LIMBLE
Terms of Service
TABLE OF CONTENTS
Release Date: Version 6.0, October 16, 2023
BY SIGNING AN ORDER FORM THAT REFERENCES THESE CUSTOMER TERMS OF SERVICE, CLICKING A BOX INDICATING ACCEPTANCE OF THESE CUSTOMER TERMS OF SERVICE, OR ACCESSING OR USING LIMBLE SOFTWARE SERVICES, YOU AGREE TO THESE CUSTOMER TERMS OF SERVICE ON BEHALF OF THE CUSTOMER. IF YOU DO NOT AGREE TO THESE CUSTOMER TERMS OF SERVICE, OR IF YOU DO NOT HAVE AUTHORITY TO BIND CUSTOMER TO THESE CUSTOMER TERMS OF SERVICE, THEN YOU ARE NOT PERMITTED TO ACCESS OR USE LIMBLE SOFTWARE SERVICES.
Customer Terms of Service
These Customer Terms of Service, including the Data Processing Addendum, all Order Forms, and applicable Service-Specific Terms (collectively, the “Agreement”), are a binding contract by and between Limble Solutions, Inc. (“Limble”) and the individual, entity, or other organization subscribing to, accessing, or using Limble Software Services (“Customer”). Limble and Customer may be referred to in this Agreement individually as a “Party” and collectively as the “Parties.”
1.OVERVIEW OF LIMBLE SOFTWARE SERVICES.
1.1 Limble. Limble is an information technology company that provides and licenses software services designed to help customers maintain equipment and other physical assets. These software services are comprised of the subscription software services listed on Limble’s marketing and informational website at www.limblecmms.com (each a “Limble Software Service” and collectively, “Limble Software Services”).
1.2 Subscription Services. Customer may subscribe to one or more of the Limble Software Services by (a) using the self-serve subscription tool available on Limble’s website at www.limblecmms.com (“Limble’s Website”), or (b) signing an order form from Limble that references this Agreement (an “Order Form”). Each of the Limble Software Services to which Customer subscribes is a “Subscription Service” under this Agreement. Each Subscription Service is comprised of some or all of the following: Subscription Software, Mobile Applications, Know-How, Methodology, Documentation, and Services.
1.2.1. Subscription Software. “Subscription Software” means and refers to the computer programs, tools, and content made available by Limble to Customer as part of the Subscription Service for access and use by Customer under the SaaS License in Section 2.1 below.
1.2.2. Mobile Applications. “Mobile Applications” means and refers to any and all mobile applications made available by Limble for download, installation, and use in connection with the Subscription Service under the App License in Section 2.8 below.
1.2.3. Know-How. “Know-How” means and refers to any and all know-how, expertise, experiences, ideas, knowledge, advice, recommendations, methodologies, processes, practices, standards, plans, data, and information provided or disclosed by Limble to Customer in connection with Subscription Software, Mobile Applications, Documentation, Services, or this Agreement.
1.2.4. Methodology. “Methodology” means and refers to Know-How that is proprietary to Limble (or its licensor(s)) and is licensed to Customer as “Methodology” under the SaaS License.
1.2.5. Documentation. “Documentation” means and refers to any documentation, instructions, or other works of authorship (but excluding Subscription Software and Mobile Applications) that are delivered or made available by Limble to Customer for or in connection with the Subscription Service.
1.2.6. Services. “Services” means and refers to: (a) the hosting, delivery, and data storage services described in Section 2.4, (b) the implementation, support, and maintenance services for the Subscription Service described in Sections 3.1-3.3 and applicable Service-Specific Terms, and (c) any additional services (e.g., consulting, out-of-scope implementation, custom content development, and training services) identified in, and provided by Limble to Customer under, an Order Form or SOW (see Section 3.8). Any other services performed by Limble for Customer that are ancillary or related to any of the foregoing Services or the Subscription Service will also be considered “Services” under this Agreement unless a separate written agreement governing the other services is signed by both Parties.
2. SUBSCRIPTION SOFTWARE LICENSE, ACCESS, AND USE.
2.1. License Grant. Subject to the terms and conditions of this Agreement, and Customer’s compliance therewith, Limble grants to Customer a non-exclusive, non-transferrable, limited-term license for Customer’s Authorized Users (defined below) to access and use Subscription Software, but only for Customer’s internal business purposes and not for the development or design of any other software, product, or solution (the “SaaS License”). Subscription Software will run on Limble Servers (defined below). Customer’s Authorized Users will access and use Subscription Software from Customer’s Computers (defined below) via the Internet through compatible web browsing software or Mobile Applications on Customer’s Computers.
2.2. Authorized Users. “Authorized Users” are employees of Customer who are authorized by Customer to access and use Subscription Software. “Authorized Users” will also include Consultants, if any, who meet the requirements under Section 2.3 below. Authorized Users must sign up or register for Subscription Software following the process specified by Limble and must abide by the terms of this Agreement. Customer is responsible and liable for any conduct or misconduct of all Authorized Users and Consultants relating to Subscription Software or any other subject matter of this Agreement.
2.3. Consultants. If any consultant or other contractor of Customer needs to access or use a Subscription Service in connection with providing services for Customer, then such consultant or other contractor is referred to in the Agreement as a “Consultant.” Customer may allow a Consultant to access and use the Subscription Service, but only as necessary for the Consultant to perform services for Customer, provided the Consultant is subject to confidentiality obligations to Customer no less protective of the Subscription Service than are the terms of this Agreement.
2.4. Hosting, Delivery, and Data Storage. Limble will make Subscription Software available for access and use by Customer’s Authorized Users under the SaaS License via the Internet on server(s) and any other computer(s), storage media, hardware, and system(s) selected or designated by Limble for the storage and execution of the Subscription Software (“Limble Servers”). Customer Data (as defined below) will be stored on Limble Servers and made available to Customer through its licensed use of Subscription Software under the Agreement. The Subscription Software and Customer Data may periodically not be available due to planned downtime (which will be scheduled to the extent practicable during low usage hours such as nights or weekends). Limble Servers may be located at Limble’s or its contractor’s site(s), or both, and may not be dedicated exclusively to Subscription Software or Customer. Limble is responsible for the procurement, maintenance, and server-side Internet access of Limble Servers and Subscription Software. Limble is also responsible for any operating system and other third-party software needed to run Subscription Software on Limble Servers. Limble or its contractor, not Customer, owns and holds the licenses to such third-party software. Limble (directly or through its contractor) will contract with the applicable third-party software licensors for software maintenance, updates, and new versions as Limble deems appropriate. Limble will determine which updates and new versions of the third-party software will be installed on Limble Servers and when they are installed.
2.5. Customer Responsibilities. Customer, at its expense, is responsible for procuring, installing, implementing, and maintaining computers or mobile devices, or both, that function as Internet clients or workstations for use by Customer’s Authorized Users to access and use Subscription Software via the Internet as described in this Agreement (“Customer’s Computers”), along with system software, compatible web browsing software, Internet access, data feeds, telecommunications, networks, peripherals, and all other items or services needed by Customer’s Computers and Authorized Users to access (via the Internet) Subscription Software running on Limble Servers. Customer may consult with Limble concerning these requirements and on any upgrades or changes needed to remain compatible with Subscription Software.
2.6. No Rights to Code. Neither Customer nor its Authorized Users are entitled to receive any copy of Subscription Software in any form (source code, object code, executable code, or other form). The SaaS License is strictly limited to remote access to Subscription Software via the Internet as described in this Agreement. Nothing in this Section 2.6 prohibits Customer’s Authorized Users from receiving or displaying on Customer’s Computers any screen displays, content, or output “served up” by the licensed use of Subscription Software under the SaaS License.
2.7. Methodology and Documentation. The SaaS License includes a non-exclusive, non-transferable, limited term license for Customer to use Methodology and Documentation, but only for Customer’s internal use and not for the development, improvement, or design of any other software, product, service, or solution. Documentation may be copied and used internally by Customer, but only to facilitate the licensed use of Subscription Software, Mobile Applications, and Methodology. Customer will treat all Documentation as Confidential Information and copyrighted works of Limble.
2.8. License to Mobile Applications. Subject to the terms and conditions of this Agreement and Customer’s compliance therewith, Limble grants to Customer a non-exclusive, non-transferrable, limited-term license for Customer’s Authorized Users to download, install, and use the most-recent versions of Mobile Applications for the sole purpose of accessing and using Subscription Software under the SaaS License (the “App License”). The SaaS License and the App License are collectively referred to in the Agreement as the “Licenses.”
2.9. Restrictions. Customer will not do any of the following: reverse engineer, disassemble, modify, create derivative works from, decompile, decrypt, or otherwise attempt to reveal the source code, trade secrets, or know-how underlying Subscription Software or Mobile Applications; use any Subscription Service or Limble’s intellectual property to develop a competitive offering or similar services; remove or destroy any copyright notices, other proprietary markings, or confidentiality legends contained in any Subscription Service; attempt to gain unauthorized access to, or disrupt the integrity or performance of, any Subscription Service or the data contained therein (including without limitation penetration or other such security testing); interfere with or disrupt the integrity or performance of any Subscription Service or the data contained therein; transmit material containing a software virus or other harmful computer code, file, script, agent, or program; use any Subscription Service for competitive analytical, benchmarking, or market research purposes; sell, resell, license, sublicense, distribute, rent, or lease any Subscription Service, or include any Subscription Service in a service bureau or outsourcing offering; or use any Subscription Service in any manner or for any purpose inconsistent with the terms of this Agreement, in violation of any law, regulation, ordinance, or government authority, or in violation or breach of any obligation Customer may have to a third party.
2.10. Third Party Integrations. A Subscription Service may contain features that enable it to interoperate with third-party products, applications, or services used by Customer (each a “Third-Party Product”). Customer acknowledges and agrees that Limble does not control or operate, and has no responsibility or liability for, any Third-Party Product. Customer’s use of any Third-Party Product is subject to the applicable terms and conditions for the Third-Party Product between Customer and the provider of the Third-Party Product. Limble does not endorse or support and is not responsible for Third-Party Products, including without limitation, the privacy and data security policies and practices related to Third-Party Products. Customer may enable integrations between a Subscription Service and a Third-Party Product, and by doing so: (a) instructs Limble to share Customer Data (including, to the extent necessary, any Personal Data (as defined in the Data Processing Addendum) with the provider of the Third-Party Product in order to facilitate the integration; and (b) grants Limble permission to allow the Third-Party Product and its provider to access Customer Data and information about Customer’s usage of the Third-Party Product as appropriate for the interoperation of the Third-Party Product with the Subscription Service. Customer is responsible for providing all instructions to the Third-Party Product provider about the use and protection of Customer Data. Limble and the Third-Party Product provider are not processors or sub-processors of Personal Data with respect to each other. Limble cannot guarantee the continued interoperability of any Subscription Service with any Third-Party Product — for example (and without limitation) the provider of a Third-Party Product may determine to stop making it available for interoperation with a Subscription Service in a manner acceptable to Limble. Unless otherwise agreed by the Parties in an SOW, Limble is not responsible for providing any support, integration, maintenance, or other services for any Third Party Product.
3. SERVICES.
3.1. Service-Specific Terms. The Service-Specific Terms for each Subscription Service (as updated from time to time) are hereby incorporated into this Agreement by reference.
3.2. Implementation and Support Services. Limble will provide implementation services and support services to Customer as set forth in the Service-Specific Terms for each Subscription Service.
3.3. Maintenance Services. Limble is responsible to maintain Subscription Software and Mobile Applications. This consists of implementing fixes, patches, and updates to Subscription Software or Mobile Applications, as applicable (“Fixes”), and work-around solutions to address programming errors in Subscription Software or Mobile Applications. All decisions concerning Fixes and work-around solutions or the correction of programming errors, and the timing and manner thereof, will be made by Limble. Limble will determine if, when, and how programming errors should be corrected and Fixes and work-around solutions created and implemented.
3.4. Software Updates. “Updates” means future Fixes, modifications, enhancements, and additions to, and new versions and releases of, (a) Subscription Software that are implemented on Limble Servers during the Subscription Term for access and use by Customer under the SaaS License, or (b) Mobile Applications that are made available by Limble during the Subscription Term for download, installation, and use by Customer under the App License. Limble may make Updates to Subscription Software from time to time, including by adding or deleting features and functions, in an effort to improve customers’ experience. Updates are part of Subscription Software or Mobile Applications, as applicable, and are licensed to the Customer under the SaaS License or the App License, as applicable. Customer’s Licenses apply only to the then-most-current version of Subscription Software installed on and available to Customer’s Authorized Users from Limble Servers and the then-most-current version of Mobile Applications made available by Limble for download. In any event, Customer’s Licenses do not include any functionality or features of Subscription Software or Mobile Applications that are not included in the subscription or payment plan paid for by Customer for the Subscription Service. Prior or outdated versions of Subscription Software or Mobile Applications may be discontinued by Limble. Limble has no obligation to include in the Licenses, Subscription Software, or Mobile Applications, or make available for access and use by Customer, any future functionality, modules, or products that Limble elects to separately license or provide to its customers. Limble may condition the inclusion and availability of such future functionality, modules, or products on the payment of additional fees or on other conditions and terms. If Customer agrees to pay such additional fees and agrees to such other conditions and terms, if any, then that future functionality, module, or product will be included in the Licenses under and subject to this Agreement.
3.5. Most Current Version of Subscription Software. Limble is obligated under Sections 3.1-3.3 to support and maintain only the then-most-current version of Subscription Software implemented by Limble on Limble Servers for the SaaS License and the then-most-current versions of Mobile Applications made available for download by Limble under the App License. Limble has no obligation under this Section 3 with respect to outdated versions of Subscription Software or Mobile Applications.
3.6. Exceptions. Limble’s maintenance and support obligations under Sections 3.1-3.3 do not apply to any problem attributable to Customer’s Computers or to their connectivity to the Internet, or to Customer’s failure to meet its responsibilities or requirements under this Agreement or to follow any Documentation provided by Limble.
3.7. Included Services. The support and maintenance services in Sections 3.1-3.3, and Updates in Section 3.4, are included in the Subscription Fee Customer pays for the applicable Subscription Service.
3.8. Additional Services. Other services (e.g., consultation, out-of-scope implementation, custom content development, and training) are not included in the support and maintenance services under Sections 3.1-3.3. If Customer desires additional services or changes to the Services, and if Limble desires to provide the additional services or changes to the Services, then the Parties will negotiate one or more Statements of Work (each an “SOW”) for the additional services or changes to the Services. Each SOW must be agreed to and signed by both Parties and will be part of and governed by this Agreement. The additional services or changes to the Services described in an SOW (“Additional Services”) will be governed by this Agreement as Services. Additional or increased fees or other compensation, as stated in the SOW(s), will be paid by Customer to Limble for Additional Services.
3.9. Cooperation. Customer will promptly make available to Limble such information, assistance, and cooperation as Limble may reasonably request in connection with the Services.
4. CUSTOMER DATA, PRIVACY, AND DATA SECURITY.
4.1. Customer Data. “Customer Data” means and refers to the data and information of Customer that are entered into Subscription Software or Mobile Applications, or are otherwise transmitted to Limble Servers, by Customer or any of its Authorized Users as part of Customer’s licensed use of a Subscription Service. Customer Data will be available for download by Customer through Subscription Software at any time during the applicable Subscription Term.
4.2. Protection and Use. As between the Parties, Customer owns all right, title, and interest in and to Customer Data, subject to the rights and permissions granted in this Agreement. Limble will protect Customer Data as Customer Confidential Information (as defined below) and will use Customer Data only (a) to provide Subscription Services to Customer, (b) to develop, maintain, and improve Subscription Services and other Limble Software Services, (c) to create Usage Data (see Section 8.3), and (d) as set forth in Limble’s Data Processing Addendum and Privacy Policy. Customer hereby grants to Limble a non-exclusive, worldwide, royalty-free right and license to host, copy, use, display, transmit, and otherwise process Customer Data for these purposes.
4.3. Privacy. Limble will comply with the Data Processing Addendum (as updated from time to time) which is hereby incorporated into this Agreement. Limble will comply with applicable data privacy and security laws with respect to all Customer Data that is Personal Data (as defined in the Data Processing Addendum). With respect to Personal Data included in Customer Data, Customer is the “controller” or “business,” and Limble is the “processor” or “service provider,” under applicable data privacy and security laws. No Subscription Service asks for or requires, and Subscription Services are not intended to process, any data or information of a sensitive nature (“Sensitive Personal Data”), which includes without limitation; information concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, sex life or sexual orientation, or criminal convictions or offenses; personal medical or health information; personal information of children under 13; personal education records; social security, national identity, national insurance, and similar personal identifiers; and any information classified as “Sensitive Personal Information” or any other similar term (e.g., “Sensitive Personal Data,” “Special Categories,” or “Protected Health Information”) under privacy and data protection laws (e.g., the General Data Protection Regulation, the California Consumer Privacy Act, the Gramm-Leach-Bliley Act, and the Health Insurance Portability and Accountability Act). Customer must not transmit, store, or otherwise process any Sensitive Personal Data using Subscription Software or Mobile Applications or on Limble Servers.
4.4. Data Security. During the Subscription Term, Limble will implement and maintain appropriate administrative, physical, and technical security measures designed to protect the security, confidentiality, and integrity of, and prevent the unauthorized disclosure, loss, or alteration of, Customer Data in Subscription Software or Mobile Applications or on Limble Servers. In the event of a conflict between these Customer Terms of Service and the terms of the Data Processing Addendum with respect to the processing of Personal Data, the terms of the Data Processing Addendum will govern.
4.5. Customer Responsibilities.
4.5.1. Security Controls. Customer is responsible for maintaining adequate technical and procedural access controls and system security requirements and devices to ensure there is no unauthorized or improper access to or use of Subscription Software, Mobile Applications, or Limble Servers, or violation of any data privacy or confidentiality obligation, from, by, or through any equipment, computers, networks, communication links or devices, offices, facilities, employees, agents, representatives, contractors, volunteers, clients, customers, affiliates, or Authorized Users of Customer. Limble is not responsible or liable for any unauthorized or improper access to or use of Subscription Software, Mobile Applications, or any Customer Data where such access or use originates from, by, or through any equipment, computers, networks, communication links or devices, offices, facilities, employees, agents, representatives, contractors, clients, customers, affiliates, or Authorized Users of Customer.
4.5.2. Passwords, Access, and User Accounts. A single Subscription Software account will be assigned to each Authorized User. A Subscription Software account may be assigned to and used by only one individual Authorized User — sharing of a Subscription Software account by more than one individual is prohibited. Login credentials (e.g., user IDs and passwords) and access to Subscription Software, Mobile Applications, and Customer Data residing on Limble Servers will be administered and governed by Limble’s then-current guidelines and procedures. Customer is responsible for all activities that occur under its Subscription Software account(s) or using the login credentials of any Authorized User. Customer must safeguard the login credentials of its Authorized Users and any other security-related information disclosed to Customer or any Authorized User. Customer must notify Limble immediately of any known unauthorized use of Customer’s Subscription Software accounts and any other breach of security relevant to this Agreement or a Subscription Service.
4.5.3. Data Transmission. Except for the transmission and storage of Customer Data utilizing Subscription Software or Mobile Applications, Customer and its Authorized Users may not transmit, upload, or store any data, computer programs, or other subject matter to or on Limble Servers. Transmission of Customer Data by Customer and Authorized Users must be in accordance with Limble’s then-current reasonable procedures, requirements, and guidelines, as set forth in Subscription Software, Mobile Applications, or Documentation. Customer is responsible for the accuracy, integrity, completeness, and content of Customer Data.
4.5.4. Customer Data Compliance. Customer warrants that (a) Customer is in compliance with all applicable data privacy and security laws, (b) Customer has made all disclosures, obtained all permissions, consents, rights, and licenses, and is able to rely on an appropriate lawful basis, as required under Applicable Data Protection Law (as defined in the Data Processing Addendum) for the transmission, storage, and processing of Customer Data as described in the Agreement and the Data Processing Addendum, and (c) transmission, storage, and processing of Customer Data under the terms of this Agreement will not infringe, misappropriate, or violate any data privacy laws or regulations (or other applicable laws) or the rights or intellectual property of any third party. Customer will not transmit, store, or otherwise process any Sensitive Personal Data using Subscription Software or Mobile Applications or on Limble Servers.
4.6 Suspension for Security Breach. If Limble believes that Customer’s or any Authorized User’s access to or use of Subscription Software, Mobile Applications, or Limble Servers, or any of Customer’s Computers, presents a security risk to Customer Data, Subscription Software, Mobile Applications, Limble Servers, or the data or property of any other Limble customer, then Limble may suspend Customer’s or the Authorized User’s access and use until the security risk has been eliminated to Limble’s reasonable satisfaction. Customer will fully cooperate with Limble to address the security risk. A suspension under this Section 4.6 is not a breach of this Agreement, and Limble will have no liability for such suspension.
5. FEES AND PAYMENT.
5.1. Subscription Fee. A “Subscription Fee” is the annual or monthly subscription and license fee payable by Customer for a Subscription Service. The Subscription Fee for the Initial Term of a Subscription Service is (a) listed on the Order Form, or (b) if Customer subscribed to the Subscription Service through the self-serve subscription tool, the then-current subscription and license fee for the Subscription Service published on Limble’s Website, or (c) if Customer subscribed to the Subscription Service through a reseller or distributor authorized by Limble to sell subscriptions to the Subscription Service (an “Authorized Reseller”), the amount agreed to by Customer and the Authorized Reseller. Limble may reasonably increase the Subscription Fee for a Renewal Term by giving Customer at least 45 days advance written notice. If the increase is not acceptable to Customer, then Customer may terminate the applicable Subscription Service under Section 6.2.
5.2. Payment Terms. Customer will pay the Subscription Fee for a Subscription Service to Limble within 15 days of the date on which the Initial Term begins and annually or monthly thereafter, as applicable. If Customer elects to make payment to Limble with a credit card, then Customer authorizes Limble to charge the credit card for all Subscription Fees during the Subscription Term. If Customer purchased the Subscription Service through an Authorized Reseller, then Customer will pay the Subscription Fee to the Authorized Reseller as agreed between Customer and the Authorized Reseller. All Subscription Fees are non-refundable.
5.3. Fees for Additional Services. Customer will pay to Limble the fees and expenses for Additional Services, if any, set forth in the applicable SOW within 15 days of receiving an invoice from Limble or as otherwise agreed in the SOW. Unless otherwise agreed in the applicable SOW, Customer will reimburse Limble for reasonable travel and out-of-pocket expenses incurred in providing Additional Services.
5.4. Taxes. The fees and other amounts payable by Customer under this Agreement do not include any taxes that may be assessed or imposed on a Subscription Service or any of the Licenses, payments, or transactions of this Agreement, including, without limitation, any sales, use, excise, value added, personal property, export, import and withholding taxes, and excluding only U.S. federal and state taxes based upon Limble’s or the Authorized Reseller’s net income. Customer will directly pay any such taxes assessed against it, and Customer will promptly reimburse or pay Limble or the Authorized Reseller for any such taxes payable, paid, or collectable by Limble or the Authorized Reseller. If any taxes are withheld from any payments to Limble or the Authorized Reseller under this Agreement, Customer must pay such taxes and ensure that Limble or the Authorized Reseller (as applicable) receives the full amount of all payments as stated in this Agreement after payment and satisfaction of such taxes.
5.5. Late Payments. Customer will pay interest to Limble on all past-due amounts owed by Customer under this Agreement at the rate of 1.5% per month or the maximum allowable rate under applicable law, whichever is lower. In addition to any other remedies available to Limble under this Agreement or applicable laws, Limble may suspend Customer’s access to Subscription Services until all past-due amounts, together with any interest owed under this Section 5.5, are paid in full.
6. TERM AND TERMINATION.
6.1. Agreement Term. The Agreement begins on the date Customer first subscribes to a Subscription Service and continues in effect until the date that is six months after all Subscription Services have expired or been terminated, unless the Agreement is earlier terminated for breach by either Party under Section 6.4.
6.2. Subscription Term. The “Initial Term” of a Subscription Service will be for one year beginning on the date Customer subscribes to the Subscription Service, unless otherwise specified in an Order Form. At the end of the Initial Term, the Subscription Service will automatically renew for successive one-year periods (each a “Renewal Term”) until one Party gives notice of termination or non-renewal to the other Party at least 30 days before the beginning of the next Renewal Term. The Initial Term and all Renewal Terms are collectively referred to in this Agreement as the “Subscription Term.”
6.3. Free Trial. If Customer registers for a free trial of a Subscription Service, then notwithstanding Section 6.2, the Subscription Term for the Subscription Service will continue only for the free trial period, unless earlier terminated by Limble in its sole discretion, and will not renew. Limble will not provide any transition services under Section 6.6 for a free trial of a Subscription Service.
6.4. Termination for Breach. Either Party may terminate this Agreement if the other Party materially breaches this Agreement and fails to cure the breach within 30 days after receiving written notice of it from the non-breaching Party. This Section 6.4 will not limit the relief, remedies, and damages to which the non-breaching Party may be entitled.
6.5. Effect of Termination.
6.5.1. Subscription Service. Upon expiration or termination of a Subscription Service, the Licenses will terminate with respect to the Subscription Service, and Customer will (a) have no further license or right with respect to the Subscription Service, (b) cease all use of the Subscription Service, and (c) destroy or permanently erase any and all Subscription Software, Mobile Applications, Know How, Methodology, and Documentation of the Subscription Service in the possession or control of Customer or any of its Consultants, and Customer will confirm compliance therewith in writing to Limble.
6.5.2. Agreement. Upon expiration or termination of the Agreement, all Subscription Services will immediately terminate. Terms of this Agreement which by their nature are intended to or are expressed to survive the expiration or termination of this Agreement will continue as valid and enforceable obligations of the Parties notwithstanding the expiration or termination of this Agreement, including without limitation Sections 4 (Customer Data, Privacy, and Data Security), 5 (Fees and Payment), 6.5 (Effect of Termination), 7 (Confidentiality), 8 (Limble’s Intellectual Property), 9 (General Terms), and the Data Processing Addendum.
6.6. Transition Services. Customer Data will be available for download by Customer through the Subscription Service at any time during the Subscription Term. Upon receiving a written request from Customer within 30 days after the Subscription Term for a Subscription Service, Limble will promptly provide access for Customer to retrieve a copy of Customer Data. If Customer desires additional transition services from Limble in connection with transitioning to a successor service provider, the Parties may negotiate an SOW to establish the scope and fees for those transition services, which will be Additional Services under this Agreement. Customer acknowledges that Limble may store backup archives of Customer Data on Limble Servers as needed for business continuity purposes, but shall have no obligation to store any Customer Data for more than 30 days after the end of the Subscription Term, and no liability for the deletion or destruction of Customer Data thereafter.
7. CONFIDENTIALITY.
7.1. Confidential Information. “Confidential Information” means all information disclosed by a Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) that the Disclosing Party identifies as confidential or proprietary or that a reasonable person would understand to be confidential based on the nature of the information and the circumstances of its disclosure. Without limiting the foregoing, Customer Data is Customer Confidential Information, and Subscription Software, Mobile Applications, Know How, Methodology, Documentation, and Order Forms (including pricing) are Limble Confidential Information. Confidential Information does not include information that (i) is or becomes generally available to the public other than through a wrongful act of the Receiving Party, (ii) was lawfully in the Receiving Party’s possession before receiving it from the Disclosing Party, (iii) was rightfully disclosed to the Receiving Party without restriction by a third party who is not bound by any confidentiality obligations with respect thereto; or (iv) is independently developed by the Receiving Party, its employees, or third-party contractors without use of or reference to the Disclosing Party’s Confidential Information.
7.2. Protection. All Confidential Information disclosed by the Disclosing Party shall remain the property of the Disclosing Party. The Receiving Party will use the same degree of care it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care). The Receiving Party will (a) not use the Disclosing Party’s Confidential Information except to perform its obligations or exercise its rights under the Agreement, and (b) except as otherwise authorized by the Disclosing Party in writing, limit access to the Disclosing Party’s Confidential Information to only those employees, officers, directors, contractors, and advisors of the Receiving Party who need access for purposes consistent with this Agreement and who are bound by confidentiality obligations to the Receiving Party no less protective of the Disclosing Party’s Confidential Information than the protections in this Section 7.2.
7.3. Compelled Disclosure. The Receiving Party may disclose the Disclosing Party’s Confidential Information to the extent required by law, regulation, or court order, provided that the Receiving Party gives the Disclosing Party reasonable advance notice of such required disclosure and cooperates with the Disclosing Party so that the Disclosing Party may obtain appropriate confidential treatment for such Confidential Information.
8. LIMBLE’S INTELLECTUAL PROPERTY.
8.1. Ownership of Subscription Services. Subject to the limited rights granted to Customer under the Licenses, Limble retains all rights, titles, and interests in or to Subscription Software, Mobile Applications, Methodology, or Documentation, including all intellectual property rights. The rights of Customer to Subscription Software, Mobile Applications, Methodology, and Documentation are limited to the Licenses expressly granted to Customer under this Agreement.
8.2. Protection. In addition to its obligations under Section 7, Customer will not (a) allow any person other than its Authorized Users to access or use Subscription Software or Mobile Applications, or (b) disclose or transfer any Methodology, Documentation, or information learned about or from Subscription Software, Mobile Applications, or either of their screen displays, to any other person or entity other than Customer’s Authorized Users. Customer will ensure that its employees, Authorized Users, and Consultants, if any, comply with the obligations of this Agreement relating to the protection of Subscription Services.
8.3. Usage Data. Limble collects, aggregates, and analyzes data and information relating to the provision, use, performance, and customers of Limble Software Services (“Usage Data”). As a result of Customer’s access to and use of any Subscription Service, Usage Data will be derived in part from Customer Data in an anonymized and aggregated form that does not directly or indirectly identify Customer, any Authorized User, or any other customer or individual. Customer acknowledges and agrees that Limble owns all right, title, and interest in and to Usage Data, which is not subject to any terms of the Agreement.
8.4. Feedback. If and to the extent Customer, or any of its Authorized Users or Consultants, discloses or provides to Limble an idea or suggestion to modify, improve, update, or enhance any Subscription Service, or any component thereof (“Feedback”), then Limble will have the right to use, commercialize, and otherwise exploit the Feedback. Customer and Consultants agree to license, and hereby license, to Limble the Feedback, and all copyrights, patent rights, trade secrets, and other intellectual property in and to the Feedback, for these purposes. This license is non-exclusive, irrevocable, and worldwide and includes the right to grant sublicenses to others. Customer and Consultants make no guaranty or warranty that any Feedback is free of error or defect or that it is suitable for use by Limble or for any of the purposes or requirements of Limble.
9. GENERAL TERMS
9.1. Responsibility for Decisions. CUSTOMER IS SOLELY RESPONSIBLE FOR DECISIONS MADE AND ACTIONS TAKEN BASED ON SUBSCRIPTION SERVICES. IT IS CUSTOMER’S RESPONSIBILITY TO VERIFY ALL ANALYSES, RESULTS, AND DATA CREATED, COMPILED, OR GENERATED WITH THE USE OF SUBSCRIPTION SERVICES. ALL USE OF AND RELIANCE ON SUBSCRIPTION SERVICES AND ANY INFORMATION, DATA, OR RESULTS OBTAINED FROM SUBSCRIPTION SERVICES, ARE AT THE SOLE RISK OF CUSTOMER AND SUCH USE AND RELIANCE MUST BE BY QUALIFIED PROFESSIONALS WHO EXERCISE THEIR OWN INDEPENDENT PROFESSIONAL JUDGMENT.
9.2. Warranty Disclaimer. NEITHER PARTY MAKES ANY WARRANTY, REPRESENTATION, OR PROMISE NOT EXPRESSLY SET FORTH IN THIS AGREEMENT. LIMBLE DISCLAIMS AND EXCLUDES ANY AND ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SUBSCRIPTION SERVICES ARE PROVIDED AND LICENSED ON AN “AS IS” BASIS. LIMBLE DOES NOT WARRANT THAT ANY SUBSCRIPTION SERVICES WILL SATISFY CUSTOMER’S REQUIREMENTS, OR THAT THEY ARE WITHOUT DEFECT OR ERROR, OR THAT THEIR USE WILL BE UNINTERRUPTED OR ERROR FREE. SUBSCRIPTION SERVICES ARE NOT INTENDED, LICENSED, OR PROVIDED FOR ANY HAZARDOUS USE OR ANY APPLICATION REQUIRING FDA OR OTHER GOVERNMENT APPROVAL THAT HAS NOT BEEN OBTAINED BY CUSTOMER. HAZARDOUS USE MEANS USE IN ANY APPLICATION OR ENVIRONMENT IN WHICH ANY FAILURE OR MALFUNCTION OF, OR ERROR OR DEFECT IN, SUBSCRIPTION SERVICES COULD RESULT IN ANY CATASTROPHE OR LOSS OF LIFE OF, OR PHYSICAL INJURY TO, A NATURAL PERSON.
9.3. Limitation of Liability. UNDER NO CIRCUMSTANCES WILL LIMBLE BE LIABLE OR RESPONSIBLE IN CONNECTION WITH THIS AGREEMENT FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, INDIRECT, COVER, PUNITIVE, OR EXEMPLARY DAMAGES, OR FOR ANY LOSS OF PROFITS, BUSINESS OR REVENUE, LOSS OF USE OF ANY COMPUTER PROGRAMS, LOSS OF DATA, COSTS OF RECREATING LOST DATA, THE COST OF ANY SUBSTITUTE EQUIPMENT, DATA, SERVICES, OR SOFTWARE, OR CLAIMS BY ANY PERSON OTHER THAN CUSTOMER, EVEN IF LIMBLE HAS BEEN ADVISED OF THE POSSIBILITY OF ANY OF THE FOREGOING. UNDER NO CIRCUMSTANCES WILL LIMBLE’S AGGREGATE LIABILITY ARISING FROM OR RELATING TO THIS AGREEMENT, ANY ORDER FORM, ANY SOW, OR ANY SUBSCRIPTION SERVICES (REGARDLESS OF THE FORM OF ACTION OR CLAIM — E.G. CONTRACT, WARRANTY, TORT, OR OTHERWISE) EXCEED A LIMIT EQUAL TO THE TOTAL AMOUNT OF SUBSCRIPTION FEES PAID BY CUSTOMER TO LIMBLE UNDER THIS AGREEMENT DURING THE 12-MONTH PERIOD IMMEDIATELY PRECEEDING THE EVENT GIVING RISE TO THE LIABILITY. IN NO EVENT WILL ANY OF LIMBLE’S OFFICERS, PERSONNEL, OWNERS, LICENSORS, CONTRACTORS, SUBCONTRACTORS, OR ADVISORS HAVE ANY LIABILITY RELATING TO OR ARISING FROM THIS AGREEMENT OR ANY SUBSCRIPTION SERVICES. This Agreement, including its disclaimers and limitations of liability, represents a mutually agreed upon allocation of risk and the consideration given has been set to reflect such allocation.
9.4. Injunctive Relief. The Parties acknowledge and agree that any breach by a Party (the “offending Party”) of any of the covenants or provisions contained in this Agreement will give rise to irreparable injury to the other Party (the “offended Party”) inadequately compensable in damages and monetary remedies alone. Accordingly, the offended Party may seek and obtain preliminary and permanent injunctive relief against the breach or threatened breach of said covenants or provisions. Such relief will be in addition to any other remedies that may be available to the offended Party.
9.5. Notices. Any notice or consent from Limble to Customer may be sent or delivered by email to Customer’s administrative Authorized User(s) (sometimes referred to as Super User(s)), by first class, priority or express mail, by registered or certified mail, by commercial courier (e.g., Federal Express or UPS), by personal delivery, or through notifications in Subscription Software. Customer will keep Limble informed of Customer’s then-current physical addresses. Any notice to Limble may be sent by email to [email protected].
9.6. Construction. This Agreement represents the wording selected by the Parties to define their agreement and no rule of strict construction will apply against or in favor of either Party. Whenever the context reasonably permits, the singular will include the plural, the plural will include the singular, and the whole will include any part thereof.
9.7. Headings. Section headings used herein are for convenience only and will not be used to broaden or limit this Agreement.
9.8. Assignment. Neither Party may assign or transfer any of its rights or obligations under this Agreement without the other Party’s prior written consent, provided, however that either Party may assign this Agreement in its entirety, without the other Party’s written consent, to the successor entity in the event of a merger, acquisition, corporate reorganization, or sale of all or substantially all of the assigning Party’s assets. Subject to the foregoing, any assignee or transferee of this Agreement must assume the duties and obligations of the assigning or transferring Party under this Agreement.
9.9. Successors. This Agreement will be binding upon and inure to the benefit of the Parties and their respective permitted successors and assigns.
9.10. Force Majeure. Notwithstanding anything to the contrary, neither Party will be deemed in breach of this Agreement or otherwise liable for any delay or failure to perform an obligation or duty where such delay or failure is caused by any act of nature, fire, flood, accident, riot, war, crime, terrorism, government intervention or regulation, any obligation to comply with any law, regulation or ordinance, any disruption or interference in communications, equipment or software, the Internet, any disruption or delay in supplies, communications, power, or other utilities, any labor dispute or shortage, or circumstances beyond the control of that Party or for the misconduct of an unaffiliated person. It is also understood that downtime of Limble Servers, Subscription Software, or Mobile Applications for maintenance, re-location, Upgrades, and other purposes will be necessary from time-to-time and that unintended interruptions and downtime may also occur and are not a breach of this Agreement.
9.11. Governing Law. This Agreement and the rights and obligations of the Parties hereunder will be governed by and interpreted, construed, and enforced in accordance with the laws of the State of Utah, without regard to conflict of law principles. The Parties consent to the jurisdiction of the state and federal courts located in Salt Lake City or County, Utah and agree that such courts and their respective courts of appeal will be the exclusive venue for the resolution of any dispute relating to this Agreement or any of the Subscription Services. Each Party waives any objection which it may have now or hereafter to the laying of venue in such courts, and irrevocably submits to the exclusive jurisdiction and venue of such courts.
9.12. Limble Personnel. The personnel of Limble used to perform Subscription Services and obligations under this Agreement may be employees or subcontractors of Limble. Limble remains responsible for the performance of its obligations under this Agreement.
9.13. Relationship. Neither Party is the partner, joint venturer, agent, or representative of the other Party. Each Party is an independent contractor. There is no employment relationship between the Parties. Neither Party has the authority to make any representations or warranties or incur any obligations or liabilities on behalf of the other Party. Neither Party will make any representation to a third party inconsistent with this Section 9.13. There are no third-party beneficiaries to this Agreement.
9.14. Marketing. Unless otherwise set forth in an Order Form, Customer grants permission to Limble to identify Customer as a Limble customer using Customer’s name or logo in any marketing, sales, public relations, or financial materials during the term of the Agreement.
9.15. Waiver and Severability. Any waiver of, or promise not to enforce, any right under this Agreement will not be enforceable unless evidenced by a writing signed by the Party making said waiver or promise. If any part of this Agreement is determined to be invalid or unenforceable by applicable law, then the invalid or unenforceable provision will be deemed superseded by a valid, enforceable provision that most closely matches the intent of the original provision and the remainder of this Agreement will continue in effect.
9.16. Export Compliance. Subscription Services may be subject to the export laws of the United States and other jurisdictions. Customer hereby warrants and certifies that Customer (a) is not on any U.S. Government denied-party list, and (b) will not permit any Authorized User to access or use Subscription Services in a U.S.-embargoed country or region, or permit access or use by any denied party, in violation of any U.S. export law or regulation.
9.17. Anti-Bribery. Neither Party has received or been offered any illegal or improper bribe, rebate, payoff, influence payment, kickback, or other thing of value from an employee or agent of the other Party in connection with this Agreement.
9.18. U.S. Government Agency. If Customer is a U.S. Government agency, Customer acknowledges that the Subscription Software and Mobile Applications licensed under this Agreement are “commercial items,” “commercial computer software,” and/or “commercial computer software documentation” that have been developed at private expense and not under a Government contract or at Government expense. The Government’s rights relating to Subscription Software and Mobile Applications are limited to those rights and provisions applicable to Customer as set forth in this Agreement and are binding on Government users in accordance with Federal Acquisition Regulation 48 C.F.R. Section 12.212 for non-defense agencies and/or Defense FAR Supplement 48 C.F.R. Section 227.7202-1 for defense agencies, as applicable. U.S. Government rights to use, modify, reproduce, release, perform, display or, disclose Subscription Software and Mobile Applications are subject to the limited rights restrictions of DFARS 252.227-7015(b)(2) and/or restrictions of DFARS 227.7202-1(a) and DFARS 227.7202-3(a), as applicable for U.S. Department of Defense (“DOD”) procurements and the limited rights of restrictions of FAR 52.227-14 and/or restricted rights provisions of FAR 52.227-14 and FAR 52.227-19, as applicable, and applicable agency FAR Supplements, for non-DOD Federal procurements.
9.19. Contract for Services. This Agreement is a contract for the provision of services and not a contract for the sale of goods. The provisions of the Uniform Commercial Code (UCC), the Uniform Computer Information Transaction Act (UCITA), or any substantially similar legislation as may be enacted, will not apply to this Agreement. If you are located outside of the territory of the United States, the parties agree that the United Nations Convention on Contracts for the International Sale of Goods will not govern this Agreement or the rights and obligations of the parties under this Agreement.
9.20. Entire Agreement. This Agreement (i) represents the entire agreement between the Parties concerning the subject matter of this Agreement, (ii) supersedes all prior agreements, understandings, representations and warranties relating to the subject matter of this Agreement, whether written or oral, and (iii) may be amended, canceled, or rescinded only as set forth in Section 9.21 or by a writing signed by duly authorized representatives of both Parties. Any terms or conditions of any purchase order or other document submitted by Customer in connection with this Agreement or any Subscription Services that are in addition to, different from, or inconsistent with the terms and conditions of this Agreement are for administrative purposes only, are not binding on Limble, and are of no legal effect.
9.21. Amendments. Limble may modify these Customer Terms of Service, or the Data Processing Addendum, or Service-Specific Terms, by posting a revised version on Limble’s Website. The revised version will take effect on the date it is posted to Limble’s Website. Limble will provide notice of the revised version to Customer by email to Customer’s administrative Authorized User(s) (sometimes referred to as Super User(s)) or through the Subscription Software. If Customer does not agree with a modification, then Customer must notify Limble in writing within thirty (30) days after Limble posts the revised version on Limble’s Website. If Customer provides this notice, then the Subscription Services will continue to be governed by the terms and conditions of the Agreement prior to modification until the next Renewal Term, after which the then-current Customer Terms of Service, Data Processing Addendum, and applicable Service-Specific Terms posted on Limble’s Website will apply. However, if Limble can no longer reasonably provide the Subscription Services to Customer under the Agreement prior to modification (for example, if the modifications are required by law or result from general product changes), then the Agreement and/or affected Subscription Services will terminate upon Limble’s notice to Customer, and Limble will promptly refund any prepaid, but unused Subscription Fees covering use of the Subscription Services after termination.
Release Date: Version 1.1, October 11, 2024
Service-Specific Terms
1.LIMBLE CMMS SERVICE-SPECIFIC TERMS.
1.1. Definitions.
1.1.1. “Customer Success Manager” means a Limble customer success manager assigned as a direct point of contact to a customer subscribing to either a Premium+ plan or an Enterprise plan.
1.1.2. “Implementation Services” or “Implementation” means virtual implementation services provided by Limble personnel via telephone, video conferencing, email, and webchat, or through recorded learning modules, to assist Customer in implementing the Limble CMMS Subscription Service.
1.1.3. “Support Services” or “Support” means virtual support services provided by Limble personnel via telephone, video conferencing, email, and webchat concerning problems and issues relating to the Limble CMMS Subscription Service and remote access to it as contemplated by the Agreement. Support Services do not include training and are subject to the reasonable availability of Limble’s support personnel during Limble’s standard support hours. Support Services are subject to Limble’s then-current virtual support policies, limitations, and procedures.
1.2. Standard Implementation and Support Services. Limble will provide standard Implementation Services and Support Services to assist Customer in implementing and using Limble CMMS. If Customer subscribes to a Premium+ Plan or to an Enterprise Plan, then Customer will be assigned a Customer Success Manager. If Customer subscribes to a Basic Plan or to a Standard Plan, then no Customer Success Manager will be assigned.
1.3. Paid Implementation Services. If Customer has subscribed to an Enterprise Plan, then Customer may request additional implementation services (e.g., data entry, workflow duplication, training, and on-site visits). Upon Customer’s request and Limble’s agreement in an Order Form or SOW, Limble will provide additional implementation services as Additional Services on a time and materials basis under Section 3.8 of the Customer Terms of Service.
2.LIMBLE FUSE SERVICE-SPECIFIC TERMS.
2.1. Beta Release. The Fuse Solution is currently in beta testing, and Limble provides the Fuse Solution to Customer on that basis at a discounted, flat rate. Customer acknowledges and agrees that (a) Limble will not provide support for the Fuse Solution during the period of beta testing, and (b) pricing for the Fuse Solution will include a usage-based component after the period of beta testing.
2.2. Scope of Use. The Fuse Solution is offered by Limble for use in conjunction with Subscription Software, but the Fuse Solution is not part of Subscription Software. The Fuse Solution is hosted by Limble for remote access and use by Customer under the SaaS License as though the Fuse Solution were part of Subscription Software. The Fuse Solution provides functionality that enables integration of the Subscription Software with certain third-party applications designated by Limble from time to time (the “Designated Applications”). The then-current list of Designated Applications is available from Limble and may change from time to time. Currently, the Fuse Solution is offered and available only with data hosting in the United States. Customer may use the Fuse Solution on a hosted subscription basis for its intended purposes to integrate Subscription Software used by Customer under the SaaS License with Designated Applications and for no other purpose. Customer may use the Fuse Solution only in conjunction with Subscription Software.
2.3. Integration Configurations. Limble’s customers use the Fuse Solution to configure and utilize integrations between Subscription Software and Designated Applications (“Integration Configurations”). Customer may use Integration Configurations made available to Customer by Limble as part of the Fuse Solution, subject to the terms of the Agreement. In consideration of this use, Customer hereby grants to Limble a license to use, disclose, distribute, copy, modify, and commercialize Integration Configurations created by Customer using the Fuse Solution. This right is non-exclusive, irrevocable, and worldwide and includes the right to grant sublicenses to others, including other Fuse Solution customers.
2.4. Third-Party Technology. The Fuse Solution includes third-party technology, including computer programs that are licensed to Limble for the purpose of making that technology available to customers in conjunction with Subscription Software. Any third party licensor of that technology will have no obligation or liability to Customer and makes no representation or warranty to Customer. The confidentiality obligations and other protections of Subscription Software under the Agreement will also apply to the Fuse Solution on a mutatis mutandis basis. Customer must not copy or modify any of the Fuse Solution or make any of it available to any other person or entity.
2.5. WARRANTY DISCLAIMER. LIMBLE MAKES NO WARRANTY CONCERNING THE FUSE SOLUTION, AND IT IS PROVIDED ON AN “AS IS” BASIS. HOWEVER, IF CUSTOMER IS DISSATISFIED WITH THE FUSE SOLUTION, CUSTOMER MAY TERMINATE ITS SUBSCRIPTION TO THE FUSE SOLUTION.
3. LIMBLE SEARCH SERVICE-SPECIFIC TERMS.
3.1. Beta Release. Limble Search is currently in beta testing as a Limble Software Service. LIMBLE MAKES NO WARRANTY CONCERNING LIMBLE SEARCH DURING BETA TESTING, AND AS SUCH LIMBLE SEARCH IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS.
3.2. Implementation. Limble Search does not require implementation. Helpful content about using Limble Search is available in Limble’s Help Center. Implementation services are not provided for Limble Search.
3.3. Support. Virtual support services for Limble Search are provided via email at [email protected], subject to the reasonable availability of Limble Search support personnel. Support services are subject to Limble’s then-current virtual support policies, limitations, and procedures.
3.4. Search Overages. In the event Customer exceeds the maximum number of searches for Customer’s Limble Search subscription tier in any two consecutive months, Customer will (a) pay Limble’s then-current per-search rate for the excessive searches, or (b) move to a higher subscription tier, and pay the additional Subscription Fee, for the remainder of the Subscription Term. Limble reserves the right to suspend or terminate any free trial of Limble Search if Limble determines, in its sole discretion, that the number of search requests from Customer is excessive or otherwise beyond the scope of Limble Search’s intended use.
3.5. Security. Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing (as defined in the Data Processing Addendum) as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Limble shall in relation to Customer Personal Data (as defined in the Data Processing Addendum) Processed in connection with Limble Search implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk. During beta testing, Customer acknowledges and agrees that these measures will not include all of the measures described in Annex II of the Data Processing Addendum with respect to Customer Personal Data Processed in connection with Limble Search.
Release Date: Version 2.0, October 16, 2023
Limble Data Processing Addendum
This Data Processing Addendum (“Addendum”) completes and forms part of the Terms of Service, as updated from time to time, or other agreement between Limble and Customer (together the “Parties”) governing Customer’s use of the Service (altogether “Principal Agreement”). This Addendum is concluded between Limble Solutions, Inc., and its affiliates, subsidiaries and branches (“Limble”) and the Customer as defined in the Principal Agreement (“Customer”).
The Parties agree that the terms set out below are added as an Addendum to the Principal Agreement.
1. Definitions and Interpretation
1.1. In this Addendum:
1.1.1. “Applicable Data Protection Law” means the following data protection law(s), as applicable, including any subsequent amendments, modifications and revisions thereto: (i) European Data Protection Law, including the GDPR; and (ii) the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA”) and any other applicable U.S. federal and state privacy laws that apply generally to the processing of individuals’ Personal Data and that do not apply solely to specific industry sectors (e.g., financial institutions), specific demographics (e.g., children), or specific classes of information (e.g., health or biometric information) (“U.S. Privacy Laws”);
1.1.2. “Consumer” has the meaning defined in the U.S. Privacy Laws;
1.1.3. “Customer Personal Data” means Personal Data Processed by Limble as a Processor on behalf of Customer or Third Party Controller;
1.1.4. “Data Subject Rights” means Data Subjects’ rights to information, access, rectification, erasure, restriction, portability, objection, the right to withdraw consent, and the right not to be subject to automated individual decision-making in accordance with Applicable Data Protection Law;
1.1.5. “European Data Protection Law” means the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the e-Privacy Directive 2002/58/EC (as amended by Directive 2009/136/EC), their national implementations in the European Economic Area (“EEA”), including the European Union, and all other data protection laws of the EEA, the United Kingdom (“UK”), and Switzerland, each as applicable, and as may be amended or replaced from time to time;
1.1.6. “International Data Transfer” means any disclosure of Customer Personal Data by an organization subject to European Data Protection Law to another organization located outside the EEA, the UK, or Switzerland;
1.1.7. “Services” means the services provided by Limble to Customer as defined in Section 1.2.6 of the Principal Agreement;
1.1.8. “Share,” “Shared,” and “Sharing” have the meaning defined in the CCPA;
1.1.9. “Sale” and “Selling” have the meaning defined in the U.S. Privacy Laws;
1.1.10. “Subprocessor” means a Processor engaged by Limble to Process Customer Personal Data;
1.1.11. “SCCs” means the clauses annexed to the EU Commission Implementing Decision 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council as amended or replaced from time to time;
1.1.12. “Third-Party Controller” means a Controller for which Customer is a Processor;
1.1.13. “UK Addendum” means the addendum to the SCCs issued by the UK Information Commissioner under Section 119A(1) of the UK Data Protection Act 2018 (version B1.0, in force March 21, 2022); and
1.1.14. “Controller”, “Data Subject”, “Personal Data”, “Personal Data Breach”, “Processing”, “Processor”, “Processed” and “Supervisory Authority” have the meaning given to them in Applicable Data Protection Law, and their cognate terms shall be construed accordingly.
1.1.15. In the event of a conflict in the meanings of defined terms in the U.S. Privacy Laws, the meaning from the law applicable to the state of residence of the relevant Consumer applies.
1.2. Capitalized terms used but not defined herein have the meaning given to them in the Principal Agreement.
2. Scope
2.1. This Addendum applies to the Processing of Customer Personal Data by Limble subject to Applicable Data Protection Law to provide the Services.
2.2. The subject matter, nature, and purpose of the Processing, the types of Customer Personal Data and categories of Data Subjects are set out in Annex I, which is an integral part of this Addendum.
2.3. Customer is a Controller and appoints Limble as a Processor on behalf of Customer. Limble will only Process Customer Personal Data on behalf of Customer for the limited and specific purposes set forth in Annex I. Customer is responsible for compliance with the requirements of Applicable Data Protection Law applicable to Controllers.
2.4. If Customer is a Processor on behalf of a Third-Party Controller, then Customer: is the single point of contact for Limble; must obtain all necessary authorizations from such Third-Party Controller; and undertakes to issue all instructions and exercise all rights on behalf of such other Third-Party Controller.
2.5. Customer acknowledges that Limble may Process Personal Data relating to the operation, support, or use of the Services for its own business purposes, such as accounting and finance, account management, data analysis, benchmarking, product development, sales and marketing, and compliance with law, and including as described in Section 8.3 of the Principal Agreement. Limble is the Controller for such Processing and will Process such data in accordance with Applicable Data Protection Law.
3. Processing of Customer Personal Data
3.1. Limble shall:
3.1.1. comply with Applicable Data Protection Laws in the Processing of Customer Personal Data, provide the level of privacy protection required by the U.S. Privacy Laws and provide Customer with all reasonably-requested assistance to enable Customer to fulfill its own obligations under the U.S. Privacy Laws;
3.1.2. not Process Customer Personal Data other than on the Customer’s documented instructions; and
3.1.3. With respect to the Processing of Personal Data subject to U.S. Privacy Laws, except as explicitly permitted by the applicable U.S. Privacy Laws, Limble is prohibited from (i) Selling or Sharing Customer Personal Data, (ii) retaining, using, or disclosing Customer Personal Data for any purpose other than for the specific purpose of performing the services specified in Annex I, (iii) retaining, using, or disclosing Customer Personal Data outside of the direct business relationship between the Parties, and (iv) combining Customer Personal Data with Personal Data obtained from, or on behalf of, sources other than Customer.
3.2. Customer hereby instructs Limble to process Customer Personal Data to provide the Services in accordance with the Principal Agreement and this Addendum, or any applicable statement of work.
3.3. Customer may reasonably issue additional instructions as necessary to comply with Applicable Data Protection Law.
3.4. Unless prohibited by applicable law, Limble will inform Customer if Limble is subject to a legal obligation that requires Limble to Process Customer Personal Data in contravention of Customer’s documented instructions.
4. Processor Personnel
4.1. Limble will ensure that all personnel including employees, agents, sub-contractors and sub-processors authorized to Process Customer Personal Data are subject to an obligation of confidentiality.
5. Security
5.1. Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Limble shall in relation to the Customer Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures described in Annex II.
5.2. Customer acknowledges that the security measures in Annex II are appropriate in relation to the risks associated with Customer’s intended Processing and will notify Limble prior to any intended Processing for which Limble’s security measures may not be appropriate.
6. Subprocessing
6.1. Customer hereby authorizes Limble to engage Subprocessors. A list of Limble’s current Subprocessors is included in https://trust.limblecmms.com/.
6.2. Limble will enter into a written agreement with Subprocessors which imposes the same obligations as required by Applicable Data Protection Law. Limble shall specifically ensure that Limble’s subcontractors or Subprocessors who Process Customer Personal Data on Limble’s behalf agree in writing to the same or equivalent restrictions and requirements that apply to Limble in this Addendum and the Principal Agreement with respect to Customer Personal Data, as well as to comply with the applicable U.S. Privacy Laws.
6.3. Limble will notify Customer prior to any intended change to Subprocessors. Customer may object to the addition of a Subprocessor based on reasonable grounds relating to a potential or actual violation of Applicable Data Protection Law by providing written notice detailing the grounds of such objection within thirty (30) days following Limble’s notification of the intended change. Customer and Limble will work together in good faith to address Customer’s objection. If Limble chooses to retain the Subprocessor, Limble will inform Customer at least thirty (30) days before authorizing the Subprocessor to Process Customer Personal Data, and either party may immediately discontinue providing or using the relevant parts of the Services, as applicable, and may terminate the relevant parts of the Services within thirty (30) days.
6.4. If any Subprocessor fails to fulfill its obligations under Applicable Data Protection Law, Limble will be fully liable to Customer for the performance of such obligations.
7. Data Subject Rights and Consumer Rights
7.1. Limble shall promptly notify Customer if it determines that it can no longer meet its obligations under applicable U.S. Privacy Laws. Upon receiving notice from Limble in accordance with this subsection, Customer may direct Limble to take reasonable and appropriate steps to stop and remediate unauthorized use of Customer Personal Data.
7.2. Taking into account the nature of the Processing, Limble shall provide commercially reasonable assistance to the Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer’s obligations to respond to requests to exercise Data Subject Rights and U.S. Privacy Law-related Consumer rights requests under the Applicable Data Protection Laws.
7.3. Limble shall:
7.3.1. promptly notify Customer if it receives a request to exercise Data Subject Rights under Applicable Data Protection Law in respect of Customer Personal Data; and
7.3.2. ensure that it does not respond to that request except on the documented instructions of Customer or as required by applicable law to which Limble is subject, in which case Limble shall to the extent permitted by applicable law inform Customer of that legal requirement before Limble responds to the request.
7.4. Customer shall promptly inform Limble if it receives any request to exercise Data Subject Rights or any Consumer request made pursuant to the U.S. Privacy Laws affecting Customer Personal Data Processed by Limble that Customer must comply with. Customer shall provide Limble with the information necessary for Limble to comply with any such request.
7.5. Limble shall not be required to delete any Customer Personal Data to comply with a Consumer’s request directed by Customer if retaining such information is specifically permitted by applicable U.S. Privacy Laws; provided, however, that in such case, Limble will promptly inform Customer of the exceptions relied upon under applicable U.S. Privacy Laws and Limble shall not use Customer Personal Data retained for any purpose other than provided for by that exception.
8. Personal Data Breach
8.1. Limble will notify Customer without undue delay after becoming aware of a Personal Data Breach involving Customer Personal Data. If Limble’s notification is delayed, it will be accompanied by reasons for the delay.
8.2. Limble shall take reasonable commercial steps in the investigation, mitigation and remediation of a Personal Data Breach affecting Customer Personal Data.
8.3. Limble shall assist the Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer’s obligations under European Data Protection Law to notify Personal Data Breaches to Supervisory Authorities and Data Subjects, as applicable.
9. Data Protection Impact Assessment and Prior Consultation
9.1. Taking into account the nature of the Processing, Limble shall assist the Customer by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer’s obligations under European Data Protection Law to conduct data protection impact assessments, and prior consultations with Supervisory Authorities, as applicable.
10. Audit
10.1. Upon reasonable request, Limble must make available to Customer all information necessary to demonstrate compliance with the obligations of this Addendum and allow for and contribute to audits, including inspections, as mandated by a Supervisory Authority or reasonably requested no more than once per year by Customer, and performed by an independent auditor as agreed upon by Customer and Limble. The foregoing shall only extend to those documents and facilities relevant and material to the Processing of Customer Personal Data and shall be conducted during normal business hours and in a manner that causes minimal disruption. Limble and Customer each bear their own costs related to an audit.
10.2. With respect to the Processing of Personal Data subject to U.S. Privacy Laws, Customer has the right to monitor Limble’s compliance with this Addendum through measures, including, but not limited to, ongoing manual reviews, automated scans, regular assessments, audits, or other annual technical and operational testing at least once every 12 months
10.3. Where permitted by law, Limble may instead make available to Customer a summary of the results of a third-party audit or certification reports relevant to Limble’s compliance with this Addendum.
11. International Data Transfers
11.1. Customer hereby authorizes Limble to perform International Data Transfers to any country deemed to have an adequate level of data protection by the European Commission or other competent authorities (including the competent authorities in the UK and Switzerland), as appropriate; on the basis of adequate safeguards in accordance with European Data Protection Law; or pursuant to the SCCs and the UK Addendum referred to in Sections 11.2 and 11.3.
11.2. By signing this Addendum, Customer and Limble conclude Module 2 (controller-to-processor) of the SCCs and, to the extent Customer is a Processor on behalf of a Third-Party Controller, Module 3 (Processor-to-Subprocessor) of the SCCs, which are hereby incorporated and completed as follows: the “data exporter” is Customer; the “data importer” is Limble; the optional docking clause in Clause 7 is implemented; Option 2 of Clause 9(a) is implemented and the time period therein is specified in Section 6.3 above; the optional redress clause in Clause 11(a) is struck; Option 1 in Clause 17 is implemented and the governing law is the law of Ireland; the courts in Clause 18(b) are the Courts of Ireland; Annex I and II to Module 2 and 3 of the SCCs are Annex I and II to this Addendum respectively. For International Data Transfers from Switzerland, Data Subjects who have their habitual residence in Switzerland may bring claims under the SCCs before the courts of Switzerland.
11.3. By signing this Addendum, Limble and Customer conclude the UK Addendum, which is hereby incorporated and applies to International Data Transfers outside the UK. Part 1 of the UK Addendum is completed as follows: (i) in Table 1, the “Exporter” is Customer and the “Importer” is Limble, their details are set forth in the signature block below; (ii) in Table 2, the first option is selected and the “Approved EU SCCs” are the SCCs referred to in Section 11.2 of this Addendum; (iii) in Table 3, Annexes 1 (A and B) and II to the “Approved EU SCCs” are Annex I and II respectively; and (iv) in Table 4, both the “Importer” and the “Exporter” can terminate the UK Addendum.
11.4. If Limble’s compliance with European Data Protection Law applicable to International Data Transfers is affected by circumstances outside of Limble’s control, including if a legal instrument for International Data Transfers is invalidated, amended, or replaced, then Customer and Limble will work together in good faith to reasonably resolve such non-compliance. In the event that additional, replacement or alternative standard contractual clauses or UK standard contractual clauses are approved by Supervisory Authorities or other competent authorities, Limble reserves the right to amend this Addendum by adding to or replacing, the standard contractual clauses or UK standard contractual clauses that form part of it at the date of signature in order to ensure continued compliance with European Data Protection Law.
12. Liability
12.1. Without prejudice to Section 9.2 of the Principal Agreement, where Limble has paid compensation, damages or fines, Limble is entitled to claim back from Customer that part of the compensation, damages or fines, corresponding to Customer’s part of responsibility for the compensation, damages or fines.
13. Termination and return or deletion
13.1. This Addendum is terminated upon the termination of the Principal Agreement.
13.2. Customer may request return of Customer Personal Data up to ninety (90) days after termination of the Agreement. Unless required or permitted by applicable law, Limble will delete all remaining copies of Customer Personal Data after returning Customer Personal Data to Customer.
14. Applicable law and jurisdiction
14.1. This Addendum is governed by the laws of the State of Utah. Any disputes relating to this Addendum will be subject to the exclusive jurisdiction of the courts of Salt Lake City or Country, in the State of Utah.
15. Modification of this Addendum
15.1. This Addendum may only be modified by a written amendment signed by both Limble and Customer.
16. Invalidity and severability
16.1. If any provision of this Addendum is found by any court or administrative body of a competent jurisdiction to be invalid or unenforceable, then the invalidity or unenforceability of such provision does not affect any other provision of this Addendum and all provisions not affected by such invalidity or unenforceability will remain in full force and effect.
ANNEX I
DESCRIPTION OF THE TRANSFER
A. LIST OF PARTIES
Data exporter:
- Name: Customer (as defined in the Principal Agreement, and as indicated in the Order Form or the customer’s Subscription Software account)
- Address: As indicated in the Order Form or in the customer’s Subscription Software account.
- Contact person’s name, position and contact details: As indicated in the Order Form or in the Customer’s Subscription Software account.
- Activities relevant to the data transferred under these Clauses: Customer receives Limble’s Services as described in the Principal Agreement and Customer provides Personal Data to Limble in that context.
- Signature and date: See the Order Form or the electronic acceptance of the Principal Agreement through the Subscription Software’s self-serve subscription tool.
- Role (controller/processor): Controller, or Processor on behalf of Third-Party Controller
Data importer:
- Name: Limble Solutions, Inc.
- Address: 3290 West Mayflower Way, Lehi, UT 84043, United States of America.
- Contact person’s name, position and contact details: Caleb Frischknecht, General Counsel, [email protected],Tel: 801-851-1218.
- Activities relevant to the data transferred under these Clauses: Limble provides its Services to Customer as described in the Principal Agreement and Processes Personal Data on behalf of Customer in that context.
- Signature and date: See the Order Form or the electronic acceptance of the Principal Agreement through the Subscription Software’s self-serve subscription tool
- Role (controller/processor): Processor on behalf of Customer, or Subprocessor on behalf of Third-Party Controller
B. DESCRIPTION OF INTERNATIONAL DATA TRANSFER
- Categories of Data Subjects whose Personal Data is transferred: Customer’s personnel, staff, contractors and consultants; and any other “Authorized Users” as defined in the Principal Agreement.
- Categories of Personal Data transferred:
# | Category of Personal Data |
1 | Account details, such as given name, last name, username, and password, and account information on third-party services which the Customer chooses to integrate with the Services. |
2 | Professional contact details, such as company name, job title, email address, phone numbers, fax number, physical address, fees for completing maintenance tasks. |
3 | User content, such as information about ongoing and completed work orders and projects, project deadlines and status, inventory of available tools and technology, images showing maintenance needs and project status, location of projects, chat messages between users, and any other content uploaded by users of Limble’s Services. |
4 | Support information, such as information included in technical support requests sent by Customer, any additional information provided by Customer, and information about the type of technical support provided to Customer. |
5 | Communications, such as contact details (e.g., name, email address, postal address, telephone number) and the contents of any message sent to Limble’s customer support and customer management teams. |
- Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: Limble does not intend to receive sensitive Personal Data from its Customers.
- The frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis): On a continuous basis for the duration of the Principal Agreement.
- Nature of the processing: The Personal Data will be processed and transferred as described in the Principal Agreement.
- Purpose(s) of the data transfer and further processing: The Personal Data will be transferred and further processed for the provision of the Services as described in the Principal Agreement.
- The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: Personal Data will be retained for as long as necessary taking into account the purpose of the Processing, and in compliance with applicable laws, including laws on the statute of limitations and Applicable Data Protection Law.
- For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: For the subject matter and nature of the Processing, reference is made to the Principal Agreement and this Addendum. The Processing will take place for the duration of the Principal Agreement.
C. COMPETENT SUPERVISORY AUTHORITY
- The competent authority for the Processing of Personal Data relating to Data Subjects located in the EEA is the Supervisory Authority: (a) of Customer’s country of establishment in the EU, or, where not applicable; (b) of the country where the Customer’s EU data protection representative is located; or, where not applicable, (c) the Irish Data Protection Commission.
- The competent authority for the Processing of Personal Data relating to Data Subjects located in the UK is the UK Information Commissioner.
- The competent authority for the Processing of Personal Data relating to Data Subjects located in Switzerland is the Swiss Federal Data Protection and Information Commissioner.
ANNEX II
TECHNICAL AND ORGANIZATIONAL MEASURES INCLUDING TECHNICAL AND ORGANIZATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
Limble Solutions maintains a comprehensive documented security program based on industry best practices and standards, under which Limble Solutions implements and maintains physical, administrative, and technical safeguards designed to protect the confidentiality, integrity, availability, and security of the Service and personal data (the “Security Program”), including, but not limited to, as set forth below. Limble Solutions regularly tests and evaluates its Security Program, and may review and update its Security Program, however, that such updates shall be designed to enhance and not materially diminish the Security Program.
1. Limble Solutions Audits & Certifications
1.1. The information security management system used to provide the service shall be assessed by independent third-party auditors as described in the following audits and certifications (“Third-Party Audits“), on at least an annual basis:
• SOC 2 Type II
1.2. To the extent Limble Solutions decides to discontinue a Third-Party Audit, Limble Solutions will adopt or maintain an equivalent, industry-recognized framework.
2. Hosting Location of Personal data
2.1. Hosting Location. The hosting location of personal data is the production Cloud Environment in the Region offered by Limble Solutions and selected by Customer.
3. Encryption
3.1. Encryption of Personal data. Limble Solutions encrypts personal data at-rest using AES 256-bit (or better) encryption, with the exception of object storage, they are protected with object key signing. Limble Solutions uses Transport Layer Security (TLS) 1.2 (or better) for personal data in-transit over untrusted networks.
3.2. Encryption Key Management. Limble Solutions logically separates encryption keys from personal data.
4. System & Network Security
4.1. Access Controls.
4.1.1. All Limble Solutions personnel access to the Cloud Environment is via a unique user ID, consistent with the principle of least privilege, requires a VPN, as well as multi-factor authentication and passwords meeting or exceeding PCI-DSS length and complexity requirements.
4.1.2. Limble Solutions personnel will not access personal data except (i) as reasonably necessary to provide Limble Solutions Offerings under the Principal Agreement or (ii) to comply with the law or a binding order of a governmental body.
4.2. Endpoint Controls. For access to the Cloud Environment, Limble Solutions personnel use Limble Solutions-issued laptops which utilize security controls that include, but are not limited to, (i) disk encryption, (ii) endpoint detection and response (EDR) tools to monitor and alert for suspicious activities and Malicious Code (as defined below), and (iii) vulnerability management in accordance with Section 4.7.3 (Vulnerability Management).
4.3. Separation of Environments. Limble Solutions logically separates production environments from development environments. The Cloud Environment is both logically and physically separate from Limble Solutions’ corporate offices and networks.
4.4. Firewalls / Security Groups. Limble Solutions shall protect the Cloud Environment using industry standard firewall or security groups technology with deny-all default policies to prevent egress and ingress network traffic protocols other than those that are business-required.
4.5. Hardening. The Cloud Environment shall be hardened using industry-standard practices to protect it from vulnerabilities, including by changing default passwords, removing unnecessary software, disabling or removing unnecessary services, and regular patching as described in this Annex II.
4.6. Monitoring & Logging.
4.6.1. Infrastructure Logs. Monitoring tools or services, such as intrusion detection tools, are utilized to log certain activities and changes within the Cloud Environment. These logs are further monitored, analyzed for anomalies, and are securely stored to prevent tampering for at least one year.
4.7. Vulnerability Detection & Management.
4.7.1. Anti-Virus & Vulnerability Detection. The Cloud Environment leverages advanced threat detection tools with daily signature updates, which are used to monitor and alert for suspicious activities. Limble Solutions does not monitor personal data for Malicious Code.
4.7.2. Penetration Testing & Vulnerability Detection. Limble Solutions regularly conducts penetration tests throughout the year and engages one or more independent third parties to conduct penetration tests of the service at least annually. Limble Solutions also runs vulnerability scans for the Cloud Environment using updated vulnerability databases at least quarterly.
4.7.3. Secure Code Scanning / Review. Limble Solutions has put in place automated code vulnerability assessment tools to assess the potential impact of new code prior to it going into a production environment.
4.7.4. Secure Code Training. Limble Solutions has put into place a policy of at least yearly secure code training for every engineer in the organization.
4.7.5. Vulnerability Management. Vulnerabilities meeting defined risk criteria trigger alerts and are prioritized for remediation based on their potential impact to the service. Upon becoming aware of such vulnerabilities, Limble Solutions will use commercially reasonable efforts to address private and public (e.g., U.S.-Cert announced) critical and high vulnerabilities within 30 days, and medium vulnerabilities within 90 days. To assess whether a vulnerability is ‘critical’, ‘high’, or ‘medium’, Limble Solutions leverages the National Vulnerability Database’s (NVD) Common Vulnerability Scoring System (CVSS), or where applicable, the U.S.-Cert rating.
5. Administrative Controls
5.1. Personnel Security. Limble Solutions requires criminal background screening on its personnel as part of its hiring process, to the extent permitted by applicable law.
5.2. Personnel Training. Limble Solutions maintains a documented security awareness and training program for its personnel, including, but not limited to, onboarding and on-going training at least yearly.
5.3. Personnel Agreements. Limble Solutions personnel are required to sign confidentiality agreements. Limble Solutions personnel are also required to sign Limble Solutions’ information security policy, which includes acknowledging responsibility for reporting security incidents.
5.4. Personnel Access Reviews & Separation. Limble Solutions reviews the access privileges of its personnel to the Cloud Environment at least quarterly and removes access on a timely basis for all separated personnel.
5.5. Limble Solutions Risk Management & Threat Assessment. Limble Solutions’ risk management process is modeled on SOC 2 Type 2. Limble Solutions’ security committee meets regularly to review reports and material changes in the threat environment, and to identify potential control deficiencies in order to make recommendations for new or improved controls and threat mitigation strategies.
5.6. External Threat Intelligence Monitoring. Limble Solutions reviews external threat intelligence, including US-Cert vulnerability announcements and other trusted sources of vulnerability reports. U.S.-Cert announced vulnerabilities rated as critical or high are prioritized for remediation in accordance with Section 4.7.3 (Vulnerability Management).
5.7. Change Management. Limble Solutions maintains a documented change management program for the service.
5.8. Vendor Risk Management. Limble Solutions maintains a vendor risk management program for subprocessors that process personal data designed to ensure each subprocessor maintains security measures consistent with Limble Solutions’ obligations in this Annex II.
6. Physical & Environmental Controls
6.1. Cloud Environment Data Centers. To ensure the Cloud Provider has appropriate physical and environmental controls for its data centers hosting the Cloud Environment, Limble Solutions regularly reviews those controls as audited under the Cloud Provider’s third-party audits and certifications. Each Cloud Provider shall have a SOC 2 Type II annual audit and ISO 27001 certification, or industry recognized equivalent frameworks. Such controls, shall include, but are not limited to, the following:
6.1.1. Physical access to the facilities are controlled at building ingress points;
6.1.2. Visitors are required to present ID and are signed in;
6.1.3. Physical access to servers is managed by access control devices;
6.1.4. Physical access privileges are reviewed regularly;
6.1.5. Facilities utilize monitor and alarm response procedures;
6.1.6. Use of CCTV;
6.1.7. Fire detection and protection systems;
6.1.8. Power back-up and redundancy systems; and
6.1.9. Climate control systems.
7. Data Backups & Disaster Recovery.
Limble Solutions backs up personal data a minimum of hourly, these backups are automatically replicated to a geographically separate data center inside the same country the data originated, where possible. Backups are replicated at least two different ways offsite to ensure delivery and integrity of the backup. Backups are tested daily by automated processes and the Limble Solutions DevOps team is notified if tests fail to restore personal data. Limble maintains an expected RTO of 24 hours and a RPO of 3 hours. Limble Solutions maintains a disaster recovery plan that is tested yearly for validity, any issues found in the disaster recovery plan are addressed immediately and documented.