Net-Results Terms & Conditions
Forward I.T. Solutions, LLC dba Net-Results (“Net-Results”) and Customer hereby agree as follows:
- Scope; Procurement and Provisioning by Affiliates; Subscription Services Users.
- Scope. This Terms of Service (“Agreement”) applies to Customer’s use of the online subscription services and related online training and packaged professional services (e.g., special integrations) offered by Net-Results (collectively, the “Subscription Services”) that are listed in one or more Net-Results subscription-based ordering documents signed by the Parties (each a “Client Agreement”). This Agreement and all executed Client Agreements, including any incorporated attachments, addenda and exhibits, are collectively referred to as the “Agreement.” All capitalized terms not defined herein will have the meanings attributed to them in the Client Agreement.
- Procurement and Provisioning by Affiliates. Customer may procure Subscription Services under this Agreement for its own account and on behalf of one or more Customer Affiliates (defined below). Customer is responsible for the acts and omissions of Customer Affiliates under any Client Agreement pursuant to which the Customer Affiliate receives the benefit of the Subscription Services but is not a signatory. Additionally, Customer Affiliates may procure Subscription Services directly under this Agreement pursuant to a Client Agreement executed by such Customer Affiliate and Net-Results. Customer Affiliates who sign a Client Agreement will be deemed to be the Customer hereunder and solely responsible for its performance or non-performance thereunder. “Affiliate” means any legal entity directly or indirectly controlling, controlled by or under common control with a Party, where control means the ownership of a majority share of the stock, equity or voting interests of such entity.
- Subscription Services Users. During the Term set forth in each Client Agreement, Net-Results will make the Subscription Services available to Customer and its authorized Affiliates, employees, agents or contractors (“Users”), for access and use by such Users solely for Customer’s internal business purposes in accordance with the terms of the Agreement. Customer is responsible for use of the Subscription Services by Users and any party who accesses the Subscription Services with Customer’s or a User’s account credentials.
- Restrictions; Net-Results Acceptable Use Policy; Usage Rights; Suspension.
- Restrictions. Customer will not, and will ensure that its Users do not, directly or indirectly (i) make the Subscription Services available to anyone other than Users or use the Subscription Services for the benefit of any unrelated third party; (ii) sell, resell, assign, pledge, transfer, license, sublicense, distribute, rent or lease the Subscription Services; (iii) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Subscription Services or any software, documentation or data related to or provided with the Subscription Services; (iv) modify, translate or create derivative works based on the Subscription Services or remove any proprietary notices or labels from the Subscription Services; (v) use or access the Subscription Services to build or support, and/or assist a third party in building or supporting products or services competitive to the Subscription Services; (vi) include the Subscription Services in a service bureau or outsourcing offering; or (vii) utilize the Subscription Services in mainland China or Russia unless specifically allowed in a Client Agreement.
- Net-Results Acceptable Use Policy. Customer will, and will ensure that its Users, use the Subscription Services only in compliance with the Net-Results Acceptable Use Policy (AUP). Compliance with this AUP protects the interests of individuals using the Internet, the reputation and goodwill of Net-Results. Ensuring the utmost standards of email marketing is our collective responsibility.
- Prohibition against Unsolicited Email/Spam: Customers must refrain from directly or indirectly sending, transmitting, distributing, or delivering:
- Unsolicited bulk email (“spam” or “spamming”) i.e., emails to persons who have not consented to the receipt of such emails by providing their email address in a manner from which consent to receive email may be reasonably implied.
- Email to an address obtained via Internet harvesting or other surreptitious methods (e.g., scraping, renting, purchased list, co-registration, affiliate marketing, incomplete or old lists; or email appending). Net-Results defines email appending as a marketing practice that involves taking known Customer Data (name, address, etc.) and matching it against a third-party vendor’s database to obtain email addresses.
- Email that generates abuse/spam complaints or spam trap hits resulting in IP/Domain blacklisting or other deliverability issues that could have material impact on Net-Results or its customers reputation.
Inclusion of Opt-Out Provision: Customers must ensure all commercial emails sent include a provision for recipients to “opt-out” or revoke permission of receiving any future messages from Customer. To that end, Customer agrees:
To use the unsubscribe tools provided by Net-Results; or
To have procedures in place to allow a recipient to easily opt-out, such as: (a) a clear appended link for recipients to easily opt-out of receiving future messages, or (b) Instructions to reply with the word “Unsubscribe” in the subject line; and
Unsubscribe requests made outside of Net-Results must be honored without delay with no future messages being sent unless future permission is granted.
General Prohibitions: Customers transmitting content through Net-Results services must not misrepresent or obscure their identity in any way or mislead recipients through use of invalid or forged headers, misleading subject lines or content, or domain names not owned or controlled by Customer.
Customer must not transmit any messages through Net-Results services with content that is threatening, abusive, harassing, defamatory, deceptive, false, fraudulent, vulgar, obscene, indecent, or illegal.
Customer is strictly prohibited from transmitting or providing Net-Results any sensitive information as that term may be used in applicable laws, or where no laws apply, individuals’ financial account information, sexual preferences, medical or health information, and/or personal information of children protected under any child protection laws.
AUP Enforcement and Updates: Violations of the AUP will be deemed a material risk to the continued normal operation of Net-Results services and may result in immediate revocation of Customer’s subscription to use the services. Net-Results may review relevant data to determine Customers’ compliance with this AUP.
Net-Results reserves the right to update the AUP in accordance with industry best practices and applicable law by posting a revised copy on the Net-Results website.
Promptly notify Net-Results of any known or suspected violation of this AUP or if you are in receipt of a message sent through Net-Result’s infrastructure that appears to violate this AUP. Please contact email@example.com and attach the offending email rather than forwarding it.
- Usage Rights. Customer will, at all times, ensure that its use of the Subscription Services does not exceed the usage terms specified in the Client Agreement. Net-Results will invoice the Customer for any overages and notify the Customer in writing (email notification sufficient) specifying such Usage Rights overage. Fees for usage overage is specified within the Client Agreement.
- Suspension. Net-Results may immediately suspend Customer’s account and access to the Subscription Services if (i) Customer fails to make payment due within 10 business days after Net-Results has provided Customer with written notice of such failure; or (ii) Customer violates Section 2a (Restrictions), Section 2b (Net-Results Acceptable Use Policy), or Section 11 (Confidential Information). Any suspension by Net-Results of the Subscription Services under the preceding sentence will not relieve Customer of its payment obligations hereunder. Net-Results will promptly lift the suspension upon Customer’s payment or remedy of the triggering violation, as applicable.
- Ownership: Subscription Services; Customer Data; Statistical Information.
- Subscription Services. Customer acknowledges that the Subscription Services are offered online on a subscription basis. Net-Results reserves all rights, title and interest in and to the Subscription Services, including any software or documents related to or provided with the Subscription Services and all intellectual property rights and derivatives, modifications, refinements or improvements thereto. From time to time, Customer or its Users may submit to Net-Results comments, questions, enhancement requests, suggestions, ideas, process descriptions or other information related to the Subscription Services (“Feedback”). Customer agrees that Net-Results has all rights to use and incorporate Feedback into the Subscription Services without restriction or payment to Customer. No rights are granted to Customer other than as expressly set forth herein.
- Customer Data. Customer owns any data, information or material originated by Customer or that Customer provides in the course of using the Subscription Services, including information regarding Customer’s social networking connections, followers or other contacts activated through use of the Subscription Services (“Customer Data”). Customer will be solely responsible for (i) the accuracy, quality, content, legality and use of Customer Data, including the means by which Customer Data is acquired and transferred by Customer or its Users outside of the Subscription Services; and (ii) all applicable social networking terms and conditions related to procurement and use of Customer Data. Customer Data is Customer’s Confidential Information.
- Statistical Information. Net-Results may monitor Customer’s use of the Subscription Services and compile Customer Data with other data in an aggregate and anonymous manner to derive statistical and performance information related to the provision and operation of the Subscription Services and may make such information publicly available, provided that such information does not include any data that would enable the identification of Customer or Customer Data, or the disclosure of Customer Confidential Information. Net-Results retains all rights, title and interest in and to such statistical and performance information.
- Free Trial Period
- In the event Customer elects to use the Subscription Services on a trial basis, Customer will not be billed for the Subscription Services for the agreed upon trial period (the “Trial Period”), commencing on the date Customer accepts this Agreement. During the Trial Period, Customer may use the Subscription Services subject to the agreed upon Usage Rights. The Usage Rights for the Trial Period are subject to change at any time. Upon reaching the end of the free trial period, Customer may purchase Subscription Services.
- Should Customer wish to discontinue use of the Subscription Services upon or before expiration of the Trial Period, Customer must take all steps outlined in Section 6 of this Agreement titled “Term; Termination for Cause, Effect of Termination; Survival.”.
- Should Customer wish to continue use of the Subscription Services upon expiration of the Trial Period, a Client Agreement must be executed.
- Fees; Taxes and Currency; Invoices.
- Fees. Customer will pay all fees set forth in the Client Agreement and any fees invoiced pursuant to this Agreement. All fees are non cancelable and non refundable, except as expressly specified in the Client Agreement.
- Taxes and Currency. All fees are exclusive of, and Customer will be responsible for payment of taxes, levies, duties or similar local, state, provincial, federal or foreign jurisdiction governmental assessments on the SubscriptionServices. Customer is not responsible for any taxes based on Net-Result’s net income or property. Except as otherwise specified in a Client Agreement, all fees due hereunder will be paid in U.S. Dollars.
- Invoices. All amounts are due and payable as specified in the Client Agreement. If no payment terms are specified in the applicable Client Agreement, payment terms are net 30 days from receipt of invoice. Unpaid invoices not the subject of a written good faith dispute are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all reasonable expenses of collection.
- Term; Termination for Cause, Effect of Termination; Survival.
- Term. The term will commence on the Client Agreement execution date (the “Effective Date”) and will remain in effect until the Subscription Services Term in all Client Agreements has been terminated by the Customer (the “Term”). Customer may terminate this Agreement by providing at least 30 days written notice prior to the commencement of the next renewal term by undertaking the following two (2) actions: 1) Send an email message to firstname.lastname@example.org or send written notice to Net-Results at 1738 Wynkoop Street, Suite 202, Denver, CO 80202 USA and 2) Customer must remove the Net-Results tracking beacon/implementation code from all pages of all websites within which the implementation code resides. Termination notice will be bound by term length designated on the executed Client Agreement. This Agreement will automatically renew unless written notice of termination is sent at least 30 days prior to the commencement of the next renewal term unless specifically designated within the executed Client Agreement.
- Termination for Cause. In the event of a material breach by either Party, the non-breaching Party will have the right to terminate the applicable Client Agreement for cause if such breach has not been cured within 30 days after written notice from the non-breaching Party specifying the breach.
- Effect of Termination. If Net-Results terminates a Client Agreement for Customer’s uncured material breach (i) all fees set forth in the terminated Client Agreement will be immediately due and payable; (ii) all rights granted thereunder will immediately terminate; and (iii) if such terminated Client Agreement includes fees for usage of the Subscription Services in excess of the stated terms, such fees are also immediately due and payable. If Customer terminates a Client Agreement for Net-Result’s uncured material breach, Customer will be entitled to a pro-rata refund for prepaid fees for the Subscription Services not performed as of the date of termination. Upon completion of the Term, all rights to access and use the Subscription Services will terminate and Net-Results will irretrievably delete and destroy Customer Data and, if requested in writing, Net-Results will certify to such destruction in writing.
- Survival. The following Sections of the Agreement will survive termination of the Agreement: Section 2a (Restrictions), Section 3 (Ownership: Subscription Services; Customer Data; Statistical Information), Section 5 (Fees; Taxes and Currency; Invoices), Section 8d (Warranties Disclaimer), Section 9 (Indemnification), Section 10 (Limitation of Liability), Section 11 (Confidential Information) and Section 13 (General Terms).
- Service Level Agreement (SLA)
The Subscription Services are offered with a SLA of 99.5% application availability measured monthly. The SLA agreement is available globally, announced maintenance windows and downtime events that occur on third-party Internet transport providers are excluded from the SLA. In the event of SLA non-conformance in a given month, Net-Results will, at its sole discretion, grant Customer a credit against the next month’s invoice or a pro-rata refund of charges already incurred, or, if no further invoices remain, a pro-rata refund of any prepaid fees, according to the application availability schedule below:
99.5% to 100% – 0 credit
98% to 99.49% – 3% credit
97% to 97.99 – 6% credit
Below 97% – 9% credit
- Warranties; Warranty Remedies; Warranties Disclaimer; Product Changes.
- General Warranty. Each Party represents and warrants to the other Party that it has the power and authority to enter into the Agreement.
- Subscription Services Warranty. Net-Results warrants the Subscription Services, under normal use, will (i) perform materially in accordance with the applicable documentation located at https://support.net-results.com/; and (ii) be provided in a manner consistent with generally accepted industry standards.
- Warranty Remedies. Customer will notify Net-Results of any warranty deficiencies under section 8b within 30 days of the performance of the relevant Subscription Services, and Customer’s exclusive remedy will be the re-performance of the deficient Subscription Services. If Net-Results cannot re-perform such deficient Subscription Services as warranted, Customer will be entitled to terminate the deficient Subscription Services under Section 8b above and recover a pro-rata portion of the fees paid to Net-Results for such deficient Subscription Services, and such refund will be Net-Result’s entire liability.
- WARRANTIES DISCLAIMER. EXCEPT FOR THE EXPRESS WARRANTIES ABOVE, AND TO THE MAXIMUM EXTENT PERMITTED BY LAW, NET-RESULTS AND ITS THIRD PARTY PROVIDERS DISCLAIM ALL EXPRESS, IMPLIED OR STATUTORY WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. NET-RESULTS DOES NOT WARRANT THE RELIABILITY, TIMELINESS, SUITABILITY, OR ACCURACY OF THE SUBSCRIPTION SERVICES OR THE RESULTS CUSTOMER MAY OBTAIN BY USING THE SUBSCRIPTION SERVICES. NET-RESULTS DOES NOT WARRANT UNINTERRUPTED OR ERROR-FREE OPERATION OF THE SUBSCRIPTION SERVICES OR THAT NET-RESULTS WILL CORRECT ALL DEFECTS OR PREVENT THIRD PARTY DISRUPTIONS OR UNAUTHORIZED THIRD PARTY ACCESS. NET-RESULTS DISCLAIMS ALL FAILURES, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET.
- Product Changes. Net-Results reserves the right to change or discontinue individual features within the Subscription Services upon prior written notice via the Subscription Services portal and/or email notifications. To the extent any such changes result in a material reduction of overall functionality without a comparable replacement, Net-Results will refund Customer a pro-rata portion of all prepaid fees associated with the discontinued Subscription Services for which no comparable replacement was provided.
- Net-Results. Net-Results will defend Customer against any claim brought against Customer by a third party alleging the Subscription Services as provided by Net-Results directly infringe the intellectual property rights of the claimant and will pay Customer for finally-awarded damages and costs and Net-Results-approved settlements of the claim. Net-Result’s obligations to defend or indemnify will not apply to the extent that a claim is based on (i) Customer Data, Customer’s or a third party’s technology, software, materials, data or business processes; (ii) a combination of the Subscription Services with non-Net-Results products or services; or (iii) any use of the Subscription Services not in compliance with this Agreement. Net-Results may, in its discretion and at no cost to Customer, (a) modify the Subscription Services to avoid infringement; or (b) terminate Customer’s subscriptions for the affected Subscription Services and refund Customer any related prepaid fees for the remainder of the Subscription Term.
- Customer. Customer will defend Net-Results against any claim brought against Net-Results by a third party alleging (i) Customer Data infringes the intellectual property, privacy or other rights of the claimant; or (ii) Customer’s use of the Subscription Services, other than as authorized in this Agreement, violates applicable law or regulations, or infringes the claimant’s intellectual property rights, and will pay Net-Results for finally-awarded damages and costs and Customer-approved settlements of the claim.
- Procedure. As a condition to the indemnifying Party’s obligations under this Section 9, the Party seeking indemnification must (i) promptly give written notice of the claim to the indemnifying Party; (ii) give the indemnifying Party sole control of the defense and settlement of the claim (provided that the indemnifying Party may not settle any claim unless it unconditionally releases the indemnified party of all liability); and (iii) provide the indemnifying Party, at the indemnifying Party’s cost, all reasonable assistance. THIS SECTION STATES THE INDEMNIFIED PARTY’S SOLE REMEDY, TO THE EXCLUSION OF ALL OTHER REMEDIES (IN CONTRACT, TORT OR OTHERWISE), AND THE INDEMNIFYING PARTY’S TOTAL LIABILITY, REGARDING THE CLAIMS AND LIABILITIES ADDRESSED BY THIS SECTION 9.
- Limitation of Liability. NO PARTY WILL BE LIABLE UNDER ANY CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHER THEORY (i) FOR ERROR OR INTERRUPTION OF USE, INACCURACY OR COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICE OR TECHNOLOGY, OR LOSS OF BUSINESS OR DATA; (ii) FOR ANY INDIRECT, EXEMPLARY, LOST PROFITS, LOST REVENUE, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES; (iii) FOR ANY MATTER BEYOND ITS REASONABLE CONTROL, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE; OR (iv) EXCEPT FOR CUSTOMER PAYMENT OBLIGATIONS, FOR ANY AMOUNTS THAT, TOGETHER WITH AMOUNTS ASSOCIATED WITH ALL OTHER CLAIMS, EXCEED THE CUMULATIVE FEES INVOICED TO CUSTOMER UNDER THE AGREEMENT IN THE 12 MONTHS PRECEDING THE DATE THE CLAIM AROSE. NET-RESULTS UNDERTAKES NO LIABILITY FOR ANY CUSTOMER DATA ELEMENTS PROHIBITED BY ANY THIRD PARTY TECHNOLOGY ACQUIRED BY CUSTOMER TO INTERACT WITH THE SUBSCRIPTION SERVICES. THE FOREGOING LIMITATION WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.
- Confidential Information. Each Party (the “Recipient”) understands that the other Party (the “Discloser”) may, during the Term and in connection with the Subscription Services, disclose non-public information relating to the Discloser’s business that is designated as confidential or reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure (“Confidential Information”). The Recipient agrees (i) to take reasonable precautions to protect such Confidential Information; and (ii) not to use or divulge to any third person any such Confidential Information except as set forth herein and to those of its employees and contractors who need access for purposes consistent with this Agreement and who are bound to confidentiality terms with Recipient containing protections no less stringent than those herein. The Discloser agrees that the foregoing will not apply with respect to Confidential Information after 3 years following the termination of the Agreement or any Confidential Information the Recipient can document (a) is or becomes generally available to the public; (b) was in its possession or known by it prior to receipt from the Discloser; (c) was rightfully disclosed to it by a third party; or (d) was independently developed without use of any Confidential Information of the Discloser. If the Recipient is required by law or court order to disclose Confidential Information, it will give prior written notice to the Discloser (to the extent legally permitted) and reasonable assistance at the Discloser’s cost to contest the disclosure.
- Data Security. Net-Results shall maintain appropriate administrative, physical, and technical safeguards designed to protect the security of the Subscription Services and Customer Data in accordance with the attached Net-Results Security Standards. If Customer’s use of the Subscription Services involves processing personal data pursuant to Regulation 2016/679 (the “GDPR”) and/or transferring personal data outside the European Economic Area or Switzerland to any country not deemed by the European Commission as providing an adequate level of protection for personal data, the terms of the data processing addendum shall apply to such personal data and be incorporated into the Agreement upon the execution and submission of the data processing addendum to Net-Results in accordance with its terms. The data processing addendum may be accessed at https://na2.docusign.net/Member/PowerFormSigning.aspx?PowerFormId=e0d2173e-7e6c-40e5-9a27-dada747278e0
- General Terms.
- Notice. Net-Results may give general notices for Subscription Services applicable to all customers by means of a notice on the Subscription Services web portal and/or email notification. Specific notices applicable to Users of the Subscription Services, technical support, system security and other account notices will be given by electronic mail to Customer’s e-mail address on record in Net-Result’s account information. All legal or dispute-related notices will be sent by first class mail or express delivery, if to Net-Results, attention Legal Department, at 1738 Wynkoop Street, Suite 202, Denver, Colorado 80202, U.S.A., and if to Customer, to Customer’s Customer Success Manager and address on record in Net-Result’s account information or such other addresses as either Party may designate in writing from time to time.
- Force Majeure. Neither Party will be responsible for failure or delay of performance if caused by an act of nature, war, hostility or sabotage; an electrical, internet, or telecommunication outage that is not caused by the obligated Party; government restrictions (including the denial or cancellation of any export or other license); or other event outside the reasonable control of the obligated Party. Each Party will use reasonable efforts to mitigate the effect of a force majeure event. If such event continues for more than 20 days, either Party may cancel unperformed Subscription Services upon written notice.
- Governing Law. Unless specifically set forth in the applicable Client Agreement (i) any action, claim, or dispute between the Parties will be governed by Colorado law, excluding its conflicts of law provisions, and controlling U.S. federal law; and (ii) the Parties agree to the exclusive jurisdiction of and venue in the state and federal courts in the County of Denver respectively. Except for actions for nonpayment or breach of either Party’s proprietary rights, no action, regardless of form, arising out of or relating to the Agreement may be brought by either Party more than 2 years after the cause of action has accrued.
- Entire Agreement. This Agreement represents the Parties’ entire understanding relating to the Subscription Services and supersedes any prior or contemporaneous agreements or understandings regarding the Subscription Services. In the event of a conflict between this Agreement and a contemporaneous or later-dated Client Agreement, the terms of the contemporaneous or later-dated Client Agreement will control.
- Standard Terms of Customer. No terms, provisions or conditions of any purchase order, acknowledgement or other business form Customer may use in connection with the acquisition of Subscription Services will affect the rights, duties or obligations of the Parties hereunder, or otherwise modify this Agreement, regardless of any failure of Net-Results to object to such terms, provisions or conditions.
- Amendment / No Waiver. The Agreement may be amended only by written agreement signed by the Parties. If any provision of the Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision(s) will be construed to reflect the intent of the invalid or unenforceable provision(s), with all other provisions remaining in full force and effect. The failure of either Party to enforce any right or provision in the Agreement will not constitute a waiver of such right or provision unless acknowledged and agreed to by such Party in writing.
- Assignment. No joint venture, partnership, employment, or agency relationship exists between Net-Results and Customer as a result of the Agreement or use of the Subscription Services. This Agreement and any rights or obligations hereunder may not be assigned, sublicensed or otherwise transferred by the Parties without the prior written approval of the non-assigning Party, except that either Party may assign or transfer this Agreement in connection with a merger or acquisition of all or substantially all of the assets of the assigning company (other than to a direct competitor of the non-assigning Party and provided that the assignee agrees in writing to be bound by all terms and conditions of this Agreement) by providing the non-assigning Party with prompt written notice of assignment. Any purported assignment in violation of this section will be void.
- Compliance with Laws. Each Party agrees to abide by all laws, ordinances and regulations(whether international, federal, state, local or provincial) applicable to its performance under this Agreement.
Attachment – Net-Results Security Standards (next page)
Attachment – Net-Results Security Standards
- Definitions. Capitalized terms used in this attachment and not otherwise defined herein shall have the meanings set forth in the underlying agreement for Subscription Services entered into between the Parties to which these security standards are attached (the “Agreement”).
- Security Controls and Safeguards
2.1. Net-Results will comply with all applicable privacy and data security laws and regulations governing its use, processing and storage of Customer Data.
2.2. During the Term, Net-Results shall maintain a security program materially aligned with applicable industry standards designed to ensure the security, confidentiality, availability and integrity of Customer Data and protect against unauthorized disclosure or access of Customer Data. Such security program shall include the implementation of administrative, technical and physical safeguards appropriate for the type of information that Net-Results processes and the need for security and confidentiality of such information.
2.3. Net-Results implements controls aligned to industry standards intended to keep Customer Data secure and throughout the Term shall maintain security measures designed to: (i) protect the security of Net-Results systems which interact with Customer Data; (ii) protect against any anticipated threats or hazards to the security or integrity of Net-Results systems which interact with Customer Data and (iii) protect against unauthorized access to or use of Net-Results systems which interact with Customer Data that could result in harm to Users of the Subscription Services.
2.3.1. Net-Results maintains access controls which include, but are not limited to, the following:
18.104.22.168. Limiting access to its information systems and the facilities in which they are housed to properly authorized persons;
22.214.171.124. Access by Net-Results personnel to Customer Data is removed upon termination of employment or a change in job status that results in the personnel no longer requiring access to Customer Data;
126.96.36.199. System passwords conform to strong password standards (9 characters minimum) that include length, complexity and expiration. A maximum of ten (10) password attempts can be made, after which access is blocked until the password is reset by authorized personnel. Password policies conform with NIST Special Publication 800-53.
188.8.131.52. Limited access to its information systems using multifactor authentication.
2.4. All customer communications transmitted over the internet are encrypted. Net-Results utilizes encryption on its own email servers to ensure point-to-point encryption via opportunistic TLS. All backups are encrypted with high-grade encryption.
2.5. Net-Results monitors its network and production systems and implements and maintains security controls and procedures designed to prevent, detect and respond to identified threats and risks. Such monitoring and testing includes, but is not limited to, the following:
2.5.1. Employing an industry standard network intrusion detection system to monitor and block suspicious network traffic;
2.5.2. Reviewing access logs on servers and security events and retaining network security logs for 180 days;
2.5.3. Reviewing all access to production systems;
2.5.4. Performing network vulnerability assessments on a regular basis. Scans will be performed using industry standard scanning tools that identify application and hosting environment vulnerabilities. Net-Results shall maintain a vulnerability remediation program;
2.5.5. Engaging third parties to perform network penetration testing on at least an annual basis.
2.6. Net-Results shall ensure that:
2.6.1. All endpoints run an antivirus solution and apply timely signature updates;
2.6.2. All critical, exploitable vulnerabilities are patched in a timely manner.
- Uses and Disclosures of Customer Data. Net-Results will not use or disclose Customer Data except as necessary to provide the Subscription Services or as otherwise set forth in the Agreement.
- Security Breach Notification. Net-Results shall notify Customer within seventy-two (72) hours of becoming aware of the unauthorized acquisition, destruction, loss, modification, use or disclosure of Customer Data (“Security Breach”).
4.1. Net-Results will immediately investigate and take all reasonable necessary steps to eliminate or contain the exposures that lead to such Security Breach.
4.2. Net-Results will, as soon as reasonably practicable, provide Customer with a written description of the Security Breach, as well as the mitigation steps taken by Net-Results.
5.1. Net-Results will obtain attestation reports related to its information security program (SOC 2 or an equivalent report) at least annually and keep such reports for at least three (3) years following each attestation.
5.2. Customer shall have the right, upon written request and not more than once annually, to conduct reasonable information security assessments that consist of a review of Net-Result’s records relating to its compliance with this Agreement. Customer and Net-Results will discuss and agree in advance on the reasonable start date, scope and duration of and security and confidentiality controls applicable to any audit. Net-Results reserves the right to charge a fee (based on Net-Result’s reasonable costs) for any audit and Net-Results will provide further details of any applicable fee and the basis of its calculation to Customer in advance of an audit. Net-Results shall provide reasonable assistance by allowing inspection of relevant documents or records, to the extent such information directly relates to the transaction records for the services provided by Net-Results under this Agreement. Net-Results will provide appropriate management personnel to engage with Customer and supervise any records review. During any such records review, Net-Results shall have no obligation to expose its customers’ or employees’ personal or private information or any data that Net-Results reasonably believes would adversely impact its customers’ or employees’ security or privacy and such review shall be subject to reasonable confidentiality provisions and restrictions that Net-Results may impose. An auditor shall not be permitted to remove any physical or electronic copies of Net-Result’s Confidential Information.
- Security Awareness and Training. Net-Results requires at least annual security and privacy training for all personnel.
- Background Checks. Net-Results shall perform a background check on all employees and independent contractors that include criminal, employment verification, and reference checks.
- Business Continuity and Disaster Recovery
8.1. Net-Results has policies and procedures in place for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, pandemic, and natural disaster) that could affect the availability, integrity or confidentiality of Customer Data or production systems that contain Customer Data or that would interrupt Net-Result’s ability to provide Subscription Services under the Agreement.
8.2. Net-Result’s data protection, high availability, and built-in redundancy are designed to ensure application availability and protect information from accidental loss or destruction. Net-Result’s Disaster Recovery plan incorporates geographic failover between its U.S. data centers. Subscription Service restoration is within commercially reasonable efforts and is performed in conjunction with a data center provider’s ability to provide adequate infrastructure at the prevailing failover location.
8.3. Net-Results relies on reputable data center providers’ multiple levels of power redundancy, uninterrupted power supply (UPS) and backup power for Net-Result’s system containing Customer Data. The power systems of the data centers processing Customer Data are designed to run uninterrupted during a total utility power outage, with every server receiving conditioned UPS power. The UPS power subsystem is redundant, with instantaneous failover if the primary UPS fails. All Net-Results data center providers are ISO 27001:2013 certified.
8.4. Data center facilities containing Customer Data have advanced fire suppression systems and redundant heating, ventilation and air conditioning systems providing appropriate and consistent airflow, temperature and humidity levels.
8.5. Backup and Recovery. Data center facilities in the U.S. utilize snapshot and data mirroring capabilities. The integrity of local backups is tested quarterly by restoring a complete database from a selected snapshot copy to test systems and validate the data integrity. Backup data is not transferred across international borders.
8.6. Network and Storage Redundancy. The SaaS infrastructure is designed and built for high availability. All network devices, including firewalls, load balancers, and switches are fully redundant and highly-available. High availability for Internet connectivity is ensured by multiple connections in each data center to different ISPs.