Effective Date: May 17, 2018
(a) “Administrator” shall mean a Subscriber (as defined in Section 1(i)) with authority to designate additional Authorized Users and/or Administrators.
(c) “Authorized User” shall mean an individual subscriber or the partners, members, employees, temporary employees, and independent contractors of an organization with a subscription to the Service who have been added to the account as users.
(d) “Confidential Information” shall mean the Content (as defined in Section 1(e)) and any information, technical data, or know-how considered proprietary or confidential by either party to this Agreement including, but not limited to, either party’s research, services, inventions, processes, specifications, designs, drawings, diagrams, concepts, marketing, techniques, documentation, source code, customer information, personally identifiable information, pricing information, procedures, menu concepts, business and marketing plans or strategies, financial information, and business opportunities disclosed by either party before or after the Effective Date of this Agreement, either directly or indirectly in any form whatsoever, including in writing, orally, machine readable form or through access to either party’s premises.
(e) “Content” shall mean any information you upload or post to the Service and any information provided by you to Themis in connection with the Service, including, without limitation, information about your Authorized Users or Registered Clients, as defined in Section 1(g).
(f) “Originating Subscriber” shall mean the Subscriber who initiated the Services offered by Themis and is assumed by Themis to have the sole authority to administer the subscription.
(g) “Registered Client” means an individual who has been invited to use the client-facing features of the Service in a limited capacity as a client of an Authorized User.
(h) “Service” shall mean any software or services provided by Themis.
(i) “Subscriber” shall refer to the purchaser of the Services provided by Themis and shall also include any present or former agent, representative, independent contractor, employee, servant, attorney and any entity or person who had authority to act on your behalf.
(j) “Security Emergency” shall mean a violation by Subscriber of this Agreement that (a) could disrupt (i) Themis’s provision of the Service; (ii) the business of other subscribers to the Service; or (iii) the network or servers used to provide the Service; or (b) provides unauthorized third party access to the Service.
2. Limited License & Use of the Service
2.1 Subscriber is granted a non-exclusive, non-transferable, limited license to access and use the Service.
2.2 Themis does not review or pre-screen the Content and Themis claims no intellectual property rights with respect to the Content.
2.3 Authorized Users agree not to reproduce, duplicate, copy, sell, resell or exploit access to the Service, use of the Service, or any portion of the Service, including, but not limited to the HTML, Cascading Style Sheet (“CSS”) or any visual design elements without the express written permission from Themis.
2.4 Authorized Users agree not to modify, reverse engineer, adapt or otherwise tamper with the Service or modify another website so as to falsely imply that it is associated with the Service, Themis, or any other software or service provided by Themis.
2.5 Authorized Users agree that they will not knowingly use the Service in any manner which may infringe copyright or intellectual property rights or in any manner which is unlawful, offensive, threatening, libelous, defamatory, pornographic, obscene or in violation of the terms of this Agreement.
2.6 Authorized Users agree that they will not knowingly use the Service to upload, post, host, or transmit unsolicited bulk email “Spam”, short message service “SMS” messages, viruses, self-replicating computer programs “Worms” or any code of a destructive or malicious nature.
2.7 Except for the non-exclusive license granted pursuant to this Agreement, Subscriber acknowledges and agrees that all ownership, license, intellectual property and other rights and interests in and to the Service shall remain solely with Themis.
2.8 Authorized Users who configure the Service to share or make available certain Content to the public, are deemed to acknowledge and agree that everyone will have access to the Content (“Public Content”). Themis reserves the right, at any time, in its sole discretion, to take any action deemed necessary with respect to Public Content that violates the terms of this Agreement, including, but not limited to, removal of such Public Content.
2.9 Themis reserves the right at any time, and from time to time, to modify or discontinue, temporarily or permanently, any feature associated with the Service, with or without notice, except that Themis shall provide Subscriber with 30-days notice of any modification that materially reduces the functionality of the Service. Continued use of the Service following any modification constitutes Subscriber’s acceptance of the modification.
2.10 Themis reserves the right to temporarily suspend access to the Service for operational purposes, including, but not limited to, maintenance, repairs or installation of upgrades, and will endeavor to provide no less than two business days notice prior to any such suspension. Such notice shall be provided to you in advance through by way of notification within the Service, email or other notification method deemed appropriate by Themis. Further, Themis shall endeavor to confine planned operational suspensions with a best effort to minimize disruption to the Subscriber, but reserves the ability to temporarily suspend operations without notice at any time to complete necessary repairs. In the event of a temporary suspension, Themis will use the same notification methods listed in this section to provide updates as to the nature and duration of any temporary suspension.
2.11 Themis stores all Content on redundant storage servers. The Subscriber may elect to, at a regular interval, replicate all Content associated with the subscription to a third party storage service (“Escrow Agent”). The replicated Content (“Escrowed Data”) will be held under the terms of a separate agreement exclusively between the Subscriber and the Escrow Agent (“Escrow Agreement”). The Subscriber may also elect to replicate all Content associated with the subscription on its own storage device.
2.12 Subscriber grants to Themis a non-exclusive, royalty free right during Subscriber’s use of the Service, to use the Confidential Information for the sole purpose of performing Themis’ obligations under the Agreement in accordance with the terms of the Agreement. Such rights shall include permission for Themis to generate and publish aggregate, anonymized reports on system usage and Content trends and type, provided they do not conflict with Section 4.1.
3. Access to the Service
3.1 Subscriber is only permitted to access and use the Service if he/she is an Authorized User or a Registered Client. Authorized Users are required to provide their full legal name, a valid email address, and any other information reasonably requested by the Service.
3.2 Each Authorized User will be provided with a unique identifier to access and use the Service (“Username”). The Username shall only be used by the Authorized User to whom it is assigned, and shall not be shared with, or used by any other person, including other Authorized Users.
3.3 The initial Administrator shall be the Originating Subscriber with authority to administer the subscription and designate additional Authorized Users and/or Administrators. Each subscription may designate multiple Authorized Users as Administrator. Any Administrator shall be deemed to have the authority to manage the subscription and any Authorized Users. The Administrator will deactivate an active Username if the Administrator wishes to terminate access to the Service for any Authorized User.
3.4 Administrators are responsible for all use of the Service by Authorized Users on the list of active Authorized Users associated with their subscription to the Service.
3.5 As between Themis and the Subscriber, any Content uploaded or posted to the Service remains the property of the Subscriber. Upon Cancellation or Termination of Service as discussed in Section 10 below, Themis shall only be responsible for the return of Content directly to the Administrator or a designated Authorized User in the event that the Administrator is unable to be reached.
3.6 All access to and use of the Service via mechanical, programmatic, robotic, scripted or any other automated means not provided as part of the Service is strictly prohibited.
3.7 Authorized Users are permitted to access and use the Service using an Application Program Interface (“API”) subject to the following conditions:
(a) any use of the Service using an API, including use of an API through a third-party product that accesses and uses the Service, is governed by these Terms of Service;
(b) Themis shall not be liable for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of profits, goodwill, use, data or other intangible losses (even if Themis has been advised of the possibility of such damages), resulting from any use of an API or third-party products that access and use the Service via an API;
(c) Excessive use of the Service using an API may result in temporary or permanent suspension of access to the Service via an API. Themis, in its sole discretion, will determine excessive use of the Service via an API, and will make a reasonable attempt to warn the Authorized User prior to suspension; and
(d) Themis reserves the right at any time to modify or discontinue, temporarily or permanently, access and use of the Service via an API, with or without notice.
4.1 Each party agrees to treat all Confidential Information as confidential and not to use or disclose such Confidential Information except as necessary to perform its obligations under this Agreement.
4.2 Themis and any third party vendors and hosting partners it utilizes to provide the Service shall hold Content in strict confidence and shall not use or disclose Content except (a) as required to perform their obligations under this Agreement; (b) in compliance with Section 7 of this Agreement, or (c) as otherwise authorized by you in writing.
5. Security and Access
5.1 Themis is responsible for providing a secure method of authentication and accessing its Service. Themis will provide mechanisms that:
(a) allow for user password management
(b) transmit passwords in a secure format
(c) protect passwords entered for purposes of gaining access to the Service by utilizing code that follows password management best practices.
5.2 Subscriber will be responsible for protecting the security of usernames and passwords, or any other codes associated to the Service, and for the accuracy and adequacy of personal information provided to the Service.
5.3 Subscriber will implement policies and procedures to prevent unauthorized use of usernames and passwords, and will promptly notify Themis upon suspicion that a username and password has been lost, stolen, compromised, or misused.
5.4 At all times, Themis, and any third party vendors and hosting partners it utilizes to provide the Service, will:
(a) use information security best practices for transmitting and storing your Content, adhering to industry standards;
(b) employ information security best practices with respect to network security techniques, including, but not limited to, firewalls, intrusion detection, and authentication protocols, vulnerability and patch management;
(c) ensure its host facilities maintain industry standards for security and privacy; and
(d) within thirty (30) days of a request by Subscriber, provide Subscriber with a SSAE 16 (SOC2) audit report or industry standard successor report or a comparable description of its security measures in respect of the infrastructure used to host the Service and the Content. In order to obtain such a report, Subscriber must enter into an agreement with the third party provider of the report.
5.5 Themis shall report to Subscriber, with all relevant details (except those which could prejudice the security of data uploaded by other customers), any event that Themis reasonably believes represents unauthorized access to, disclosure of, use of, or damage to Content (a “Security Breach”). Themis shall make such report within 72 hours after learning of the Security Breach.
5.6 In the event of a Security Breach, Themis shall (a) cooperate with Subscriber to identify the cause of the breach and to identify any affected Content; (b) assist and cooperate with Subscriber in investigating and preventing the recurrence of the Security Breach; (c) assist and cooperate with Subscriber in any litigation or investigation against third parties that Subscriber undertake to protect the security and integrity of Content; and (d) use commercially reasonable endeavours to mitigate any harmful effect of the Security Breach.
6. EU Data Protection
The parties agree to comply with the provisions of the Data Processing Addendum set out in Exhibit B.
7. Legal Compliance
7.1 Themis maintains that its primary duty is to protect the Content to the extent the law allows. Themis reserves the right to provide the Confidential Information to third parties as required and permitted by law (such as in response to a subpoena or court order), and to cooperate with law enforcement authorities in the investigation of any criminal or civil matter.
If Themis is required by law to make any disclosure of the Confidential Information that is prohibited or otherwise constrained by this Agreement, then Themis will provide Subscriber with prompt written notice (to the extent permitted by law) prior to such disclosure so that the Subscriber may seek a protective order or other appropriate relief. Subject to the foregoing sentence, Themis may furnish that portion (and only that portion) of the Confidential Information that it is legally compelled or otherwise legally required to disclose.
8. Managed Backup and Archiving
8.1 Themis’s managed backup services must be designed to facilitate restoration of Content to the server or device from which the Content originated in the event the primary data is lost or corrupted. Themis shall ensure recovery of lost or corrupted Content at no cost to you. Following any cancellation or termination of Service for any reason, Subscriber shall have ninety days to retrieve any and all Content.
9. Payment, Refunds and Subscription Changes
9.1 Subscribers with paid subscriptions will provide Themis with a valid credit card for payment of the applicable subscription fees. All subscription fees are exclusive of all federal, state, provincial, municipal or other taxes which Subscribers agree to pay based on where the Subscriber is primarily domiciled. In addition to any fees, the Subscriber may still incur charges incidental to using the Service, for example, charges for Internet access, data roaming, and other data transmission charges.
9.2 Subscribers with monthly paying subscriptions will be charged upon the expiration of any applicable free trial period. Subscriptions canceled prior to the expiration of any trial period, will not be charged. Monthly Subscribers will thereafter be charged in advance each 30 days. Annual Subscribers will thereafter be charged annually on the anniversary date of the initial subscription charge. All charges are final and non-refundable, including payments made by Annual Subscribers.
9.3 No refunds or credits will be issued for partial periods of service, upgrade/downgrade refunds, or refunds for periods unused with an active subscription, including, but not limited to, instances involving the removal of a Subscriber.
9.4 There are no charges for canceling a subscription, and paying subscriptions cancelled prior to the end of their current billing cycle will not be charged again in the following cycle.
9.5 The amount charged on the next billing cycle will be automatically updated to reflect any changes to the subscription, including upgrades or downgrades. Subscription changes, including downgrades, may result in loss of access to Content, features, or an increase or reduction in the amount of available capacity for Content provided by the Service.
9.6 All prices are subject to change upon notice. Such notice may be provided by an e-mail message to the Administrator, or in the form of an announcement on the Service.
9.7 For Subscribers using the Service’s “Campaign Tracker” feature: Payment for Call Minutes. You agree to pay for all per line and per-minute telephone connection fees (“Call Minute Fees”) or other usage fees for other services that Themis may make available, as billed. In addition, Subscriber authorizes Themis to charge your valid credit card for all charges incurred.
9.8 Subscriber is responsible for paying all taxes associated with the subscription to the Service. If Themis has the legal obligation to pay or collect taxes for which Subscriber is responsible under this section, the appropriate amount shall be invoiced to and paid by Subscriber, unless Subscriber provides Themis with a valid tax exemption certificate authorized by the appropriate taxing authority.
9.9 Any and all payments by or on account of the compensation payable under this Agreement shall be made free and clear of and without deduction or withholding for any taxes. If the Subscriber is required to deduct or withhold any taxes from such payments, then the sum payable shall be increased as necessary so that, after making all required deductions or withholdings, Themis receives an amount equal to the sum it would have received had no such deduction or withholding been made.
10. Cancellation and Termination
10.1 Administrators are solely responsible for canceling subscriptions. An Administrator may cancel their subscription at any time by accessing the Service and visiting app.clio.com/settings/subscription/edit as applicable. For security reasons, cancellations shall only be performed by an Administrator using the account cancellation URL within the Service. The Administrator may be directed, within the Service, to call support to complete the cancellation. Cancellations shall not be accepted by any other means.
10.2 Themis in its sole discretion has the right to suspend or discontinue providing the Service to any Subscriber without notice for actions that are (a) in material violation of this Agreement and (b) create a Security Emergency.
10.3 If (i) Authorized Users use the Service to materially violate this Agreement in a way that does not create a Security Emergency; (ii) Themis provides Subscriber with commercially reasonable notice of this violation; (iii) Themis uses commercially reasonable efforts to discuss and resolve the violation with Subscriber; and (iv) despite the foregoing, the violation is not resolved to Themis’s reasonable satisfaction within thirty (30) days of such notice, then Themis reserves the right to suspend access to the Service.
10.4 As required by Section 8 above (“Managed Backup and Archiving”), upon cancellation or termination of a subscription, Content is made available to the Administrator or a designated Authorized User. Following a period of no less than ninety (90) days from the cancellation or termination of a subscription, all Content associated with such subscription will be irrevocably deleted from the Service. All Escrowed Data, if any, will continue to remain available for a period of six months upon cancellation or termination of a subscription in accordance with the terms of the Escrow Agreement.
11. Limitation of Liability
11.1 Except in the case of a violation by Themis of its obligations under Section 4 above (“Confidentiality”), Section 5 above (“Security and Access”), and Section 8 above (“Managed Backup and Archiving”), and except as provided in Section 13.2 below (“Indemnification”), Themis shall not be liable for and Subscriber waives the right to claim any loss, injury, claim, liability or damage of any kind resulting in any way from the Services provided to Subscriber by Themis.
11.2 SUBSCRIBER AGREES THAT THE LIABILITY OF THEMIS ARISING OUT OF ANY CLAIM IN ANY WAY CONNECTED WITH THE SERVICE WILL NOT EXCEED THE TOTAL AMOUNT YOU HAVE PAID FOR THE SERVICE PURSUANT TO THE AGREEMENT WITHIN THE SIX MONTH PERIOD BEFORE THE DATE THE CLAIM AROSE. SUBSCRIBER FURTHER AGREES THAT THEMIS IS NOT AND WILL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER (INCLUDING WITHOUT LIMITATION, ATTORNEY FEES) RELATING TO THIS AGREEMENT. THESE DISCLAIMERS APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, WHETHER THOSE DAMAGES ARE FORESEEABLE AND WHETHER THEMIS HAS BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES. THESE DISCLAIMERS ARE NOT APPLICABLE TO THE INDEMNIFICATION OBLIGATION SET FORTH IN SECTION 13.2. EACH PROVISION OF THIS AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF DAMAGES, OR EXCLUSION OF DAMAGES IS TO ALLOCATE THE RISKS OF THIS AGREEMENT BETWEEN THE PARTIES. THIS ALLOCATION IS REFLECTED IN THE PRICING OFFERED BY THEMIS TO SUBSCRIBER AND IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE FROM AND INDEPENDENT OF ALL OTHER PROVISIONS OF THIS AGREEMENT.
11.3 Subscriber will solely be responsible for any damage and/or loss of Content contained in Subscriber’s technology which occurs as a result of Subscriber’s electronic equipment and/or Subscriber’s computer system.
12. Disclaimer of Warranties
12.1 THEMIS HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS WITH RESPECT TO ANY SERVICES PROVIDED BY THEMIS. NOTHING IN THIS SECTION 12.1 SHALL MODIFY THEMIS’S OBLIGATION TO INDEMNIFY SUBSCRIBER AS REQUIRED BY SECTION 13.2(A) OF THIS AGREEMENT (“INDEMNIFICATION”).
12.2 Themis makes no warranty that its services when provided to Subscriber in digital or electronic format will be compatible with Subscriber computer and/or other equipment, or that these Services will be secure or error free. Nor does Themis make any warranty as to any results that may be obtained from the use of the Service. Nothing in this Section 12.2 shall modify Themis’s obligations under Section 4 above (“Confidentiality”) or Section 5 above (“Security and Access”) or Themis’s obligation to indemnify you as required by Section 13.2(b) of this Agreement (“Indemnification”).
12.3 Themis hereby disclaims all warranties of any kind related to Subscriber’s hardware or software beyond the warranties provided by the manufacturer of Subscriber’s hardware or software.
13.1 Subscriber hereby agrees to indemnify and hold harmless Themis from and against any claim, action, proceeding, loss, liability, judgment, obligation, penalty, damage, cost or expense, including attorneys’ fees, which arise from or relate to the following:
a. Authorized Users’ breach of any obligation stated in this Agreement, and
b. Authorized Users’ negligent acts or omissions.
Themis will provide prompt notice to Subscriber of any indemnifiable event or loss. Subscriber will undertake, at Subscriber’s own cost, the defense of any claim, suit or proceeding with counsel reasonably acceptable to Themis. Themis reserves the right to participate in the defense of the claim, suit, or proceeding, at Themis’ expense, with counsel of Themis’ choosing.
13.2 Themis shall defend, indemnify and hold Subscriber harmless against any loss, damage or costs (including reasonable attorneys’ fees) in connection with claims, demands, suits, or proceedings (“Claims”) made or brought against Subscriber by a third party
a. alleging that the Service, or use of the Service as contemplated hereunder, infringes a copyright, a U.S. patent issued as of the date of final execution of this Agreement, or a trademark of a third party or involves the misappropriation of any trade secret of a third party; provided, however, that Subscriber:
(a) promptly gives written notice of the Claim to Themis (provided, however, that the failure to so notify shall not relieve Themis of its indemnification obligations unless Themis can show that it was materially prejudiced by such delay and then only to the extent of such prejudice); (b) gives Themis sole control of the defense and settlement of the Claim (provided that Themis may not settle any Claim unless it unconditionally releases Subscriber of all liability); and (c) provides to Themis, at Themis’s cost, all reasonable assistance. Themis shall not be required to indemnify Subscriber in the event of: (x) modification of the Service by Subscriber in conflict with Subscriber’s obligations or as a result of any prohibited activity as set forth herein to the extent that the infringement or misappropriation would not have occurred but for such modification; (y) use of the Service in combination with any other product or service not provided by Themis to the extent that the infringement or misappropriation would not have occurred but for such use; or (z) use of the Service in a manner not otherwise contemplated by this Agreement to the extent that the infringement or misappropriation would not have occurred but for such use; or
b. arising out of or related to a violation by Themis of its obligations under Section 4 above (“Confidentiality”) or Section 5 above (“Security and Access”),
14.1 Technical support and training are available to Authorized Users with active subscriptions, and is available by telephone, email or electronic support ticket, as defined at support.clio.com/home and in Exhibit A.
14.2 Subscriber acknowledges and agrees that Themis may use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Service.
14.3 Themis may provide the ability to integrate the Service with third party products and services that Subscriber may use at Subscriber’s option and risk. Access to and use of any third party products and services are subject to the separate terms and conditions required by the providers of the third party products and services. Subscriber agrees that Themis has no liability arising from Subscriber’s use of any integrations or arising from the third party products and services. Themis can modify or cancel the integrations at any time without notice. For purposes of calculating downtime pursuant to Exhibit A, calculation does not include the unavailability of any integration or any third party products or services.
14.4 Subscriber acknowledges the risk that information and the Content stored and transmitted electronically through the Service may be intercepted by third parties. Subscriber agrees to accept that risk and will not hold Themis liable for any loss, damage, or injury resulting from the interception of information. The Content is stored securely and encrypted. Only Themis, with strict business reasons, may access and transfer the Content and only to provide Subscriber with the Service. Themis will make reasonable efforts to provide notice to Subscriber prior to such access and transfer. Themis’ actions will comply with its obligations under Sections 4 and 5 of this Agreement.
14.5 The failure of either party to enforce any provision hereof shall not constitute or be construed as a waiver of such provision or of the right to enforce it at a later time.
14.6 This Agreement constitutes the entire agreement between Authorized Users and Themis and governs Authorized Users use of the Service, superseding any prior agreements between Authorized Users and Themis (including, but not limited to, any prior versions of this agreement).
14.7 Themis reserves the right to amend this Agreement. In the event of material changes to the Agreement, Themis will notify Subscribers, by email, or by other reasonable means of these changes prior to their enactment. Continued use of the Service by the Subscriber after reasonable notice will be considered acceptance of any new terms.
14.8 Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (which consent shall not be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety without consent of the other party in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets provided the assignee has agreed to be bound by all of the terms of this Agreement. Any attempt by a party to assign its rights or obligations under this Agreement in breach of this Section shall be void and of no effect.
14.9 Governing Law and Venue. This Agreement and your relationship with Themis shall be governed exclusively by, and will be enforced, construed, and interpreted exclusively in accordance with, the laws applicable in the province of British Columbia, Canada and shall be considered to have been made and accepted in British Columbia, Canada, without regard to its conflict of law provisions. All disputes under this Agreement will be resolved by the courts of British Columbia in Vancouver, and Subscribers consent to the jurisdiction of and venue in such courts and waive any objection as to inconvenient forum. In any action or proceeding to enforce rights under this Agreement, the prevailing party shall be entitled to recover costs and legal fees.
THEMIS SERVICE LEVEL COMMITMENTS AND SUPPORT SERVICES
Commencing on the date the Service to the Subscriber commences (the “Subscription Term”), Themis will provide Service Level Commitments (“SLC”) Credits (defined in Section 3 below) and Support Services in accordance with the SLC and Support Services Terms as defined herein. In the event of any conflict between the Agreement and the Service Level Commitment and Support Services Terms, the SLC and Support Services Terms will prevail. The SLC and Support Services incorporate the definitions set forth in Section 1 of the Clio User License Agreement.
1. Exhibit Definitions
“Subscriber Core Group” means Subscriber’s employees who have been trained on the Service and who are familiar with Subscriber’s business practices.
“Subscriber User Community” means all users who input, extract or view data in the Service, including all Registered Clients.
“Downtime” means any period, greater than ten minutes, within the Scheduled Available Time during which the Subscriber is unable to access or use the Service because of an Error (as defined below), excluding (i) any such period that occurs during any Scheduled Downtime and/or Recurring Downtime (as defined below), or (ii) document preview, search, FTP or sync functions of the Service.
“Error(s)” means the material failure of the Service to conform to its published functional specifications.
“Procedural Issues” means those issues that are to be addressed by Subscriber through adjustment of a specific business process to accomplish work in the Service.
“Recurring Downtime” means 4 hours per month on the third Saturday of the month from 12:00 A.M. to 4:00 A.M. PST.
“Request” means a modification to the Service outside of the scope of the functional specifications.
“Scheduled Available Time” means 24 hours a day, 7 days a week.
“Scheduled Downtime” means the time period identified by Themis in which it intends to perform any planned upgrades and/or maintenance on the Service or related systems and any overrun beyond the planned completion time.
“Uptime Percentage” means the total number of minutes of Scheduled Available Time for a calendar month minus the number of minutes of Downtime suffered in such calendar month, divided by the total number of minutes of Scheduled Available Time in such calendar month. Uptime Percentage will be calculated by Themis solely using records and tools available to Themis.
“User Administration Support” means issues that impact the usability of the Service and are addressable through the adjustment of Registered Client’s access privileges, processes or procedures.
2. Scope of Service Level Commitments.
Themis’s obligations do not extend to Errors or other issues caused by:
1. any modification of the Service made by any person other than Themis;
2. any third party hardware or software used by Subscriber or any Registered Clients except as otherwise provided in the then current Documentation;
3. the improper operation of the Service by Subscriber or Registered Clients;
4. the accidental or deliberate damage to, or intrusion or interference with the Service;
5. the use of the Service other than in accordance with any user Documentation or the reasonable instructions of Themis;
6. ongoing test or training instances of the Service provided to Subscriber; or
7. services, circumstances or events beyond the reasonable control of Themis, including, without limitation, any force majeure events, the performance and/or availability of local ISPs employed by Subscriber, or any network beyond the demarcation or control of Themis.
3. Scheduled Downtime and Guaranteed Uptime
Themis will use commercially reasonable efforts to provide at least 24 hours’ prior notice before undertaking any Scheduled Downtime. Commencing on the effective date of the applicable Subscription Term, in the event the Service experiences an Uptime Percentage of less than 99.9% in any calendar month, Themis will provide to Subscriber a credit (“SLC Credit”) equal to the credit percentage identified in the table SLC Credits table below multiplied by the Subscriber’s fees paid to Themis for the Service that are attributable to such month (calculated on a straight line pro-rated basis with respect to any fees paid in advance). Subscriber will submit a written SLC Credit request to Themis in writing within 30 days of such Downtime. The SLC Credit is Subscriber’s sole and exclusive remedy for any failure by Themis to meet any performance obligations pertaining to the Service, including, without limitation, any support obligations except as provided in the User License Agreement.
Themis reserves the right to temporarily suspend Subscriber’s or a Registered Client’s access to the Clio Service as set out in the User License Agreement. Any such suspensions based on repairs, technical problems, outages or maintenance services will be subject to the Service Level Commitments.
SLC Credits Table
|Uptime Percentage||Credit Percentage|
|Equal to or greater than 98% but less than 99.9%||10%|
|Less than 98%||25%|
4. Availability of SLC Credits
Subscribers who are past due on any payments owed to Themis are not eligible to receive SLC Credits. Themis will issue SLC Credits, as determined in its sole discretion, either on future billing cycles or as a refund against annual fees paid. In order to receive any SLC Credit, Subscriber must notify Themis within 30 days from the time Subscriber becomes eligible to receive a SLC Credit. Failure to comply with this requirement will forfeit Subscriber’s right to receive a SLC Credit. In no event will the total amount of SLC Credits if any, exceed the fees paid by Subscriber for the corresponding month.
5. Support Services
Themis will provide support services to assist Subscriber in resolving Errors (“Support Services”). Support Services do not include (a) physical installation or removal of the API and any Documentation; (b) visits to Subscriber’s site; (c) any electrical, mechanical or other work with hardware, accessories or other devices associated with the use of the Service; (d) any work with any third party equipment, software or services; (e) any professional services (“Professional Services”) associated with the Service, including, without limitation, any custom development, or data modeling.
Themis will provide email and/or phone support as specified at support.clio.com, excluding Themis corporate holidays and national Canadian, Irish, and U.S. holidays except where noted.
THEMIS DATA PROTECTION ADDENDUM
To the extent that Themis Processes any Subscriber Personal Data (each as defined below) and (i) the Subscriber Personal Data relates to individuals located in the EEA; or (ii) Subscriber is established in the EEA, the provisions of this Data Processing Addendum (“DPA”) shall apply to the processing of such Subscriber Personal Data. In the event of any conflict between the remainder of the Agreement and the DPA, the DPA will prevail.
1.1. The following capitalised terms used in this DPA shall be defined as follows:
(a) “Controller” has the meaning given in the GDPR.
(b) “Data Protection Laws” means the EU General Data Protection Regulation 2016/679 (“GDPR“), any applicable national implementing legislation in each case as amended, replaced or superseded from time to time, and all applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the Processing of Subscriber Personal Data.
(c) “Data Subject” has the meaning given in the GDPR.
(d) “European Economic Area” or “EEA” means the Member States of the European Union together with Iceland, Norway, and Liechtenstein.
(e) “Processing” has the meaning given in the GDPR, and “Process” will be interpreted accordingly.
(f) “Processor” has the meaning given in the GDPR.
(g) “Security Incident” means any confirmed accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Subscriber Personal Data.
(h) “Standard Contractual Clauses” means the Standard Contractual Clauses (processors) approved by European Commission Decision C(2010)593 or any subsequent version thereof released by the European Commission (which will automatically apply).
(i) “Subprocessor” means any Processor engaged by Themis who agrees to receive from Themis Subscriber Personal Data.
(j) “Subscriber Personal Data” means the “personal data” (as defined in the GDPR) described in the Annex and any other personal data contained in the Content or that Themis processes on Subscriber’s behalf in connection with the provision of the Service.
(k) “Supervisory Authority” has the meaning given in the GDPR.
2. Data Processing
2.1. The Parties acknowledge and agree that for the purpose of the Data Protection Laws, the Subscriber is the Controller and Themis is the Processor.
2.2 Instructions for Data Processing. Themis will only Process Subscriber Personal Data in accordance with Subscriber’s written instructions. The parties acknowledge and agree that the Agreement (subject to any changes to the Service agreed between the parties) and this DPA shall be Subscriber’s complete and final instructions to Themis in relation to the processing of Subscriber Personal Data.
2.3. Processing outside the scope of this DPA or the Agreement will require prior written agreement between Subscriber and Themis on additional instructions for Processing.
2.4. Required consents. Where required by applicable Data Protection Laws, Subscriber will ensure that it has obtained/will obtain all necessary consents and complies with all applicable requirements under Data Protection Laws for the Processing of Subscriber Personal Data by Themis in accordance with the Agreement.
3. Transfer of Personal Data
3.1. Authorised Subprocessors. Subscriber agrees that Themis may use the following as Subprocessors to Process Subscriber Personal Data:
|Subprocessor||Description of Processing|
|Amazon Web Services, Inc.||Hosting|
|Microsoft Azure||Backup of Clio Service Data|
|Drawloop Technologies Inc.||Document Generation|
|Box, Inc. for USA|
Box.com Ltd. for UK or Wales
3.2. Subscriber agrees that Themis may use subcontractors to fulfil its contractual obligations under the Agreement. Themis shall notify Subscriber from time to time of the identity of any Subprocessors engaged. If Subscriber (acting reasonably) objects to a new Subprocessor on grounds related to the protection of Subscriber Personal Data only, then without prejudice to any right to terminate the Agreement, Subscriber may request that Themis move the Subscriber Personal Data to another Subprocessor and Themis shall, within a reasonable time following receipt of such request, use reasonable endeavours to ensure that the original Subprocessor does not Process any of the Subscriber Personal Data. If it is not reasonably possible to use another Subprocessor, and Subscriber continues to object for a legitimate reason, either party may terminate the Agreement on thirty (30) days written notice. If Subscriber does not object within thirty (30) days of receipt of the notice, Subscriber is deemed to have accepted the new Subprocessor.
3.3. Save as set out in clauses 3.1 and 3.2, Themis shall not permit, allow or otherwise facilitate Subprocessors to Process Subscriber Personal Data without Subscriber’s prior written consent and unless Themis:
(a) enters into a written agreement with the Subprocessor which imposes equivalent obligations on the Subprocessor with regard to their Processing of Subscriber Personal Data, as are imposed on Themis under this DPA; and
(b) shall at all times remain responsible for compliance with its obligations under the DPA and will be liable to Subscriber for the acts and omissions of any Subprocessor as if they were Themis’s acts and omissions.
3.4. International Transfers of Subscriber Personal Data. To the extent that the Processing of Subscriber Personal Data by Themis involves the export of such Subscriber Personal Data to a third party in a country or territory outside the EEA, such export shall be:
(i) to a country or territory ensuring an adequate level of protection for the rights and freedoms of Data Subjects as determined by the European Commission;
(ii) to a third party that is a member of a compliance scheme recognised as offering adequate protection for the rights and freedoms of Data Subjects as determined by the European Commission; or
(iii) governed by the Standard Contractual Clauses between the Subscriber as exporter and such third party as importer. For this purpose, the Subscriber appoints Themis as its agent with the authority to complete and enter into the Standard Contractual Clauses as agent for the Subscriber on its behalf.
4. Data Security, Audits and Security Notifications
4.1 Themis Security Obligations. Themis will implement and maintain appropriate technical and organizational security measures to ensure a level of security appropriate to the risk, including as appropriate, the measures referred to in Article 32(1) of the GDPR.
4.2 Upon Subscriber’s reasonable request, Themis will make available all information reasonably necessary to demonstrate compliance with this DPA.
4.3 Security Incident Notification. If Themis becomes aware of a Security Incident, Themis will (a) notify Subscriber of the Security Incident within 72 hours, (b) investigate the Security Incident and provide Subscriber (and any law enforcement or regulatory official) with reasonable assistance as required to investigate the Security Incident.
4.4 Themis Employees and Personnel. Themis will treat the Subscriber Personal Data as confidential, and shall ensure that any employees or other personnel have agreed in writing to protect the confidentiality and security of Subscriber Personal Data.
4.5 Audits. Themis will, upon Subscriber’s reasonable request and at Subscriber’s expense, allow for and contribute to audits, including inspections, conducted by Subscriber (or a third party auditor on Subscriber’s behalf and mandated by Subscriber) provided (i) such audits or inspections are not conducted more than once per year (unless requested by a Supervisory Authority); (ii) are conducted only during business hours; (iii) are conducted in a manner that causes minimal disruption to Themis’s operations and business; and (iv) Following completion of the audit, upon request, Subscriber will promptly provide Themis with a complete copy of the results of that audit.
5. Access Requests and Data Subject Rights
5.1 Data Subject Rights. Where applicable, and taking into account the nature of the Processing, Themis will use reasonable endeavours to assist Subscriber by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Subscriber’s obligation to respond to requests for exercising Data Subject rights laid down in the Data Protection Laws.
6. Data Protection Impact Assessment and Prior Consultation
6.1 To the extent required under applicable Data Protection Laws, Themis will provide Subscriber with reasonably requested information regarding its Service to enable Subscriber to carry out data protection impact assessments or prior consultations with any Supervisory Authority, in each case solely in relation to Processing of Subscriber Personal Data and taking into account the nature of the Processing and information available to Themis.
7.1 Deletion or return of data. Subject to 7.2 below, Themis will, at Subscriber’s election and within 90 (ninety) days of the date of termination of the Agreement:
(a) make available for retrieval all Subscriber Personal Data Processed by Themis (and delete all other copies of Subscriber Personal Data Processed by Themis following such retrieval); or
(b) delete the Subscriber Personal Data Processed by us.
7.2 Themis and its Subprocessors may retain Subscriber Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws and always provided that Themis ensures the confidentiality of all such Subscriber Personal Data and shall ensure that such Subscriber Personal Data is only Processed as necessary for the purpose(s) specified in the applicable laws requiring its storage and for no other purpose.
8. Governing law
8.1 This DPA shall be governed by, and construed in accordance with the laws of Ireland. Each of the parties irrevocably submits for all purposes (including any non-contractual disputes or claims) to the non-exclusive jurisdiction of the courts in Ireland.
Details of the Processing of Subscriber Personal Data
This Annex includes certain details of the processing of Subscriber Personal Data as required by Article 28(3) of the GDPR.
Subject matter and duration of the Processing of Subscriber Personal Data
The subject matter and duration of the Processing of the Subscriber Personal Data are set out in the Agreement and this DPA.
The nature and purpose of the Processing of Subscriber Personal Data
The Subscriber Personal Data will be subject to the following basic processing activities: transmitting, collecting, storing and analysing data in order to provide the Service to the Subscriber, and any other activities related to the provision of the Service or specified in the Agreement.
The types of Subscriber Personal Data to be processed
The Subscriber Personal Data concern the following categories of data: names; email addresses; personal and professional information; and any other personal data provided by the Subscriber in connection with its use of the Service.
The categories of data subject to whom the Subscriber Personal Data relates
Any categories of individuals whose data the Subscriber extracts, transfers, and/or loads onto the Service, which may include but is not limited to:
- Registered Clients; and
- Past, present and prospective clients, business relationship contacts, and outside counsel contacts of the Subscriber.
The obligations and rights of the Subscriber
The obligations and rights of the Subscriber are as set out in this DPA.