THIS SOFTWARE SERVICES MASTER SERVICES AGREEMENT (“AGREEMENT”) IS A LEGAL AGREEMENT BETWEEN YOU (EITHER AS AN INDIVIDUAL OR ENTITY) AND COMMVAULT SYSTEMS, INC. (“COMMVAULT” OR “WE” OR “US”) REGARDING YOUR USE OF THE METALLIC SERVICES AND/OR SOFTWARE PROVIDED BY COMMVAULT. BY USING OR INSTALLING THE METALLIC SERVICES AND/OR SOFTWARE, OR ANY UPDATES THERETO, YOU EXPRESSLY AGREE TO BE BOUND BY THIS AGREEMENT ON BEHALF OF YOUR COMPANY AND ITS AFFILIATES AND SUBSIDIARIES (COLLECTIVELY, “YOU” OR “CUSTOMER”).
IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, YOU SHALL NOT, AND SHALL HAVE NO RIGHT TO, USE THE METALLIC SOFTWARE OR SERVICES IN ANY MANNER.
1.1. Metallic Services. You may purchase, directly or through one of our authorized partners (a “Reseller”), a subscription to any of the Metallic service offerings (“Services”). Subject to Your compliance with this Agreement, You are authorized to use the Service(s) for your own internal use only, except if You are one of our authorized service providers, in which case You are also authorized to use the Services for providing commercial hosting services to Your end users.
To use the Services, You may be required to download or install an agent, plug-in or similar software (“Software”), in which case our standard Software terms apply to your use of such Software. We hereby grant You a limited, non-exclusive, non-sublicensable, non-transferable and revocable license to access and use the Software solely as required to use the Services during the Term. This Agreement does not grant You any intellectual property rights in the Services or any of its components. Professional services may be subject to additional terms.
We may modify the Services offerings from time to time, provided that We shall provide not less than 30 days’ notice (which may be through the Services) of any material updates and provided further that such modifications do not materially, adversely affect the Services. Such modifications are effective as of the date noted.
1.2. Services Activation. Unless you are participating in a free trial of the Services (as described below), We will initiate activation of the Service after We receive a valid purchase order from a Reseller, or from You directly, by providing You with access to an account within the purchased Service (“Activation Date”). The term of Your Services (“Term”) will begin on the Activation Date and continue for the period described in the purchase order.
1.3. Your Data and Data Retention. “Your Data” means the data or content which is either (a) transmitted to Us by You or on Your behalf in connection with the provision of the Services; or (b) collected or received via the Services at Your direction. You may implement Your own specific retention policies within the Services. You are solely responsible for the retention policies and any other policy settings, schedules, and configurable parameters applied to Your Data. The terms of the data processing addendum (“DPA”) that constitutes Exhibit A to this Agreement are hereby incorporated by reference and shall apply to the extent Your Data includes Personal Data, as defined in the DPA. The security measures as set forth in the DPA will apply to all of Your Data.
1.4. Support. We will provide support for the Services as set forth at https://metallic.io/support. Those support terms are incorporated herein by reference and may be changed from time to time in our discretion, provided that such modifications do not materially, adversely affect the Services or support levels.
1.5. Trial Services. We may provide You with a temporary account to one or more of the Services free of charge (a “Trial Account”). The Trial Account shall be accessible for thirty (30) days beginning with your registration on the Metallic website. During the trial period, the Trial Account and associated Services are provided “AS IS” and without representation or warranty of any kind. We are under no obligation to store or retain Your Data during the trial period and will delete such data at the end of the trial period unless You purchase the same Services before the trial period ends. We are not responsible for any direct, indirect, consequential or any other damages resulting from Your access to or use of the Trial Account or the Trial Account Services during the trial period. We reserve the right to deactivate trial accounts at any time upon written notice. In no event will We have any obligations to defend or settle IP claims or honor an applicable service level with respect to Trial Services. A Trial Account may not be used for production purposes.
1.6. Additional Services. If You order additional Services, they are subject to the terms of this Agreement and will co-terminate with the Services initially purchased, subject to any renewals thereof.
1.7. Location of Services. Subject to applicable legislation, or unless otherwise specified, our personnel, including any of our subsidiaries, affiliates or authorized third parties, may administer the Services from anywhere in the world, including to provide support. The data centers in which the infrastructure for the Services and Your Data may be housed (when using Metallic storage) are located in several countries visible within the configuration. Subject to data center availability through the Services, when using Metallic storage, Your Data will be stored in a location (a) that You specify and/or (b) by automatic association with a particular data center region based on where You are located.
2. Fees for Services and License Audits
2.1. License Overages. Through the Services, We may review and monitor Your account usage. If Your use of a Services exceeds Your license for such Service, You shall pay Us the difference.
2.2. Purchases through a Reseller. For purchases made through a Reseller, the payment fees and taxes terms shall be as agreed exclusively by and between You and the Reseller.
2.3. Direct Purchases. We will also accept direct orders. If you place an order for Services directly with Us, the following terms apply: (a) Payment of Fees: You shall pay the fees for the Services as set forth on the Metallic website (“Fees”). Fees are invoiced in arrears on the last of day of the applicable period following the Activation Date. All Fees shall be due and payable within thirty (30) days following the date of invoice; and (b) Taxes. All Services purchased under this Agreement are exclusive of any value added and other applicable taxes. Such taxes will be added to any invoice for the Services. You are responsible for all such taxes, fees or charges.
3.2. Representations and Warranties. You represent and warrant that Your Data does not and shall not: (a) knowingly infringe any third party right, including, without limitation, third party rights in patent, trademark, copyright, or trade secret; or (b) constitute a knowing or deliberate violation of any other right of a third party, including without limitation, any right under contract or tort theories. For purposes of this Agreement, “Your Data” includes any software, online service, feature or technology, data including Personal Data, as defined in the DPA or other content that You or Your Service Users provide to Us pursuant to this Agreement, including any such information or material that Service Users (i) upload to the Services, and/or (ii) create and/or modify using the Services.
3.3. Your Account. You shall create an account within the Services. You are responsible for (a) ensuring that Your account registration information is true, current, complete and accurate information when establishing Your account associated with the Services and to keep such information, including contact and billing information, up to date; and (b) the security and confidentiality of Your account credentials. You shall designate at least one authorized user (“Authorized User”) who shall have administrative access to Your account, with full access privileges and the authority to place orders for Services on Your behalf either directly to Us or to a Reseller. If no Authorized User is designated, the individual whose information was provided at the initial log-in shall be considered the Authorized User. The Authorized User is responsible for managing all aspects of the Services, including without limitation, requesting changes or modifications to the Services, adding or removing users, webpages, URL(s), or adding or deleting Authorized Users. You acknowledge and agree that We will only accept such requests from Authorized Users. We may, in our sole discretion, refuse to comply with any request if the identity of the Authorized User making any such request cannot be reasonably verified.
3.4. Your Service Users. You are solely responsible for all activity which occurs within Your account and for the actions taken by users of the Services within Your account, whether or not such person is or was acting within the scope of their employment, engagement or agency relationship with You and regardless of whether You have authorized their use of the Services, except as provided above. The Services may only be used by Your employees, contractors, agents, representatives, customers, and end users that you have expressly authorized to use the Services (collectively, “Service Users”). You shall notify Us immediately of any unauthorized use of any password or account or any other known or suspected breach of security. You shall not knowingly permit our competitors to access the Services for any reason.
3.5. Your Data Transmission. You acknowledge and agree that (a) it is Your sole responsibility to monitor Your Data to ensure that Your Data is properly transmitted to Us; (b) despite any monitoring services We may provide, You shall notify Us of any delivery failures or outages of Your systems (or Your service providers) which may affect the transmission of Your Data. We are not responsible or liable for any update, upgrade, patch, maintenance or other change which affects the transmission of Your Data to Us. It is Your responsibility to (i) ensure that We are notified of all email domains, or other electronic messages to be archived; and (ii) to obtain all necessary consents with respect to the transmission, collection and storage of Your Data.
3.6. Your Diagnostic Data and Feedback. In connection with the Services, We may collect or receive the technical data (logs, reports and error messages) which is either (a) transmitted to Us by You or on Your behalf in connection with the Services; or (b) collected or received by the Services at Your direction (collectively “Your Diagnostic Data”). We may further receive feedback from You relating to the Services or Software (“Feedback”). With respect to Your Diagnostic Data, You hereby grant Us a worldwide, royalty-free, irrevocable, and non-exclusive license to use, access, display, transmit, modify, create and distribute derivative works of, and copy Your Diagnostic Data as necessary to provide, support and improve the Services. With respect to Feedback, You hereby grant Us a worldwide, royalty-free, irrevocable, and non-exclusive license to use the Feedback in any manner We choose, including to access, display, transmit, modify, create and distribute derivative works of, copy, and reproduce the Feedback in any manner and via any media We or our licensees choose, without obligation to You. You represent and warrant that You have all necessary rights in and to Your Diagnostic Data and Feedback to grant the foregoing license to Us. You further agree that any Feedback You provide shall be deemed non-confidential to You.
4.1. Confidential Information. “Confidential Information” means (a) the non-public business or technical information of either party, including but not limited to information relating to either party’s product plans, customers, designs, costs, prices, finances, marketing plans, business opportunities, personnel, research, development or know-how; (b) any information designated by either party as “confidential” or “proprietary” or which, under the circumstances taken as a whole, would reasonably be deemed to be confidential; (c) the terms of this Agreement; or (d) Your Data. “Confidential Information” will not include information that: (i) is in, or enters, the public domain without breach of this Agreement; (ii) the receiving party lawfully receives from a third party without restriction on disclosure and without breach of a nondisclosure obligation; (iii) the receiving party knew prior to receiving such information from the disclosing party; or (iv) the receiving party develops independently without reference to the Confidential Information.
4.2. Confidentiality Obligations. Each party agrees: (a) that it will not disclose to any third party, or use for its own benefit or the benefit of any third party, any Confidential Information disclosed to it by the other party except as expressly permitted in this Agreement; and (b) that it will take reasonable measures to maintain the confidentiality of Confidential Information of the other party in its possession or control, which will not be less than the measures it uses to maintain the confidentiality of its own information of similar importance. Either party may disclose Confidential Information of the other party: (x) pursuant to the order or requirement of a court, administrative or regulatory agency, or other governmental body, provided that the receiving party, if feasible and/or legally permitted to do so, gives reasonable notice to the disclosing party to contest such order or requirement; or (y) to the parties agents, representatives, subcontractors or service providers who have a need to know such information provided that such party maintain the Confidential Information on a confidential basis.
4.3. Remedies. Each party acknowledges and agrees that a breach of the obligations of this Section 4 by the other party will result in irreparable injury to the disclosing party for which there will be no adequate remedy at law, and the disclosing party shall be entitled to seek equitable relief, including injunction and specific performance, in the event of any breach or threatened breach or intended breach by recipient.
5. Content Disclaimer
You are solely responsible for the information contained in Your Data and disseminated on Your websites or by other public means using the Services and complying with all laws, rules or regulations which apply to Your business, including those related to the content of information provided to the public. We are not responsible for, and expressly disclaim any liability for Your Data or any other information provided on any web site, including truth, veracity and/or content of the information found on the website.
6. Data Privacy and Security
6.1. Data Security. Commvault represents and warrants that we: (i) have or employ network security, business continuity and disaster recovery policies and procedures commensurate with industry-wide best practices in place; (ii) currently have and will continue to maintain sufficient and commercially reasonable administrative, physical and technical safeguards to protect against the accidental or unauthorized access, use, alteration or disclosure of Your Data and all other information provided by You to Commvault in connection with the Services, including Your Data uploaded to the Services and processed or stored on a computer and/or computer network owned or controlled by Commvault in connection with the Services, as described in our most recently completed SOC 2 audit reports or other similar independent third-party annual audit report and in our security and privacy documentation; and (iii) will maintain and update the foregoing plans as appropriate during the Term and at all times during which we have Your Data in our possession. It is Your responsibility to verify that the security and privacy protections offered by the Services are adequate and in compliance with all applicable laws governing the type of data included in Your Data which is uploaded in or provided to the Services.
6.3. Access to Your Data. The parties acknowledge that the structure of our systems used in connection with the Services makes it technically possible for Us to access Your Data; however, the nature of the Services is such that direct access to Your Data by Us is not intended and You acknowledge that We have no control over any of Your Data that may be hosted as part of the provision of the Services and that We may not actively monitor or have access to the content of Your Data. In the event We are required to access Your Data, We will not use or disclose Your Data to third parties that are not affiliated with Us without Your consent or as otherwise directed or instructed by You, except for the following: (i) in furtherance of or in connection with performing Services pursuant to this Agreement; (ii) to respond to duly authorized information requests of police, law enforcement, or other governmental authorities; (iii) to comply with any applicable law, regulation, subpoena, discovery request or court order with prior advance notice to You as permitted; and, to the extent permitted by law, (iv) to investigate and help prevent security threats, fraud, or other illegal, malicious, or inappropriate activity; (i) to enforce/protect our rights and properties or those of our affiliates or subsidiaries; or (vi) with the prior informed consent of the data subject about whom the Personal Data pertains.
6.4. Data Controller. You are and shall remain the data controller of Your Data that You upload or provide as part of the Services. We are Your service provider and have the role of data processor. We do not own or otherwise act as data controller of Your Data.
6.5. Data Protection Addendum. To the extent the Personal Data obtained and processed by Us is subject to (i) the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) or (ii) other applicable data protection laws that require a contract when engaging, appointing or involving a data processor, We shall ensure that it shall only be processed in accordance with the Data Processing Addendum (DPA) attached as Exhibit A and incorporated by reference herein.
6.6. Cross-border Data Transfers. To the extent the Personal Data is subject to transfers to third countries, the parties intend to rely on the Standard Contractual Clauses (Module 2 – Controller to Processor) (SCC) as enacted by European Commission in Decision (EU) 2021/914 of 4 June 2021 attached as Exhibit B and incorporated by reference herein. The Standard Contractual Clauses shall also apply to Personal Data from other countries where applicable data protection laws recognize SCC as a valid measure for Personal Data transfers out of those countries. In countries where regulatory approval and/or notification is required for use of the SCC, the SCC cannot be relied upon to legitimize export of data from the country, unless you have the required regulatory approval and/or you have notified the regulator as applicable.
7. Intellectual Property Rights
7. 1. As between You and Commvault, all Commvault- owned server hardware, software and applications required to operate the Services, all other associated technology or documentation, including any Feedback that You provide to Us regarding the Services or Software, are Commvault’s sole and exclusive property.
Except as expressly stated herein, nothing in this Agreement shall serve to transfer to You any intellectual property right in or to the Services, Software, our trademarks or other intellectual property. Commvault retains all right, title and interest in and to the Services, including without limitation, all software used to provide the Services, the Software and the associated technology and documentation.
As between Commvault and You, Your Data is Your sole and exclusive property and, other than the limited license to Your Diagnostic Data granted in Section 3, nothing in this Agreement shall serve to transfer to Us any intellectual property right in Your Data.
8. Third Party Networks, Platforms and Components
8.1. Certain Services that Commvault offers may be dependent on or incorporate third party software, applications, platforms (such as third-party social media or business networking platforms), messaging or communication services or API’s, including without limitation Microsoft Azure Cloud Computing Services (“Third Party Services”). These Third Party Services are not offered, controlled or provided by Us. In some cases the Third Party Service may make changes to its service, or components thereof, or discontinue a service without notice to Us. Accordingly, We expressly disclaim any liability related to, or arising from, these Third Party Services, including Your use thereof, or any updates, modifications, outages, delivery failures, corruptions, discontinuance of services or termination of Your account by the Third Party Service. We are not responsible or liable for how the Third Party Service transmits, accesses, processes, stores, uses or provides data to Us.
8.2. Hosted Storage Services. To the extent You use one of our hosted storage Services, You acknowledge and agree that such Services rely on Microsoft Azure Cloud Computing Services or, if applicable, Microsoft Azure for US Government. With respect to any such Services, Your use of such Services is subject to the then-applicable Microsoft Online Subscription Agreement(s), entered into between Us and Microsoft, and which are available at https://azure.microsoft.com/en-us/support/legal/subscription-agreement/ and https://azure.microsoft.com/en-us/support/legal/subscription-agreement/government/, respectively. To the extent You utilize a hosted storage service other than Microsoft Azure in connection with Your use of the Services, the terms of such services will govern such use.
9. Term, Suspension and Termination
9.1. Term. Services may be purchased on an annual, multi-year, or month-to-month basis. The Term of Your Services shall be the term set forth on Your purchase order, and shall renew for an equal term unless either party provide the other party with prior written notice of termination at least thirty (30) days prior to the renewal date. The Agreement shall remain in effect for the Term of the Services, including any renewals thereof.
9.2. Suspension. To the extent permitted by the applicable laws and without limiting other remedies, Commvault reserves the right to suspend any portion or all of Your Services if: (a) We reasonably believe, after due inquiry, that the Services are being used (or have been or will be used) by You in violation of this Agreement; (b) Your or Your Service Users’ use of or registration for the Services (i) poses a security risk to the Services or any third party, (ii) may adversely impact the Services, network, systems or data and content of any of our other Services clients or third parties, or (iii) may be fraudulent; (c) Your use of the Services in violation of this Agreement may expose Us, our affiliates, or any third party to liability; (d) suspension is required by law; or (e) You are in material breach or default in performance of Your obligations under this Agreement, including with respect to Your payment obligations, if such breach, default or violation is not remedied to our reasonable satisfaction within thirty (30) days following Your receipt of written notice. We will promptly inform You of any suspension and will work with You in good faith to resolve such issue; provided, however, that the responsibility to resolve or cure the specific concerns lies with You. Services will be re-instated at the earliest opportunity once the issue has been resolved to our reasonable satisfaction. To the extent practicable, We shall provide You with notice and an opportunity to cure any breach or deficiency before suspending Services, but We shall be entitled to exercise our discretion whether such a delay is appropriate under the circumstances. We will not be liable to You for any suspension in accordance with this Section 9.2. Fees, if any, will continue to apply and accrue during any suspension of the Services by Us.
9.3. Termination. Either party may terminate this Agreement if the other party materially breaches its obligations hereunder and such breach remains uncured for thirty (30) days following the written notice of such breach to the breaching party. This Agreement shall terminate immediately, upon written notice, where (a) either party is declared insolvent or adjudged bankrupt by a court of competent jurisdiction; or (b) a petition for bankruptcy or reorganization or an arrangement with creditors is filed by or against that party and is not dismissed within sixty (60) days.
9.4. Effect of Termination. Upon any termination or expiration of the Agreement: (a) all rights and licenses to the Services shall immediately terminate; (b) You shall promptly pay Us any Fees then due and payable up to the date of termination; (c) upon request, each party shall return to the other or delete Confidential Information of the other party; and (d) We shall be entitled to delete Your Data after sixty (60) days following termination or expiration of the Agreement. If You wish to take any steps to preserve or transfer Your Data, You must promptly notify Us before the expiration of that 60-day period and You must pay our then current data extraction and exportation fees. You are solely responsibility for saving or otherwise preserving Your Data at termination or expiration of this Agreement.
10. Warranty and Disclaimers
10.1. Commvault warrants that the Services shall be performed in a diligent, prompt and professional manner by personnel with the knowledge, skills expertise and training to provide the Services. Commvault further undertakes that the services will be accessible at least 99.9% of the time measured on a monthly basis. This service level does not apply to any performance or availability issues due in whole or in part to: (a) any planned maintenance, repair, and upgrade; (b) issues or failures with any third party (including Microsoft) services, applications, software, hardware, or Your use of any other components not supplied by Us; (c) third-party attacks, intrusions, distributed denial of service attacks or force majeure events, including at Your site or between Your site and data centers available through the Services; (d) Your acts or omissions in violation of this Agreement.
10.2. Proper Authority. Each party represents that it has the right and authority to enter into this Agreement, to grant to the other party the rights hereunder, and that the performance of its obligations under this Agreement will not breach or be in conflict with any other agreement to which it is a party to.
10.3. Intellectual Property Warranty. Commvault represents that, to the best of its knowledge, the provision of the Services does not infringe any third party’s patent, trademark or copyright.
10.4 Compliance with Laws. Commvault warrants that we will comply with the laws and regulations applicable to our business in the performance of the Services. You agree that You shall comply with the laws and regulations applicable to Your industry.
10.5. EXCEPT AS SET FORTH IN SECTIONS 10.1 – 10.4 ABOVE, COMMVAULT MAKES NO REPRESENTATION OR WARRANTY OF ANY KIND IN CONNECTION WITH THE SERVICES OR SOFTWARE, INCLUDING, WITHOUT LIMITATION, ANY OTHER INFORMATION OR MATERIALS PROVIDED, OR MADE AVAILABLE, BY COMMVAULT. TO THE EXTENT PERMITTED BY APPLICABLE LAWS COMMVAULT HEREBY DISCLAIMS ANY AND ALL REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. OTHER THAN AS EXPRESSLY SET FORTH HEREIN, COMMVAULT DOES NOT REPRESENT OR WARRANT THAT THE SERVICES OR SOFTWARE WILL BE AVAILABLE OR ERROR FREE. TO THE EXTENT PERMITTED BY APPLICABLE LAWS COMMVAULT SHALL NOT BE LIABLE FOR DELAYS, INTERRUPTIONS, SERVICE FAILURES OR OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET, ELECTRONIC COMMUNICATIONS OR OTHER SYSTEMS OUTSIDE THE REASONABLE CONTROL OF COMMVAULT. COMMVAULT MAKES NO REPRESENTATION OR WARRANTY THAT USE OF THE COMMVAULT SERVICES GUARANTEES LEGAL COMPLIANCE UNDER ANY FEDERAL, STATE OR INTERNATIONAL, OR ANY INDUSTRY SPECIFIC STATUTE, LAW, RULE, REGULATION, OR DIRECTIVE.
11. Remedies and Limitation of Liability
11.1. In the event of a breach of the performance warranty under Section 10.1, Commvault shall use commercially reasonable efforts to provide You with an error correction or work-around that corrects the reported non-conformity, and will provide You a credit equal to a percentage of the fees attributable to the month in which the breach occurred (“Service Credit”) if Your claim for a Service Credit is approved by Commvault (which approval shall not be unreasonably withheld). You must submit a claim to Commvault Customer Support with all information necessary for Commvault to validate the claim, including but not limited to: (i) a detailed description of the incident; (ii) information regarding the time and duration of the downtime; and (iii) description of the attempts to resolve the incident at the time of occurrence. Commvault must receive Your claim within thirty (30) days of the end of the month in which the incident that is the subject of the claim occurred. Commvault will evaluate all information reasonably available and make a final, good faith determination as to whether a Service Credit is owed.
If You timely and properly file a claim that is approved by Commvault, You will receive the following Service Credit for the affected month and it will be applied to reduce Your next invoice for the Services:
|Service Availability||Service Credit|
|Less than 99.9%||10%|
|Less than 99%||25%|
The foregoing represents Your sole and exclusive remedy for any breach of the performance warranty. You are not eligible for any Service Credit if Your use of the Service is free of charge.
11.2. TO THE EXTENT PERMITTED BY THE APPLICABLE LAWS, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER, OR TO ANY THIRD PARTY, FOR ANY SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO: (a) LOSS OF USE, (b) LOSS OF DATA, (c) LOSS OF BUSINESS OR PROFITS, or (d) COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY, ARISING OUT OF OR IN CONNECTION WITH THE SERVICES, WHETHER SUCH DAMAGES ARE BASED ON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), BREACH OF ANY OTHER LEGAL THEORY, OR OTHERWISE, REGARDLESS OF WHETHER SUCH DAMAGE WAS FORESEEABLE OR WHETHER THE PARTY HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. EXCEPT FOR A PARTY’S INDEMNITY OBLIGATIONS HEREUNDER, AND TO THE EXTENT PERMITTED BY THE APPLICABLE LAWS, THE AGGREGATE LIABILITY OF EITHER PARTY HEREUNDER FOR ALL DAMAGES ARISING UNDER OR RELATING TO THE PROVISION OF SERVICES, NOTWITHSTANDING THE FORM (E.G., CONTRACT, TORT, OR OTHERWISE) IN WHICH ANY ACTION IS BROUGHT, SHALL BE LIMITED TO THE TOTAL AMOUNT OF FEES ACTUALLY RECEIVED BY COMMVAULT FROM YOU FOR THE APPLICABLE SERVICES APPLICABLE TO THE TWELVE (12) MONTH PERIOD PRECEDING THE MONTH IN WHICH THE INCIDENT CAUSING THE DAMAGES AROSE.
The foregoing limit of liability shall apply to any claims arising in respect of the Services.
12.1. To the extent not prohibited by applicable law, You shall indemnify, defend and hold harmless Commvault, its officers, directors, employees and agents, from and against third party claims, losses, damages, liabilities, costs, and expenses (including reasonable attorneys’ fees), awards, fines, or settlements imposed on Us arising from or relating to Your use of the Services, including but not limited to Your: (a) willful misconduct or gross negligence, (b) failure to meet the security obligations required by this Agreement, or (c) misappropriation or infringement of a third party’s intellectual property right. Your obligations under this Section 12.1 include claims arising out of the acts or omissions of Your employees, Your Service Users, any other person to whom You have given access to the Services or Your Data, and any person who gains access to the Services or Your Data as a result of Your failure to use reasonable security precautions, even if You did not authorize the acts or omissions of such persons.
12.2 Commvault will defend You against third party claims, and indemnify and hold You harmless against final judgments (including reasonable attorneys’ fees), arising out of (a) a claim that the Services infringe any patent, trademark or copyright or (b) our actual gross negligence or willful misconduct.
12.3 Process. In the event of any third party claim subject to this Section 12, each party shall (a) provide the other party with prompt written notice upon becoming aware of any such claim; (b) reasonably cooperate with the other party in the defense of such claim; and (c) grant sole and exclusive control over the defense and settlement of any such claim to the indemnifying party. Notwithstanding the foregoing, Commvault will have no liability of any kind to the extent any claim is based on or arises from: (i) custom functionality provided to You based on Your specific requirements; (ii) any modification of the Services by You or any third party; (iii) the combination of Services with any technology or other services not provided by Us; or (iv) Your failure to use updated or modified versions of the Services made available by Us to avoid such a claim. If the Services or Your Data are subject to a claim of infringement of the intellectual property rights of a third party, the indemnifying party may, in its sole discretion, either (a) procure the necessary rights to continue to use the Services, content or data alleged to be infringing; (b) modify the alleged infringing portion to make it non-infringing; or (c) if neither (a) or (b) are commercially feasible, terminate the applicable Service or use of the allegedly infringing portion of Your Data.
12.4. The indemnification obligation contained in Section 12.2 shall be Your sole remedy, and our sole obligation, with respect to claim of infringement.
13. General Provisions
13.1. Marketing. You grant Commvault the limited right to use Your company name and logo as a reference for marketing and promotional purposes on the Metallic website and in other public and private communications with new and existing customers. We may seek to use Your name in other materials or contexts but will not do so without obtaining Your prior written approval. If you do not wish to grant us these limited rights, you may opt out by emailing Us at Customersuccess@Metallic.io.
13.2. Export Restrictions. The Services, including any software, documentation and any related technical data included with, or contained in the Services, may be subject to United States export control laws and regulations. You shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing or using the Services. Without limiting the foregoing: (a) You represents that You are not named on any United States government list of persons or entities prohibited from receiving exports to the best of your knowledge; (b) You represents that You will not use the Services in a manner which is prohibited under United States Government export regulations; (c) You will comply with all United States antiboycott laws and regulations; (d) You shall not provide the Service to any third party, or permit any User to access or use the Service in violation of any United States export embargo, prohibition or restriction; and (e) You shall not, and shall not permit any user or third party to, directly or indirectly, export, re-export or release the Services to any jurisdiction or country to which, or any party to whom, the export, re-export or release is prohibited by applicable law, regulation or rule.
13.3. U.S. Government End User Provisions. We provide the Services to federal government end users solely in accordance with the following: government technical data and software rights related to the Services include only those rights customarily provided to the public as defined in this Agreement. This customary commercial license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227‑7015 (Technical Data – Commercial Items) and DFAR 227.7202–3 (Rights in Commercial Computer Software or Computer Software Documentation).
13.4. Assignment. Neither party may assign this Agreement, in whole or in part, without the other party’s prior written consent, except in the case of a merger, reorganization, acquisition, consolidation, or sale of all, or substantially all, of its assets. Any attempt to assign this Agreement other than as permitted herein will be null and void. Without limiting the foregoing, this Agreement will inure to the benefit of and bind the parties’ respective successors and permitted assigns.
13.5. Force Majeure. No failure or omission by the parties hereto in the performance of any obligation of this Agreement shall be deemed a breach of this Agreement, nor shall it create any liability, provided the party uses reasonable efforts to resume performance hereunder, if the same shall arise from any cause or causes beyond the reasonable control of the parties, including, but not limited to the following, which, for the purpose of this Agreement, shall be regarded as beyond the control of the parties in question: (a) acts of God; (b) acts or omissions of any governmental entity; (c) any rules, regulations or orders issued by any governmental authority or any officer, department, agency or instrumentality thereof; (d) fire, storm, flood, earthquake, accident, war, rebellion, insurrection, riot, strikes and lockouts; or (e) utility or telecommunication failures.
13.6. Governing Law. Except as otherwise provided herein, this Agreement will be governed by and construed in accordance with the laws of the State of New Jersey, without regard to conflict/choice of law principles. Any legal action or proceeding arising under this Agreement will be brought exclusively in the federal or state courts located in Monmouth County, in the State of New Jersey, and the parties hereby irrevocably consent to the personal jurisdiction and venue therein.
13.7. Notices. Except as otherwise provided herein, all notices under this Agreement will be by email at the address You have provided or through the Services. Notices to Commvault will be sent to Customersuccess@metallic.io. Notices will be deemed to be effective one (1) day after an email is sent or the same day, in the case of notices provided through the Services.
13.8. No Agency. The parties are independent contractors and will have no power or authority to assume or create any obligation or responsibility on behalf of each other. This Agreement will not be construed to create or imply any partnership, agency, or joint venture.
13.9. Entire Agreement. This Agreement is the complete and exclusive agreement between the parties with respect to the subject matter hereof, and supersedes any prior or contemporaneous agreements, negotiations and communications (both written and oral) regarding such subject matter.
13.10. Severability. If for any reason a court of competent jurisdiction finds any provision or portion of this Agreement to be unenforceable, that provision of the Agreement will be enforced to the maximum extent permissible so as to affect the intent of the parties, and the remainder of this Agreement will continue in full force and effect.
13.11. Waiver. Failure of either party to insist on strict performance of any provision herein shall not be deemed a waiver of any rights or remedies that either party shall have and shall not be deemed a waiver of any subsequent default of the terms and conditions thereof.
13.12 Insurance. During the term of this Agreement, We shall maintain appropriate insurance coverage, including commercial general liability insurance, workers compensation and employers’ compensation liability, and technology errors and omissions liability insurance and information risk liability insurance in the amount of not less than $5,000,000.
13.13. Modifications and Amendment. We may, from time to time, modify or amend non-material terms of this Agreement or the other documents relating to the Services that are referenced herein. In the event of a material change to this Agreement, We will notify You of such change by emailing the address associated with Your account or sending a message through the Services. The changes will become effective as of the date set forth on such notification. By continuing to use the Services and/or Software, You agree that the terms of the updated version shall apply to all Services and/or Software You have purchased. You may review the then-current version of this Agreement and any of the documentation referenced herein at any time be visiting the Metallic website.
Exhibit A – Data Processing Addendum
In cases defined in Section 6.5, this Data Protection Addendum (“DPA”) available at https://metallic.io/data-processing-addendum shall form part of the Master Services Agreement (“Agreement”) for the purchase of Services between Commvault and You. The DPA is based on Standard Contractual Clauses between Controllers and Processors adopted by European Commission on June 4th 2021.