THIS AGREEMENT (“Agreement”) is hereby entered into between VentureTech, LLC DBA Reviewr, a Nebraska Limited Liability Company with offices at 7120 South 29th Street, Lincoln NE (“Company”) and  (“Customer”) (individually a “Party” or collectively, the “Parties”) on the following terms and conditions:

1. Subscribing to the Service. Customer will subscribe to certain services for the purpose of hosting and maintaining the event submission website as described below, specifying the features of the Service and the terms and conditions applicable to that service (each a “Service”, collectively, the “Services”). In the event of any conflict,  the Services Agreement shall govern all issues relating to intellectual property rights, warranty, indemnity and liability issues.

(a) Initial Service. Customer is entering into an initial Services Form upon execution of this Agreement. Company will provide the Service described in the initial Services Form to Customer for the Subscription Period specified therein according to such Services Form and this Agreement.

(b) Additional Service. Additional Services Forms may be entered into by the Parties to subscribe to additional or different features of the Service. Unless designated as replacing a specific outstanding Services Form, a new Services Form will be considered in addition to currently outstanding Services Forms.

2. Permitted Use. Subject to the terms and conditions of this Agreement, Customer is granted the following usage rights for the Service described in the Services Form(s):

(a) Accessing User Accounts. Company will provide unlimited User IDs needed by Customer to access and use the Service features specified in the applicable Services Form during the Subscription Period. Customer personnel will use commercially reasonable efforts to protect the confidentiality of User IDs. Company may rely on any User ID, instruction or information that meets the Service’s automated criteria or which is believed by Company to be genuine. Company may assume a person entering a User ID and password is, in fact, that user. Company may assume the latest email addresses and registration information on file with the Service are accurate and current. When programmed to do so, the Service may take prescribed actions in the absence of receiving proper and complete contrary instructions.

(b) Data Preparation & Configuration. Customer will ensure that: (i) its personnel are familiar with the use and operation of the Service, and (ii) to its knowledge, no other software, data or equipment having an adverse impact on the Service has been introduced.

(c) Reviewr Subscription. With respect to each Service feature referenced on a Services Form, and for which the applicable Subscription Fee is paid when due, Customer is granted access the Service through the User IDs, to load Customer Data and to operate the features of the Service during the Subscription Period according to the Documentation. Customer may use the Service on any number of computers and may use the administrative console of the Service to add/drop individual users, within the specified maximum limit.

(d) Reservation of Rights. Company expressly reserves all rights in the Service not specifically granted to Customer in this Agreement or in the Services Agreement. Except as set forth in the Services Agreement, it is acknowledged that all right, title and interest in the Service will remain with Company (or third party suppliers, if applicable) and that the Service is on a subscription basis and not “sold” to Customer. Customer expressly reserves all rights in the Customer Data, except the limited right of Company to use the Customer Data in operating the Service features for Customer’s benefit. Unless specifically agreed in writing, each Party’s exclusive ownership rights extend to any update, adaptation, translation, customization or derivative work thereof.

3. Transfer of Agreement. Except as expressly stated herein, neither this Agreement, nor any rights or obligations hereunder, may be transferred, assigned, delegated, time-shared, or rented, in whole or in part, by either Party without the other Party’s prior written consent, which consent shall not be unreasonably withheld or delayed, and any attempt to the contrary shall be void and of no legal effect.

4. Term. This Agreement shall be effective once it has been signed and delivered by both Parties and shall then remain in force for the period referenced in the service form. At the end of that subscription period, this Agreement shall be automatically renewed for successive periods of one (1) year unless, at least 90 days prior to any renewal date either Party notifies the other that this Agreement shall not be automatically renewed. This Agreement may terminate earlier as provided in this Section 14 or as the Parties may otherwise agree in writing.

5. User & Technical Documentation. The Service contains online documentation describing the operation of the Service under normal circumstances (the “Documentation”). The Service is provided strictly in software application, except source code, object code and documentation (collectively, the “Source Materials”) for the Service have been deposited with a third party escrow agent which is holding the Source Materials for the benefit of Customer and other customers and users of the Service. Source Materials shall be released by the escrow agent to Customer upon: (a) the filing of a petition in bankruptcy by or against the Company and the failure of the Trustee in bankruptcy or debtor in possession either to assume or perform this Agreement or to have the bankruptcy proceedings terminated within forty-five (45) days after the initial filing of such Petition, or (b) the material and unexcused failure of Company or its designated agent to carry out its warranty or support obligations imposed by this Agreement or the Services Agreement, or (c) the Company’s discontinuance or sale to unrelated third parties of its entire interest in the business pertaining to the Service and the failure of Company to arrange reasonably satisfactory substitute performance of operational warranty or support obligations by a designated agent or such third party purchaser.

6. Acceptance.

The Service features described in the Services Form shall be deemed accepted by Customer unless Customer notifies Company in writing of a material defect in the Service within one-hundred and twenty (120) business days after the discovery of the defect. If material defects are identified, Company shall have a reasonable opportunity to correct them, or provide a functional workaround but in no event later than ten (10) business days Customer notifies Company of aftersuch defects. If defects are not corrected to the reasonable satisfaction of Customer within the time period set forth above, Customer shall have the right to immediately terminate this Agreement and receive a refund of all amounts paid for the Services hereunder.

Escalation Process:

Critical Phase:  A critical phase is defined as any period where a defect or request directly impacts the forward progress of the event.  In the case of such an incident, your project manager will work directly with you to solve these issues or have a workaround in place within 48 hours.  

Normal Request:  All other requests will be handled via the integrated support system and via the support team that can be contacted below.  Any request will be responded to within 24 hours.

support@reviewr.com

402-261-5802

7. Support Service. Customer may receive the following Support Service:

(a) Online Customer Care Portal and Knowledge Center. Customer’s designated representative shall have access to Company’s technical support portal and knowledge center. Additional support services may be provided as referenced in the Services Form. Requested on-site support shall be billed at an hourly rate quoted in a separate work order and Customer will reimburse Company’s reasonable travel costs.

(b) Service Upgrades. Customer shall automatically receive all software upgrades and updates for their event site released during the contract term. This includes minor and major product releases with both bug fixes and new features and enhancements for the sites, as designated by the Company in its discretion, and at no additional charge.

(c) Certain Conditions. Company shall not be obligated to provide Support Service if: (i) the error results from operator error, errors in Customer Data or software not supplied by Company or use that is not in accordance with the Documentation; or (ii) the Customer has failed to pay any required fee or is otherwise in default of this Agreement beyond any period of notice and right to cure.

1. d) Training. In consideration of Customer’s payment of the published Training Fee, Customer personnel may attend training sessions provided by Company in the use and operation of the Service. Training will be conducted via the weekly Reviewr webinar. Training material is recorded and provided to Customer via the Reviewr Knowledge Center. For on-site training, Reviewr will provide an hourly rate quote via a separate work order and Customer will reimburse Company’s reasonable travel costs.

8. Fees & Payment

(a) Subscription Fees. Unless otherwise expressly stated on a Services Form, Customer will pay Subscription Fees for the Service. Subscription Fees are invoiced starting on the Effective Date of the Services Form and payable the first of the new month. All prices are stated and payable in U.S. Dollars. Any future Services Forms shall be at Company’s then-published rates or as otherwise agreed in the Services Form.

(b) Late Payment. Company reserves the right to suspend Service until all past due amounts are paid in full after giving Customer ten (10) business days advance written notice and an opportunity to cure as specified in Section 13 (“Notices”) and Section 14 (“Termination”). Any late payment shall bear interest at the rate of one (1) percent per month or fraction thereof until 

(c) Certain Taxes. Omitted by choice as taxation does not apply to this agreement.

(d) Service Availability. The Service shall be accessible and available to Customer as applicable, via secure Internet connection, 24 hours a day, 7 days a week with a minimum uptime of 99.0%. To minimize server downtime during peak usage periods, Company shall perform scheduled maintenance only between the hours 9:00 pm CST through 5:59 am Central Time.

Uptime = (Total Hours- Scheduled Downtime) – Unscheduled Downtime(Total Hours – Scheduled Downtime) x100

9. Confidential & Proprietary Information.

For purposes of this Section, a Party receiving Confidential & Proprietary Information (as defined below) shall be the “Recipient” and the Party disclosing such information shall be the “Discloser”.

(a) Acknowledgment. Customer hereby acknowledges that the Service (including any Documentation, source code, translations, compilations, partial copies and derivative works) may contain confidential and proprietary information belonging to Company (or its designated third party supplier), and Company hereby acknowledges that Customer Data may contain confidential and proprietary information belonging exclusively to Customer or relating to its affairs (in each case, “Confidential & Proprietary Information”). Confidential & Proprietary Information does not include: (i) information already known or independently developed by Recipient outside the scope of this relationship by personnel not having access to any Confidential & Proprietary Information; (ii) information in the public domain through no wrongful act of Recipient, or (iii) information received by Recipient from a third party who was free to disclose it.

(b) Covenant. Recipient hereby agrees that during the Term and at all times thereafter it shall not use, commercialize or disclose such Confidential & Proprietary Information of the Discloser to any person or entity, except to its own personnel, employees, contractors, shareholders and board members having a “need to know”, and to such other recipients as the Discloser may approve in writing. Recipient shall not: (i) alter or remove from any Confidential & Proprietary Information of the Discloser any proprietary legend, or (ii) decompile, disassemble or reverse engineer the Confidential & Proprietary Information (and any information derived in violation of such covenant shall automatically be deemed Confidential & Proprietary Information owned exclusively by the Discloser). Recipient shall use at least the same degree of care in safeguarding the Confidential & Proprietary Information of the Discloser as it uses in safeguarding its own confidential information, but in no event shall less than due diligence and care be exercised. Upon termination or expiration of this Agreement, and regardless of whether a dispute may exist, Recipient shall return or destroy (as instructed by Discloser) all Confidential & Proprietary Information of Discloser in its possession or control and cease all further use thereof.

(c) Injunctive Relief. Recipient acknowledges that violation of the provisions of this Section would cause irreparable harm to Discloser not adequately compensable by monetary damages. In addition to other relief, it is agreed that injunctive relief shall be available without necessity of posting bond to prevent any actual or threatened violation of such provisions.

10. Warranties.

(a) Noninfringement Warranty. Company represents and warrants that the Service, when properly used as contemplated herein, will not infringe or misappropriate any intellectual property rights. Upon being notified of such a claim, Company shall at its option: (i) defend through litigation or obtain through negotiation the right of Customer to continue using the Service; (ii) rework the Service so as to make it noninfringing while preserving the original functionality, or (iii) replace the Service with a functionally equivalent non-infringing Service. If none of the foregoing alternatives provide an adequate remedy, Customer may terminate all or any part of this Agreement and recover amounts paid for the infringing Service. Customer represents and warrants that it owns or has all requisite rights to use the Customer Data with the Service, and to authorize Company to process Customer Data as contemplated herein, and that use of the Customer Data as contemplated herein will not infringe or misappropriate any intellectual property rights.

(b) Limited Performance Warranty. Company represents and warrants during the Subscription Period that the Service will operate substantially in accordance with the applicable Documentation; provided, that (i) the Service is implemented and operated in accordance with all instructions supplied by Company; (ii) Customer notifies Company of any such defect within ten (10) business days after the appearance thereof; and (iii) Customer has paid all amounts due hereunder and is not in default of any provision of this Agreement beyond any applicable period of notice and right to cure.

(c) Warranty Disclaimer. EXCEPT AS SPECIFICALLY PROVIDED IN THIS SECTION (“WARRANTIES”) THE COMPANY HEREBY DISCLAIMS WITH RESPECT TO ALL SERVICES, SUPPORT OR OTHER DELIVERABLES PROVIDED HEREUNDER, ALL EXPRESS AND IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, ACCURACY, QUALITY, INTEGRATION OR FITNESS FOR A PARTICULAR PURPOSE. COMPANY DOES NOT WARRANT THAT THE SERVICE WILL OPERATE WITHOUT INTERRUPTION OR ERROR FREE. ANY UNAUTHORIZED CHANGES TO THE SOURCE MATERIALS WILL VOID THE WARRANTY PROVIDED UNDER THIS SECTION.

(d) Not Fault Tolerant. THE SERVICE IS NOT FAULT TOLERANT AND IS NOT DESIGNED, MANUFACTURED OR INTENDED FOR USE IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATIONS SYSTEMS, AIR TRAFFIC CONTROL, DIRECT LIFE SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF THE SERVICE COULD LEAD TO DEATH, PERSONAL INJURY OR PHYSICAL OR ENVIRONMENTAL DAMAGE. TO THE EXTENT CUSTOMER USES THE SERVICE IN SUCH ENVIRONMENT, IT EXPRESSLY ASSUMES ALL RISK THEREFORE.

11. Mutual Indemnity.

(a) By Company. Company shall defend, indemnify and hold Customer harmless from any claim (including legal fees and costs) that (i) Company breached any representation, warranty or covenant set forth in this Agreement; (ii) the Service violates or infringes any intellectual property rights; or (iii) the use of the Service by Customer in accordance with the Documentation harms any person or violates any law. Indemnification hereunder shall be provided in accordance with Section 11(c) below. Company is not obligated under this Section solely to the extent any claim arises from Customer’s breach of this Agreement or use of the Service in combination with any software, data, process or technology not supplied by Company (where there would be no claim, but for such combination).

(b) By Customer. Customer shall defend, indemnify and hold Company harmless from any claim (including legal fees and costs) that (i) Customer breached any representation, warranty or covenant set forth in this Agreement; or (ii) Customer Data or Customer’s use of the Service (except for use in accordance with the Documentation) harms any person, violates any law or infringes any intellectual property rights. Indemnification hereunder shall be provided in accordance with Section 11(c) below. Customer is not obligated under this Section to the extent any claim arises from Company’s breach of this Agreement or use of Customer Data in combination with any software, data, process or technology not supplied by Customer (where there would be no claim, but for such combination).

(c) Indemnification Procedure. When a Party hereunder (“Indemnifying Party”) is required to indemnify the other Party (“Indemnified Party”) in accordance with this Article 11, the Indemnifying Party will assume on behalf of such Indemnified Party, and conduct with due diligence and in good faith, the defense of any claim against such Party, whether or not the Indemnifying Party will be joined therein, and the Indemnified Party will cooperate with the Indemnifying Party in such defense. The Indemnifying Party will be in charge of the defense and settlement of such claim; provided, that without relieving the Indemnifying Party of its obligations hereunder or impairing the Indemnifying Party’s right to control the defense or settlement thereof, the Indemnified Party may elect to participate through separate counsel in the defense of any such claim, but the fees and expenses of such counsel will be at the expense of such Indemnified Party, except in the event that (a) the Indemnified Party will have reasonably concluded, acting in good faith and on the advice of counsel, that there exists a material conflict of interest between the Indemnifying Party and the Indemnified Party in the conduct of the defense of such claim (in which case the Indemnifying Party will not have the right to control the defense or settlement of such claim, on behalf of such Indemnified Party), or (b) the Indemnifying Party will not have employed counsel to assume the defense of such claim within a reasonable time after notice of the commencement of an action thereon, in which case the fees and expenses of counsel will be paid by the Indemnifying Party. No Indemnifying Party will settle any such claims or actions in a manner which would require any action or forbearance from action by any Indemnified Party without the prior written consent of the Indemnified Party, which consent will not be unreasonably withheld.

12. Limitation of Remedies & Liabilities. The parties acknowledge that the following provisions have been negotiated by them and reflect a fair allocation of risk:

(a) Remedies. Except for indemnified claims under Section 11 (“Mutual Indemnity”) or rights or indemnities expressly stated under other provisions hereof the Customer’s sole and exclusive remedies for Company’s default hereunder shall be (i) to repair, replace or correct the defective Service; or, (ii) if the breach by Company cannot be corrected as set forth above, to obtain a full refund of amounts paid with respect to the defective Service.

(b)Liabilities. EXCEPT FOR INDEMNITIES EXPRESSLY PROVIDED BY THIS AGREEMENT OR IN THE CASE OF A BREACH OF A PARTY’S CONFIDENTIALITY OBLIGATIONS, NEITHER PARTY IS LIABLE FOR DIRECT DAMAGES EXCEEDING ONE (1) YEAR’S SUBSCRIPTION FEES PAYABLE UNDER THE SERVICES FORM AT ISSUE, NOR FOR ANY CLAIM, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, FOR ANY INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING LOST SAVINGS, LOST PROFIT OR BUSINESS INTERRUPTION EVEN IF NOTIFIED IN ADVANCE OF SUCH POSSIBILITY) ARISING OUT OF OR PERTAINING TO THIS AGREEMENT. THIS LIMITATION IS INDEPENDENT OF REMEDY LIMITS.

13. Notices. Notices sent to either party shall be effective one (1) day after being sent by overnight courier, or two (2) days after being sent by first class mail postage prepaid to the address listed for the party on page 1 of this Agreement or to such other address (es) as the party may specify in writing.  

14. Termination.

(a) Generally. Either party may, in addition to other relief, suspend or terminate a Services Form or this Agreement if the other party breaches any material provision hereof and fails within thirty (30) days after receipt of notice of default to correct such default or to commence corrective action reasonably acceptable to the aggrieved party and proceed with due diligence to completion. Either party shall be in default hereof if it becomes insolvent, makes an assignment for the benefit of its creditors, a receiver is appointed or a petition in bankruptcy is filed with respect to the party and is not dismissed within thirty (30) days.

(b) Survival. Termination shall have no effect on the parties’ rights or obligations under Section 9 (“Confidential & Proprietary Information”), rights or obligations under Section 10 (“Warranties”), Section 11 (“Mutual Indemnity”), Section 12 (“Limitation of Remedies & Liabilities”), Section 16 (“Independent Contractor Status”), Section 17 (“Insurance, Indemnity”), any payment obligations or any provision which by its nature should survive. Upon termination or expiration of the Term, Company shall make a final backup of Customer Data and provide the backup media to Customer at actual cost of duplication.

15. FERPA.  This Section is applicable (and is in addition to the Section entitled “Confidentiality” above) if, during the term of this Agreement, Company receives from Customer or its students, is deemed to maintain on behalf of Customer, or has been provided any access by Customer to, personally identifiable information of any Customer student: Company shall comply with the Family Educational Rights and Privacy Act to the same extent as Customer and in such case Customer shall have direct control over Company’s maintenance and use of all of such student information and Company will only share such information internally or with Customer for legitimate educational purposes, which includes Company’s obligations under this Agreement. In such event, Customer appoints Company as its agent for the sole purpose of receiving such student information in connection with providing services to Customer.  Company shall have no authority to act as Customer’s agent in any other context and shall not be authorized to bind Customer to act on behalf of, or execute, acknowledge, or deliver in the name or on behalf of Customer any contract, agreement, certificate or any other document whatsoever.

16. Security, No Conflicts. Each party agrees to inform the other of any information made available to the other party that is classified or restricted data, agrees to comply with the security requirements imposed by any state or local government, or by the United States Government, and shall return all such material upon request. Each party represents and warrants that its participation in this Agreement does not conflict with any contractual or other obligation of the party or create any conflict of interest and shall promptly notify the other party if any such conflict arises during the Term. More security information may be found at https://aws.amazon.com/security/

17. Insurance, Indemnity. Each party shall maintain adequate insurance protection covering its respective activities hereunder, including coverage for statutory worker’s compensation, comprehensive general liability for bodily injury and tangible property damage, as well as adequate coverage for vehicles. Each party shall indemnify and hold the other harmless from liability for bodily injury, death and tangible property damage resulting from the negligent or willfully injurious acts or omissions of its officers, agents, employees or representatives acting within the scope of their work.
18. Miscellaneous. This document and the accompanying Exhibits constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all other communications, whether written or oral. This Agreement may be modified or amended only by a writing signed by the party against whom enforcement is sought. Except as specifically permitted herein, neither this Agreement nor any rights or obligations hereunder may be transferred or assigned by Customer without Company’s prior written consent and any attempt to the contrary shall be void. Company reserves all rights not specifically granted herein. Neither party shall be liable for delays caused by events beyond its reasonable control, except non-payment of amounts due hereunder shall not be excused by this provision. Any provision hereof found by a tribunal of competent jurisdiction to be illegal or unenforceable shall be automatically conformed to the minimum requirements of law and all other provisions shall remain in full force and effect. Waiver of any provision hereof in one instance shall not preclude enforcement thereof on future occasions. Headings are for reference purposes only and have no substantive effect. Counterparts of the Agreement that are manually signed and delivered by facsimile or electronic transmission shall be deemed to constitute signed original counterparts hereof and shall bind the parties signing and delivering in such manner. The original of this document, including the signature page (bearing original signatures or facsimiles or electronic transmissions thereof), may be scanned and stored in a computer database or similar device, and any printout or other output readable by sight, the reproduction of which is shown to accurately reproduce the original of this document, may be used for any purpose just as if it were the original, including proof of the content of the original writing.

19. Data Security and Confidentiality
20. a) Confidential Data Defined

Each party acknowledges that by reason of its relationship to the other party under this Agreement it may have access to certain data and information of the other party of a special and unique nature and value (“Confidential Data”). “Confidential Data” shall mean any data and/or information that is identified by either party as confidential (either orally or in writing) or is of such a nature that a reasonable person would understand such data and/or information to be confidential. “Confidential Data” shall include, but is not limited to, (1) business methods and practices, financial data, business plans and opportunities, pricing, personnel, customers, prospective customers, or suppliers; (2) trade secrets, inventions, processes, methodologies, products, product plans, patent applications, and other proprietary rights, any specifications, tools, computer programs, source code, object code, documentation, technical information or other related confidential business information or data; (3) detailed financial reports, results and projections; (4) personal information of customers, employees, students, and/or donors, including but not limited to, names, addresses, Social Security numbers, e-mail addresses, telephone numbers, financial profiles, credit card information, driver’s license numbers, medical data, law enforcement records, or other information identifiable to a specific individual that relates to any of these types of information (“Personal Information”) ; or (5) any other proprietary information or data of the parties that is maintained in confidence

Confidential Data shall not include information the receiving party can demonstrate (i) is or becomes a matter of public knowledge through no fault of the receiving party, (ii) was rightfully in the receiving party’s possession, without obligation of confidentiality, prior to disclosure by the disclosing party, as evidenced by written records of the receiving party, (iii) subsequent to disclosure, is rightfully obtained by the receiving party from a third party in lawful possession of such Confidential Data, as evidenced by written records of the receiving party, without obligation of confidentiality, (iv) is independently developed by the receiving party without reference to or use of such Confidential Data, or (v) is required to be disclosed by law, governmental or administrative process. More security information may be found at https://aws.amazon.com/security/

1. b) Use and Non-Disclosure of Confidential Data; Exceptions

Each party agrees to use the Confidential Data received from the other party only as expressly permitted in this Agreement and in furtherance of the purposed expressed herein. To the extent permitted by law, neither party will disclose to any third party the other party’s Confidential Data, in whole or in part, without the prior written consent of the party, or as provided for in this Agreement and in compliance with all applicable state and federal laws; provided however, Company may disclose Personal Information of Customer users to third parties as necessary to perform the Services under the Agreement or with the users consent to whom such Personal Information pertains. Notwithstanding the foregoing, either party may disclose the Confidential Data or portions thereof to their respective attorneys or accountants when seeking legal or financial advice.

Company specifically warrants and represents that except as otherwise permitted herein, it will not in any manner disclose, disseminate, copy, sell, resell, sublicense, transmit, assign, or otherwise make available any of Customers Confidential Data to any third party without the prior written permission of Customers, and further warrants and represents that it will take all reasonable steps necessary to ensure that its authorized agents, employees, contractors or subcontractors having access to the Confidential Data shall not copy, disclose or transmit any of the Confidential Data, or any portion thereof, in any form, to a third party except as necessary to perform the Services under the Agreement. More security information may be found at https://aws.amazon.com/security/

1. c) Obligations to Secure Confidential Data

Company warrants and represents that it will implement industry-standard physical, electronic, and managerial safeguards to prevent unauthorized access to and disclosure of Customers Confidential Data, including but not limited to, the security of the physical environment in which the Confidential Data is stored, processed, and transmitted. Company further warrants and represents that such safeguards will in no event be less than the level of security Company uses to protect its own Confidential Data. Company shall require its contractors and subcontractors authorized to access Customers Confidential Data pursuant to this Agreement to take similar industry-standard precautions in safeguarding the Confidential Data.

Company agrees to comply with all applicable state and federal statutes and regulations governing unauthorized access and non-disclosure of the Confidential Data including, but not limited to, (i) personally identifiable information from education records as defined in The Family Educational Rights and Privacy Act (FERPA). More security information may be found at https://aws.amazon.com/security/

1. d) Obligations upon Breach of Security

If Company determines or reasonably believes that Customers data has been misappropriated or accessed in an unauthorized manner, Company will promptly report such misappropriation or unauthorized access to Customers.  Also, Company will promptly investigate the security incident and take reasonable measures to identify its root cause(s), mitigate its effects, and prevent a recurrence.  Unless prohibited by law, Company will provide Customers with a detailed description of the incident, the type of data that was the subject of the incident, the identity of each affected person, and other information Customers may reasonably request concerning the affected persons.  The parties agree to coordinate in good faith on developing the content of any related public statements or any required notices for the affected persons. If a data compromise and/or identity theft occurs and is found to be the result of Company’s non-compliance with the applicable state and federal statutes and regulations. Company will assume complete responsibility for customer notification, and be liable for all associated costs incurred by Customer in responding to or recovering from said breach. More security information may be found at https://aws.amazon.com/security/

1. e) Survival of Obligations

The obligation to maintain the confidentiality of the Confidential Data received by the other party will survive termination or expiration of this Agreement, and shall survive for a period of five (5) years thereafter. Except as otherwise set forth below, within sixty (60) days of the expiration or termination of this Agreement, Company shall, at Company’s option: (i) certify to Customers that Company has destroyed all Confidential Data in its possession; or (ii) return all Confidential Data to Customers. Notwithstanding anything contrary herein, Company shall not be required to delete or destroy (a) Personal Information that has been de-personalized, (b) Personal Information pertaining to users whose loans Company guaranteed or who are receiving services from Company pursuant to a contractual relationship with another Company Customer, (c) Personal Information for a users who has consented in writing to Company using such information, including, in connection with such users activation of membership in Company’s membership program, and (d) Confidential Data stored on Company’s backup storage devices in the normal course of business, until such time as the stored data is deleted in accordance with Company’s data retention policies.  Customer shall have the right, at its own expense and upon reasonable prior notice to Company, to review Company’s security measures and information security program.