GENERAL TERMS AND CONDITIONS FOR TRANSPORTATION-RELATED SERVICES (“TERMS”)

 

(Formerly known as the INTTRA Website Legal Terms and Conditions, INTTRA Legal Terms and Conditions, or INTTRA Legal Terms) 

 

UPDATED September 29, 2022

 

PLEASE READ THESE TERMS CAREFULLY BEFORE USING ANY VENDOR WEBSITE AND/OR THE SERVICES, AS DEFINED BELOW. BY DOING ANY OF THE FOLLOWING: REGISTERING FOR VENDOR OR CONTINUED USE OF THE SERVICES, YOU (A) AGREE TO THE TERMS ON BEHALF OF THE BUSINESS THAT YOU REPRESENT (“YOU” or “CUSTOMER”) (INDIVIDUAL CONSUMER USE OF THE SERVICES IS PROHIBITED), (B) REPRESENT THAT YOU HAVE THE AUTHORITY TO ACT ON BEHALF OF SUCH ORGANIZATION TO AGREE TO THESE TERMS, AND (C) AGREE TO USE ELECTRONIC SIGNATURES, AND TO BE SUBJECT TO THE PROVISIONS OF THE U.S. E-SIGN ACT (I.E. THE ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT (ESIGN, PUB.L. 106-299, 14 STAT. 464, ENACTED JUNE 30, 2000, 15 U.S.C. CH. 96)). IF THESE STEPS ARE NOT WHAT YOU INTEND, OR IF YOU DO NOT FULLY UNDERSTAND AND AGREE WITH THESE TERMS AND CONDITIONS, WHICH INCLUDE A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, AND SELECTION OF GOVERNING LAW AND CHOICE OF FORUM (INCLUDING MANDATORY ARBITRATION INSTEAD OF COURT), THEN DO NOT ACCESS ANY VENDOR WEBSITE OR USE THE SERVICES. 

 

1.               Definitions 

 

“Affiliate” means an entity that is directly or indirectly owned or controlled by a party. For purposes of this definition, “control” refers to the power to direct the management or affairs of an entity and “ownership” refers to the beneficial ownership of 50% or more of the voting equity securities or other equivalent voting interests of the entity.

 

“Agreement” means the combination of these Terms and any referenced addendums, amendments, exhibits, Order Forms, schedules, SOWs, and/or other contract documents.

 

“Alliance Intermediary” means a third party that has a contract with Us permitting it to act on behalf of Platform Users and that You permit to act as an intermediary on Your behalf when using the Services, such as sending and receiving Transaction Data and otherwise interacting with the Services and Platform.

 

“Carrier” means a third-party ocean carrier participant and other freight carriers to which Vendor provides connectivity via the Services and Platform.

 

“Confidential Information” means any non-public information that is marked or otherwise designated in writing as confidential at the time of disclosure, or absent a marking that a reasonable person would expect to be confidential under the circumstances, and which is disclosed by a party to the other party.

 

“Container or Container Transaction” or “Container Transacted” (formerly Transacted Containers) means each individual container handled via the Platform via any means, such as referenced in a booking request, referenced on an eVGM submission, etc. An individual container is counted as a Container Transaction each time it is referenced in a Service. For example, the same container referenced on a booking request, shipping instruction, and eVGM submission will count as three Container Transactions.

 

Content” means any data sourced or created by Us (independently or with another party’s assistance) for inclusion in services provided by Us to customers or published, including without limitation, port codes, restricted party lists, harmonized commodity codes, etc. Content may be derived from proprietary, third-party, and/or publicly available data.

 

“Customer”“You”“Your”, or “Yourself” means collectively you and the company or other legal entity you represent defined as the Customer in the paragraph at the top of this page, and, if permitted, any Affiliate of Customer designated by Customer to make use of the Services under this Agreement, provided that Customer is wholly responsible for all actions or omissions by any such affiliated entity in connection with this Agreement.

 

“Documentation” means the then-current user guides, training materials, technical manuals, and any other reference materials that We generally make available or distribute to users of the Services or Platform.

 

“Intellectual Property Rights means any and all registered and unregistered rights granted, applied for or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.

 

“Vendor”, We”, Our”, or Us” means any of the following INTTRA Inc, E2open, LLC, or Affiliate as identified on Your Order Form. If You are using any Services not subject to an Order Form, it means INTTRA Inc.

 

“Vendor Materials” means any of the following: technology, equipment, information (including Content), and materials provided or developed by Vendor or its Affiliates (independently or with Your cooperation), in the course of performance under the Agreement.

 

“Order Form” means the order form, contract, or agreement, in a form provided by Us, identifying Services ordered by or made available to You and signed or otherwise accepted by both You and Us. Order Forms may be in any media, such as electronic terms and conditions or paper ordering documents. Formerly called “Service Order”.

 

“Platformor “Portal means Our proprietary network infrastructure, products, and services for the exchange of transportation data including, without limitation, the Services delivered and accessed via a variety of means as determined by Us, including, but not limited to, the internet, EDI, API, Document Conversion, and/or certain other proprietary software.

 

“Privacy Policy” means Our privacy policy located at https://www.e2open.com/privacy-policy/.

 

“Professional Services” means training, general consulting, configuration, implementation, and/or other such services identified on an Order Form.

 

“Service(s)” means services, products, data, and information provided by or through Us, authorized third-party services or data providers, and/or the Platform that You may access or use via the Platform or any other means that We authorize; and the use of any website owned or operated by Us, whether logged in or not, including inttra.com. At Our discretion, some Services may be available to You upon registration and without an Order Form or payment to Us, while others will be unavailable until You purchase a subscription or otherwise order them via an Order Form.

 

“Terms” means these terms and conditions.

 

“Third-Party Data” means any data transmitted to, from, and/or through any Vendor service by third parties using the Platform, such as Carriers. An example of Third-Party Data is Carrier-provided data You received through the Platform that facilitates or describes the status of a cargo shipment related to You.

 

Trading Partner” means Your identified third-party logistic providers, channel partners, suppliers, and/or contract manufacturers.

 

“Transaction Data” means any data transmitted to, from, and/or through any of the Platform or Services by, about, and/or related to You or the Services provided to You. Transaction Data includes Third-Party Data and Content related to You, and any data transmitted to or from Trading Partners.

 

“User” means any individual or automated system granted access to the Platform or Services through a unique user ID authorized to access and/or use the Platform or Services in accordance with the terms of this Agreement. Formerly called “Permitted User.”

 

2.               Use of Vendor Websites, Platform, and Services 

 

2.1.            All Vendor websites, products, and services are designed and offered exclusively for bona fide business use only and are not for use by individuals or for any use that is not expressly granted to You. Any individual use is expressly prohibited. Any use for any purpose that is competitive with Vendor or its Affiliates, including all of their service offerings, or that may devalue Vendor or its Affiliates’ commercial interests, is expressly prohibited. 

 

2.2.            We grant You a non-exclusive, non-transferable, worldwide right during the term of the Agreement to access and use the Services, Platform, and Vendor Materials directly or via an Alliance Intermediary solely for Your internal business purposes as contemplated by the Agreement. You allow Us to modify any Transaction Data submitted by Customer to correct any messages that do not conform to the standards set by Vendor or, if applicable, the standards of the intended third-party recipient of such data, e.g., a Carrier. Users must successfully register with Vendor and are not permitted to access the Platform or Services until such time as their registration is approved by Vendor. 

 

2.3.            Except as may be expressly stated otherwise in an Order Form, by registering, accessing, browsing, viewing, using, downloading, generating, receiving, or transmitting any data, information, or messages to or from the Platform, via the Services, and/or via any Vendor website or service, You accept, without limitation or qualification, these Terms as currently constituted and as may be updated from time to time in Our sole discretion. When We post changes to the Terms, Your continued use of the Platform and/or Services will constitute agreement to such changes. We will email all Users upon a material update to these Terms and You will regularly revisit and review Our website for changes to these Terms. We may also require that You accept other terms and conditions that govern the use of particular Services at the time You register for, order, or use that Service.  

 

2.4.            We deliver the services in accordance with the Documentation. The Documentation is subject to change from time to time at Vendor’s sole discretion. We control the appearance, development, and operation of the Platform, the Services, and Vendor websites, including standards for data transmission. Content and Third-Party Data are subject to change without prior notice. We may make improvements, updates, and/or changes to the Platform, Services, and/or Vendor websites or cease to provide any of the foregoing at any time without prior notice to the Customer; provided that We will endeavor to provide 30 days prior notice to You if We discontinue or materially degrade any Service. 

 

2.5.            You agree to allow without limitation our use or transmission, including to Carriers and other third parties of any data, including but not limited to Personal Data, information, or comments, provided to Us by You so long as such transmissions are at Your instruction, in accordance with the Privacy Policy, and/or are in furtherance of Our legitimate business purposes.

 

2.6.            You are responsible for Transaction Data provided by You and for the administration, authorization, and termination of all User access. You will provide Us with accurate, complete, and updated registration information of its Users. Notwithstanding the foregoing, We may refuse registration of, or suspend, a User’s access to the Subscription Services if, in Our judgment, a significant threat to the security or functionality of the Platform or Services or any component thereof is imminent. We will notify You of any such occurrence. You are responsible for the security of its access to the Platform and/or Services and the security of each User’s access authorization. You will not permit Users to share User IDs and passwords. You will promptly notify Us of any unauthorized use of the Platform or Services, or any other breach of security suspected or known to You. You are also responsible for maintaining the required hardware, software, internet connections, and other resources necessary for Users to access the Services. 

 

2.7.            You will comply with and will ensure all Users comply with the Acceptable Use Policy posted at https://www.e2open.com/acceptable-use-policy/; and the Security Policy located at https://www.e2open.com/company/customer-security-policy.

 

2.9.            Users may access certain Services through mobile applications obtained from third-party websites such as the Apple app store. The use of mobile applications is governed by an end-user license agreement presented upon download/access to the mobile application in addition to the terms of the Agreement. In the event of a conflict, the terms presented on the app store will govern but only to the extent necessary to resolve the conflict only as related to the use of the mobile application. For avoidance of doubt, the mobile application terms do not govern any other use of the Services other than the mobile application.

 

2.10.         We have the right, but not obligation, to monitor the Platform and/or the Services and to disclose any information necessary for their operation, to protect Us, and Our customers and licensors, and to comply with legal obligations or governmental requests. We reserve the right to refuse to post or to remove any information in the Platform and/or the Services, in whole or in part, for any reason. 

 

2.11.         We may engage third parties (subcontractors) to perform the Services or operate the Platform, or any part thereof. We are responsible for Our subcontractors. 

 

3.               Term and Termination of Services 

 

3.1.            The term of this Agreement will continue unless terminated in accordance with this section. Either party may terminate this Agreement (i) at any time upon 30 days’ notice to the other party; provided that where there is an Order Form, the term of the Order Form will continue subject to this Agreement until its expiration; (ii) if the other Party breaches any material term or condition of this Agreement and fails to cure such breach within 30 days after receipt of written notice of same; (iii) if the other Party becomes the subject of a voluntary petition in bankruptcy or any voluntary proceeding relating to insolvency, receivership, liquidation, or composition for the benefit of creditors; or (iv) if the other Party becomes the subject of an involuntary petition in bankruptcy or any involuntary proceeding relating to insolvency, receivership, liquidation, or composition for the benefit of creditors, if such petition or proceeding is not dismissed within 60 days of filing. Order Forms are non-cancelable, and fees paid under them are non-refundable.

 

3.2.            For any breaches of obligations related to the use of the Platform or Services or obligations related to Our Intellectual Property Rights, We may, upon email notice to Customer, immediately suspend Services, in whole or in part, until such breach is remedied; provided that if We reasonably determine that Customer is unable or unwilling to cure such a breach, We may immediately terminate this Agreement, in whole or in part. MONETARY DAMAGES MAY BE BOTH INCALCULABLE AND AN INSUFFICIENT REMEDY FOR ANY SUCH BREACH AND THAT ANY SUCH BREACH MAY CAUSE US IRREPARABLE HARM. ACCORDINGLY, IN THE EVENT OF ANY BREACH OR ANTICIPATED BREACH, WE, IN ADDITION TO ANY OTHER REMEDIES AT LAW OR IN EQUITY WE MAY HAVE, ARE ENTITLED TO SEEK EQUITABLE RELIEF, INCLUDING INJUNCTIVE RELIEF AND SPECIFIC PERFORMANCE, WITHOUT THE REQUIREMENT OF POSTING BOND OR OTHER SECURITY. 

 

3.3             Upon termination of the Agreement or Order Form, all rights granted to You will automatically terminate and You will immediately discontinue any applicable use of the Service or Platform. The following provisions will survive: those related to Our intellectual property and proprietary rights, those related to payment terms and taxes, those related to confidential information, limitations of liability, warranty disclaimers, indemnities, those related to term and termination, those related to compliance, and Section 11, General Provisions. 

 

4.               Fees; Payments 

 

The following terms apply only to Services that have a fee associated with them as set forth on an Order Form. Some Services may be accessible without a fee, requiring only successful registration on the Platform.

 

4.1.            All fees for Services are set forth in an Order Form. Unless otherwise specified in an Order Form, the following terms apply: (a) We will invoice You as follows: (i) for monthly, annual, or other recurring or subscription charges: annually in advance; (ii) for one-time charges: immediately upon order; and (iii) for Services that are priced based on Container Transaction Volume: monthly in arrears; (b) You will pay all invoices within 30 days of receipt; (c) all fees charged and invoices issued by Us are in United States Dollars and Customer will make all payments in United States Dollars in accordance with reasonable payment instructions that may be issued by Us on an invoice or otherwise communicated to You; and (d) for any payment not received when due Your balance due will accrue interest at a rate of 1½% per month, or the highest rate allowed by applicable law, whichever is lower. 

 

4.2.            All prices for Services delivered as a subscription service or otherwise where the fees reoccur each period, will increase by 5% each Contract Year. If Contract Year is not defined elsewhere, means each one-year period commencing on the Effective Date and each anniversary thereafter. At all other times, We may modify pricing for any Services upon 90 days’ notice to Customer. During such notice period, Customer may terminate its use of the Services and any applicable Order Form for such affected Service but only for the affected Service, and will receive a refund of any prepaid fees, if any. The annual fee increase is not subject to the notice and termination portion of this section. 

 

4.3.            You must raise all invoice disputes before the due date of an invoice; otherwise You waives any right to dispute and accept the fees invoiced. In order for a dispute to be valid, You must include a detailed description of the disputed items, the reason for the dispute, the requested resolution of the dispute, and pay all undisputed amounts when due. You will cooperate with Us to investigate and resolve the dispute in good faith. 

 

4.4.            In addition to Our other rights, including the right to terminate this Agreement, in whole or in part, based on non-payment, We may, after notice to You, limit or suspend Your access to any or all Services, in whole or in part, until Your account is made current. 

 

4.5.            You are responsible for any and all applicable taxes relating to this Agreement, other than taxes based on Our net income. 

 

4.6.            Any term(s) contained in Your purchase order, acknowledgment form, or any other form that is different from, or in addition to this Agreement will not have any effect of modifying or adding any terms to the Agreement. No agent, employee, or representative of Ours has any authority to alter or delete the terms of this Agreement or bind Us to any warranty, covenant, or representation other than as set forth in this Agreement. 

 

5.               Intellectual Property 

 

5.1.            Each Party reserves any and all title, right and interests it may have in its trademarks, copyrights, and other intellectual property rights. As between You and Us, We will own all intellectual property rights in the Platform, the Services, and Our websites, separately and as a whole, including all rights in and to databases, trade secrets, patents, copyrights, trademarks, and know-how, as well as moral rights and similar rights of any type under the laws of any governmental authority, domestic or foreign. We will own any data that We create as a result of or derived from operating the Platform, and/or the Services (for avoidance of doubt, the data described in this sentence does not include data submitted by Customer). We grant you a non-exclusive, non-transferable, non-assignable, non-sublicensable, terminable right to access and use Third-Party Data and Content for Your internal business uses. 

 

5.2.            Except as expressly permitted herein or in an Order Form, Customer will not at any time display, perform, copy, distribute, or use any Third-Party Data, or Content in any form at any time or permit any entity under its Control to cause any distribution, disclosure, or transfer to any third party of: (i) access to the Services; (ii) data and information derived from the Services; or (iii) use of the Services, without Our express written consent.  

 

5.3.            Customer may display or publish Transaction Data to shippers, forwarders, consignees, importers and exporters (“Specified Third Parties”), provided that: (i) any such Specified Third Party has a direct contractual and/or legal interest in and entitlement to such data; (ii) such data is necessary to facilitate completion of Customer’s transactions; (iii) such use is consistent with this Agreement, applicable laws and regulations governing Customer’s use of the Services; and (iv) to the extent such data is Confidential Information, such Specified Third Party is bound by written confidentiality obligations at least as protective as in these Terms. In no event will You acquire any ownership rights or other interest in any Content, Third-Party Data, or database by or through Your use of the Platform and/or the Services.  

 

5.4.            You warrant and represent that You have all necessary rights and authority to process Transaction Data via the Platform and/or Services. 

 

5.5.            Notwithstanding any other section of the Agreement, You grant to Us, with respect to all Transaction Data, a worldwide, royalty-free, perpetual, irrevocable, non-exclusive, and fully sublicensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, sell, distribute, perform and display such data (in whole or in part); and to incorporate it in other works in any form, media, or technology (“Derived Works”). We will own all rights in Derivative Works. We will provide or sell Transaction Data and Derivative Works, to government authorities, government agents, governmental entities, ports, customs authorities, and to other third parties that will use Transaction Data and Derived Works for their business purposes, including but not limited to statistical analysis, financial trading, or transportation operations. 

 

5.6.            You may provide ideas, concepts, or techniques for new services or products to Us. Such information is not confidential or proprietary and We will have an unrestricted, irrevocable, worldwide, royalty-free right to use, communicate, reproduce, publish, display, distribute, make derivative works of, and exploit such information in any manner it chooses with no duty to account to You. 

 

5.7.            Unless otherwise noted, everything Customer sees or reads on Our websites, Platform and/or regarding the Services including, but not limited to, textual, graphical and all other content created by or for Us, is, as between You and Us, Our property, and may not be reproduced, distributed, publicly performed, or displayed, transmitted, or used, and related rights except as provided in these Terms, without Our written permission. Re-publication or citation of any content generated by the Platform and/or Services without Our written consent is expressly prohibited, except as otherwise set forth herein. Our websites, Platform, and/or Services may contain other proprietary notices and copyright information, the terms of which must be observed and followed. INTTRA, Cloud Logistics, and TMS Made Easy and any other marks identified as such are Our trademarks and may not be used without prior written permission. We assert no claims to the marks of Carriers and/or others displayed by Us on Our websites, Platform, and/or Services. 

 

5.8.            Anyone who believes that his or her work has been reproduced on the Platform in a way that constitutes copyright infringement may notify Our legal department by providing the following information: 

 

a.      Identification of the copyrighted work that You claim has been infringed;

 

b.      Identification of the material that You claim is infringing, including a description of where it is located on the Platform so We can locate it;

 

c.      Your address, telephone number and, if available, e-mail address, so that We can contact You about Your complaint; and

 

d.      A signed statement that the above information is accurate; that You have a good faith belief that the identified use of the material is not authorized by the copyright owner, its agent, or the law; and, under penalty of perjury, that You are the copyright owner or are authorized to act on the copyright owner’s behalf in this situation.

 

If You give notice of copyright infringement by e-mail or phone, Our legal department will begin investigating the alleged copyright infringement; however, We must receive Your signature by mail before We are required to take any action. More information about U.S. copyright law can be found at the United States Copyright Office, which can be found here: http://www.copyright.gov/.

 

Notices of copyright infringement claims should be sent to copyright@inttra.com or legal@e2open.com.

 

5.9.            You agree that We may identify You as a user of Our services and that We may use Your business name and logo in doing so, including in sales presentations, marketing materials, and on its websites. Upon Our request, the parties will cooperate to timely issue a mutually agreed joint press release, case study, and/or reference regarding Your use of Our services. 

 

6.               Confidential Information 

 

6.1.            Each Party acknowledges that it may have access to Confidential Information of the other Party and agrees, for the duration of this Agreement and 3 years thereafter, to hold the other’s Confidential Information in confidence subject to the limitations of Section 6.2. Each Party agrees to take commercially reasonable steps, which are at least as stringent as it takes to protect its own Confidential Information, to ensure that Confidential Information is not disclosed or distributed by its employees or agents in violation of this Section 6. 

 

6.2.            The obligations in Section 6.1 will not apply to any information (i) at the time of disclosure is in the public domain or generally known or knowable by the public; (ii) after disclosure, becomes part of the public domain or generally known or knowable by the public, except by breach of this Agreement; (iii) was already in the receiving Party’s possession at the time of disclosure by the disclosing Party; (iv) resulted from the receiving party’s own research and development, independent of disclosure from the disclosing Party; (v) where Vendor has exercised its rights granted in Section 5.5 (vi) the receiving Party receives from third parties, provided such information was not obtained by such third parties from the disclosing Party on a confidential basis; (vii) is produced in compliance with applicable law, a court order, in connection with a subpoena or similar legal process, (viii) is produced in compliance with the Privacy Policy; (ix) must be disclosed to enforce rights under this Agreement; or (x) is furnished to the receiving Party by a third party without restriction on disclosure.

 

7.               Disclaimer of Warranties; Errors 

 

7.1.            While We have used reasonable efforts to ensure that the Vendor Materials are accurate and up to date, We are not responsible or liable for any errors, inaccuracies, or omission in the Vendor Materials or Third-Party Data or in the data from which the Vendor Materials are derived. THE PLATFORM, SERVICES, VENDOR MATERIALS, AND THIRD-PARTY DATA ARE PROVIDED “AS IS” WITH NO GUARANTEES OF COMPLETENESS, ACCURACY, OR TIMELINESS OF RESULTS OBTAINED FROM THE USE THEREOF. 

 

7.2.            We make no warranties or representations whatsoever regarding any other Web sites Customer may access through the Platform and/or the Services. When accessing a non-Vendor website, Customer understands that that website is independent from Us and that We have no control over the content of that website. In addition, a link to a non-Vendor website does not mean that We endorse or accept any responsibility for the content or the use of such website. It is up to the Customer to take precautions to ensure that whatever is selected for Customer’s use is in all ways suitable and free of viruses and other items of destructive nature.  

 

8.               Limitation of Liability 

 

8.1.            To the maximum extent permitted by law, We will not be liable under any contract, tort (including negligence), strict liability, or other legal or equitable theory: (a) for any loss of business, loss of use or of data, delay or interruption of business, or lost goodwill; (b) for any cost of procurement of substitute goods, software, or services; or (c) for any incidental, indirect, consequential, or punitive damages (including, without limitation, lost profits), even if advised of the possibility of such damages.  

 

8.2.            Our maximum aggregate liability will not exceed the total fees paid or payable by You for the specific Service giving rise to the liability, as such fees are identified on an Order Form or in an SOW, during the 12 month period preceding the event or action giving rise to liability (or if such claim arises during the initial 12 months of this Agreement, the fees expected to be paid during such 12 month period), or $5,000, whichever amount is more. The foregoing limitation applies notwithstanding the failure of any agreed or other remedy of its essential purpose.  

 

8.3.            You agree that any claim or cause of action arising out of or related to your use of the Platform, Services or otherwise related to this Agreement must be asserted within one year after such claim or cause of action arose. You expressly waive any right you may otherwise have under any statute or law for any claims not made within such one-year period.  

 

8.4.            The limitations of liability set forth in this section reflect the allocation of risk between the parties. The limitations specified in this section will survive and apply even if any limited remedy specified in these Terms found to have failed of its essential purpose and will inure to the benefit of Us, including our Affiliates, successors, and/or its respective suppliers.

9.               Indemnification 

 

Customer will indemnify, hold harmless, and defend Us (including our Affiliates), and all of its (including its Affiliates) current and former officers, directors, members, shareholders, agents, and employees from any and all Claims. “Claim” means any action, cause of action, suit, proceeding, claim, or demand of any third party (and all resulting judgments, bona fide settlements, penalties, fines, damages, losses, liabilities, costs, and expenses (including, without limitation, reasonable attorneys’ fees and costs)), which arises out of: (a) Customer’s breach of this Agreement, or (b) Customer’s or Customer’s customer use of or access to Our websites, Platform, and/or the Services. We will provide Customer with reasonable notice of any Claim. Customer will not settle any claim without Our prior written consent, which will not be unreasonably withheld.

 

10.             Data Protection 

 

This Agreement incorporates the Privacy Policy where applicable.

 

When using the Service, Customer will have the option to provide certain personal or business contact information, including but not limited to, name, address, email address and telephone number (collectively, the ‘Personal Data’). Customer will likely need to submit some Personal Data in order to submit transactions via the Platform. Customer agrees to:

 

a.      Provide true, accurate, current, and complete Personal Data as prompted by the Service processes.

 

b.      Maintain and promptly update the Personal Data to keep it accurate, current, and complete.

 

c.      Maintain the security and confidentiality of any usernames, passwords and any other security or access information used by the Customer to access the Service.

 

d.      Refrain from impersonating any person or entity or misrepresent Customer’s identity or affiliation with any person or entity, including using another person’s Personal Data.

 

e.      Immediately notify Us in writing if Customer becomes aware of any loss, theft or use by any other person or entity of any of its Personal Data in connection with the Service or any other breach of security that the Customer becomes aware of involving or relating to the Service.

 

f.       Only insert Personal Data into fields clearly designated to hold Personal Data. Examples of such fields include Name, Phone Number, Address, etc. We will only monitor these fields as it relates to Personal Data rights and regulations. We will not monitor fields for compliance with data protection laws that are not clearly intended to contain Personal Data (for example, Cargo Description). We will disclose fields not clearly intended to contain Personal Data to third parties, such as to a Carrier, without identifying them as containing Personal Data and if You insert Personal Data in such fields it may be further disclosed (including by publication or public display) to other third parties, such as in customs filings.

 

Where the Customer is based in the European Economic Area (EEA) and in the course of using the Platform or the Services, the Customer provides Personal Data to Us, the Customer acknowledges that this Personal Data will be transferred to countries outside of the EEA (including to the US, UK, India, Malaysia, Singapore, and China) which may not provide a similar level of data protection to that provided by countries within the EEA. Where applicable, the parties agree to comply with the Standard Contractual Clauses set out in Schedule 1, which are incorporated herein by reference, in connection with the Services in order to address the relevant European data transfer restrictions.

 

The following terms apply for the INTTRA ocean shipping and booking Platform, regardless of which E2open, LLC affiliate You contract with:

 

Both parties are data controllers and will comply with the relevant data protection and privacy obligations.

 

For the purposes of the Standard Contractual Clauses, attached as Schedule 1, the parties agree that (i) the Customer is the Data Exporter and (ii) We are the Data Importer.

 

If the CCPA is applicable, We are a business, not a service provider.

 

The following terms apply for all other Services:

 

We are a data processor and You are the data controller. The Standard Contractual Clauses, attached as Schedule 1, do not apply. The data processing agreement available at https://www.e2open.com/data-processing-addendum/ governs the processing of personal data and is incorporated herein by reference.

 

If the CCPA is applicable, We are a service provider.

 

11.             General Provisions 

 

11.1.         This Agreement contains the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior representations and understandings, whether oral or written. This Agreement may not be amended, nor any obligation waived, except by a writing signed by the authorized representatives of both parties. No terms, provisions or conditions of any purchase order, acknowledgment, or other business form that You may use in connection with the acquisition of the Services or use of the Platform will have any effect on the rights, duties or obligations of the parties relating to Your Use of the Services or the Platform provided under, or otherwise modify, this Agreement, regardless of any failure by Us to object to such terms, provisions or conditions. The parties exclude in its entirety the application to this Agreement of the United Nations Convention on Contracts for the International Sale of Goods. 

 

11.2.         No right or license under this Agreement may be assigned or otherwise transferred by Customer without Our prior written consent. The foregoing notwithstanding, upon written notice to Us, Customer may assign, or otherwise transfer this Agreement to any Affiliate which Controls, is Controlled by, or is under common Control with Customer, or to the surviving entity as a result of a merger, acquisition or reorganization of all or substantially all of Customer’s assets or stock provided such entity is not deemed by Us to be a direct competitor of Vendor and agrees in writing it is bound by the terms of this Agreement. Subject to the foregoing, this Agreement will bind and inure to the benefit of the successors and assigns of Customer and Vendor. Notwithstanding the foregoing, Customer understands and agrees that We set fees charged to Customer upon Customer’s structure, size, and estimated usage of the Services as of the date of an Order Form. If Customer undergoes a merger or acquisition, Customer’s use of the Services may change materially. Fees do not include additional volume which results from a merger or acquisition. If Customer wishes to use the Services for the newly acquired or merged company, it will provide written notice to Us. We reserve the right to revise fees in such event, and the Parties will negotiate such revised fees in good faith. If the Parties are unable to come to an agreement, We reserve the right to limit, suspend, and/or terminate Services. 

 

11.3.         All written notices will be in writing and sent by first class mail, overnight mail, courier, or transmitted by facsimile and confirmed by mailing, to the addresses indicated by each Party, and providing at least 10 days prior written notice to the other Party. Notice is deemed to have been given upon personal delivery (in the case of overnight mail, courier, or facsimile) or five (5) business days after being sent by first class mail. You are to provide written notice to Us as follows: 

 

If your Order Form is with INTTRA Inc. or you use any Services without an Order Form:

 

By mail (all written notices via this method):

 

INTTRA Inc.

9600 Great Hills Trail, Suite 300E
Austin, TX 78759 USA

By e-mail: service@inttra.com
For claims or questions regarding copyright, contact:
copyright@inttra.com

 

In all other cases:

 

By mail (all written notices via this method):
E2open, LLC
9600 Great Hills Trail, Suite 300E
Austin, TX 78759 USA

By e-mail: customersupport@e2open.com

 

For claims or questions regarding copyright, contact: legal@e2open.com

 

11.4.         References in this Agreement to “notice in writing” or “written notice” or other similar reference will not include electronic or email notice and only hard copy writings are acceptable. Other reference to “notice” will mean notice by any reasonable communication means, such as Vendor sending an email to Customer’s most current email address in its files. 

 

11.5.         You will comply with all applicable laws and regulations governing the use, access, or export of the Services, Platform, or any part thereof. Without limitation, the Platform or Services or any part thereof may not be used or accessed within or by, or otherwise exported to, (a) any United States embargoed country; or (b) anyone on the United States Treasury Department’s list of Specially Designated Nations, the United States Department of Commerce’s Table of Denial Orders, or other similar lists of parties that We are prohibited from doing business with. Both parties will comply at all times with all applicable laws and regulations, including without limitation, anti-corruption laws including, such as the US Foreign Corrupt Practices Act and the UK Bribery Act 2010. 

 

11.6.         If any provision of this Agreement is found to be unenforceable, the remainder will be enforced as fully as possible, and the unenforceable provision will be deemed modified to the limited extent required to permit its enforcement in a manner most closely approximating the intention of the parties as expressed. Any failure to enforce any provision of this Agreement will not constitute a waiver thereof or of any other provision. 

 

11.7.         In the event of any conflict between contract documents You have with Us, the order of precedence is (i) any Order Form (ii) these Terms, and then (iii) any other applicable terms. Should a conflict exist between several Order Forms then the terms of the most recent Order Form will control. 

 

11.8.         Each Party agrees to bear its own costs relating to the Services, including, but not limited to, costs associated with support, maintenance, testing, interface development, and EDI mapping. The Parties are independent contractors acting for their own account, and neither party is authorized to make any representation or commitment on behalf of the other. This Agreement will not be construed as creating a partnership, joint venture, franchise, agency, or similar relationship between the Parties. 

 

11.9          If after good faith negotiations between the senior leadership of the parties performed within 30 days of being notified of a dispute, a dispute arising out of or related to this Agreement cannot be resolved directly by the parties, then any dispute arising out of or in connection with this Agreement, including any question regarding its existence, validity or termination, will be referred to and finally resolved by arbitration under the then-current American Arbitration Association (AAA) rules for arbitration of commercial disputes; provided that the foregoing will not preclude the parties from immediately seeking any preliminary or injunctive remedies available under applicable laws for any purpose before any competent tribunal, without limitation, courts, and that any question regarding the existence, validity or termination of this proviso will be determined by such tribunal. The arbitration will be conducted by one arbitrator who is mutually agreeable to the parties and who has no prior relationship with either of the parties. Any court having jurisdiction may enter judgment upon the award rendered by the arbitrator. The place of arbitration will be in New York, NY, USA. The dispute resolution process described in this section will apply regardless of the country of origin of any dispute. The costs of the arbitration, including administrative and arbitrator fees, will be shared equally by the parties. Each party will bear its own costs and attorney and witness fees. In the event that arbitration is unenforceable, the parties irrevocably submit to the exclusive jurisdiction and venue of the state courts with jurisdiction in New York County, New York and waives any objection to venue or forum in such court. The parties agree to waive jury trial. 

 

11.10.       This Agreement is governed by, construed, and enforced under the laws of the State of New York, USA, without regard to its conflicts of laws principles.  

 

11.11.       This Agreement was drafted, negotiated, and entered into by the Parties in English. Notwithstanding the translation of this Agreement into any other language, by any party, for convenience or any other purpose, the English text will govern and control. 

 

11.12.       Order Forms may be executed in identical counterparts each of which are deemed an original and all of which together will constitute one instrument. Signatures transmitted by facsimile transmission will constitute legally binding and effective execution and delivery. 

 

11.13.       We will not be liable for delays or failures in its performance to the extent such failures or delays result from acts beyond Our reasonable control, including, but not limited to, fire, flood, earthquake, elements of nature or acts of God, acts of war, terrorism, strikes, walkouts, riots, civil disorders, rebellions, quarantines, epidemics, embargoes or other similar governmental action. 

 

12.             The following additional terms and conditions apply if You use Bill of Lading Services (for example BL Data or BL Image)

 

You are liable to Us and the Transmitting Carrier(s) for, and will indemnify, hold harmless, and defend Us and Transmitting Carrier(s) (and its and their current and former officers, directors, shareholders, agents, property, and employees) against and from any and all Claims. Claims include, but are not limited to, any action, cause of action, suit, proceeding (arbitral or otherwise), claim, or demand of any party (and all resulting judgments, bona fide settlements, penalties, damages, losses, liabilities, costs, interest and expenses (including without limitation reasonable attorneys’ fees and costs)), which arise(s) out of: (a) Customer’s breach of this section 12; (b) Customer’s use of or access to (i) Our systems and/or BL Data Service, or (ii) BL Data; (c) the use or misuse by any party with whom the Customer has shared BL Data or whom Customer has designated as an intermediary to receive BL Data from Us on its behalf (including Our alliance partner), or any access by such party to (i) Our systems, BL Data Services, or (ii) BL Data; or (d) any mis-delivery, non-delivery, theft, conversion, misuse, fraud or inaccurate submission, receipt or distribution of any BL Data. We and/or each Transmitting Carrier may, at their/its expense, employ separate counsel to monitor and participate in the defense of any Claim. We and the Transmitting Carrier(s), will provide Customer with reasonably prompt notice in writing of any Claim.

 

You are liable to Us and the Carrier(s) for, and will indemnify, hold harmless, and defend Us and Carrier(s) (and its and their current and former officers, directors, shareholders, agents, property and employees) against and from any and all Claims. Claims include, but are not limited to, any action, cause of action, suit, proceeding (arbitral or otherwise), claim, or demand of any party (and all resulting judgments, bona fide settlements, penalties, damages, losses, liabilities, costs, interest and expenses (including without limitation reasonable attorneys’ fees and costs)), which arise(s) out of: (a) Customer’s breach of this section 12; (b) Customer’s use of or access to (i) Our systems and/or BL Image Services, or (ii) BL Image; (c) the use or misuse by any party with whom the Customer has shared BL Image or whom Customer has designated as an intermediary to receive BL Image from Us on its behalf (including Our alliance partner), or any access by such party to (i) Our systems and/or BL Image Services, or (ii) BL Image; or (d) any mis-delivery, non-delivery, theft, conversion, misuse, fraud or inaccurate submission, receipt or distribution of any BL Image. We and/or each Carrier may, at their/its expense, employ separate counsel to monitor and participate in the defense of any Claim. We and the Carrier(s) will provide Customer with reasonably prompt notice in writing of any Claim.

 

For purposes of BL Image only, Carrier(s) will have the right to enforce this Agreement with respect to only the BL Image Service for the benefit of Carrier. Carrier(s) may enforce any such rights without joining Us to such enforcement action. Nothing in this Agreement or the relationships created by it will be construed to make or constitute Us as an agent, servant, employee or partner of either Customer, Affiliate(s) or any Carrier(s).

 

We and Carriers (including each of their respective employees, agents, officers, directors, licensors or affiliates) will have no liability for any inaccuracies, errors, or omission contained within any data caused by or attributable to BL Image(s) or BL Data; Your interaction with BL Image(s) or BL Data; any electronic agreement or other contract entered into between You or any third party; and Your use or inability to use BL Image(s) or BL Data or third party use of, or reliance on, the BL Data or BL Image.

 

WE AND CARRIER(S) DO NOT WARRANT AGAINST, AND WILL NOT BE LIABLE FOR, ERRORS IN THE TRANSMISSION OR CONTENT OF BL DATA, AND SPECIFICALLY DO NOT WARRANT AGAINST ERRORS THAT WOULD RESULT IN THE DISCLOSURE OF BL DATA TO THIRD PARTIES. 

 

12.1.         If you Use BL Image Services, the following terms apply: 

 

Registration to use the BL Image application is required. You may elect to obtain BL Image by contacting customer service. We will work with You to gather information about the selected Carrier(s) You wish to register with for BL Image, as well as Your contacts at the Carrier(s). You also need to appoint a person as Your BL Approval Contact. The BL Approval Contact is responsible for approving and removing Customer users for BL Image access. Each Carrier You wish to register with must first approve Your request for BL Image access.

 

The BL Images offered to Carrier-approved Customers by a requested Vendor approved Carrier (“Carrier-Specific Services”) depend on, and are subject to, the BL Image permitted by each such specific Carrier. To the extent permitted by each individual Carrier, the BL Images offered may include but not be limited to the following: remote printing of Sea Waybills (“Waybills”);

 

remote printing of negotiable Bills of Lading (“Negotiable B/Ls”) Originals; remote printing of Negotiable B/Ls – copies; remote printing of non-Negotiable B/Ls – originals; remote printing of non-Negotiable B/Ls – copies; Customer authorization to sign Waybills as Agent for Carrier; Customer authorization to sign non-Negotiable B/Ls as Agent for Carrier; Customer authorization to sign Negotiable B/Ls as Agent for Carrier; and Customer authorization to print Waybills on Carrier paper stock. In their sole discretion, We and each Carrier may modify or change the BL Images provided to Customer from time to time.

 

Any Data accessed through Us and/or a BL Image (a) do not constitute “Electronic Bills of Lading”“paperless trading”, a “contract of carriage”, or a “contract of transport” (as those terms may be used generally in the shipping industry), (b) will not be used to create unauthorized documents of any kind, including unauthorized bills of lading or Waybills, (c) have no commercial value in and of themselves, (d) may not be used to transfer by endorsement or otherwise the rights under a contract of carriage, and (e) may not be used for purposes of transferring ownership of cargo or as negotiable instruments. BL Image(s) merely provides an alternative method of exchanging Data electronically between Parties or “Allowed Parties” (defined below) to assist in the preparation of documents prior to actual issuance of traditional paper bills of lading or Waybills by the individual Carrier(s) or Carrier’s authorized agent. Although not necessarily printed by the Carrier, the Waybill or bill of lading to which the electronic data relates is issued by the Carrier. Only the Carrier and its authorized representatives and agents have authority to issue, sign, mark or alter any such document on behalf of the Carrier. Customer is authorized to remotely print such paper bill of lading or sea waybill in accordance with this Agreement but only if so specified and approved by the Carrier as a Carrier-Specific Service. Nothing in this Agreement constitutes an agreement to carry any goods or forms any part of a contract for the carriage of goods.

 

Once You are approved by (1) Us, and (2) the individual Carrier(s) from which you have requested BL Image access, and your BL Image access is activated, You are permitted to view, print, request changes to, approve, and share Data supplied by the Parties directly or via Alliance Intermediary, if applicable, to the extent authorized by the Carrier. This Agreement does not, by itself, grant to You any further right to access, copy, use, modify, sublicense, distribute, transfer or transmit any Data accessed on or through BL Image(s). Specifically, this Agreement does not, by itself, grant to You any right to sign any bill of lading or Waybill on behalf of Carrier(s), unless the specific Carrier has authorized You to sign such bill of lading or Waybill as agent for the Carrier. Customer will ensure that any bill of lading or Waybill is printed at Customer’s printer as soon as reasonably practicable onto Carrier’s paper stock as appropriate or, in the case of a Waybill, if and as permitted by the individual Carrier, onto good quality plain white paper consistent with relevant Carrier’s requirements. Customer will ensure that any bill of lading or Waybill once printed is (a) legible, showing the complete contents of the document without distortion or addition incorrectly centered portrait orientation, (b) is appropriately aligned and set out for the relevant paper size, and (c) accurately reflects the relevant Data supplied by the Parties as well as any additional information supplied by Allowed Parties or any third party. If any document which is printed (whether or not in full) pursuant to this Agreement does not comply, or if any electronic data is made available to the Customer in error, the Customer will immediately contact the Carrier and comply with said Carrier’s instructions in relation thereto. If there is any inconsistency between a Waybill or bill of lading that is printed and the latest document available in electronic form at www.inttra.com, the latter will prevail. A Carrier’s paper stock will remain the property of that particular Carrier until printed and executed pursuant to this Agreement. The Customer will make no alteration to the individual Carrier’s paper stock and unconditionally guarantees the secure and safekeeping of such Carrier’s paper stock to prevent release to any third party or the unauthorized or unlawful use of such Carrier’s paper stock by the Customer, its employees, agents or any third party. Customer will report immediately to Us and the relevant Carrier(s) any breach or suspected breach of security, including, but not limited to, loss or theft of Carrier’s paper stock, even if temporary. Customer will acknowledge receipt of Carrier’s paper stock, indicating the exact quantity received. Customer will also maintain an inventory of Carrier’s paper stock, including the serial number of each, whether actually used or wasted, and supply such inventory records to the relevant Carrier upon its request. Customer will ensure that the number of attempts to print an original bill of lading does not exceed the number of originals shown on the face of the bill of lading as having been issued. If for technical reasons (for example, difficulties in printing) more attempts to print are required, the express prior written authority of the Carrier must be obtained. This will be at the Carrier’s absolute discretion, which in any event will be conditional on (a) the Carrier receiving a letter of indemnity, signed by the Customer, in the terms provided by or agreed with the Carrier, and (b) any paper document which is to be replaced pursuant to such authority having first been destroyed.

 

As a BL Image Customer, You are permitted to access, receive, and exchange, and/or submit Data through the Platform in accordance with the following:

 

a.      WE WILL USE COMMERCIALLY REASONABLE EFFORTS TO ADVISE YOU IF ANY DATA INTERCHANGE IS REJECTED OR FAILS BUT WILL HAVE NO LIABILITY FOR ANY FAILURE TO DO SO AT ANY TIME.

 

b.      All Data is accessible online for a maximum period of ninety (90) days following receipt by Us. After 90 days, such Data may be archived.

 

c.      By submitting Data through the Platform, You grant to Us and Carrier(s) all necessary rights to copy, store, translate, publish and provide access to the Data to those authorized parties required for the Licensed Use of BL Image.

 

d.      YOU AGREE THAT IN NO CIRCUMSTANCES WILL WE OR CARRIER(S) BE LIABLE TO YOU FOR ANY CLAIM OF ANY NATURE RELATING TO ANY USE THAT THE CARRIER(S) OR OTHER THIRD PARTIES MAKE OF THE DATA AVAILABLE THROUGH BL IMAGE. Further, there may exist additional restrictions on the use of the Data arising from agreements as between You and the Carrier(s) or, if applicable, between You and Alliance Intermediary. The Carrier(s), through the use of BL Image(s), assume(s) no more legal obligation than that required by applicable law. The contract of carriage obligations of the Carrier(s) under the conditions of the bill of lading or Waybill are not reduced nor modified by this Agreement.

 

As a BL Image(s) Customer, You are permitted to receive and distribute Data from BL Image(s) only in accordance with the specific functionality of BL Image(s) and pursuant to the following:

 

a.      You agree not to alter, change, misuse or use the Data in any unlawful way or for any unlawful purpose.

 

b.      You agree that You are responsible for ensuring the accuracy of any and all Data supplied by the Parties as well as any additional information supplied by Allowed Parties or any third party and for informing the Carrier(s) via a Carrier change request if any Data submitted to BL Image(s) are inaccurate.

 

c.      You agree and understand that You are not authorized to make corrections to Data, any Waybill or bill of lading, or any information supplied by Allowed Parties or any third party. Only the respective Carrier(s) are authorized to make corrections to the Data.

 

d.      Except to the extent expressly set forth in this Agreement, You agree and undertake not to disclose or distribute the Data to any non-Allowed Parties in any format and/or through any means (e.g., email).

 

e.      You agree that You are responsible for protecting the confidentiality of any information shared with a third party. Customer agrees to limit Data sharing to the following “Allowed Parties” and for the following “Allowed Uses”. Allowed Parties include only (a) entities which have been lawfully named on the bill of lading or Waybill; (b) legally authorized relevant government entities; and (c) Customer’s legally authorized brokers, agents, logistic providers, and banks and, if applicable, Alliance Intermediary. Allowed Uses include only customs filing, relevant governmental requirements, import documentation, accounting record keeping and cargo release and, if applicable, data transmission to or from Alliance Intermediary. Sharing of Data for other uses or with other parties not listed above is specifically prohibited.

 

f.       For BL EDI Only. We will provide a user ID and password to the Customer’s Security Administrator(s). The user ID and password are required to download Data from Us. Customer will ensure the proper and secure management and use of such user ID and password and accepts responsibility for any unauthorized access to Us by any person other than an employee of Us using such user ID and password.

 

All Data accessible through BL Image(s) are, and will continue to be, owned exclusively by the rightful holders of the copyright in the relevant Data. Such holders have granted to Us the express or implied right to process the Data in connection with the services provided by Us through BL Image(s) and the Data are protected under applicable copyrights, patents, trademarks, trade dress, and/or other proprietary rights. Under no circumstances will You acquire any ownership rights or other interest in any Data solely by virtue of being a BL Image Customer.

 

No Customer-Affiliate(s) will have access to or be entitled to use the Platform or Carrier-Specific Services unless each such Affiliate(s) is first approved by the respective Carrier(s).

 

This Agreement gives Customer the right to access BL EDI either directly or via an Alliance Intermediary. Customer acknowledges and agrees that the following additional terms apply to Customer’s access to BL EDI via the Alliance Intermediary: (a) neither Us nor any Carrier(s) will have any liability to Customer or any Customer-Affiliate(s) arising from, or any way related to (i) any action or inaction on the part of Alliance Intermediary, or (ii) any Data transmitted between Customer and Alliance Intermediary; (b) Alliance Intermediary is not a party to this contract, and the relationship between Customer and Alliance Intermediary is, instead, covered by the corresponding agreement between Customer and Alliance Intermediary, if any; and (c) nothing in this Agreement will be construed to make or constitute either Us or any Carrier as an agent, servant, employee or partner of Alliance Intermediary.

 

BL Image Services will continue in effect until terminated by either Party upon 30 days prior written notice to the other. Termination of BL Image will not constitute termination of the Terms. Notwithstanding the foregoing, BL Image will be automatically terminated as part of a termination of the Terms, with cause or without cause, as applicable, in accordance with the corresponding terms of the Terms.

 

BL Image Service will not in any way reduce, increase or modify any separate right or obligation of Customer or of the Carrier, nor will it increase Carrier’s liability in any way under any other document or agreement between Customer and the Carrier, including, without limitation, the Carrier’s contract of carriage rights and obligations under the bill of lading or Waybill.

 

12.2.         If you Use BL Data Services, the following terms apply: 

 

You may select to obtain BL Data by contacting customer services. Once Customer is activated and approved by both We and the individual Transmitting Carrier(s) from which Customer has requested BL Data access, Customer is permitted to access and receive BL Data transmitted by those Transmitting Carriers to the extent authorized below. Except as set forth in this Agreement, BL Data does not grant to Customer any right to copy, use, modify, sublicense, distribute, transfer, or transmit any BL Data accessed through the Platform.

 

To protect the confidentiality of BL Data, We strongly recommends that Customer implement secure communication protocols, such as secure FTP or AS2. If Customer, nonetheless, elects to access BL Data utilizing non-secure communication protocols, Customer acknowledges that the use of such non-secure protocols may result in unauthorized access to BL Data and fully assumes all liability arising from or relating to such unauthorized access.

 

Notwithstanding anything to the contrary contained in this Agreement, the following terms apply to the receipt, use and distribution of BL Data by Customer or any party acting on behalf of Customer:

 

a.      Limited Use of BL Data (i) ANY BL DATA ACCESSED OR RECEIVED THROUGH EDI DOES NOT CONSTITUTE “ELECTRONIC BILLS OF LADING”. UNLESS A SEPARATE WRITTEN AUTHORIZATION BY TRANSMITTING CARRIER IS PROVIDED, BL DATA WILL NOT BE USED TO CREATE BILLS OF LADING AND WAYBILLS, WILL HAVE NO COMMERCIAL VALUE IN AND OF THEMSELVES, MAY NOT BE USED TO TRANSFER BY ENDORSEMENT OR OTHERWISE THE RIGHTS UNDER A CONTRACT OF CARRIAGE, AND MAY NOT BE USED FOR PURPOSES OF TRANSFERRING OWNERSHIP OF CARGO OR AS NEGOTIABLE INSTRUMENTS. WE MERELY PROVIDES AN ALTERNATIVE METHOD OF ACCESS TO AND RECEIPT OF BL DATA ELECTRONICALLY BY CUSTOMER FROM THE TRANSMITTING CARRIERS OR THEIR AUTHORIZED AGENT(S); (ii) BL Data may be used only for purposes of updating Customer’s backend systems or data visibility tools to allow Customer and Allowed Parties (as defined below) to view, download, and use the BL Data. BL Data may not be used as a substitute for Transmitting Carrier’s carrier-generated freight invoices. In the event of a discrepancy between data included in the BL Data and data within any official document issued by the Transmitting Carrier, such as freight invoices or transport documents, the document issued by the Transmitting Carrier will take precedence; (iii) NOTHING IN THIS AGREEMENT IS OR WILL BE CONSIDERED AN AGREEMENT TO CARRY ANY GOODS OR FORM ANY PART OF A CONTRACT FOR THE CARRIAGE OF GOODS; and (iv) Customer will not use BL Data in any unlawful way or for any unlawful purpose.

 

b.      Distribution of BL Data: (i) Customer agrees that it is legally responsible for protecting BL Data from any misuse, and will not disclose or distribute the BL Data, in any format and/or through any means (including, without limitation, via email or internet), other than to those persons or entities lawfully listed on the transport documents, legally authorized relevant government entities, and Customer’s legally authorized brokers, agents, logistics providers and banks (collectively “Allowed Parties”); (ii) Customer will limit any sharing of BL Data with Allowed Parties only to the following uses: data visibility, customs filing, governmental requirements, import documentation, accounting record keeping and cargo release. Further, any sharing of BL Data will also be in accordance with the terms set forth herein; (iii) Sharing of BL Data for other uses or with other parties not listed above is specifically prohibited; and (iv) further, Customer acknowledges that there may exist additional restrictions on the use and distribution of the BL Data arising from agreements personal as between Customer and the Transmitting Carrier.

 

BL Data Services will continue in effect until terminated by either Party upon 30 days prior written notice to the other. Termination of BL Data will not constitute termination of the Terms. Notwithstanding the foregoing, BL Data will be automatically terminated as part of a termination of the Terms, with cause or without cause, as applicable, in accordance with the corresponding terms of the Terms.

 

BL Data Service will not in any way reduce, increase or modify any separate right or obligation of Customer or of the Transmitting Carrier, nor will it increase Transmitting Carrier’s liability in any way under any other document or agreement between Customer and the Transmitting Carrier, including, without limitation, the Transmitting Carrier’s contract of carriage rights and obligations under the bill of lading.

 

13.             Professional Services Terms 

 

The following terms and conditions apply only to Professional Services.

 

13.1.         Standard Integration Services. Unless otherwise specified on an Order Form, the following terms apply to standard integration services: (i) We perform standard integration services in accordance with the applicable Documentation; (ii) You will perform all technical and development work on its systems to conform with the Documentation; (iii) You will fully cooperate with Us in the performance of Our responsibilities as set forth in the Documentation; (iv) You will make appropriate IT/eCommerce and operational resources available to complete a minimum of one Integration within 45 days of the Order Form effective date; (v) If during the course of a standard integration We and/or You reasonably determines that Your systems require a custom integration, then We will stop work and negotiate the terms of a custom integration Order Form, including additional cost to be paid to Us for custom work; (vi) We reserves the right to suspend all work on or cancel any or all Integrations if We, in its sole reasonable discretion, determines that Customer failed to provide resources or work with Us as reasonably required to complete Our obligations; and (vii) We may terminate any or all Integration Order Forms, in whole or in part, due to Your failure to perform Your obligations and upon such termination, We will have no obligation to perform Our obligations and no Fees will be refunded to Customer. 

 

13.2.         Custom integration services and other Professional Services. An Order Form with attached statement of work will be agreed by the parties for any custom integrations or professional services other than standard integration services. 

 

14.             Transportation Management System Services Terms 

 

The following terms and conditions apply only to Services that are identified as a transportation management system on an Order Form such as those delivered under the Cloud Logistics® by E2open brand.

 

14.1          Customer is responsible for directly transferring and procuring the necessary license and rights to use mileage and/or mapping software that is compatible with the Services (each, “Mileage and/or Mapping Software”). The Mileage and/or Mapping Software is integral to Customer’s receipt of the full benefits of the Services and obtaining a license from the vendor is Customer’s sole responsibility. Vendor will have PC Miler, Rand McNally, SMC3 for LTL, Google Maps, and other necessary third-party software functionality embedded in its TMS application and is responsible for providing support relating to the inoperability of the Services with the Mileage Software and/or Mapping Software. Customer is responsible for: 

 

a.      transferring its current license and applicable fees for the Mileage Software (PC Miler or Rand McNally) and/or Mapping Software (Google Maps) if those components are being accessed within the Services;

 

b.      transferring its current SMC3 LTL Rateware XL, Czar-Lite license, or individual tariffs and applicable fees with that provider for LTL rating if that component is being accessed within the Services;

 

c.      the fees associated with accessing the carrier safety/insurance websites if that component is being accessed within the Services; and

 

d.      the fees associated with other, optional third-party software to which the Services is integrated including, but not limited to, DAT Rateview, BreakthroughFuel, LocusTraxx and Truckstop.com.

 

 

SCHEDULE 1

 

STANDARD CONTRACTUAL CLAUSES

Controller to Controller

 

SECTION I

 

Clause 1

Purpose and scope

 

(a)             The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (1for the transfer of personal data to a third country.

(b)             The Parties:

 

(i)               the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and

(ii)              the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’)

have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).

(c)              These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.

(d)             The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

 

Clause 2

Effect and invariability of the Clauses

 

(a)             These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.

(b)             These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

 

Clause 3

Third-party beneficiaries

 

(a)             Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:

(i)               Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;

(ii)              Clause 8.5 (e) and Clause 8.9(b);

(iii)             N/A

(iv)             Clause 12(a) and (d);

(v)              Clause 13;

(vi)             Clause 15.1(c), (d) and (e);

(vii)            Clause 16(e);

(viii)           Clause 18(a) and (b).

(b)             Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

 

Clause 4

Interpretation

 

(a)             Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.

(b)             These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.

(c)              These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

 

Clause 5

Hierarchy

 

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

 

Clause 6

Description of the transfer(s)

 

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

 

Clause 7 – Optional

Docking clause

 

(a)             An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.

(b)             Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.

(c)              The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

 

SECTION II – OBLIGATIONS OF THE PARTIES

 

Clause 8

Data protection safeguards

 

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

 

8.1            Purpose limitation

 

The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B. It may only process the personal data for another purpose:

(i)               where it has obtained the data subject’s prior consent;

(ii)              where necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or

(iii)             where necessary in order to protect the vital interests of the data subject or of another natural person.

 

8.2            Transparency

 

(a)             In order to enable data subjects to effectively exercise their rights pursuant to Clause 10, the data importer shall inform them, either directly or through the data exporter:

(i)               of its identity and contact details;

(ii)              of the categories of personal data processed;

(iii)             of the right to obtain a copy of these Clauses;

(iv)             where it intends to onward transfer the personal data to any third party/ies, of the recipient or categories of recipients (as appropriate with a view to providing meaningful information), the purpose of such onward transfer and the ground therefore pursuant to Clause 8.7.

(b)             Paragraph (a) shall not apply where the data subject already has the information, including when such information has already been provided by the data exporter, or providing the information proves impossible or would involve a disproportionate effort for the data importer. In the latter case, the data importer shall, to the extent possible, make the information publicly available.

(c)              On request, the Parties shall make a copy of these Clauses, including the Appendix as completed by them, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including personal data, the Parties may redact part of the text of the Appendix prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information.

(d)             Paragraphs (a) to (c) are without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.

 

8.3            Accuracy and data minimisation

 

(a)             Each Party shall ensure that the personal data is accurate and, where necessary, kept up to date. The data importer shall take every reasonable step to ensure that personal data that is inaccurate, having regard to the purpose(s) of processing, is erased or rectified without delay.

(b)             If one of the Parties becomes aware that the personal data it has transferred or received is inaccurate, or has become outdated, it shall inform the other Party without undue delay.

(c)              The data importer shall ensure that the personal data is adequate, relevant and limited to what is necessary in relation to the purpose(s) of processing.

 

8.4            Storage limitation

 

The data importer shall retain the personal data for no longer than necessary for the purpose(s) for which it is processed. It shall put in place appropriate technical or organisational measures to ensure compliance with this obligation, including erasure or anonymisation (2) of the data and all back-ups at the end of the retention period.

 

8.5            Security of processing

 

(a)             The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the personal data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter ‘personal data breach’). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subject. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.

(b)             The Parties have agreed on the technical and organisational measures set out in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.

(c)              The data importer shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

(d)             In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the personal data breach, including measures to mitigate its possible adverse effects.

(e)             In case of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, the data importer shall without undue delay notify both the data exporter and the competent supervisory authority pursuant to Clause 13. Such notification shall contain i) a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), ii) its likely consequences, iii) the measures taken or proposed to address the breach, and iv) the details of a contact point from whom more information can be obtained. To the extent it is not possible for the data importer to provide all the information at the same time, it may do so in phases without undue further delay.

(f)              In case of a personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons, the data importer shall also notify without undue delay the data subjects concerned of the personal data breach and its nature, if necessary in cooperation with the data exporter, together with the information referred to in paragraph (e), points ii) to iv), unless the data importer has implemented measures to significantly reduce the risk to the rights or freedoms of natural persons, or notification would involve disproportionate efforts. In the latter case, the data importer shall instead issue a public communication or take a similar measure to inform the public of the personal data breach.

(g)             The data importer shall document all relevant facts relating to the personal data breach, including its effects and any remedial action taken, and keep a record thereof.

 

8.6            Sensitive data

 

Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions or offences (hereinafter ‘sensitive data’), the data importer shall apply specific restrictions and/or additional safeguards adapted to the specific nature of the data and the risks involved. This may include restricting the personnel permitted to access the personal data, additional security measures (such as pseudonymisation) and/or additional restrictions with respect to further disclosure.

 

8.7            Onward transfers

 

The data importer shall not disclose the personal data to a third party located outside the European Union (3) (in the same country as the data importer or in another third country, hereinafter ‘onward transfer’) unless the third party is or agrees to be bound by these Clauses, under the appropriate Module. Otherwise, an onward transfer by the data importer may only take place if:

(i)               it is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;

(ii)              the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of Regulation (EU) 2016/679 with respect to the processing in question;

(iii)             the third party enters into a binding instrument with the data importer ensuring the same level of data protection as under these Clauses, and the data importer provides a copy of these safeguards to the data exporter;

(iv)             it is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings;

(v)              it is necessary in order to protect the vital interests of the data subject or of another natural person; or

(vi)             where none of the other conditions apply, the data importer has obtained the explicit consent of the data subject for an onward transfer in a specific situation, after having informed him/her of its purpose(s), the identity of the recipient and the possible risks of such transfer to him/her due to the lack of appropriate data protection safeguards. In this case, the data importer shall inform the data exporter and, at the request of the latter, shall transmit to it a copy of the information provided to the data subject.

Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.

 

8.8            Processing under the authority of the data importer          

 

The data importer shall ensure that any person acting under its authority, including a processor, processes the data only on its instructions.

 

8.9            Documentation and compliance

 

(a)             Each Party shall be able to demonstrate compliance with its obligations under these Clauses. In particular, the data importer shall keep appropriate documentation of the processing activities carried out under its responsibility.

(b)             The data importer shall make such documentation available to the competent supervisory authority on request.

 

Clause 9

Use of sub-processors

 

N/A

 

Clause 10

Data subject rights

 

(a)             The data importer, where relevant with the assistance of the data exporter, shall deal with any enquiries and requests it receives from a data subject relating to the processing of his/her personal data and the exercise of his/her rights under these Clauses without undue delay and at the latest within one month of the receipt of the enquiry or request. (4) The data importer shall take appropriate measures to facilitate such enquiries, requests and the exercise of data subject rights. Any information provided to the data subject shall be in an intelligible and easily accessible form, using clear and plain language.

(b)             In particular, upon request by the data subject the data importer shall, free of charge:

(i)               provide confirmation to the data subject as to whether personal data concerning him/her is being processed and, where this is the case, a copy of the data relating to him/her and the information in Annex I; if personal data has been or will be onward transferred, provide information on recipients or categories of recipients (as appropriate with a view to providing meaningful information) to which the personal data has been or will be onward transferred, the purpose of such onward transfers and their ground pursuant to Clause 8.7; and provide information on the right to lodge a complaint with a supervisory authority in accordance with Clause 12(c)(i);

(ii)              rectify inaccurate or incomplete data concerning the data subject;

(iii)             erase personal data concerning the data subject if such data is being or has been processed in violation of any of these Clauses ensuring third-party beneficiary rights, or if the data subject withdraws the consent on which the processing is based.

(c)              Where the data importer processes the personal data for direct marketing purposes, it shall cease processing for such purposes if the data subject objects to it.

(d)             The data importer shall not make a decision based solely on the automated processing of the personal data transferred (hereinafter ‘automated decision’), which would produce legal effects concerning the data subject or similarly significantly affect him/her, unless with the explicit consent of the data subject or if authorised to do so under the laws of the country of destination, provided that such laws lays down suitable measures to safeguard the data subject’s rights and legitimate interests. In this case, the data importer shall, where necessary in cooperation with the data exporter:

(i)               inform the data subject about the envisaged automated decision, the envisaged consequences and the logic involved; and

(ii)              implement suitable safeguards, at least by enabling the data subject to contest the decision, express his/her point of view and obtain review by a human being.

(e)             Where requests from a data subject are excessive, in particular because of their repetitive character, the data importer may either charge a reasonable fee taking into account the administrative costs of granting the request or refuse to act on the request.

(f)              The data importer may refuse a data subject’s request if such refusal is allowed under the laws of the country of destination and is necessary and proportionate in a democratic society to protect one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679.

(g)             If the data importer intends to refuse a data subject’s request, it shall inform the data subject of the reasons for the refusal and the possibility of lodging a complaint with the competent supervisory authority and/or seeking judicial redress.

 

Clause 11

Redress

 

(a)             The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.

(b)             In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.

(c)              Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:

(i)               lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;

(ii)              refer the dispute to the competent courts within the meaning of Clause 18.

(d)             The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.

(e)             The data importer shall abide by a decision that is binding under the applicable EU or Member State law.

(f)              The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.

 

Clause 12

Liability

 

 (a)            Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.

(b)             Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.

(c)              Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.

(d)             The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.

(e)             The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.

 

Clause 13

Supervision

 

(a)             Where the data exporter is established in an EU Member State:] The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority.

Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679:] The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority.

Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679:] The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority.

(b)             The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.

 

SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

 

Clause 14

Local laws and practices affecting compliance with the Clauses

 

(a)             The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.

(b)             The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:

(i)               the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;

(ii)              the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards (5);

(iii)             any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.

(c)              The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.

(d)             The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.

(e)             The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).

(f)              Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.

 

Clause 15

Obligations of the data importer in case of access by public authorities

 

15.1          Notification

 

(a)             The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:

(i)               receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or

(ii)              becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.

 (b)            If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.

(c)              Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).

(d)             The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.

(e)             Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

 

15.2          Review of legality and data minimisation

 

(a)             The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).

(b)             The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.

(c)              The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

 

SECTION IV – FINAL PROVISIONS

 

Clause 16

Non-compliance with the Clauses and termination

 

(a)             The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.

(b)             In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).

(c)              The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:

(i)               the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;

(ii)              the data importer is in substantial or persistent breach of these Clauses; or

(iii)             the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.

In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.

(d)             Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.

(e)             Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.

 

Clause 17

Governing law

 

These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of Belgium.

 

Clause 18

Choice of forum and jurisdiction

 

(a)             Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.

(b)             The Parties agree that those shall be the courts of Belgium.

(c)              A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.

(d)             The Parties agree to submit themselves to the jurisdiction of such courts.

 

__________________________

 

(1) Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915.

 

(2) This requires rendering the data anonymous in such a way that the individual is no longer identifiable by anyone, in line with recital 26 of Regulation (EU) 2016/679, and that this process is irreversible.

 

(3) The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses.

 

(4) That period may be extended by a maximum of two more months, to the extent necessary taking into account the complexity and number of requests. The data importer shall duly and promptly inform the data subject of any such extension.

 

(5) As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies.

 

 

ANNEX I

 

A.   LIST OF PARTIES

Data exporter(s):

 

Name: As specified in the Agreement.

 

Address: As specified in the Agreement.

 

Contact person’s name, position and contact details: As specified in the Agreement.

 

Activities relevant to the data transferred under these Clauses: As specified in the Agreement.

 

Signature and date: The parties agree that execution of the Agreement by the data importer and the data exporter shall constitute execution of these Clauses by both parties as follows: (a) on 27 October 2021, where the effective date of the Agreement is on or before 27 September 2021, or (b) otherwise, on the

effective date of the Agreement.

 

Role (controller/processor): Controller

 

 

Data importer(s):

 

Name: INTTRA

 

Address: 9600 Great Hills Trail, Suite 300E, Austin, Texas 78759 USA

 

Contact person’s name, position and contact details: As specified in the Agreement.

 

Activities relevant to the data transferred under these Clauses: As specified in the Agreement.

 

Signature and date: The parties agree that execution of the Agreement by the data importer and the data exporter shall constitute execution of these Clauses by both parties as follows: (a) on 27 October 2021, where the effective date of the Agreement is on or before 27 September 2021, or (b) otherwise, on the effective date of the Agreement.

 

Role (controller/processor): Controller

 

B.   DESCRIPTION OF TRANSFER

Categories of data subjects whose personal data is transferred

                  Parties to or those working on freight shipments processed on the INTTRA platform

 

Categories of personal data transferred

                  Business contact information for those parties to or individuals working on freight shipments on the INTTRA platform such as name, business address, business email, business phone.

 

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

                  Sensitive personal data should not be submitted to the INTTRA platform.

 

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

                  As often as necessary to facilitate freight shipments on the INTTRA platform

 

Nature of the processing

                  Distributing details of the freight shipments on the INTTRA platform to the various participants in the freight shipping process such as a freight forwarder entering a booking request and that being distributed to the ocean carrier and consignee on the INTTRA platform.

 

Purpose(s) of the data transfer and further processing

                  To facilitate freight shipments.

 

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

                  Data is kept as long as necessary to achieve final settlement of a freight shipment and comply with archiving policies of the participants.

 

For transfers to processors, also specify subject matter, nature and duration of the processing

                  The parties will impose the terms and conditions set forth herein on processors.

 

C.   COMPETENT SUPERVISORY AUTHORITY

Identify the competent supervisory authority/ies in accordance with Clause 13

Belgium Data Protection Authority

 

 

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

 

The E2open group of companies provides a cloud-based Software-as-a-Service (SaaS) platform that automates and streamlines global trade. With more than 20 years of experience in delivering SaaS solutions, we consider security a core guiding principle for all aspects of our business. our solutions are specifically designed for enterprises and, as such, comply with the industry accepted security standards. While there are no truly bulletproof solutions, We continually review industry security developments and do our best to implement and follow best practices to keep services secure.

 

We strive to implement security processes and practices across all business units. To accomplish that, we have a dedicated team of professionals that manages information security, compliance, and data protection/privacy. Our practices are based on industry-leading standards, including generally accepted best practices such as being audited under the SOC framework and ISO 27001. These frameworks audits policies and procedures, asset management, access management, physical security, people security, product security, cloud and network infrastructure security, third-party security, vulnerability management, as well as security monitoring and incident response.

 

Our information security policies and standards are approved by management and distributed to our employees.

 

PEOPLE SECURITY

 

The people behind the services are an essential part in protecting the service, as the human factor has a key role in, and influence on, our organizational level of security. We put stringent controls in place for employees.

 

Background Checks

The screening process is based on personal interviews with recruitment/HR manager and a prospective employee’s direct manager. Where applicable, background checks include criminal record check, credit check, education check, references and identity. Additional checks may be performed in accordance with local law.

 

Security Training

New employees go through an extensive on-boarding process that include communication of security guidelines, expectations and code of conduct. In addition, all employees undergo annual security awareness training.

 

Continuous Communication

Our security team provides continuous communication on emerging threats, performs phishing awareness campaigns and communicates with management regularly.

 

PRODUCT SECURITY

 

The security development lifecycle (SDLC) standard helps ensure the delivery of a highly secure platform and activities. The following activities help us achieve this mission.

 

Secure Development

The development process strictly follows industry best practices (OWASP, SANS, NIST) that are continually tested using industry leading tools and third-party review.

 

Penetration Testing

We regularly perform testing for security vulnerabilities both in-house and by independent security assessment service providers. Penetration tests are performed on at least an annual basis by an independent third party.

 

Change Management

We follow a strict change management process. Changes are tracked, reviewed and approved to ensure operational changes are aligned with business objectives and compliance requirements. A change is reviewed before being moved into a staging environment, where it is further tested before finally being deployed to production.

 

Encryption in Transit

We support TLS1.2 or above to encrypt network traffic between the customer application and our services.

 

Encryption at Rest

We offer customers the option to encrypt data at rest in our data centers. If ordered, the encryption is based on a 256-bit AES algorithm.

 

Account Security

We offer robust security controls that the customer can choose to enable in the application, such as an audit trail, log-in policy password complexity, and more. We encourage customers to work with their account managers and use these controls.

 

PRIVATE CLOUD INFRASTRUCTURE

 

The security of our infrastructure and networks is critical. Creating a safe platform for the services and customer innovation is the mission of our cloud security.

 

Top-tier Infrastructure

We use multi-layered controls to help protect our infrastructure, and are constantly monitoring and improving our GENERAL TERMS AND CONDITIONS FOR TRANSPORTATION-RELATED SERVICES (“TERMS”)

 

(Formerly known as the INTTRA Website Legal Terms and Conditions, INTTRA Legal Terms and Conditions, or INTTRA Legal Terms) 

 

UPDATED September 29, 2022

 

PLEASE READ THESE TERMS CAREFULLY BEFORE USING ANY VENDOR WEBSITE AND/OR THE SERVICES, AS DEFINED BELOW. BY DOING ANY OF THE FOLLOWING: REGISTERING FOR VENDOR OR CONTINUED USE OF THE SERVICES, YOU (A) AGREE TO THE TERMS ON BEHALF OF THE BUSINESS THAT YOU REPRESENT (“YOU” or “CUSTOMER”) (INDIVIDUAL CONSUMER USE OF THE SERVICES IS PROHIBITED), (B) REPRESENT THAT YOU HAVE THE AUTHORITY TO ACT ON BEHALF OF SUCH ORGANIZATION TO AGREE TO THESE TERMS, AND (C) AGREE TO USE ELECTRONIC SIGNATURES, AND TO BE SUBJECT TO THE PROVISIONS OF THE U.S. E-SIGN ACT (I.E. THE ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT (ESIGN, PUB.L. 106-299, 14 STAT. 464, ENACTED JUNE 30, 2000, 15 U.S.C. CH. 96)). IF THESE STEPS ARE NOT WHAT YOU INTEND, OR IF YOU DO NOT FULLY UNDERSTAND AND AGREE WITH THESE TERMS AND CONDITIONS, WHICH INCLUDE A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, AND SELECTION OF GOVERNING LAW AND CHOICE OF FORUM (INCLUDING MANDATORY ARBITRATION INSTEAD OF COURT), THEN DO NOT ACCESS ANY VENDOR WEBSITE OR USE THE SERVICES. 

 

1.               Definitions 

 

“Affiliate” means an entity that is directly or indirectly owned or controlled by a party. For purposes of this definition, “control” refers to the power to direct the management or affairs of an entity and “ownership” refers to the beneficial ownership of 50% or more of the voting equity securities or other equivalent voting interests of the entity.

 

“Agreement” means the combination of these Terms and any referenced addendums, amendments, exhibits, Order Forms, schedules, SOWs, and/or other contract documents.

 

“Alliance Intermediary” means a third party that has a contract with Us permitting it to act on behalf of Platform Users and that You permit to act as an intermediary on Your behalf when using the Services, such as sending and receiving Transaction Data and otherwise interacting with the Services and Platform.

 

“Carrier” means a third-party ocean carrier participant and other freight carriers to which Vendor provides connectivity via the Services and Platform.

 

“Confidential Information” means any non-public information that is marked or otherwise designated in writing as confidential at the time of disclosure, or absent a marking that a reasonable person would expect to be confidential under the circumstances, and which is disclosed by a party to the other party.

 

“Container or Container Transaction” or “Container Transacted” (formerly Transacted Containers) means each individual container handled via the Platform via any means, such as referenced in a booking request, referenced on an eVGM submission, etc. An individual container is counted as a Container Transaction each time it is referenced in a Service. For example, the same container referenced on a booking request, shipping instruction, and eVGM submission will count as three Container Transactions.

 

Content” means any data sourced or created by Us (independently or with another party’s assistance) for inclusion in services provided by Us to customers or published, including without limitation, port codes, restricted party lists, harmonized commodity codes, etc. Content may be derived from proprietary, third-party, and/or publicly available data.

 

“Customer”“You”“Your”, or “Yourself” means collectively you and the company or other legal entity you represent defined as the Customer in the paragraph at the top of this page, and, if permitted, any Affiliate of Customer designated by Customer to make use of the Services under this Agreement, provided that Customer is wholly responsible for all actions or omissions by any such affiliated entity in connection with this Agreement.

 

“Documentation” means the then-current user guides, training materials, technical manuals, and any other reference materials that We generally make available or distribute to users of the Services or Platform.

 

“Intellectual Property Rights means any and all registered and unregistered rights granted, applied for or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.

 

“Vendor”, We”, Our”, or Us” means any of the following INTTRA Inc, E2open, LLC, or Affiliate as identified on Your Order Form. If You are using any Services not subject to an Order Form, it means INTTRA Inc.

 

“Vendor Materials” means any of the following: technology, equipment, information (including Content), and materials provided or developed by Vendor or its Affiliates (independently or with Your cooperation), in the course of performance under the Agreement.

 

“Order Form” means the order form, contract, or agreement, in a form provided by Us, identifying Services ordered by or made available to You and signed or otherwise accepted by both You and Us. Order Forms may be in any media, such as electronic terms and conditions or paper ordering documents. Formerly called “Service Order”.

 

“Platformor “Portal means Our proprietary network infrastructure, products, and services for the exchange of transportation data including, without limitation, the Services delivered and accessed via a variety of means as determined by Us, including, but not limited to, the internet, EDI, API, Document Conversion, and/or certain other proprietary software.

 

“Privacy Policy” means Our privacy policy located at https://www.e2open.com/privacy-policy/.

 

“Professional Services” means training, general consulting, configuration, implementation, and/or other such services identified on an Order Form.

 

“Service(s)” means services, products, data, and information provided by or through Us, authorized third-party services or data providers, and/or the Platform that You may access or use via the Platform or any other means that We authorize; and the use of any website owned or operated by Us, whether logged in or not, including inttra.com. At Our discretion, some Services may be available to You upon registration and without an Order Form or payment to Us, while others will be unavailable until You purchase a subscription or otherwise order them via an Order Form.

 

“Terms” means these terms and conditions.

 

“Third-Party Data” means any data transmitted to, from, and/or through any Vendor service by third parties using the Platform, such as Carriers. An example of Third-Party Data is Carrier-provided data You received through the Platform that facilitates or describes the status of a cargo shipment related to You.

 

Trading Partner” means Your identified third-party logistic providers, channel partners, suppliers, and/or contract manufacturers.

 

“Transaction Data” means any data transmitted to, from, and/or through any of the Platform or Services by, about, and/or related to You or the Services provided to You. Transaction Data includes Third-Party Data and Content related to You, and any data transmitted to or from Trading Partners.

 

“User” means any individual or automated system granted access to the Platform or Services through a unique user ID authorized to access and/or use the Platform or Services in accordance with the terms of this Agreement. Formerly called “Permitted User.”

 

2.               Use of Vendor Websites, Platform, and Services 

 

2.1.            All Vendor websites, products, and services are designed and offered exclusively for bona fide business use only and are not for use by individuals or for any use that is not expressly granted to You. Any individual use is expressly prohibited. Any use for any purpose that is competitive with Vendor or its Affiliates, including all of their service offerings, or that may devalue Vendor or its Affiliates’ commercial interests, is expressly prohibited. 

 

2.2.            We grant You a non-exclusive, non-transferable, worldwide right during the term of the Agreement to access and use the Services, Platform, and Vendor Materials directly or via an Alliance Intermediary solely for Your internal business purposes as contemplated by the Agreement. You allow Us to modify any Transaction Data submitted by Customer to correct any messages that do not conform to the standards set by Vendor or, if applicable, the standards of the intended third-party recipient of such data, e.g., a Carrier. Users must successfully register with Vendor and are not permitted to access the Platform or Services until such time as their registration is approved by Vendor. 

 

2.3.            Except as may be expressly stated otherwise in an Order Form, by registering, accessing, browsing, viewing, using, downloading, generating, receiving, or transmitting any data, information, or messages to or from the Platform, via the Services, and/or via any Vendor website or service, You accept, without limitation or qualification, these Terms as currently constituted and as may be updated from time to time in Our sole discretion. When We post changes to the Terms, Your continued use of the Platform and/or Services will constitute agreement to such changes. We will email all Users upon a material update to these Terms and You will regularly revisit and review Our website for changes to these Terms. We may also require that You accept other terms and conditions that govern the use of particular Services at the time You register for, order, or use that Service.  

 

2.4.            We deliver the services in accordance with the Documentation. The Documentation is subject to change from time to time at Vendor’s sole discretion. We control the appearance, development, and operation of the Platform, the Services, and Vendor websites, including standards for data transmission. Content and Third-Party Data are subject to change without prior notice. We may make improvements, updates, and/or changes to the Platform, Services, and/or Vendor websites or cease to provide any of the foregoing at any time without prior notice to the Customer; provided that We will endeavor to provide 30 days prior notice to You if We discontinue or materially degrade any Service. 

 

2.5.            You agree to allow without limitation our use or transmission, including to Carriers and other third parties of any data, including but not limited to Personal Data, information, or comments, provided to Us by You so long as such transmissions are at Your instruction, in accordance with the Privacy Policy, and/or are in furtherance of Our legitimate business purposes.

 

2.6.            You are responsible for Transaction Data provided by You and for the administration, authorization, and termination of all User access. You will provide Us with accurate, complete, and updated registration information of its Users. Notwithstanding the foregoing, We may refuse registration of, or suspend, a User’s access to the Subscription Services if, in Our judgment, a significant threat to the security or functionality of the Platform or Services or any component thereof is imminent. We will notify You of any such occurrence. You are responsible for the security of its access to the Platform and/or Services and the security of each User’s access authorization. You will not permit Users to share User IDs and passwords. You will promptly notify Us of any unauthorized use of the Platform or Services, or any other breach of security suspected or known to You. You are also responsible for maintaining the required hardware, software, internet connections, and other resources necessary for Users to access the Services. 

 

2.7.            You will comply with and will ensure all Users comply with the Acceptable Use Policy posted at https://www.e2open.com/acceptable-use-policy/; and the Security Policy located at https://www.e2open.com/company/customer-security-policy.

 

2.9.            Users may access certain Services through mobile applications obtained from third-party websites such as the Apple app store. The use of mobile applications is governed by an end-user license agreement presented upon download/access to the mobile application in addition to the terms of the Agreement. In the event of a conflict, the terms presented on the app store will govern but only to the extent necessary to resolve the conflict only as related to the use of the mobile application. For avoidance of doubt, the mobile application terms do not govern any other use of the Services other than the mobile application.

 

2.10.         We have the right, but not obligation, to monitor the Platform and/or the Services and to disclose any information necessary for their operation, to protect Us, and Our customers and licensors, and to comply with legal obligations or governmental requests. We reserve the right to refuse to post or to remove any information in the Platform and/or the Services, in whole or in part, for any reason. 

 

2.11.         We may engage third parties (subcontractors) to perform the Services or operate the Platform, or any part thereof. We are responsible for Our subcontractors. 

 

3.               Term and Termination of Services 

 

3.1.            The term of this Agreement will continue unless terminated in accordance with this section. Either party may terminate this Agreement (i) at any time upon 30 days’ notice to the other party; provided that where there is an Order Form, the term of the Order Form will continue subject to this Agreement until its expiration; (ii) if the other Party breaches any material term or condition of this Agreement and fails to cure such breach within 30 days after receipt of written notice of same; (iii) if the other Party becomes the subject of a voluntary petition in bankruptcy or any voluntary proceeding relating to insolvency, receivership, liquidation, or composition for the benefit of creditors; or (iv) if the other Party becomes the subject of an involuntary petition in bankruptcy or any involuntary proceeding relating to insolvency, receivership, liquidation, or composition for the benefit of creditors, if such petition or proceeding is not dismissed within 60 days of filing. Order Forms are non-cancelable, and fees paid under them are non-refundable.

 

3.2.            For any breaches of obligations related to the use of the Platform or Services or obligations related to Our Intellectual Property Rights, We may, upon email notice to Customer, immediately suspend Services, in whole or in part, until such breach is remedied; provided that if We reasonably determine that Customer is unable or unwilling to cure such a breach, We may immediately terminate this Agreement, in whole or in part. MONETARY DAMAGES MAY BE BOTH INCALCULABLE AND AN INSUFFICIENT REMEDY FOR ANY SUCH BREACH AND THAT ANY SUCH BREACH MAY CAUSE US IRREPARABLE HARM. ACCORDINGLY, IN THE EVENT OF ANY BREACH OR ANTICIPATED BREACH, WE, IN ADDITION TO ANY OTHER REMEDIES AT LAW OR IN EQUITY WE MAY HAVE, ARE ENTITLED TO SEEK EQUITABLE RELIEF, INCLUDING INJUNCTIVE RELIEF AND SPECIFIC PERFORMANCE, WITHOUT THE REQUIREMENT OF POSTING BOND OR OTHER SECURITY. 

 

3.3             Upon termination of the Agreement or Order Form, all rights granted to You will automatically terminate and You will immediately discontinue any applicable use of the Service or Platform. The following provisions will survive: those related to Our intellectual property and proprietary rights, those related to payment terms and taxes, those related to confidential information, limitations of liability, warranty disclaimers, indemnities, those related to term and termination, those related to compliance, and Section 11, General Provisions. 

 

4.               Fees; Payments 

 

The following terms apply only to Services that have a fee associated with them as set forth on an Order Form. Some Services may be accessible without a fee, requiring only successful registration on the Platform.

 

4.1.            All fees for Services are set forth in an Order Form. Unless otherwise specified in an Order Form, the following terms apply: (a) We will invoice You as follows: (i) for monthly, annual, or other recurring or subscription charges: annually in advance; (ii) for one-time charges: immediately upon order; and (iii) for Services that are priced based on Container Transaction Volume: monthly in arrears; (b) You will pay all invoices within 30 days of receipt; (c) all fees charged and invoices issued by Us are in United States Dollars and Customer will make all payments in United States Dollars in accordance with reasonable payment instructions that may be issued by Us on an invoice or otherwise communicated to You; and (d) for any payment not received when due Your balance due will accrue interest at a rate of 1½% per month, or the highest rate allowed by applicable law, whichever is lower. 

 

4.2.            All prices for Services delivered as a subscription service or otherwise where the fees reoccur each period, will increase by 5% each Contract Year. If Contract Year is not defined elsewhere, means each one-year period commencing on the Effective Date and each anniversary thereafter. At all other times, We may modify pricing for any Services upon 90 days’ notice to Customer. During such notice period, Customer may terminate its use of the Services and any applicable Order Form for such affected Service but only for the affected Service, and will receive a refund of any prepaid fees, if any. The annual fee increase is not subject to the notice and termination portion of this section. 

 

4.3.            You must raise all invoice disputes before the due date of an invoice; otherwise You waives any right to dispute and accept the fees invoiced. In order for a dispute to be valid, You must include a detailed description of the disputed items, the reason for the dispute, the requested resolution of the dispute, and pay all undisputed amounts when due. You will cooperate with Us to investigate and resolve the dispute in good faith. 

 

4.4.            In addition to Our other rights, including the right to terminate this Agreement, in whole or in part, based on non-payment, We may, after notice to You, limit or suspend Your access to any or all Services, in whole or in part, until Your account is made current. 

 

4.5.            You are responsible for any and all applicable taxes relating to this Agreement, other than taxes based on Our net income. 

 

4.6.            Any term(s) contained in Your purchase order, acknowledgment form, or any other form that is different from, or in addition to this Agreement will not have any effect of modifying or adding any terms to the Agreement. No agent, employee, or representative of Ours has any authority to alter or delete the terms of this Agreement or bind Us to any warranty, covenant, or representation other than as set forth in this Agreement. 

 

5.               Intellectual Property 

 

5.1.            Each Party reserves any and all title, right and interests it may have in its trademarks, copyrights, and other intellectual property rights. As between You and Us, We will own all intellectual property rights in the Platform, the Services, and Our websites, separately and as a whole, including all rights in and to databases, trade secrets, patents, copyrights, trademarks, and know-how, as well as moral rights and similar rights of any type under the laws of any governmental authority, domestic or foreign. We will own any data that We create as a result of or derived from operating the Platform, and/or the Services (for avoidance of doubt, the data described in this sentence does not include data submitted by Customer). We grant you a non-exclusive, non-transferable, non-assignable, non-sublicensable, terminable right to access and use Third-Party Data and Content for Your internal business uses. 

 

5.2.            Except as expressly permitted herein or in an Order Form, Customer will not at any time display, perform, copy, distribute, or use any Third-Party Data, or Content in any form at any time or permit any entity under its Control to cause any distribution, disclosure, or transfer to any third party of: (i) access to the Services; (ii) data and information derived from the Services; or (iii) use of the Services, without Our express written consent.  

 

5.3.            Customer may display or publish Transaction Data to shippers, forwarders, consignees, importers and exporters (“Specified Third Parties”), provided that: (i) any such Specified Third Party has a direct contractual and/or legal interest in and entitlement to such data; (ii) such data is necessary to facilitate completion of Customer’s transactions; (iii) such use is consistent with this Agreement, applicable laws and regulations governing Customer’s use of the Services; and (iv) to the extent such data is Confidential Information, such Specified Third Party is bound by written confidentiality obligations at least as protective as in these Terms. In no event will You acquire any ownership rights or other interest in any Content, Third-Party Data, or database by or through Your use of the Platform and/or the Services.  

 

5.4.            You warrant and represent that You have all necessary rights and authority to process Transaction Data via the Platform and/or Services. 

 

5.5.            Notwithstanding any other section of the Agreement, You grant to Us, with respect to all Transaction Data, a worldwide, royalty-free, perpetual, irrevocable, non-exclusive, and fully sublicensable right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, sell, distribute, perform and display such data (in whole or in part); and to incorporate it in other works in any form, media, or technology (“Derived Works”). We will own all rights in Derivative Works. We will provide or sell Transaction Data and Derivative Works, to government authorities, government agents, governmental entities, ports, customs authorities, and to other third parties that will use Transaction Data and Derived Works for their business purposes, including but not limited to statistical analysis, financial trading, or transportation operations. 

 

5.6.            You may provide ideas, concepts, or techniques for new services or products to Us. Such information is not confidential or proprietary and We will have an unrestricted, irrevocable, worldwide, royalty-free right to use, communicate, reproduce, publish, display, distribute, make derivative works of, and exploit such information in any manner it chooses with no duty to account to You. 

 

5.7.            Unless otherwise noted, everything Customer sees or reads on Our websites, Platform and/or regarding the Services including, but not limited to, textual, graphical and all other content created by or for Us, is, as between You and Us, Our property, and may not be reproduced, distributed, publicly performed, or displayed, transmitted, or used, and related rights except as provided in these Terms, without Our written permission. Re-publication or citation of any content generated by the Platform and/or Services without Our written consent is expressly prohibited, except as otherwise set forth herein. Our websites, Platform, and/or Services may contain other proprietary notices and copyright information, the terms of which must be observed and followed. INTTRA, Cloud Logistics, and TMS Made Easy and any other marks identified as such are Our trademarks and may not be used without prior written permission. We assert no claims to the marks of Carriers and/or others displayed by Us on Our websites, Platform, and/or Services. 

 

5.8.            Anyone who believes that his or her work has been reproduced on the Platform in a way that constitutes copyright infringement may notify Our legal department by providing the following information: 

 

a.      Identification of the copyrighted work that You claim has been infringed;

 

b.      Identification of the material that You claim is infringing, including a description of where it is located on the Platform so We can locate it;

 

c.      Your address, telephone number and, if available, e-mail address, so that We can contact You about Your complaint; and

 

d.      A signed statement that the above information is accurate; that You have a good faith belief that the identified use of the material is not authorized by the copyright owner, its agent, or the law; and, under penalty of perjury, that You are the copyright owner or are authorized to act on the copyright owner’s behalf in this situation.

 

If You give notice of copyright infringement by e-mail or phone, Our legal department will begin investigating the alleged copyright infringement; however, We must receive Your signature by mail before We are required to take any action. More information about U.S. copyright law can be found at the United States Copyright Office, which can be found here: http://www.copyright.gov/.

 

Notices of copyright infringement claims should be sent to copyright@inttra.com or legal@e2open.com.

 

5.9.            You agree that We may identify You as a user of Our services and that We may use Your business name and logo in doing so, including in sales presentations, marketing materials, and on its websites. Upon Our request, the parties will cooperate to timely issue a mutually agreed joint press release, case study, and/or reference regarding Your use of Our services. 

 

6.               Confidential Information 

 

6.1.            Each Party acknowledges that it may have access to Confidential Information of the other Party and agrees, for the duration of this Agreement and 3 years thereafter, to hold the other’s Confidential Information in confidence subject to the limitations of Section 6.2. Each Party agrees to take commercially reasonable steps, which are at least as stringent as it takes to protect its own Confidential Information, to ensure that Confidential Information is not disclosed or distributed by its employees or agents in violation of this Section 6. 

 

6.2.            The obligations in Section 6.1 will not apply to any information (i) at the time of disclosure is in the public domain or generally known or knowable by the public; (ii) after disclosure, becomes part of the public domain or generally known or knowable by the public, except by breach of this Agreement; (iii) was already in the receiving Party’s possession at the time of disclosure by the disclosing Party; (iv) resulted from the receiving party’s own research and development, independent of disclosure from the disclosing Party; (v) where Vendor has exercised its rights granted in Section 5.5 (vi) the receiving Party receives from third parties, provided such information was not obtained by such third parties from the disclosing Party on a confidential basis; (vii) is produced in compliance with applicable law, a court order, in connection with a subpoena or similar legal process, (viii) is produced in compliance with the Privacy Policy; (ix) must be disclosed to enforce rights under this Agreement; or (x) is furnished to the receiving Party by a third party without restriction on disclosure.

 

7.               Disclaimer of Warranties; Errors 

 

7.1.            While We have used reasonable efforts to ensure that the Vendor Materials are accurate and up to date, We are not responsible or liable for any errors, inaccuracies, or omission in the Vendor Materials or Third-Party Data or in the data from which the Vendor Materials are derived. THE PLATFORM, SERVICES, VENDOR MATERIALS, AND THIRD-PARTY DATA ARE PROVIDED “AS IS” WITH NO GUARANTEES OF COMPLETENESS, ACCURACY, OR TIMELINESS OF RESULTS OBTAINED FROM THE USE THEREOF. 

 

7.2.            We make no warranties or representations whatsoever regarding any other Web sites Customer may access through the Platform and/or the Services. When accessing a non-Vendor website, Customer understands that that website is independent from Us and that We have no control over the content of that website. In addition, a link to a non-Vendor website does not mean that We endorse or accept any responsibility for the content or the use of such website. It is up to the Customer to take precautions to ensure that whatever is selected for Customer’s use is in all ways suitable and free of viruses and other items of destructive nature.  

 

8.               Limitation of Liability 

 

8.1.            To the maximum extent permitted by law, We will not be liable under any contract, tort (including negligence), strict liability, or other legal or equitable theory: (a) for any loss of business, loss of use or of data, delay or interruption of business, or lost goodwill; (b) for any cost of procurement of substitute goods, software, or services; or (c) for any incidental, indirect, consequential, or punitive damages (including, without limitation, lost profits), even if advised of the possibility of such damages.  

 

8.2.            Our maximum aggregate liability will not exceed the total fees paid or payable by You for the specific Service giving rise to the liability, as such fees are identified on an Order Form or in an SOW, during the 12 month period preceding the event or action giving rise to liability (or if such claim arises during the initial 12 months of this Agreement, the fees expected to be paid during such 12 month period), or $5,000, whichever amount is more. The foregoing limitation applies notwithstanding the failure of any agreed or other remedy of its essential purpose.  

 

8.3.            You agree that any claim or cause of action arising out of or related to your use of the Platform, Services or otherwise related to this Agreement must be asserted within one year after such claim or cause of action arose. You expressly waive any right you may otherwise have under any statute or law for any claims not made within such one-year period.  

 

8.4.            The limitations of liability set forth in this section reflect the allocation of risk between the parties. The limitations specified in this section will survive and apply even if any limited remedy specified in these Terms found to have failed of its essential purpose and will inure to the benefit of Us, including our Affiliates, successors, and/or its respective suppliers.

9.               Indemnification 

 

Customer will indemnify, hold harmless, and defend Us (including our Affiliates), and all of its (including its Affiliates) current and former officers, directors, members, shareholders, agents, and employees from any and all Claims. “Claim” means any action, cause of action, suit, proceeding, claim, or demand of any third party (and all resulting judgments, bona fide settlements, penalties, fines, damages, losses, liabilities, costs, and expenses (including, without limitation, reasonable attorneys’ fees and costs)), which arises out of: (a) Customer’s breach of this Agreement, or (b) Customer’s or Customer’s customer use of or access to Our websites, Platform, and/or the Services. We will provide Customer with reasonable notice of any Claim. Customer will not settle any claim without Our prior written consent, which will not be unreasonably withheld.

 

10.             Data Protection 

 

This Agreement incorporates the Privacy Policy where applicable.

 

When using the Service, Customer will have the option to provide certain personal or business contact information, including but not limited to, name, address, email address and telephone number (collectively, the ‘Personal Data’). Customer will likely need to submit some Personal Data in order to submit transactions via the Platform. Customer agrees to:

 

a.      Provide true, accurate, current, and complete Personal Data as prompted by the Service processes.

 

b.      Maintain and promptly update the Personal Data to keep it accurate, current, and complete.

 

c.      Maintain the security and confidentiality of any usernames, passwords and any other security or access information used by the Customer to access the Service.

 

d.      Refrain from impersonating any person or entity or misrepresent Customer’s identity or affiliation with any person or entity, including using another person’s Personal Data.

 

e.      Immediately notify Us in writing if Customer becomes aware of any loss, theft or use by any other person or entity of any of its Personal Data in connection with the Service or any other breach of security that the Customer becomes aware of involving or relating to the Service.

 

f.       Only insert Personal Data into fields clearly designated to hold Personal Data. Examples of such fields include Name, Phone Number, Address, etc. We will only monitor these fields as it relates to Personal Data rights and regulations. We will not monitor fields for compliance with data protection laws that are not clearly intended to contain Personal Data (for example, Cargo Description). We will disclose fields not clearly intended to contain Personal Data to third parties, such as to a Carrier, without identifying them as containing Personal Data and if You insert Personal Data in such fields it may be further disclosed (including by publication or public display) to other third parties, such as in customs filings.

 

Where the Customer is based in the European Economic Area (EEA) and in the course of using the Platform or the Services, the Customer provides Personal Data to Us, the Customer acknowledges that this Personal Data will be transferred to countries outside of the EEA (including to the US, UK, India, Malaysia, Singapore, and China) which may not provide a similar level of data protection to that provided by countries within the EEA. Where applicable, the parties agree to comply with the Standard Contractual Clauses set out in Schedule 1, which are incorporated herein by reference, in connection with the Services in order to address the relevant European data transfer restrictions.

 

The following terms apply for the INTTRA ocean shipping and booking Platform, regardless of which E2open, LLC affiliate You contract with:

 

Both parties are data controllers and will comply with the relevant data protection and privacy obligations.

 

For the purposes of the Standard Contractual Clauses, attached as Schedule 1, the parties agree that (i) the Customer is the Data Exporter and (ii) We are the Data Importer.

 

If the CCPA is applicable, We are a business, not a service provider.

 

The following terms apply for all other Services:

 

We are a data processor and You are the data controller. The Standard Contractual Clauses, attached as Schedule 1, do not apply. The data processing agreement available at https://www.e2open.com/data-processing-addendum/ governs the processing of personal data and is incorporated herein by reference.

 

If the CCPA is applicable, We are a service provider.

 

11.             General Provisions 

 

11.1.         This Agreement contains the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior representations and understandings, whether oral or written. This Agreement may not be amended, nor any obligation waived, except by a writing signed by the authorized representatives of both parties. No terms, provisions or conditions of any purchase order, acknowledgment, or other business form that You may use in connection with the acquisition of the Services or use of the Platform will have any effect on the rights, duties or obligations of the parties relating to Your Use of the Services or the Platform provided under, or otherwise modify, this Agreement, regardless of any failure by Us to object to such terms, provisions or conditions. The parties exclude in its entirety the application to this Agreement of the United Nations Convention on Contracts for the International Sale of Goods. 

 

11.2.         No right or license under this Agreement may be assigned or otherwise transferred by Customer without Our prior written consent. The foregoing notwithstanding, upon written notice to Us, Customer may assign, or otherwise transfer this Agreement to any Affiliate which Controls, is Controlled by, or is under common Control with Customer, or to the surviving entity as a result of a merger, acquisition or reorganization of all or substantially all of Customer’s assets or stock provided such entity is not deemed by Us to be a direct competitor of Vendor and agrees in writing it is bound by the terms of this Agreement. Subject to the foregoing, this Agreement will bind and inure to the benefit of the successors and assigns of Customer and Vendor. Notwithstanding the foregoing, Customer understands and agrees that We set fees charged to Customer upon Customer’s structure, size, and estimated usage of the Services as of the date of an Order Form. If Customer undergoes a merger or acquisition, Customer’s use of the Services may change materially. Fees do not include additional volume which results from a merger or acquisition. If Customer wishes to use the Services for the newly acquired or merged company, it will provide written notice to Us. We reserve the right to revise fees in such event, and the Parties will negotiate such revised fees in good faith. If the Parties are unable to come to an agreement, We reserve the right to limit, suspend, and/or terminate Services. 

 

11.3.         All written notices will be in writing and sent by first class mail, overnight mail, courier, or transmitted by facsimile and confirmed by mailing, to the addresses indicated by each Party, and providing at least 10 days prior written notice to the other Party. Notice is deemed to have been given upon personal delivery (in the case of overnight mail, courier, or facsimile) or five (5) business days after being sent by first class mail. You are to provide written notice to Us as follows: 

 

If your Order Form is with INTTRA Inc. or you use any Services without an Order Form:

 

By mail (all written notices via this method):

 

INTTRA Inc.

9600 Great Hills Trail, Suite 300E
Austin, TX 78759 USA

By e-mail: service@inttra.com
For claims or questions regarding copyright, contact:
copyright@inttra.com

 

In all other cases:

 

By mail (all written notices via this method):
E2open, LLC
9600 Great Hills Trail, Suite 300E
Austin, TX 78759 USA

By e-mail: customersupport@e2open.com

 

For claims or questions regarding copyright, contact: legal@e2open.com

 

11.4.         References in this Agreement to “notice in writing” or “written notice” or other similar reference will not include electronic or email notice and only hard copy writings are acceptable. Other reference to “notice” will mean notice by any reasonable communication means, such as Vendor sending an email to Customer’s most current email address in its files. 

 

11.5.         You will comply with all applicable laws and regulations governing the use, access, or export of the Services, Platform, or any part thereof. Without limitation, the Platform or Services or any part thereof may not be used or accessed within or by, or otherwise exported to, (a) any United States embargoed country; or (b) anyone on the United States Treasury Department’s list of Specially Designated Nations, the United States Department of Commerce’s Table of Denial Orders, or other similar lists of parties that We are prohibited from doing business with. Both parties will comply at all times with all applicable laws and regulations, including without limitation, anti-corruption laws including, such as the US Foreign Corrupt Practices Act and the UK Bribery Act 2010. 

 

11.6.         If any provision of this Agreement is found to be unenforceable, the remainder will be enforced as fully as possible, and the unenforceable provision will be deemed modified to the limited extent required to permit its enforcement in a manner most closely approximating the intention of the parties as expressed. Any failure to enforce any provision of this Agreement will not constitute a waiver thereof or of any other provision. 

 

11.7.         In the event of any conflict between contract documents You have with Us, the order of precedence is (i) any Order Form (ii) these Terms, and then (iii) any other applicable terms. Should a conflict exist between several Order Forms then the terms of the most recent Order Form will control. 

 

11.8.         Each Party agrees to bear its own costs relating to the Services, including, but not limited to, costs associated with support, maintenance, testing, interface development, and EDI mapping. The Parties are independent contractors acting for their own account, and neither party is authorized to make any representation or commitment on behalf of the other. This Agreement will not be construed as creating a partnership, joint venture, franchise, agency, or similar relationship between the Parties. 

 

11.9          If after good faith negotiations between the senior leadership of the parties performed within 30 days of being notified of a dispute, a dispute arising out of or related to this Agreement cannot be resolved directly by the parties, then any dispute arising out of or in connection with this Agreement, including any question regarding its existence, validity or termination, will be referred to and finally resolved by arbitration under the then-current American Arbitration Association (AAA) rules for arbitration of commercial disputes; provided that the foregoing will not preclude the parties from immediately seeking any preliminary or injunctive remedies available under applicable laws for any purpose before any competent tribunal, without limitation, courts, and that any question regarding the existence, validity or termination of this proviso will be determined by such tribunal. The arbitration will be conducted by one arbitrator who is mutually agreeable to the parties and who has no prior relationship with either of the parties. Any court having jurisdiction may enter judgment upon the award rendered by the arbitrator. The place of arbitration will be in New York, NY, USA. The dispute resolution process described in this section will apply regardless of the country of origin of any dispute. The costs of the arbitration, including administrative and arbitrator fees, will be shared equally by the parties. Each party will bear its own costs and attorney and witness fees. In the event that arbitration is unenforceable, the parties irrevocably submit to the exclusive jurisdiction and venue of the state courts with jurisdiction in New York County, New York and waives any objection to venue or forum in such court. The parties agree to waive jury trial. 

 

11.10.       This Agreement is governed by, construed, and enforced under the laws of the State of New York, USA, without regard to its conflicts of laws principles.  

 

11.11.       This Agreement was drafted, negotiated, and entered into by the Parties in English. Notwithstanding the translation of this Agreement into any other language, by any party, for convenience or any other purpose, the English text will govern and control. 

 

11.12.       Order Forms may be executed in identical counterparts each of which are deemed an original and all of which together will constitute one instrument. Signatures transmitted by facsimile transmission will constitute legally binding and effective execution and delivery. 

 

11.13.       We will not be liable for delays or failures in its performance to the extent such failures or delays result from acts beyond Our reasonable control, including, but not limited to, fire, flood, earthquake, elements of nature or acts of God, acts of war, terrorism, strikes, walkouts, riots, civil disorders, rebellions, quarantines, epidemics, embargoes or other similar governmental action. 

 

12.             The following additional terms and conditions apply if You use Bill of Lading Services (for example BL Data or BL Image)

 

You are liable to Us and the Transmitting Carrier(s) for, and will indemnify, hold harmless, and defend Us and Transmitting Carrier(s) (and its and their current and former officers, directors, shareholders, agents, property, and employees) against and from any and all Claims. Claims include, but are not limited to, any action, cause of action, suit, proceeding (arbitral or otherwise), claim, or demand of any party (and all resulting judgments, bona fide settlements, penalties, damages, losses, liabilities, costs, interest and expenses (including without limitation reasonable attorneys’ fees and costs)), which arise(s) out of: (a) Customer’s breach of this section 12; (b) Customer’s use of or access to (i) Our systems and/or BL Data Service, or (ii) BL Data; (c) the use or misuse by any party with whom the Customer has shared BL Data or whom Customer has designated as an intermediary to receive BL Data from Us on its behalf (including Our alliance partner), or any access by such party to (i) Our systems, BL Data Services, or (ii) BL Data; or (d) any mis-delivery, non-delivery, theft, conversion, misuse, fraud or inaccurate submission, receipt or distribution of any BL Data. We and/or each Transmitting Carrier may, at their/its expense, employ separate counsel to monitor and participate in the defense of any Claim. We and the Transmitting Carrier(s), will provide Customer with reasonably prompt notice in writing of any Claim.

 

You are liable to Us and the Carrier(s) for, and will indemnify, hold harmless, and defend Us and Carrier(s) (and its and their current and former officers, directors, shareholders, agents, property and employees) against and from any and all Claims. Claims include, but are not limited to, any action, cause of action, suit, proceeding (arbitral or otherwise), claim, or demand of any party (and all resulting judgments, bona fide settlements, penalties, damages, losses, liabilities, costs, interest and expenses (including without limitation reasonable attorneys’ fees and costs)), which arise(s) out of: (a) Customer’s breach of this section 12; (b) Customer’s use of or access to (i) Our systems and/or BL Image Services, or (ii) BL Image; (c) the use or misuse by any party with whom the Customer has shared BL Image or whom Customer has designated as an intermediary to receive BL Image from Us on its behalf (including Our alliance partner), or any access by such party to (i) Our systems and/or BL Image Services, or (ii) BL Image; or (d) any mis-delivery, non-delivery, theft, conversion, misuse, fraud or inaccurate submission, receipt or distribution of any BL Image. We and/or each Carrier may, at their/its expense, employ separate counsel to monitor and participate in the defense of any Claim. We and the Carrier(s) will provide Customer with reasonably prompt notice in writing of any Claim.

 

For purposes of BL Image only, Carrier(s) will have the right to enforce this Agreement with respect to only the BL Image Service for the benefit of Carrier. Carrier(s) may enforce any such rights without joining Us to such enforcement action. Nothing in this Agreement or the relationships created by it will be construed to make or constitute Us as an agent, servant, employee or partner of either Customer, Affiliate(s) or any Carrier(s).

 

We and Carriers (including each of their respective employees, agents, officers, directors, licensors or affiliates) will have no liability for any inaccuracies, errors, or omission contained within any data caused by or attributable to BL Image(s) or BL Data; Your interaction with BL Image(s) or BL Data; any electronic agreement or other contract entered into between You or any third party; and Your use or inability to use BL Image(s) or BL Data or third party use of, or reliance on, the BL Data or BL Image.

 

WE AND CARRIER(S) DO NOT WARRANT AGAINST, AND WILL NOT BE LIABLE FOR, ERRORS IN THE TRANSMISSION OR CONTENT OF BL DATA, AND SPECIFICALLY DO NOT WARRANT AGAINST ERRORS THAT WOULD RESULT IN THE DISCLOSURE OF BL DATA TO THIRD PARTIES. 

 

12.1.         If you Use BL Image Services, the following terms apply: 

 

Registration to use the BL Image application is required. You may elect to obtain BL Image by contacting customer service. We will work with You to gather information about the selected Carrier(s) You wish to register with for BL Image, as well as Your contacts at the Carrier(s). You also need to appoint a person as Your BL Approval Contact. The BL Approval Contact is responsible for approving and removing Customer users for BL Image access. Each Carrier You wish to register with must first approve Your request for BL Image access.

 

The BL Images offered to Carrier-approved Customers by a requested Vendor approved Carrier (“Carrier-Specific Services”) depend on, and are subject to, the BL Image permitted by each such specific Carrier. To the extent permitted by each individual Carrier, the BL Images offered may include but not be limited to the following: remote printing of Sea Waybills (“Waybills”);

 

remote printing of negotiable Bills of Lading (“Negotiable B/Ls”) Originals; remote printing of Negotiable B/Ls – copies; remote printing of non-Negotiable B/Ls – originals; remote printing of non-Negotiable B/Ls – copies; Customer authorization to sign Waybills as Agent for Carrier; Customer authorization to sign non-Negotiable B/Ls as Agent for Carrier; Customer authorization to sign Negotiable B/Ls as Agent for Carrier; and Customer authorization to print Waybills on Carrier paper stock. In their sole discretion, We and each Carrier may modify or change the BL Images provided to Customer from time to time.

 

Any Data accessed through Us and/or a BL Image (a) do not constitute “Electronic Bills of Lading”“paperless trading”, a “contract of carriage”, or a “contract of transport” (as those terms may be used generally in the shipping industry), (b) will not be used to create unauthorized documents of any kind, including unauthorized bills of lading or Waybills, (c) have no commercial value in and of themselves, (d) may not be used to transfer by endorsement or otherwise the rights under a contract of carriage, and (e) may not be used for purposes of transferring ownership of cargo or as negotiable instruments. BL Image(s) merely provides an alternative method of exchanging Data electronically between Parties or “Allowed Parties” (defined below) to assist in the preparation of documents prior to actual issuance of traditional paper bills of lading or Waybills by the individual Carrier(s) or Carrier’s authorized agent. Although not necessarily printed by the Carrier, the Waybill or bill of lading to which the electronic data relates is issued by the Carrier. Only the Carrier and its authorized representatives and agents have authority to issue, sign, mark or alter any such document on behalf of the Carrier. Customer is authorized to remotely print such paper bill of lading or sea waybill in accordance with this Agreement but only if so specified and approved by the Carrier as a Carrier-Specific Service. Nothing in this Agreement constitutes an agreement to carry any goods or forms any part of a contract for the carriage of goods.

 

Once You are approved by (1) Us, and (2) the individual Carrier(s) from which you have requested BL Image access, and your BL Image access is activated, You are permitted to view, print, request changes to, approve, and share Data supplied by the Parties directly or via Alliance Intermediary, if applicable, to the extent authorized by the Carrier. This Agreement does not, by itself, grant to You any further right to access, copy, use, modify, sublicense, distribute, transfer or transmit any Data accessed on or through BL Image(s). Specifically, this Agreement does not, by itself, grant to You any right to sign any bill of lading or Waybill on behalf of Carrier(s), unless the specific Carrier has authorized You to sign such bill of lading or Waybill as agent for the Carrier. Customer will ensure that any bill of lading or Waybill is printed at Customer’s printer as soon as reasonably practicable onto Carrier’s paper stock as appropriate or, in the case of a Waybill, if and as permitted by the individual Carrier, onto good quality plain white paper consistent with relevant Carrier’s requirements. Customer will ensure that any bill of lading or Waybill once printed is (a) legible, showing the complete contents of the document without distortion or addition incorrectly centered portrait orientation, (b) is appropriately aligned and set out for the relevant paper size, and (c) accurately reflects the relevant Data supplied by the Parties as well as any additional information supplied by Allowed Parties or any third party. If any document which is printed (whether or not in full) pursuant to this Agreement does not comply, or if any electronic data is made available to the Customer in error, the Customer will immediately contact the Carrier and comply with said Carrier’s instructions in relation thereto. If there is any inconsistency between a Waybill or bill of lading that is printed and the latest document available in electronic form at www.inttra.com, the latter will prevail. A Carrier’s paper stock will remain the property of that particular Carrier until printed and executed pursuant to this Agreement. The Customer will make no alteration to the individual Carrier’s paper stock and unconditionally guarantees the secure and safekeeping of such Carrier’s paper stock to prevent release to any third party or the unauthorized or unlawful use of such Carrier’s paper stock by the Customer, its employees, agents or any third party. Customer will report immediately to Us and the relevant Carrier(s) any breach or suspected breach of security, including, but not limited to, loss or theft of Carrier’s paper stock, even if temporary. Customer will acknowledge receipt of Carrier’s paper stock, indicating the exact quantity received. Customer will also maintain an inventory of Carrier’s paper stock, including the serial number of each, whether actually used or wasted, and supply such inventory records to the relevant Carrier upon its request. Customer will ensure that the number of attempts to print an original bill of lading does not exceed the number of originals shown on the face of the bill of lading as having been issued. If for technical reasons (for example, difficulties in printing) more attempts to print are required, the express prior written authority of the Carrier must be obtained. This will be at the Carrier’s absolute discretion, which in any event will be conditional on (a) the Carrier receiving a letter of indemnity, signed by the Customer, in the terms provided by or agreed with the Carrier, and (b) any paper document which is to be replaced pursuant to such authority having first been destroyed.

 

As a BL Image Customer, You are permitted to access, receive, and exchange, and/or submit Data through the Platform in accordance with the following:

 

a.      WE WILL USE COMMERCIALLY REASONABLE EFFORTS TO ADVISE YOU IF ANY DATA INTERCHANGE IS REJECTED OR FAILS BUT WILL HAVE NO LIABILITY FOR ANY FAILURE TO DO SO AT ANY TIME.

 

b.      All Data is accessible online for a maximum period of ninety (90) days following receipt by Us. After 90 days, such Data may be archived.

 

c.      By submitting Data through the Platform, You grant to Us and Carrier(s) all necessary rights to copy, store, translate, publish and provide access to the Data to those authorized parties required for the Licensed Use of BL Image.

 

d.      YOU AGREE THAT IN NO CIRCUMSTANCES WILL WE OR CARRIER(S) BE LIABLE TO YOU FOR ANY CLAIM OF ANY NATURE RELATING TO ANY USE THAT THE CARRIER(S) OR OTHER THIRD PARTIES MAKE OF THE DATA AVAILABLE THROUGH BL IMAGE. Further, there may exist additional restrictions on the use of the Data arising from agreements as between You and the Carrier(s) or, if applicable, between You and Alliance Intermediary. The Carrier(s), through the use of BL Image(s), assume(s) no more legal obligation than that required by applicable law. The contract of carriage obligations of the Carrier(s) under the conditions of the bill of lading or Waybill are not reduced nor modified by this Agreement.

 

As a BL Image(s) Customer, You are permitted to receive and distribute Data from BL Image(s) only in accordance with the specific functionality of BL Image(s) and pursuant to the following:

 

a.      You agree not to alter, change, misuse or use the Data in any unlawful way or for any unlawful purpose.

 

b.      You agree that You are responsible for ensuring the accuracy of any and all Data supplied by the Parties as well as any additional information supplied by Allowed Parties or any third party and for informing the Carrier(s) via a Carrier change request if any Data submitted to BL Image(s) are inaccurate.

 

c.      You agree and understand that You are not authorized to make corrections to Data, any Waybill or bill of lading, or any information supplied by Allowed Parties or any third party. Only the respective Carrier(s) are authorized to make corrections to the Data.

 

d.      Except to the extent expressly set forth in this Agreement, You agree and undertake not to disclose or distribute the Data to any non-Allowed Parties in any format and/or through any means (e.g., email).

 

e.      You agree that You are responsible for protecting the confidentiality of any information shared with a third party. Customer agrees to limit Data sharing to the following “Allowed Parties” and for the following “Allowed Uses”. Allowed Parties include only (a) entities which have been lawfully named on the bill of lading or Waybill; (b) legally authorized relevant government entities; and (c) Customer’s legally authorized brokers, agents, logistic providers, and banks and, if applicable, Alliance Intermediary. Allowed Uses include only customs filing, relevant governmental requirements, import documentation, accounting record keeping and cargo release and, if applicable, data transmission to or from Alliance Intermediary. Sharing of Data for other uses or with other parties not listed above is specifically prohibited.

 

f.       For BL EDI Only. We will provide a user ID and password to the Customer’s Security Administrator(s). The user ID and password are required to download Data from Us. Customer will ensure the proper and secure management and use of such user ID and password and accepts responsibility for any unauthorized access to Us by any person other than an employee of Us using such user ID and password.

 

All Data accessible through BL Image(s) are, and will continue to be, owned exclusively by the rightful holders of the copyright in the relevant Data. Such holders have granted to Us the express or implied right to process the Data in connection with the services provided by Us through BL Image(s) and the Data are protected under applicable copyrights, patents, trademarks, trade dress, and/or other proprietary rights. Under no circumstances will You acquire any ownership rights or other interest in any Data solely by virtue of being a BL Image Customer.

 

No Customer-Affiliate(s) will have access to or be entitled to use the Platform or Carrier-Specific Services unless each such Affiliate(s) is first approved by the respective Carrier(s).

 

This Agreement gives Customer the right to access BL EDI either directly or via an Alliance Intermediary. Customer acknowledges and agrees that the following additional terms apply to Customer’s access to BL EDI via the Alliance Intermediary: (a) neither Us nor any Carrier(s) will have any liability to Customer or any Customer-Affiliate(s) arising from, or any way related to (i) any action or inaction on the part of Alliance Intermediary, or (ii) any Data transmitted between Customer and Alliance Intermediary; (b) Alliance Intermediary is not a party to this contract, and the relationship between Customer and Alliance Intermediary is, instead, covered by the corresponding agreement between Customer and Alliance Intermediary, if any; and (c) nothing in this Agreement will be construed to make or constitute either Us or any Carrier as an agent, servant, employee or partner of Alliance Intermediary.

 

BL Image Services will continue in effect until terminated by either Party upon 30 days prior written notice to the other. Termination of BL Image will not constitute termination of the Terms. Notwithstanding the foregoing, BL Image will be automatically terminated as part of a termination of the Terms, with cause or without cause, as applicable, in accordance with the corresponding terms of the Terms.

 

BL Image Service will not in any way reduce, increase or modify any separate right or obligation of Customer or of the Carrier, nor will it increase Carrier’s liability in any way under any other document or agreement between Customer and the Carrier, including, without limitation, the Carrier’s contract of carriage rights and obligations under the bill of lading or Waybill.

 

12.2.         If you Use BL Data Services, the following terms apply: 

 

You may select to obtain BL Data by contacting customer services. Once Customer is activated and approved by both We and the individual Transmitting Carrier(s) from which Customer has requested BL Data access, Customer is permitted to access and receive BL Data transmitted by those Transmitting Carriers to the extent authorized below. Except as set forth in this Agreement, BL Data does not grant to Customer any right to copy, use, modify, sublicense, distribute, transfer, or transmit any BL Data accessed through the Platform.

 

To protect the confidentiality of BL Data, We strongly recommends that Customer implement secure communication protocols, such as secure FTP or AS2. If Customer, nonetheless, elects to access BL Data utilizing non-secure communication protocols, Customer acknowledges that the use of such non-secure protocols may result in unauthorized access to BL Data and fully assumes all liability arising from or relating to such unauthorized access.

 

Notwithstanding anything to the contrary contained in this Agreement, the following terms apply to the receipt, use and distribution of BL Data by Customer or any party acting on behalf of Customer:

 

e.      Limited Use of BL Data (i) ANY BL DATA ACCESSED OR RECEIVED THROUGH EDI DOES NOT CONSTITUTE “ELECTRONIC BILLS OF LADING”. UNLESS A SEPARATE WRITTEN AUTHORIZATION BY TRANSMITTING CARRIER IS PROVIDED, BL DATA WILL NOT BE USED TO CREATE BILLS OF LADING AND WAYBILLS, WILL HAVE NO COMMERCIAL VALUE IN AND OF THEMSELVES, MAY NOT BE USED TO TRANSFER BY ENDORSEMENT OR OTHERWISE THE RIGHTS UNDER A CONTRACT OF CARRIAGE, AND MAY NOT BE USED FOR PURPOSES OF TRANSFERRING OWNERSHIP OF CARGO OR AS NEGOTIABLE INSTRUMENTS. WE MERELY PROVIDES AN ALTERNATIVE METHOD OF ACCESS TO AND RECEIPT OF BL DATA ELECTRONICALLY BY CUSTOMER FROM THE TRANSMITTING CARRIERS OR THEIR AUTHORIZED AGENT(S); (ii) BL Data may be used only for purposes of updating Customer’s backend systems or data visibility tools to allow Customer and Allowed Parties (as defined below) to view, download, and use the BL Data. BL Data may not be used as a substitute for Transmitting Carrier’s carrier-generated freight invoices. In the event of a discrepancy between data included in the BL Data and data within any official document issued by the Transmitting Carrier, such as freight invoices or transport documents, the document issued by the Transmitting Carrier will take precedence; (iii) NOTHING IN THIS AGREEMENT IS OR WILL BE CONSIDERED AN AGREEMENT TO CARRY ANY GOODS OR FORM ANY PART OF A CONTRACT FOR THE CARRIAGE OF GOODS; and (iv) Customer will not use BL Data in any unlawful way or for any unlawful purpose.

 

f.       Distribution of BL Data: (i) Customer agrees that it is legally responsible for protecting BL Data from any misuse, and will not disclose or distribute the BL Data, in any format and/or through any means (including, without limitation, via email or internet), other than to those persons or entities lawfully listed on the transport documents, legally authorized relevant government entities, and Customer’s legally authorized brokers, agents, logistics providers and banks (collectively “Allowed Parties”); (ii) Customer will limit any sharing of BL Data with Allowed Parties only to the following uses: data visibility, customs filing, governmental requirements, import documentation, accounting record keeping and cargo release. Further, any sharing of BL Data will also be in accordance with the terms set forth herein; (iii) Sharing of BL Data for other uses or with other parties not listed above is specifically prohibited; and (iv) further, Customer acknowledges that there may exist additional restrictions on the use and distribution of the BL Data arising from agreements personal as between Customer and the Transmitting Carrier.

 

BL Data Services will continue in effect until terminated by either Party upon 30 days prior written notice to the other. Termination of BL Data will not constitute termination of the Terms. Notwithstanding the foregoing, BL Data will be automatically terminated as part of a termination of the Terms, with cause or without cause, as applicable, in accordance with the corresponding terms of the Terms.

 

BL Data Service will not in any way reduce, increase or modify any separate right or obligation of Customer or of the Transmitting Carrier, nor will it increase Transmitting Carrier’s liability in any way under any other document or agreement between Customer and the Transmitting Carrier, including, without limitation, the Transmitting Carrier’s contract of carriage rights and obligations under the bill of lading.

 

13.             Professional Services Terms 

 

The following terms and conditions apply only to Professional Services.

 

13.1.         Standard Integration Services. Unless otherwise specified on an Order Form, the following terms apply to standard integration services: (i) We perform standard integration services in accordance with the applicable Documentation; (ii) You will perform all technical and development work on its systems to conform with the Documentation; (iii) You will fully cooperate with Us in the performance of Our responsibilities as set forth in the Documentation; (iv) You will make appropriate IT/eCommerce and operational resources available to complete a minimum of one Integration within 45 days of the Order Form effective date; (v) If during the course of a standard integration We and/or You reasonably determines that Your systems require a custom integration, then We will stop work and negotiate the terms of a custom integration Order Form, including additional cost to be paid to Us for custom work; (vi) We reserves the right to suspend all work on or cancel any or all Integrations if We, in its sole reasonable discretion, determines that Customer failed to provide resources or work with Us as reasonably required to complete Our obligations; and (vii) We may terminate any or all Integration Order Forms, in whole or in part, due to Your failure to perform Your obligations and upon such termination, We will have no obligation to perform Our obligations and no Fees will be refunded to Customer. 

 

13.2.         Custom integration services and other Professional Services. An Order Form with attached statement of work will be agreed by the parties for any custom integrations or professional services other than standard integration services. 

 

14.             Transportation Management System Services Terms 

 

The following terms and conditions apply only to Services that are identified as a transportation management system on an Order Form such as those delivered under the Cloud Logistics® by E2open brand.

 

14.1          Customer is responsible for directly transferring and procuring the necessary license and rights to use mileage and/or mapping software that is compatible with the Services (each, “Mileage and/or Mapping Software”). The Mileage and/or Mapping Software is integral to Customer’s receipt of the full benefits of the Services and obtaining a license from the vendor is Customer’s sole responsibility. Vendor will have PC Miler, Rand McNally, SMC3 for LTL, Google Maps, and other necessary third-party software functionality embedded in its TMS application and is responsible for providing support relating to the inoperability of the Services with the Mileage Software and/or Mapping Software. Customer is responsible for: 

 

a.      transferring its current license and applicable fees for the Mileage Software (PC Miler or Rand McNally) and/or Mapping Software (Google Maps) if those components are being accessed within the Services;

 

b.      transferring its current SMC3 LTL Rateware XL, Czar-Lite license, or individual tariffs and applicable fees with that provider for LTL rating if that component is being accessed within the Services;

 

g.      the fees associated with accessing the carrier safety/insurance websites if that component is being accessed within the Services; and

 

h.      the fees associated with other, optional third-party software to which the Services is integrated including, but not limited to, DAT Rateview, BreakthroughFuel, LocusTraxx and Truckstop.com.

 

 

SCHEDULE 1

 

STANDARD CONTRACTUAL CLAUSES

Controller to Controller

 

SECTION I

 

Clause 1

Purpose and scope

 

(a)             The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (1for the transfer of personal data to a third country.

(b)             The Parties:

 

(i)               the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter ‘entity/ies’) transferring the personal data, as listed in Annex I.A (hereinafter each ‘data exporter’), and

(ii)              the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each ‘data importer’)

have agreed to these standard contractual clauses (hereinafter: ‘Clauses’).

(c)              These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.

(d)             The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.

 

Clause 2

Effect and invariability of the Clauses

 

(a)             These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.

(b)             These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.

 

Clause 3

Third-party beneficiaries

 

(a)             Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:

(i)               Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;

(ii)              Clause 8.5 (e) and Clause 8.9(b);

(iii)             N/A

(iv)             Clause 12(a) and (d);

(v)              Clause 13;

(vi)             Clause 15.1(c), (d) and (e);

(vii)            Clause 16(e);

(viii)           Clause 18(a) and (b).

(b)             Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.

 

Clause 4

Interpretation

 

(a)             Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.

(b)             These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.

(c)              These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.

 

Clause 5

Hierarchy

 

In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.

 

Clause 6

Description of the transfer(s)

 

The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.

 

Clause 7 – Optional

Docking clause

 

(a)             An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.

(b)             Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.

(c)              The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

 

SECTION II – OBLIGATIONS OF THE PARTIES

 

Clause 8

Data protection safeguards

 

The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.

 

8.1            Purpose limitation

 

The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B. It may only process the personal data for another purpose:

(i)               where it has obtained the data subject’s prior consent;

(ii)              where necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or

(iii)             where necessary in order to protect the vital interests of the data subject or of another natural person.

 

8.2            Transparency

 

(a)             In order to enable data subjects to effectively exercise their rights pursuant to Clause 10, the data importer shall inform them, either directly or through the data exporter:

(i)               of its identity and contact details;

(ii)              of the categories of personal data processed;

(iii)             of the right to obtain a copy of these Clauses;

(iv)             where it intends to onward transfer the personal data to any third party/ies, of the recipient or categories of recipients (as appropriate with a view to providing meaningful information), the purpose of such onward transfer and the ground therefore pursuant to Clause 8.7.

(b)             Paragraph (a) shall not apply where the data subject already has the information, including when such information has already been provided by the data exporter, or providing the information proves impossible or would involve a disproportionate effort for the data importer. In the latter case, the data importer shall, to the extent possible, make the information publicly available.

(c)              On request, the Parties shall make a copy of these Clauses, including the Appendix as completed by them, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including personal data, the Parties may redact part of the text of the Appendix prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information.

(d)             Paragraphs (a) to (c) are without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.

 

8.3            Accuracy and data minimisation

 

(a)             Each Party shall ensure that the personal data is accurate and, where necessary, kept up to date. The data importer shall take every reasonable step to ensure that personal data that is inaccurate, having regard to the purpose(s) of processing, is erased or rectified without delay.

(b)             If one of the Parties becomes aware that the personal data it has transferred or received is inaccurate, or has become outdated, it shall inform the other Party without undue delay.

(c)              The data importer shall ensure that the personal data is adequate, relevant and limited to what is necessary in relation to the purpose(s) of processing.

 

8.4            Storage limitation

 

The data importer shall retain the personal data for no longer than necessary for the purpose(s) for which it is processed. It shall put in place appropriate technical or organisational measures to ensure compliance with this obligation, including erasure or anonymisation (2) of the data and all back-ups at the end of the retention period.

 

8.5            Security of processing

 

(a)             The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the personal data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter ‘personal data breach’). In assessing the appropriate level of security, they shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subject. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.

(b)             The Parties have agreed on the technical and organisational measures set out in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.

(c)              The data importer shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

(d)             In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the personal data breach, including measures to mitigate its possible adverse effects.

(e)             In case of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, the data importer shall without undue delay notify both the data exporter and the competent supervisory authority pursuant to Clause 13. Such notification shall contain i) a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), ii) its likely consequences, iii) the measures taken or proposed to address the breach, and iv) the details of a contact point from whom more information can be obtained. To the extent it is not possible for the data importer to provide all the information at the same time, it may do so in phases without undue further delay.

(f)              In case of a personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons, the data importer shall also notify without undue delay the data subjects concerned of the personal data breach and its nature, if necessary in cooperation with the data exporter, together with the information referred to in paragraph (e), points ii) to iv), unless the data importer has implemented measures to significantly reduce the risk to the rights or freedoms of natural persons, or notification would involve disproportionate efforts. In the latter case, the data importer shall instead issue a public communication or take a similar measure to inform the public of the personal data breach.

(g)             The data importer shall document all relevant facts relating to the personal data breach, including its effects and any remedial action taken, and keep a record thereof.

 

8.6            Sensitive data

 

Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions or offences (hereinafter ‘sensitive data’), the data importer shall apply specific restrictions and/or additional safeguards adapted to the specific nature of the data and the risks involved. This may include restricting the personnel permitted to access the personal data, additional security measures (such as pseudonymisation) and/or additional restrictions with respect to further disclosure.

 

8.7            Onward transfers

 

The data importer shall not disclose the personal data to a third party located outside the European Union (3) (in the same country as the data importer or in another third country, hereinafter ‘onward transfer’) unless the third party is or agrees to be bound by these Clauses, under the appropriate Module. Otherwise, an onward transfer by the data importer may only take place if:

(i)               it is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;

(ii)              the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of Regulation (EU) 2016/679 with respect to the processing in question;

(iii)             the third party enters into a binding instrument with the data importer ensuring the same level of data protection as under these Clauses, and the data importer provides a copy of these safeguards to the data exporter;

(iv)             it is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings;

(v)              it is necessary in order to protect the vital interests of the data subject or of another natural person; or

(vi)             where none of the other conditions apply, the data importer has obtained the explicit consent of the data subject for an onward transfer in a specific situation, after having informed him/her of its purpose(s), the identity of the recipient and the possible risks of such transfer to him/her due to the lack of appropriate data protection safeguards. In this case, the data importer shall inform the data exporter and, at the request of the latter, shall transmit to it a copy of the information provided to the data subject.

Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.

 

8.8            Processing under the authority of the data importer          

 

The data importer shall ensure that any person acting under its authority, including a processor, processes the data only on its instructions.

 

8.9            Documentation and compliance

 

(a)             Each Party shall be able to demonstrate compliance with its obligations under these Clauses. In particular, the data importer shall keep appropriate documentation of the processing activities carried out under its responsibility.

(b)             The data importer shall make such documentation available to the competent supervisory authority on request.

 

Clause 9

Use of sub-processors

 

N/A

 

Clause 10

Data subject rights

 

(a)             The data importer, where relevant with the assistance of the data exporter, shall deal with any enquiries and requests it receives from a data subject relating to the processing of his/her personal data and the exercise of his/her rights under these Clauses without undue delay and at the latest within one month of the receipt of the enquiry or request. (4) The data importer shall take appropriate measures to facilitate such enquiries, requests and the exercise of data subject rights. Any information provided to the data subject shall be in an intelligible and easily accessible form, using clear and plain language.

(b)             In particular, upon request by the data subject the data importer shall, free of charge:

(i)               provide confirmation to the data subject as to whether personal data concerning him/her is being processed and, where this is the case, a copy of the data relating to him/her and the information in Annex I; if personal data has been or will be onward transferred, provide information on recipients or categories of recipients (as appropriate with a view to providing meaningful information) to which the personal data has been or will be onward transferred, the purpose of such onward transfers and their ground pursuant to Clause 8.7; and provide information on the right to lodge a complaint with a supervisory authority in accordance with Clause 12(c)(i);

(ii)              rectify inaccurate or incomplete data concerning the data subject;

(iii)             erase personal data concerning the data subject if such data is being or has been processed in violation of any of these Clauses ensuring third-party beneficiary rights, or if the data subject withdraws the consent on which the processing is based.

(c)              Where the data importer processes the personal data for direct marketing purposes, it shall cease processing for such purposes if the data subject objects to it.

(d)             The data importer shall not make a decision based solely on the automated processing of the personal data transferred (hereinafter ‘automated decision’), which would produce legal effects concerning the data subject or similarly significantly affect him/her, unless with the explicit consent of the data subject or if authorised to do so under the laws of the country of destination, provided that such laws lays down suitable measures to safeguard the data subject’s rights and legitimate interests. In this case, the data importer shall, where necessary in cooperation with the data exporter:

(i)               inform the data subject about the envisaged automated decision, the envisaged consequences and the logic involved; and

(ii)              implement suitable safeguards, at least by enabling the data subject to contest the decision, express his/her point of view and obtain review by a human being.

(e)             Where requests from a data subject are excessive, in particular because of their repetitive character, the data importer may either charge a reasonable fee taking into account the administrative costs of granting the request or refuse to act on the request.

(f)              The data importer may refuse a data subject’s request if such refusal is allowed under the laws of the country of destination and is necessary and proportionate in a democratic society to protect one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679.

(g)             If the data importer intends to refuse a data subject’s request, it shall inform the data subject of the reasons for the refusal and the possibility of lodging a complaint with the competent supervisory authority and/or seeking judicial redress.

 

Clause 11

Redress

 

(a)             The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.

(b)             In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.

(c)              Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:

(i)               lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;

(ii)              refer the dispute to the competent courts within the meaning of Clause 18.

(d)             The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.

(e)             The data importer shall abide by a decision that is binding under the applicable EU or Member State law.

(f)              The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.

 

Clause 12

Liability

 

 (a)            Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.

(b)             Each Party shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages that the Party causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter under Regulation (EU) 2016/679.

(c)              Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.

(d)             The Parties agree that if one Party is held liable under paragraph (c), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage.

(e)             The data importer may not invoke the conduct of a processor or sub-processor to avoid its own liability.

 

Clause 13

Supervision

 

(a)             Where the data exporter is established in an EU Member State:] The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority.

Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679:] The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority.

Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679:] The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority.

(b)             The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.

 

SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

 

Clause 14

Local laws and practices affecting compliance with the Clauses

 

(a)             The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.

(b)             The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:

(i)               the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;

(ii)              the laws and practices of the third country of destination– including those requiring the disclosure of data to public authorities or authorising access by such authorities – relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards (5);

(iii)             any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.

(c)              The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.

(d)             The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request.

(e)             The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).

(f)              Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.

 

Clause 15

Obligations of the data importer in case of access by public authorities

 

15.1          Notification

 

(a)             The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it:

(i)               receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or

(ii)              becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.

 (b)            If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.

(c)              Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).

(d)             The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.

(e)             Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

 

15.2          Review of legality and data minimisation

 

(a)             The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).

(b)             The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.

(c)              The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

 

SECTION IV – FINAL PROVISIONS

 

Clause 16

Non-compliance with the Clauses and termination

 

(a)             The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.

(b)             In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).

(c)              The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:

(i)               the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;

(ii)              the data importer is in substantial or persistent breach of these Clauses; or

(iii)             the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses.

In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.

(d)             Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.

(e)             Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.

 

Clause 17

Governing law

 

These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of Belgium.

 

Clause 18

Choice of forum and jurisdiction

 

(a)             Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.

(b)             The Parties agree that those shall be the courts of Belgium.

(c)              A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.

(d)             The Parties agree to submit themselves to the jurisdiction of such courts.

 

__________________________

 

(1) Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub-processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision 2021/915.

 

(2) This requires rendering the data anonymous in such a way that the individual is no longer identifiable by anyone, in line with recital 26 of Regulation (EU) 2016/679, and that this process is irreversible.

 

(3) The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union’s internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses.

 

(4) That period may be extended by a maximum of two more months, to the extent necessary taking into account the complexity and number of requests. The data importer shall duly and promptly inform the data subject of any such extension.

 

(5) As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies.

 

 

ANNEX I

 

A.   LIST OF PARTIES

Data exporter(s):

 

Name: As specified in the Agreement.

 

Address: As specified in the Agreement.

 

Contact person’s name, position and contact details: As specified in the Agreement.

 

Activities relevant to the data transferred under these Clauses: As specified in the Agreement.

 

Signature and date: The parties agree that execution of the Agreement by the data importer and the data exporter shall constitute execution of these Clauses by both parties as follows: (a) on 27 October 2021, where the effective date of the Agreement is on or before 27 September 2021, or (b) otherwise, on the

effective date of the Agreement.

 

Role (controller/processor): Controller

 

 

Data importer(s):

 

Name: INTTRA

 

Address: 9600 Great Hills Trail, Suite 300E, Austin, Texas 78759 USA

 

Contact person’s name, position and contact details: As specified in the Agreement.

 

Activities relevant to the data transferred under these Clauses: As specified in the Agreement.

 

Signature and date: The parties agree that execution of the Agreement by the data importer and the data exporter shall constitute execution of these Clauses by both parties as follows: (a) on 27 October 2021, where the effective date of the Agreement is on or before 27 September 2021, or (b) otherwise, on the effective date of the Agreement.

 

Role (controller/processor): Controller

 

B.   DESCRIPTION OF TRANSFER

Categories of data subjects whose personal data is transferred

                  Parties to or those working on freight shipments processed on the INTTRA platform

 

Categories of personal data transferred

                  Business contact information for those parties to or individuals working on freight shipments on the INTTRA platform such as name, business address, business email, business phone.

 

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

                  Sensitive personal data should not be submitted to the INTTRA platform.

 

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

                  As often as necessary to facilitate freight shipments on the INTTRA platform

 

Nature of the processing

                  Distributing details of the freight shipments on the INTTRA platform to the various participants in the freight shipping process such as a freight forwarder entering a booking request and that being distributed to the ocean carrier and consignee on the INTTRA platform.

 

Purpose(s) of the data transfer and further processing

                  To facilitate freight shipments.

 

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

                  Data is kept as long as necessary to achieve final settlement of a freight shipment and comply with archiving policies of the participants.

 

For transfers to processors, also specify subject matter, nature and duration of the processing

                  The parties will impose the terms and conditions set forth herein on processors.

 

C.   COMPETENT SUPERVISORY AUTHORITY

Identify the competent supervisory authority/ies in accordance with Clause 13

Belgium Data Protection Authority

 

 

ANNEX II

TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

 

The E2open group of companies provides a cloud-based Software-as-a-Service (SaaS) platform that automates and streamlines global trade. With more than 20 years of experience in delivering SaaS solutions, we consider security a core guiding principle for all aspects of our business. our solutions are specifically designed for enterprises and, as such, comply with the industry accepted security standards. While there are no truly bulletproof solutions, We continually review industry security developments and do our best to implement and follow best practices to keep services secure.

 

We strive to implement security processes and practices across all business units. To accomplish that, we have a dedicated team of professionals that manages information security, compliance, and data protection/privacy. Our practices are based on industry-leading standards, including generally accepted best practices such as being audited under the SOC framework and ISO 27001. These frameworks audits policies and procedures, asset management, access management, physical security, people security, product security, cloud and network infrastructure security, third-party security, vulnerability management, as well as security monitoring and incident response.

 

Our information security policies and standards are approved by management and distributed to our employees.

 

PEOPLE SECURITY

 

The people behind the services are an essential part in protecting the service, as the human factor has a key role in, and influence on, our organizational level of security. We put stringent controls in place for employees.

 

Background Checks

The screening process is based on personal interviews with recruitment/HR manager and a prospective employee’s direct manager. Where applicable, background checks include criminal record check, credit check, education check, references and identity. Additional checks may be performed in accordance with local law.

 

Security Training

New employees go through an extensive on-boarding process that include communication of security guidelines, expectations and code of conduct. In addition, all employees undergo annual security awareness training.

 

Continuous Communication

Our security team provides continuous communication on emerging threats, performs phishing awareness campaigns and communicates with management regularly.

 

PRODUCT SECURITY

 

The security development lifecycle (SDLC) standard helps ensure the delivery of a highly secure platform and activities. The following activities help us achieve this mission.

 

Secure Development

The development process strictly follows industry best practices (OWASP, SANS, NIST) that are continually tested using industry leading tools and third-party review.

 

Penetration Testing

We regularly perform testing for security vulnerabilities both in-house and by independent security assessment service providers. Penetration tests are performed on at least an annual basis by an independent third party.

 

Change Management

We follow a strict change management process. Changes are tracked, reviewed and approved to ensure operational changes are aligned with business objectives and compliance requirements. A change is reviewed before being moved into a staging environment, where it is further tested before finally being deployed to production.

 

Encryption in Transit

We support TLS1.2 or above to encrypt network traffic between the customer application and our services.

 

Encryption at Rest

We offer customers the option to encrypt data at rest in our data centers. If ordered, the encryption is based on a 256-bit AES algorithm.

 

Account Security

We offer robust security controls that the customer can choose to enable in the application, such as an audit trail, log-in policy password complexity, and more. We encourage customers to work with their account managers and use these controls.

 

PRIVATE CLOUD INFRASTRUCTURE

 

The security of our infrastructure and networks is critical. Creating a safe platform for the services and customer innovation is the mission of our cloud security.

 

Top-tier Infrastructure

We use multi-layered controls to help protect our infrastructure, and are constantly monitoring and improving our applications, systems and processes to meet the growing demands and challenges of security.

 

Asset Management and Ownership

All assets are assigned with a defined owner and accountability.

 

Access Control

Access to production infrastructure is limited to the minimal number of employees based on least-privilege concept and need-to-work basis.

 

Monitoring

We utilize a wide range of tools to monitor its environment across all data centers from the network, server and application level. Parameters are collected from devices on the network and aggregated to a central location for the sake of detecting indication(s) of compromise, intrusions, anomalies, trends, threshold crossing, etc. In addition, logs are collected into a security information and event management (SIEM) platform that is monitored by a dedicated security operations center (SOC) to help ensure rapid detection and mitigation of risks.

 

Distributed Denial-of-Service (DDoS) and Application Attack Prevention

As part of the multi-layered protection approach, a dedicated application attack and DDoS mitigation ecosystem have been put in place. On a high level, this includes a minimum of four layers of protection, including multiple layers of firewalls, intrusion detection and prevention, SLB and DMZ protections (which includes specific configurations for DDoS mitigation), and application traffic reputation services for attack mitigation. On top of that, DDoS scrubbing center service is available.

 

PHYSICAL SECURITY

 

Physical security of our facilities is an important part of our security strategy.

 

Data Center Security

Our production environment is hosted in data centers throughout the world and the facilities applicable to you will be noted to you upon request. The facilities comply with the highest industry standards for physical, environmental and hosting controls. For example, this includes 24/7 security officers, facility access, biometric hand reader, exterior security, interior security, annual audits, cages, alarm monitoring/intrusion protection, video imaging, CCTV, audio intercom and two-way radio subsystem, ID requirements, intrusion testing, security personnel hiring/training, security policies, asset tracking and video surveillance.

 

BUSINESS CONTINUITY PLAN AND DISASTER RECOVERY

 

We maintain a full-scale, one-to-one ratio disaster recovery facility, which guarantees consistent service performance and minimal data loss in the event of a regional disaster.

 

Recovery Planning

We maintain formal business continuity and disaster recovery plans that are regularly reviewed and updated.

 

Global Resiliency

We operate out of data centers in the US, Europe, and China (only for services delivered within China). We established a business continuity plan (BCP) that enables it to respond quickly and remain resilient in the event of most failure modes, including natural disasters and system failures.

 

Customer Data Backups

We conduct full daily and weekly incremental backups, providing up-to-the-minute recovery from archive logs. Backups are performed to disk within the data center and replicated, via a secure private connection, to the backup data center. All the artifacts required to restore service are backed up, including DBs, file systems and virtual servers.

 

THIRD-PARTY SECURITY

 

Vetting Process

Third-party vendors are checked before engagement to validate that prospective third parties meet our security standards and agree to al necessary contract terms regarding information security and data protection.

 

Ongoing Monitoring

Once a relationship has been established, our security team will conduct an annual review of these vendors. The annual review can be done by our security team or via a third-party report (e.g., SSAE 18 SOC2 report, ISO 27001). the procedure takes into account the type of access and classification of data being accessed (if any), controls necessary to protect data and legal/regulatory requirements. We are committed to mitigating risk and ensuring its services meet regulatory and security compliance requirements.

 

SECURITY COMPLIANCE

 

Regulatory Environment

We comply with applicable legal, industry and regulatory requirements as well as industry best practices, including SOC2 COSO.

We have obtained SOC2 certification, which validates the strength of our security controls, shows confidence in our security program, and demonstrates our maturity within the information security space.

 

Data Protection Compliance (GDPR, CCPA, etc.)

As a global provider of services, we monitor regulatory changes throughout the world and ensure that our operations meet applicable regulatory requirements.

 

CONTINUOUS MONITORING AND VULNERABILITY TESTS

 

The security and resiliency of our products and infrastructure is a top priority. As part of the ongoing work of the security team, continuous monitoring is being done as part of the compliance and regulation program and the risk assessment. The vulnerability tests establish how we identify, respond to, and triage vulnerabilities against our services. To ensure security of our platform, we have implemented and update on a regular basis the following:

 

Continuous Monitoring Program

Our security team uses a centralized SIEM system to collect logs from different security tools, identify current or historical vulnerabilities, and track incidents and threats that we must respond to and mitigate accordingly.

 

Distributed Denial-of-Service (DDoS) and Application Attack Prevention

Our infrastructure is protected with multiple layers of defense systems, including a dedicated, real-time, best-of-breed application attack and DDoS mitigation technology. Our multiple layers of firewalls, intrusion detection systems, load balancers and DMZ servers contain dynamic mitigation and NAT to deny attack traffic. This includes advanced protection controls such as Forward and Reverse Proxies. In addition, we use private ranges of IPs that deny direct access to internal networks, further reducing DDoS and application attacks. We have retained the services of a scrubbing center in case of DDoS attack.

 

SUMMARY

 

As a leading SaaS provider with more than 20 years of experience in the industry, we realize that working in a cloud-based environment may raise concerns related to the protection of confidential and personal information. Security mechanisms to protect physical, network and application components of the platform, coupled with transparency about our security policies and processes, allow many of the Fortune 500 to trust us with their most confidential data, while leveraging the benefits of our SaaS solution. For further details and steps to secure your services with us, or if you have questions or would like more details, please contact our Security Team via your Account Manager.

 

 

applications, systems and processes to meet the growing demands and challenges of security.

 

Asset Management and Ownership

All assets are assigned with a defined owner and accountability.

 

Access Control

Access to production infrastructure is limited to the minimal number of employees based on least-privilege concept and need-to-work basis.

 

Monitoring

We utilize a wide range of tools to monitor its environment across all data centers from the network, server and application level. Parameters are collected from devices on the network and aggregated to a central location for the sake of detecting indication(s) of compromise, intrusions, anomalies, trends, threshold crossing, etc. In addition, logs are collected into a security information and event management (SIEM) platform that is monitored by a dedicated security operations center (SOC) to help ensure rapid detection and mitigation of risks.

 

Distributed Denial-of-Service (DDoS) and Application Attack Prevention

As part of the multi-layered protection approach, a dedicated application attack and DDoS mitigation ecosystem have been put in place. On a high level, this includes a minimum of four layers of protection, including multiple layers of firewalls, intrusion detection and prevention, SLB and DMZ protections (which includes specific configurations for DDoS mitigation), and application traffic reputation services for attack mitigation. On top of that, DDoS scrubbing center service is available.

 

PHYSICAL SECURITY

 

Physical security of our facilities is an important part of our security strategy.

 

Data Center Security

Our production environment is hosted in data centers throughout the world and the facilities applicable to you will be noted to you upon request. The facilities comply with the highest industry standards for physical, environmental and hosting controls. For example, this includes 24/7 security officers, facility access, biometric hand reader, exterior security, interior security, annual audits, cages, alarm monitoring/intrusion protection, video imaging, CCTV, audio intercom and two-way radio subsystem, ID requirements, intrusion testing, security personnel hiring/training, security policies, asset tracking and video surveillance.

 

BUSINESS CONTINUITY PLAN AND DISASTER RECOVERY

 

We maintain a full-scale, one-to-one ratio disaster recovery facility, which guarantees consistent service performance and minimal data loss in the event of a regional disaster.

 

Recovery Planning

We maintain formal business continuity and disaster recovery plans that are regularly reviewed and updated.

 

Global Resiliency

We operate out of data centers in the US, Europe, and China (only for services delivered within China). We established a business continuity plan (BCP) that enables it to respond quickly and remain resilient in the event of most failure modes, including natural disasters and system failures.

 

Customer Data Backups

We conduct full daily and weekly incremental backups, providing up-to-the-minute recovery from archive logs. Backups are performed to disk within the data center and replicated, via a secure private connection, to the backup data center. All the artifacts required to restore service are backed up, including DBs, file systems and virtual servers.

 

THIRD-PARTY SECURITY

 

Vetting Process

Third-party vendors are checked before engagement to validate that prospective third parties meet our security standards and agree to al necessary contract terms regarding information security and data protection.

 

Ongoing Monitoring

Once a relationship has been established, our security team will conduct an annual review of these vendors. The annual review can be done by our security team or via a third-party report (e.g., SSAE 18 SOC2 report, ISO 27001). the procedure takes into account the type of access and classification of data being accessed (if any), controls necessary to protect data and legal/regulatory requirements. We are committed to mitigating risk and ensuring its services meet regulatory and security compliance requirements.

 

SECURITY COMPLIANCE

 

Regulatory Environment

We comply with applicable legal, industry and regulatory requirements as well as industry best practices, including SOC2 COSO.

We have obtained SOC2 certification, which validates the strength of our security controls, shows confidence in our security program, and demonstrates our maturity within the information security space.

 

Data Protection Compliance (GDPR, CCPA, etc.)

As a global provider of services, we monitor regulatory changes throughout the world and ensure that our operations meet applicable regulatory requirements.

 

CONTINUOUS MONITORING AND VULNERABILITY TESTS

 

The security and resiliency of our products and infrastructure is a top priority. As part of the ongoing work of the security team, continuous monitoring is being done as part of the compliance and regulation program and the risk assessment. The vulnerability tests establish how we identify, respond to, and triage vulnerabilities against our services. To ensure security of our platform, we have implemented and update on a regular basis the following:

 

Continuous Monitoring Program

Our security team uses a centralized SIEM system to collect logs from different security tools, identify current or historical vulnerabilities, and track incidents and threats that we must respond to and mitigate accordingly.

 

Distributed Denial-of-Service (DDoS) and Application Attack Prevention

Our infrastructure is protected with multiple layers of defense systems, including a dedicated, real-time, best-of-breed application attack and DDoS mitigation technology. Our multiple layers of firewalls, intrusion detection systems, load balancers and DMZ servers contain dynamic mitigation and NAT to deny attack traffic. This includes advanced protection controls such as Forward and Reverse Proxies. In addition, we use private ranges of IPs that deny direct access to internal networks, further reducing DDoS and application attacks. We have retained the services of a scrubbing center in case of DDoS attack.

 

SUMMARY

 

As a leading SaaS provider with more than 20 years of experience in the industry, we realize that working in a cloud-based environment may raise concerns related to the protection of confidential and personal information. Security mechanisms to protect physical, network and application components of the platform, coupled with transparency about our security policies and processes, allow many of the Fortune 500 to trust us with their most confidential data, while leveraging the benefits of our SaaS solution. For further details and steps to secure your services with us, or if you have questions or would like more details, please contact our Security Team via your Account Manager.