© 2025 Amplify-Now | Privacy Policy
These Terms of Service constitute an agreement (this “Agreement”) by and between Amplify-Now Pty Ltd, Level 7, 33 Franklin St Adelaide, South Australia 5000 (“Vendor“ or "CONTRACTOR”) and you (“Customer”). This Agreement is effective as of the date Customer or any of its Users download and/or use the Application (the “Effective Date”). Customer’s use of and Vendor’s provision of Vendor’s Application (as defined below in Section 1.1) are governed by this Agreement.
EACH PARTY ACKNOWLEDGES THAT IT HAS READ THIS AGREEMENT, UNDERSTANDS IT, AND AGREES TO BE BOUND BY ITS TERMS, AND THAT THE PERSON SIGNING ON ITS BEHALF HAS BEEN AUTHORIZED TO DO SO. THE PERSON EXECUTING THIS AGREEMENT ON CUSTOMER’S BEHALF REPRESENTS THAT HE OR SHE HAS THE AUTHORITY TO BIND CUSTOMER TO THESE TERMS AND CONDITIONS.
1. DEFINITIONS. The following capitalized terms will have the following meanings whenever used in this Agreement.
1.1. "Application" means the strategic execution management mobile application, known as Amplify- Now.
1.2. “AUP” means Vendor’s acceptable use policy. See Schedule 1.
1.3. “Customer Data” means data in electronic form input or collected through the Application by or from Customer, including without limitation by Customer’s Users.
1.4. “Desktop Agreement” means the agreement signed between Vendor and Customer governing use of the Amplify-Now software located at amplify-now.com.
1.5. “Documentation” means Vendor's standard manual related to use of the System, published on the Amplify Customer Success portal.
1.6. “Order” means an order for access to the System.
1.7. “Privacy Policy” means Vendor’s privacy policy as amended from time to time, and includes, where relevant, the Data Privacy Requirements outlined in Schedule 2.
1.8. "Services" means the provision of the Application by the Vendor in accordance with this Agreement.
1.9. “System” means the Amplify-Now software located at amplify-now.com, and the Application.
1.10. “SLA” means Vendor’s standard service level agreement in Schedule 3.
1.11. “Term” is defined in Section 11.1 below.
1.12. “User” means any individual who uses the Application on Customer’s behalf or through Customer’s account or passwords, whether authorized or not.
2. THE APPLICATION.
2.1. Use of the Application. During the Term, Customer may access and use the Application pursuant to the terms of any outstanding Order, including such features and functions as the Order requires.
2.2. Service Levels. Vendor shall meet the obligations of the SLA.
2.3. Documentation: Customer may reproduce and use the Documentation solely as necessary to support Users’ use of the System.
2.4. Application Revisions. Vendor may revise Application features and functions or the SLA at any time, provided that it shall not decrease functionality or remove features or reduce service levels. If any such revision to the Application materially reduces features or functionality provided pursuant to an Order, Customer may within 30 days of notice of the revision terminate such Order, without cause, or terminate this Agreement without cause if such Order is the only one outstanding.
3. PAYMENT.
3.1. Subscription Fees. Customer shall pay Vendor the fee set forth in each Order (the “Subscription Fee”) for each Term. Any undisputed Vendor invoices is due within 14 days of issuance.
3.2. Taxes. Amounts due under this Agreement are payable to Vendor without deduction and are net of any tax, tariff, duty, or assessment imposed by any government authority (national, state, provincial, or local), including without limitation any sales, use, excise, ad valorem, property, withholding, or value added tax withheld at the source. If applicable law requires withholding or deduction of such taxes or duties, Customer shall separately pay Vendor the withheld or deducted amount. However, the prior two sentences do not apply to taxes based on Vendor’s net income.
4. CUSTOMER DATA & PRIVACY.
4.1. Use of Customer Data. Unless it receives Customer’s prior written consent, Vendor: (a) shall not access, process, or otherwise use Customer Data other than as necessary to facilitate the Application; and (b) shall not intentionally grant any third party access to Customer Data, including without limitation Vendor’s other customers, except subcontractors that are subject to a reasonable nondisclosure agreement and as necessary to provide the Application and services. Notwithstanding the foregoing, Vendor may disclose Customer Data as required by applicable law or by proper legal or governmental authority. Vendor shall give Customer prompt notice of any such legal or governmental demand and reasonably cooperate with Customer in any effort to seek a protective order or otherwise to contest such required disclosure, at Customer’s expense. Vendor shall process all data in accordance with applicable data privacy law and Schedule 2, if applicable.
4.2. Privacy Policy. The Privacy Policy applies only to the System and does not apply to any third-party website or service linked to the Application or recommended or referred to through the Application or by Vendor’s staff.
4.3. Data Accuracy. Vendor will have no responsibility or liability for the accuracy of data uploaded to the Application by Customer, including without limitation Customer Data and any other data uploaded by Users.
4.4. Data Deletion. Vendor may permanently erase Customer Data if Customer’s account is delinquent, suspended, or terminated for 30 days or more.
4.5. Excluded Data. Customer represents and warrants that Customer Data does not and will not include, and Customer has not and shall not upload or transmit to Vendor's computers or other media, any data (“Excluded Data”) categorized as sensitive information under the Privacy Act 1988 (Cth) or regulated pursuant to Health Insurance Portability and Accountability Act 1996 (US) or Payment Card Industry Data Security Standard (the "Excluded Data Laws"). CUSTOMER RECOGNIZES AND AGREES THAT: (a) VENDOR HAS NO LIABILITY FOR ANY FAILURE TO PROVIDE PROTECTIONS SET FORTH IN THE EXCLUDED DATA LAWS; AND (b) VENDOR’S APPLICATION IS NOT INTENDED FOR MANAGEMENT OR PROTECTION OF EXCLUDED DATA AND MAY NOT PROVIDE ADEQUATE OR LEGALLY REQUIRED SECURITY FOR EXCLUDED DATA.
5. CUSTOMER’S RESPONSIBILITIES & RESTRICTIONS.
5.1. Acceptable Use. Customer shall comply with the AUP. Customer shall not: (a) use the Application for service bureau or time-sharing purposes or in any other way allow third parties to exploit the Application; (b) provide Application passwords or other log-in information to any third party; (c) share non-public Application features or content with any third party; (d) access the Application in order to build a competitive product or service, to build a product using similar ideas, features, functions or graphics of the Application, or to copy any ideas, features, functions or graphics of the Application; or (e) engage in web scraping or data scraping on or related to the Application, including without limitation collection of information through any software that simulates human activity or any bot or web crawler. In the event that it suspects any breach of the requirements of this Section 5.1, including without limitation by Users, Vendor may suspend Customer’s access to the Application with notice, in addition to such other remedies as Vendor may have. Neither this Agreement nor the AUP requires that Vendor take any action against Customer or any User or other third party for violating the AUP, this Section 5.1, or this Agreement, but Vendor is free to take any such action it sees fit.
5.2. Unauthorized Access. Customer shall take reasonable steps to prevent unauthorized access to the Application, including without limitation by protecting its passwords and other log-in information. Customer shall notify Vendor immediately of any known or suspected unauthorized use of the Application or breach of its security and shall use best efforts to stop said breach.
5.3. Compliance with Laws. In its use of the Application, each party shall comply with all applicable laws, including without limitation laws governing the protection of personally identifiable information and other laws applicable to the protection of Customer Data.
5.4. Users & Application Access. Customer is responsible and liable for: (a) Users’ use of the Application, including without limitation unauthorized User conduct and any User conduct that would violate the AUP or the requirements of this Agreement applicable to Customer; and (b) any use of the Application through Customer’s account, whether authorized or unauthorized.
6. IP & FEEDBACK.
6.1. IP Rights to the System. Vendor retains all right, title, and interest in and to the System, including without limitation all software used to provide the System and all graphics, user interfaces, logos, and trademarks reproduced through the System. This Agreement does not grant Customer any intellectual property license or rights in or to the System or any of its components. Customer recognizes that the System and its components are protected by copyright and other laws. Customer shall retain all right, title and interest in the Customer Data.
6.2. Feedback. Vendor has not agreed to and does not agree to treat as confidential any Feedback (as defined below) Customer or Users provide to Vendor, and nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Vendor’s right to use, profit from, disclose, publish, keep secret, or otherwise exploit Feedback, without compensating or crediting Customer or the User in question. Notwithstanding the provisions of Article 7.1 below, Feedback will not be considered Confidential Information, provided additional information Customer transmits with Feedback or related to Feedback may be considered Confidential Information. (“Feedback” refers to any suggestion or idea for improving or otherwise modifying any of Vendor’s products or services.)
7. CONFIDENTIAL INFORMATION.
7.1. “Confidential Information” refers to the following items either party discloses to the other: (a) any document marked “Confidential” by the disclosing party; (b) any information orally designated as “Confidential” at the time of disclosure; (c) the Documentation and all information on the Amplify Customer Success Portal, whether or not marked or designated confidential; and (d) any other nonpublic, sensitive information that could be reasonably considered to be a trade secret or is otherwise confidential. Notwithstanding the foregoing, Confidential Information does not include information that: (i) is in the receiving party’s possession at the time of disclosure (except if the receiving party is under confidentiality obligations in respect of that material); (ii) is independently developed by the receiving party without use of or reference to Confidential Information; (iii) becomes known publicly, before or after disclosure, other than as a result of the receiving party’s improper action or inaction; or (iv) is approved for release in writing by the disclosing party. Both parties acknowledge that the Confidential Information may include valuable trade secrets.
7.2. Nondisclosure. Neither party shall use Confidential Information for any purpose other than the successful use of the Application (the “Purpose”). The receiving party: (a) shall not disclose Confidential Information to any employee or contractor of the receiving party unless such person needs access in order to facilitate the Purpose and executes a nondisclosure agreement with the receiving party with terms no less restrictive than those of this Section 7.1; and (b) shall not disclose Confidential Information to any other third party without the disclosing party's prior written consent. Without limiting the generality of the foregoing, the receiving party shall protect Confidential Information with the same degree of care it uses to protect its own confidential information of similar nature and importance, but with no less than reasonable care. The receiving party shall promptly notify the disclosing party of any misuse or misappropriation of Confidential Information that comes to the receiving party's attention. Notwithstanding the foregoing, the receiving party may disclose Confidential Information as required by applicable law or by proper legal or governmental authority. The receiving party shall give the disclosing party prompt notice of any such legal or governmental demand and reasonably cooperate with the disclosing party in any effort to seek a protective order or otherwise to contest such required disclosure, at the disclosing party's expense.
7.3. Injunction. The receiving party agrees that breach of this Section 7 may cause the disclosing party irreparable injury, for which monetary damages would not provide adequate compensation, and that in addition to any other remedy, the disclosing party will be entitled to injunctive relief against such breach or threatened breach, without proving actual damage or posting a bond or other security.
7.4. Termination & Return. With respect to each item of Confidential Information, the obligations of Section 7.2 above (Nondisclosure) will terminate 3 years after the date of disclosure; provided that such obligations related to Confidential Information constituting either party's trade secrets will continue so long as such information remains subject to trade secret protection pursuant to applicable law. Upon termination of this Agreement, the receiving party shall return all copies of Confidential Information to the disclosing party or certify, in writing, the destruction thereof.
7.5. Retention of Rights. This Agreement does not transfer ownership of Confidential Information or grant a license thereto. Each Party will retain all right, title, and interest in and to all of its Confidential Information.
7.6. Exception & Immunity. Pursuant to the Defend Trade Secrets Act of 2016, 18 USC Section 1833(b), Recipient is on notice and acknowledges that, notwithstanding the foregoing or any other provision of this Agreement:
(a) Immunity. An individual shall not be held criminally or civilly liable under any Federal or State trade secret law for the disclosure of a trade secret that- (A) is made- (i) in confidence to a Federal, State, or local government official, either directly or indirectly, or to an attorney; and (ii) solely for the purpose of reporting or investigating a suspected violation of law; or (B) is made in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal.
(b) Use of Trade Secret Information in Anti-Retaliation Lawsuit. An individual who files a lawsuit for retaliation by an employer for reporting a suspected violation of law may disclose the trade secret to the attorney of the individual and use the trade secret information in the court proceeding, if the individual- (A) files any document containing the trade secret under seal; and (B) does not disclose the trade secret, except pursuant to court order.
8. REPRESENTATIONS & WARRANTIES.
8.1. From Vendor. Vendor represents and warrants that it is the owner of the Application and of each and every component thereof, or the recipient of a valid license thereto, and that it has and will maintain the full power and authority to grant the rights granted in this Agreement without the further consent of any third party. Vendor’s representations and warranties in the preceding sentence do not apply to use of the Application in combination with hardware or software not provided by Vendor where such combination gave rise to the infringement. In the event of a breach of the warranty in this Section 8.1, at its own expense, shall promptly take the following actions: (a) secure for Customer the right to continue using the Application; (b) replace or modify the Application to make it noninfringing; or (c) terminate the infringing features of the Service and refund to Customer any prepaid fees for such features, in proportion to the portion of the Term left after such termination. In conjunction with Customer’s right to terminate for breach where applicable, the preceding sentence states Vendor’s sole obligation and liability, and Customer’s sole remedy, for breach of the warranty in this Section 8.1 and for potential or actual intellectual property infringement by the Application.
8.2. From Customer. Customer represents and warrants that: (a) it has the full right and authority to enter into, execute, and perform its obligations under this Agreement and that no pending or threatened claim or litigation known to it would have a material adverse impact on its ability to perform as required by this Agreement; (b) it has accurately identified itself and it has not provided any inaccurate information about itself to or through the Application; (c) it is a corporation, the sole proprietorship of an individual 18 years or older, or another entity authorized to do business pursuant to applicable law; (d) Customer's use of Customer Data does not infringe the intellectual property rights of any third party; and (e) Customer will, at all terms during the Term of the Agreement, comply with all applicable privacy law.
9. WARRANTY DISCLAIMERS:
Except to the extent set forth in the SLA and in Section 8.1 above, and to the extent permitted by law, CUSTOMER ACCEPTS THE APPLICATION “AS IS” AND AS AVAILABLE, WITH NO REPRESENTATION OR WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING: (b) VENDOR DOES NOT REPRESENT OR WARRANT THAT THE APPLICATION WILL PERFORM WITHOUT INTERRUPTION OR ERROR.
10. LIMITATION OF LIABILITY.
10.1. Dollar Cap. With the exception of liability arising under Section 8, NEITHER PARTY’S LIABILTY FOR A CLAIM ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL EXCEED THREE TIMES THE VALUE OF 1 YEAR OF SUBSCRIPTION TO THE SERVICE.
10.2. Exclusion of Consequential Damages. Except with regard to breaches of Section 7 (Confidential Information), IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT.
10.3. Clarifications & Disclaimers. THE LIABILITIES LIMITED BY THIS SECTION 10 APPLY: (a) TO LIABILITY FOR NEGLIGENCE; (b) REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, STRICT PRODUCT LIABILITY, OR OTHERWISE; (c) EVEN IF THE PARTY IS ADVISED IN ADVANCE OF THE POSSIBILITY OF THE DAMAGES IN QUESTION AND EVEN IF SUCH DAMAGES WERE FORESEEABLE; AND (d) EVEN IF CUSTOMER’S REMEDIES FAIL OF THEIR ESSENTIAL PURPOSE. If applicable law limits the application of the provisions of this Section 10, a party’s liability will be limited to the maximum extent permissible.
11. TERM & TERMINATION.
11.1. Term. The term of this Agreement (the “Term”) will commence on the Effective Date and continue for the period set forth in the Order.
11.2. Termination for Cause. Either party may terminate this Agreement for the other’s material breach by written notice specifying in detail the nature of the breach, effective in 30 days unless the other party first remedies such breach, or effective immediately if the breach is not capable of remedy.
11.3. Effects of Termination. Upon termination of this Agreement, Customer shall within 30 days cease all use of the Application and delete, destroy, or return all copies of the Documentation in its possession or control. The following provisions will survive termination or expiration of this Agreement: (a) any obligation of Customer to pay fees incurred before termination; (b) Section 6 (IP & Feedback), 7 (Confidential Information), 9 (Warranty Disclaimers), 9 (Indemnification), and 10 (Limitation of Liability); and (c) any other provision of this Agreement that must survive to fulfill its essential purpose.
12. ANTI-BRIBERY.
VENDOR will, in connection with the performance of the Services under this Agreement, comply with all applicable federal, state, and local laws, ordinances, rules, regulations or code, including without limitation the U.S. Foreign Corrupt Practices Act, U.K. Bribery Act of 2010, Australian Criminal Code Act 1995 (Cth), all other applicable anti-bribery and anti-corruption laws and all applicable environmental laws and regulations. CONTRACTOR will maintain any permits, certificates, licenses, consents, approvals and authorizations necessary for the performance and completion of the Services. CONTRACTOR shall report any violation of this Section promptly to CUSTOMER. CONTRACTOR agrees to perform the Services under this Agreement in a manner which is consistent with good business ethics. In addition, CONTRACTOR certifies that neither CONTRACTOR, CONTRACTOR’s employees, nor subcontractors providing Services hereunder, have been convicted of any felonies and that CONTRACTOR has conducted appropriate background checks as legally permissible, to confirm such certification. CONTRACTOR shall immediately notify CUSTOMER, of any changes impacting such certification. Upon request of CUSTOMER, CONTRACTOR will certify to CUSTOMER, in writing, CONTRACTOR’s compliance with the provisions of this Section 12.
13. MISCELLANEOUS.
13.1 Independent Contractors. The parties are independent contractors and shall so represent themselves in all regards. Neither party is the agent of the other, and neither may make commitments on the other’s behalf.
13.2 Notices. Vendor may send notices pursuant to this Agreement to Customer’s email contact points provided by Customer, and such notices will be deemed received 24 hours after they are sent. Customer may send notices pursuant to this Agreement to notices@amplify-now.com and such notices will be deemed received 72 hours after they are sent.
13.3 Force Majeure. No delay, failure, or default, other than a failure to pay fees when due, will constitute a breach of this Agreement to the extent caused by acts of war, terrorism, hurricanes, earthquakes, other acts of God or of nature, strikes or other labor disputes, riots or other acts of civil disorder, embargoes, or other causes beyond the performing party’s reasonable control. If Force Majeure continues for a period of 30 days or more Customer shall be able to terminate contract and receive a refund on remaining term.
13.4 Assignment & Successors. Customer or Vendor may not assign this Agreement or any of its rights or obligations hereunder without Vendor’s express written consent. Except to the extent forbidden in this Section13.4, this Agreement will be binding upon and inure to the benefit of the parties’ respective successors and assigns.
13.5 Severability. To the extent permitted by applicable law, the parties hereby waive any provision of law that would render any clause of this Agreement invalid or otherwise unenforceable in any respect. In the event that a provision of this Agreement is held to be invalid or otherwise unenforceable, such provision will be interpreted to fulfill its intended purpose to the maximum extent permitted by applicable law, and the remaining provisions of this Agreement will continue in full force and effect.
13.6 No Waiver. Neither party will be deemed to have waived any of its rights under this Agreement by lapse of time or by any statement or representation other than by an authorized representative in an explicit written waiver. No waiver of a breach of this Agreement will constitute a waiver of any other breach of this Agreement.
13.7 Choice of Law & Jurisdiction: This Agreement and all claims arising out of or related to this Agreement will be governed solely by the internal laws of the State of South Australia, including without limitation applicable federal law, without reference to: (a) any conflicts of law principle that would apply the substantive laws of another jurisdiction to the parties’ rights or duties; (b) the 1980 United Nations Convention on Contracts for the International Sale of Goods; or (c) other international laws. The parties’ consent to the personal and exclusive jurisdiction of the federal and state courts of Adelaide, South Australia. This Section 0 governs all claims arising out of or related to this Agreement, including without limitation tort claims.
13.8 Conflicts. In the event of any conflict between documents impacting this Agreement, the following order of precedence applies: (a) the Desktop Agreement; (b) this Agreement; and (c) any Vendor policy posted online, including without limitation the AUP or Privacy Policy.
13.9 Technology Export. Customer shall not: (a) permit any third party to access or use the Application in violation of any U.S. law or regulation; or (b) export any software provided by Vendor or otherwise remove it from the United States except in compliance with all applicable U.S. laws and regulations. Without limiting the generality of the foregoing, Customer shall not permit any third party to access or use the Application in, or export such software to, a country subject to a United States embargo (as of the Effective Date, Cuba, Iran, North Korea, Sudan, and Syria).
13.10 Entire Agreement. This Agreement, together with any applicable Desktop Agreement, sets forth the entire agreement of the parties and supersedes all prior or contemporaneous writings, negotiations, and discussions with respect to its subject matter. Neither party has relied upon any such prior or contemporaneous communications.
13.11 Amendment. Vendor may amend this Agreement from time to time by posting an amended version at its Website and sending Customer written notice thereof. Such amendment will be deemed accepted and become effective 30 days after such notice (the “Proposed Amendment Date”) unless Customer first gives Vendor written notice of rejection of the amendment. In the event of such rejection, this Agreement will continue under its original provisions, and the amendment will become effective at the start of Customer’s next Term following the Proposed Amendment Date (unless Customer first terminates this Agreement pursuant to Article 11, Term & Termination). Customer’s continued use of the Service following the effective date of an amendment will confirm Customer’s consent thereto. This Agreement may not be amended in any other way except through a written agreement by authorized representatives of each party.
ACCEPTABLE USE POLICY
A. Unacceptable Use
Vendor requires that all customers and other users of Vendor’s mobile application-based service (the “Service”) conduct themselves with respect for others. In particular, observe the following rules in your use of the Service:
1) Abusive Behavior: Do not harass, threaten, or defame any person or entity. Do not contact any person who has requested no further contact. Do not use ethnic or religious slurs against any person or group.
2) Privacy: Do not violate the privacy rights of any person or breach any applicable privacy legislation. Do not collect or disclose any personal address, social security number, or other personally identifiable information without each holder’s written permission. Do not cooperate in or facilitate identity theft.
3) Intellectual Property: Do not infringe upon the copyrights, trademarks, trade secrets, or other intellectual property rights of any person or entity. Do not reproduce, publish, or disseminate software, audio recordings, video recordings, photographs, articles, or other works of authorship without the written permission of the copyright holder.
4) Hacking, Viruses, & Network Attacks: Do not access any computer or communications system without authorization, including the computers used to provide the Service. Do not attempt to penetrate or disable any security system. Do not intentionally distribute a computer virus, launch a denial of service attack, or in any other way attempt to interfere with the functioning of any computer, communications system, or website. Do not attempt to access or otherwise interfere with the accounts of other users of the Service.
5) Spam: Do not send bulk unsolicited e-mails (“Spam”) or sell or market any product or service advertised by or connected with Spam. Do not facilitate or cooperate in the dissemination of Spam in any way. Do not violate the CAN-Spam Act of 2003 or the Australian Spam Act 2003 (Cth).
6) Fraud: Do not issue fraudulent offers to sell or buy products, services, or investments. Do not mislead anyone about the details or nature of a commercial transaction. Do not commit fraud in any other way.
7) Violations of Law: Do not violate any law.
B. Consequences of Violation
Violation of this Acceptable Use Policy (this “AUP”) may lead to suspension or termination of the user’s account or legal action. In addition, the user may be required to pay for the costs of investigation and remedial action related to AUP violations. Vendor reserves the right to take any other remedial action it sees fit.
C. Reporting Unacceptable Use
Vendor requests that anyone with information about a violation of this AUP report it via e-mail to the following address: legal@amplify-now.com. Please provide the date and time (with time zone) of the violation and any identifying information regarding the violator, including e-mail or IP (Internet Protocol) address if available, as well as details of the violation.
DATA PRIVACY REQUIREMENTS
1. Application
This Schedule only applies where:
(a) the Processor or Controller are in the European Union or the United Kingdom, regardless of whether the processing takes place in the European Union or not;
(b) it involves the Processing of Personal Data of Data Subjects who are in the European Union or the United Kingdom; and/or
(c) it involves the monitoring of the behaviour of Data Subjects as far as their behaviour takes places within the European Union or the United Kingdom .
2. Definitions
(a) “Agreement” means the Agreement between Customer and Contractor to which this Exhibit is attached and made a part thereof.
(a) “Company” means any Customer or affiliate on behalf of which Provider processes Personal Data pursuant to this Agreement. Company may be acting as a Controller or as an authorized Processor on behalf of a client (the Controller) that contracted Company as Processor.
(b) “Controller” means the natural or legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
(c) “Data Subject” means any information relating to an identified or identifiable natural person within the European Union. An identifiable natural person is one who can be identified, directly or indirectly. Legal entities are Data Subjects where required by applicable Data Protection Law.
(d) “Data Protection Law” means all applicable data protection law, including EU General Data Protection Regulation, the UK General Data Protection Regulation and other privacy laws as applicable.
(e) “Personal Data” means any information relating to Data Subject, as more fully described in applicable Data Protection Law.
(f) “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.
(g) “Process(ing)” means any operation or set of operations that is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction.
(h) “Processor” means a natural or legal person which processes Personal Data on behalf of the Data Controller.
(i) “Provider” means Contractor or any Contractor entity or affiliate that Processes Personal Data on behalf of Company pursuant to this Agreement.
(j) “Special Categories of Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation and any other categories of data, such as personal bank account and payment card information and any national identifiers, to the extent considered by Data Protection Law to be particularly sensitive.
(k) “Technical and Organizational Security Measures” means measures aimed at preventing a Personal Data Breach, including but not limited to such breach resulting from or arising out of Provider’s internal use, Processing or other transmission of Personal Data, whether between or among Provider’s affiliates or any other person or entity subcontracted by or acting on behalf of Provider.
3. Processing Obligations of Provider
In Processing Personal Data, Provider agrees that:
(a) Provider shall abide by all applicable Data Protection Law.
(b) Provider shall Process Personal Data only in accordance with the documented instructions of Company and strictly as necessary to perform its obligations under the Agreement and Data Protection Law and for no other purpose. Such instructions are documented in Schedule 2 and other mutually agreed documentation. Provider shall inform Company immediately if, in its opinion, it receives an instruction from Company which infringes Data Protection Law.
(c) Ensure that the persons authorized by Provider to Process Personal Data are bound by appropriate confidentiality obligations.
(d) Provider shall implement appropriate and reasonable Technical and Organizational Security Measures, such measures designed to protect Personal Data from unauthorized use or disclosure consistent with the type of Personal Data being Processed and the services being provided by Provider, all in accordance with applicable Data Protection Law. Documentation of such measures shall be furnished to Company upon request.
(e) Assist Company in ensuring compliance with its obligations in respect of security of Personal Data, data protection impact assessments and prior consultation requirements under Data Protection Law.
(f) Provider shall (1) obtain Company’s prior written consent prior to engaging any sub-processors, and where Company has provided consent for such sub-processor, Contractor shall not replace or engage other sub-processors without the prior written consent of Company, (2) ensure that a written contract exists between Contractor and the sub-processor containing clauses equivalent to those imposed on Contractor in this Schedule 2, and (3) remain liable to Company for the performance of the sub-processor’s obligations.
(g) Inform Company immediately in the event of receiving a request from a data subject to exercise their rights under Data Protection Law and provide such co-operation and assistance as may be required to enable Company to deal with such request in accordance with the provisions of Data Protection Law.
(h) Notify Company within one (1) day after discovery of any Personal Data Breach at privacy@Customer.com or at such contact details communicated to Provider from time to time. Provider shall at its cost and expense assist and cooperate with Company concerning any disclosures to affected parties and other remedial measures as requested by Company or required under Data Protection Law. The notification shall include a detailed description of the Personal Data Breach, the type of Personal Data that was the subject of the Personal Data Breach, the identity of each affected person, and any other information Company reasonably may request concerning such affected persons and the details of the Personal Data Breach. Provider shall designate an individual responsible for management of the Personal Data Breach and shall identify such individual to Company with notification of the breach.
(i) Make available to Company all information necessary to demonstrate compliance with the obligations laid down in this Schedule 2; and (ii) allow for and assist with audits, including inspections, conducted by Company or another auditor mandated by Company, of its relevant facilities, equipment and processes in order to ensure compliance with the obligations laid down in this Schedule 2and applicable Data Protection Law, provided, however, that adherence by Provider to an approved code of conduct or an approved certification mechanism authorized by applicable data protection authority shall be sufficient to demonstrate compliance by Provider with the provisions of this Schedule 2and Data Protection Law.
(j) Contractor shall: (i) at the choice of Company, delete or return the Personal Data to Company when Contractor ceases to provide Services relating to Personal Data processing and, if requested by Company, certify the fact of such deletion, and (ii) not retain any copies of such Personal Data unless applicable Data Protection Law or other applicable law requires storage of the Personal Data.
(k) Not by act or omission place Company in violation of any Data Protection Law.
(l) Upon becoming so aware, notify Company promptly if Contractor receives or Processes Special Categories of Data and follow Company’s documented instructions with respect thereto.
4. Certain Transfers of Personal Data
(a) Contractor shall not (i) transfer Personal Data from any jurisdiction to any other jurisdiction (the EEA constituting a single jurisdiction for this purpose); (ii) move Personal Data from its Customer-approved hosting jurisdiction to a different hosting jurisdiction; or (iii) provision remote access to such Personal Data from any location other than the hosting jurisdiction or other Customer-approved jurisdiction without the prior written consent of Customer. The parties recognize and agree that such consent by Customer may, at Customer’s option, apply to all similar data transfers of similar data between the designated parties and jurisdictions if Customer so elects.
(b) To the extent Contractor is relying on a specific mechanism for lawful international data transfers that is subsequently modified, revoked, or held in a court of competent jurisdiction to be invalid, Contractor shall promptly notify Customer and agrees to pursue a suitable alternate mechanism that can lawfully support the transfer as soon as practicable.
(c) If requested by Customer in order to enable Customer to comply with any Data Protection Law, Contractor also agrees to execute the EU Standard Contractual Clauses in the prescribed form.
SERVICE LEVEL AGREEMENT
Equipment location
Backup time and location
Data Security at rest
Data Security in transit
Login Security
Server Security
Introduction
Hosting of the Amplify platform is provided by Amplify-Now Pty Ltd (“Amplify”), utilizing the global scale and reach of the Microsoft Azure cloud infrastructure.
Service Description
Amplify provides the following services to its hosting customers to ensure maximum availability and performance of the Amplify service:
1. Network monitoring and problem resolution;
2. Amplify Server hardware maintenance, monitoring and problem resolution. Amplify monitors disk, memory and CPU utilization plus a number of other health checks to ensure client hardware is running optimally.
3. Amplify Server software maintenance, patching, upgrading, monitoring and problem resolution. Amplify runs a number of port and application level monitors from within our network and from external networks to ensure client software is running optimally.
4. Telephone Support during business hours; and
5. Back-up management (Nightly full backup stored separately from the database server for 30 days).
Service Details
Availability Service Commitment (per calendar month)
Service Availability
Maintenance Windows
Target Time to Respond
MTTR
1. Definitions
Downtime: the time in which any service listed above is not capable of being accessed or used by the Customer, as monitored by Vendor. “Monthly Uptime Percentage” means the total number of minutes in a calendar month minus the number of minutes of Downtime suffered in a calendar month, divided by the total number of minutes in a calendar month. “Exclusion from Downtime” The following are not counted as Downtime for the purpose of calculating Monthly Uptime Percentage:
A. Service unavailability caused by scheduled maintenance of the platform used to provide the applicable service (Vendor will endeavor to provide seven days’ advance notice of service-affecting scheduled maintenance); or
B. Service unavailability caused by events outside of the direct control of Vendor or its subcontractor(s), including any force majeure event, the failure or unavailability of Customer’s systems, the Internet, and the failure of any other technology or equipment used to connect to or access the service.
Service availability is determined as the amount of time the service is available to the customer across the calendar month, and excludes:
A. Notified maintenance windows (scheduled and emergency)
B. All internet connectivity and infrastructure issues/failures not attributed to facilities or equipment owned, leased, purchased or otherwise operated by Vendor that cause the unavailability. (cont.)
C. All application-related failures attributed to specific applications operated by the Customer that negatively impact Vendor’s ability to provide the service.
D. Network or service availability issues related to malicious behavior perpetrated by Customer’s employees, contractors or 3rd parties, including but not limited to spamming, probing, spoofing or similar activities.
E. Network or service availability issues related to Denial of Service attacks and other flooding techniques.
F. Other unforeseeable circumstances that are outside of Vendor’s control, such as Force Majeure.
Mean Time to Restore (MTTR)
MTTR is the period of time between the point when a service or services fail, and when the service is restored, and the system is fully functional.
During the term of the applicable Proposal, Vendor will use reasonable efforts to achieve a Monthly Uptime Percentage of at least 99.0% for any calendar month. If Vendor does not meet the Vendor SLA, and so long as Customer’s account with us is current, Customer will be eligible to receive the credits described below. These credits are Customer’s exclusive remedy for any failure by Vendor to meet the Vendor SLA. Vendor and Customer hereby agree as follows:
2. Service Credits
Service credits are issued if Vendor does not meet the Vendor SLA for a particular month of the ordered term. Upon approval of a claim we will provide the applicable remedy set forth below:
Monthly Uptime Percentage
Less than 99.00%, but > 98.75% = 5% of monthly fee (service credit)
Less than 98.75%, but > 98.50% = 10% of monthly fee (service credit)
Less than 98.50%, but > 98.25% = 15% of monthly fee (service credit)
Less than 98.25% = 20% of monthly fee (service credit)
3. Claim Procedure.
To receive a service credit for a particular calendar month, Customer must submit a claim by email to the support@amplify-now.com within 30 days of the end of the month during which the Service did not meet the Vendor SLA, and include the following information:
A. Customer name and account number
B. Name of the service to which the claim relates
C. name, email address, and telephone number of the Customer’s designated contact
D. Information supporting each claim of Downtime, including date, time, and a description of the incident and affected service, all of which must fall within the calendar month for which you are submitting a claim.