ADDENDUM TO AGREEMENT FOR INTRALINKS SERVICES

ADDENDUM TO AGREEMENT FOR INTRALINKS SERVICES

The legal terms and conditions that the Client previously entered into with Intralinks are hereby modified by incorporating the following provisions.

 

Definitions:

 

Administrator” or “Exchange Manager” means those End Users designated by Client to have the authority to instruct Intralinks in connection with the Services and to act as administrators of Client’s use of the Services.

 

Intralinks Courier” shall mean Intralinks’ secure file transfer service which may be provided to Client through a web site, standalone software utility or plug-in.

 

Intralinks VIA” shall mean Intralinks’ file synch and share service which may be provided to Client through a web site, standalone software utility or plug-in.

 

 "Services" means collectively all Intralinks Exchanges, Intralinks Courier, Intralinks VIA, Intralinks web site features, software, application programming interfaces, systems delivered or accessible through any media or device, support, additional services, and all related materials and documentation, provided by or on behalf of Intralinks to Client pursuant to this Agreement.

 

1. Uptime:  Intralinks shall provide the Services with a minimum of Ninety-Nine and a half percent (99.5%) Operational Time Twenty-Four (24) hours a day, Seven (7) days a week as measured over each calendar month.  “Operational Time” shall be calculated as [(Hours in Month – Downtime) / Hours in Month].  “Hours in Month” shall be defined as the total number of hours in any given calendar month. “Downtime” shall be defined as any period of time during that calendar month during which Client’s End Users are unable to access data on the Services (“Unavailability”), commencing on the receipt of Client's notification to Intralinks of such Unavailability or when Intralinks otherwise becomes aware of such Unavailability and ending when Intralinks has substantially restored the affected access or provided a workaround as described below.  Downtime shall not include any period of time during which Client and/or its End Users are unable to access the Services due to (i) scheduled maintenance and/or upgrades; (ii) an action or omission of Client (including its employees, contractors and/or agents); (iii) data quarantined due to virus infection; and/or (iv) a Force Majeure Event. The period of Downtime due to such Unavailability shall be stopped in the event Intralinks provides to Client a workaround for such Unavailability that makes the affected portion of the Services available to End Users of affected exchanges. Intralinks shall continue to work on a permanent correction for such Unavailability in the event it provides a workaround to Client.  In the event Client reasonably determines that the workaround materially impacts the use of such exchanges, Client shall provide telephonic and email notice of such determination, and the period of Downtime due to such Unavailability shall resume as of the time of such notice to Intralinks but shall not include the interim period during which Intralinks provided such workaround to Client. Intralinks shall continue to work on a permanent correction for such Unavailability in the event it provides a workaround to Client.

 

2.  Data Processing:

 

(a) Each party shall comply with all laws and regulations of the relevant jurisdictions that apply to its respective performance of obligations and exercise of rights under this Agreement, including, as applicable, the European Data Protection Directive 95/46/EC, the Personal Data (Privacy) Ordinance (Cap 486 of the Laws of Hong Kong), the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and United States state data privacy and data protection laws, and related implementing regulations (collectively, “Applicable Law”).

 

(b) Client warrants that it has complied with Applicable Law in its provision of data to Intralinks.

 

(c) Intralinks warrants to Client that it is certified under the U.S.-EU Safe Harbor framework as administered by the U.S. Department of Commerce (original certification dated 8/11/2009).

 

(d) Client authorizes Intralinks to process, and Intralinks shall process, personal data solely for the purposes set forth in, and in the manner required by, this Agreement or otherwise where Intralinks is acting on Client's instructions or as otherwise required by Applicable Law (it being agreed that Intralinks in performing the Services and its other obligations under this Agreement shall be deemed to be acting in accordance with Client’s instructions). Intralinks shall implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing. Client acknowledges that Intralinks may transfer End User Files to Intralinks’ Affiliates and its subcontractors; provided that such transfer shall be solely as needed to perform the Services hereunder and Intralinks shall be responsible for ensuring its Affiliates and subcontractors handle End User Files in accordance with the terms of this Agreement.

 

(e) Each party shall, to the extent permitted by Applicable Law, promptly notify the other party upon receiving a request from any third party or regulatory authority for access to data provided by Client to Intralinks. Upon reasonable written request by either party and at Client’s sole expense, the other party shall provide the requesting party with reasonable cooperation and assistance in responding to any legal or regulatory proceeding that involves data provided by Client to Intralinks.

 

(f) Each party shall notify the other party as soon as reasonably practicable upon becoming aware of any unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of (a) data supplied by or on behalf of Client to Intralinks pursuant to this Agreement or (b) End User credentials that enable access to or use of the Services (“Security Breach”). Each party shall cooperate with the other party in providing any notifications required by Applicable Law and seeking to ensure that similar Security Breaches do not reoccur.

 

 

3.  Miscellaneous:

 

(a) Security.  Intralinks utilizes security systems and infrastructure customary in the industry, including but not limited to redundant data centers with a full range of back-up and business recovery services and anti-virus and intrusion detection software.  Upon request, during the term of this Agreement, Intralinks will provide Client with access to the latest SOC 2 Security and Availability Report for the Services and the Standard Information Gathering (“SIG”) questionnaire, which relates to controls of the service provider.  Such report and SIG questionnaire constitute the Confidential Information of Intralinks.

 

(b) Foreign Corrupt Practices Act, UK Bribery Act and Other Improper Payments. In connection with the parties’ compliance with the Foreign Corrupt Practices Act (“FCPA”) and the UK Bribery Act, the parties shall not offer, promise, approve, or make payments, gifts, or anything of value to foreign government officials or private parties for the purpose of influencing such individual to obtain or retain business. In addition, neither party shall make any payments with a wrongful or corrupt intent, i.e. payments Intralinks knew or should have known were intended to influence the private party, the government official or the government.

 

(c)  Export Compliance.  The Services and any standalone utilities that may be provided to Client for use with the Services may be subject to export laws and regulations of the United States and other jurisdictions.  Each party represents that it is not named on any U.S. government denied-party list.  Client shall not permit End Users to access or use the Services in a U.S.-embargoes country or in violation of any U.S. export law or regulation.