Legal
Red Hat Online Services Agreement
Last Updated October 3, 2023
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING RED HAT® SOFTWARE OR SERVICES. IN ORDER TO USE RED HAT SOFTWARE OR SERVICES, YOU MUST ACCEPT THE TERMS OF THIS AGREEMENT. BY USING RED HAT SOFTWARE OR SERVICES, YOU AGREE THAT YOUR USE IS GOVERNED BY THIS AGREEMENT. IF YOU ARE AN INDIVIDUAL ACTING ON BEHALF OF AN ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF THAT ENTITY. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, THEN YOU MUST NOT USE RED HAT SOFTWARE OR SERVICES. YOU CONFIRM THAT YOU ARE AT LEAST 18 YEARS OLD OR THE AGE OF MAJORITY IN YOUR JURISDICTION. RED HAT MAY MODIFY THIS AGREEMENT FROM TIME TO TIME; PLEASE SEE SECTION 5 FOR DETAILS.
1. Framework. This Red Hat Online Services Agreement, which includes Appendix A, Appendix B and other documents incorporated by reference, (the "Agreement") is between Red Hat, Inc. and its applicable affiliates ("Red Hat") and the user of Red Hat software or services who accepts the terms of this Agreement ("You"). This Agreement is effective ("Effective Date") on the earlier of the date that You accept this Agreement or the date that You first use Red Hat Software or Services (defined below). This Agreement establishes a framework that will enable You to receive the services from Red Hat identified in Appendix A (the "Services"), which may include access to software and related materials (the "Software") and may require the payment of Fees (defined below). Appendix A sets forth additional terms applicable to specific Services and Software. As further described below, You agree to comply with the Red Hat Acceptable Use Policy, which is incorporated into this Agreement, the most recent version of which can be reviewed at https://www.openshift.com/legal/acceptable-use/ (the "Acceptable Use Policy"). As further described in Section 4.1 below, to the extent Red Hat processes Personal Data (as such term is defined in the Data Processing Addendum) disclosed to it by You as part of Your Content, the Data Processing Addendum shall apply to the parties. The Data Processing Addendum is attached hereto as Appendix B. Please read Appendix A, Appendix B and the Red Hat Acceptable Use Policy which describe terms that govern Your use of Services.
2. General Conditions of Use
2.1 Your Account. In order to access the Services, You will be required to create an account ("Your Account"). You may create only one account per email address and You must verify that the email address used in connection with Your Account is valid and will remain valid during the term of this Agreement. Your user name must be consistent with the Acceptable Use Policy and must not impersonate someone else or cause confusion as to source, affiliation or endorsement. You may not (or permit third parties to) create multiple accounts or otherwise access the Services in a manner that is intended to avoid Fees or to circumvent maximum capacity thresholds for the Services. You must maintain the confidentiality of Your password and Your Account information and are solely responsible for all activities and/or actions that occur with respect to Your Account whether by You or a third party user ("Your User").
2.2 Your Use. You agree to use the Services in accordance with, and comply with, all applicable laws and regulations and this Agreement, including but not limited to the Acceptable Use Policy and will not induce or solicit Your Users or other third parties to commit unlawful acts or to obtain unauthorized access to the Services. You agree not to interfere with Red Hat's ability to provide any of the Services to any other user or with another user's ability to receive the Services. You are solely responsible for determining the suitability of the Services for Your use in light of any applicable laws and/or regulations such as data protection and privacy laws and regulations. Red Hat makes no representations or warranties regarding the suitability of the Services for use by You, or the Services' compliance with the requirements of any applicable laws, regulations or industry standards.
2.3 Third Party Use. If You provide Your Users with access to Content (defined below) and/or the Services, You are responsible for any third party that You enable or authorize to have access to the Services and You will be deemed to have taken any action that You permit, facilitate or assist Your Users in taking relating to this Agreement, Content or use of the Services. You must ensure that Your Users comply with the terms of this Agreement, including the Acceptable Use Policy, and You agree that if You become aware of any violation by one of Your Users, You will terminate that User's access immediately. You will also implement an acceptable use policy that is consistent with the Red Hat Acceptable Use Policy.
2.4 Failure to Comply; Suspension. You will immediately notify Red Hat if You suspect someone has breached this Agreement, the Acceptable Use Policy, or has obtained unauthorized access to Your Account, the Content (defined below) and/or the Services. If Red Hat has reason to believe that You or Your Users have breached this Agreement or the Acceptable Use Policy, Red Hat or its designated agent may inspect Your use of the Services, including Your Account, Content and records, to verify Your compliance with this Agreement. You will not interfere with our monitoring and will provide Content or other information regarding Your Account as may be reasonably requested by Red Hat to ensure Your use complies with this Agreement. Red Hat reserves the right (but has no obligation) to suspend or terminate Your access to the Services or disable Your or Your Users' Content if Red Hat, in its sole discretion, believes You have breached the terms of the Agreement, any policy to which we refer in this Agreement or have violated any applicable law. Red Hat shall have no liability with respect to such suspension or termination and You will continue to incur applicable Fees for the Services during any suspension.
2.5 Third Party Services. There may be third party software and/or services made available to You by Red Hat or third parties on or in connection with the Red Hat Online Services, any Red Hat marketplace or otherwise in connection with Your use of the Services ("Third Party Service(s)"). Red Hat provides no warranty, does not necessarily support and has not necessarily confirmed the validity, functionality or screened the content of such Third Party Services and any use is at Your own risk. Availability of such Third Party Services does not constitute an endorsement by Red Hat and availability of the Third Party Services does not necessarily mean that the Third Party Services will interoperate with any Red Hat Services, regardless of whether the Third Party Services are described as Red Hat "certified". The terms that apply to any Content you provide to the Third Party Service are solely between you and the Third Party Service and Your use of the Third Party Services is subject to the Third Party Service's policies. Any Third Party Service You receive is governed by the terms provided by such third party and you agree to abide by those terms and conditions. Red Hat and its licensors and vendors have no obligations and/or liability with respect to such third party or the Third Party Services. If You have agreed to receive the Third Party Services, You authorize Red Hat to grant the provider of such Third Party Services with access to Your Content and/or Your Account to the extent required to provide the Third Party Services or for interoperability with the Third Party Services. Third Party Services may be removed from or no longer available through the Services at any time.
3. Content and Data
3.1 Content. "Content" means any content or data, including but not limited to applications whether developed in connection with the Services or otherwise, software code, documentation, materials, information, text files, images and/or trademarks associated with Your Account or use of the Services and not provided by Red Hat. You are solely responsible for the use and deployment of Content in connection with the Services and in compliance with this Agreement and the Acceptable Use Policy. You represent and warrant that (a) You own all rights in, or have received a valid license or permission to use, Content, with rights, permissions or licenses sufficient to enable any activities in connection with the Services and (b) the use of Content by You, Your Users and/or Red Hat and its affiliates, vendors or subcontractors does not misappropriate or infringe, directly or indirectly, the intellectual property rights or any other rights of any third party, and that such use is lawful. You are prohibited from using the Services to store, create or deploy Content that is regulated under the International Traffic in Arms Regulations (ITAR). With regard to Content, You are solely responsible for compliance with the Acceptable Use Policy, this Agreement and all applicable laws and agree to remove immediately any Content that violates the Acceptable Use Policy, this Agreement or any applicable law. You are responsible for maintaining licenses and adhering to all license terms applicable to any Content used by You, Your Users, or Red Hat. Red Hat shall not be responsible under any circumstances for any claims, damages or other actions relating to Content, or Your or Your User's actions while using the Services.
3.2 Notices Regarding Content. You must immediately respond to any notice You receive claiming that Content violates a third party's rights, including without limitation notices under the Digital Millennium Copyright Act, and take corrective action, which may include but is not limited to promptly removing any such Content. You agree to implement a policy to respond to any and all such requests that You may receive regarding Your Users' Content.
3.3 Your Comments and Feedback. While using the Services, You may provide comments or feedback on the Services ("Feedback"). You understand and agree that Red Hat may use any such Feedback for any purpose, including implementing the Feedback in future versions of the Services, Software and/or other offerings without attribution or compensation and You grant Red Hat a perpetual and irrevocable license to use all Your Feedback for any purpose. You represent and warrant that Your Feedback will not include any of Your proprietary or confidential information or of any third party and that You have full authority to grant the foregoing license.
3.4 Your License Grant to Red Hat. You grant to Red Hat, and any third party service provider on whose services Red Hat may depend to provide the Services, a perpetual, worldwide, non-exclusive, non-transferable, royalty-free license to make, use, reproduce, prepare derivative works from, distribute, sell, offer to sell, import, perform and display Content for the purpose of providing the Services to You. Red Hat does not expect to access your Content or provide it to third parties except (a) as may be necessary to deliver, support or enhance the Services provided to you, (b) to investigate potential breaches of your agreements with Red Hat or to establish Red Hat's legal rights or defend against legal claims, (c) to detect, prevent or address fraud, technology or security issues, (d) to protect against harm to the rights, property or safety of Red Hat, its users or the public, or (e) as required by law or regulation (such as responding to a subpoena, warrant, audit or agency action). Red Hat may collect and use for any purpose aggregate anonymous data about your use of the Services. Except as set forth in this section, Red Hat obtains no rights in Content under this Agreement.
3.5 Backing up Content. You are solely responsible for backing up Content and otherwise using measures, as You deem necessary, to ensure that Content is not lost. You may lose any of the Content for which You do not maintain a copy outside of the Services. Red Hat and/or any of its vendors are not responsible to You, Your Users or any third party if Content is lost or deleted.
4. Data Privacy and Security
4.1 Data Processing and Transfer. To the extent Red Hat processes Personal Data (as such term is defined in the Data Processing Addendum) disclosed to it by You as part of Your Content, the Data Processing Addendum set forth in Appendix B shall apply to the parties. You acknowledge and agree that to provide the Services it may be necessary for Content or other information to be transferred between Red Hat, its affiliates, vendors and/or subcontractors, which may be located worldwide. You agree that Red Hat, its affiliates and/or subcontractors are acting as data processors or subprocessors on Your behalf, and You appoint us to process Your Content in order to provide the Services to You. Prior to providing us with any Content (including any Personal Data), You will provide any required disclosures to Your Users and obtain any necessary consent from Your Users whose Personal Data or other Content You will be transferring to Red Hat, its affiliates, vendors and/or subcontractors and hosting in Services.
4.2 Privacy Policy. If You provide Your Users with access to an application You create in connection with the Services, You agree to protect the privacy of Your Users' data, including without limitation implementing and maintaining a privacy policy that complies with applicable law and notifying Your Users that their data will be stored on facilities accessible to Red Hat, its affiliates, vendors and subcontractors.
4.3 Data Security. You agree to use reasonable security precautions in light of Your use of the Services, including without limitation, where appropriate, encrypting any Content (including Personal Data) transmitted to and from, and while stored on, the Services. In addition, except as expressly set forth in Appendix B and where Appendix B applies, You acknowledge that you are solely responsible for taking steps to maintain appropriate security, protection and backup of Content. Red Hat makes no representation regarding the security of the Services or Your Content. In the event of unauthorized access to Content, You are responsible for complying with any applicable laws and regulations, including, for example, those that require notification of individuals whose personal data may have been compromised. If any Content could subject Red Hat to governmental regulation or special industry standards (e.g., credit card data) or may require security measures beyond those specified by Red Hat for the Services, You will not input, provide, or allow such Content unless Red Hat has otherwise first agreed in a separate written and signed document to implement additional security and other measures. You acknowledge and agree that Red Hat is not acting as a "Business Associate" as that term is defined in the Health Insurance Portability and Accountability Act ("HIPAA") found at 45 CFR §160.103.
4.4 Legal Process. Red Hat may provide information, including Content and information concerning Your Account, as required by law (such as responding to a subpoena, warrant, audit, or agency action, or to prevent fraud) or to establish or exercise its legal rights or to defend against legal claims. Red Hat shall not be liable for any use or disclosure of such information to such third parties.
5. Changes and Updates to Terms. Red Hat may modify this Agreement (including Appendix A, Appendix B, and the Acceptable Use Policy) at any time by posting a revised version at https://www.openshift.com/legal/terms/, by otherwise notifying You in accordance with Section 18 below, and/or by requiring You to accept the new revised terms. The modified terms will become effective (i) upon posting, (ii) if we notify You by email, as stated in the email message, or (iii) otherwise upon Your acceptance. By continuing to use the Services after the effective date of any modifications to this Agreement, You agree to be bound by the modified terms. It is Your responsibility to review this Agreement, the Appendices and the Acceptable Use Policy to be aware of the most recent terms. Red Hat last modified this Agreement on the date listed at the bottom of this Agreement.
6. Changes to the Services and Service Levels
6.1 Changes. Red Hat intends to periodically update, improve and/or discontinue certain functionality associated with the Services and Your user experience. As a result, the Services may be substantially modified. Red Hat reserves the right at any time to change and/or discontinue any or all of the Services (including the underlying platforms and application programming interfaces ("APIs") and/or application binary interfaces ("ABIs") which may inhibit Your ability to use existing applications. Red Hat will use reasonable efforts to provide notice of material changes to the Services on the applicable Services website.
6.2 Service Levels. The Services are generally provided through internet connectivity and third party vendors that Red Hat does not control and may be subject to delays, outages or other problems; Red Hat is not responsible for any such delays or outages. More broadly, Red Hat makes no service level-related representations, warranties, or covenants regarding Service uptime, connectivity, hosting conditions, load balancing, security, monitoring, backup, archiving, recovery, release management, change control, maintenance, availability, and the like, and will offer no Services credits for service levels You deem inadequate.
7. Fees and Payment
7.1 Fees. Certain Services may be offered at no charge ("Promotional Services"). For Services offered for a fee ("Fee"), You agree to pay Red Hat any applicable Fees to receive the Services and for all usage by You or Your Users. Certain Paid Services are sold in the form of access to Services for a defined period of time ("Subscription(s)"). Red Hat reserves the right to modify any Fees by providing You with thirty (30) days prior notice. All Fees are nonrefundable. You may be charged interest at the rate of 1.5% per month (or the highest rate permitted by law, if less) on all late payments.
7.2. Business Partners. Red Hat has entered into agreements with certain authorized third parties ("Business Partners") to promote, market and support the Services. If you purchase Services through a Business Partner, Red Hat confirms that it is responsible for providing the Software and Services to You under the terms of this Agreement. Red Hat is not responsible for (a) the actions of Business Partners, (b) any additional obligations Business Partners have to You, or (c) any products or services that Business Partners supply to You under any separate agreements between You and the Business Partner. You acknowledge and agree that Business Partners and Red Hat may share information about You, Your Users or use of the Services. If you are purchasing Services from a Business Partner the terms included in Sections 7.3 and 7.4 below do not apply.
7.3 Credit Card Processing. For any Services purchased through a Red Hat Online portal, You must first provide Red Hat with a valid and authorized credit card number and associated charge information prior to receiving Services and You (a) authorize Red Hat to charge Your credit card for any Fees, and for the amount due at the time of renewal of the Services, and (b) if needed, agree to provide updated credit card information to Red Hat for subsequent Fees due. In order to provide the Services, Red Hat may be required to share Your information, including credit card and other financial information, with third parties solely for the purpose of processing payment and/or providing the Services.
7.4 Order Form. If You are purchasing the Services from Red Hat other than through the Red Hat Online portal, the following terms will apply. Fees will be identified in an ordering document ("Order Form") and are (a) due upon Red Hat's acceptance of an Order Form or, for renewal of Services, at the start of the renewal term, and (b) payable in accordance with this section. If credit terms are provided to You, Red Hat will invoice You for the Fees upon Red Hat's acceptance of the applicable Order Form and upon acceptance of any future order. Unless otherwise specified in an Order Form and subject to Red Hat's approval of credit terms, You will pay Fees, no later than thirty (30) days from the date of each invoice. Red Hat reserves the right to suspend or cancel performance of all or part of the Services and/or change its credit terms if actual payment has not been received within thirty (30) days of the invoice date.
7.5 Taxes. All Fees are exclusive of Taxes. You will pay Red Hat an amount equal to any Taxes arising from or relating to this Agreement which are paid by or are payable by Red Hat. "Taxes" means any form of sales, use, value added or other form of taxation and any fines, penalties, surcharges or interest, but excluding any taxes based solely on the net income of Red Hat. If You are required to withhold or deduct any portion of the payments due to Red Hat, You will increase the sum payable to Red Hat by the amount necessary so that Red Hat receives an amount equal to the sum it would have received had You made no withholdings or deductions.
7.6 Future Availability. You acknowledge that Your purchase of the Services is not contingent on the future availability of any new features or functionality.
7.7 Promotions. From time to time, Red Hat may offer you certain promotional pricing or programs, including but not limited to developer previews or betas, during a specific term ("Promotional Period"). Your use of the Services during any such Promotional Period will be limited to the term of the Promotional Period and subject to the terms and conditions of this Agreement as well as any additional restrictions that Red Hat may provide in connection with the Promotional Period such as usage limitations, quotas, term limits and limited or no support.
8. Intellectual Property
8.1 Trademarks. The Red Hat and third party trademarks, logos, trade names and service marks ("Marks") displayed as part of the Services(s) are the property of Red Hat or other third parties. You are not permitted to use these Marks without the prior written consent of Red Hat or the third party trademark owner. This Agreement does not constitute such consent. Please consult with and abide by the Red Hat Trademark Guidelines and Policies at https://www.redhat.com/en/about/trademark-guidelines-and-policies, which govern any permitted use of Red Hat Marks.
8.2 Rights in Services. You agree that Red Hat and its licensors own all legal rights and interests, including intellectual property rights, in the Services. As part of the Services, You may receive access to certain Software. Your use of the Software is subject to the applicable license(s) set forth in Appendix A. Red Hat grants to You the right to access and use the Services as contemplated under this Agreement during the Services term and subject to Your compliance with this Agreement. You only acquire the right to use the Services and do not acquire any rights of ownership in the Services. You may use any documented APIs disclosed in the documentation for the Services solely for the purpose of integrating Content with the Services and for no other purpose; You may not use any such APIs to create products or services that compete with any of the Services, including the Software. You shall not (i) sublicense, sell, rent, distribute, assign or otherwise transfer the Services; (ii) reverse engineer, decompile or disassemble the Services except to the extent such conduct is permitted under applicable law notwithstanding this restriction; (iii) remove or modify any of the copyright, trademark or other proprietary notices contained in the Services; (iv) modify or create derivative works of the Services, (v) copy the Services, other than as may otherwise be permitted pursuant to an applicable Software license or (vi) use the Services to create products or services that compete with any of the Services. Red Hat reserves all rights to the Services not expressly granted herein. To the extent there is any conflict between this section and Appendix A, Appendix A will control. The licenses granted to You by Red Hat are conditioned on Your continued compliance with the terms of this Agreement, and will immediately and automatically terminate if You do not comply with any term or condition of this Agreement.
8.3 Open Source Assurance. The Services and Software are not provided with any protection or other coverage under Red Hat's Open Source Assurance Program.
9. Continuing Business. Nothing in this Agreement will preclude or limit Red Hat from providing software, materials or services for itself or other clients, irrespective of the possible similarity of such software, materials or services to those that might be delivered to You.
10. Linking. The Services may contain links to external sources, websites or content that are not owned, created or managed by Red Hat. Red Hat does not have control over such sites or content and has not reviewed them. The inclusion of any link to a website does not imply endorsement by Red Hat of the website or their sponsoring entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to Your use of (or reliance on) the external site or content.
11. Limited Liability and Disclaimer of Damages. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS AGREEMENT, IN NO EVENT WILL RED HAT, ITS AFFILIATES, OR THEIR LICENSORS OR VENDORS BE LIABLE TO YOU OR YOUR AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, OR DATA), EVEN IF SUCH ENTITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER, NEITHER RED HAT, ITS AFFILIATES NOR THEIR LICENSORS OR VENDORS WILL BE RESPONSIBLE FOR ANY COMPENSATION, REIMBURSEMENT, OR DAMAGES ARISING OUT OF OR IN CONNECTION WITH: (A) YOUR INABILITY TO USE THE SERVICES, INCLUDING AS A RESULT OF (I) ANY TERMINATION OR SUSPENSION OF THIS AGREEMENT OR YOUR USE OF OR ACCESS TO THE SERVICE OFFERINGS, (II) OUR DISCONTINUATION OF ANY OR ALL OF THE SERVICE OFFERINGS OR (III) ANY UNANTICIPATED OR UNSCHEDULED DOWNTIME OF ALL OR A PORTION OF THE SERVICES FOR ANY REASON, INCLUDING AS A RESULT OF POWER OUTAGES, SYSTEM FAILURES OR OTHER INTERRUPTIONS; (B) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; (C) ANY INVESTMENTS, EXPENDITURES, OR COMMITMENTS BY YOU IN CONNECTION WITH THIS AGREEMENT OR YOUR USE OF OR ACCESS TO THE SERVICE OFFERINGS; OR (D) ANY UNAUTHORIZED ACCESS TO, ALTERATION OF, OR THE DELETION, DESTRUCTION, DAMAGE, LOSS OR FAILURE TO STORE ANY OF YOUR CONTENT OR OTHER DATA.
FOR ALL EVENTS AND CIRCUMSTANCES, RED HAT, ITS AFFILIATES' AND THEIR LICENSORS' AND VENDORS' AGGREGATE AND CUMULATIVE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT, INCLUDING WITHOUT LIMITATION ON ACCOUNT OF PERFORMANCE OR NON-PERFORMANCE OF OBLIGATIONS, REGARDLESS OF THE FORM OF THE CAUSE OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE), STATUTE OR OTHERWISE WILL BE LIMITED TO DIRECT DAMAGES AND WILL NOT EXCEED THE AMOUNTS RECEIVED BY RED HAT DURING TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO LIABILITY, WITH RESPECT TO THE PARTICULAR ITEMS (WHETHER SOFTWARE, SERVICES OR OTHERWISE) GIVING RISE TO LIABILITY.
LIABILITY FOR THESE DAMAGES DESCRIBED IN THIS SECTION 11 WILL BE LIMITED OR EXCLUDED (AS THE CASE MAY BE) EVEN IF ANY EXCLUSIVE REMEDY PROVIDED FOR IN THIS AGREEMENT FAILS ITS ESSENTIAL PURPOSE. TO THE EXTENT THAT LIABILITY FOR CERTAIN DAMAGES MAY NOT BE LAWFULLY EXCLUDED OR LIMITED AS PROVIDED ABOVE, THE TERMS OF THIS SECTION 11 WILL BE ENFORCED TO THE EXTENT PERMITTED BY APPLICABLE LAW.
12. No Warranties. You understand and agree that the Software and Services may contain bugs, errors and/or inadequacies. FOR ALL CIRCUMSTANCES AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES AND SOFTWARE OF RED HAT, ITS AFFILIATES AND THEIR LICENSORS AND VENDORS AND ANY THIRD PARTY SERVICES ARE PROVIDED "AS IS", "AS AVAILABLE" AND WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. NEITHER RED HAT NOR ITS AFFILIATES, LICENSORS OR VENDORS MAKES ANY GUARANTEE OR WARRANTY THAT THE USE OF SOFTWARE, SERVICES AND/OR ANY THIRD PARTY SERVICES WILL BE SECURE, UNINTERRUPTED, COMPLY WITH REGULATORY REQUIREMENTS, BE ERROR FREE OR THAT RED HAT WILL CORRECT ALL SOFTWARE AND/OR SERVICE ERRORS. Without limiting the generality of the foregoing disclaimer, the Services are not specifically designed, manufactured or intended for use in (a) the planning, construction, maintenance, control, or direct operation of nuclear facilities, (b) aircraft navigation, control or communication systems, weapons systems, or (c) direct life support systems. You agree that You are solely responsible for the results obtained from the use of the Services.
13. Indemnification. You agree to indemnify and hold harmless Red Hat, its affiliates and their licensors and vendors, and each of their respective employees, officers, directors, and representatives from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees and associated litigation expenses) arising out of or relating to: (a) Your use and/or Your Users' use of the Services and Software; (b) Your breach of this Agreement or the Acceptable Use Policy, or violation of applicable law by You and/or Your Users; (c) Content or the combination of Content with other applications, content or processes, (d) any claim or allegation that Content infringes or misappropriates the intellectual property or any other rights of any third party; (e) Red Hat's response to any third party subpoena, warrant, audit, agency action or other legal order or process concerning Content, Your Account and/or use by You and/or Your Users of the Services and Software or (f) any dispute between You and a Third Party Service or You and Your User. Red Hat will provide You with written notice of any claim, suit or action, but its failure to do so does not relieve Your of Your obligations under this section.
14. Export Control. Red Hat may supply You with software, services and/or technical data that are subject to export control restrictions under the laws of the United States or other countries (the "Export Control Laws"). You agree to comply with all applicable Export Control Laws in connection with Your use of the Services, Your Content and Your Users and agree not to use the Services or Software if You or Your Users are barred from receiving them under any of the Export Control Laws (for example, if You or they are located in a jurisdiction that is subject to United States sanctions regulations, which currently includes Cuba, Iran, North Korea, Sudan and Syria and which are subject to change as posted by the United States government). Red Hat will not be responsible for Your compliance with the Export Control Laws. If (a) You breach this section, the export control provisions of a Software license agreement or any provision referencing these sections or (b) it would be a violation of any of the Export Control Laws for Red Hat to provide You with access to any of the Services, Red Hat may terminate this Agreement immediately without liability to You. You agree that You will not use the Services in connection with any nuclear, chemical or biological weapons or missile technology, unless authorized by the relevant government agency by regulation or specific license.
15. Confidentiality
15.1 Obligations. Both parties agree that (i) Confidential Information will be used only in accordance with the terms and conditions of this Agreement; (ii) each will use the same degree of care it utilizes to protect its own confidential information, but in no event less than reasonable care; and (iii) the Confidential Information may be disclosed only to employees, agents and contractors with a need to know, and to its auditors and legal counsel, in each case, who are under a written obligation to keep such information confidential using standards of confidentiality not less restrictive than those required by this Agreement. Both parties agree that obligations of confidentiality will exist for a period of two (2) years following initial disclosure of the particular Confidential Information. "Confidential Information" means all information disclosed by either Red Hat or You ("Disclosing Party") to the other party ("Recipient") during the term of this Agreement that is either (i) marked confidential or (ii) disclosed orally and described as confidential at the time of disclosure and subsequently set forth in writing, marked confidential, and sent to the Recipient within thirty (30) days following the oral disclosure.
15.2 Exclusions. Confidential Information will not include information which: (i) is or later becomes publicly available without breach of this Agreement, or is disclosed by the Disclosing Party without obligation of confidentiality; (ii) is known to the Recipient at the time of disclosure by the Disclosing Party; (iii) is independently developed by the Recipient without use of the Confidential Information; (iv) becomes lawfully known or available to the Recipient without restriction from a source having the lawful right to disclose the information; (v) is generally known or easily ascertainable by parties of ordinary skill in the business of the Recipient; or (vi) is software code in either object code or source code form that is licensed under an open source license. The Recipient will not be prohibited from complying with disclosure mandated by applicable law if, where reasonably practicable and without breaching any legal or regulatory requirement, it gives the Disclosing Party advance notice of the disclosure requirement.
16. Term and Termination
16.1 Agreement Term. The Agreement will commence on the Effective Date and continue in effect until terminated as set forth below.
16.2 Renewal of Services. The Services shall continue to renew for additional terms for so long as You are current in Your payment of all applicable Fees and not in breach of this Agreement, unless you provide notice of non-renewal at least two (2) business days prior to the end of the then current term. Subscriptions will renew at the same price for the applicable Subscription term. If You terminate the Services You are responsible for: (1) removing any Content from Your Account and (2) following any additional steps provided to You in connection with the termination. You will continue to incur Fees until you successfully complete the actions described above.
16.3 Termination of the Services. You may stop using the Services or may terminate Your Account at any time, subject to the terms below. Red Hat may discontinue Promotional Services at any time upon notice to You. All Fees are non-refundable even if You terminate the Services prior to the end of the month and you will be responsible for any Fees incurred prior to termination. Red Hat may, at its discretion terminate Your Account and remove Your Content if Your Account has been inactive for more than fifteen (15) days.
16.4 Termination of the Agreement. Red Hat may terminate the Agreement in its sole discretion on thirty (30) days prior notice; provided that if You have pre-paid for Services beyond such thirty (30) day period, Red Hat may provide You either, at its sole discretion, a pro rata refund of pre-paid Fees or the ability to continue to use the Services for such pre-paid period. Either Party may terminate the Agreement for material breach by the other Party of this Agreement if the breach is not remedied within twenty (20) days of receiving notice of such breach. Without limiting other rights that Red Hat may have, Red Hat may suspend or terminate Your Services, and Your Account or disable Your or Your User's Content immediately if Red Hat reasonably believes You have breached this Agreement, the Acceptable Use Policy or applicable law.
16.5 Effect of Termination. Upon termination of the Agreement, You will be required to pay any outstanding Fees that are due, all rights under this Agreement will cease and You may no longer use the Services. Following termination of Your Account, You will no longer have access to the Services, or any Content stored in connection with the Services. You are responsible for ensuring that You have additional copies of any Content. The following sections of this Agreement will survive such termination or expiration: Sections 2.5, 3.4, 4.4, 8 and 11-21 and any post-termination requirements set forth in Appendix A.
17. Governing Law/Consent to Jurisdiction. The validity, interpretation and enforcement of this Agreement will be governed by and construed in accordance with the laws of the United States and of the State of New York without giving effect to the conflicts of laws provisions thereof or the United Nations Convention on Contracts for the International Sale of Goods. All disputes arising out of or relating to this Agreement will be submitted to the exclusive jurisdiction of the state or federal courts of competent jurisdiction located in Raleigh, North Carolina, and each party irrevocably consents to such personal jurisdiction and waives all objections to this venue. In the event the Uniform Computer Information Transactions Act (UCITA) or any similar federal or state laws or regulations are enacted, it will not apply to this Agreement, and the governing law will remain as if such law or regulation had not been enacted.
18. Notices. Red Hat may provide a notice to You under this Agreement by: (i) posting the notice on the Services website; or (ii) sending a message to the email address associated with Your Account. Notices provided by posting on the Services website will be effective upon posting and notices provided by email will be effective when Red Hat sends the email. It is Your responsibility to keep Your email address current and to update Your profile with Red Hat if it changes. You will be deemed to have received any email sent to the email address associated with Your Account following transmission by Red Hat, whether or not You actually receive the email. To give notice to Red Hat under this Agreement, You must contact Red Hat either by (1) overnight courier to Red Hat, Inc., Attention: General Counsel, 100 East Davie Street, Raleigh, North Carolina 27601 or (2) email to: [email protected]. Red Hat may update its contact information by posting a notice on the Red Hat website. Notices provided by overnight courier or facsimile transmission will be effective one business day after they are sent. Notices must be in English.
19. Publicity and Benchmarking. You may not misrepresent Your relationship with Red Hat nor suggest or publish that Red Hat or any of its affiliates or licensors endorses, sponsors, contributes to or provides support for Content. You may not publish the results of any benchmarking studies that You conduct in connection with the Services or publish any press releases regarding Your use of the Services unless You obtain Red Hat's prior written approval.
20. Miscellaneous. This Agreement is binding on the parties to this Agreement, and nothing in this Agreement grants any other person or entity any right, benefit or remedy of any nature whatsoever. Nothing in this Agreement will be construed to create an employment or agency relationship between You and Red Hat (or any Red Hat personnel). All headings contained in this Agreement are inserted for identification and convenience and will not be deemed part of this Agreement for purposes of interpretation. If any provision of this Agreement is held invalid or unenforceable for any reason but would be valid and enforceable if appropriately modified, then such provision will apply with the modification necessary to make it valid and enforceable. If such provision cannot be so modified, the parties agree that such invalidity will not affect the validity of the remaining provisions of this Agreement. The delay or failure of either party to exercise any rights under this Agreement will not constitute or be deemed a waiver or forfeiture of such rights. No waiver will be valid unless in writing and signed by an authorized representative of the party against whom such waiver is sought to be enforced. This Agreement, including any policy referenced herein, represents the final, complete and exclusive statement of the agreement between the parties with respect to its subject matter, notwithstanding any prior written agreements or prior and contemporaneous oral agreements with respect to the subject matter of this Agreement. Neither party may assign this Agreement without the prior written consent of the other party; provided, however, that Red Hat may assign this Agreement without such consent to an affiliate or to any third party in connection with the sale of all or substantially all of its business or assets to which this Agreement relates. Red Hat and its affiliates will not be liable for any delay or failure to provide Services where the delay or failure results from any cause beyond its reasonable control, including acts of God, labor disputes or other industrial disturbances, systemic electrical, telecommunications, or other utility failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism, or war.
21. Waiver of Jury Trial. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, EACH PARTY WAIVES THE RIGHT TO TRIAL BY JURY IN ANY LEGAL PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE TRANSACTIONS CONTEMPLATED UNDER THIS AGREEMENT.
APPENDIX A
RED HAT ONLINE SERVICES
1. Purpose. This Appendix A is attached to and is incorporated into the Agreement. When a capitalized term is used in this Appendix without a definition, the term has the meaning defined in the Agreement. "Services" are (1) the OpenShift Online services; (2) the Red Hat OpenShift.io services, (3) Quay.io, (4) Red Hat 3scale.net Online, (5) the Add On Services and (6) Developer Sandbox for Red Hat OpenShift, and (7) Red Hat OpenShift Streams for Apache Kafka.
2. Domain Names. In order to utilize some of the Services, You may be required to create a unique domain name. Your choice of name must be in conformance with the Acceptable Use Policy. Red Hat may, in its sole discretion, reject any domain name request submitted by You at any time, including after public use. Red Hat reserves the right to deactivate any domain name and require that You use a different domain name if Red Hat receives a notice by a third party that the domain name misappropriates or infringes a third party's rights or if the domain name violates the terms of this Agreement, the Acceptable Use Policy or applicable law.
3. Technical Support. The Services are provided for Your use and evaluation without any technical support and may include beta or developer preview services. You may be able to submit questions or report bugs, but You should have no expectation that questions will be answered or that problems will be resolved.
For some Services Red Hat may offer certain technical support to You for an additional fee ("Technical Support"). You are responsible for providing all technical support to Your Users, unless Your User has a separate agreement with Red Hat under which Red Hat has agreed to provide technical support to them for this Service.
4. Fees. Certain Services may be offered as a Promotional Services at no cost, subject to certain usage thresholds and restrictions as set forth at https://www.openshift.com/legal/acceptable-use/. If You require Services in excess of the thresholds or if you want to receive technical support you must purchase the Services and pay the associated Fees. For details on the various Service offerings please refer to the following for OpenShift at https://www.openshift.com/products/pricing/ or https://access.redhat.com/support/offerings/openshift/sla; for Red Hat 3Scale.net Online at https://www.3scale.net/pricing; for Quay.io at https://quay.io/plans/ and for Developer Sandbox for Red Hat OpenShift at https://developers.redhat.com/developer-sandbox.
Add ons. You may also be offered certain Add-On Services which require an underlying Red Hat Online Subscription Service. Add ons may also be subject to their own limitations.
5. Capacity. Your use of the Services (including Add-On Services) will be limited to a certain amount of Units (including memory, storage, bandwidth, etc.) as set forth at the websites for the applicable Online Service listed in Section 4. The "Unit" is the measurement of usage upon which Fees are paid or capacity is limited. Red Hat may in its sole discretion increase or decrease the levels of the Services from time to time upon thirty (30) days prior notice to You.
6. License. You may receive certain Software to facilitate uploading and managing Content. The licensing terms applicable to the Software are located in or provided with the Software You receive and you agree to such terms.
7. 3scale.net Specific Terms. The following terms apply specifically with respect to 3scale.net.
Usage Conditions. API Calls generated in both production and non-production environments will count towards the number of API Calls. It is your responsibility to purchase Subscriptions in an amount that can reasonably accommodate traffic spikes consistent with the level of Subscriptions you have purchased. Without limiting the foregoing obligation, Red Hat reserves the right to suspend the Red Hat Online Services without notice if your API Call volumes exceed four times (4x) the per second limit. "Per second limit" means two times the maximum number of API Calls allowable per day in your contracted Subscription tier divided by the number of seconds in a day rounded up to the nearest whole number. For example, if your maximum API Calls per day is Three Million (3,000,000), the per second limit would be equal to Seventy (70). Red Hat reserves the right to suspend the Red Hat Online Subscriptions if your API call volumes exceed the maximum limits of Fifty Million (50,000,000) per day, Thirty Thousand (30,000) per minute or One Thousand (1,000) per second, unless otherwise agreed by the parties in writing. There is no limit on the number of environments and locations where you maybe deploy API management agents.
Utilization Policy. Red Hat evaluates quota compliance on a monthly basis. If your actual API calls exceed the Daily Limit for two or more days per month, you will either (a) reduce traffic consumption to return to compliance with the number of Units you purchased; or (b) purchase additional Subscription Services. Red Hat also reserves the right to evaluate your API Call volume on a per second limit basis (defined above) in a two week period ("Throughput"). For purposes of calculating Throughput, Red Hat will remove the top 5% peaks of your API Calls during that period. In other words, Throughput can exceed the amount of API Calls you have purchased 5% of the time in each of the 2 weeks. If your Throughput exceeds the rate you purchased more than 5% of the time during the month, you will either (a) reduce traffic consumption to return to compliance with the number of Units you purchased or (b) purchase additional Subscriptions.
Data Retention Policy. During your use of 3scale.net Services, Red Hat may calculate and optionally store statistics and/or logs of the your traffic that you report using the provided 3scale APIs. Red Hat may limit the period of storage of this statistical data depending on your contract type and makes no commitment with respect to free accounts and may remove stored statistical data at any time with no warning.
8. Red Hat OpenShift.io Add On and Developer Sandbox for Red Hat OpenShift. Your use of the Red Hat OpenShift.io Services or OpenShift Developer Sandbox will be limited by certain technical and bandwidth limitations and Red Hat reserves the right to restrict Your use if it exceeds the limitations. Usage of the Red Hat OpenShift.io Services or Developer Sandbox for Red Hat OpenShift is currently only available in a publicly available mode so you should be aware that usage of the Services by You may be monitored or viewed by the general public, including your user name and other identifying information. If you do not agree to that, do not use the service. If you are connecting to a third party code repository you are responsible for any authentication with that repository and for complying with any terms required by that service. Specifically for Developer Sandbox for Red Hat OpenShift, Red Hat may, at its discretion, access the cluster and any work done on it.
APPENDIX B
DATA PROCESSING ADDENDUM
This Data Processing Addendum ("Addendum") is by and between Red Hat Inc. ("Red Hat") and Client (defined below) and shall apply when Red Hat Processes Personal Data disclosed to it by Client as part of Your Content under the Red Hat Online Services Agreement (the "Agreement"). This Addendum is incorporated into the Agreement. This Addendum applies where and only to the extent that Red Hat is acting as a Processor or Subprocessor of Personal Data in the course of providing Online Services to Client (who is acting as a Controller or Processor on behalf of other Controllers) under the Agreement. This Addendum is intended to demonstrate the parties’ compliance with EEA Data Protection Law and with any other data protection laws identified at https://www.redhat.com/en/about/agreements/dpl (together “Data Protection Laws”).
1. Defined Terms. Any capitalized terms not defined herein shall have the meanings given in the Agreement. For purposes of this Addendum, words and phrases in this Addendum shall, to the greatest extent possible, have the meanings given to them in the applicable Data Protection Laws. In particular:
(a) “Client” means the customer entity that has executed the Agreement or “You” as such term is defined in the Agreement.
(b) “Controller” has the meaning given to it in the applicable Data Protection Laws.
(c) “Data Subject” has the meaning given to it in the applicable Data Protection Laws.
(d) “EEA Data Protection Law" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation” or "GDPR"), and laws implemented by EEA members, which contain derogations from, or exemptions or authorizations for the purposes of, the GDPR, or which are otherwise intended to supplement the GDPR or convert the GDPR into domestic law.
(e) “EU Standard Contractual Clauses” or “Clauses” means the standard contractual clauses, including Annexes I and II, for the transfer of personal data to third countries pursuant to the GDPR, with optional clauses applied (except for option 1 of Clause 9(a), the optional language in Clause 11(a), and option 2 of Clause 17), as officially published by the European Commission Implementing Decision 2021/914, dated 4 June 2021, and as updated or replaced by the European Commission from time to time.
(f) “Personal Data” has the meaning given to it in the applicable Data Protection Laws.
(g) “Process” or “Processing” has the meaning given to it in the applicable Data Protection Laws.
(h) “Processor” has the meaning given to it in the applicable Data Protection Laws.
(i) “Subprocessor” means any natural or legal person, public authority, agency or other body which processes personal data on behalf of a Processor (including any affiliate of the Processor).
2. Details of Processing. Red Hat shall undertake to implement appropriate technical and organizational measures in such a manner that its Processing of Personal Data will meet the requirements of the applicable Data Protection Laws and ensure the protection of the rights and freedoms of the Data Subjects. The context for the Processing of the Controller’s Personal Data by Red Hat is the performance of Red Hat’s obligations under the Agreement, and Red Hat will Process such Personal Data until the expiration or termination of the Agreement unless otherwise instructed in writing by Client. The types of Personal Data, the categories of Data Subjects and other details of the Processing activities are described in Annex I of this Appendix B.
3. Subprocessors. Client provides general authorisation to Red Hat to engage and use Subprocessors to fulfil its contractual obligations to Client under the Agreement or to provide certain Online Services on behalf of Red Hat, such as providing hosting and infrastructure services. Client consents to Red Hat’s use of Subprocessors for such purposes. A list of the current applicable Subprocessors is available on the Red Hat Customer Portal (https://red.ht/subprocessors) or on written request from Client. Red Hat will provide advance notice to Client of any addition or replacement of the Subprocessors by updating the Subprocessor list published on the Red Hat Customer Portal or as otherwise agreed upon by the parties in writing. Additionally, Client may subscribe on the Red Hat Customer Portal to an automatic notification of changes to the Subprocessor list. Within thirty (30) days after Red Hat’s notification of the intended change, Client can object to any new Subprocessor on the basis that such addition would cause Client to violate applicable legal requirements. If Client objects to Red Hat’s use of any new Subprocessor by giving written notice to Red Hat within thirty (30) days of being informed by Red Hat of the appointment of such new Subprocessor and Red Hat fails to provide a commercially reasonable alternative to avoid the Processing of Personal Data by such Subprocessor within thirty (30) days of Red Hat’s receipt of Client’s objection, Client may, as its sole and exclusive remedy, terminate any Online Services that cannot be provided by Red Hat without the use of the objected to new Subprocessor. If Client does not object within such period, the respective Subprocessor may be commissioned to Process Personal Data. Client agrees to treat the list of Subprocessors as Red Hat’s Confidential Information under the terms of the Agreement. Subprocessors are required to abide by the same level of data protection and security as Red Hat under this Addendum as applicable to their Processing of Personal Data and Red Hat will remain responsible to Client for any acts or omissions of any Subprocessor that cause Red Hat to breach any of Red Hat’s obligations under this Addendum. Red Hat will restrict the Subprocessors’ access to, and Processing of, Personal Data only to what is necessary to provide products or services to Client in accordance with the Agreement.
4. Processing Obligations. In accordance with Data Protection Laws:
(a) Red Hat shall only Process the Personal Data (i) as needed to provide the products or services to Client in accordance with the Agreement, (ii) in accordance with the specific instructions that it has received from Client, including with regard to any transfers, and (iii) as needed to comply with laws that Red Hat is subject to, and in such case, Red Hat will inform Client of that legal requirement before Processing unless the law prohibits such information on important grounds of public interest;
(b) Red Hat shall ensure that persons authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
(c) Red Hat shall implement the measures set forth in Annex II and as set forth in the Agreement to ensure a level of security appropriate to the risks that are presented by Red Hat’s Processing of Personal Data, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons;
(d) Taking into account the nature of the Processing, Red Hat shall assist Client by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Controller’s obligation to respond to requests for exercising Data Subjects’ rights;
(e) Taking into account the nature of Processing and the information available to Red Hat, Red Hat shall assist Client with Client’s compliance with its obligations regarding personal data breaches, data protection impact assessments, security of processing, and prior consultation, each as and to the extent required by applicable Data Protection Laws;
(f) Upon Client’s written request, Red Hat shall either delete or return to Client all of the Personal Data in Red Hat’s possession after the end of the provision of products or services relating to Processing, unless otherwise required by applicable laws. In such cases, Red Hat will ensure that Client Personal Data is only Processed as necessary to comply with applicable laws;
(g) Upon Client’s written request, Red Hat shall provide Client with a confidential summary report to verify the adequacy of its security measures and other information necessary to demonstrate Red Hat’s compliance with this Addendum. Only to the extent required by Data Protection Laws (and no more than once per year unless otherwise required by Data Protection Laws) allow for, and contribute to, audits, including inspections of Red Hat facilities Processing Client Personal Data, with reasonable advance written notice from Client and at a time mutually agreed upon by the parties, Such audits or inspections shall occur during normal business hours in a manner that causes minimal disruption to Red Hat’s business, and shall be conducted by Client or another auditor mandated by Client and agreed to by Red Hat, and at Client’s sole expense. Client agrees to treat such summary report and other information described in this subsection as Red Hat’s Confidential Information under the terms of the Agreement;
(h) Red Hat shall promptly inform Client if, in Red Hat’s opinion, an instruction by Client infringes Data Protection Laws; and
(i) Red Hat shall comply with all Data Protection Laws in respect of the Online Services applicable to Red Hat as Processor. Red Hat is not responsible for determining the requirements of laws or regulations applicable to Client’s business, or that a product or service meets the requirements of any such applicable laws or regulations. As between the parties, Client is responsible for the lawfulness of the Processing of the Client Personal Data and for taking appropriate steps in Client’s control to maintain appropriate security, protection and deletion of Client Personal Data. If Client is acting as a Processor, Client has obtained the authorisations required from the relevant Controller(s) and Client shall serve as the single point of contact for Red Hat. Client shall not use the Online Services in a manner that would violate applicable Data Protection Laws.
5. Transfers of Personal Data. In the case of a transfer of Client Personal Data to a country not providing an adequate level of protection pursuant to the applicable Data Protection Laws (“Non-Adequate Country”), the parties shall cooperate to ensure compliance with the applicable Data Protection Laws as set out in the following sections or in accordance with the applicable Data Protection Laws at https://www.redhat.com/en/about/agreements/dpl. If Client believes the measures set out below are not sufficient to satisfy the applicable legal requirements, Client shall notify Red Hat and the parties shall work together to find an alternative.
(a) Client agrees and will ensure that it is entitled to transfer Personal Data to Red Hat so that Red Hat may lawfully Process the Personal Data in accordance with the Agreement and this Addendum. Red Hat agrees that it will comply with applicable laws regarding transfers of Personal Data from the Client to Red Hat.
(b) By entering into this Addendum, Client and Red Hat are entering into the EU Standard Contractual Clauses, including Annexes I and II, if Client, Red Hat, or both are located in a Non-Adequate Country. If the EU Standard Contractual Clauses are not required because both parties are located in a country considered adequate by the applicable Data Protection Laws, but during the Agreement the country where Client or Red Hat is located becomes a Non-Adequate Country, then the EU Standard Contractual Clauses will apply to Personal Data that is transferred to such Non-Adequate Country.
(c) The parties acknowledge that the applicable module of the EU Standard Contractual Clauses will be determined by their role as Controller and/or Processor under the circumstances of each case and are responsible for determining the correct role undertaken in order to fulfil the appropriate obligations under the applicable module. When Client is acting as a Controller, module 2 (Controller-to-Processor) of the EU Standard Contractual Clauses will apply to the Personal Data transferred to any Non-Adequate Country, and when Client is acting as a Processor, module 3 (Processor-to-Processor) of the EU Standard Contractual Clauses will apply to the Personal Data transferred to any Non-Adequate Country.
(d) With regards to Clause 13 of the EU Standard Contractual Clauses and as set forth in Annex I.C below, the competent supervisory authority with responsibility for ensuring compliance with the GDPR as regards the Personal Data transferred under the EU Standard Contractual Clauses shall be the Data Protection Commission of Ireland. With regards to Clause 17 of the EU Standard Contractual Clauses, the parties agree that the EU Standard Contractual Clauses shall be governed by the laws of Ireland. With regards to Clause 18(b) of the EU Standard Contractual Clauses, the parties agree that the courts of Dublin, Ireland, shall resolve any dispute. Annex I and Annex II of the EU Standard Contractual Clauses shall be completed with the information set out in Annex I and II to this DPA.
(e) With regards to the use of Subprocessors, Clause 9.a, option 2 of the EU Standard Contractual Clauses shall apply, and Red Hat has Client’s general authorisation for the engagement of Subrocessors as described in more detail in Section 3 of this Addendum. Red Hat will enter into the EU Standard Contractual Clauses with each Subprocessor located in a Non-Adequate Country as listed in the respective Subprocessor list.
(f) In addition, Red Hat, Inc., and Red Hat Professional Consulting, Inc., are certified to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Frameworks and the commitments they entail, as detailed at http://www.dataprivacyframework.gov/s/. The Red Hat Data Privacy Framework Notice is available at https://www.redhat.com/en/about/dpf-notice.
6. Personal Data Breach. Red Hat will promptly investigate all allegations of unauthorized access to, or use or disclosure of the Personal Data. If Red Hat reasonably believes there has been a Personal Data breach, Red Hat will notify Client without undue delay, and provide sufficient information to allow Client to report the personal data breach or notify Data Subjects as required by applicable Data Protection Laws.
7. Records. Red Hat shall maintain all records required by applicable Data Protection Laws, and (to the extent they are applicable to Red Hat’s activities for Client) Red Hat shall make them available to Client upon its written request.
8. Third Party Requests. If any government or regulatory authority requests access to Personal Data concerning Your Content, unless prohibited by law, Red Hat will notify Client of such request to enable Client to take necessary actions to communicate directly with the relevant authority and respond to such request. If Red Hat is prohibited by law to notify Client of such request, it will use reasonable efforts to challenge the prohibition on notification and will provide the minimum amount of information permissible when responding, based on a reasonable interpretation of the request
9. Entire Agreement; Order of Precedence; No Conflict. Except as amended by this Addendum, the Agreement will remain in full force and effect. Client agrees that this Addendum, including any claims arising from them, are subject to the terms set forth in the Agreement, including the limitations of liability. If there is any conflict or inconsistency between the EU Standard Contractual Clauses, the Addendum and/or the remainder of the Agreement, then the following order of precedence will apply: the EU Standard Contractual Clauses (if applicable), the remainder of this Addendum and the remainder of the Agreement. Nothing in this Addendum is intended to modify or contradict the applicable terms in the Data Protection Laws or the EU Standard Contractual Clauses or prejudice the fundamental rights or freedoms of Data Subjects under Data Protection Laws.
ANNEX 1 TO APPENDIX B, DATA PROCESSING ADDENDUM
A. List of Parties
1. Data Exporter(s)
Name: The data exporter is Client.
Address: As set out in the Agreement.
Contact person’s name, position and contact details: As set out in the Agreement or as otherwise notified in writing to Red Hat by Client.
Activities relevant to the data transferred under these Clauses: As set out in the Agreement.
Signature and date: By entering into the Agreement, Client is entering into these Clauses and deemed to have signed this Annex I as follows: (i) on 27 September 2021, where the effective date of the Agreement is before 27 September 2021, or (ii) otherwise, on the effective date of the Agreement.
Role (controller/processor): Client is Controller or Processor or both. The role of Client as Controller, Processor, or both is determined by the circumstances of each case and Client is responsible for determining the correct role undertaken in order to fulfil the appropriate obligations under the applicable module.
2. Data Importer(s)
Name: The data importer is Red Hat acting as a Processor or Subprocessor, as applicable, if located in a Non-Adequate Country.
Address: As set out in the Agreement.
Contact person’s name, position and contact details: As set out in the Agreement.
Activities relevant to the data transferred under these Clauses: As set out in the Agreement.
Signature and date: By entering into the Agreement, Red Hat is entering into these Clauses in such cases where Red Hat is located in a Non-Adequate Country and deemed to have signed this Annex I as follows: (i) on 27 September 2021, where the effective date of the Agreement is before 27 September 2021, or (ii) otherwise, on the effective date of the Agreement.
Role (controller/processor): Red Hat as Processor. Note: For Module 4 (if there is a transfer Processor to Controller), the data exporter is Red Hat as Processor and the data importer is Client as Controller.
B. Description of Transfer
1. Categories of Data Subjects whose Personal Data is transferred
Data exporter may submit Personal Data to data importer the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of Data Subjects:
- Employees or contractors of data exporter
- Data exporter’s users authorized by data exporter to use the Online Services
- Employees or contact persons of data exporter’s customers, business partners and vendors
2. Categories of Personal Data transferred
Data exporter may submit Personal Data to Processor the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- First and last name
- Employment information (such as title, position, employer)
- Contact information (such as email, phone, physical address)
- IP address, online identifier or other ID data
3. Special or sensitive categories of Personal Data transferred
None
4. Frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis)
Personal Data is transferred in accordance with Client’s instructions and at Client’s determination, but it is generally on a continuous basis.
5. Nature of the Processing
The Personal Data transferred may be subject to the following Processing activities: collecting, monitoring, supporting, operations, storing, hosting, backup, development and the other services as set forth in the Agreement.
6. Purposes(s) of the data transfer and further processing
The transfer and Processing of Personal Data is made for the following purposes: To provide the Online Services and support as set forth in the Agreement.
7. Duration of Processing
The Processing of Personal Data will occur until the expiration or termination of the Agreement unless otherwise instructed in writing by the Client.
8. Transfers to Subprocessors
The subject matter, nature and duration of Processing are as set forth in the above sections.
C. Competent Supervisory Authority
The competent supervisory authority for Red Hat is the Data Protection Commission of Ireland in accordance with Clause 13 of the EU Standard Contractual Clauses.
D. Red Hat Privacy Contact
The Red Hat privacy contact can be contacted at [email protected].
ANNEX 2 TO APPENDIX B, DATA PROCESSING ADDENDUM
Technical and Organisational Security Measures
In connection with its provision of Online Services under the Agreement, Red Hat agrees that it shall take all reasonably necessary steps and security precautions in accordance with commercially reasonable industry standards to minimize the risk of unauthorized access to, or compromise of, Personal Data.
Red Hat will maintain and keep updated administrative, physical, and technical safeguards and procedures designed to protect the security, confidentiality and integrity of Personal Data while under Red Hat’s possession, custody or control that cover the areas below.
- Information Security Procedures. Maintain, update and monitor procedures designed to protect Red Hat’s information systems from loss, damage, unauthorized disclosure or disruption of business, which includes the physical and logical protection of information systems including Personal Data that is processed or transmitted.
- Organization of Information Security. Maintain an information security organization to coordinate the implementation of security for Red Hat.
- Asset Management. Maintain procedures to identify, control and maintain the security of Red Hat assets and Personal Data.
- Human Resources Security. Maintain procedures that determine whether Red Hat personnel are suitable for their roles, and provide appropriate training and information so that Red Hat u personnel understand their information security responsibilities in relation to Personal Data. Red Hat personnel with access to Personal Data are subject to Red Hat’s ethical business conduct, confidentiality, security and privacy policies as set forth in Red Hat’s Code of Business Conduct and Ethics.
- Physical and Environmental Security. Provide measures that protect Red Hat information systems that Process the Personal Data contained thereon with an appropriate level of physical security and suitable environmental controls for information and information systems, as well as the supporting infrastructure. Such measures include controls at the entrance of facilities managed by Red Hat (such as validation by human personnel or electronic access controls) and limiting physical access to Red Hat facilities to authorized persons as well as emergency response procedures in place at Red Hat facilities in case of a fire, flood or similar event.
- Access Control. Maintain procedures that restrict access to Red Hat information systems, including providing user identification and access and authentication controls, such as multi-factor authentication, and maintaining a password policy for Red Hat personnel that establishes standards for creating and protecting strong passwords.
- Information Security Incident Management. Maintain procedures that provide an incident response plan and program designed to allow for investigation, response and corrective actions of any security incident. Procedures shall include a means to notify data exporter promptly if any security incident is determined to have caused a Personal Data Breach.
- Product Security. Maintain a product security program responsible for monitoring and assessing vulnerabilities and threats that may impact Red Hat services.
- Network Security. Maintain appropriate antivirus and malware protection for Red Hat’s network and conduct periodic vulnerability (penetration) testing and assessments of Red Hat’s network. Red Hat encrypts, or enables the Client to encrypt, Personal Data that is not intended for public or unauthenticated viewing when transmitted to Red Hat over public networks.
- Business Continuity and IT Disaster Recovery. Maintain a Red Hat business continuity and IT disaster recovery program to oversee and implement policies and procedures designed to sustain Red Hat’s critical business operations in the event of major operational disruptions or natural disasters.
- Continued Review. Continue review of Red Hat’s information security safeguards and controls and implement additional or different measures when deemed appropriate. Red Hat reserves the right in its sole discretion to modify and update its IT and security controls so long as such modification or updates do not materially reduce the level of security to the Personal Data