Last updated on February 9, 2023
Celerium Inc. (“Celerium”) is the owner and provider of certain cyber defense solutions and also provides certain services related to those solutions. Celerium has agreed to collaborate with the National Association of Counties (“NACo”) to provide certain Celerium solutions under a pilot program as more specifically set forth below.
“Customer” means the entity participating in the pilot program and accepting these terms, as more specifically defined below.
Customer desires to participate in the pilot program and to obtain a license to access and use certain Celerium solutions and services for evaluation under the pilot, and Celerium desires to provide a license to its solutions and services to Customer for participation in the pilot program, all on the terms and conditions set forth below.
1.1 “Affiliate” means any entity that a party directly or indirectly controls (e.g., subsidiary) or is controlled by (e.g., parent), or with which it is under common control (e.g., sibling), where “control” means (i) ownership of 50 percent or more of the equity interest in an entity, (ii) the right to direct the vote of 50 percent or more of the voting interests of an entity, or (iii) the right generally to direct the activity and business of the entity.
1.2 “Authorized User(s)” means any employee or Contractor authorized by Customer to use the Solution solely on behalf of and for the benefit of Customer.
1.3 “Celerium Competitor” means a person or entity in the business of developing, providing, or commercializing cyber defense solutions or services substantially similar to or competitive with Celerium’s Solutions or Services.
1.4 “Celerium Data” means any summary insights or other reports generated or created by Celerium, which may be derived from data generated by the Solution and/or use of certain aggregated or anonymized Customer Data.
1.5 “Confidential Information” will have the meaning set forth in Section 10 (CONFIDENTIALITY).
1.6 “Contractor” means any individual or entity that: (i) has an agreement to provide services to Customer or an Affiliate; (ii) has access to and use of the Solutions under this Agreement for the sole purpose of providing the services to Customer solely on behalf of Customer’s internal use, and (iii) is under an agreement of confidentiality that covers Celerium’s Confidential Information. Contractors may not include any Celerium Competitor.
1.7 “Customer” means the entity accepting this Agreement and using the Celerium Solution under a free version pilot program pursuant to this Agreement. “Customer” also means any Customer Affiliate that accesses or uses any Solution or Services hereunder, or benefits from the Customer’s use of the Solution or Services.
1.8 “Customer Data” means metadata (e.g., IP addresses, and data relating to syslog, NetFlow, or Layer 3 data) collected by the Solution from Customer Firewall(s) and sent to Celerium Systems, and other data Customer may provide to Celerium for providing the Services (e.g., server identification), if any. Customer Data is considered Customer’s Confidential Information as defined in Section 10 (Confidentiality) and subject to the exclusions, exceptions and obligations set forth therein and this Exhibit A Data Security and Privacy Schedule.
1.9 “Data Sharing” means, collectively, the basic data sharing that is required in order to use the Solutions and any selected data sharing that Customer may choose, all in accordance with Section 3.4 (Data Usage and Sharing; Data Retention).
1.10 “Documentation” means the Celerium end-user documentation and other materials in any form or medium customarily provided by Celerium to end-users of the Solutions.
1.11 “Effective Date” shall be the date of the last signature, as set forth at the signature page of this Agreement.
1.12 “Firewall(s)” means the Customer firewall(s) from which the Solution is collecting Customer Data.
1.13 “Personal Data” will have the meaning set forth in Exhibit B.
1.14 “Services” means, collectively, technical support to assist Customer with the provisioning of the Solution, training, and other limited technical support services which may be ordinarily provided by Celerium with, and incidental to, the Solutions. “Services” do not include professional services or any other services requiring a proposal or statement of work.
1.15 “Solution(s)” means any Celerium cloud-based Solution(s) provided by Celerium to Customer, along with any available accompanying scripts (if any are provided), the Celerium Data, any Documentation, and any Updates thereto that Celerium may make available to Customer from time to time.
1.16 “Updates” means any update, bug fix, correction, patch, or other modification or addition made by Celerium to the Solution from time to time when commercially available.
2. PILOT PURPOSE; ACCESS AND USE RIGHTS; ADDITIONAL CUSTOMER OBLIGATIONS
2.1 Pilot Purpose. The purpose of the Pilot is to help county executives detect and contain data breaches faster than the current 277-day industry average by focusing on early detection and containment of compromise activity (“Purpose”). In order to effectuate the Purpose, Customer, as a NACo member, will participate in the Pilot program for the duration of the Pilot Term set forth below, in which Celerium will provide Customer access and use of certain Celerium cyber defense Solutions. In exchange, Customer will evaluate the Solutions and provide comments and Feedback (as defined below) to Celerium.
2.2 Access and Use Rights. Subject to the terms and conditions of this Agreement, Celerium hereby grants to Customer a limited, non-exclusive, non-transferable, non-sublicensable, non-assignable, and revocable license to access and use the Solutions and any applicable Documentation provided by Celerium solely for Customer’s use for the Purpose of the Pilot and as authorized by this Agreement. If Customer desires to use a Solution after the expiration or termination of the Pilot, it may do so by entering into an agreement with Celerium for a paid subscription, subject the terms and conditions thereof. Customer may access and use the Solution or Services for Customer’s and its Affiliates’ own cyber defense and information security purposes, as well as for Data Sharing in accordance with Section 3.3 below. Authorized use shall not include any access or use: (a) that benefits any person or entity other than Customer, its Affiliates, or those persons or entities benefitting as a result of Data Sharing as contemplated by this Agreement; (b) for the development of any product or service; or (c) for any use inconsistent with the terms and conditions of this Agreement. Access and use of the Solutions are limited to Authorized Users.
2.3 Solution Updates/Upgrades. During the Pilot Term Celerium may provide Updates to the Solutions when available, as well as version upgrades which may include major enhancements. Updates and version upgrades will be automatically included in the Solution and require no action on the part of Customer. During the Pilot, the Solutions provided by Celerium may consist of both production and/or pre-production versions or components being considered by Celerium (and which may later become separate solutions) for Customer’s evaluation and Feedback.
2.4 Restrictions on Use. Customer shall not (and shall not permit others to), without Celerium’s express prior written consent, which consent may be given or withheld in Celerium’s sole discretion: (i) employ or authorize any Celerium Competitor to use or view the Solutions or Documentation; (ii) allow third parties to access or use the Solutions, except for Customer Contractors or Affiliates as expressly provided under this Agreement; (iii) alter, publicly display, translate, adapt, create derivative works of, or otherwise modify the Solution or Documentation; (iv) sublicense or otherwise assign your rights to access and use the Solutions; (v) decompile, reverse engineer, disassemble or otherwise attempt to derive the source code (if any) for a Solution, circumvent its functions, or attempt to gain unauthorized access to a Solution or its related systems or networks; (vi) use the Solutions to provide services to third parties; (vii) remove or alter any proprietary right notice(s) as they appear on or in a Solution; (viii) conduct any stress tests, competitive benchmarking or analysis on, or publish any performance data of, a Solution (provided, that this does not prevent Customer from comparing the Solutions to other products). Some jurisdictions may offer a limited right to reverse engineer a product. To the extent such law may be applicable, neither Customer nor any of Customer’s agents may (i) do so in excess of what such law permits, (ii) use or export such reverse engineering results (a) outside of the jurisdiction to which such law applies, (b) for the benefit of any third party, or (c) for any commercial purpose.
2.5 Additional Customer Obligations. Customer shall not disclose or divulge to any third-party (except other Pilot participants), without Celerium’s prior written consent: (i) that Customer is participating in the Pilot; (ii) that it is evaluating the Solutions, Documentation, and/or Services; (iii) any results or Customer opinions from the Pilot or such evaluation; or (iv) the existence or content of any communications and reports prepared under this Agreement.
3. PILOT PACKAGE; USER ACCOUNTS; PROVISIONING; DATA USAGE; DATA SHARING
3.1 Pilot Package. The package offered to Customer for purposes of the Pilot is set forth at Exhibit A.
3.2 User Accounts. Use of the Solution requires the creation of a user account. Minimal Personal Data must be provided in order to create a user account (e.g., name, work email address, etc.). Only a single Authorized User assigned to a user account may access or use the Solutions. Customer is responsible for all acts and omissions occurring under Customer’s user accounts for the Solutions. Customer shall promptly notify Celerium if it learns of any unauthorized access or use of a Customer user account or password for a Solution.
3.3 Provisioning. Celerium will assist Customer in the provisioning of the Solution for the Pilot Package set forth at Exhibit A. Provisioning of the Solution does not require installation of any hardware, software, or code on Customer’s servers or workstations. Nor will Celerium have direct access to any content or Personal Data on Customer’s server or workstation. Celerium will have access only to the metadata (e.g., IP addresses, and data relating to syslog, NetFlow, or Layer 3 data) collected by the Solution from Customer’s Firewalls.
3.4 Data Usage and Sharing; Data Retention.
3.4.1 Required Basic Use and Data Sharing. Customer Data will be used and shared as follows: (i) as necessary to provide the Solutions and Services, including with Celerium’s cloud-based service provider where the Solutions are hosted (AWS Cloud); (ii) for sharing with the individual Customer; (iii) for providing a summary (anonymized) of information to the Pilot community of participating counties, (iv) to selected NACo organizations such as the NACo CTAC group; (v) to provide a summary report at the NACo annual meeting to participants, and following the conclusion of the pilot to the public, outlining at a high level (anonymized) some of the findings to date from the Pilot; (vi) for any selected data sharing chosen by Customer in accordance with Section 3.4.2 below; and (vii) for Celerium’s own internal use to: (a) provide internal insights, (b) calculate summary metrics, (c) to generate reports using aggregated and anonymized data; (d) analyze trends and performance; and (e) improve, enhance, or develop Celerium solutions and services.
3.4.2 Selected Data Sharing at Customer Discretion. Customer may have an opportunity, at its discretion, to make defined Customer Data and related information available to selected other entities. Solely by way of example, such other entities may include, but not necessarily be limited to, a State Association of Counties, statewide cybersecurity planning groups, DHS, or CISA.
3.4.3 Data Retention. Personal Data and Customer Data will be retained by Celerium in order to provide the Solution and Services for the Pilot Term. No Personal Data or Customer Data will be retained following the expiration or termination of the Pilot program.
- FEEDBACK AND OTHER INFORMATION SUBMITTED TO CELERIUM
In consideration for the access and use of the Solutions under the Pilot, Customer agrees to provide feedback to Celerium regarding the Solutions, Documentation, and Services. without attribution or compensation (“Feedback”). Any and all Feedback provided by Customer will become the property of Celerium. Customer hereby assigns to Celerium all right, title and interest worldwide in such Feedback and any and all related intellectual property rights therein, and agrees to assist Celerium, at Celerium’s expense, in perfecting and enforcing any such rights.
- SUPPORT SERVICES
Celerium will provide remote technical support to assist Customer in the provisioning of the Solutions, training and other limited technical support customarily provided as part of its Solutions to Customer. All support will be provided remotely by telephone or email, during normal business hours, Monday-Friday, from 8:00 am EST to 5:00 pm EST.
- DISCOUNT OFFER FOR PILOT PARTICIPANTS
For Customers who participate in the Pilot Program and desire to procure a paid subscription to one of Celerium’s cyber defense Solutions following the expiration or termination of the Pilot, Celerium will extend to such Customers a discount equal to 50% of the then-current annual Fee for the first year of the Solution subscription, provided an agreement is entered into and order issued to Celerium on or before December 15, 2023.
- TERM AND TERMINATION
7.1 Pilot Term. The term of the Pilot program is as set forth at Exhibit A attached hereto.
7.2 Suspension and Termination. Celerium may immediately suspend and/or terminate Customer’s access to, or use of, the Solution if: (i) Celerium determines, in its sole discretion, that immediate suspension or termination is: (a) required by applicable Law; (b) necessary to prevent harm to Celerium, Customer, or any Authorized Users; or (c) reasonably necessary to enforce the terms of this Agreement; or (ii) Celerium believes that there is a significant threat to the security, integrity, functionality, or availability of the Solutions or any content, data, or applications in the Solutions; or Celerium and NACo choose to terminate the Pilot Program. Celerium may choose to discontinue free offerings of the Solution at any time, at its sole discretion. Upon termination of this Agreement for any reason: (i) all Customer’s access and use rights granted hereunder will terminate; (ii) Customer’s access to and use of the Solution will be promptly disabled; and (ii) Customer Data will be deleted in accordance with this Agreement.
The Solutions and corresponding Documentation are made available for use or licensed, not sold. Celerium owns and retails all right, title and interest (including all intellectual property rights) in and to the Solutions, Documentation, and Services, and any Celerium trademarks, service marks and logos contained therein.
- DATA SECURITY AND PRIVACY. See, Exibit B.
In connection with this Agreement, each Party (the “Disclosing Party”) may disclose to the other Party (the “Receiving Party”) certain non-public information which the Disclosing Party considers to be its confidential information or trade secrets (“Confidential Information”). Such Confidential Information may include, but is not necessarily limited to, any technical data or know-how (including but not limited to, information on research, products, solutions, software, source code, services, development, inventions, applications, systems, components, technologies, processes, engineering, marketing, techniques, customers, pricing, internal procedures, business and marketing plans or strategies, finances, and employees) disclosed by the Disclosing Party to Receiving Party either directly or indirectly in any form that the Disclosing Party designates as confidential to Receiving Party or should be reasonably known by the Receiving Party to be Confidential Information due to the character and nature of the information and/or given the circumstances surrounding the disclosure. Confidential Information shall not include information that the Receiving Party can prove: (i) was generally available to the public at the Receiving Party received the information from the Disclosing Party, (ii) was known to the Receiving Party, without restriction, at the time of disclosure by the Disclosing Party, (iii) is disclosed with the prior written approval of the Disclosing Party, (iv) was independently developed by the Receiving Party without any use of the Confidential Information, (v) becomes known to the Receiving Party without restriction, from a source other than the Disclosing Party without a duty of confidentiality to the Disclosing Party, or (vi) is disclosed in response to an order or requirement of a court, administrative agency, or other governmental body, a subpoena, or by the rules of a securities market or exchange on which the Disclosing Party’s securities are traded; provided, however, that (a) the Receiving Party must provide prompt advance notice of the proposed disclosure to the Disclosing Party, and (b) any Confidential Information so disclosed shall otherwise remain subject to the provisions of this Section 10 (CONFIDENTIALITY). The burden of proof in establishing that any Confidential Information is subject to any of the foregoing exceptions shall be borne by the Receiving Party.
Each Party shall use the Confidential Information of the other Party solely in the performance of its obligations under this Agreement, treat as confidential all Confidential Information of the other Party, and not disclose such Confidential Information, except to authorized employees of the Receiving Party or its Affiliates, its legal counsel and accountants (provided that the Receiving Party contractually obligates them to a duty of confidentiality no less restrictive that the duty imposed by this Section 10 (CONFIDENTIALITY) and that the Receiving Party shall remain jointly and severally liable for any breach of confidentiality by such parties). Without limiting the foregoing, each of the Parties shall treat the other Party’s Confidential Information with at least the same degree of care it uses to prevent the disclosure of its own Confidential Information, but in no event less than reasonable care. Each Party shall promptly notify the other Party of any actual or suspected misuse or unauthorized disclosure of the other Party’s Confidential Information. Upon expiration or termination of this Agreement, each Party shall return or destroy all copies of any Confidential Information received from the other Party, and upon request of the Disclosing Party, provide a writing certifying to such destruction.
Each Party acknowledge that money damages would not be a sufficient remedy for any breach of this Section 10 (CONFIDENTIALITY) and will result in irreparable injury to the Disclosing Party. The Disclosing Party shall be entitled to seek equitable relief from the Receiving Party as a remedy for any breach. Such remedies shall not be deemed to be the exclusive remedies for any breach, but shall be in addition to all other remedies available at law or in equity.
- COMPLIANCE WITH LAWS
Each Party agrees to comply with all U.S. federal, state, local and non-U.S. laws directly applicable to such Party in the performance of this Agreement, including but not limited to, applicable export and import, anti-corruption and employment laws. Customer acknowledges and agrees that Solutions shall not be used, transferred, exported, re-exported, or supplied except as authorized by United States law and the laws of the jurisdiction in which the Solution is being used. In particular, but without limitation, the Solution may not be exported or re-exported (a) into (or to a national or resident of) any country subject to U.S. economic sanctions or (b) to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or any entity or organization owned 50 percent or more by one or more such designated national(s), or on the U.S. Department of Commerce Denied Persons List or Entity List. By using the Solution, Customer represents and warrants that neither Customer, any Affiliate, nor any Authorized Users are located in, under control of, or a national or resident of any such country or on any such list.
- WARRANTIES AND DISCLAIMER
12.1 No Warranty for Pilot, Trial, Evaluation or Pre-Production Versions. Customer acknowledges and agrees that the Solution provided for purposes of a pilot, trial, evaluation, or any pre-production feature or version of any Solution provided to Customer is provided “AS IS” without warranty of any kind and shall not create any obligation for Celerium to continue to develop, provide, support, repair, offer, update or upgrade, productize, or in any other way continue to provide or develop any such Solution or feature. Customer agrees that its participation in a pilot, conducting any trial or evaluation, or use of any pre-production versions is not contingent on the provision of any future Solution functionality or feature, or dependent on any oral or written statements made by Celerium regarding any future functionality or features.
12.2 No Guarantee. CUSTOMER ACKNOWLEDGES AND AGREES THAT CELERIUM DOES NOT GUARANTEE OR WARRANT THAT THE SOLUTION WILL DETECT AND/OR BLOCK ALL OF CUSTOMER’S OR ITS AFFILIATES’ CYBERSECURITY THREATS OR VULNERABILITIES CORRESPONDING TO THE FIREWALLS FOR WHICH IT IS PROVISIONED, AND CELERIUM SHALL NOT BE HELD RESPONSIBLE FOR SAME.
12.4 Disclaimer. THE SOLUTIONS AND SERVICES ARE PROVIDED BY CELERIUM TO CUSTOMER ON AN “AS IS” BASIS. CELERIUM EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, CELERIUM SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION ANY WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, INFORMATIONAL CONTENT, AND NON-INFRINGEMENT WITH RESPECT TO THE SOLUTIONS. CELERIUM DOES NOT WARRANT THAT THE SOLUTIONS WILL BE UNINTERUPTED OR ERROR FREE, OR WILL FULFILL ANY OF CUSTOMER’S PARTICULAR EXPECTATIONS, PURPOSES OR NEEDS. CELERIUM DOES NOT MAKE ANY WARRANTY AS TO THE RESULTS OBTAINED FROM THE USE OF THE SOLUTIONS OR TO THE ACCURACY OF ANY DATA GENERATED THEREFROM. THE SOLUTIONS ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE WITH RESPECT TO ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION.
- CYBER INSURANCE; INDEMNIFICATION
13.1 Cyber Insurance. During the Term of this Agreement, Celerium shall maintain in full force and effect, a cyber insurance policy with limits of $5,000,000.
13.2.1 Celerium’s Obligation. Celerium shall, at its cost and expense, indemnify, defend and/or settle, and hold harmless Customer from and against any claim brought against Customer by an unaffiliated third party relating to a claim that the Solution infringes or violates that third party’s intellectual property rights, provided that Customer: (i) gives Celerium prompt written notice of such claim; (ii) provide Celerium with reasonable cooperation at Celerium’s expense in connection with the defense or settlement of such claim; and (iii) permit Celerium to solely control and direct the defense or settlement of such claim (however, Celerium shall not enter into any settlement imposing liability or obligation on Customer without Customer’s prior written consent). Customer may, at its option and expense, participate in the defense of any claim.
13.2.2 Remedies. Should the Solution become, or in Celerium’s opinion is reasonably likely to become, the subject of a claim of misappropriation or infringement, Celerium at its sole option and expense, shall either: (i) procure for Customer the right to continue using the applicable Solution or (ii) replace the applicable Solution with a functionally-equivalent solution, or modify such applicable Solution to make it non-infringing, or (c) if neither option (i) nor (ii) is commercially feasible or reasonably available, terminate Customer’s license and use of the Solution and refund to Customer any prepaid Fees corresponding to use of the Solution, pro-rated for the balance of the then-current Subscription Term. Celerium shall have no liability with respect to infringement of any proprietary right, except as set forth in this Section 13.2 (Indemnification).
13.2.3 Exclusions. Celerium shall have no obligations under this Section if the claim is based upon or rises out of: (i) any modification of the Solution not made by Celerium; (ii) any combination or use of the applicable Solution with or in any third part software, hardware, process, firmware, or data, to the extent that such claim is based on such combination or use; (iii) Customer’s continued use of the allegedly infringing Solution after being notified of the alleged infringement or after being provided a modified version of the Solution by Celerium at no additional cost that is intended to address such alleged infringement; (iv) Customer’s use of the Solution outside the scope of the rights granted under this Agreement.
13.2.4 Exclusive Remedy. THE REMEDIES SET FORTH ABOVE IN THIS SECTION CONSTITUTE CUSTOMER’S SOLE AND EXCLUSIVE REMEDIES, AND CELERIUM’S ENTIRE LIABILITY, WITH RESPECT TO ANY INFRINGEMENT OF THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.
- LIMITATION OF LIABILITY.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT FOR LIABILITY OF ANY AMOUNTS PAID OR PAYABLE TO THIRD PARTIES UNDER SECTION 13 (INDEMNIFICATION) AND/OR ANY INFRINGEMENT OR MISAPPROPRIATION BY ONE PARTY OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, NEITHER PARTY SHALL BE LIABLE TO THE OTHER IN CONNECTION WITH THIS AGREEMENT OR THE SUBJECT MATTER HEREOF (UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, TORT, STATUTE OR OTHERWISE) FOR ANY LOST PROFITS, REVENUE, LOSS OF BUSINESS OPPORTUNITIES, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOST DATA, OR SPECIAL, INCIDENTIAL, INDIRECT, CONSEQUENTIAL, OR PUNITIVE DAMAGES, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES OR SUCH DAMAGES OR LOSSES WERE REASONABLY FORESEEABLE. THESE LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY SPECIFIED IN THIS AGREEMENT. MULTIPLE CLAIMS SHALL NOT EXPAND THE LIMITATIONS SPECIFIED IN THIS SECTION 14 (LIMITATION OF LIABILITY).
- DISPUTE RESOLUTION
In the event of any dispute or claim arising under this Agreement between Celerium and Customer, Celerium or Customer as applicable will notify the other of the dispute or claim with as much detail as possible. The Parties will use good faith efforts to resolve the dispute or claim within thirty (30) days after receipt of such notice. If the Parties are not able to resolve the dispute or claim, or agree upon the appropriate corrective action to be taken within such thirty (30) day period, then such dispute or claim shall be exclusively resolved by binding arbitration to take place exclusively in Los Angeles County, California, in accordance with the commercial rules of the American Arbitration Association. Any award rendered by the arbitrator shall be final and binding on the parties, and may be entered as a judgment by any court of competent jurisdiction. Costs of arbitration (including reasonable attorneys’ fees) shall be made a part of the arbitrator’s award. Notwithstanding the foregoing, in the event irreparable injury can be shown, either party may obtain injunctive relief exclusively in the appropriate federal or state court in Los Angeles County, California, whether or not Celerium or Customer has pursued informal resolution or arbitration in accordance with this Section 15 (DISPUTE RESOLUTION). Any litigation arising out of or relating to this Agreement shall take place exclusively in the appropriate state or federal court in Los Angeles County, California and each party irrevocably consents to the jurisdiction of such courts. The demand for arbitration must be made within a reasonable time after the dispute or claim in question has arisen, and in no event shall it be made after two (2) years from when the aggrieved party knew or should have known of the dispute or claim.
16.1 Assignment. This Agreement shall be binding upon and inure to the benefit of the parties to this Agreement and their respective successors and permitted assigns, provided that neither this Agreement nor any license or right hereunder may be assigned by Customer (whether by operation of law or otherwise) without Celerium’s prior written consent. Celerium may assign all or any part of its rights and obligations under this Agreement without consent to (a) any entity resulting from any merger, consolidation or other reorganization of Celerium, (b) any Affiliate of Celerium, (c) any entity acquiring the Solution product line as a result of divestiture or sale of the product line by Celerium, or (d) any purchaser of all or substantially all of the assets of Celerium.
16.2 Non-Solicitation of Employees. Each Party agrees that during the term of this Agreement and for a period of two years after its expiration or termination, neither Party will solicit or encourage any employee or consultant to discontinue their employment or engagement with the other Party. This Section 16.2 shall not apply to employment opportunities of either Party advertised to the general public (e.g., newspaper advertisement, internet advertisement or listing, etc.) to which an employee of either Party may respond.
16.3 Order of Precedence; Modifications. Any amendment, supplementation or other modification of any provision of this Agreement shall be effective only if in writing and signed by both Parties. It is the intent of the Parties that this provision shall expressly apply to exclude any pre-printed terms or conditions set forth in any Order issued by Customer, and requires instead a writing between the Parties that is separate and apart from any such Order to amend, alter or add to this Agreement.
16.4 Force Majeure. Neither party shall be held liable for any damages or penalty for delay in the performance of its obligations hereunder (other than Customer’s obligation to make payments under this Agreement) when such delay is due to the elements, acts of God or other causes beyond its reasonable control.
16.5 Email Notices. Customer agrees that Celerium may provide Customer and/or its Authorized Users with information about the Solutions, Services, content and messages, new or changed services or features, training opportunities or webinars, Solution renewals, and other Celerium information via email. Authorized Users may use the opt-out feature if they no longer desire to receive such emails.
16.6 Severability. If any provision of this Agreement is determined by an arbitrator or court of competent jurisdiction to be invalid or unenforceable, such determination shall not affect the validity or enforceability of any other part or provision of this Agreement.
16.7 Waiver. Waiver of any breach or failure to enforce any term of this Agreement shall not be deemed a waiver of any breach or right to enforce which may thereafter occur. Any waiver, amendment, supplementation or other modification or supplementation of any provision of this Agreement shall be effective only if in writing and signed by both parties.
16.8 Governing Law. This Agreement shall be governed by and construed in accordance with the substantive laws of the United States and the State of California, without regard to any conflict of laws principles. This Agreement shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded.
16.9 Notices. All notices required or permitted under this Agreement shall be in writing, shall reference this Agreement and will be deemed given: (i) five (5) business days after having been sent by registered or certified mail, return receipt requested, postage prepaid; or (ii) one (1) working day after deposit with a commercial overnight carrier, with written verification of receipt. All communications shall be sent to the contact information set forth below or to such other contact information as may be designated by a party by giving written notice to the other party pursuant to this Section 16.9:
To Celerium: Celerium Inc.
21515 Hawthorne Blvd., Suite 520
Torrance, CA 90503
Attn: Randall Smith, CFO
With copy to: firstname.lastname@example.org
To Customer: At the address supplied to Celerium at the time Customer registers for the pilot.
16.10 Relationship of Parties. This Agreement shall not be construed as creating an agency, partnership, joint venture or any other form of legal association between the parties and each party is an independent contractor.
16.11 Attorneys Fees. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorney’s fees.
16.12 Entire Agreement. This Agreement, including the Attachments hereto, constitutes the entire agreement between the parties with respect to the subject matter of this Agreement, and supersedes and replaces all prior or contemporaneous statements, understandings or agreements, written or oral, regarding such subject matter.
16.13 Governing Language. This Agreement has been negotiated and executed by the parties in English, and any interpretation or construction of this Agreement shall be based thereon. If this Agreement or any documents or notices relating to it are translated into another language, the English version shall govern and control in the event of any discrepancies between the two.
16.14 Counterparts; Headings: Electronic Signature and Delivery. This Agreement may be executed in several counterparts, each of which shall be deemed an original, but such counterparts shall together constitute but one and the same Agreement. This Agreement may be executed and delivered in counterpart signature pages executed and delivered via electronic transmission, and any such counterpart executed and delivered via electronic transmission shall be deemed an original for all intents and purposes. The Article and Section headings in this Agreement are inserted for convenience of reference only and shall not constitute a part hereof.
CUSTOMER PILOT INFORMATION
Pilot Term: Five (5) months, from March 1, 2023, to July 31, 2023
No. of Firewalls: Not to exceed three (3) (all must be from the supported list)
Authorized Users: Not to exceed five (5) single User ID’s (e.g., two (2) for county executives/managers and three (3) for IT staff)
Server support: 10 (for use in compromise and breach activity analysis)
Events Per Second Capacity: As established by Celerium for the Pilot
For purposes of the Pilot, Customer shall be limited to the above maximums, unless otherwise agreed by prior written consent of Celerium.
DATA SECURITY AND PRIVACY SCHEDULE
1.1 “Celerium Systems” means those computer systems hosting the Solution, which include third-party cloud-based services.
1.2 “Customer Data” shall have the meaning set forth above.
1.3 “Personal Data” means information provided by Customer to Celerium used to distinguish or trace a natural person’s identity, either alone or when combined with other personal or identifying information that is linked or linkable by Celerium to a specific natural person. Personal Data also includes such other information about a specific natural person to the extent that the data protection laws applicable to the jurisdiction in which such person resides define such information as Personal Data.
1.4 “Privacy and Security Laws” means applicable U.S. federal, state and local laws, as well as non-U.S. laws, including those of the European Union, that regulate the privacy or security of Personal Data and that are directly applicable to Celerium.
1.5 “Security Breach” means unauthorized access to, or unauthorized acquisition of, Customer Data or Personal Data stored on Celerium Systems that results in the compromise of such Customer Data or Personal Data.
- CELERIUM SOLUTIONS
Celerium’s Solutions are designed to assess and respond to potential malicious activity by detecting, assessing, identifying, and responding to potential security threats and intrusions. Celerium’s Solutions do this by collecting metadata (e.g., IP addresses, and data relating to syslog, NetFlow, or Layer 3 data) from Customer Firewalls and securely sending it to Celerium Systems where the data is analyzed for defensive actions and generating reports. The metadata collected by Celerium Solutions does not include any Personal Data or content from Customer’s networks or workstations. Celerium has the right to aggregate and anonymize any data collected and use the data to: (i) provide the Solutions; (ii) analyze trends and performance; (iii) improve, enhance, or develop Celerium solutions and services; (iv) create summary insights or other reports for Celerium and its customers to improve cybersecurity; and (v) share the data or reports generated with communities to which customers have agreed to be a member. Data sharing is further set forth in the agreement between Celerium and its customers.
- PROCESSING PERSONAL DATA
3.1 Provisioning/Use of Solutions. Celerium complies with applicable Pricacy and Security Laws in the processing of Personal Data. Personal Data may be collected and used as follows: in the provisioning and use of the Solutions; in order to provide and improve the Solutions; to administer Customer and user accounts; to comply with applicable laws; to provide support and training and respond to Customer inquiries; to act in accordance with Customer’s instructions; to administer this Agreement; to inform Customer and/or Authorized Users of Solution updates or enhancements, upcoming webinars or training, or otherwise manage and further the business relationship between Customer and Celerium; and otherwise in accordance with this Agreement. Celerium and its personnel will comply with Customer’s instructions in accordance with applicable law concerning the handling of Personal Data. Upon Customer’s request and within a reasonable time, Celerium will correct, delete, and/or block an individual’s Personal Data from further processing and/or use. Customer consents to: (i) the collection, use, storage and transfer of Personal Data by Celerium as contemplated by this Agreement, and (ii) if Customer or an Authorized User is located outside of the United States, the transfer of Personal Data out of the Customer’s country or the country or region in which the data subject resides or from which the Personal Data otherwise originates to the United States.
3.2 Customer Obligations. Customer will be responsible for providing any notice and choice requirements under applicable law to individuals for whom it provides Personal Data to Celerium. Customer represents and warrants that: (i) its provision of the Personal Data and Customer Data to Celerium hereunder complies with all applicable laws, including applicable data protection laws; (ii) it is and will at all relevant times remain duly and effectively authorized to enter into this Agreement and instruct Celerium to provide the Solutions and Services; (iii) it has a lawful basis in having Celerium process the Customer Data and Personal Data; (iv) it has made all necessary disclosures, obtained all necessary consents and government authorizations required under applicable law to permit the processing and international transfer of Customer Data and Personal Data from each Customer Affiliate, Contractor, and/or Authorized User.
- COMPLIANCE WITH PRIVACY AND INFORMATION SECURITY REQUIREMENTS
4.1 Information Security Safeguards. Celerium will maintain appropriate organizational and technical safeguards and security protocols commensurate with the sensitivity of the Personal Data and Customer Data processed by Celerium, substantially in conformance with the NIST SP 800-171 control framework (“Celerium Information Security Controls”). The Celerium Information Security Controls are designed to protect the confidentiality, integrity, and security of the Personal Data and Customer Data processed by Celerium, and to protect such Personal Data and Customer Data against accidental or unlawful destruction or loss, unauthorized access or disclosure. Celerium will notify Customer within seven (7) days of any confirmed breach of Celerium’s Systems or unauthorized access to Personal Data or Customer Data (“Information Security Breach”) in accordance with applicable law. Upon any such discovery and confirmation, Celerium will (a) investigate, remediate, and mitigate the effects of the Information Security Breach, and (b) provide Customer with assurances that actions have been taken to avoid such Information Security Breach from recurring.
4.2 Technical Information. Customer agrees that Celerium may collect and use technical information related to Customer’s use of the Solutions, Services, and/or Celerium’s website(s). Such information may include, without limitation, information about Customer’s use of the Solution, Services, and/or website and information about the devices and systems for which the Solution is provisioned or Services are provided, and/or websites accessed. Celerium may use this information to improve its solutions, services or technologies, and will not disclose such information in a form that personally identifies specific persons or entities or any data or messaging that may be stored or transmitted in or through Customer’s use of the Solution, Services, or Celerium website.
4.3 Compliance with Subpoena; Other Legal Process; Regulators. Celerium will make reasonable efforts to avoid disclosure of the data set forth in this Exhibit B Data Security and Privacy Schedule, unless otherwise stated or agreed upon by the parties. If Celerium becomes legally compelled, as a result of a subpoena, regulatory request, court order or other legal process, to disclose any Customer Data, Personal Data or other information Celerium has collected from Customer, Celerium may disclose such Customer Data or Personal Data without the prior consent of Customer; provided, however, that in such case Celerium shall, to the extent permitted by law, give notice to Customer at least five (5) days prior to disclosing Personal Data or Customer Data, and Celerium shall provide such reasonable co-operation and assistance as Customer may reasonably request in its efforts to obtain a protective order or other similar relief concerning such Customer Data or Personal Data. In any event, Celerium shall disclose only that portion of such Customer Data or Personal Data that, in the opinion of Celerium’s legal counsel, is legally required to be disclosed.