRUPTION, LOSS OF USE, LOSS OF DATA, LOST SAVINGS, COST OF COVER OR OTHER CONSEQUENTIAL, SPECIAL, INCIDENTAL, INDIRECT, EXEMPLARY OR PUNITIVE DAMAGES OF ANY KIND IN CONNECTION WITH OR ARISING OUT OF THE FURNISHING, PERFORMANCE OR USE OF THE MOBILE EVENT SOLUTION, THE EVENTCENTER, OR THE APP OR SERVICES PERFORMED HEREUNDER, WHETHER ALLEGED AS A BREACH OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE, EVEN IF A PARTY OR ITS PARTNERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.2 IN NO EVENT WILL CVENT BE LIABILE OR INDEMNIFY YOU FOR:

11.2.1 ANY DAMAGES CAUSED BY YOUR FAILURE TO PERFORM YOUR RESPONSIBILITIES; OR

11.2.2 ANY CLAIMS OR DEMANDS OF THIRD PARTIES EXCEPT AS EXPRESSLY STATED IN THESE TERMS.

11.3 IN ANY CASE, CVENT’S ENTIRE LIABILITY AND INDEMNITY OBLIGATIONS UNDER ANY AND ALL PROVISIONS OF THE AGREEMENT (IN THE AGGREGATE FOR ALL CLAIMS) SHALL BE LIMITED TO THE AMOUNT ACTUALLY PAID BY YOU FOR USE OF THE MOBILE EVENT SOLUTION WITHIN THE PAST TWELVE (12) MONTHS OF THE TERM. IF NO FEE IS PAID TO CVENT, CVENT DOES NOT RETAIN ANY LIABILITY.

11.4 THESE LIMITATIONS OF LIABILITY WILL SURVIVE AND APPLY NOTWITHSTANDING THE FAILURE OF ANY LIMITED OR EXCLUSIVE REMEDY FOR BREACH OF WARRANTY SET FORTH IN THIS AGREEMENT.

12 GENERAL PROVISIONS.

12.1 Assignment:

Neither party may assign any rights or obligations arising under this Agreement, whether by operation or law or otherwise, without the prior written consent of the other; except that Cvent may assign this Agreement without consent of Customer in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets or shares. This Agreement shall inure to the benefit of and shall be binding on the successors and assignees of the parties.

12.2 Governing Law and Venue:

This Agreement will be governed by the laws of the Emirate of Dubai, United Arab Emirates. without regard to any conflict of law principles. The parties agree that the provisions of the United Nations Convention on Contracts for the International Sale of Goods do not apply to this Agreement. In the event of any controversy, dispute, or claim arising out of, or relating to, this Agreement or the relationship between the Parties, then prior to proceeding as set forth below, each Party shall first provide prior written notice of such to the other Parties and request a meeting to discuss such controversy, dispute or claim. The Parties shall mutually agree to a time and place for such meeting (which may be conducted via teleconference), provided such meeting shall take place no later than fourteen (14) days after the date of such request. Each Party shall ensure that appropriate level of management shall participate in this meeting, provided each Party shall be represented by at least one employee that is at the director level or higher. If a resolution is not reached at the conclusion of this meeting, the Parties agree a second meeting shall be scheduled no later than seven (7) days thereafter, with participation by an employee of at least the Vice President level or higher.

Subject to the foregoing, any controversy or claim arising out of, or relating to, this Agreement (including the enforceability or breach thereof, any question regarding its existence, validity or termination) or relating to the Service shall be finally resolved by arbitration under the Rules of the LCIA (“Rules”), which Rules are deemed to be incorporated by reference into this clause. Notwithstanding the foregoing, the arbitrator shall not be authorized to award punitive damages with respect to any such claim or controversy, nor shall any party seek punitive damages relating to any matter under, arising out of or relating to this Agreement or the Service in any other forum. The entire arbitration shall be conducted and concluded in no later than ninety (90) days after service of the arbitration demand. A written demand for arbitration must be delivered within one (1) year from the date on which the Services to which the claim relates were provided. Failure to comply with this provision shall be a complete bar to any claim. The place of arbitration will be Dubai.

12.3 Notices:

Any notice pursuant to the Agreement shall be in writing and shall be deemed to have been duly given: (a) when delivered if delivered personally or sent by express courier service; (b) when transmitted if sent by a confirmed facsimile; or (c) when transmitted via email, provided that the receiving party acknowledges receipt by return email, and that the email clearly states in the subject line that it is intended to give notice under the Agreement.

12.4 Entire Agreement:

This Agreement is the entire understanding and agreement of the parties, and supersedes any and all previous and contemporaneous understandings, agreements, proposals or representations, written or oral, between the parties, as to the subject matter hereof. Any additional or conflicting terms contained in any purchase order, proposal or other document provided by You shall be deemed to be rejected by Cvent without need of further notice of objection, even if such document is acknowledged or accepted by Cvent, and regardless of any statement to the contrary which may be contained therein, and shall be of no effect or in any way binding on Cvent. Only a writing signed by both parties may modify this Agreement.

12.5 Force Majeure:

Neither party shall be declared in default by reason of any failure to comply with the terms of the Agreement, if such failure is due to ‘acts of God’, acts of government, fires, floods, epidemics, unavailability of materials, criminal acts, periods of mourning for royal bereavement or other events of national importance in the United Arab Emirates, distributed denial of service, unavailability of third party communications facilities or services, unavailability of utilities or any cause or condition beyond their control, whether foreseeable or not.

12.6 Compliance with Laws:

You agree that neither you, nor any officer, director, employee, subsidiary, affiliate, agent, representative or other person working on your behalf in connection with your use of the Site or receipt of any Services, will violate any anti-corruption or anti-bribery laws, statutes and regulations of any country, including, but not limited to, the United States Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”) and the UK Bribery Act 2010. You warrant that you will not engage in any bribery, extortion, kickbacks, or other unlawful or improper means of conducting business. You also warrant and covenant that you and your officers, directors, employees, agents and representatives have not violated, and will strictly comply with, the anticorruption or anti-bribery laws, statutes and regulations of any country which makes it unlawful to offer, pay, promise to pay, or authorize the payment of any money, or to offer, give, promise to give, or authorize the giving of anything of value, directly or indirectly, inter alia to a Covered Recipient (defined herein) for a Prohibited Purpose (defined herein). For purposes hereof, “Covered Recipient” means a foreign official (including employees of government-owned or controlled entities), foreign political party (including any official thereof), official or employee of an international public organization, or candidate for foreign political office; and “Prohibited Purpose” means assisting a party to obtain or retain business for or with, to secure an improper advantage, or to direct business to, any person, by:

(a) influencing any act or decision of a Covered Recipient in such Covered Recipient’s official capacity;
(b) inducing a Covered Recipient to do or omit to do any act in violation of such Covered Recipient’s lawful duty;
(c) securing any improper advantage; or
(d) inducing a Covered Recipient to use such Covered Recipient’s influence with a foreign government (or instrumentality thereof) to affect or influence any act or decision of such government (or instrumentality thereof), including entities that are government-owned or controlled.

You further warrant that you will not engage in any commercial bribery, kickback schemes, or other forms of improper payments to any person, private or public, and agrees that you will not create or submit any false, inaccurate, or misleading invoices or other business documents related to any use of the Site or Services. You will permit, upon request, Cvent reasonable access to your books and records and/or to conduct periodic or ad hoc audits, as Cvent deems necessary. Upon request, you agree to provide Cvent with a written certification attesting your compliance with the foregoing anticorruption requirements.

Cvent is subject to US antiboycott laws and regulations that prohibit cooperation with international economic boycotts in which the US does not participate, including any boycotts related to Israel. Cvent cannot comply with any such requests and Cvent is obligated to report to the US Government the receipt of any request, regardless of the source, to take action or provide information supportive of an international boycott directed against a country friendly to the US, such as Israel. Therefore, Customer agrees that neither it, nor any officer, director, employee, subsidiary, affiliate, agent, representative or other person working on its behalf shall make any such request. If such request is made, Cvent will reject the request and report it as required by law.

12.7 Non-Solicitation:

You agree that you, your organization and affiliates, will not attempt to hire, or assist in hiring anyone currently employed by Cvent, except insofar as such recruitment results from a general solicitation of employment not specifically directed towards employees or subcontractors of Cvent. You further agree that should such a situation occur, Cvent would be caused irreparable harm and be entitled to injunctive relief.

12.8 Severability and Waiver:

In the event that any provision of this Agreement is held to be invalid or unenforceable, the valid or enforceable portion thereof and the remaining provisions of this Agreement will remain in full force and effect. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion. All waivers must be in writing. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity.

12.9 Relationship of the Parties:

The parties to this Agreement are independent contractors, and no agency, partnership, franchise, joint venture or employee-employer relationship is intended or created by this Agreement.

12.10 Fee Collection:

Customer shall reimburse Cvent for all expenses (including reasonable attorneys’ fees) incurred by Cvent to collect any amount that is not paid when due.

12.11 No Third-Party Rights:

The Agreement is not intended to, and does not confer any rights, benefits or remedies upon any person other than the parties.

12.12 Counterparts:

This Agreement may be executed in counterparts and by facsimile or other means of electronic communication producing a printed copy, which taken together shall form one legal instrument.

12.13 Customer List:

You agree that Cvent may use Your organization’s name and logo, and may use images that are posted in the mobile marketplaces to identify You as a customer of Cvent on its website, in investor documents (whether or not filed with the Securities and Exchange Commission), and as part of a list of Cvent’s customers for use and reference in Cvent’s corporate and marketing literature.

Annex A

DATA PROCESSING ADDENDUM
This Data Processing Addendum (“DPA”) is effective as of _____________________ between Cvent Canada Inc. (“Cvent”) and the customer specified in the table below (“Customer”).

Cvent Canada, Inc. Customer
Signature: Signature:
Name: Name:
Title: Title:
Date Signed: Date Signed:
Contact Information:
Contact Information:

Cvent and Customer shall hereafter be collectively known as the “Parties” and individually known as a “Party”. To the extent that any of the terms or conditions contained in this DPA may contradict or conflict with any terms or conditions regarding the processing of personal data in any agreements between the Parties (each an “Agreement”, and collectively referred to as the “Agreements”), it is expressly understood and agreed that the terms of this DPA shall take precedence and supersede those other terms or conditions.
The Parties agree as follows:
1. DEFINITIONS
1.1 For the purposes of this DPA, the following expressions bear the following meanings unless the context otherwise requires:
“Applicable Data Protection Laws” means, in respect of a Party, any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding instrument relating to the protection of personal data, including:
(a) the Directive 2002/58/EC (as amended) (the “e-Privacy Directive”), the e-Privacy Regulation 2017/003 (COD) (the “e-Privacy Regulation”), once it takes effect, and any laws implementing these;
(b) the Directive 95/46/EC (as amended) (the “Data Protection Directive”), the Regulation 2016/679 (the General Data Protection Regulation, “GDPR”), once it takes effect, and any laws implementing these.
(in each case as amended, consolidated, re-enacted or replaced from time to time);
“Data Subject”, “Personal Data”, “Process”, “Processed” or “Processing” shall each have the meaning as set out in the GDPR;
“EU Data Protection Laws” means any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding instrument relating to the protection of personal data in force in the territory of the European Union, including the Data Protection Directive, the GDPR, the e-Privacy Directive and the e-Privacy Regulation;
“Model Clauses” mean the Standard Contractual Clauses (Controller to Processor) as set out in the Commission Decision of 5 February 2010 (C (2010) 593);
“Privacy Shield” means the EU-US and Swiss-US Privacy Shield Frameworks as designed by the US Department of Commerce and approved by the European Commission and Swiss Administration (respectively) to as having adequate protection under the Data Protection Directive and the GDPR (once it takes effect) and the Swiss 235.1 Federal Act of 19 June 1992 on Data Protection (respectively);
“Regulator” means the data protection supervisory authority which has jurisdiction over a Data Controller’s Processing of Personal Data; and
“Third Countries” means all countries outside of the scope of the data protection laws of the European Economic Area (“EEA”), excluding countries approved as providing adequate protection for Personal Data by the European Commission from time to time, which at the date of this DPA include Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay.
2. PROCESSING OF PERSONAL DATA
2.1 The Parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the “Data Controller”, Cvent is the “Data Processor” and that Cvent will engage “Sub-Processors” pursuant to the requirements set forth in Section 8 below.
2.2 The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Schedule 1 “Processing Details” of this DPA.
2.3 The Data Processor shall only process the Personal Data on behalf of and in accordance with documented instructions from the Data Controller. The parties agree that this DPA is Customer’s complete instructions to Cvent in relation to processing of Customer Data. The Data Controller shall ensure that its instructions comply with all Applicable Data Protection Laws, and that the Processing of Personal Data in accordance with Data Controller’s instructions will not cause Data Processor to be in breach of the Applicable Data Protection Laws. The Data Controller shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which the Data Controller acquired Personal Data.
2.4 Each Party will comply with all laws, rules and regulations applicable to it and binding on it in the performance of this DPA, including Applicable Data Protection Laws.
3. AUTHORIZED PERSONNEL
3.1 The Data Processor shall ensure that its personnel authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Data Processor shall ensure that such confidentiality obligations survive the termination of the personnel engagement.
4. RIGHTS OF DATA SUBJECTS
4.1 The Data Processor shall, to the extent legally permitted, promptly notify the Data Controller if it receives a request from a Data Subject for access to its own Personal Data, or for the rectification or erasure of such Personal Data or any other request or query from a Data Subject relating to its own Personal Data (including Data Subjects’ exercising rights under Applicable Data Protection Laws, such as rights of objection, restriction of processing, data portability or the right not to be subject to automated decision making) (a “Data Subject Request”). Taking into account the nature of the Processing, the Data Processor shall assist the Data Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Data Controller’s obligation to respond to a Data Subject Request under Applicable Data Protection Laws. In addition, to the extent the Data Controller, in its use of the services, does not have the ability to address a Data Subject Request, the Data Processor shall upon Data Controller’s request provide commercially reasonable efforts to assist the Data Controller in responding to such Data Subject Request, to the extent the Data Processor is legally permitted to do so and the response to such Data Subject Request is required under Applicable Data Protection Laws. To the extent legally permitted, the Data Controller shall be responsible for any costs arising from the Data Processor’s provision of such assistance.
5. GOVERNMENT ACCESS REQUESTS
5.1 The Data Processor shall promptly notify the Data Controller about any legally binding request for disclosure of Personal Data by a law enforcement authority, unless otherwise prohibited from doing so.
6. SECURITY
6.1 The Data Processor shall implement and maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Personal Data), confidentiality and integrity of Personal Data.
7. COMPLIANCE
7.1 The Data Processor will, subject to confidentiality arrangements that will satisfy both parties, make available to the Data Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and Applicable Data Protection Laws.
7.2 Upon Data Controller’s request, the Data Processor shall provide the Data Controller with reasonable cooperation and assistance needed to fulfil Data Controller’s obligation under the GDPR to carry out a data protection impact assessment related to Data Controller’s use of the services, to the extent the Data Controller does not otherwise have access to the relevant information, and to the extent such information is available to the Data Processor. The Data Processor shall provide reasonable assistance to the Data Controller in the cooperation or prior consultation with the Regulator in the performance of its tasks relating to Section 12.1 of this DPA, to the extent required under the GDPR.
8. SUB-PROCESSING
8.1 The Data Controller agrees that the Data Processor may engage Sub-Processors to Process Personal Data. The Data Processor shall ensure that such Sub-Processor has entered into a written agreement requiring the Sub-Processor to abide by terms no less protective than those provided in this DPA. Upon Data Controller’s request, the Data Processor will make available to the Data Controller a summary of the data processing terms. The Data Processor shall be liable for the acts and omissions of any Sub-Processors to the same extent as if the acts or omissions were performed by the Data Processor.
8.2 The Data Processor shall make available to the Data Controller a list of Sub-Processors authorized to Process Personal Data (“Sub-Processor List”) and provide the Data Controller with a mechanism to obtain notice of any addition or changes to the Sub-Processors, including a formal mechanism to reasonably object to any intended additions or changes.
8.3 This Section 8.3 shall apply only where and to the extent that the Data Controller is established within the EEA or Switzerland or where otherwise required by Applicable Data Protection Laws. In such event, if the Data Controller objects on reasonable grounds relating to data protection to the Data Processor’s use of a new Sub-Processor then the Data Controller shall promptly, and within fourteen (14) days following Data Processor’s notification pursuant to Section 8.2 above, provide written notice of such objection to the Data Processor. Should the Data Processor choose to retain the objected-to Sub-Processor, the Data Processor will notify the Data Controller at least fourteen (14) days before authorizing the Sub-Processor to Process Personal Data and the Data Controller may immediately discontinue using the services and may terminate the relevant Agreement within thirty (30) days.
9. RETURN AND DELETION
9.1 The Data Processor shall, at the request of the Data Controller, delete or return all the Personal Data to the Data Controller after the end of the provision of services relating to Processing, and delete existing copies of the Personal Data unless prohibited by law or the order of a governmental or regulatory body or it could subject the Data Processor to liability.
10. DATA BREACH
10.1 In the event Data Processor becomes aware of any improper, unauthorized or unlawful access to, use of, or disclosure of, or any other compromise which affects the availability, integrity or confidentiality of Personal Data which is Processed by Data Processor under or in connection with this DPA and/or the Agreement (“Data Breach”), Data Processor shall:
10.1.1 without undue delay notify Data Controller in writing of all known details of the Data Breach relating to the Personal Data, including:
a) a description of the nature of the Data Breach including, where possible, the categories and approximate number of Data Subjects and records concerned;
b) the name and contact details of the data protection officer or other contact point where more information can be obtained;
c) a description of the likely consequences of the Data Breach; and
d) a description of the measures taken or proposed to be taken to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects;
10.1.2 mitigate any harmful effect that is known to Data Processor of a use or disclosure of the Personal Data in violation of the Agreement or in connection with a Data Breach;
10.1.3 assist Data Controller in remediating or mitigating any potential damage from a Data Breach. Data Processor shall further provide Data Controller with regular status updates on any Data Breach including, but not limited to, actions taken to resolve such incident, at mutually agreed intervals or times for the duration of the Data Breach;
10.1.4 within 4 weeks of closure of the incident, provide the Data Controller a written report describing the Data Breach, the root cause analysis, actions taken by Data Processor during its response and Data Processor’s plans for future actions to prevent a similar Data Breach from occurring;
10.1.5 unless prohibited by applicable law or a legally-binding request of law enforcement, not disclose to third parties (including Regulators) any information about a Data Breach involving the Personal Data without prior written and express permission from Data Controller for such disclosure; and
10.1.6 provide reasonable assistance to the Data Controller with notifying the Data Breach to any Regulator or the Data Subject in accordance with the Applicable Data Protection Laws.
11. INTERNATIONAL TRANSFERS
11.1 In the event that Data Controller transfers Customer Personal Data to the Data Processor and the Data Processor makes routine transfers of Customer Personal Data in the normal course of business to its Affiliates and these transfers include any Customer Personal Data that the Applicable Data Protection Laws apply to, such transfers, if to the United States, will be made pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Program. Transfers that are made to third countries without a Commission adequacy decision other than the United States will be made subject to appropriate safeguards provided for by the Model Clauses.
11.2 If the Data Processor Affiliate in the United States is not Privacy Shield certified, or in case the Privacy Shield certification ceases to be considered to provide adequate protection to enable the export of personal data in accordance with EU Data Protection Laws, the Data Processor will only process data in, or transfer Personal Data to, a Third Country where such processing or transfer takes place based and in compliance with the Model Clauses, with the processing details that comprise Appendix 1 to the EU Standard Contractual Clauses, and the technical and organizational security measures that comprise Appendix 2 to the Model Clauses. The Data Processor shall comply with the obligations of the data importer and Data Controller shall comply with the obligations of the data exporter as set out in the Model Clauses.
11.3 Where the Data Processor appoints an affiliate or third-party Sub-Contractor to process Personal Data in a Third Country, the Data Processor must ensure that such processing takes place in accordance with the requirements of the Applicable Data Protection Laws (including Privacy Shield principles). The parties agree that Personal Data may be transferred to an affiliate or third-party Sub-Contractor in the United States that is certified to process such data under the Privacy Shield or that agrees to comply with the Privacy Shield principles.
12. GENERAL PROVISIONS
12.1 The Parties hereby acknowledge and agree that a person with rights under this DPA may be irreparably harmed by any breach of its terms and that damages alone may not be an adequate remedy. Accordingly, a person bringing a claim under this DPA shall be entitled to the remedies of injunction, specific performance or other equitable relief for any threatened or actual breach of the terms of this DPA.
12.2 If one of the Party seeks changes to the DPA to comply with a change in Applicable Data Protection Laws or binding and final decision of a Regulator with jurisdiction over the Party’ Processing of Personal Data, the Parties will discuss in good faith how to address any necessary changes.
12.3 The section headings contained in this DPA are for reference purposes only and shall not in any way affect the meaning or interpretation of this DPA.
ATTACHMENT 1

________________________________________
Commission Decision C(2010)593
Standard Contractual Clauses (processors)

For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection

Name of the data exporting organisation:

Address:

Tel.: ; fax: ; e-mail:

Other information needed to identify the organisation:
……………………………………………………………
(the data exporter)
And

Name of the data importing organisation: Cvent Canada, Inc.

Address: 1177 West Hastings Street, Vancouver, BC V6E 2K3

Tel.:; fax:Click or tap here to enter text.; e-mail:Click or tap here to enter text.

Other information needed to identify the organisation: Not applicable
(the data importer)

each a “party”; together “the parties”,

HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

Clause 1
Definitions

For the purposes of the Clauses:
(a) ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) ‘the data exporter’ means the controller who transfers the personal data;
(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2
Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3
Third-party beneficiary clause

1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4
Obligations of the data exporter

The data exporter agrees and warrants:

(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).

Clause 5
Obligations of the data importer

The data importer agrees and warrants:

(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

Clause 6
Liability

1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.

3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

Clause 7
Mediation and jurisdiction

1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.

2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8
Cooperation with supervisory authorities

1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).

Clause 9
Governing Law

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

Clause 10
Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on
business issues where required as long as they do not contradict the Clause.

Clause 11
Subprocessing

1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12
Obligation after the termination of personal data processing services

1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

On behalf of the data importer:

Name (written out in full): Click or tap here to enter text.

Position: Click or tap here to enter text.

Address: Click or tap here to enter text.

Other information necessary in order for the contract to be binding (if any):Click or tap here to enter text.

Signature……………………………………….
(stamp of organisation)
On behalf of the data exporter:

Name Lawrence J. Samuelson

Position: General Counsel & Corporate Secretary

Address: 1765 Greensboro Station Place, Suite 700, Tysons Corner, VA 22102

Other information necessary in order for the contract to be binding (if any):

Signature
(stamp of organisation)

SCHEDULE 1: PROCESSING DETAILS

Processing Activities
The Personal Data Processed by Data Processor will be subject to the following basic Processing activities:
Building and Hosting Event Apps.
Duration
The Personal Data Processed by Data Processor will be Processed for the following duration:
Cvent will retain active customer’s personal data only as long as necessary. Data will only be disposed of upon customer request. Inactive customer data may be retained for a minimum of two years, or until customer’s consent for earlier disposal.
Data Subjects
The Personal Data Processed by Data Processor concern the following categories of Data Subjects:
Event Participants (which includes, but not limited to, attendees, speakers, and authors.)

Categories of Data
The Personal Data Processed by Data Processor includes the following categories of data:
Category:
• Personally Identifiable Information (PII): PII is any information pertaining to an individual that can be used to distinguish or trace a person’s identity.
• Social Data: Photos, Comments and likes
• User Activity Data

Please Note: Clients are discouraged from storing protected/sensitive PII, PCI (Payment Card Industry) or HIPPA (Health Insurance Portability and Accountability Act) related data using Cvent’s systems and applications, and do so at their own risk.
Protected/Sensitive PII is Personally Identifiable Information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual.

Protected/Sensitive PII include:
• Social security numbers
• Bank account numbers
• Passport information
• Healthcare related information
• Medical insurance information
• Student information
• Credit and debit card numbers
• Drivers license and State ID information
Special Categories of Data (if appropriate)
The Personal Data Processed by Data Processor concern the following special categories of data:
None