PLEASE READ THESE ATHEAN LLC ENTERPRISE TERMS (“TERMS”) CAREFULLY BEFORE USING THE SERVICES OFFERED BY ATHEAN LLC (“ATHEAN”). BY MUTUALLY EXECUTING ONE OR MORE ORDER FORMS WITH ATHEAN WHICH REFERENCE THESE TERMS (EACH, AN “ORDER FORM”), YOU (“CUSTOMER”) AGREE TO BE BOUND BY THESE TERMS (TOGETHER, WITH ALL ORDER FORMS, THE “AGREEMENT”) TO THE EXCLUSION OF ALL OTHER TERMS. IN ADDITION, ANY ONLINE ORDER FORM WHICH YOU SUBMIT VIA ATHEAN’S STANDARD ONLINE PROCESS AND WHICH IS ACCEPTED BY ATHEAN WILL BE DEEMED TO BE MUTUALLY EXECUTED. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF AN ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU ARE AUTHORIZED TO BIND SUCH ENTITY TO THE TERMS OF THIS AGREEMENT. IF THE TERMS OF THIS AGREEMENT ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO SUCH TERMS.

1.1.  “Account Data” means data that relates to Athean’s relationship with Customer, including, by way of example and without limitation, the names and contact information of Authorized Users and any other data Athean collects for the purpose of managing its relationship with Customer, identity verification, or as otherwise required by applicable laws, rules, or regulations.

1.2. “Authorized User” means Customer’s employees, consultants, contractors, and agents: (i) who are authorized by Customer to access and use the Service under this Agreement; and (ii) for whom access to the Service has been purchased hereunder.

1.3. “Client-Side Software” means any software in source or object code form that Athean makes available to Customer for use in connection with the Service.

1.4. “Athean IP” means the Service, the Client-Side Software, and any and all intellectual property provided to Customer or any Authorized User in connection with the foregoing. For the avoidance of doubt, Athean IP as defined herein includes Account Data, Usage Data, Aggregated or De-Identified Data, and any information, data, or other content derived from Athean’s provision of the Service but does not include Customer Data.

1.5. “Customer Data” means information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or an Authorized User through the Service; provided that, for purposes of clarity, Customer Data as defined herein does not include Account Data and Usage Data.

1.6. “Harmful Code” means any software, hardware, or other technology, device, or means, including any virus, worm, malware, or other malicious computer code, the purpose or effect of which is to permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede in any manner any (i) computer, software, firmware, hardware, system, or network; or (ii) any application or function of any of the foregoing or the security, integrity, confidentiality, or use of any data processed thereby.

1.7. “Personal Data” means any information that, individually or in combination, does or can identify a specific individual or by or from which a specific individual may be identified, contacted, or located, including without limitation all data considered “personal data”, “personally identifiable information”, or something similar under applicable laws, rules, or regulations relating to data privacy.

1.8. “Professional Services” means training, migration, implementation, integration, or other professional services that are memorialized in writing in a Statement of Work and provided to Customer in connection with its use of the Service hereunder.

1.9. “Sensitive Data” means: (i) special categories of data enumerated in European Union Regulation 2016/679, Article 9(1) or any successor legislation; (ii) protected health information as defined in the Health Insurance Portability and Protection Act, as amended (“HIPAA”); (iii) payment cardholder information or financial account information, including bank account numbers or other personally identifiable financial information; (iv) social security numbers, driver’s license numbers, or other government identification numbers; (v) other information subject to regulation or protection under specific laws such as the Children’s Online Privacy Protection Act (“COPPA”) or the Gramm-Leach-Bliley Act (“GLBA”), in each case as amended, or related rules or regulations; or (vi) any data similar to the above protected under applicable laws, rules, or regulations.

1.10. “Service” means Athean product(s) and/or service(s), including Service Data provided therewith, specified in applicable Order Form(s), and as made available to Authorized Users from time to time.

1.11. “Service Data” means Personal Data about Customer’s sales prospects and business-level data provided by Athean to Customer in connection with the Service.

1.12. “Statement of Work” means a written statement of work for Professional Services executed by both parties that incorporates this Agreement by reference.

1.13. “Subscription Period” means the time period identified on the Order Form during which Customer’s Authorized Users may access and use the Service.

1.14. “Third Party Integrations” means any third-party products provided with, integrated with, or incorporated into the Service.

1.15. “Usage Data” means usage data collected and processed by Athean in connection with Customer’s use of the Service, including without limitation data used to identify the source and destination of a communication, activity logs, and data used to optimize and maintain performance of the Service, and to investigate and prevent system abuse.

1.16. “Usage Limitations” means the usage limitations set forth in this Agreement and the Order, including without limitation any limitations on the number of Authorized Users (if any), and the applicable product, pricing, and support tiers agreed-upon by the parties.

2.1. Order Forms; Access to the Service. Upon mutual execution, each Order Form will be incorporated into and form a part of the Agreement. For each Order Form, subject to Customer’s compliance with the terms and conditions of this Agreement (including any Usage Limitations and restrictions set forth on the applicable Order Form), Athean grants Customer a nonexclusive, limited, personal, nonsublicensable, nontransferable (except in compliance with Section 15) right and license to internally access and use the Service during the applicable Order Form Term (as defined below) for the internal business purposes of Customer, only as provided herein. Use of the Services is limited to the features and functionalities specified in the Order Form. The foregoing includes a limited license for Customer to install and use any Client-Side Software solely in support of Customer’s authorized use of the Service. Each Authorized User must have its own unique account for accessing the Service, and Authorized Users may not share their account credentials with one another or any third party. Customer will be responsible for all acts and omissions of its Authorized Users in connection with this Agreement and for all use of Authorized Users’ accounts.

2.2. Use Restrictions. Except as expressly set forth in this Agreement, Customer will not (and will not permit any third party to), directly or indirectly: (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Service (except to the extent applicable laws specifically prohibit such restriction); (ii) modify, translate, or create derivative works based on the Service or Third Party Integrations; (iii) copy, rent, lease, distribute, pledge, assign, sublicense, publish, resell or otherwise transfer, provide access to, or encumber rights to the Service or Third Party Integrations; (iv) use the Service or Third Party Integrations for the benefit of a third party or make the Service available to any third party; (v) remove or otherwise alter any proprietary notices or labels from the Service or Third Party Integrations or any portion thereof; (vi) use the Service or Third Party Integrations to build an application or product that is competitive with any Athean product or service; (vii) interfere or attempt to interfere with the proper working of the Service or Third Party Integrations or any activities conducted on the Service; (viii) bypass any measures Athean may use to prevent or restrict access to the Service (or other accounts, computer systems or networks connected to the Service); (ix) use the trademarks, trade names, service marks, logos, domain names and other distinctive brand features or any copyright or other proprietary rights associated with the Third Party Integrations for any purpose without the express written consent of the third-party product provider; (x) use the Service for any activity where use or failure of the Service could lead to death, personal injury, or environmental damage, including life support systems, emergency services, nuclear facilities, autonomous vehicles, or air traffic control; (xi) use Service Data in connection with establishing a consumer’s eligibility for credit or insurance to be used primarily for personal, family or household purposes, or in connection with assessing risks associated with existing credit obligations of a consume; (xii) use Service Data for purposes of evaluating a consumer for employment, promotion, reassignment or retention as an employee; (xiii) use data for any tenancy verification or in connection with any application to rent real property; (xiv) use Service Data in connection with a determination of a consumer’s eligibility for a license or other benefit that depends on an applicant’s financial responsibility or status; (xv) use Service Data as a potential investor or servicer, or current insurer, in connection with a valuation of, or assessment of credit or prepayment risks associated with, an existing credit obligation; (xvi) use the Service in connection with any information, service or product sold or delivered to a “Consumer” (as that term is defined in the Fair Credit Reporting Act) that constitutes or is derived in substantial part from a Consumer Report; (xvii) use the Service Data for any eligibility for any government benefit or service; (xviii) use the Service Data for any eligibility decision made by a government pertaining but not limited to assistance to natural persons for housing, food, energy, health care, licensure, education, medical costs or any other form of government assistance or benefit; or (xix) sell Service Data to any third parties. Customer is responsible for all of Customer’s activity in connection with the Service, including but not limited to uploading Customer Data onto the Service. Customer (a) will use the Service only in compliance with all applicable local, state, national and foreign laws, treaties and regulations in connection with Customer’s use of the Service (including those related to data privacy, international communications, export laws and the transmission of technical or personal data laws); (b) shall not input, upload, transmit or otherwise provide any information or materials, including Customer Data, that contain, transmit, or activate any Harmful Code; and (c) shall not use the Service in a manner that violates any third party intellectual property, contractual or other proprietary rights.

2.3. Notice and Consent. Customer acknowledges that certain jurisdictions may require Customer to obtain consent, provide notice, disclose specific information to data subjects, or take other actions to lawfully engage in marketing activities (including via texting or calling), process personal data, or record, transcribe, or monitor communications. Customer is solely responsible for complying with all such legal requirements arising from its use of the Services. Customer represents and warrants that it will provide all required notices and information, and obtain all necessary consents, as mandated by applicable law.

2.4. Suspension. Notwithstanding anything to the contrary in this Agreement, Athean may temporarily suspend Customer’s and any Authorized User’s access to any portion or all of the Service if: (i) Athean reasonably determines that (a) there is a threat or attack on any of Athean IP; (b) Customer’s or any Authorized User’s use of Athean IP disrupts or poses a security risk to Athean IP or to any other customer or vendor of Athean; (c) Customer, or any Authorized User, is using Athean IP for fraudulent or illegal activities; (d) subject to applicable law, Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; (e) Athean’s provision of the Service to Customer or any Authorized User is prohibited by applicable law; (f) Customer, or any Authorized User, has violated the restrictions in Sections 2.2 or 2.3; or (g) any Customer Data submitted, posted, or otherwise transmitted by or on behalf of Customer or an Authorized User through the Service may infringe or otherwise violate any third party’s intellectual property or other rights; (ii) any vendor of Athean has suspended or terminated Athean’s access to or use of any Third Party Integrations required to enable Customer to access the Service; or (iii) Customer’s account is more than ten (10) days past due in accordance with Section 5 (any such suspension due to Customer’s failure to pay applicable Fees, a “Service Suspension”). Athean will use reasonable efforts to provide written notice of any Service Suspension to Customer and to provide updates regarding resumption of access to the Service following any Service Suspension. Athean will use reasonable efforts to resume providing access to the Service as soon as reasonably possible after the event giving rise to the Service Suspension is cured. Athean will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any Authorized User may incur as a result of a Service Suspension.

3.1. Authorized Users; Customer Systems. Customer is responsible and liable for all uses of the Service resulting from access provided by Customer, directly or indirectly, whether such access or use is permitted by or in violation of this Agreement. Without limiting the generality of the foregoing, Customer is responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of this Agreement if taken by Customer will be deemed a breach of this Agreement by Customer. Customer is responsible for ensuring all Authorized Users are aware of this Agreement’s provisions as applicable to such Authorized User’s use of the Service and will cause Authorized Users to comply with such provisions. Further, Customer has and will retain sole responsibility for: (i) all information, instructions, and materials provided by or on behalf of Customer or any Authorized User in connection with the Service; (ii) Customer’s information technology infrastructure, including computers, software, databases, electronic systems (including database management systems), and networks, whether operated directly by Customer or through the use of third-party platforms or service providers (“Customer Systems”); (iii) the security and use of Customer’s and its Authorized Users’ access credentials; and (iv) all access to and use of the Service directly or indirectly by or through the Customer Systems or its Authorized Users’ access credentials, with or without Customer’s knowledge or consent, including all results obtained from, and all conclusions, decisions, and actions based on, such access or use.

3.2. Customer Data. Customer will retain all right, title and interest in and to the Customer Data, including all intellectual property rights therein. Customer, not Athean, is solely responsible for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Customer Data. Customer represents and warrants that it has all rights necessary to provide the Customer Data to Athean as contemplated hereunder, in each case without any infringement, violation or misappropriation of any third party rights (including, without limitation, intellectual property rights and rights of privacy). Customer hereby grants to Athean, during the Subscription Period, a non-exclusive, royalty-free, worldwide license to reproduce, distribute, and otherwise use and display the Customer Data and perform all other acts with respect to the Customer Data as may be necessary for Athean to provide the Service. Without limiting the generality of the foregoing, Customer acknowledges and agrees that Athean may (i) internally use and modify (but not disclose) Customer Data for the purposes of (A) providing the Service and (B) generating Aggregated or De-Identified Data (as defined below), and (ii) freely use, retain and make available Aggregated or De-Identified Data for Athean’s business purposes (including without limitation, for purposes of developing, improving, testing, operating, promoting and marketing Athean’s products and services). For the purposes of this Agreement, “Aggregated or De-Identified Data” means data submitted to, collected by, or generated by Athean in connection with Customer’s use of the Service, but only in aggregate or de-identified form which can in no way be linked specifically to Customer. Customer may export the Customer Data at any time through the features and functionalities made available via the Service; provided that Customer agrees and acknowledges that Customer Data may be irretrievably deleted if Customer’s account is ninety (90) days or more delinquent. Without limiting the generality of the foregoing, Customer acknowledges that the Services rely on the use of third-party artificial intelligence and machine learning platforms (“AI Platforms”) and agrees that Customer Data may be shared with the third parties that operate such AI Platforms for the purpose of providing the Services to Customer and Authorized Users. Furthermore, Customer acknowledges that the results they receive from the Services may be similar or identical to those independently generated by the Services for other customers.  Customer understands that results are generated through artificial intelligence and machine learning and are not guaranteed to be accurate, complete, or current, and should be independently verified before use.

3.3. Sanctions Compliance. Customer represents and warrants that (i) any Customer Data made available to Athean has not been acquired from embargoed or sanctioned locations including those on sanctions lists issued by the U.S. Export Administration Regulations and/or the U.S. Department of the Treasury’s Office of Foreign Assets Control, including but not limited to, Venezuela, China, Russia, Iran, Ethiopia, Lebanon, Zimbabwe, Iraq, Nicaragua, Democratic Republic of Congo, Cuba, Afghanistan, Sudan, Syria, Mali, Somalia, Libya, Yemen, Central African Republic, South Sudan, North Korea, and Belarus (“Embargoed/Sanctioned Countries”); (ii) Customer Data provided to Athean has not been acquired from any person, or any entity controlled by any person, listed on the Specially Designated Nationals And Blocked Persons List published by the U.S. Department of Treasury; (iii) that it will not process data in any Embargoed/Sanctioned Countries; (iv) it will not process or forward any Customer Data to Athean in violation of the Protecting Americans’ Data from Foreign Adversaries Act or any similar subsequent law or regulation, and will not (without limitation) provide any Service Data to any entity that is located in any of the following nations: China (including Macau and Hong Kong), Russia, Iran, Venezuela, Cuba or North Korea (“Prohibited Nation(s)”) or any entity with a 20 percent (or greater) shareholder that is located in (or owned by) any Prohibited Nation.

3.4. Third Party Integrations. Customer acknowledges and agrees that (i) the Service may operate on, with or using Third Party Integrations; (ii) the availability and operation of the Service or certain portions thereof may be dependent on Athean’s ability to access such Third Party Integrations; and (iii) Customer’s failure to provide adequate access or any retraction of permissions relating to such Third Party Integrations may result in a suspension or interruption of the Service. Customer hereby represents and warrants that it has all rights, licenses, permissions and consents necessary to connect, use and access any Third Party Integrations that it integrates with the Service. Athean cannot and does not guarantee that the Service will incorporate (or continue to incorporate) any particular Third Party Integrations and does not make any representations or warranties with respect to Third Party Integrations. Customer is solely responsible for procuring any and all rights necessary for it to access Third Party Integrations (including any Customer Data or other information relating thereto) and for complying with any applicable terms or conditions thereof. Any exchange of data or other interaction between Customer and a third-party provider is solely between Customer and such third party provider and is governed by such third party’s terms and conditions. By authorizing Athean to transmit Customer Data from Third Party Integrations into the Service, Customer represents and warrants to Athean that it has all right, power, and authority to provide such authorization.

3.5. Open Source Components. Certain aspects of the Service, such as the Client-Side Software, may contain or be distributed with open source software code or libraries (“Open Source Components”). Athean will provide a list of Open Source Components for a particular version of any distributed portion of the Service, such as the Client-Side Software, on Customer’s request. To the extent required by the license applicable to such Open Source Components: (i) Athean will use reasonable efforts to deliver to Customer any notices or other materials (such as source code); and (ii) the terms of such licenses will apply to such Open Source Components in lieu of the terms of this Agreement. To the extent the terms of such licenses prohibit any of the restrictions in this Agreement with respect to any particular Open Source Component, such restrictions will not apply to such Open Source Component. To the extent the terms of such licenses require Athean to make an offer to provide source code or related information in connection with the Open Source Component, such offer is hereby made.

4.1. Implementation. Upon payment of any applicable fees set forth in each Order Form, Athean agrees to use reasonable commercial efforts to provide standard implementation assistance for the Service only if and to the extent such assistance is set forth on such Order Form (“Implementation Assistance”). If Athean provides Implementation Assistance in excess of any agreed-upon hours estimate, or if Athean otherwise provides additional services beyond those agreed in an Order Form, Customer will pay Athean at its then-current hourly rates for consultation.

4.2. Support. During the Subscription Period, subject to Customer’s payment of all applicable fees, Athean will use commercially reasonable efforts to provide support, maintenance, and uptime for each Service with basic Customer support via Athean’s standard support channels during Athean’s normal business hours.

4.3. Service Updates. From time to time, Athean may provide upgrades, patches, enhancements, or fixes for the Services to its customers generally without additional charge (“Updates”), and such Updates will become part of the Services and subject to this Agreement; provided that Athean has no obligation under this Agreement or otherwise to provide any such Updates. Customer understands that Athean may make improvements and modifications to the Services at any time in its sole discretion; provided that Athean will use commercially reasonable efforts to give Customer reasonable prior notice of any major changes.

4.4. Professional Services. Athean will perform Professional Services as described in an Order or Statement of Work. Customer will provide Athean all reasonable cooperation required for Athean to perform the Professional Services, including without limitation timely access to any reasonably required Customer materials, information, or personnel. Subject to any limitations identified in an Order or Statement of Work, Customer will reimburse Athean’s reasonable travel and lodging expenses incurred in providing Professional Services. To the extent the Professional Services result in any software code or other work product of any kind (“Work Product”), all such Work Product will remain owned solely and exclusively by Athean and may be used by Customer solely in connection with Customer’s authorized use of the Service under this Agreement.

5.1. Fees. Customer will pay Athean fees as set forth in each Order Form (“Fees”) at the cadence identified in the Order Form. Unless otherwise specified in an Order Form, all Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Athean’s income. All Fees paid are non-refundable and are not subject to set-off or deduction. If Customer fails to make any payment when due, and Customer has not notified Athean in writing within thirty (30) days of the payment becoming due and payable that the payment is subject to a good faith dispute, without limiting Athean’s other rights and remedies: (i) Athean may charge interest on the undisputed past due amount at the rate of [1.5% per month], calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable law; (ii) Customer will reimburse Athean for all reasonable costs incurred by Athean in collecting any late payments or interest, including attorneys’ fees, court costs, and collection agency fees; and (iii) if such failure continues for ten (10) days or more, Customer may be subject to a Service Suspension (in accordance with Section 4) until such past due amounts are paid in full.

5.2. Overages. If Customer exceeds any Authorized User or usage limitations set forth on an Order Form, then (i) Athean will invoice Customer for such additional users or usage at the overage rates set forth on the Order Form (or if no overage rates are set forth on the Order Form, at Athean’s then-current standard overage rates for such usage), in each case on a pro-rata basis from the first date of such excess usage through the end of the applicable Initial Term or then-current Renewal Term (as defined below), and (ii) if the Subscription Period renews (in accordance with Section 9 below), such Renewal Term will include the additional fees for such excess Authorized Users and usage.

6.1. Confidential Information. From time to time during the Subscription Period, either party may disclose or make available to the other party information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form or media that: (i) is marked, designated or otherwise identified as “confidential” or something similar at the time of disclosure or within a reasonable period of time thereafter; or (ii) would be considered confidential by a reasonable person given the nature of the information or the circumstances of its disclosure (collectively, “Confidential Information”). Confidential Information does not include information that, at the time of disclosure is: (a) in the public domain; (b) known to the receiving party at the time of disclosure; (c) rightfully obtained by the receiving party on a non-confidential basis from a third party; or (d) independently developed by the receiving party without use of, reference to, or reliance upon the disclosing party’s Confidential Information.

6.2. Duty. The receiving party will not use the disclosing party’s Confidential Information except to perform its obligations and exercise its rights hereunder nor will it disclose the disclosing party’s Confidential Information to any person or entity, except to the receiving party’s employees, contractors, and agents who have a need to know the Confidential Information for the receiving party to exercise its rights or perform its obligations hereunder (“Representatives”). The receiving party will be responsible for all the acts and omissions of its Representatives as they relate to Confidential Information hereunder. Notwithstanding the foregoing, each party may disclose Confidential Information to the limited extent required (A) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the party making the disclosure pursuant to the order must first have given written notice to the other party and made a reasonable effort to obtain a protective order; or (B) to establish a party’s rights under this Agreement, including to make required court filings. Further, notwithstanding the foregoing, each party may disclose the terms and existence of this Agreement to its actual or potential investors, debtholders, acquirers, or merger partners under customary confidentiality terms.

6.3. Effect of Termination or Expiration. Upon expiration or termination of the Agreement, the receiving party will promptly return to the disclosing party all copies, whether in written, electronic, or other form or media, of the disclosing party’s Confidential Information, or destroy all such copies and certify in writing to the disclosing party that such Confidential Information has been destroyed. Each party’s obligations of non-use and non-disclosure with regard to Confidential Information are effective as of the Effective Date and will expire three (3) years from the date of termination or expiration of this Agreement; provided, however, with respect to any Confidential Information that constitutes a trade secret (as determined under applicable law), such obligations of non-disclosure will survive the termination or expiration of this Agreement until such Confidential Information is no longer considered a trade secret under applicable law through no wrongful act or omission of the receiving party.

7.1. Security Measures. Athean will use commercially reasonable efforts to maintain the security and integrity of the Service and the Customer Data. Athean is not responsible to Customer for unauthorized access to Customer Data or the unauthorized use of the Service unless such access is due to Athean’s gross negligence or willful misconduct. Customer is responsible for the use of the Service by any person to whom Customer has given access to the Service, even if Customer did not authorize such use.

7 .2. Processing of Personal Data. In the event and to the extent that Customer Data provided to Athean includes Personal Data subject to Privacy Laws (as defined in Exhibit A), excluding any Usage Data or Account Data, Exhibit A to this Agreement shall apply to such Personal Data.  

7.3. No Sensitive Data. Notwithstanding the foregoing, Customer acknowledges and agrees that: (i) the Service is not designed to store Sensitive Data; and (ii) Customer will not use the Service to store Sensitive Data and will not submit, post, or otherwise transmit any Customer Data that includes or constitutes Sensitive Data through the Services.

7.4. Usage Data and Account Data. Athean may process Account Data and Usage Data as a controller (i) to manage the relationship with Customer; (ii) to carry out Athean’s core business operations, such as accounting, audits, tax preparation and filing and compliance purposes; (iii) to monitor, investigate, prevent and detect fraud, security incidents and other misuse of the Services, and to prevent harm to Customer; (iv) for identity verification purposes; (v) to comply with legal or regulatory obligations applicable to the processing and retention of Personal Data to which Athean is subject; and (vi) as otherwise permitted under Privacy Laws and in accordance with the Agreement. Company may also process Usage Data as a controller to provide, improve, and maintain the Service, to the extent permitted by Privacy Laws.

As between the parties, Athean reserves all rights not expressly granted to Customer in this Agreement, and retains all right, title, and interest in and to the Services, and all software, products, works, and other intellectual property and moral rights related thereto or created, used, or provided by Athean for the purposes of this Agreement, including any copies and derivative works of the foregoing. Any software which is distributed or otherwise provided to Customer hereunder (including without limitation any software identified on an Order Form) will be deemed a part of the Service and subject to all of the terms and conditions of this Agreement. No rights or licenses are granted, including by implication, waiver, estoppel, or otherwise, except as expressly and unambiguously set forth in this Agreement. Customer or any of its employees or contractors may (but is not obligated to) provide suggestions, comments or other feedback to Athean with respect to the Service (“Feedback”). Athean acknowledges and agrees that all Feedback is provided “AS IS” and without warranty of any kind. Notwithstanding anything else, Customer will, and hereby does, grant to Athean a nonexclusive, worldwide, perpetual, irrevocable, transferable, sublicensable, royalty-free, fully paid up license to use and exploit the Feedback for any purpose. Athean is free to use such Feedback irrespective of any other obligation or limitation between the parties governing such Feedback. Nothing in this Agreement will impair Athean’s right to develop, acquire, license, market, promote or distribute products, software or technologies that perform the same or similar functions as, or otherwise compete with any products, software or technologies that Customer may develop, produce, market, or distribute.

This Agreement will commence upon the Effective Date of the first Order Form, and, unless earlier terminated in accordance herewith, will last until the expiration of all Order Form Terms. For each Order Form, unless otherwise specified therein, the Subscription Period will begin as of the effective date set forth on such Order Form, and unless earlier terminated as set forth herein, (x) will continue for the Initial Term, and (y) following the Initial Term, will automatically renew for additional successive periods pursuant to the Renewal Term, each as specified on such Order Form, unless either party notifies the other party of such party’s intention not to renew no later than thirty (30) days prior to the expiration of the Initial Term or then-current Renewal Term, as applicable. In the event of a material breach of this Agreement by either party, the non-breaching party may terminate this Agreement by providing written notice to the breaching party, provided that the breaching party does not materially cure such breach within thirty (30) days of receipt of such notice. Athean may terminate this Agreement, effective on written notice to Customer, if Customer: (i) fails to pay any amount when due hereunder, and such failure continues more than ten (10) calendar days after Athean’s delivery of written notice thereof; or (ii) breaches any of its obligations under Sections 2.2 or 6. All provisions of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued payment obligations, ownership provisions, warranty disclaimers, indemnity and limitations of liability. For clarity, any services provided by Athean to Customer in contemplation of or due to termination of this Agreement, including any assistance in exporting the Customer Data, will be billable at Athean’s standard rates then in effect.

10.1. Athean Indemnification. Athean will indemnify, defend, and hold harmless Customer from and against any and all losses, damages, liabilities, costs (including reasonable attorneys’ fees) (“Losses”) incurred by Customer resulting from any claim, suit, action, or proceeding brought by an unaffiliated third party (“Third Party Claim”) against Customer alleging that the Service, or any use of the Service in accordance with this Agreement, infringes or misappropriates such third party’s U.S. intellectual property rights; provided that Customer promptly notifies Athean in writing of the claim, cooperates with Athean, and allows Athean sole authority to control the defense and settlement of such claim. If such a claim is made or appears possible, Customer agrees to permit Athean, at Athean’s sole discretion: to (i) modify or replace the Service, or component or part thereof, to make it non-infringing; or (ii) obtain the right for Customer to continue use. If Athean determines that neither alternative is reasonably commercially available, Athean may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice to Customer. This Section 10.1 will not apply to the extent that the alleged infringement arises from: (a) use of the Service in combination with data, software, hardware, equipment, or technology not provided by Athean or authorized by Athean in writing; (b) modifications to the Service not made by Athean; (iii) Customer Data; or (iv) Third Party Integrations. THIS SECTION 10.1 SETS FORTH CUSTOMER’S SOLE REMEDIES AND ATHEAN’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES INFRINGE, MISAPPROPRIATE, OR OTHERWISE VIOLATE ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY.

10.2. Customer Indemnification. Customer will indemnify, hold harmless, and, at Athean’s option, defend Athean from and against any Losses resulting from any Third Party Claim: (i) alleging that the Customer Data, or any use of the Customer Data in accordance with this Agreement, infringes or misappropriates such third party’s intellectual property, privacy, or other right; (ii) relating to Customer’s failure to comply with Section 2.3, (iii) relating to any Third-Party Integrations; (iv) based on unauthorized access, use, or disclosure of Service Data; or (v) based on Customer’s or any Authorized User’s (a) negligence or willful misconduct; (b) use of the Service in a manner not authorized by this Agreement; or (c) use of the Service in combination with data, software, hardware, equipment or technology not provided by Athean or authorized by Athean in writing; in each case, provided that Customer may not settle any Third Party Claim against Athean unless Athean consents to such settlement in writing, and further provided that Athean will have the right, at its option, to defend itself against any such Third Party Claim or to participate in the defense thereof by counsel of its own choice.

EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICE, INCLUDING SERVICE DATA, IS PROVIDED “AS IS” AND “AS AVAILABLE” AND ARE WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, ACCURACY OF SERVICE DATA, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE, USAGE OF TRADE, OR COURSE OF DEALING, ALL OF WHICH ARE EXPRESSLY DISCLAIMED. ATHEAN MAKES NO WARRANTY OF ANY KIND THAT THE SERVICE, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM OR OTHER PLATFORM, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE. ATHEAN DOES NOT REPRESENT, COVENANT, WARRANT, OR PROMISE THAT ANY OF THE SERVICES MAY BE USED OR RELIED UPON BY CUSTOMER OR ANY OTHER PARTY TO COMPLY WITH ANY LAW, RULE, REGULATION, INDUSTRY STANDARD, OR POLICY, NOR THAT ANY OF THE SERVICES WILL RENDER CUSTOMER NOR ANY OTHER PARTY COMPLIANT WITH ANY LAW, RULE, REGULATION, INDUSTRY STANDARD, OR POLICY, AND ATHEAN EXPRESSLY DISCLAIMS TO THE FULLEST EXTENT PERMISSIBLE BY APPLICABLE LAW ANY SUCH REPRESENTATION, COVENANT, WARRANTY, OR PROMISE. IF AND TO THE EXTENT THAT CUSTOMER USES ANY OF THE SERVICES WITH THE INTENTION OF OR FOR THE PURPOSE OF COMPLYING WITH ANY LAW, RULE, REGULATION, INDUSTRY STANDARD, OR POLICY, CUSTOMER ACKNOWLEDGES AND AGREES THAT SUCH SERVICES ARE, IN THAT REGARD, PROVIDED “AS IS”, AND CUSTOMER ASSUMES FULL RESPONSIBILITY FOR ITS COMPLIANCE. CUSTOMER AGREES THAT ATHEAN SHALL HAVE NO LIABILITY TO CUSTOMER FOR CUSTOMER’S USE OF OR RELIANCE ON ANY SERVICES FOR SUCH PURPOSES. THIS PARAGRAPH IS NOT INTENDED TO DIMINISH, MODIFY, OR RELEASE ANY EXPRESS REPRESENTATIONS AND WARRANTIES STATED HEREIN.

EXCEPT FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS AND FOR CUSTOMER’S BREACH OF SECTIONS 2.2, 2.3 AND 3, IN NO EVENT WILL EITHER PARTY, NOR ITS DIRECTORS, EMPLOYEES, AGENTS, PARTNERS, SUPPLIERS OR CONTENT PROVIDERS, BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL OR EQUITABLE THEORY WITH RESPECT TO THE SUBJECT MATTER OF THIS AGREEMENT FOR ANY LOST PROFITS, DATA LOSS, BREACH OF DATA OR SYSTEM SECURITY, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, SUBSTITUTE GOODS OR SERVICES (HOWEVER ARISING), IN EACH CASE REGARDLESS OF WHETHER SUCH PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. IN NO EVENT WILL ATHEAN’S AGGREGATE LIABILITY FOR ANY DIRECT DAMAGES ARISING OUT OF RELATED TO THIS AGREEMENT EXCEED (IN THE AGGREGATE) THE FEES PAID (OR PAYABLE) BY CUSTOMER TO ATHEAN HEREUNDER IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO A CLAIM HEREUNDER.

From time to time, Athean may make a Free Trial Service available to Customer at no charge.  Customer may choose to try such Free Trial Service or not in its sole discretion.  If Customer uses a Free Trial Service, Athean will make such Free Trial Service available to Customer on a trial basis, free of charge, until the earlier of (a) the end of the free trial period for which Customer agreed to use such Free Trial Service, (b) the start date of any Services subscription purchased by Customer that includes such Free Trial Service, or (c) termination of the Free Trial Service by Athean in its sole discretion. A free trial period may be extended upon mutual agreement by Athean and Customer. Notwithstanding anything to the contrary in this Agreement, a Free Trial Service is provided “AS IS.” ATHEAN MAKES NO REPRESENTATION OR WARRANTY AND SHALL HAVE NO INDEMNIFICATION OBLIGATIONS WITH RESPECT TO A FREE TRIAL SERVICE. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, ATHEAN SHALL HAVE NO LIABILITY OF ANY TYPE WITH RESPECT TO A FREE TRIAL SERVICE, UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW, IN WHICH CASE F ATHEAN TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO A FREE TRIAL SERVICE IS LIMITED TO A MAXIMUM OF USD $1,000. CUSTOMER SHALL NOT USE THE FREE TRIAL SERVICE IN A MANNER THAT VIOLATES APPLICABLE LAWS AND WILL BE FULLY LIABLE FOR ANY DAMAGES CAUSED BY ITS USE OF A FREE TRIAL SERVICE. ANY DATA OR INFORMATION ENTERED INTO THE FREE TRIAL SERVICE BY CUSTOMER MAY BE PERMANENTLY LOST UPON TERMINATION OF THE FREE TRIAL SERVICE.  Customer agrees that it will not make any public statements or otherwise disclose its participation in the Free Trial Service without Athean’s prior written consent.  Athean may change or not release a final or commercial version of a Free Trial Service in its sole discretion.

Each party acknowledges and agrees that a breach or threatened breach by such party of any of its obligations under Sections 2.2 and 6 would cause the other party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other party will be entitled to seek equitable relief, including a restraining order, an injunction, specific performance and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity or otherwise.

This Agreement (including all Order Forms and Statements of Work) represents the entire agreement between Customer and Athean with respect to the subject matter hereof, and supersedes all prior or contemporaneous communications and proposals (whether oral, written or electronic) between Customer and Athean with respect thereto. Excluding the Order Form, terms in business terms, purchase orders, quotes, or similar documents used by a party will not amend or modify this Agreement; such documents are for administrative purposes only. In the event of any conflict between these Terms and an Order Form, the Order Form will control. The Agreement is governed by and construed in accordance with the laws of the State of California, excluding its conflicts of law rules, and the parties consent to exclusive jurisdiction and venue in the state and federal courts located in San Francisco, California. All notices under this Agreement must be in writing and will be deemed to have been duly given when received, if personally delivered or sent by certified or registered mail, return receipt requested; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; or the day after it is sent, if sent for next day delivery by recognized overnight delivery service. Notices must be sent to the contacts for each party set forth on the Order Form. Either party may update its address set forth above by giving notice in accordance with this section. Except as otherwise provided herein, any provision of this Agreement may be amended or waived only by a writing executed by an authorized representative of both parties. Except for payment obligations, neither party will be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond such party’s reasonable control, including, without limitation, the elements; fire; flood; severe weather; earthquake; vandalism; accidents; sabotage; power failure; denial of service attacks or similar attacks; Internet failure; acts of God and the public enemy; acts of war; acts of terrorism; riots; civil or public disturbances; strikes lock-outs or labor disruptions; any laws, orders, rules, regulations, acts or restraints of any government or governmental body or authority, civil or military, including the orders and judgments of courts. Neither party may assign any of its rights or obligations hereunder without the other party’s consent; provided that (i) either party may assign all of its rights and obligations hereunder without such consent to a successor-in-interest in connection with a merger or sale of substantially all of such party’s business relating to this Agreement, and (ii) Athean may utilize subcontractors in the performance of its obligations hereunder. Customer agrees that Athean may use Customer’s name and logo to refer to Customer as a customer of Athean on its website and in marketing materials. No agency, partnership, joint venture, or employment relationship is created as a result of this Agreement and neither party has any authority of any kind to bind the other in any respect. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees. If any provision of this Agreement is held to be unenforceable for any reason, such provision will be reformed only to the extent necessary to make it enforceable. The failure of either party to act with respect to a breach of this Agreement by the other party will not constitute a waiver and will not limit such party’s rights with respect to such breach or any subsequent breaches.

This United States Privacy Law Addendum (the “Addendum”) supplements the Agreement entered into by and between Customer and Athean. This Addendum includes the terms of the Agreement. Any capitalized terms that are used but not defined herein shall have the definitions set forth in the Agreement. Where there is a conflict between the Agreement and this Addendum, this Addendum will control.

1.1. “Authorized Subprocessor” means a third-party entity engaged by Athean to process Personal Data in order to provide the Services and that has been approved by Customer in accordance with Section 6.

1.2. “Consumer” means a natural person whose Personal Data is protected by Privacy Laws.

1.3. “Consumer Request” means a request from a Consumer to exercise their rights over Personal data afforded pursuant to Privacy Laws.

1.4.  “Controller” means the natural or legal person that, alone or jointly with others, determines the purpose and means of processing Personal Data. “Controller” includes the term “Business” or equivalent term under Privacy laws.

1.5. “Privacy Laws” means any applicable laws and regulations in any relevant jurisdiction relating to the processing of Personal Data. Privacy Laws includes but are not limited to, U.S. state comprehensive privacy laws, such as the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (the “CCPA”), in each case as updated, amended or replaced from time to time. The terms “affiliates,” “business purpose,” “Controller,” “cross-contextual behavioral advertising,” “Personal Data Breach,” “Processor,” “process” or “processing,” “sell,” “share,” or “targeted advertising” shall have the meaning set forth for that or any equivalent term under Privacy Laws. For the avoidance of doubt, the terms “Controller” and “Processor” include “Business” and “Service Provider,” respectively, as defined in the CCPA.

2.1. Nature and Purpose of Processing:  Athean shall process Personal Data provided by Customer under the Agreement as necessary to provide the Services under the Agreement, for the purposes specified in the Agreement and this Addendum, and in accordance with Customer’s instructions as set forth in this Addendum. Such purposes shall include processing Personal Data in order to provide assistance with prospecting.  

2.2. Duration of Processing: Athean shall process Personal Data provided by Customer as long as required (i) to provide the Services to Customer under the Agreement, or (ii) by applicable law or regulation.

2.3. Categories of Consumers: Athean may process Personal Data relating to the following categories of Consumers: sales prospects of customers.

2.4. Categories of Personal Data: Athean may process the following categories of Personal Data: name, location, email address, phone number, address, occupation, and title.

Customer shall, in its use of the Services, at all times process Personal Data, and provide instructions for the processing of Personal Data, in compliance with Privacy Laws. Customer shall ensure that the processing of Personal Data in accordance with Customer’s instructions will not cause Athean to be in breach of the Privacy Laws. Customer is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to Athean by or on behalf of Customer, (ii) the means by which Customer acquired any such Personal Data, and (iii) the instructions it provides to Athean regarding the processing of such Personal Data. Customer shall not provide or make available to Athean any Personal Data in violation of the Agreement or otherwise inappropriate for the nature of the Services, and shall indemnify Athean from all claims and losses in connection therewith.

Athean shall not: (i) sell or share Personal Data; (ii) retain, use, or disclose Personal Data outside of Athean’s direct business relationship with Customer or for any purpose other than for a business purpose under the CCPA on behalf of Customer or as necessary to perform the Services for Customer pursuant to the Agreement, except as otherwise permitted in Agreement or by Privacy Laws; and (iii) combine Personal Data received from, or on behalf of, Customer with Personal Data that it receives from, or on behalf of, another party or person, except as necessary to provide the Services or as otherwise instructed by Customer.

To the extent required by applicable Privacy Laws, and upon Customer’s written request at reasonable intervals, and subject to reasonable confidentiality controls, Athean shall either (i) make available for Customer’s review copies of certifications or reports demonstrating Athean’s compliance with prevailing data security standards applicable to the processing of Personal Data provided by Customer under the Agreement, or (ii) if the provision of reports or certifications pursuant to (i) is not reasonably sufficient under the applicable Privacy Laws, allow Customer or Customer’s independent third party representative to conduct an audit or assessment of Athean’s policies and technical and organizational measures using an appropriate and accepted control standard or framework and assessment procedure for such assessments, that (a) Customer provides reasonable prior written notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Athean’s business; (b) such audit shall only be performed during business hours and occur no more than once per calendar year; and (c) such audit shall be restricted to data relevant to Customer. Customer shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to Athean for any time expended for on-site audits. To the extent permitted under Privacy Laws, if Customer determines that Athean is processing Personal Data in an unauthorized manner, Customer may, taking into account nature of Athean’s processing and the nature of the Personal Data processed by Athean on behalf of Customer, and upon providing prior written notice, take commercially reasonable and appropriate steps to stop and remediate such unauthorized processing.

6.1. A list of Athean’s current Authorized Subprocessors (the “List”) is made available to Customer, attached hereto (See, Appendix).  Such List may be updated by Athean from time to time.  Athean may provide a mechanism to subscribe to notifications of new subprocessors and Customer agrees to subscribe to such notifications where available. At least ten (10) days before enabling any third party other than existing Authorized Subprocessors to access or participate in the processing of Personal Data, Athean will add such third party to the List and notify Customer via email. Customer may object to such an engagement by informing Athean within ten (10) days of receipt of the aforementioned notice to Customer, provided such objection is in writing and based on reasonable grounds relating to data protection. If Customer does not object during this period, that third party will be deemed an Authorized Subprocessor. Customer acknowledges that certain subprocessors are essential to providing the Services and that objecting to the use of a subprocessor may prevent Athean from offering the Services to Customer.

6.2. If Customer reasonably objects to an engagement in accordance with Section 6.1, and Athean cannot provide a commercially reasonable alternative within a reasonable period of time, Customer may discontinue the use of the affected Service by providing written notice to Athean.  Discontinuation shall not relieve Customer of any fees owed to Athean under the Agreement.

6.3. Athean will enter into a written agreement with the Authorized Subprocessor imposing on the Authorized Subprocessor data protection obligations comparable to those imposed on Athean under this Addendum with respect to the protection of Personal Data.  In case an Authorized Subprocessor fails to fulfill its data protection obligations under such written agreement with Athean, Athean will remain liable to Customer for the performance of the Authorized Subprocessor’s obligations under such agreement.

7.1. Athean shall ensure that any person it authorizes to process Personal Data has agreed to protect Personal Data in accordance with Athean’s confidentiality obligations in the Agreement. Customer agrees that Athean may disclose Personal Data to its advisers, auditors or other third party as reasonably required in connection with the performance of its obligations under this Addendum, the Agreement, or the provision of Services to Customer.

7.2. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Athean shall maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing Personal Data.

8.1. In the event of a Personal Data Breach, Athean shall, without undue delay, inform Customer of the Personal Data Breach and take such steps as Athean in its sole discretion deems necessary and reasonable to remediate such Personal Data Breach, to the extent that remediation is within Athean’s reasonable control.

8.2. In the event of a Personal Data Breach, Athean shall, taking into account the nature of the processing and the information available to Athean, provide Customer with reasonable cooperation and assistance necessary for Customer to comply with its obligations under Privacy Laws with respect to notifying (i) the relevant regulatory agency and (ii) Consumers affected by such Personal Data Breach without undue delay.

8.3. The obligations described in Sections 8.1 and 8.2 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Customer. Athean’s obligation to report or respond to a Personal Data Breach under Sections 8.1 and 8.2 will not be construed as an acknowledgement by Athean of any fault or liability with respect to the Personal Data Breach.

10.2. Customer Indemnification. Customer will indemnify, hold harmless, and, at Athean’s option, defend Athean from and against any Losses resulting from any Third Party Claim: (i) alleging that the Customer Data, or any use of the Customer Data in accordance with this Agreement, infringes or misappropriates such third party’s intellectual property, privacy, or other right; (ii) relating to Customer’s failure to comply with Section 2.3, (iii) relating to any Third-Party Integrations; (iv) based on unauthorized access, use, or disclosure of Service Data; or (v) based on Customer’s or any Authorized User’s (a) negligence or willful misconduct; (b) use of the Service in a manner not authorized by this Agreement; or (c) use of the Service in combination with data, software, hardware, equipment or technology not provided by Athean or authorized by Athean in writing; in each case, provided that Customer may not settle any Third Party Claim against Athean unless Athean consents to such settlement in writing, and further provided that Athean will have the right, at its option, to defend itself against any such Third Party Claim or to participate in the defense thereof by counsel of its own choice.

Athean shall, to the extent permitted by Privacy Laws, notify Customer upon receipt of a Consumer Request. If Athean receives a Consumer Request in relation to Personal Data, Athean will advise the Consumer to submit their request to Customer and Customer will be responsible for responding to such request, including, where necessary, by using the functionality of the Services. Customer is solely responsible for ensuring that Consumer Requests communicated to Athean, and, if applicable, for ensuring that a record of consent to processing is maintained with respect to each Consumer.

Upon the termination or expiration of the Agreement, at Customer’s choice, Athean shall return or delete Personal Data, unless further storage of such Personal Data is required or authorized by applicable law. If return or destruction is impracticable or prohibited by law, rule or regulation, Athean shall take measures to block such Personal Data from any further processing (except to the extent necessary for its continued hosting or processing required by law, rule or regulation) and shall continue to appropriately protect the Personal Data remaining in its possession, custody, or control.

The parties acknowledge and agree that with respect to Account Data and Usage Data, Athean is an independent controller, not a joint controller with Customer.

The parties acknowledge and agree that with respect to Account Data and Usage Data, Athean is an independent controller, not a joint controller with Customer.