Effective Date: May 17, 2018
(a) “Account Data” means data which pertains to the Subscriber, Users , and Registered Clients necessary to identify them and administer their use of the Service. For the avoidance of doubt Account Data does not include data uploaded by the Subscriber or Users relating to contacts, matters, tasks or similar data.
(b) “Administrator” means the person designated by Subscriber (i) as its primary administrative contact for the purposes of support, issues related to outages and other problems and technical items and (ii) who has authority from the Subscriber to bind the Subscriber and administer the subscription to the Service and designate additional Users and/or Administrators. The first User is deemed to be designated as an Administrator.
(d) “Confidential Information” means the Account Data, Content and any information, technical data, or know-how considered proprietary or confidential by either party to this Agreement including either party’s research, services, inventions, processes, specifications, designs, drawings, diagrams, concepts, marketing, techniques, documentation, source code, client information, personally identifiable information, pricing information, procedures, menu concepts, business and marketing plans or strategies, financial information, and business opportunities disclosed by either party before or after the Effective Date of this Agreement, either directly or indirectly in any form whatsoever, including in writing, orally, machine readable form or through access to either party’s premises.
(e) “Content” means any information or materials a User uploads or posts to the Service, including, without limitation, information about its Users or Registered Clients.
(f) ‘Good Industry Practice’ means the deployment of that degree of care and skill, technical resources and innovations which is to be expected of professional and adequately resourced providers of services similar to the Service within the European Union.
(g) “Including” means ‘including, without limitation’ and ‘include’ and ‘included’ will be interpreted in like manner.
(h)“Intellectual Property Rights” means all rights and interests in all (a) patents, utility models, patent applications, and continuing (continuation, divisional, or continuation-in-part) applications, re-issues, extensions, renewals, and re-examinations thereof and patents issued thereon; (b) registered and unregistered trademarks, service marks, trade names, domain names, and all of the associated goodwill; (c) registered and unregistered copyrights and all other literary and author’s rights or moral rights; (d) trade secrets, know-how, show-how, concepts, ideas, methods, processes, designs, discoveries, improvements, and inventions, whether or not patentable; (e) all other intellectual, industrial, and proprietary rights now or hereafter coming into existence throughout the world; (f) applications for and registrations, renewals, and extensions of any of the foregoing; and (g) exclusive and non-exclusive license rights to any of the foregoing.
(i) “Registered Client” means an individual who has been invited to use the client-facing features of the Service in a limited capacity as a client (or representative of a client) of a Subscriber.
(j) “Regulator” means (i) for Subscribers practicing law in England and Wales, the Solicitors Regulation Authority; (ii) for Subscribers practicing law in Scotland, the Law Society of Scotland; and (iii) for Subscribers practicing law elsewhere in the European Union, the body which is responsible for regulating the provision of legal services.
(k) “Service” means the services provided from time to time by Themis under the brand name ‘Clio’ through the website located at eu.app.clio.com.
(l) “Subscriber” means the entity (typically a law firm) which purchases the Service.
(m) “Security Emergency” shall mean a breach by Subscriber of this Agreement that (a) could disrupt (i) Themis’s provision of the Service; (ii) the business of other Subscribers; or (iii) the network or servers used to provide the Service; or (b) provides unauthorised third party access to the Service.
(n) “User” means an individual person, other than a Registered Client, provided with access to the Service by an Administrator.
2. Limited Licence & Use of the Service
2.1 Subscriber is granted a non-exclusive, non-transferable, limited licence to access and use the Service.
2.2 Themis does not review or pre-screen Content and Themis claims no Intellectual Property Rights in the Content.
2.3 Subscriber shall ensure that Users and Registered Clients comply with this Agreement. Subscriber shall be responsible for the acts and omissions of the Users and the Registered Clients. Without limiting the generality of the foregoing, Subscriber is responsible for any disclosure of Content arising out of features enabled by Users.
2.4 Subscriber shall not copy or resell the Service. Subscriber must not exploit access to the Service or any portion of the Service, including the HTML, cascading style sheet or any visual design elements otherwise than for Subscriber’s own internal business and for the design purpose of the Service.
2.5 Subscriber shall not modify, reverse engineer, adapt or otherwise tamper with the Service, except as mandated by law, or modify another website so as to falsely imply that it is associated with the Service, Themis, or any other service provided by Themis.
2.6 Subscriber shall not use the Service in any manner which may infringe Intellectual Property Rights or in any manner which is unlawful, offensive, threatening, libellous, defamatory, pornographic, obscene or in violation of the terms of this Agreement.
2.7 Subscriber shall not use the Service to upload, post, host, or transmit unsolicited bulk e-mail “Spam”, short message service “SMS” messages, viruses, self-replicating computer programs “Worms” or any code of a destructive or malicious nature.
2.8 Except for the non-exclusive licence granted pursuant to this Agreement, Subscriber acknowledges and agrees that all ownership, licences, Intellectual Property Rights and other rights and interests in and to the Service shall remain solely with Themis. Subscriber is not entitled or permitted to use the Service otherwise than through the medium of the internet-hosted version deployed by Themis.
2.9 Themis reserves the right, at any time, in its sole discretion, to take any action deemed necessary with respect to Content that breaches the terms of this Agreement, including removal of such Content.
2.10 Themis reserves the right at any time, and from time to time, to modify or discontinue, temporarily or permanently, any feature associated with the Service, with or without notice, except that Themis shall provide Subscriber with thirty days’ notice of any modification that materially reduces the functionality of the Service and in such circumstances Subscriber shall have the right to terminate this Agreement by visiting app.goclio.eu/settings/subscription/edit.
2.11 Themis reserves the right to temporarily suspend access to the Service for operational purposes, including maintenance, repairs or installation of upgrades. Themis will provide no less than two business days’ notice prior to any such suspension. Such notice may include posting a message using the Service. Themis shall have the right to temporarily suspend access to the Service without notice in circumstances where urgent action is required to protect the Service if the delay caused by giving notice could cause material harm. Themis shall use all reasonable endeavours to minimise operational suspensions in order to minimise disruption to the Service.
2.12 The Subscriber may elect to, at a regular interval, replicate all Content to a third party storage service (“Escrow Agent”) using the facilities provided within the Service. The replicated Content (“Escrowed Data”) will be held under the terms of a separate agreement exclusively between the Subscriber and the Escrow Agent (“Escrow Agreement”). The Subscriber may also elect to replicate Content on its own storage device.
2.13 The accounting features which form part of the Service are intended to be an aid for legal cashiers. They do not constitute a full accounting service and are not intended to meet the Regulator’s requirements for accounting packages for legal services providers.
2.14 Themis uses one code-base for all jurisdictions. Subscriber is required, using settings available within the Service, to configure the Service for its own jurisdiction and to verify that the settings meet the Subscriber’s requirements.
2.15 Subscriber grants to Themis the right during Subscriber’s use of the Service, to store and process the Confidential Information for the sole purpose of performing Themis’ obligations under the Agreement in accordance with its terms.
3. Access to the Service
3.1 Only Users and Registered Clients are permitted to use the Service. In order to access the Service, Users are required to provide their full legal name, a valid email address, and any other information reasonably requested by Themis.
3.2 Each User will be provided with a unique identifier to access and use the Service (“Username”). The Subscriber shall use all reasonable endeavours to ensure that each Username is only used by the User to whom it is assigned, and is not shared with, or used by, any other person, including other Users.
3.3 The Administrator shall have the authority to administer the subscription to the Service on behalf of the Subscriber and to designate additional Users and/or Administrators. Each Subscriber may have multiple Administrators. The Administrator shall have the authority to deactivate an active Username if the Administrator wishes to terminate access to the Service for that User.
3.4 Where a Subscriber has just one Administrator, it will provide Themis with the name and contact information of a designated User for use as an alternative point of contact if Themis is unable to reach the Administrator for a period of thirty days following the initial attempt to contact the Administrator.
3.5 As between Themis and the Subscriber, any Content remains the property of the Subscriber.
3.6 Upon cancellation or termination of the Service, Themis shall only liaise with the Administrator or the designated User described in Clause 3.4 above (if the Administrator is unable to be reached) regarding the retrieval of Content.
3.7 All access to and use of the Service via automated means (that is to say, use other than direct interaction with a human User) is strictly prohibited except insofar as the Service includes features which are designed for such use.
3.8 The following provisions apply to the extent that Themis provides access to the Service using an application programming interface (“API”):
(a) use of the API is subject to the terms of this Agreement;
(b) Subscriber is responsible for testing any use of the API to verify that it produces the desired results;
(c) Themis shall have no liability whatsoever and howsoever arising for any processing, deficient processing or loss of Content which takes place externally to the Service by reason of the API or for any matters arising in connection with systems or services external to the Service directly or indirectly connected to the Service using the API;
(d) excessive use of the Service using an API (as determined by Themis, after making a reasonable attempt to warn the Subscriber) may result in temporary or permanent suspension of access to the Service via an API; and
(e) Themis reserves the right at any time to modify or discontinue, temporarily or permanently, access to and use of the Service via an API, with or without notice.
4.1 Each party agrees to treat all Confidential Information as confidential and not to use or disclose such Confidential Information except as necessary to perform its obligations under this Agreement.
4.2 Themis acknowledges that Content may comprise materials which are the subject of professional duties (including confidentiality and duties imposed by the Regulator) owed by the Subscriber to its clients.
5.Security and Access
5.1 Themis shall provide a secure method of authentication and access to the Service, including:
(a) User password management and the protection of passwords by utilising code consistent with Good Industry Practice relating to password management; and
(b) Transmission of passwords in an encrypted format.
5.2 Except as set out in Clause 5.1, Subscriber shall be responsible for protecting the security of Usernames and passwords, or any other codes associated to the Service, and for the accuracy and adequacy of Content.
5.3 Subscriber will implement policies and procedures to prevent unauthorised use of Usernames and passwords, and will promptly notify Themis upon suspicion that a Username or password has been lost, stolen, compromised, or misused.
5.4 At all times, Themis, shall:
(a) use Good Industry Practice in relation to information security and processing Content;
(b) employ Good Industry Practice with respect to network security techniques, including firewalls, intrusion detection, and authentication protocols, vulnerability and patch management;
(c) ensure its hosting facilities use Good Industry Practices for security and privacy; and
(d) within thirty days of a request by Subscriber, provide Subscriber with a SSAE 16 (SOC2) audit report or industry standard successor report or a comparable description of its security measures in respect of the infrastructure used to host the Service and the Content. In order to obtain such a Report, Subscriber must enter into an agreement with the third party provider of the report.
5.6 Themis shall report to Subscriber, with all relevant details (except those which could prejudice the security of data uploaded by other customers), any event that Themis reasonably believes has led to or is likely to lead to unauthorised access to, disclosure of, use of, or damage to Content (a “Security Breach”). Themis shall make such report within 72 hours after learning of the Security Breach.
5.7 In the event of a Security Breach, Themis shall (a) cooperate with Subscriber to identify the cause of the breach and to identify any affected Content; (b) assist and cooperate with Subscriber in investigating and preventing the recurrence of the Security Breach; (c) assist and cooperate with Subscriber in any litigation or investigation against third parties that Subscriber undertakes to protect the security and integrity of Content; and (d) use all reasonable endeavours to mitigate any harmful effect of the Security Breach.
6. Data Protection
6.1 The parties agree to comply with the provisions of the Data Processing Addendum set out in Schedule B.
7. Regulatory Requirements
7.1 Subscriber authorises and Themis agrees to co-operate with all reasonable requests from a Regulator (and any lawful representatives of the Regulator) for access to Content pertaining to the clients and business of Subscriber.
7.2 Notwithstanding any other provisions of the Agreement, Themis agrees to return, upon demand, in a complete, readable and understandable form, all Content. This obligation will prevail even if Subscriber is in breach of its obligations to Themis or if Subscriber is in dispute with Themis.
8. Legal Compliance
If Themis is required by law to make any disclosure of Confidential Information, Themis will provide Subscriber with prompt written notice (to the extent permitted by law) prior to such disclosure so that the Subscriber may seek a protective order or other appropriate relief. Subject to the foregoing sentence, Themis may furnish that portion (and only that portion) of the Confidential Information that it is legally compelled to disclose.
9. Managed Backup and Archiving
9.1 Themis maintains a managed backup service on servers located in the European Economic Area to facilitate restoration of Content to the server or device from which the Content originated in the event the primary data is lost or corrupted. Themis shall use such service to recover lost or corrupted Content at no cost to the Subscriber.
9.2 Following termination of the Service for any reason, Subscriber shall have ninety days to retrieve any and all Content before it is deleted.
10. Payment, Refunds and Subscription Changes
10.1 In exchange for the Service, Subscriber shall pay the subscription fees advertised by Themis and in the manner and at the times specified below.
10.2 Subscribers must provide Themis with a valid credit card for payment for the applicable subscription fees. All subscription fees are exclusive of VAT or other sales or use taxes which Subscribers agree to pay as required by law, subject to Themis raising a valid VAT invoice.
10.3 In addition to any fees advertised for the Service, the Subscriber may incur additional expense incidental to using the Service including charges for Internet access, data roaming, and other data transmission charges.
10.4 Monthly Subscribers will be charged their inaugural monthly fee at the conclusion of their free trial period. Thereafter, they will be charged in advance each thirty days. Annual Subscribers will pay their annual fee in advance and will thereafter be charged annually on the anniversary date of the initial subscription charge. All charges are non-refundable.
10.5 Except in so far as the Service is unavailable by reason of the acts or omissions of Themis and as set out in Schedule A, no refunds or credits (whether for monthly or annual subscriptions) will be issued for downtime, or for periods unused with an active subscription.
10.6 There are no charges for cancelling a subscription, and subscriptions cancelled prior to the end of their current billing cycle will not be charged again in the following cycle.
10.7 The amount charged to the Subscriber on successive billing cycles will be automatically updated to reflect any changes to the Subscriber’s subscription, including upgrades or downgrades. Subscription changes, including downgrades, may result in loss of features, or an increase or reduction in the amount of available capacity for Content provided by the Service.
10.8 All payments under this Agreement shall be made without deduction or withholding for any taxes. If Subscriber is required to deduct or withhold any taxes from such payments, then the sum payable shall be increased as necessary so that, after making all required deductions or withholdings, Themis receives an amount equal to the sum it would have received had no such deduction or withholding been made.
10.9 Payment may be collected by Themis Solutions, Inc as agent for Themis.
11. Term and Termination
11.1 If Subscriber wishes to cancel its subscription, any Administrator may do so on its behalf at any time by accessing the Service and visiting app.clio.com/settings/subscription/edit or eu.app.clio.com/settings/subscription/edit, as applicable. For security reasons, cancellations shall only be performed by an Administrator using the account cancellation URL within the Service. The Administrator may be directed, within the Service, to call support to complete the cancellation. Cancellations shall not be accepted by email.
11.2 The term of this Agreement shall commence when the first User logs in to the Service and shall continue until such time as the Service is terminated using the settings provided for that purpose within the Service (or as otherwise expressly set out in this Agreement). Such settings are configured to allow an Administrator to terminate the Service at the end of the current subscription period, which is typically one month but may be of longer duration consistent with commercial offers made available from time to time. Without prejudice to Themis’ rights and remedies expressly set out in this Agreement, Themis is similarly entitled to terminate the Services (by giving notice to the Subscriber) at the end of the current subscription period.
(a) Without prejudice to any rights that have accrued under this Agreement or any of their rights or remedies, either party may at any time terminate this Agreement:
(b) by giving written notice to the other party with immediate effect if the other party commits a material breach of this Agreement (including failure to pay any amounts due under this Agreement for more than thirty days after the due date for payment) and fails to remedy that breach within a period of thirty days after being notified in writing to do so; or
(c) by giving thirty days’ written notice after the other party suspends, or threatens to suspend, payment of its debts, or is unable to pay its debts as they fall due or admits inability to pay its debts, or (being a company) is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986, or (being an individual) is deemed either unable to pay its debts or as having no reasonable prospect of so doing, in either case, within the meaning of section 268 of the Insolvency Act 1986, or (being a partnership) has any partner to whom any of the foregoing apply; or
(d) by giving thirty days’ written notice after any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent to Clause 11.3.b.
11.4 Subscriber shall remove all Content from the Service prior to termination of this Agreement. Themis is authorised to delete and destroy all Content stored on the Service in the repository of Subscriber 90 days after the Agreement terminates. Themis shall have no obligation to notify any Users of termination of this Agreement or the Service or the deletion of Content. Themis shall have no liability to Subscriber or any Users related in any way to its deletion and destruction of Content in accordance with this Agreement. To the extent Subscriber requests the assistance of Themis in converting, copying, deleting or otherwise affecting Content in connection with the termination of this Agreement, such services will be performed on a time and material basis at rates outlined in Themis’ then-current price list and payment schedule.
11.5 As required by Clause 9 above (“Managed Backup and Archiving”), upon termination of a subscription, Content is made available to the Administrator or the designated User described in Clause 3 above. Following a period of no less than ninety (90) days from the termination of a subscription, all Content associated with such subscription will be irrevocably deleted from the Service. All Escrowed Data, if any, will continue to remain available for a period of six months upon cancellation or termination of a subscription in accordance with the terms of the Escrow Agreement.
12. Limitation of Liability
12.1 Nothing in this Agreement shall exclude or limit any party’s liability for:
(a) death or personal injury resulting from that party’s negligence;
(b) that party’s fraud or statements made fraudulently by that party; or
(c) any other acts or omissions for which applicable law prohibits the exclusion or limitation of liability.
12.2 No party will be liable under any circumstances for any:
(a) loss of profit, loss of business, loss of goodwill, loss of savings, claims by third parties, loss of anticipated savings, business interruption whether direct or indirect in each case; or
(b) pure economic loss, indirect loss or consequential loss whatsoever and howsoever caused; or
(c) punitive or exemplary damages;
even if caused by that party’s negligence and/or breach of this Agreement and even if the party was advised that such loss would probably result.
12.3 Themis will not be liable for any loss or claims arising in connection with this Agreement to the extent that such loss or claims could have been avoided or reduced by the use of:
(a) back-up facilities available as part of the Service; or
(b) advice from help desk support or reasonable practices and tools promulgated by Themis to avoid such loss or claims.
12.4 Themis’ aggregate liability to Subscriber for any claims, losses, damages or expenses whatsoever and howsoever caused arising in connection with this Agreement, including liability for breach of contract, misrepresentation (whether tortious or statutory), tort (including negligence), breach of statutory duty, shall not exceed the total fees (excluding VAT) for all Users paid by the Subscriber during the 6 months leading up to the date the claim first arose.
12.5 A Regulator may enforce any term of this Agreement. Otherwise, any rights of any person to enforce these terms pursuant to the Contracts (Rights of Third Parties) Act 1999 are excluded.
12.6 Themis shall not be liable for failure to perform any obligation under this Agreement if such failure is caused by the occurrence of any contingency beyond the reasonable control of Themis (a “Force Majeure Event”).
13. Warranties and Representations
13.1 Subscriber warrants and represents that it has the legal right to store, process and distribute Content using the Service.
13.2 Themis shall use reasonable care and skill when performing the Services.
13.3 Themis warrants that the Content will be encrypted and will be stored securely, having regard to the state of technological development and the cost of implementing any measures.
13.4 Each of the parties agrees to perform this Agreement in accordance with applicable laws.
13.5 Themis warrants and represents that it is lawfully entitled to enter into this Agreement and to provide the Services without infringing the Intellectual Property Rights of any third party.
13.6 The Services may not be compatible with Subscriber’s computer and/or other equipment. The Service may not be error free. Themis disclaims any warranty as to any results that may be obtained from the use of the Service. Nothing in this Clause 13.6 shall modify Themis’ obligations under Clause 4 above (“Confidentiality”) or Clause 5 above (“Security and Access”).
13.7 Each party acknowledges and agrees that it has not entered into this Agreement on the basis of any representations or promises not expressly contained herein.
13.8 Except as specifically provided elsewhere in this agreement, Themis hereby disclaims all warranties of any kind, implied or statutory, including the implied warranties of merchantability, fitness for a particular purpose, title and non-infringement of third party rights with respect to any services provided by Themis.
14.1 Subscriber hereby agrees to indemnify and hold harmless Themis from and against any claim, action, proceeding, loss, liability, judgment, obligation, penalty, damage, cost or expense, including professional fees, which arise from or relate to the following:
(a) Users’ breach of any obligation stated in this Agreement, and
(b) Users’ negligent acts or omissions.
14.2 Themis will provide prompt notice to Subscriber of any indemnifiable event or loss. Subscriber will undertake, at Subscriber’s own cost, the defence of any claim, suit or proceeding with legal advisers reasonably acceptable to Themis. Themis reserves the right to participate in the defence of the claim, suit, or proceeding, at Themis’ expense, with counsel of Themis’ choosing.
14.3 Without regard to the limitations and exclusions of liability set out in Clauses 12.2 to 12.4, Themis shall indemnify, defend and hold Subscriber harmless from and against any and all direct party claims, losses, damages, suits, fees, judgments, costs and expenses which arise out of or relate to a claim brought by third parties alleging that the Service infringes any Intellectual Property Rights of any third party.
14.4 Without regard to the limitations and exclusions of liability set out in Clauses 12.2 to 12.4, Subscriber shall indemnify, defend and hold Themis harmless from and against any and all third party claims, losses, damages, suits, fees, judgments, costs and expenses which arise out of or relate to a claim brought by third parties alleging that the Content infringes any Intellectual Property Rights of any third party.
14.5 Any indemnity given by Themis to Subscriber under this Agreement is subject to the pre-condition that (i) Subscriber must mitigate its loss; (ii) Themis is given prompt and complete control of the claim giving rise to the indemnity (at Themis’ cost); (iii) Subscriber does not prejudice Themis’ defence of such claim; (iv) Subscriber gives Themis all reasonable assistance with such claim (at Themis’ cost); and (v) the claim does not arise as a result of any breach of Subscriber’s contractual obligations to Themis or other acts or omissions of Subscriber.
15.1 Themis shall be entitled to subcontract part, but not the whole, of the Service. To the extent that Themis does subcontract any part of the Service, Themis shall:
(a) be responsible for the acts and omissions of its subcontractors;
(b) procure from subcontractors obligations and restrictions consistent with Themis’ obligations and restrictions in this Agreement (including those relating to confidentiality, data protection and use of Content); and
(c) exercise reasonable care and skill in the appointment of subcontractors.
15.2 Technical support and training are available to Users with active subscriptions, and is available by telephone, email or electronic support ticket, as defined at support.clio.com/home and in Schedule A.
15.3 Themis may provide the ability to integrate the Service with third party products and services at Subscriber’s option and risk. Access to and use of any third party products and services are subject to the separate terms and conditions required by the providers of the third party products and services. Subscriber agrees that Themis has no liability arising from Subscriber’s use of any integrations or arising from the third party products and services. Themis can modify or cancel the integrations at any time without notice. For purposes of calculating downtime pursuant to Schedule A, such calculation does not include the unavailability of any integration or any third party products or services.
15.4 The failure of either party to enforce any provision hereof shall not constitute or be construed as a waiver of such provision or of the right to enforce it at a later time.
15.5 This Agreement constitutes the entire agreement between Subscriber and Themis and governs Subscriber’s use of the Service, superseding any prior agreements between Subscriber and Themis (including any prior versions of this agreement).
15.6 Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (which consent shall not be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety without consent of the other party in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets provided the assignee has agreed to be bound by all of the terms of this Agreement. Any attempt by a party to assign its rights or obligations under this Agreement in breach of this Clause 15.6 shall be void and of no effect.
15.7 This Agreement and any dispute or claim arising out of or in connection with it (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of Ireland. Each of the parties irrevocably submits for all purposes (including any non-contractual disputes or claims) to the non-exclusive jurisdiction of the courts in Ireland.
THEMIS SERVICE LEVEL COMMITMENTS AND SUPPORT SERVICES
Themis shall provide SLC Credits (defined in paragraph 3 below) and Support Services in accordance with the Service Level Commitments and Support Services Terms as defined herein. In the event of any conflict between the remainder of the Agreement and the Service Level Commitment and Support Services Terms, the Service Level Commitment and Support Services Terms will prevail. The Service Level Commitments and Support Services incorporate the definitions set forth in Clause 1 of the Agreement.
(a) “Subscriber Core Group” means Subscriber’s employees who have been trained on the Service and who are familiar with Subscriber’s business practices.
(b) “Subscriber User Community” means all users who input, extract or view data in the Service, including all Registered Clients.
(c) “Downtime” means any period, greater than ten minutes, during which the Subscriber is unable to access or use the Service because of a Service Outage, excluding (i) any such period that occurs during any Scheduled Downtime , or (ii) document preview, search, FTP or synch functions of the Service.
(d) “Recurring Downtime” means 4 hours per month on the third Saturday of the month from 12:00 A.M. to 4:00 A.M. PST.
(e) “Request” means a modification to the Service outside of the scope of the functional specifications.
(f) “Scheduled Downtime” means the time period identified in advance by Themis in which it intends to perform any planned upgrades and/or maintenance on the Service or related systems and any overrun beyond the planned completion time.
(g) “Service Outage” means a situation in which the datacentres hosting the Service are not accessible as a result of failures at the datacentres (as distinguished from the internet provider of any User or any intervening server) or the failure of Themis to provide login ability. A decrease in system response time due to a temporary failure of a non-critical component shall not constitute a Service Outage.
(h) “Uptime Percentage” means the total number of minutes in a calendar month minus the number of minutes of Downtime suffered in such calendar month, divided by the total number of minutes in such calendar month.
(i) “User Administration Support” means issues that have an impact on the usability of the Service and are addressable through the adjustment of Users’ access privileges, processes or procedures.
2. Scope of Service Level Commitments.
Themis’ obligations do not extend to Service Outage or other issues caused by:
1. any modification of the Service made by any person other than, or on behalf of, Themis;
2. any third party hardware or software used by Subscriber or any Registered Clients;
3. the improper use of the Service;
4. the accidental or deliberate damage to, or intrusion or interference with the Service not caused by Themis;
5. the use of the Service other than in accordance with any user documentation published by Themis or the reasonable instructions of Themis;
6. test or training instances of the Service provided to Subscriber;
7. connection failures, latency problems and similar factors caused or affected by difficulties with the User’s (or internet service provider’s) internal network or general internet conditions;
8. Force Majeure Events.
3. Scheduled Downtime and Guaranteed Up Times
Themis will use commercially reasonable efforts to provide at least 24 hours prior notice before implementing any Scheduled Downtime. If the Subscriber experiences an Uptime Percentage of less than 99.9% in any calendar month, Themis will provide to Subscriber a credit (“SLC Credit”) equal to the credit percentage identified in the SLC Credits table below multiplied by the Subscriber’s fees paid to Themis for the Service that are attributable to such month (calculated on a straight line pro-rated basis with respect to any fees paid in advance). The SLC Credit is Subscriber’s sole and exclusive remedy for any failures of the Service to perform in accordance with the Agreement, which are covered by SLC Credits.
|Uptime Percentage||Credit Percentage|
|Equal to or greater than 99% but less than 99.9%||10%|
|Less than 99%||25%|
4.Availability of SLC Credits
Subscribers who are past due on any payments owed to Themis are not eligible to receive SLC Credits. Themis will issue SLC Credits, as determined in its sole discretion, either on future billing cycles or as a refund against annual fees paid. In order to receive any SLC Credit, Subscriber must notify Themis within thirty days from the time Subscriber becomes eligible to receive a SLC Credit. Failure to comply with this requirement will forfeit Subscriber’s right to receive a SLC Credit. In no event will the total amount of SLC Credits if any, exceed the fees paid by Subscriber for the corresponding month.
Themis will provide support services to assist Subscriber in resolving Errors (“Support Services”). Support Services do not include (a) physical installation or removal of the API and any user documentation published by Themis; (b) visits to Subscriber’s premises; (c) any electrical, mechanical or other work with hardware, accessories or other devices associated with the use of the Service; (d) any work with any third party equipment, software or services; (e) any professional services associated with the Service, including, without limitation, any custom development, or data modelling.
Themis will provide email and/or phone support as specified at support.clio.com, excluding Themis corporate holidays and national Canadian, Irish and U.S. holidays except where noted.
THEMIS DATA PROTECTION ADDENDUM
To the extent that Themis Processes any Subscriber Personal Data (each as defined below) and (i) the Subscriber Personal Data relates to individuals located in the EEA; or (ii) Subscriber is established in the EEA, the provisions of this Data Processing Addendum (“DPA”) shall apply to the processing of such Subscriber Personal Data. In the event of any conflict between the remainder of the Agreement and the DPA, the DPA will prevail.
1.1. The following capitalised terms used in this DPA shall be defined as follows:
(a) “Controller” has the meaning given in the GDPR.
(b) “Data Protection Laws” means the EU General Data Protection Regulation 2016/679 (“GDPR“), any applicable national implementing legislation in each case as amended, replaced or superseded from time to time, and all applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the Processing of Subscriber Personal Data.
(c) “Data Subject” has the meaning given in the GDPR.
(d) “European Economic Area” or “EEA” means the Member States of the European Union together with Iceland, Norway, and Liechtenstein.
(e) “Processing” has the meaning given in the GDPR, and “Process” will be interpreted accordingly.
(f) “Processor” has the meaning given in the GDPR.
(g) “Security Incident” means any confirmed accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Subscriber Personal Data.
(h) “Standard Contractual Clauses” means the Standard Contractual Clauses (processors) approved by European Commission Decision C(2010)593 or any subsequent version thereof released by the European Commission (which will automatically apply).
(i) “Subprocessor” means any Processor engaged by us who agrees to receive from us Subscriber Personal Data.
(j) “Subscriber Personal Data” means the “personal data” (as defined in the GDPR) described in the Annex and any other personal data contained in the Content or that Themis processes on Subscriber’s behalf in connection with the provision of the Service. The Parties acknowledge and agree that Subscriber Personal Data does not include personal data contained in Account Data.
(k) “Supervisory Authority” has the meaning given in the GDPR.
2. Data Processing
2.1. The Parties acknowledge and agree that for the purpose of the Data Protection Laws, the Subscriber is the Controller and Themis is the Processor.
2.2 Instructions for Data Processing. Themis will only Process Subscriber Personal Data in accordance with Subscriber’s written instructions. The parties acknowledge and agree that the Agreement (subject to any changes to the Service agreed between the parties) and this DPA shall be Subscriber’s complete and final instructions to Themis in relation to the processing of Subscriber Personal Data.
2.3. Processing outside the scope of this DPA or the Agreement will require prior written agreement between Subscriber and Themis on additional instructions for Processing.
2.4. Required consents. Where required by applicable Data Protection Laws, Subscriber will ensure that it has obtained/will obtain all necessary consents and complies with all applicable requirements under Data Protection Laws for the Processing of Subscriber Personal Data by Themis in accordance with the Agreement.
3. Transfer of Personal Data
3.1. Authorised Subprocessors. Subscriber agrees that Themis may use the following as Subprocessors to Process Subscriber Personal Data:
|Subprocessor||Description of Processing|
|Amazon Web Services, Inc.||Hosting|
|Microsoft Azure||Backup of Clio Service Data|
|Drawloop Technologies Inc.||Document Generation|
|Box, Inc. for USA
Box.com Ltd. for UK or Wales
3.2. Subscriber agrees that Themis may use subcontractors to fulfil its contractual obligations under the Agreement. Themis shall notify Subscriber from time to time of the identity of any Subprocessors engaged. If Subscriber (acting reasonably) objects to a new Subprocessor on grounds related to the protection of Subscriber Personal Data only, then without prejudice to any right to terminate the Agreement, Subscriber may request that Themis move the Subscriber Personal Data to another Subprocessor and Themis shall, within a reasonable time following receipt of such request, use reasonable endeavours to ensure that the original Subprocessor does not Process any of the Subscriber Personal Data. If it is not reasonably possible to use another Subprocessor, and Subscriber continues to object for a legitimate reason, either party may terminate the Agreement on thirty (30) days written notice. If Subscriber does not object within thirty (30) days of receipt of the notice, Subscriber is deemed to have accepted the new Subprocessor.
3.3. Save as set out in clauses 3.1 and 3.2, Themis shall not permit, allow or otherwise facilitate Subprocessors to Process Subscriber Personal Data without Subscriber’s prior written consent and unless Themis:
(a) enters into a written agreement with the Subprocessor which imposes equivalent obligations on the Subprocessor with regard to their Processing of Subscriber Personal Data, as are imposed on Themis under this DPA; and
(b) shall at all times remain responsible for compliance with its obligations under the DPA and will be liable to Customer for the acts and omissions of any Subprocessor as if they were Themis’s acts and omissions.
3.4. International Transfers of Subscriber Personal Data. To the extent that the Processing of Subscriber Personal Data by Themis involves the export of such Subscriber Personal Data to a third party in a country or territory outside the EEA, such export shall be:
(i) to a country or territory ensuring an adequate level of protection for the rights and freedoms of Data Subjects as determined by the European Commission;
(ii) to a third party that is a member of a compliance scheme recognised as offering adequate protection for the rights and freedoms of Data Subjects as determined by the European Commission; or
(iii) governed by the Standard Contractual Clauses between the Subscriber as exporter and such third party as importer. For this purpose, the Subscriber appoints Themis as its agent with the authority to complete and enter into the Standard Contractual Clauses as agent for the Subscriber on its behalf.
4. Data Security, Audits and Security Notifications
4.1 Themis Security Obligations. Themis will implement and maintain appropriate technical and organisational security measures to ensure a level of security appropriate to the risk, including as appropriate, the measures referred to in Article 32(1) of the GDPR.
4.2 Upon Subscriber’s reasonable request, Themis will make available all information reasonably necessary to demonstrate compliance with this DPA.
4.3 Security Incident Notification. If Themis becomes aware of a Security Incident, Themis will (a) notify Subscriber of the Security Incident within 72 hours, (b) investigate the Security Incident and provide Subscriber (and any law enforcement or regulatory official) with reasonable assistance as required to investigate the Security Incident.
4.4 Themis Employees and Personnel. Themis will treat the Subscriber Personal Data as confidential, and shall ensure that any employees or other personnel have agreed in writing to protect the confidentiality and security of Subscriber Personal Data.
4.5 Audits. Themis will, upon Subscriber’s reasonable request and at Subscriber’s expense, allow for and contribute to audits, including inspections, conducted by Subscriber (or a third party auditor on Subscriber’s behalf and mandated by Subscriber) provided (i) such audits or inspections are not conducted more than once per year (unless requested by a Supervisory Authority); (ii) are conducted only during business hours; (iii) are conducted in a manner that causes minimal disruption to Themis’s operations and business; and (iv) Following completion of the audit, upon request, Subscriber will promptly provide Themis with a complete copy of the results of that audit.
5. Access Requests and Data Subject Rights
5.1 Data Subject Rights. Where applicable, and taking into account the nature of the Processing, Themis will use reasonable endeavours to assist Subscriber by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Subscriber’s obligation to respond to requests for exercising Data Subject rights laid down in the Data Protection Laws.
6. Data Protection Impact Assessment and Prior Consultation
6.1 To the extent required under applicable Data Protection Laws, Themis will provide Subscriber with reasonably requested information regarding its Service to enable Subscriber to carry out data protection impact assessments or prior consultations with any Supervisory Authority, in each case solely in relation to Processing of Subscriber Personal Data and taking into account the nature of the Processing and information available to Themis.
7.1 Deletion or return of data. Subject to 7.2 below, Themis will, at Subscriber’s election and within 90 (ninety) days of the date of termination of the Agreement:
(a) make available for retrieval all Subscriber Personal Data Processed by Themis (and delete all other copies of Subscriber Personal Data Processed by Themis following such retrieval); or
(b) delete the Subscriber Personal Data Processed by us.
7.2 Themis and its Subprocessors may retain Subscriber Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws and always provided that Themis ensures the confidentiality of all such Subscriber Personal Data and shall ensure that such Subscriber Personal Data is only Processed as necessary for the purpose(s) specified in the applicable laws requiring its storage and for no other purpose.
8. Governing Law
8.1 This DPA shall be governed by, and construed in accordance with the laws of Ireland. Each of the parties irrevocably submits for all purposes (including any non-contractual disputes or claims) to the non-exclusive jurisdiction of the courts in Ireland.
Details of the Processing Of Subscriber Personal Data
This Annex includes certain details of the processing of Subscriber Personal Data as required by Article 28(3) of the GDPR.
Subject matter and duration of the Processing of Subscriber Personal Data
The subject matter and duration of the Processing of the Subscriber Personal Data are set out in the Agreement and this DPA.
The nature and purpose of the Processing of Subscriber Personal Data
The Subscriber Personal Data will be subject to the following basic processing activities: transmitting, collecting, storing and analysing data in order to provide the Service to the Subscriber, and any other activities related to the provision of the Service or specified in the Agreement.
The types of Subscriber Personal Data to be processed
The Subscriber Personal Data concern the following categories of data: names; email addresses; personal and professional information; and any other personal data provided by the Subscriber in connection with its use of the Service.
The categories of data subject to whom the Subscriber Personal Data relates
Any categories of individuals whose data the Subscriber extracts, transfers, and/or loads onto the Service, which may include but is not limited to:
- Registered Clients; and
- Past, present and prospective clients, business relationship contacts, and outside counsel contacts of the Subscriber.
The obligations and rights of the Subscriber
The obligations and rights of the Subscriber are as set out in this DPA.