Terms and Conditions for the Verizon Wireless Business Solutions Store
(For customer subscribed to Sakon Platform and Services on or after 12/16/2024)
Sakon Terms and Conditions Document, Application and Service Descriptions
The following Global Sourcing Group, Inc. d/b/a Sakon (“Sakon”) terms and conditions apply to and govern Sakon’s provision of and Customer’s use of the Sakon Application and related services provided by Sakon (“Sakon Application”). By accessing, receiving and/or utilizing the Sakon Application, Customer accepts, adopts and is legally bound these terms and conditions:
A. GENERAL TERMS AND CONDITIONS
1. Definitions.
1.2 "Authorized Parties" means the Customer (defined in Section 1.4) and the Customer’s employees.
1.3 "Confidential Information" means any and all confidential and/or proprietary information that is disclosed by Disclosing Party (a party disclosing Confidential Information to the Receiving Party) to Receiving Party (a party that receives confidential information from the Disclosing Party) which relates to Disclosing Party's business (including without limitation, business plans, financial data, customer information and marketing plans) or technology (including without limitation, technical drawings, designs, schematics, algorithms, technical data, product plans, research plans, software, products, services, know-how, formulas, processes, ideas, and inventions (whether or not patentable)), which is confidential or which should be reasonably understood by Receiving Party as the confidential or proprietary information of Disclosing Party. Confidential Information also means any and all trade secrets (including financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing) that the Disclosing Party has taken reasonable measures to keep such information secret and the information derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, another person who can obtain economic value from the disclosure or use of the information. Confidential Information shall not include any information that Receiving Party can document: (i) is publicly available without fault of Receiving Party; (ii) was in Receiving Party’s possession prior to receipt thereof from Disclosing Party; (iii) was rightfully received by the Receiving Party from a third party without any confidentiality obligations; (iv) was independently developed by Receiving Party without use of any Confidential Information or (v) is disclosed pursuant to any law, regulation, court order or administrative order.
1.4 "Customer" means the individual and/or entity that has purchased the Sakon Application through the Verizon Wireless Business Solutions Store.
1.5 "Customer Data" means the electronic data or information submitted by Customer or on Customer’s behalf by a party authorized by Customer.
1.6 "Customer Input" means suggestions, enhancement requests, recommendations or other feedback relating to the functionality or operation of the Sakon Application provided by Customer or on Customer’s behalf by a party authorized by Customer, excluding Customer Data.
1.7 "Documentation" means Sakon's electronic and hardcopy user guide for the Sakon Application, which may be updated by Sakon from time to time.
1.8 "Employee" means Customer’s employees for which a subscription to the Sakon Application has been purchased through the Verizon Wireless Business Solutions Store.
1.9 "Improvements" means all improvements, updates, enhancements, error corrections, bug fixes, release notes, upgrades and changes to the Sakon Application and any Documentation, as developed by Sakon and made generally available for Production use without a separate charge to Customers.
1.10 “Intellectual Property Rights" means any and all common law and statutory intellectual property rights, including copyrights, trademarks, trade secrets, patents and other proprietary rights issued, honored or enforceable under any applicable laws anywhere in the world, and all moral rights related thereto.
1.11 "Law" means any local, state, national and/or foreign law, treaties, and/or regulations applicable to a respective party.
1.12 "Malicious Code" means viruses, worms, time bombs, Trojan horses and other malicious code, files, scripts, agents or programs.
1.13 "Production" means the Customer's use the Sakon Application or Sakon's written verification of the availability of the Sakon Application for Customer’s use.
1.14 "Sakon Application” means Sakon's software-as-a-service (“SaaS”) applications, managed mobility applications, managed services and/or any other service provided by Sakon to Customer.
1.15 Go-Live Date" means the first date the Sakon Application is performed in Production.
1.16 “CSD" means “Customer Specific Document” which is a document containing specific contact information, business rules, procedural documentation and other information that are specific to the Order Form and Addendums.
1.17 “Customer Point of Contact(s)” means the primary point of contact for Sakon related to the performance of the services included in the Work Order and Addendums.
1.18 “SFTP” means SSH File Transfer Protocol or Secure Shell File Transfer Protocol.
2. Use of the Application
2.2 Customer Obligations. For the Term of this Agreement only, Authorized Parties may access, receive or utilize the Sakon Application solely for the internal business purposes of Customer in accordance with this Agreement and any Documentation provided by Sakon, and not for the benefit of any third parties. Customer is responsible for Authorized Party access to and use of the Sakon Application. Customer shall: (a) have sole responsibility for the accuracy, quality, and legality of all Customer Data; (b) prevent unauthorized access to, or use of, the Sakon Application; and (c) notify Sakon promptly of any such unauthorized access or use. Customer shall not use the Sakon Application (i) in violation of applicable Laws; (ii) send or store infringing, obscene, threatening, or otherwise unlawful or tortious material, including material that violates privacy rights through or within the Sakon Application; (iii) send or store Malicious Code through or within the Sakon Application; (iv) interfere with or disrupt performance of the Sakon Application or the data contained therein; or (v) attempt to gain access to the Sakon Application or its related systems or networks in a manner not set forth in this Agreement or any Documentation provided by Sakon. Customer shall designate a maximum number of named contacts to request and receive support services from Sakon. Named Support Contacts must be trained on the Sakon product(s) for which they initiate support requests. The Sakon Application is provided in the English language.
3. Ownership of Intellectual Property
3.2 License Grant. Sakon hereby grants Customer a non-exclusive, non-transferable, non-sublicensable right to use the Sakon Application and Documentation solely for the internal business purposes of Customer and solely during the Term, subject to this Agreement.
3.3 License Restrictions. Customer shall not (i) modify, copy or create any derivative works based on the Sakon Application, Sakon Documentation, Sakon Confidential Information, Improvements and/or Sakon Intellectual Property; (ii) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share, offer in a service bureau, or otherwise make the Sakon Application, Sakon Documentation, Sakon Confidential Information, Improvements and/or Sakon Intellectual Property available to any third party, other than to Authorized Parties as authorized through this Agreement; (iii) reverse engineer or decompile any portion of the Sakon Application, Sakon Documentation, Sakon Confidential Information, Improvements and/or Sakon Intellectual Property, including but not limited to, any software utilized by Sakon in the provision of the Sakon Application; (iv) access the Sakon Application, Sakon Documentation, Sakon Confidential Information, Improvements and/or Sakon Intellectual Property in order to develop, make, use, sell or offer for sale any product or service; or (v) copy any features, functions, integrations, interfaces or graphics of the Sakon Application, Sakon Documentation, Sakon Confidential Information, Improvements and/or Sakon Intellectual Property.
3.4 Customer Input. Sakon shall have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use or incorporate into the Sakon Application any Customer Input. Sakon shall have no obligation to make Customer Input an Improvement. Customer shall have no obligation to provide Customer Input.
3.5 Aggregated Data Use. Sakon owns the aggregated and statistical data derived from the operation of the Sakon Application, including, without limitation, the number of records in the Sakon Application, the number and types of transactions, configurations, and reports processed in the Sakon Application and the performance results for the Sakon Application (the "Aggregated Data"). Nothing herein shall be construed as prohibiting Sakon from utilizing the Aggregated Data for purposes of operating Sakon's business, provided that Sakon's use of Aggregated Data will not reveal the identity, whether directly or indirectly, of any individual or specific data entered by any individual into the Sakon Application. In no event does the Aggregated Data include any personally identifiable information.
4. Confidentiality
4.2 Required Disclosure. Nothing in the Agreement shall prohibit Receiving Party from disclosing Confidential Information of Disclosing Party in accordance with a judicial or governmental order, judicial or governmental proceeding or judicial or governmental subpoena ("Required Disclosure”); provided that Receiving Party shall:
-
- give Disclosing Party prompt notice of such Required Disclosure prior to disclosure;
- cooperate with Disclosing Party in the event that it elects to contest such disclosure or seek a protective order with respect thereto; and/or
- only disclose the exact Confidential Information, or portion thereof, specifically requested by the Required Disclosure.
4.3 Securities Compliance. Receiving Party acknowledges that it may from time to time be in possession of material non-public information of Disclosing Party and agrees that it will comply with the restrictions imposed by the United States securities laws regarding the purchase or sale of securities by any person who has received material, non-public information from the issuer of such securities and on the communication of such information to any other person when it is reasonably foreseeable that such other person is likely to purchase or sell such securities in reliance upon such information.
4.4 General Confidentiality Provisions.
-
- All Confidential Information of Disclosing Party is and shall remain the property of Disclosing Party. Nothing contained in the Agreement shall be construed as granting or conferring any rights by license or otherwise, either express, implied or by estoppel, to any Confidential Information of Disclosing Party, or under any patent, copyright, trademark or trade secret of Disclosing Party. Receiving Party shall not copy, alter, modify, reverse engineer, or attempt to derive the composition or underlying information, structure or ideas of any Confidential Information and shall not remove, overprint, deface or change any notice of confidentiality, copyright, trademark, logo, legend or other notices of ownership from any originals or copies of Confidential Information it receives from the Disclosing Party.
- ALL CONFIDENTIAL INFORMATION FURNISHED UNDER THE AGREEMENT IS PROVIDED BY DISCLOSING PARTY "AS IS, WITH ALL FAULTS." DISCLOSING PARTY DOES NOT MAKE ANY WARRANTIES, EXPRESS OR IMPLIED, REGARDING THE ACCURACY, COMPLETENESS, PERFORMANCE, MERCHANTABILITY, FITNESS FOR USE, NONINFRINGEMENT OF ANY INTELLECTUAL PROPERTY RIGHTS, OR ANY RIGHT OF PRIVACY, ANY RIGHTS OF THIRD PERSONS OR OTHER ATTRIBUTES OF ITS CONFIDENTIAL INFORMATION.
- The Parties' obligations under Sections 1.3 and 4 shall survive any termination or expiration of the Agreement for a period of one year from the date of termination, except for common law, state law or federally protected trade secrets (collectively, “trade secrets”) disclosed pursuant to the Agreement, wherein the obligations under Sections 1.3 and 4 shall survive in perpetuity with respect to such trade secrets until such time the information no longer qualifies for trade secret protection.
- Immediately upon written request by Disclosing Party at any time or upon the expiration or termination of the Agreement, Receiving Party shall immediately cease all use of and return to Disclosing Party all copies or extracts of Disclosing Party's Confidential Information, in any medium, or certify, in writing by an authorized officer or representative of Receiving Party, the destruction of the same to Disclosing Party.
- Nothing in the Agreement shall be construed to require Disclosing Party to disclose any Confidential Information to Receiving Party or to negotiate or enter into any business transaction with Receiving Party.
- If a Party discloses or uses (or threatens to disclose or use) any Confidential Information of the other party in breach of confidentiality protections hereunder, the other party shall have the right, in addition to any other remedies available, to immediate injunctive relief to enjoin such acts, it being acknowledged and agreed by the parties that any other available remedies are inadequate, it also being acknowledged and agreed by the parties that the posting of a bond is not necessary.
5. Security of Customer Data
5.2 Unauthorized Disclosure. If either party believes that there has been a disclosure of Customer Data to anyone other than an Authorized Party or Sakon, such party must promptly notify the other party. Additionally, each party will reasonably assist the other party in remediating or mitigating any potential damage, including any notification which should be sent to individuals impacted or potentially impacted, or the provision of credit reporting services to such individuals. Each party shall bear the costs of such remediation or mitigation to the extent the breach or security incident was caused by it.
5.3 Data Protection Addendum. Sakon’s data security measures for the European Economic Area are outlined in the Data Protection Addendum, which is appended to this Agreement.
6. Warranties & Disclaimers
6.2 Warranty Remedies. As Customer's exclusive remedy and Sakon's sole liability for breach of the warranty set forth in Section 6.1, Sakon shall (a) correct the non-conforming aspects of the Sakon Application at no additional charge to Customer or (b) refund amounts paid that are attributable to the defective aspects of the Sakon Application from the date Sakon received such notice, but only in the event Sakon is unable to correct such deficiencies after good-faith efforts. To receive warranty remedies, Customer must promptly report deficiencies in writing to Sakon, but no later than thirty (30) days of the first date the deficiency is identified by Customer.
6.3 DISCLAIMER. EXCEPT AS EXPRESSLY PROVIDED HEREIN AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SAKON MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE SAKON APPLICATION AND/OR DOCUMENTATION. SAKON DOES NOT WARRANT THAT THE SAKON APPLICATION WILL BE ERROR FREE OR UNINTERRUPTED. THE LIMITED WARRANTIES PROVIDED HEREIN ARE THE SOLE AND EXCLUSIVE WARRANTIES PROVIDED TO CUSTOMER IN CONNECTION WITH THE PROVISION OF THE SAKON APPLICATION.
7. Mutual Indemnification
7.2 Indemnification by Customer. Customer shall defend, indemnify and hold Sakon harmless from any Claims made or brought by a third party alleging that the Customer Data infringes the rights of, or has caused harm to, a third party or violates any Law; provided, however, that Sakon: (a) promptly gives written notice of the Claim to Customer; (b) gives Customer sole control of the defense and settlement of the Claim (provided that Customer may not settle any Claim unless it unconditionally releases Sakon of all liability); and (c) provides to Customer , all reasonable assistance, at Customer's cost for any requested assistance which does not fall within the scope of what is included in the Sakon Application fee.
8. Limitation of Liability
8.2 Exclusion of Damages. IN NO EVENT SHALL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED, OR FOR ANY LOST PROFITS, LOSS OF USE, COST OF DATA RECONSTRUCTION, COST OR PROCUREMENT OF SUBSTITUTE GOODS OR APPLICATIONS, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE SAKON APPLICATION, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SAKON APPLICATION, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, EVEN IF THE PARTY FROM WHICH DAMAGES ARE BEING SOUGHT OR SUCH PARTY'S LICENSORS OR SUBCONTRACTORS HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES.
8.3 SPECIAL LIMITATION FOR UNAUTHORIZED DISCLOSURE OF CUSTOMER DATA. SAKON'S AGGREGATE LIABILITY FOR ANY UNAUTHORIZED DISCLOSURE OF CUSTOMER DATA (INCLUDING THE COST TO DEFEND THIRD PARTY CLAIMS CAUSED BY SUCH BREACH) SHALL NOT EXCEED THE SUBSCRIPTION FEES ACTUALLY PAID BY CUSTOMER IN CONSIDERATION FOR SAKON'S APPLICATION DELIVERY DURING THE IMMEDIATELY PRECEDING EIGHTEEN (18) MONTH PERIOD FOR THE SAKON APPLICATION FROM WHICH THE CLAIM AROSE (OR, FOR A CLAIM ARISING BEFORE COMPLETION OF THE FIRST EIGHTEEN MONTHS OF THE APPLICABLE ORDER FORM, THE AMOUNT PAID FOR THE FIRST EIGHTEEN MONTH PERIOD).
9. Term.
10. General Provisions
1o.2 Waiver and Cumulative Remedies. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right or any other right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity.
10.3 Force Majeure. Neither party shall be liable for any failure or delay in performance under this Agreement (other than for delay in the payment of money due and payable hereunder) for causes beyond that party's reasonable control and occurring without that party's fault or negligence, including, but not limited to, acts of God, acts of government, flood, fire, civil unrest, acts of terror, strikes or other labor problems, computer attacks or malicious acts, such as attacks on or through the Internet, any Internet service provider, telecommunications or hosting facility. Dates by which performance obligations are scheduled to be met will be extended for a period of time equal to the time lost due to any delay so caused.
10.4 Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other party (which consent shall not be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety without consent of the other party in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets provided the assignee has agreed to be bound by all of the terms of this Agreement and all past due fees are paid in full, except that Customer shall have no right to assign this Agreement to a direct competitor of Sakon. Any attempt by a party to assign its rights or obligations under this Agreement in breach of this section shall be void and of no effect. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns.
10.5 Governing Law. This Agreement shall be governed exclusively by the laws of the Commonwealth of Massachusetts, without regard to its conflicts of laws rules. For any and all disputes, the Parties hereby submit to the exclusive jurisdiction of, and venue in, the appropriate state and/or federal court within the Commonwealth of Massachusetts.
10.6 Export. Each party shall comply with the export laws and regulations of the United States and other applicable jurisdictions in providing and using the Sakon Application. Without limiting the generality of the foregoing, Customer shall not make the Sakon Application available to any person or entity that: (i) is located in a country that is subject to a U.S. government embargo; (ii) is listed on any U.S. government list of prohibited or restricted parties; or (iii) is engaged in activities directly or indirectly related to the proliferation of weapons of mass destruction.
10.7 Dispute Resolution. Prior to the initiation of any legal proceeding other than one described in subsection (d) below, the parties shall first attempt to resolve their dispute informally, as follows:
10.9 At its sole expense, Sakon will procure and maintain in effect the following policies of insurance covering claims and liabilities arising from the Agreement: (i) all insurance coverages required by applicable Law, including workers’ compensation with statutory minimum limits, (ii) employer’s liability insurance with no less than a $1,000,000 limit; (iii) commercial general liability insurance with limits of not less than $1,000,000 per occurrence and aggregate, providing coverage for bodily injury, personal injury, or death of any persons and injury to or destruction of property, including loss of use resulting therefrom; (iv) professional liability or errors and omissions insurance covering failure of the Sakon Application to conform to Specifications with limits of at least $1,000,000, which provides coverage on an occurrence basis; (v) automobile (or other motor vehicle) liability insurance with not less than a $1,000,000 limit covering the use of any auto (or other motor vehicle) in the rendering of Sakon Application to be provided under the Agreement; (vi) if the Agreement involve hosting or processing of any Personal Information, cyber liability insurance with limits of not less than $1,000,000 for each occurrence and an annual aggregate of not less than $2,5000,000, covering privacy, media, information theft, damage to or destruction of electronic information, intentional and unintentional release of private information, alteration of electronic information, extortion and network security which provides coverage on an occurrence basis or, if on a claims-made basis, then Sakon will maintain continuous coverage for two (2) years after the termination or expiration of the Agreement; (vii) crime Insurance, including blanket coverage for Employee Dishonesty including Computer Fraud, for loss or damage arising out of or in connection with dishonest acts committed by employees of Sakon or Sakon subcontractors acting alone or in collusion with others, including the property and funds of Customer in Sakon’s possession, care, custody, or control, with a limit of no less than one million dollars ($1,000,000) (third party coverage shall also be included under this policy); and (viii) excess liability insurance with not less than a $5,000,000 limit for the commercial general liability policy required in subsection (iii) above.
10.10 Miscellaneous. The Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof. This Agreement supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the party against whom the modification, amendment or waiver is to be asserted. Notwithstanding any language to the contrary therein, no other terms or conditions shall be incorporated into or form any part of the Agreement, and all such terms or conditions shall be null and void. Sakon may use Customer's name and logo in lists of Customers, on marketing materials and on its website.
11. Adjustments to the Agreement.
11.1 The Parties are permitted to adjust the scope of the Agreement through execution of a mutually agreeable Addendum. The process for initiating an adjustment and executing an Addendum is outlined below:
ADDENDUM DPA
Data Processing Addendum ("DPA") details
This Data Processing Addendum ("DPA") details and outlines Sakon’s data security program for the European Economic Area.
In the course of providing the Sakon Application (“Application”) as defined in and pursuant to the Agreement, Sakon may process personal data and the parties agree to comply with the following provisions with respect to any personal data, each party acting reasonably and in good faith.
This DPA is subject to the terms of the corresponding Agreement. In the event of a conflict with the Agreement, this DPA shall prevail over the Agreement.
1. DEFINITIONS.
All capitalized terms not defined in this DPA shall have the meanings set forth in the Agreement.
1.1 "Data Controller" or “Controller” means an entity that determines the purposes and means of the processing of Personal Data.1.2 "Data Processor or “Processor" means an entity that processes Personal Data on behalf of a Data Controller.
1.3 “Data Protection Laws” means GDPR and all applicable laws and regulations governing data privacy.
1.4 “DPA” means this Data Processing Addendum to the Agreement.
1.5 “DPA Exhibit” means an exhibit of the Customer Addendum that describes the customer-specific data, data subjects, processing activities, any “pass-through” Customer obligations with respect to processing Customer’s Personal Data, and other required elements of the GDPR regulations and contains the “SCC”.
1.6 “EEA” means the European Economic Area.
1.7 "Personal Data" means any information relating to an identified or identifiable natural person.
1.8 “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.9 “GDPR” means General Data Protection Regulation, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/ECa.
1.10 “SCC” means the Standard Contractual Clauses that are required under GDPR.
1.11 “Sub-processor” means any entity engaged by a Processor or another sub-processor who agrees to process Personal Data on such Processor’s behalf for the benefit of and in accordance with instructions of the applicable Controller, per the terms of a written subcontract between Processor and Sub-processor, and in compliance with Data Processing Laws.
2. SCOPE AND APPLICABILITY OF THIS DPA.
2.2 Details of the Processing. The subject-matter of Processing of Personal Data by Sakon is the performance of the Sakon Application pursuant to the Agreement. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data (including special categories of personal data), any “flow-through” obligations passed on to Sakon acting as Processor of Personal Data, and categories of Data Subjects Processed under this DPA are further specified in Data Processing Exhibit (Details of the Processing) of any Customer Addendum.
2.3 Roles of the Parties. The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Data Controller and Sakon is the Processor of Customer’s Personal Data.
2.4 Compliance. Each party will comply with the obligations applicable to it under the GDPR with respect to the processing of that Personal Data.
3. DATA PROCESSING.
3.2 Compliance with Privacy Laws. Customer shall comply with all Data Protection Laws applicable to Customer as the “Controller” of any Personal Data provided hereunder. Sakon agrees that, as between the parties, Sakon and/or Customer shall be responsible for obtaining any required written consent, affirmative opt-in or other written authorization (“Consent") from applicable individuals in the European Union with respect to their Personal Data, or determining another legitimate, legal basis for processing of such Personal Data. Customer assures Sakon that it will make such Personal Data accessible to Sakon and also for onward transfer of this data as required by the Order or as otherwise necessary for performance of the Sakon Application.
3.3 Processing of Personal Data. Sakon shall treat Personal Data as Confidential Information and shall only process Personal Data on behalf of and in accordance with Customer’s documented instructions for the following purposes: (i) Processing in accordance with the Agreement; (ii) Processing initiated by end users in their use of the Sakon Application; and (iii) Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement.
3.4 Instructions. This DPA, the Agreement and any written instructions from Customer to Sakon, are Customer’s complete instructions to Sakon for the processing of EU personal data related to the Sakon Application. Any alternative or additional instructions may only be by written amendment to this DPA sent to the address below or via email from Customer. Sakon will receive notice of any alternative or additional instructions as applicable.
|
|
Notices to Sakon: |
|
Street Address |
300 Baker Avenue, Suite 280 |
|
City, State, Zip |
Concord, Massachusetts 01742 |
|
ATTN: |
Notices |
|
Email Address |
notices@sakon.com |
Customer shall provide Sakon with contact information appropriate and sufficient for Sakon to provide notices to Customer.
3.5 Authority. Customer will have the exclusive authority to determine the purpose for and means of processing EU personal data.3.6 Compliance. Sakon shall comply with all applicable Data Protection Laws, including but not limited to, the GDPR, and the CCPA (see Appendix CCPA to this DPA), with respect to all processing it conducts on Customer Personal Data which it undertakes per any Order, this DPA and the Agreement, as well as to the extent such laws apply to Sakon in its role as a processor. Additionally, in its role as processor for Customer, Sakon agrees:
4. RIGHTS OF DATA SUBJECTS.
4.2 Assistance. Accounting for the nature of the Processing, Sakon shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Sakon’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to the extent Customer, in its use of the Sakon Application, does not have the ability to address a Data Subject Request, Sakon shall upon Customer’s request provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent Sakon is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from Sakon’s provision of such assistance.
5. RETURN OR DELETION OF DATA.
6. TRACKING TECHNOLOGIES.
7. SUB-PROCESSING.
7.2 Sub-processor Obligations. When engaging any Sub-processor, Sakon will ensure via a written contract that:
Written agreements with each Sub-processor shall contain data protection obligations not less protective than those in this Agreement with respect to the protection of Customer Data to the extent applicable to the nature of the Sakon Application provided by such Sub-processor.
7.3 List of Current Sub-processors and Notification of New Sub-processors.7.4 Liability. Sakon shall be liable for the acts and omissions of its Sub-processors to the same extent Sakon would be liable if performing the Sakon Application of each Sub-processor directly under the terms of this Data Protection Addendum, except as otherwise set forth in the Agreement.
8. SECURITY MEASURES.
8.2 Confidentiality of processing. Sakon shall ensure that any person who is authorized by Sakon to process Customer Data (including its staff, agents and subcontractors) shall be under an appropriate obligation of confidentiality.
8.3 Personnel. Sakon shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data and have received appropriate training on their responsibilities.
9. LIMITATION OF ACCESS.
9.2 Security Certifications and Reports. Sakon shall ensure the continued effectiveness of the security measures.
9.3 Customer’s Audit Rights. If GDPR applies to the processing of Personal Data, Sakon will allow Customer or an independent auditor appointed by Customer or Sakon to conduct audits (including inspections) to verify Sakon’s compliance with its obligations under these Terms.
9.4 Verification. Customer may also conduct an audit to verify Sakon’s compliance with its obligations under these Terms by reviewing Sakon’s documentation outlining its security measures.
10. INCIDENT MANAGEMENT.
10.2 Security Incident Response. Upon becoming aware of a security incident, Sakon shall notify Customer without undue delay and shall provide timely information relating to the security incident as it becomes known or as is reasonably requested by Customer. Sakon shall make reasonable efforts to identify the cause of such security incident and take those steps as Sakon deems necessary and reasonable in order to remediate the cause of such security incident to the extent the remediation is within Sakon’s reasonable control. The obligations herein shall not apply to incidents that are caused by Customer.
10.3 No Acknowledgement of Fault by Sakon. Sakon’s notification of or response to a security incident under this Section will not be construed as an acknowledgement by Sakon of any fault or liability with respect to the security incident.
10.4 Customer Responsibilities. Notwithstanding the above, Customer agrees that except as provided by this DPA, Customer is responsible for its secure use of the Sakon Application, including securing its account authentication credentials and, in cases when Personal Data is being transmitted from Customer to Sakon, protecting the security of Customer Data when in transit to and from the Sakon Application and taking any appropriate steps to securely encrypt or backup any Customer Data uploaded to the Sakon Application.
11. INTERNATIONAL TRANSFERS.
11.2 Standard Contractual Clauses. The Standard Contractual Clauses are in the Data Processing Exhibit Annex 1.
12. MISCELLANEOUS.
12.2 If there is a conflict between an Agreement and this DPA, the terms of this DPA will control.
12. 3 Any claims brought under this DPA shall be subject to the terms and conditions, including but not limited to, the exclusions and limitations set forth in an Agreement.
12. 4 This DPA will be governed by and construed in accordance with governing law and jurisdiction provisions set forth in the Agreement, unless otherwise required by applicable privacy laws.
DATA PROCESSING EXHIBIT
This Exhibit includes certain details of the Processing of Customer Personal Data as required by Article 28(3) GDPR.
1. SUBJECT MATTER.
The subject matter and duration of the processing of Personal Data are set out in the Agreement.
DURATION OF PROCESSING. The Term specified in the Agreement plus the period from the expiry of the Termination of Agreement until deletion of all Customer Data by Sakon in accordance with the terms of the agreement.
NATURE AND PURPOSE OF THE PROCESSING. Sakon will process Personal Data for the purposes of providing the Sakon Application to Customer in accordance with the Agreement.
Type of personal data and categories of data subject POTENTIALLY processed May Include:
- Customer’s employees (including temporary or casual workers, volunteers, assignees, trainees, retirees, pre-hires and applicants)
- Customer’s affiliates employees (including temporary or casual workers, volunteers, assignees, trainees, retirees, pre-hires and applicants)
- Customer’s business partners (if those business partners are individuals)
- Employees of Customer’s business partners
- Customer’s suppliers and subcontractors (if those suppliers and subcontractors are individuals)
- Employees of Customer’s suppliers and subcontractors
- Customer’s agents, consultants and other professional experts (contractors)
Categories of Data to whom the CUSTOMER’S Personal Data may relate. Customer may submit
Personal Data to the Sakon Application, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- Person Name
- Online Access and Authentication Credentials
- Telephony
- Consumed Resources
- Online Identifier
- Technology Identifiers
- Profession and Employment Information
- Appointments, Schedules, Calendar Entries
- Physical Location of the Individual
- Individual's manager/supervisor information
The obligations and rights of CUSTOMER and CUSTOMER Affiliates. The obligations and rights of Customer and Customer Affiliates are set out in the Agreement and this DPA.
ANNEX 1: STANDARD CONTRACTUAL CLAUSES
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
The Customer is deemed to be the exporting organization. The Customer, upon request or as needed, shall provide contact information to Sakon. Customer is the data exporter.
And
Name of the data importing organization: Sakon
Address: 300 Baker Avenue, Suite 280, Concord, MA 01742
Tel.: 800-601-1641 ; e-mail: info@sakon.com
Sakon is the data importer.
Customer and Sakon, each a “party” and together “the parties”, AGREE on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
Background
The data exporter has entered into a data processing addendum (“DPA”) with the data importer. Pursuant to the terms of the DPA, it is contemplated that the Sakon Application provided by the data importer may involve the transfer of personal data to data importer. Data importer is located in a country not ensuring an adequate level of data protection. To ensure compliance with Directive 95/46/EC and applicable data protection law, the controller agrees to the provision of such Sakon Application, including the processing of personal data incidental thereto, subject to the data importer’s compliance with, the terms of these Clauses.
Clause 1
Definitions
For the purposes of the Clauses:
(a) 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; [If these Clauses are governed by a law which extends the protection of data protection laws to corporate persons, the words “except that, if these Clauses govern a transfer of data relating to identified or identifiable corporate (as well as natural) persons, the definition of "personal data" is expanded to include those data” are added.]
(b) 'the data exporter' means the controller who transfers the personal data;
(c) 'the data importer' means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC; [If these Clauses are not governed by the law of a Member State, the words "and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC" are deleted.]
(d) 'the subprocessor' means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) 'the applicable data protection law' means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) 'technical and organisational security measures' means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3
Third-party beneficiary clause
- The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
- The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
- The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
- The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing The Sakon Application will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing within the Sakon Application which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5
Obligations of the data importer
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing Within the Sakon Application by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
Clause 6
Liability
- The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
- If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
- If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Clause 7
Mediation and jurisdiction
- The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
- The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
Clause 8
Cooperation with supervisory authorities
- The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
- The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
- The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
Clause 9
Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Subprocessing
- The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
- The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
- The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
- The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
Clause 12
Obligation after the termination of personal data processing
- The parties agree that on the termination of the provision of data processing within the Sakon Application, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
- The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
On behalf of the data exporter:
This DPA is accepted by Customer and becomes a binding agreement with Sakon upon its access to, receipt of and/or use of the Sakon Application.
On behalf of the data importer:
This DPA is accepted by Sakon and becomes a binding agreement with Customer upon Customer’s access to, receipt of and/or use of the Sakon Application.
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and signed by the parties.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix
Data exporter
The Customer is deemed to be the exporting organization. The Customer, upon request or as needed, shall provide contact information to Sakon. Customer is the data exporter.
Data importer
Sakon
Data subjects
The personal data that may be transferred concern the following categories of data subjects:
- Customer’s employees (including temporary or casual workers, volunteers, assignees, trainees, retirees, pre-hires and applicants)
- Customer’s affiliates employees (including temporary or casual workers, volunteers, assignees, trainees, retirees, pre-hires and applicants)
- Customer’s business partners (if those business partners are individuals)
- Employees of Customer’s business partners
- Customer’s suppliers and subcontractors (if those suppliers and subcontractors are individuals)
- Employees of Customer’s suppliers and subcontractors
- Customer’s agents, consultants and other professional experts (contractors)
Categories of data
Customer may submit Personal Data to the Sakon Application, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- First and last name
- Individual
- Online Access and Authentication Credentials
- Telephony
- Consumed Resources
- Online Identifier
- Person Name
- Technology Identifiers
- Profession and Employment Information
- Appointments, Schedules, Calendar Entries
- Physical Location of the Individual
Special categories of data (if appropriate)
The personal data transferred do not include sensitive data
Processing operations
The personal data transferred will be subject to the following basic processing activities:
Data importer will process personal data as necessary to perform the Sakon Application pursuant to the Agreement. The processing operations performed on the personal data will depend on the scope of data exporter's Input into the Sakon Application. Such Input into the Sakon Application may include:
- Collecting, Recording, Organising, Storage, Use, Alteration, Disclosure, Transmission, Retrieval, Destruction, Archival
On behalf of the data exporter:
This Appendix to the DPA is accepted by Customer and becomes a binding agreement with Sakon upon its access to, receipt of and/or use of the Sakon Application.
On behalf of the data importer:
This Appendix to the DPA is accepted by Sakon and becomes a binding agreement with Customer upon Customer’s access to, receipt of and/or use of the Sakon Application.
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and signed by the parties.
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c):
Data Importer maintains a written security program for the security, integrity and protection of personal data it processes on behalf of its customers against unauthorised disclosure and loss. Data Importer's security program includes administrative, technical and physical safeguards appropriate for data importer's size and resources and the types of information that it processes.
Technical and organizational security measures, including administrative, physical, and technical safeguards relation to our Processing of Your Personal Data can be found at http://www.Sakon.com/security-measures
On behalf of the data exporter:
This Appendix to the DPA is accepted by Customer and becomes a binding agreement with Sakon upon its access to, receipt of and/or use of the Sakon Application.
On behalf of the data importer:
This Appendix to the DPA is accepted by Sakon and becomes a binding agreement with Customer upon Customer’s access to, receipt of and/or use of the Sakon Application.
APPENDIX CCPA CALIFORNIA CONSUMER PROTECTION ACT
This Appendix is part of the DPA between the parties.
Definition of CCPA Personal Information
“CCPA Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual or household. Individuals whose data is encompassed by this definition may include, but are not limited to, customers, potential customers, and employees of Customer (“Customer Information”).
Scope
Sakon will treat all personal information it processes on behalf of Customer, whether provided by Customer to Sakon or accessed or collected on Customer’s behalf by Sakon, as CCPA Personal Information unless instructed otherwise in writing by Customer.
Obligations
Sakon will not sell, rent, lease, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, an individual’s CCPA Personal Information to another business or third party for monetary or other valuable consideration.
Sakon will not retain or use CCPA Personal Information for any purpose other than the specific purpose of performing the Services specified in this Agreement.
Sakon will not disclose CCPA Personal Information to any party other than Customer, except to perform Services for Customer in accordance with this Agreement, or except to the extent that disclosure is required by law.
Sakon will not retain, use or disclose CCPA Personal Information outside of the business relationship between Sakon and Customer.
Sakon’s obligations that pertain to Customer Information also apply to CCPA Personal Information. If there is a conflict between or among provisions, the most consumer protective provision that also complies with the terms of this Appendix will control.
Sakon will, in performing its duties under this Agreement, abide by all obligations set forth in the CCPA and not use or disclose any CCPA Personal Information in violation of any restrictions in the CCPA.
Requests for Data Access
If Sakon collects CCPA Personal Information on behalf of Customer in accordance with this Agreement, Customer reserves the right to require Sakon to provide to Customer all the CCPA Personal Information collected (a “Data Access Request”), subject to Customer providing Sakon with reasonable notice of a Data Access Request, reasonable time to comply with a Data Access Request, and subject to the terms and conditions of the CCPA.
Data Access Requests will be provided to Sakon in writing and will identify individual(s) or household(s) whose information Sakon will provide to Customer.
Sakon will maintain complete and accurate records relating to its compliance with each Data Access Request. Customer will have the right to review Sakon’s compliance with any Data Access Request (“Data Access Audit”). Customer Audits will apply to Data Access Audits.
For a Data Access Audit, Sakon will provide Customer access at all reasonable times to the records relating to Data Access Requests; systems used to access information identified in the requests; and employees and contractors who facilitated compliance with Data Access Requests.
Requests for Data Deletion
Customer reserves the right to require Sakon to delete all CCPA Personal Information associated with an individual or household at any time, in Customer’s sole discretion (a “Data Deletion Request”). Data Deletion Requests will be provided to Sakon in writing and will identify individual(s) or household(s) whose information will be deleted.
Sakon will have no less than 30 days to comply with a Data Deletion Request by (a) deleting the data identified and (b) providing written confirmation to Customer. If Sakon is required by law to retain information that is subject to a Data Deletion Request or determines it must retain information to provide the Services specified in this Agreement, it will so advise Customer in writing within 20 days, and Customer will provide further direction.
Sakon will maintain complete and accurate records relating to its compliance with each Data Deletion Request (which records will not include data that was required to be deleted). Customer and its auditors have the right to review Sakon’s compliance with any Data Deletion Request (“Data Deletion Audit”). Customer Audits apply to Data Deletion Audits.
For a Data Deletion Audit, Sakon will provide Customer access at all reasonable times to the records relating to Data Deletion Requests; systems used to delete information identified in the requests; and employees and contractors who facilitated compliance with Data Deletion Requests.
APPLICATION SERVICES SKU DESCRIPTIONS
Sakon provides a purpose-built cloud-based platform to manage all data and experiences to support Enterprise Communication Services and the Modern Device Lifecycle. Sakon integrates with mobility service providers, VARs, ISVs, and OEM platforms to facilitate a seamless end-to-end customer experience with real-time updates about estates, orders, tickets, and SLAs. Many Fortune 500 customers rely on Sakon to enable their corporate liable, BYOD, Mobile Device as a Service (MDaaS), and hybrid mobility environments. Learn more at sakon.com.
|
SKU |
SKU Description |
|
Sakon Device Platform (SDP |
The Sakon Device Platform aggregates and normalizes mobility details from different sources such as vendors, MDM/UEM software and client feeds (i.e., HR) in order to present a global view of the mobile estate. The application enables organizations with provisioning, securing, supporting and managing the costs of its mobile, end-user computing, IoT, RPM, Rugged, devices and services. |
|
SKU |
SKU Description |
|
Self Service Portal (SSP) |
Sakon’s self-service portal enables employees and end users to manage their devices, initiate requests, get help, track policies, and communicate in an easy and efficient manner. End users can order new devices and services, make changes, and manage existing plans and policies, as well as keep track of their ongoing costs. In addition, managers and administrators can manage policies, and approve workflow requests. |
|
SKU |
SKU Description |
|
Employee Mobile App (EMA). |
Sakon’s Employee Mobile App empowers employees with a seamless mobile experience conveniently managed on their own devices. The app makes it convenient and easy for the end user to manage their mobile experience (all the orchestration happens in the background) while also offering businesses the ability to better understand the end user. By pushing key information out to users empowers users to manage their own mobile experience while also bringing a range of information back into businesses to help those businesses make better decisions and more effectively manage their mobile estate. |
|
SKU |
SKU Description |
|
Expense Management (EM). |
The Expense Management capability automates the invoice acquisition, optimization, and payment of Device and Service Expenses. EM includes Invoice Management, Loading, Cost Allocation, Invoice Payment File, Service Optimization and Savings Management. |
|
SKU |
SKU Description |
|
Reporting & Analytics (“RA”). |
RA provides organizations with visibility into its device and service connectivity spend. RA delivers a suite of standard reports, ad-hoc query builders and dashboards. |
MANAGED SERVICES INCLUDED IN SKU
Manages services included in SKU
| Managed Services Included | SKU | |
| GSG-MEM | GSG-MSM | |
| Implementation of Hosted Platform and Managed Services (IMP) |
X |
X |
| Policies, Workflows and Procedures Documentation (PWP) |
X |
X |
| Procurement Workflow Management (PWM) |
X |
X |
| Order Fulfillment Services (OFS) |
X |
X |
| Inventory Build and Maintenance (IBM) |
X |
X |
| Invoice Receipt and Loading (IRM) |
X |
X |
| Invoice Cost Allocation (ICA) |
X |
X |
| Audit, Optimization and Remediation (AOR) |
X |
X |
| Help Desk Services – Tier 1 24/7/365 (HDS1) |
X |
|
| Help Desk Services – Tier 2 24/7/365 (HDS2) |
X |
|
| Live Chat Services (LCS) |
X |
|
| Sakon Application Support (SAS) |
X |
X |
| System Data Maintenance (SDM) |
X |
X |
| Program Management (PM) |
X |
X |
SERVICE DESCRIPTIONS FOR MANAGED SERVICES
1. Scope of Work.
Sakon will provide managed services “Managed Services” to address the complexities of Customer’s network and mobility environment. The Sakon Managed Services deliver a proactive service which streamlines, centralizes and operates circuit, service and equipment inventory, invoice management, auditing, optimization and reporting across multiple Vendors.
2. Managed Services Delivery Roles.
The level of involvement of each Sakon and Customer team member will vary by role and task as defined in the CSD. Sakon will notify Customer in advance of any change in the Sakon team mix that may be necessary from time to time.
Managed Services team member roles and responsibilities are defined below. Note that resources may perform multiple roles.
2.1 Sakon Delivery Roles and Responsibilities – listed below and further defined in Section 3.a|
Role |
Definition & Responsibility |
|
Executive Sponsor (Sakon Sponsor) |
The Sakon Sponsor is responsible for overall customer satisfaction and working with the SDM to resolve escalated issues in a timely manner. |
|
Service Delivery Manager (SDM) |
The SDM manages the overall account and is responsible for working directly with the Customer Point of Contact. The SDM is responsible for resolving or escalating issues and providing overall account status to key members of Sakon and Customer management through participation in status meetings, monthly operational reviews, and quarterly business review meetings. |
|
Analyst(s) / Subject Matter Experts (SMEs) |
The Analyst and/or SME roles are assigned to the account based on Customer’s specific scope and complexity. This role completes hands-on functional and technical account activities and provides guidance to Customer. |
2.2. Customer Roles and Responsibilities – listed below and further defined in Section 4.
|
Role |
Responsibility |
|
Executive Sponsor |
Participates in quarterly or semi-annual business reviews |
|
Senior Management |
Participates in monthly performance reviews |
|
Customer POC |
Participates in weekly operational reviews |
3. Steady State Operation of Managed Services.
Sakon will perform the following activities:
|
SKU |
SKU Description |
| 3.1 Policies, Workflows and Procedures Documentation (PWP) |
Sakon will create and maintain all the policies, workflows and procedures as they relate to the Customer in the Customer Specific Document (“CSD”). This document governs the operations of the managed services, which may include, but are not limited to:
|
|
SKU |
SKU Description |
||
| 3.2 Procurement Workflow Management (PWM) |
|
||
|
Service Level Objectives for Procurement Workflow Management (PWM) |
|||
|
Measurement/ Description |
SLO |
Conditions or Exclusions |
|
|
New device, service plan or accessories added to the portal |
Updates received by 12 PM EST will be placed on the same business day. |
Any bulk orders or telecom migration projects will be scoped out on project basis.
|
|
|
SKU |
SKU Description |
||
| 3.3 Order Fulfillment Service (OFS) |
|
||
|
Service Level Objectives for Order Fulfillment Service (OFS) |
|||
|
Measurement/ Description |
SLO |
Conditions or Exclusions |
|
|
Fulfillment measured as the time completed order is approved via Application until the order is placed with the Vendor |
Orders (non-bulk) received by 2 PM EST will be placed on the same business day. |
Any bulk orders or telecom migration projects will be scoped out on project basis.
|
|
|
SKU |
SKU Description |
| 3.4 Inventory Build and Maintenance (IBM) |
|
|
SKU |
SKU Description |
||
| 3.5 Invoice Receipt and Loading (IRL) |
|
||
|
Service Level Objectives for Invoice Receipt and Loading (IRM) |
|||
|
Measurement/ Description |
SLO |
Conditions or Exclusions |
|
|
Electronic Invoices: Load, validate and make invoices available in the application as described. Measured monthly based on the quantity of invoices loaded within the established timeframe, minus any invoices meeting the stated Exclusion criteria |
95% within 5 business days from Sakon’s receipt of invoice detail |
Exclusions:
|
|
|
SKU |
SKU Description |
||
| 3.6 Invoice Cost Allocation (ICA) |
|
||
|
Service Level Objectives for Invoice Cost Allocation (ICA) |
|||
|
Measurement/ Description |
SLO |
Conditions or Exclusions |
|
|
An AP and/or GL file will be provided based on a schedule as outlined in the CSD. |
98% within the schedule outlined in the CSD and 100% within 3 business days from the CSD scheduled dates. |
Exclusions:
|
|
|
SKU |
SKU Description |
||
| 3.7 Audit, Optimization and Remediation (AOR) |
|
||
|
Service Level Objectives for Audit, Optimization and Remediation (AOR) |
|||
|
Measurement/ Description |
SLO |
Conditions or Exclusions |
|
|
Measured from the time the Customer approves the Optimization Recommendation in the Sakon software to the time Sakon submits the Change Request to the Vendor |
5 business days from the Customer Approved Date |
Recommendations are loaded to the platform and the customer is notified via email. If the customer accepts the notifications within 7 days, Sakon will submit auto-approved or approved changes to the appropriate vendors. |
|
|
SKU |
SKU Description |
||
| 3.8 Help Desk Services – Tier 1 (HDS1) Included in GSG-MSM SKU only |
|
||
|
SKU |
SKU Description |
||
| 3.9 Help Desk Services – Tier 2 (HDS2) Included in GSG-MSM SKU only |
|
||
|
SKU |
SKU Description |
||
| 3.10 Help Desk Services – Live Chat Services (LCS) Included in GSG-MSM SKU only |
|
||
|
Service Level Objectives for Help Desk Services (HDS) |
|||
|
Measurement/ Description |
SLO |
Conditions or Exclusions |
|
|
Total time waited to answer in seconds divided by total calls to hit the customer DID. Example: 48,000 total seconds waited divided by 1200 calls in a month = 40 second average speed to answer Includes all call no matter the time waited, abandon, or to voice mail |
Average Speed of Answer: 85% within 45 seconds |
Take account of 100% of all calls that hit the customer DID provided by the help desk SLO applies only if no more than 12% of users under management call in any given month. Excessive usage above 12% in any given month will waive the SLO for that month. |
|
|
Time to answer tickets via e-mail |
4 business hours |
||
|
Time to answer tickets via voice mail |
1 business hour |
||
|
SKU |
SKU Description |
| 3.11 Sakon Application Support (SAS) |
|
|
SKU |
SKU Description |
||
| 3.12 System Data Maintenance (SDM) |
Sakon will load the following Customer provided data, to be provided in Sakon specified format and at intervals as defined in the CSD:
|
||
|
Service Level Objectives for System Data Maintenance (SDM) |
|||
|
Measurement/ Description |
SLO |
Conditions or Exclusions |
|
|
This SLO applies to customers who have an automated HRIS feed ETL process established during the implementation phase. Measured from the time the HRIS file is received from the Customer to the time the file is processed in the system |
HRIS Feed: 1 business day from receipt |
The SLO applies only if the data provided is in the agreed format and does not contain errors. |
|
|
Customer to provide inventory update information in a format conforming to the Sakon Template for any orders placed outside of the Sakon application. Measured from the time the customer provides the Inventory Maintenance file to the time Sakon processes the necessary updates to Inventory |
Inventory Maintenance: 98% within 5 business days and 100% within 8 business days from receipt. |
This SLO applies only if the data provided is in the agreed upon format and does not contain errors. |
|
|
The Service Level Objectives for the SaaS Applications can be found in Sakon’s Hosting Support and Service Availability Addendum (“HSSA”) |
|||
|
SKU |
SKU Description |
| 3.13 Program Management (PM) |
|
4. Customer Responsibilities.
- Serve as the interface between Sakon and all of Customer’s affiliates, business units, functions or cost centers to whom the Services apply.
- provide applicable information, data, consents, decisions and approvals as required by Sakon to perform the Services, within five (5) Business Days of Sakon’s request unless Customer and Sakon mutually agree to an extended response time.
- help resolve issues, which need escalation within Customer’s organization, as necessary.
- administer the Change Control Procedure as defined with Sakon as needed.
- Review and signoff on the CSD upon go-live within five (5) Business Days of Sakon’s submission unless Customer and Sakon mutually agree to an extended response time.
- Review and signoff on any revisions to the CSD during the operational meetings within five (5) Business Days of Sakon’s submission unless Customer and Sakon mutually agree to an extended response time.
- Contribute to and participate in operational and stewardship review meetings or conference calls chaired by Sakon.
- Make appropriate stakeholders available to attend the review meetings including the executive sponsor/s for the stewardship meetings.
- Notify Sakon of any personal data or sensitive data that Sakon should exclude from Services and assist in segregating that data from the Carrier.
- Continue processing telecom invoices using Customer’s business systems and processes until Ongoing Services are established and tested.
5. Customer Responsibilities by Managed Service Deliverable.
|
SKU |
SKU Description |
| 5.1. Procurement Workflow Management (PWM) |
|
|
SKU |
SKU Description |
| 5.2. Order Fulfillment Service (OFS) |
|
|
SKU |
SKU Description |
| 5.3. Inventory Build and Maintenance (IBM) |
|
|
SKU |
SKU Description |
| 5.4. Invoice Receipt and Loading (IRM). |
|
|
SKU |
SKU Description |
| 5.5. Invoice Cost Allocation (ICA). |
|
|
SKU |
SKU Description |
| 5.6. Audit Optimization and Remediation (AOR). |
|
|
SKU |
SKU Description |
| 5.7. Help Desk Services (HDS). (GSG-MSM SKU Only) |
|
|
SKU |
SKU Description |
| 5.8. Sakon Application Support (SAS). |
|
|
SKU |
SKU Description |
| 5.9. System Data Maintenance (SDM). |
Customer will provide the necessary system, contract and inventory change data for input to the Application within timeframe stated in the CSD. |
SAKON DEVICE PLATFORM IMPLEMENTATION
1. Scope of Work.
Sakon will provide the Implementation Services to activate and configure the Customer’s instance of the Sakon hosted platform.
2. Project Methodology.
3. Project Roles.
The level of involvement of each Sakon and Customer team member will vary by role and task as defined in the project plan. Sakon will notify Customer of any change in the Sakon team mix that may be necessary from time to time.
Project team member roles and responsibilities are defined below. Note that resources may perform multiple roles.
3.1 Sakon Project Roles & Responsibilities.|
Role |
Definition & Responsibility |
|---|---|
|
Executive Sponsor (Sakon Sponsor) |
The Sakon Sponsor is responsible for assuring that the appropriate Sakon resources are available for the project, working with the Sakon IM to resolve escalated issues in a timely manner |
|
Implementation Manager (Sakon IM) |
The Sakon IM manages the overall project and is responsible for working directly with the Customer Project Manager. The Sakon IM is responsible for resolving project-related issues and providing overall project status to key members of Sakon and Customer management through participation in project status meetings and monthly steering committee meetings. |
|
Consultant(s) / Subject Matter Experts (SMEs) |
The Consultant and/or SME roles are assigned to the project based on Customer’s specific scope and project complexity. This role completes hands-on functional and technical project activities and provides guidance to the Customer. Throughout the project, the consultants and/or SMEs lead and/or participate in workshops to assist Customer in understanding and utilization of the features and functions of the Sakon applications and services included in the Implementation Exhibit and related documents. |
Sakon Implementation Executive Sponsor for Customer
Name: Dawn Bradley
Title: Senior Director, Mobility PMO
Contact Info: dawn.bradley@sakon.com / 207-835-7026
3.2 Customer Project Roles & Responsibilities.
|
Role |
Definition & Responsibility |
|---|---|
|
Executive Sponsor / Steering Committee (Customer Sponsor) |
The Executive Sponsor/Steering Committee is responsible for championing the project, ensuring that the appropriate Customer resources are available for the project, working with the Customer Project Manager to resolve escalated issues in a timely manner and sign off on key deliverables throughout the project. |
|
Customer Project Manager (Customer PM) |
The Customer PM is responsible for managing the project through completion. The Customer PM performs a variety of tasks including
|
|
Business Analysts / Subject Matter Experts (SMEs) |
Business analysts/SMEs (including developers, administrators, quality control, etc. as required by Customer) are responsible for providing functional knowledge and expertise on Customer requirements such as business processes, data mapping, organizations, and platform configurations. They also escalate to the Customer PM any issues that may impact the Go-Live Date and develop Customer-specific training/testing materials and documentation. |
4. Project Lifecycle.
The Sakon implementation methodology consists of five phases: Plan, Architect, Configure, Test and Deploy. This section describes the Services that will be performed and the deliverables that will be provided during each phase. Phases may overlap, meaning that a phase may start before completion of the all the proceeding phase’s deliverables.
4.1 Phase 0 – Plan. The Plan Phase enables the Customer and Sakon to review the overall project scope and to develop the procedures and mechanisms required to plan and control the project. This phase deals with data collection and sets the overall direction and approach for managing the project. The Plan Phase defines the team members, roles and responsibilities and the communication plan that will be used throughout the project.
|
Deliverable or Activity |
Description |
Primary Owner |
|---|---|---|
|
Baseline Project Plan |
Document that contains the initial details of the project activities, owners, and completion dates. This Deliverable will be completed upon sign-off on the Baseline Project Plan by the Sakon and Customer project managers. |
Sakon IM / Customer PM |
|
Project Governance & Communication Plan |
Document used to identify the expected level of communication and escalation for different audiences. |
Sakon IM / Customer PM |
|
Project Kickoff Meeting |
A remote meeting between the Sakon and Customer project stakeholders and project team members. Sakon will present the Sakon implementation methodology and project overview to ensure that both Customer and Sakon have a clear and consistent understanding of project goals, objectives, and timeframes. |
Sakon IM |
|
Discovery Workshop |
A collaborative working session to outline and review data collection, business rules/processes, and interface requirements collected as part of the Phase 0 data collection deliverable. The Sakon and Customer Project Managers will sign- off on the workshop completion certificate to signify completion of this activity |
Sakon IM |
|
Phase 0 Data Collection Worksheet |
Sakon will provide Customer with the Data Collection Worksheet to collect and deliver all necessary Phase 0 data required to implement the scope of this project, Completion of this Deliverable will be the sign-off by the Sakon Project Manager which confirms receipt of all required Phase 0 Data. If Customer is unable to deliver specific Phase 0 data, Sakon will identify the risks to Customer and make the necessary changes to the project timelines and deliverables. |
Customer PM |
|
Phase 0 Completion Sign-off |
Sign-off by the Sakon and Customer project managers certifying that Phase 0 is complete and documenting any missing data, risks, timeline or deliverable impacts/changes. |
Sakon IM / Customer PM |
4.1 Phase 1 – Architect. The Architect Phase enables Customer and Sakon project team members to finalize the configuration requirements and business process definitions. It is during this Phase that design workshops will be used to drive the business decisions necessary to successfully implement the Service.
The phase will be considered complete upon mutual sign-off by the Sakon and Customer Project Managers.
|
Deliverable or Activity |
Description |
Primary Owner |
|---|---|---|
|
Business Rules / Processes Configuration Workshop(s) |
Up to two interactive meetings to determine Customer’s business rules and process configuration requirements. The Sakon and Customer Project Managers will sign-off on the workshop completion certificate to signify completion of this activity. |
Sakon IM |
|
Hosted Platform Interface Configuration Workshop(s) |
Up to four interactive meetings to determine Customer’s hosted platform interface configuration requirements. The Sakon and Customer Project Managers will sign-off on the workshop completion certificate to signify completion of this activity. |
Sakon IM |
|
User Access Configuration Workshop(s) |
Up to four interactive meetings to determine Customer’s user access / roles configuration requirements. The Sakon and Customer Project Managers will sign-off on the workshop completion certificate to signify completion of this activity. |
Sakon IM |
|
SaaS Setup and Configuration Workshop(s) |
Up to four interactive meetings to determine Customer’s functional and organization configuration requirements. The Sakon and Customer Project Managers will sign-off on the workshop completion certificate to signify completion of this activity. |
Sakon IM |
|
Reporting Workshop |
Up to four interactive meetings to demonstrate Sakon’s reporting capabilities. The Sakon and Customer Project Managers will sign-off on the workshop completion certificate to signify completion of this activity. |
Sakon IM |
|
Phase 1 Completion Sign-off |
Written Sign-off by the Sakon and Customer Project Managers certifying that Phase 1 is complete and documenting any missing data, risks timeline or deliverable impacts/changes. |
Sakon IM / Customer PM |
4.3 Phase 2 – Configure. The Configure Phase will complete the configuration of the Sakon hosted platform based on the design analysis specifications finalized in the Architect Phase. Application and integration configurations are completed, data conversion is executed, and the Customer instance is prepared for the Test Phase.
|
Deliverable or Activity |
Description |
Primary Owner |
|
SaaS Platform Configuration |
A Customer specific instance is deployed and configured based on the design decisions confirmed in the Architect Phase. This includes configuration data as well as transactional data provided. The Customer team is responsible for validating its accuracy during the Test Phase. This Phase is completed once the instance is made available to the Customer for training and testing. |
Sakon IM |
4.4 Phase 3 – Test. During the Test Phase Sakon will open the Customer’s hosted platform instance to conduct the Customer training and set up user credentials so Customer can conduct User Acceptance Testing UAT). The phase will be considered complete upon mutual UAT sign-off by the Sakon and Customer Project Managers.
|
Deliverable or Activity |
Description |
Primary Owner |
|
Hosted Platform Training |
Sakon provides a “train the trainer” remote training session for up to 10 attendees. The Customer can develop their own internal training program for their users based on this training session. |
Sakon IM |
|
User Acceptance Testing |
Customer develops and runs testing scenarios conducted by selected Customer users to confirm the operation of the Sakon platform. |
Customer PM |
|
Phase 3 Completion Written Sign-off |
Sign-off by the Sakon and Customer Project Managers certifying that Phase 3 is complete and Customer agrees to go-live on the platform. |
Customer PM |
4.5 Phase 4 – Deploy. Upon successful completion of the Test Phase, the project will move to the Deploy Phase. This phase includes the steps necessary to move the customer instance into production with the implemented features/functions agreed to in Phases 0-2 of the Project Lifecycle.
|
Deliverable or Activity |
Description |
Primary Owner |
|
Go-Live Production Instance |
Sakon will deliver a production instance of the hosted platform to Customer. |
Customer PM |
|
Customer Specific Document (“CSD”) |
Sakon will deliver a formal Process, Workflows and Procedures Document (Customer Specific Document or CSD) to document the scope, process and configuration decisions agreed to during the implementation. This Deliverable is complete upon sign-off by the Sakon and Customer Project Managers and signifies the Customer transition from Implementation to Steady-state. |
Sakon IM |
|
Project Completion Sign-off |
Execution of the Sakon Implementation Project Completion Certificate by the Sakon and Customer Project Managers certifying that implementation is complete. |
Customer PM |
5. Implementation Requirements.
Sakon’s ability to complete implementation is dependent on the requirements outlined in this section. Due dates, deliverables, milestones, estimates, and other project timelines may be impacted if requirements are not met. In the event a requirement is not met Sakon and Customer shall use reasonable efforts to resolve the issue and mitigate further delays. Remedies for failing to meet a requirement include excusing or extending due dates, deliverables, milestones, estimates, and other project timelines, as well as altering the approach to completing the implementation. Where an agreement is required to resolve an issue, and the issue cannot be resolved by agreement, then the matter shall be managed through the procedure described in the Change Management and Control section below.
5.1 Sakon’s Requirements.
Sakon will:
- designate a single point of contact (SPOC). The individual will be able to represent Sakon on all project and technical decisions.
- provide a Service Delivery Manager and the appropriate SMEs to project manage the implementation of the managed services;
- make good faith efforts and take reasonable actions necessary to meet all dates set forth in the project plan;
- coordinate its own internal resources necessary to conduct all required workshops in a timely manner;
- establish priorities, processes, methods, and procedures for invoice processing, approvals and exceptions management;
- provide Data Gathering Checklist and assist Customer with its completion;
- provide Customer with any worksheets, checklists, RAID trackers, project plan updates to provide proper visibility to project status and project risks;
- establish an SFTP site for initial and ongoing file upload of data gathered by Customer;
- assist Customer with completion of Letters of Authorization and, if required by Vendor, other documentation such as confidentiality agreements or ancillary authorization forms;
- lead status meetings with Customer team and Sakon SME’s;
- upon notification by Customer of personal data or sensitive data that Sakon should exclude from Services, Sakon shall use best efforts to exclude such data from the Services; and
- participate in workshops required for Sakon to obtain any functional design decisions and technical integration specifications necessary to configure the Sakon platform;
- provide applicable information, data, consents, decisions and approvals as required during the project to perform the Services;
- initiate the process of loading Vendor invoice and accounts payable information provided by the Customer into the platform.
- coordinate and present specifications for included custom reports. Create Project Change Request as appropriate.
- perform an inventory build as required to facilitate invoice processing and cost allocation.
- deliver training to Customer Administrator(s) on the use of the Sakon platform;
- upon completion of the transition activities, prepare a review all transition deliverables and milestone attainment for Customer acceptance for the closeout of the implementation and captured within the Customer Specific Document “CSD”.
5.2 Customer’s Requirements.
Customer will:
- assign a single point of contact (SPOC) for Sakon, wherein the individual will have a thorough understanding of Customer's business requirements and technical environment and will be able to represent Customer on all business and technical decisions;
- provide access to facilities and personnel as reasonably necessary for Sakon to perform its responsibilities;
- provide assistance, cooperation, information, equipment, data, a suitable work environment and resources reasonably necessary to enable Sakon to perform the Implementation Services.
- coordinate any on-site, online, or conference call requirements to be held during the Implementation;
- complete and return any worksheets or checklists provided by Sakon within ten (10) Business Days of Customer receipt unless an extension is agreed to by the parties;
- provide applicable information, data, consents, decisions and approvals as required by Sakon to perform the Services, within five (5) Business Days of Sakon’s request, unless Customer and Sakon mutually agree to an extended response time;
- provide one primary source system for Customer’s data conversion requirements;
- gather, consolidate and deliver all required Phase 0 data to Sakon for normalization by Sakon prior to loading to the platform;
- deliver data, requested files, or any other confidential or proprietary information to Sakon via SFTP protocol on Sakon’s SFTP server. All file transfers will be done via secure FTP (SFTP) (using SSL or encrypted files);
- notify Sakon of any personal data or sensitive data that Sakon should exclude from Services and assist in segregating that data from the Vendor source data
- Upon such notification, Sakon shall use best efforts to exclude such personal data or sensitive data from the Services;
- provide a Letter of Authorization (LOA), when needed, to each Vendor including a list of billing accounts and services authorized and provide a copy of such consent to Sakon;
- Customer will assist Sakon with Customer Vendors by:
- Enabling Vendor Portals and providing access for Sakon;
- Directing and authorizing redirects of invoices and conduct billing address changes as needed;
- Adding Accounts to Vendor Portal; and
- Redirecting - EDIs and assisting in Setup of EDI;
- make good faith efforts and take reasonable actions necessary to meet all dates set forth in the project plan;
- coordinate its own internal resources necessary to conduct all required workshops in a timely manner;
- participate in all workshops required for Sakon to obtain any functional design decisions and technical integration specifications necessary to configure the Sakon platform in a timely manner;
- deliver all Customer User training on the use of the Sakon platform after Sakon has provided the initial training to Customer Administrators;
- Customer is responsible for maintaining and troubleshooting any issues related to the following Customer environments:
- Mail server;
- Active Directory;
- Microsoft SQL Server;
- Corporate Instant Messaging Server;
- Firewall;
- VPN; and
- MDM.
Customer acknowledges that Sakon’s ability to complete the implementation is dependent on Customer’s compliance with the requirements set forth above. If Customer is unable to meet one or more of the requirements set forth above, then due dates, deliverables, milestones, estimates, project timelines, and other applicable implementation requirements, shall be excused or extended until such time that the requirement(s) is met, and Sakon may elect to revise the approach to completing the project.
Customer acknowledges that Sakon’s ability to staff the project is dependent on Customer starting the project on the agreed date. If Customer delays the agreed start date, then Sakon will work closely with Customer to assess the impact, identify available options and agree on next steps.
If circumstances beyond the control of Customer or Sakon cause delay, then Customer and Sakon shall assess the impact and, if necessary, revise the project's estimated completion date and/or approach to completing the project.
If Customer requests in writing to expand the scope beyond the deliverables defined in this Implementation Exhibit, then Customer may elect to pay Sakon additional fees and expenses incurred by Sakon to bring the project up to date with the milestones set forth herein. If Customer elects not to pay such additional fees, Customer acknowledges that the project milestones may be impacted.
6. Issue Resolution.
An issue is any condition where one Party’s expectation under this Implementation Exhibit may not be met (“Issue”). To effectively deal with an Issue the entire team needs to be made aware of the Issue. If it is an issue that may hinder progress on a project, the following procedure will be followed to identify the correct resource to resolve the problem quickly.
6.1 Identification and Escalation. Issues may be identified by anybody on the project team. The Customer PM is the escalation point for all employees of Customer assigned to the project. Sakon’s IM is the escalation point for all employees of Sakon assigned to the project. If there is an issue with either the Customer’s PM or Sakon’s IM, the Customer Sponsor and the Sakon Sponsor will meet to resolve the issue.
6.2 Documentation. Once identified, each Issue must be documented by the Sakon IM and Customer PM for review by the Customer / Sakon project team.
6.3 Assignment. The Customer PM/ Sakon IM will assign a priority to the Issue, determine a resource responsible for resolving the issue and assign a target date for completion.
6.4 Monitoring. All Issues will be tracked on an Issues Log that will be maintained to formally track the resolution status of each Issue.
6.5 Reporting. Issues will be brought to the attention of the entire team and discussed in the weekly status report and weekly status meeting.
6.6 Resolution. The Issues Log and associated documentation for each issue will be made available for all team members. In the event that an issue cannot be resolved in a reasonable period to the mutual satisfaction of the Customer and Sakon management team, the Customer and Sakon will escalate the issue within its organization.
7. Change Management and Control.
The change management and control procedure is the primary vehicle for maintaining project scope and ensuring management can determine trade-offs among the three key project variables of cost, time and scope. Potential scope changes (“Changes”) must be identified early in the implementation, documented carefully and resolved at appropriate levels of responsibility. Sakon shall obtain prior written authorization and approval of expenditures from Customer before starting work on Changes. The change management process (“Change Management”) is outlined here.
7.1 A written change request (“Change Request”) shall be submitted by the requesting party to the Project Manager for the other party. Such Change Request shall include, but not be limited to, a description of the change and its benefit to the Implementation deliverables/services.7.2 The Customer PM and Sakon IM shall, as necessary, discuss the Change Request and its associated impact with each other and with other persons. Upon mutual written agreement of Customer PM and Sakon IM, a Change Request will be accepted, and the proposed change shall be implemented. No Change Request shall become binding on either party, however, unless signed by authorized persons on behalf of both parties.
7.3 Each Change Request shall be documented through this Change Management. Until Change Management has been completed and the Change Request has been signed by Customer and Sakon, the original requirements under this Implementation Exhibit will remain unchanged and no work on any Change Request will begin. A fully executed Change Request will be subject to the terms of this Implementation Exhibit and the Agreement.
7.4 Changes are broadly defined as those activities not originally considered within either the products to be delivered or tasks to be performed as identified in this Implementation Exhibit. Changes may include:
- Scope items not listed in this Implementation Exhibit (additional business processes, functions, programs, databases, etc.)
- Participation in activities not previously included in this Implementation Exhibit list of work activities.
- Provision or development of deliverables not included in this Implementation Exhibit.
- Impact caused by changes in the assumptions defined herein.
- Delays or rework caused by items identified in this Implementation Exhibit as Customer responsibilities.
- Change in responsibilities as defined in this Implementation Exhibit between Customer and Sakon, including reallocation of project staffing.
- Rework of completed activities or deliverables due to a change request.
- Delays caused by a change in previously agreed-upon acceptance criteria.
- Investigative work to develop impact statements for major change requests.
8. Timely Performance.
The parties acknowledge and agree that the avoidance of project delays is material to Customer’s use of the Service and Sakon’s ability to fulfil this Implementation Exhibit in accordance with the estimated timeline. In the event of any project delay, the parties will attempt to mitigate the effects of such delay; however, either party may convene a Steering Committee meeting made up of the Sakon and Customer executive sponsors, project managers, and implementation managers) to discuss such delays.
The Steering Committee will take into consideration the cause of the delay and negotiate in good faith to revise this Implementation Exhibit and change specific timeframe schedules or deliverables if appropriate under the circumstances.
9. Acceptance Process.
Upon completion of a project deliverable/milestone, the Sakon IM will submit the deliverable and an email confirming the submission to the Customer designated Executive Sponsor for review. The Customer will have up to fifteen (15) business days to review the deliverable and notify the Sakon IM via email of any discrepancy and specify the reason(s) that the deliverable does not meet the requirements of this Implementation Exhibit.
Upon receipt of a notice of a discrepancy from the Customer, Sakon will make commercially reasonable effort to correct the discrepancy or propose a workaround solution. Sakon will resubmit the deliverable for Customer testing and approval when the discrepancy has been corrected or a workaround solution has been identified. If the Customer does not find any discrepancy with the corrected deliverable, it shall notify Sakon of its acceptance in writing. If the Customer does not notify Sakon of any discrepancy in the deliverable within the fifteen (15) business day period, notwithstanding anything to the contrary, the Customer shall be deemed to have accepted the deliverable. The foregoing testing procedure shall continue with respect to a deliverable until such deliverable is accepted.
SAKON MOBILE PLATFORM TRAINING
1. Training Paths.
Sakon Device Platform areas include: Self-Service, Device Lifecycle Management, Expense Management, and Reporting. Actual training will cover application areas in scope and will occur during the project implementation or as required through the term of the MSA.
|
Training Topics |
Customer Learning Objectives |
|---|---|
|
Application Overview (Customer Admin / Order Admin / Managers) |
|
|
Operational / Advanced Reporting (Customer Admin / Order Admins) |
|
|
Ordering / Procurement (Customer / Managers / Order Admin users) |
|
|
End User |
|
2. On-Site Training Terms.
On-site training at Customer's site is subject to Sakon's approval and the following terms. Customer will provide the required training facility in accordance with the Sakon- provided specifications for room setup, hardware and Internet connectivity requirements. Each attendee will have an individual workstation complete with Internet connectivity provided by Customer. Customer will be responsible for the reasonable and actual travel expenses incurred by the instructor(s) which will be invoiced after the session, provided Customer has approved such expenses per this SOW. The minimum and maximum number of students for any on-site training is three (3) minimum and twenty-five (25) maximum.