See It In Action
See It In Action
See It In Action

SaaS Management Order Terms and Conditions

1. CONFIDENTIAL INFORMATION

  • a. Definition. “Confidential Information” means information disclosed in relation to or as part of the SMO that is designated by the disclosing Party as proprietary or confidential or that should be reasonably understood to be proprietary or confidential due to its nature and the circumstances of its disclosure.  Calero’s Confidential Information includes, without limitation, the terms and conditions of the SMO, security, network, and hosting information, and any non-public technical or performance information related to or part of the Offerings.  Information will not constitute Confidential Information to the extent that (i) at the time of disclosure, or thereafter, it becomes generally available to and known by the public other than as a result of a wrongful act of the recipient; (ii) it was or is independently developed by the recipient, as established by documentary evidence, without reference to or use of, in whole or in part, any of the disclosing Party’s Confidential Information; or (iii) disclosure is expressly authorized by the disclosing Party.
  • b. Use and Protection. The Parties will use Confidential Information only for fulfilling the purposes of the SMO.  A receiving Party will maintain confidentiality using a reasonable degree of care, which will be no less than the degree of care the receiving Party uses to protect its own Confidential Information of a similar nature and will promptly notify the disclosing Party of any unauthorized use or disclosure of the disclosing Party’s Confidential Information.  The receiving Party will not make, copy, deliver, distribute, display, demonstrate, or otherwise make available the Confidential Information to any third parties, except that a receiving Party may disclose Confidential Information only to the extent necessary and under binding confidentiality obligations, (i) to its personnel engaged in a use permitted hereunder; (ii) its legal, business, insurance, and financial advisors; or (iii) in response to a valid subpoena, court order, or any applicable law, rule, or regulation  (“Legal Order”).  Prior to any disclosure under a Legal Order, the receiving Party (if permitted by the Legal Order) will notify the disclosing party so that the disclosing party may seek a protective order or other remedy with the receiving Party’s reasonable assistance. The Parties agree that a breach of confidentiality obligations may cause irreparable harm such that a non-breaching Party may seek injunctive or equitable relief, in addition to any other remedies available. 

2. LICENSE AND SERVICES GRANT

  • a. License of Software and Materials. Subject to Client’s payment of applicable Fees and compliance with the SMO, Calero grants to Client a limited, non-exclusive, non-transferable, non-sublicensable right during the SMO Term and any SMO Renewal Term to access and use:
    • (i) the software components of the Offerings, including any applicable platform (“Software”); and
    • (ii) any related documentation, reports, configurations, training materials, or other materials or deliverables provided by Calero in connection with the Software or the ancillary services components of the Offerings (“Documentation”),
  • solely for Client’s internal business purposes in accordance with the SMO (collectively, “Licensed Materials”).  Calero is not obligated to provide, deliver, or make available any source code, object code, or copies of computer programs as part of the Licensed Materials.
  • b. Services. Calero will provide, and grants Client the right to receive, the support and ancillary services as expressly set forth in the SMO (“Services”).
  • c. Restrictions. Client will not, and will not permit any Users or third parties to (i) sell, lease, assign, sublicense, or otherwise transfer; (ii) copy, duplicate, reproduce, modify, or create derivative works of; (iii) remove, alter, or obscure any trademark, copyright, or proprietary markings or notices contained within; (iv) disclose, publish, or otherwise make available to any third party except as expressly permitted under the SMO; or (v) reverse engineer, decompile, disassemble, misuse, or otherwise attempt to derive the source code, underlying ideas, algorithms, or structure or otherwise use for competitive purposes, any component of the Licensed Materials or Services. Client will use the Licensed Materials only as permitted by the SMO and not for any other purpose. Client will not use the Software to store, transmit, or introduce any virus, malware, or other malicious code.
  • d. Reservation of Rights.  Calero grants Client only those limited rights expressly set forth herein, and no other rights or licenses are granted to Client whether by implication, estoppel, or otherwise.  Calero and its licensors retain all rights, title, and interest in and to the Licensed Materials and associated intellectual property rights, which will include, without limitation, all designs, discoveries, modifications, developments, and products arising out of, or related to, work performed by Calero in connection with the SMO, regardless of whether they are related to requests or feedback from Client. If Client is ever held or deemed to be the owner of any intellectual property rights in the Licensed Materials, Client agrees to assign to Calero all such rights, title, and interest to the extent permitted by law. No Software or deliverables under the SMO will be considered a “work for hire.” 
  • e. Modifications.  Calero may modify, update, or enhance the Licensed Materials or Services provided under the SMO.  Minor updates, enhancements, or corrections, including without limitation any bug fixes, security patches, performance improvements, or documentation clarifications, will be implemented at Calero’s discretion and without advance notice to Client.  Material modifications, if any, that could reasonably be expected to significantly affect the use of the Licensed Materials or Services will be implemented in a manner designed to minimize disruption after notice to Client.

3. DELIVERY AND RECEIPT OF OFFERINGS

  • a. Technical Environment.  Client will provide and maintain a technical environment that meets the specifications required to access and use the Software as set forth in the SMO or otherwise communicated by Calero.  Client acknowledges that failure to maintain such an environment may affect performance or availability of the Software, and Calero will not be liable for any resulting degradation.
  • b. Authorized Users.  Client will designate authorized end users who may access and use the Licensed Materials on Client’s behalf (“Authorized Users”). Client will ensure that Client’s Authorized Users comply with the terms herein, and any act or omission by an Authorized User that would constitute a breach if committed by Client will be deemed a breach by Client. Authorized Users have no independent rights hereunder.  Client is solely responsible for maintaining the confidentiality of all credentials and access mechanisms issued to or used by Client’s Authorized Users, including through the use of protective password and verification measures. Client will ensure that its Authorized Users and personnel treat Calero personnel with courtesy and professionalism.
  • c. Third-Party Software.  The Software may include open-source software or other software tools or components provided by third parties and licensed to Calero (“Third-Party Software”).  Client’s rights to use any Third-Party Software are limited to those necessary to use the Software as permitted under the SMO and are subject to any applicable third-party license terms.  All rights, title, and interest in and to Third-Party Software remain with Calero’s licensors. 
  • d. Subcontractors. Calero may engage subcontractors or affiliates to perform certain obligations under the SMO, including the provision of Software.  Calero will remain responsible for the acts and omissions of any subcontractors to the same extent as if Calero had performed the obligations itself.  Calero will ensure that any subcontractors comply with obligations materially similar to and no less protective than those set forth in the SMO, including confidentiality and data protection requirements. Client will not contact Calero’s subcontractors directly without Calero’s prior written consent.
  • e. Artificial Intelligence.  Calero may use artificial intelligence, machine learning, or similar automated technologies (“AI Tools”) in the development, operation, maintenance, and improvement of the Offerings. Calero’s use of AI Tools will comply with applicable law, and Calero will remain responsible for the performance of the Offerings regardless of whether AI Tools are used in their operation.  Calero will not permit Client Data to be used by Calero or a third party to train or improve AI Tools, including general-purpose or foundation models, except as necessary to provide the Offerings or as expressly authorized in writing by Client. To the extent Client elects to use an AI-enabled feature included in an ordered Offering, outputs generated through such feature may not always be accurate, complete, or appropriate for every use case, and Client is responsible for reviewing and validating such outputs prior to relying on them.

4. CLIENT DATA.  Client will retain ownership of all data, content, or information submitted, uploaded, transmitted, or otherwise made available by or on behalf of Client through the Software or in connection with the Services (“Client Data”). Client is responsible for the accuracy, quality, and legality of Client Data.  Client grants Calero a non-exclusive, worldwide, royalty-free license to host, store, process, transmit, reproduce, and otherwise use Client Data solely as necessary to (a) provide, operate, maintain, and support the Software and Services; (b) prevent or address service, security, support, or technical issues; (c) comply with applicable law or legal process; and (d) enforce the terms herein. Calero may generate and use data derived from Client Data that has been aggregated and modified such that it does not identify, and cannot reasonably be used to identify, Client or any individual (“Aggregated Data”). For clarity, Aggregated Data will not include any information that identifies Client or Client Data as the source. Aggregated Data does not constitute Client Data and may be used by Calero for legitimate business purposes, including research and development, analytics, benchmarking, and product testing, illustration, and improvement.

5. FEES. 

  • a. Invoices.  Unless expressly provided otherwise, all invoices will be due and payable within thirty (30) days of the invoice date.  Calero agrees to comply with Client’s reasonable purchase order procedures (if any) solely as a professional courtesy and without affecting any rights or obligations under the SMO.  For the avoidance of doubt, no Client purchase order process will operate to modify, reduce, delay, or negate Client’s obligation to pay the Fees due under the SMO and no terms in a Client purchase order form will supersede these T&Cs.

  • b. Payment. Client will pay all fees, charges, and other amounts due under the SMO to Calero in the amounts and on the terms specified in the SMO.  Fees may be paid via cheque, bank transfer, or wire transfer in the currency specified in the SMO.  Unless otherwise expressly stated, all Fees paid in advance are non-refundable.

  • c. Late Payment. Any amount not paid when due will accrue interest from the due date until paid at a rate of one and one-half percent (1.5%) per month or the maximum rate permitted by law, whichever is lower.  If collection efforts are necessary, Client will be responsible for the reasonable costs of collection.  Calero reserves the right to suspend Client’s and Client’s Authorized Users’ access to the Offerings if Client fails to pay any Fees when due after providing ten (10) days’ prior written notice of suspension.  Client will remain liable for all Fees during any such suspension.

  • d. Taxes. Unless otherwise stated, all Fees exclude taxes, levies, duties, or other governmental assessments of any kind including, without limitation, value-added, sales, use, withholding, or excise taxes (collectively, “Taxes”). Client is solely responsible for the payment of all Taxes arising from the SMO. If Calero is responsible by law to collect or pay any taxes on Client’s behalf, Calero will invoice Client for the relevant amounts.  Client may provide valid tax exemption documentation at any time. Until Calero receives and verifies such documentation, all applicable Taxes will remain the responsibility of Client. Client will indemnify and defend Calero from any fees, penalties, or costs incurred as a result of Client’s failure to pay Taxes for which Client is responsible under the SMO.

  • e. Expenses.  If Client requires Calero personnel to travel to locations other than Calero’s offices to perform Services, Client will reimburse Calero for all documented, reasonable expenses incurred by Calero for such travel, including lodging and meals. 

6. GENERAL COMPLIANCE

  • a. Anti-Corruption. In carrying out its rights and obligations under the SMO, each Party will comply with all applicable anti-bribery and anti-corruption laws and regulations, including the United States Foreign Corrupt Practices Act, U.K. Bribery Act 2010, and the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, as applicable. 

  • b. Export Control. Each Party agrees to comply with all applicable export control, sanctions, and trade compliance laws and regulations, including, without limitation, those of the United States, the European Union, and any other relevant jurisdiction.  Calero reserves the right to block access to the Licensed Materials and Services from certain countries, geographic regions, or IP address ranges that are deemed high risk by Calero. 

  • c. Data Security. Each Party will implement and maintain commercially reasonable administrative, technical, and physical safeguards appropriate to its size, business operations, and the nature of the data it processes (collectively, “Safeguards”) that are designed to protect Confidential Information, Client Data, the Software, and Calero’s and Client’s systems against unauthorized access, disclosure, alteration, or destruction.  Without limiting the foregoing, Calero’s Safeguards will include, as appropriate, network security controls; an incident response plan; encryption of data where commercially reasonable; data loss prevention measures; security awareness training; secure development practices; open-source software management processes; physical security controls; data storage, backup, and disaster recovery measures; regular risk assessments; and data sanitization and deletion practices consistent with industry standards, including NIST SP 800-88.  Calero maintains a security control environment aligned with SSAE 18 SOC 2 standards, and a current SOC 2 Type II report will be made available to Client upon reasonable request. Calero may update its Safeguards from time to time, provided that such updates do not materially reduce the overall level of security.  To the extent Calero processes information relating to an identified or identifiable natural person (“Personal Data”) on behalf of Client under the SMO, the Data Processing Addendum attached hereto as Exhibit A will apply and is incorporated herein by reference.

7. INSURANCE.  Each Party will, at its own expense, maintain during the SMO Term commercially reasonable insurance coverage customary for companies of its size and nature providing or receiving cloud-based software and related services, including general commercial liability insurance and, in the case of Calero, cyber or data security insurance.  Such insurance will be placed with reputable insurers having a financial strength rating of at least “A-“ by A.M. Best or “A” by Standard & Poor’s, or an equivalent rating from a nationally recognized rating agency.  Upon reasonable request, a Party will provide the other Party with evidence of such coverage. Nothing in this Section 7 will be construed to limit either Party’s obligations or liability under the SMO.

8. WARRANTIES

  • a. Licensing Rights.  Calero warrants and represents that it has the right and authority to grant the licenses described herein.

  • b. Performance Warranty. Calero warrants that the Software will perform substantially in accordance with the Documentation when used as directed, and any Services provided under the SMO will be performed using reasonable care and skill consistent with generally accepted industry standards. Client’s sole and exclusive remedy for any breach of the foregoing warranty will be, at Calero’s discretion, the application of commercially reasonable methods to correct any material defects or errors in the Software or to re-perform the affected Services.  

  • c. Software. Calero warrants that, to the best of its knowledge, the Software as delivered does not infringe any valid patent, copyright, or trademark of any third party.

9. DISCLAIMERS.  The Software is not fault-tolerant and is provided without any guarantee of being error-free or uninterrupted. Client will not use the Software in any application or circumstance where a failure of the Software would result in personal injury, damage to property, or harm to the environment. Except as expressly provided herein, the Licensed Materials, Services, data, and deliverables provided by Calero are provided “as is,” “with all faults,” and “as available.” Calero disclaims all other warranties, whether express, implied, or statutory, including without limitation warranties of operability, system integration, condition, merchantability, fitness for a particular purpose, non-infringement, or the absence of defects, whether latent or patent.  Calero does not warrant any particular outcome, utility, or effectiveness of the Offerings.  To the maximum extent permitted by law, Third-Party Software is provided as-is and as available. Client acknowledges that the Software may rely on the availability and performance of the Internet or Third-Party Software or systems. Calero does not control the Internet or third-party systems and will not be liable for any faults, errors, downtime, damages, or other consequences resulting from Internet or third-party system outages, delays, failures, or non-performance. 

10. LIMITATION OF LIABILITY. 

  • a. Liability CapTo the fullest extent permitted by applicable law, the aggregate liability of each Party, including its parent companies, subsidiaries, affiliates, directors, and officers, arising under or in connection with the SMO, on any theory of liability, will be limited to an amount equal to the amount paid or payable by Client to Calero under the SMO during the twelve (12) month period preceding the date on which a claim arose.  The liability limits of this Section 10 will not apply to (i) breaches of Client’s payment obligations; (ii) indemnification obligations of either Party as set forth herein; (iii) willful or material breaches by Client of Section 2.c (Restrictions); or (iv) the intentional misconduct and fraudulent acts of either Party.  The Parties acknowledge and agree that any claims related to breach of the terms and conditions herein that are not brought within three (3) years of when the claims arose will be waived.
  • b. No Consequential Damages.  To the fullest extent permitted by applicable law, recoverable damages for any compensable claim under the SMO will be limited to direct losses and damages. Neither Party will, under any circumstances, be liable for any special, indirect, incidental, consequential, or punitive damages incurred by the other Party in connection with the SMO, however caused, on any theory of liability, even if the Party has been advised of the possibility of such damages.

11. INDEMNIFICATION.   

  • a. Indemnification by Calero. Calero will defend, indemnify and hold harmless Client and its officers, directors, employees, subsidiaries, and affiliates, from and against any third-party claims, damages, and costs (including reasonable attorney fees) awarded by a court of competent jurisdiction or agreed in settlement and arising out of an allegation that the Licensed Materials, as provided by Calero and used in accordance with the SMO, infringes or misappropriates a valid third-party patent, copyright, or trademark.  Calero will have no indemnification obligation to the extent a claim arises from (i) modifications to the Licensed Materials not made by Calero or made by Calero at Client’s specific instructions; (ii) use of the Licensed Materials in combination with products, services, or systems not provided by Calero; (iii) use of the Software in any manner for which the Software was not designed or authorized; or (iv) use of a version or release of the Software other than the then-current release.  In the event of such a claim, or if Calero foresees the possibility of such a claim, Calero will have the right at its option and expense to (1) procure the right for Client to continue using the Software; (2) replace or modify the Software such that it is non-infringing while providing substantially equivalent functionality; or (3) terminate Client’s license to the affected Software.  This Section 11 states Calero’s sole and exclusive liability, and Client’s sole and exclusive remedy, for any third-party intellectual property infringement claims relating to the Software.
  • b. Indemnification by Client.  Client will defend, indemnify, and hold harmless Calero and its officers, directors, employees, subsidiaries, and affiliates, from and against any third-party claims, damages, and costs (including reasonable attorney fees) arising out of or relating to (i) Client Data; or (ii) Client’s use of the Licensed Materials in violation of this Agreement or applicable law.
  • c. Procedure. The defense and indemnification obligations of a Party under this Section 11 are subject to: (i) the indemnified Party providing prompt written notice of the claim; (ii) the indemnifying Party having full control over the defense and any settlement of the claim; and (iii) the indemnified Party providing cooperation and assistance as may be reasonably required for the defense or settlement of the claim.

      12. CHOICE OF LAW, JURISDICTION, AND VENUE. The SMO will be construed in accordance with and governed in all respects by the laws of the State of New York, without giving effect to the conflict of law provisions thereof to the extent such principles or rules would require or permit the application of the laws of any jurisdiction other than those of the State of New York. Venue of any action hereunder will be exclusively in the state or federal courts of record of the State of New York.

      13. TERMINATION. 

      • a. Breach. Either Party may terminate the SMO in response to a material breach of the other Party that is not cured within thirty (30) days of when the breaching Party receives written notice of the breach.  Written notice of a breach must (i) be titled “Notice of Breach”; (ii) refer to this Section of the T&Cs; (iii) identify the breached provisions; and (iv) specify the act or omission constituting the breach.  If the breach is not cured timely, the non-breaching Party may send written notice of termination which must (1) be titled “Notice of Termination for Breach”; (2) refer to this Section of the T&Cs; and (3) identify the uncured breach. 
      • b. Changed Circumstances.  Either Party may terminate the SMO immediately upon written notice to the other Party if (i) the other Party discontinues its business, is unable to pay its debts as they become due, or becomes subject to proceedings for bankruptcy, insolvency, or receivership; or (ii) continuing the SMO would result in a violation of applicable export control, anti-bribery, or similar material legal compliance requirements.  Calero may terminate the SMO immediately upon written notice to Client if Calero determines, in its reasonable discretion, that any laws, regulatory actions, or judicial decisions issued after the SMO Effective Date materially and adversely affect its interests or obligations under the SMO.
      • c. Effect of Termination.  Upon termination or expiration of the SMO, Client’s limited license, as granted herein, will immediately terminate, and Client will discontinue all access and use of the Offerings and Licensed Materials.  Sections of the SMO which by their terms or nature are intended to survive, including without limitation those relating to confidentiality, indemnification, limitation of liability, and governing law, will survive the termination.  Both Parties will destroy and/or return all Confidential Information of the other Party provided under the SMO which is in its possession or control.  Within thirty (30) days after termination, upon Client’s request, Calero will make Client Data that is stored, processed, and maintained within the Calero platform available for export or download by Client.  Data provided to the Calero platform but not processed or maintained within the platform will not be available for export, including, without limitation, original datasets prior to normalization, raw source files, emails, SFTP transfers, or other pre-processed inputs.  After such thirty (30) day period, Calero will have no obligation to maintain or provide any Client Data and will delete or destroy all copies of Client Data. 

        14. NOTICES. All notices required or permitted under these T&Cs (“Notices”) will be in writing.  Notices of breach or claims for indemnification will be sent to a Party’s corporate headquarters (or such other address as a Party may designate in writing) via (a) certified or registered mail, return receipt requested; or (b) overnight courier with tracking.  Such Notices will be effective when delivered.  If Client sends a Notice to Calero, a copy will also be sent to Legal@calero.com. 

        GENERAL PROVISIONS.

        • a. Force Majeure.  Neither Party will be liable for any delay or failure in performance due to events or circumstances outside of the Party’s reasonable control, including, without limitation, acts of God, natural disasters, labor disputes, industry-wide shortages of supplies, actions of governmental entities, riots, war, acts of terrorism, acts of cybercriminals, epidemics, pandemics, or delays of common carriers. The obligations and rights of the Party experiencing the force majeure event will be extended for a period of time equal to the period of time during which such an event prevented that Party’s performance.
        • b. Assignment. Client may not assign the SMO without the prior written consent of Calero.  Notwithstanding the foregoing, Calero’s consent will not be unreasonably withheld, conditioned, or delayed if Client requests assignment to Client’s subsidiary, affiliate, or successor by merger, acquisition, corporate reorganization, or sale of substantially all assets.  At no time will Calero be obligated to consent to assignment of the SMO to a Calero competitor.  Calero may assign the SMO to any of its subsidiaries or affiliates or to any successor by merger, acquisition, corporate reorganization, or sale of substantially all assets. 
        • c. Waiver and Severability.  Failure to enforce a provision of these T&Cs will not be deemed a waiver.  Waivers must be in writing and signed by the Party claimed to have waived.  If any provision of these T&Cs is held invalid, illegal, or unenforceable, the validity, legality, and enforceability of the remainder of these T&Cs will not be affected or impaired.
        • d. Entire Agreement.  These T&Cs, along with its Exhibit, and online ordering form contain the entire understanding of the Parties regarding Client’s receipt of the ordered SMO Offerings and supersedes all previous oral or written communications or understandings of the Parties on the subject prior to the date hereof. 
        • e. No Third-Party Beneficiaries.  Neither the SMO nor these T&Cs create any legal relationship, duty, or obligation between any third party and the Parties.
        • f. Authority.  Each Party warrants and represents that it has full corporate power and all required authorizations and consents to enter into and perform its obligations under these T&Cs.

        EXHIBIT A

        TO
        SAAS MANAGEMENT ORDER TERMS AND CONDITIONS

        DATA PROCESSING ADDENDUM

        This Data Processing Addendum (the “DPA”) forms part of and is incorporated into the SaaS Management Order (“SMO”) entered into between Telesoft, LLC d/b/a Calero (“Calero” or “Processor”) and the client identified in the SMO (“Client” or “Controller”). This DPA applies to the extent Calero processes Personal Data on behalf of Client in connection with the products, services, or support provided under the SMO. In the event of a conflict between this DPA and the SMO, this DPA will control with respect to the processing of Personal Data. All capitalized terms not defined in this DPA have the meanings set forth in the SMO. Capitalized terms defined in this DPA apply solely for purposes of this DPA and will not modify the meaning of any defined terms in the SMO. “Personal Data” means any information relating to an identified or identifiable natural person, or that otherwise constitutes “personal data,” “personal information,” or a similar term under applicable Data Protection Laws.

        1.    Roles and Scope. a. Roles: Client acts as the Controller and Calero acts as the Processor unless otherwise agreed in writing by the Parties. b. Purpose: Calero processes Personal Data solely for the purpose of providing the services described in the SMO (the “Services”). c. Duration: Processing will occur for the duration of the SMO and thereafter only as required to comply with applicable Data Protection Laws.

        2.    Processing Details. a. Nature of Processing: Hosting, storage, transmission, analysis, support, and related processing necessary to provide the Services. b. Categories of Personal Data: Identifiers, contact details, account or authentication data, technical or usage data, and billing or payment identifiers, as applicable. c. Data Subjects: Client employees, contractors, and end users.

        3.    Instructions and Compliance. Calero will process Personal Data only on Client’s documented instructions, including as set forth in the SMO, this DPA, and Client’s use or configuration of the Services, and in accordance with Applicable Data Protection Laws. “Applicable Data Protection Laws” means all laws applicable to the processing of Personal Data under the SMO, including but not limited to Regulation (EU) 2016/679 (GDPR), the United Kingdom GDPR and Data Protection Act 2018, and the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq., as amended by the California Privacy Rights Act (CCPA/CPRA). Calero will process Personal Data only as reasonably necessary to perform its obligations under the SMO and this DPA. If Calero is required by law to process Personal Data other than as instructed by Client, Calero will notify Client unless legally prohibited from doing so. Upon written request, Calero will provide Client with a list of subprocessors used in connection with the Services.

        4.    Security, Breach Notification, and Assistance. Calero will implement appropriate technical and organizational measures designed to protect Personal Data, including access controls, logging, encryption where feasible, patch management, and vulnerability management. Calero will notify Client without undue delay and, where feasible, within forty-eight (48) hours after becoming aware of a Personal Data Breach, meaning a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data. Calero will reasonably assist Client in investigating such breach and complying with applicable breach notification obligations. Calero will also provide reasonable assistance to Client in responding to data subject requests, including requests for access, deletion, correction, or portability.

        5.    Subprocessors and International Transfers. a. Calero may engage subprocessors to process Personal Data provided that (i) Calero imposes data protection obligations on subprocessors that are no less protective than those set forth in this DPA, and (ii) Calero remains responsible for the acts and omissions of its subprocessors. b. Calero will notify Client of new subprocessors and Client may object on reasonable data protection grounds within thirty (30) days of such notice. If the Parties cannot resolve such objection within a reasonable period, Calero may, at its option, (i) implement commercially reasonable measures to address the objection, or (ii) discontinue the affected Services for Client. c. Calero systems and storage of Personal Data will generally occur within the United States or the European Union. d. Where cross-border transfers occur, Calero will implement appropriate lawful transfer mechanisms as required by Applicable Data Protection Laws, including adequacy decisions, Standard Contractual Clauses or other recognized safeguards.

        6.    Return or Deletion of Personal Data. Upon termination of the SMO, Calero will, at Client’s option, return or securely delete Personal Data within thirty (30) days, except where retention is required by law. In such cases Calero will isolate and protect the Personal Data from further processing.

        7.    Confidentiality and Personnel. Calero will ensure that any personnel authorized to access Personal Data are bound by appropriate confidentiality obligations and access such data only as necessary to perform the Services. Personal Data will be treated as Confidential Information of Client.

        8.    Audit and Compliance Verification. Calero will make available to Client information reasonably necessary to demonstrate compliance with this DPA. Upon reasonable written request and subject to appropriate confidentiality obligations, Calero will cooperate with reasonable audits or security assessments relating to Calero’s processing of Personal Data. Any such audit will be conducted no more than once annually unless required by Applicable Data Protection Laws or following a confirmed Personal Data Breach. Audits will be conducted during normal business hours, in a manner designed to minimize disruption to Calero’s operations, and at Client’s expense. To the extent available, Calero may satisfy audit requests by providing summaries of relevant third-party audit reports, certifications, or other documentation demonstrating compliance with the obligations set forth in this DPA.

        9.    CCPA / CPRA Service Provider Provisions. To the extent the CCPA or CPRA applies, Calero acts as a Service Provider processing Personal Information on behalf of Client. Calero will process such Personal Information solely to perform the Services and in accordance with Client’s documented instructions. Calero will not sell or share Client Personal Information and will assist Client with reasonable consumer requests relating to access, deletion, or correction of Personal Information.

        10. Liability. Each Party’s liability under this DPA is subject to the Limitation of Liability provisions set forth in the SMO.

        11. Miscellaneous. This DPA survives termination of the SMO to the extent necessary for the return or deletion of Personal Data and compliance with applicable law. Notices under this DPA will be sent in the same manner as notices under the SMO.

        Get more from your technology assets

        See the power of a unified technology management solution for yourself.

        Book a Demo Explore Our Platform