By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Microsoft Word icon
Download Text

Master Subscription Agreement

Download PDF

This Master Subscription Agreement (“AGREEMENT”) and any accompanying Tovuti product and pricing document, executed as a standalone order or agreed to as part of an online order process on Tovuti's purchasing portal website is BETWEEN TOVUTI LMS (Tovuti) AND The named entity on the Tovuti product and pricing document accompanied with this Agreement  (The Client) This Agreement along with the product and pricing document is a binding contract between Tovuti, INC., and the Client 


Affiliate” means any entity, which directly or indirectly controls, is controlled by, or is under common control of the Client.

 “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity. This Agreement shall apply to each of the Clients Affiliates, regardless whether they also use the Services.

Business Days” means any days on which commercial banks in Boise, Idaho are open for business.

Documentation” means any written or electronically transmitted information provided to the Client by Tovuti in connection with the Services.

Fees” means the amounts payable to Tovuti by the Client in exchange for the Services ordered or agreed to as specified in the written proposal and subject to the Terms, and any additional amounts otherwise due and payable under this Agreement or the Terms, including, without limitation, late fees and collection costs.

Malicious Code” means viruses, worms, time bombs, Trojan horses, and other harmful or malicious code, files, scripts, agents, or programs.

Services” means any online, cloud-based, associated mobile applications or web-based platform and services that the Client purchases from Tovuti.

Terms” means the terms and conditions applicable to the Clients use of the Services provided by Tovuti, a copy of which is located at (

Privacy Policy”, which governs the use of any private information we gather from Users, located at the following URL (;

End User License Agreement”, which governs the use of any software licensed from Tovuti by Client located at the following URL (;

Third-Party Goods or Services” means any goods or services provided to the Client by third-parties to interoperate with the Services, including, without limitation, any smartphones, tablets, computers, online, web-based or cloud-based applications, or offline software or other hardware products that are provided by third-parties.

Users” means individuals who are authorized by the Client to use Tovuti Services, for whom subscriptions have been purchased or made available, and who have been supplied user identifications and passwords or granted access by the Client to create user identification passwords or by Tovuti at the Clients request. Users may include, but are not limited to, the Clients employees, members, consultants, agents, contractors and family members if applicable (each, an “Administrative User”); or third parties with which the Client transacts business (each, a “Registered User”). The number of allowed Users is defined in the Tovuti Agreement signed by both parties and attached herein

"Active Users" means any Users that has created a login and can be identified by an id, email or username on the Tovuti platform under the Client’s specific systems instance or who has opted in to the Clients portal, as provided by Tovuti and interacts within an instance within a 12 month period of time beginning at the time of signing this Agreement. The number of allowed "Active Users" will be as defined by the Tovuti Agreement signed by both parties and attached herein. 

“Tovuti Agreement” means the specific set of features, functions and allotted number of Users agreed to be purchased by The Client and supplied by Tovuti to The Client for a set price, time and number of Users and or Active Users.

Clients Data” means all electronic data or information submitted by the Client at any time in connection with the Services, including prior to provision of the Services.


2.1 Provision of Services

Tovuti shall make the Services available to the Client at the level of Service consistent with the Tovuti Agreement. The Client agrees that purchases are neither contingent on the delivery of any future functionality or features nor dependent on any oral comments made by Tovuti regarding future functionality or features.

2.2 Subscriptions

The Client agrees that (i) Services are purchased as subscriptions and may not be accessed or used by the Client, the Users, or the Clients employees, contractors, or other participants in excess of the subscription amounts specified in the Tovuti Agreement, (ii) additional subscriptions may, by request of the Client, be added during the subscription term at the same pricing as that for the pre-existing subscriptions, prorated for the remainder of the subscription term in effect at the time the additional subscriptions are added, and (iii) the added subscriptions shall terminate on the same date as the pre-existing subscriptions. Except as otherwise specified by the Tovuti Agreement, subscriptions are based on the persons designated by the Client as the permissible Users or employees, contractors, or other participants and cannot be shared or used by anyone except as permitted in the Tovuti Agreement. The Client is responsible for ensuring that the Clients employees and customers comply at all times with the Terms in using the Services. 


3.1 Use

The Services consist of software running remotely on cloud based servers controlled by Tovuti’s third-party hosting provider. By accepting the use of Services the Client agrees Tovuti may add the phrase “Powered By Tovuti” somewhere visible but not distracting to Users on the Tovuti System. The Client has no right to receive either an object code or source code version of the software operating on the remote servers. The Clients usage rights are constrained by the Terms and are limited to accessing the Services via a designated portal using username(s) and password(s) provided to the Client by Tovuti. The Client must have a high-speed internet connection, hardware, and software that is compatible with the Services as indicated by Tovuti. 

3.2 Tovuti’s Responsibilities

Tovuti shall: (i) provide the Client basic support consistent with the level of the Tovuti Agreement purchased by the Client at no additional charge, (ii) use commercially reasonable efforts to make the Services available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which Tovuti shall give at least 24 hours notice via our website or electronic data message (EDM), or (ii) any unavailability caused by circumstances beyond Tovuti’s reasonable control, including without limitation, acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems (other than those involving Tovuti’s employees), or Internet service provider failures or delays or other systemic Internet issues, and (iii) provide the Services only in accordance with applicable laws and government regulations.

3.3 The Clients Responsibilities

The Client shall (i) be responsible for their Users’ compliance with this Agreement, (ii) be solely responsible for the accuracy, quality, integrity and legality of the Clients Data in which they allow, authorize or elect to upload into the Tovuti instance for which has been purchased by them and made available to the Client by Tovuti and of the means by which the Client acquired the Clients Data, (iii) Make best efforts to prevent unauthorized access to or use of the Services, and notify Tovuti promptly of any such unauthorized access or use, and (iv) use the Services only in accordance with this Agreement and applicable laws and government regulations. The Client shall not (i) make the Services available to anyone other than the Users the Client authorize or grant permission to, (ii) sell, resell, rent or lease the Services, (iii) use the Services to store or transmit infringing, libelous, obscene or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy or intellectual property rights, (iv) use the Services to store or transmit Malicious Code, (v) interfere with or disrupt the integrity or performance of the Services or third-party data contained therein, (vi) attempt or permit others to attempt to gain unauthorized access to the Services or their related systems or networks, (vii) load test the Services in order to test scalability, or (viii) copy, reproduce, publicly perform or create derivative works based upon the Services or Documentation or make or have made any feature or functionality of the Services. 

3.4 Usage Limitations

The Services may be subject to other limitations, such as, limits on disk storage space or Internet bandwidth. Tovuti shall employ commercially reasonable efforts to apprise the Client of any such limitations. The Services may not be used for any purpose in violation of applicable laws or regulations.


4.1 Acquisition of Third-Party Goods or Services

The Client may purchase and use Third-Party Goods and Services to interoperate with the Services provided by Tovuti. Any purchase or use by The Client of any Third-Party Goods or Services are solely between The Client and the third-party provider. Tovuti does not warrant, take responsibility for, or make any claim that any Third-Party Good and Services will interoperate with Tovuti’s system. 

4.2 Third-Party Goods or Services and The Clients Data

If The Client installs or enables Third-Party Goods or Services, The Client acknowledges that Tovuti may allow third-party providers to transport The Clients Data as required for the interoperation of such Third-Party Goods or Services with Tovuti’s Services. Tovuti shall not be responsible for any disclosure, modification or deletion of The Clients Data resulting from any such access. The Services may allow The Client to restrict such access by restricting Users from installing or enabling any additional Third-Party Goods or Services not purchased by The Client.


5.1 User Fees

The Client shall pay all Fees specified in the Clients Tovuti Agreement. Except as otherwise specified by Tovuti: (i) all Fees are quoted and payable in United States dollars; (ii) all Fees are based on Services ordered by the Client and not actual usage; (iii) payment obligations are non-cancelable and Fees paid are non-refundable; and (iv) the level of service cannot be decreased during the relevant subscription term. Fees are based on monthly periods that begin on the subscription start date and each monthly anniversary thereof; therefore, Fees for subscriptions added in the middle of a monthly period will be charged for that full monthly period and the monthly periods remaining in the relevant subscription term.

5.2 Invoicing and Payment

The Client, should the Client choose to pay monthly, will provide Tovuti with valid and updated credit card, ACH or any other form of electronic payment as accepted by Tovuti, or with a valid purchase order acceptable to Tovuti. If The Client provides credit card information to Tovuti, The Client authorizes Tovuti to charge such credit for all Fees due and payable according to this Agreement, including, without limitation, any sales tax. No credit card processing or credit card fees will be charged. Fees for subscriptions shall be paid by The Client in full in advance of the subscription term, either annually or in accordance with any different billing frequency, as specified in The Clients Tovuti Agreement, Unless otherwise agreed to all invoiced Fees are due upon receipt of the invoice date. The Client is responsible for maintaining complete and accurate billing and contact information with Tovuti.

5.3 Overdue Fees

All past due fees owed by the Client that are over Ninety (90) days past due from the time invoiced may accrue a late fee at the rate of 1.5% of the outstanding Fees per month, or the maximum rate permitted by law, whichever is lower, from the date the Fees were due until paid and Tovuti may condition future Orders on different payment terms specified in this Agreement or The Clients prior Orders.

5.4 Suspension of Service and Acceleration

If any amount The Client owes Tovuti is overdue by 30 or more days (or 10 or more days overdue in the case of amounts The Client has authorized Tovuti to charge to The Clients credit card), Tovuti may, without limiting Tovuti’s other rights and remedies, accelerate all unpaid Fee obligations under this Agreement, suspend The Clients current Services, or withhold future Services purchased by The Client, until all such amounts are paid in full. 

5.5 Taxes

Unless otherwise specified by Tovuti, Fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including but not limited to value-added, sales, use or withholding taxes, assessable by any local, state, provincial, federal or foreign jurisdiction (collectively, “Taxes”). The Client is responsible for paying all Taxes associated with The Clients purchases from Tovuti. If Tovuti has the legal obligation to pay or collect Taxes for which The Client are responsible, the appropriate amount shall be invoiced to and paid by The Client, unless The Client provides Tovuti with a valid tax exemption certificate authorized by the appropriate taxing authority. 


6.1 Reservation of Rights

This is a subscription to a service. Subject to the limited rights expressly granted hereunder, Tovuti reserves all rights, title and interest in and to the Services, including, without limitation, all related intellectual property rights. No rights, including any rights under license, either express are implied, are granted to The Client hereunder other than as expressly set forth herein. The Client will have no ownership or license rights to such additions or modifications except for this subscription.

6.2 Restrictions

The Client shall not (i) permit any third party to access the Services except as permitted herein or as otherwise agreed, (ii) create derivative works based on the Services provided by Tovuti, (iii) copy, frame or mirror any part or content of the Services, other than copying or framing on The Clients own intranets or otherwise for The Clients own internal business purposes, (iv) reverse engineer the Services, or (v) access the Services in order to build a competitive product or service or copy any features, functions, or graphics of the Services.

6.3 The Clients Owns its Data

The Client exclusively owns all rights, title and interest in and to all of The Clients Data. Notwithstanding the foregoing, the term “The Clients Data” does not include any analytical or statistical information regarding devices or operating systems used to access or utilize the Services; syncing, wait or down times; aggregated user or transaction data; errors encountered by Users; or the identifiers of where within the Services any technical problems arose. Tovuti (or a third party on Tovuti’s behalf) may track, collect, and utilize such information to test, evaluate, support, market, or otherwise improve the quality of Tovuti’s Services. 

Tovuti (or a third party on Tovuti’s behalf) will never access or use The Clients Data for support purposes without first obtaining The Clients explicit permission. Tovuti will not market products or services or the products and services of third parties to The Clients Registered Users without first obtaining the Clients permission in writing.


7.1 Definition of Confidential Information

As used herein, “Confidential Information” means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. The Clients Confidential Information shall include The Clients Data; Tovuti’s Confidential Information shall include the Services; and Confidential Information of each party shall include the terms and conditions of this Agreement, as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information (other than The Clients Data) shall not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.

7.2 Protection of Confidential Information

Except as otherwise permitted in writing by the Disclosing Party, (i) the Receiving Party shall use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care) not to disclose or use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement, and (ii) the Receiving Party shall limit access to Confidential Information of the Disclosing Party to those of its employees, contractors and agents who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein.

7.3 Protection of The Clients Data

Tovuti shall not (i) modify The Clients Data, (ii) disclose The Clients Data except as compelled by law in accordance with Section 7.4 (Compelled Disclosure) or as expressly permitted in writing by The Client, or (iii) access The Clients Data except to provide the Services, prevent or address service or technical problems, or at The Clients request in connection with customer support matters.

7.4 Compelled Disclosure

The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information.


8.1 Tovuti’s Limited Warranty

Tovuti warrants that the Services shall be provided by Tovuti in a professional, competent and workmanlike manner and the Services shall perform materially in accordance with this Agreement. For any breach this limited warranty, The Clients exclusive remedy shall be as provided in Section 11.2 (Termination) and Section 11.4 (Refund or Payment upon Termination) below.

8.2 Mutual Representations and Warranties

Each party represents and warrants that (i) it has the legal authority to enter into this Agreement and be bound by its terms and conditions, and (ii) it will not transmit to the other party any Malicious Code (except for Malicious Code previously transmitted to the warranting party by the other party).

9. Indemnification from Third-Party Claims

The Client shall indemnify, defend, and hold harmless Tovuti and our Affiliates, and respective officers, directors, contractors, and agents, from and against any claim made or brought against The Client by a third-party (a) alleging that the Clients Data in which The Client elected, authorized or allowed to be placed on Tovuti’s system breaches any agreement in which the Client may have with that particular party other than Tovuti or infringes or misappropriates the intellectual property rights of a third-party, or violates applicable law. 


10.1 Limitation of Liability


10.2 Exclusion of Consequential and Related Damages



11.1 Term of Agreement

This Agreement commences on the date signed by The Client and continues until the Agreement automatically renews following the same term initially agreed to in Agreement/Quote signed by both parties. 

11.2 Termination

Without limiting the Service Level Agreement located at (, in the event of an outage of the Services in full for a period longer than seventy-two (72) hours, except for reasons outside of Tovuti’s control, the Client may terminate this Agreement immediately with written notice; otherwise, a party may terminate this Agreement for cause (i) upon 30-days’ written notice to the other party of a breach of contract if such breach remains uncured at the expiration of such period or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. Tovuti may also terminate this Agreement any time after the first renewal term ends at any time upon 60-days’ written notice to The Client. Clients must issue a notice of non-renewal 60 Days prior to renewal date.

11.3 Refund or Payment upon Termination

Upon termination of this Agreement Tovuti shall refund The Client any prepaid Fees covering the remainder of the term of all subscriptions after the effective date of termination, except for termination for cause by Tovuti under Section 11.2, in which case The Client shall pay any unpaid Fees covering the remainder of the term after the effective date of termination. In no event shall any termination relieve The Client of the obligation to pay any Fees payable to Tovuti for the period prior to the effective date of termination.

11.4 Return of The Clients Data

Tovuti will maintain The Clients Data for a period of 30 days after the effective date of termination of this Agreement to enable The Client to download The Clients Data. After such time period, Tovuti shall have no obligation to maintain or provide access to any of The Clients Data and shall thereafter, unless legally prohibited, delete all of The Clients Data in Tovuti’s systems or otherwise in Tovuti’s possession or under Tovuti’s control.

11.5 Surviving Provisions

Section 5 (Fees, and Payment), 6 (Proprietary Rights), 7 (Confidentiality), 8 (Limited Warranties and Disclaimers), 9 (Indemnification from Third-Party Claims), 10 (Limitation of Liability), 11.3 (Refund or Payment upon Termination), 11.4 (Return of The Clients Data), 12 (Who You Are Contracting With, Notices, Governing Law and Jurisdiction) and 13 (General Provisions) shall survive any termination or expiration of this Agreement.


12.1 General

The Client is contracting with Tovuti, Inc., a mailing address at 775 S Rivershore Ln STE 200, Eagle, ID 83616 USA; and telephone: 1-208-246-8601. The Client should direct all notices under this Agreement to “Legal” at that address. The Client agrees that the substantive laws of the state of Idaho, exclusive of its choice of law provisions, will apply to the construction and interpretation of this Agreement and also with respect to any lawsuit arising out of or in connection with this Agreement. 

12.2 Manner of Giving Notice

Except as otherwise specified in this Agreement, all notices, permissions and approvals hereunder shall be in writing and shall be deemed to have been given upon: (i) personal delivery, (ii) the second Business Day after mailing, or (iii) the second Business Day after sending by confirmed facsimile. Notices to The Client shall be addressed to the system administrator designated by The Client for The Clients relevant Services account, and in the case of billing-related notices, to the relevant billing contact designated by The Client, or to the email address The Client provides to Tovuti. The Client agrees to provide Tovuti with The Client's current email address at all times. By The Client's acceptance of this Agreement, The Client agrees to have opted-in for the receipt of email communications pursuant to the provisions of the United States CAN-SPAM Act.

12.3 Agreement to Governing Law and Jurisdiction

Each party agrees to the applicable governing law above without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of and venue within the applicable courts stated above.


13.1 Export Compliance

Each party shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing and using the Services. Without limiting the foregoing, (i) each party represents that it is not named on any U.S. government list of persons or entities prohibited from receiving exports, and (ii) The Client shall not permit Users to access or use the Services in violation of any U.S. export embargo, prohibition or restriction.

13.2 Relationship of the Parties

The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties.

13.3 No Third-Party Beneficiaries

Unless explicitly stated otherwise elsewhere in this agreement, no Person other than the parties themselves has any rights or remedies under this agreement.

13.4 Waiver and Cumulative Remedies

No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity.

13.5 Severability

If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect.

13.6 Attorney Fees

The Client shall pay on demand all of Tovuti’s reasonable attorneys’ fees and other costs incurred by Tovuti to collect any Fees due Tovuti under this Agreement. In any action arising out of or related to this Agreement, the prevailing party shall be entitled to an award of its reasonable attorneys’ fees and costs incurred in bringing or defending the action, including on any appeal.

13.7 No Assignment

The Client may not assign any of The Clients rights or obligations hereunder, whether by operation of law or otherwise, without Tovuti’s prior written consent (not to be unreasonably withheld). Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.

13.8 Entire Agreement

This Agreement, including all exhibits and addenda, constitutes the entire agreement between the parties and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless it is either (i) set forth in a written Addendum attached by Tovuti to this Agreement and signed by both The Client and Tovuti in writing or (ii) is otherwise signed or accepted electronically by the party against whom the modification, amendment or waiver is to be asserted. However, to the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any appendix or addendum hereto, the terms of such appendix or addendum shall prevail.

Tovuti GDPR Data Processing Addendum

This Data Processing Addendum (DPA) forms part of the Master Subscription Agreement (Agreement) available at as updated from time to time between you and the entity you represent (Client) and Tovuti LMS (Tovuti) when GDPR applies to your use of Services between the Client and Tovuti.

  1. Tovuti wishes to subcontract certain Services, which imply the processing of personal data, to the Data Processor.
  2. The Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  3. The Parties wish to lay down their rights and obligations.
  1. Definitions and Interpretation
    1. Unless otherwise defined herein, capitalized terms and expressions used in this Agreement shall have the following meaning:
      1. “Agreement” means this Data Processing Agreement and all Schedules;
      2. “Company Personal Data” means any Personal Data Processed by a Contracted Processor on behalf of Company pursuant to or in connection with the Principal Agreement;
      3. “Contracted Processor” means a Subprocessor;
      4. “Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country;
      5. “EEA” means the European Economic Area;
      6. “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
      7. “GDPR” means EU General Data Protection Regulation 2016/679;
      8. “Data Transfer” means:
        1. a transfer of Company Personal Data from Tovuti to a Contracted Processor; or
        2. an onward transfer of Company Personal Data from a Contracted Processor to a Subcontracted Processor, or between two establishments of a Contracted Processor, in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws);
        3. “Services” means the Tovuti LMS services Tovuti provides.
        4. “Subprocessor” means any person appointed by or on behalf of Processor to process Personal Data on behalf of Tovuti in connection with the Agreement.
        5. The terms, “Commission”, “Controller”, “Data Subject”, “Member State”, “Personal Data”, “Personal Data Breach”, “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.
  1. Processing of Company Personal Data
    1. Processor shall:
      1. comply with all applicable Data Protection Laws in the Processing of Company Personal Data; and
      2. not Process Company Personal Data other than on the relevant Company’s documented instructions.
    2. Tovuti instructs Processor to process Company Personal Data.
  1. Processor Personnel
    1. Processor shall take commercially reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to Tovuti Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Company Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
  1. Security
    1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to Tovuti Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.
    2. In assessing the appropriate level of security, the Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.
  1. Subprocessing
    1. Processor shall only appoint and or disclose Company Personal Data to authorized SubProcessors and shall do so only if required by Tovuti. Data Subject Rights
    2. Taking into account the nature of the Processing, Processor shall assist Tovuti by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Tovuti obligations, as reasonably understood by Company, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
    3. Processor shall:
      1. promptly notify Company if it receives a request from a Data Subject under any Data Protection Law in respect of Company Personal Data; and
      2. ensure that it does not respond to that request except on the documented instructions of Company or as required by Applicable Laws to which the Processor is subject, in which case Processor shall to the extent permitted by Applicable Laws inform Company of that legal requirement before the Contracted Processor responds to the request.
    1. Personal Data Breach
      1. Processor shall notify Company without undue delay upon Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow Tovuti to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
      2. Processor shall cooperate with Tovuti and take reasonable commercial steps as directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
  1. Data Protection Impact Assessment and Prior Consultation Processor shall:
    1. provide reasonable assistance to Tovuti with any data protection impact assessments, and prior consultations with Supervising Authorities or other Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.
  1. Deletion or return of Company Personal Data
    1. Subject to this section 9 Processor shall promptly and in any event within 10 business days of the date of cessation of any Services involving the Processing of Company Personal Data (the “Cessation Date”), delete and procure the deletion of all copies of those Company Personal Data.
  1. Audit Rights
    1. Subject to this section 10, Processor shall make available to Tovuti on request all information necessary to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by Tovuti or an auditor mandated by Tovuti in relation to the Processing of Tovuti Personal Data by the Contracted Processors.
    2. Information and audit rights of Tovuti only arise under section 10.1 to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.
  1. Data Transfer
    1. The Processor may not transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of Tovuti. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of personal data.
  1. General Terms
    1. Confidentiality. Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:
      1. disclosure is required by law;
      2. the relevant information is already in the public domain.
    1. Notices. All notices and communications given under this Agreement must be in writing and will be delivered personally, sent by post or sent by email to the address or email address set out in the heading of this Agreement at such other address as notified from time to time by the Parties changing address.
  1. Governing Law and Jurisdiction
    1. This Agreement is governed by the laws of the state of Delaware.
    2. Any dispute arising in connection with this Agreement, which the Parties will not be able to resolve amicably, will be submitted to the exclusive jurisdiction of the courts of the state of Delaware.