Quickbase, Inc. Standard Terms and Conditions for Vendors
These QUICKBASE, INC. STANDARD TERMS AND CONDITIONS FOR VENDORS (the “Terms”) govern the rights, remedies, and obligations of Quickbase, Inc. (“Quickbase”) and a vendor (the “Vendor”) of items and materials, including products, hardware, software, furniture, equipment, and merchandise (“Goods”) and services including professional services and software as a service (“Services”) under purchase orders issued by Quickbase and agreements, engagement letters, statements of work, or other documents executed by Quickbase and Vendor that refer to or incorporate these Terms (each a “Purchasing Document”).
1. Quality and Security.
Vendor shall perform all of its obligations to Quickbase (i) with due care, skill and diligence, (ii) in a professional and workmanlike manner, (iii) in accordance with high industry standards and practices, (iv) in conformity with the specifications in the Purchasing Document, and (v) without a conflict of interest with respect to a third party. All results of the Services developed by Vendor, either alone or jointly with others, whether completed or in-progress (the “Deliverables”) shall conform to the relevant specifications in the Purchasing Document and, to the extent there are no directly relevant specifications, to high industry standards. All Goods shall be merchantable, free from defects in design, workmanship, and materials, and conform to the specifications in a Purchasing Document. All Goods and Deliverables (including any item or process used by Vendor to provide the Services) shall be free of hidden features and security defects. No component of any of the Goods or Deliverables shall include any viruses, worms, time bombs, Trojan horses or other harmful or malicious code, files, scripts, agents or programs (“Malicious Code”). Vendor shall not transmit to Quickbase, or cause any Quickbase system to be exposed to Malicious Code. Vendor shall notify Quickbase in writing and in reasonable detail immediately upon becoming aware of the existence of any Malicious Code contained in a Good or Deliverable. If any Good or Deliverable contains Malicious Code, or if Vendor transmits any Malicious Code to a Quickbase system, Vendor shall cooperate with Quickbase, at Vendor’s expense, to promptly remove the Malicious Code and repair any corrupted files or data.
2. Vendor Personnel.
Vendor shall determine the methods, details, and means of performing the Services. Unless set forth in a Purchasing Document, Quickbase will not control, direct, or supervise Vendor’s employees, independent contractors, suppliers, vendors, agents, permitted subcontractors, and invitees (“Vendor Personnel”) in the performance of the Services. Vendor shall use adequate numbers of qualified individuals with suitable training, education, experience and skills to perform the Services. Vendor agrees to take all reasonable measures to ensure that Vendor Personnel will not engage in inappropriate conduct while performing Services for Quickbase and agrees that Vendor Personnel who engage in inappropriate conduct shall be removed and replaced immediately upon Quickbase’s reasonable request. Vendor shall conduct criminal, education and background checks on each of its representatives, employees and subcontractors who will be performing Services in accordance with the applicable Purchasing Document. Based on the results of the background checks, Vendor shall notify Quickbase of any results of such background checks that calls into question the fitness of any of the Vendor’s representatives, employees and subcontractors to provide service under the respective Purchasing Document. Upon such notification, the Vendor shall remove and replace such representative, employee or subcontractor. Vendor shall not reassign any of its personnel performing the Services hereunder without Quickbase’s prior written consent. Following Quickbase’s written request, Vendor shall replace any of its personnel pursuant to the terms hereof with a substitute that Quickbase has confirmed in writing as being acceptable. Vendor shall require Vendor Personnel performing any of the Services to observe at all times the security, confidentiality, and safety policies of Quickbase. All Vendor Personnel shall meet the licensing, security, labor and site requirements for the locale where the Services are being performed. Vendor shall withhold and pay all amounts required for any employer or employee tax or contribution, including local, state and federal income tax, unemployment insurance and disability insurance. All Vendor Personnel performing Services are, and shall for the period of assignment remain, employees or, where permitted by these Terms, subcontractors of Vendor and such Vendor Personnel will not be entitled to any of Quickbase’s employee benefits. It shall be Vendor’s sole responsibility to compensate and/or pay Vendor Personnel.
3. Subcontracting.
Vendor shall not subcontract any Services without the prior written consent of Quickbase, which Quickbase may grant or withhold in its sole discretion. If Quickbase provides such written consent, then Vendor shall have the primary obligation to perform the Services, and shall be fully responsible for the performance of any subcontractor and the compliance with all of its obligations by any subcontractor. Vendor shall, in its contracts with all permitted subcontractors and agents in the provision of Services, flow down all of its obligations.
4. Vendor Manager.
Quickbase reserves the right to appoint a third party to act as its vendor manager, payment and billing agent to coordinate and manage its relationship with Vendor. Such vendor manager shall be considered a third party beneficiary under this Agreement.
5. Acceptance.
Payment shall not constitute acceptance of Goods or Deliverables. Unless otherwise provided in a Purchasing Document, acceptance of Goods or Deliverables shall be deemed to occur if each Good or Deliverable conforms to the relevant specifications and standards and, in the case of Deliverables, is also approved by an authorized representative of Quickbase. Quickbase shall have the right to reject all or part, or require the correction, of any Good or Deliverable found not to meet the relevant specifications and standards, which item shall be promptly replaced or corrected by Vendor. Quickbase shall have no payment obligation and/or shall be entitled to a refund for defective or non-conforming Deliverables or Goods.
6. Intellectual Property.
For purposes of this Agreement, “Intellectual Property” means all intellectual property and proprietary rights, including without limitation all rights of inventorship and authorship, inventions, patents, patent applications, and know-how, for any product, process, method, machine, manufacture, design, composition of matter, or any new or useful improvement thereof, as well as copyrights, trademark, trade dress and service mark rights and all rights in trade secrets, computer software, proprietary information and data and databases.
7.1 Quickbase Property.
“Quickbase Property” means the following: (i) Quickbase’s Intellectual Property that Quickbase owns prior to the Effective Date of the Purchasing Document or acquires separately or develops; (ii) Intellectual Property conceived, produced or developed by Vendor, whether directly or indirectly or alone or jointly with others, in connection with or pursuant to Vendor’s performance of this Agreement; and (iii) other Deliverables, Goods, or Services that are made by Vendor through the use of Quickbase’s equipment, funds, supplies, facilities, materials and/or Quickbase proprietary information. “Quickbase Contracted Property” means Intellectual Property that falls within the scope of any of Subsections (ii) and (iii) of the previous sentence. Vendor agrees to assign and hereby assigns to Quickbase all of its respective rights, title, and interest in the Quickbase Contracted Property and Quickbase owns all rights, title and interest in and to such Deliverables, Goods, and Services, the rights, title, and interest including all rights of inventorship and authorship, all patents and patent applications, all copyrights, all trademark and service mark rights, all rights in trade secret and proprietary information, all rights of attribution and integrity and other moral rights and all other Intellectual Property rights. Quickbase grants Vendor no rights to Quickbase Property beyond the scope of this Agreement.
7.2 Vendor Property.
“Vendor Property” means Intellectual Property (i) created or acquired by Vendor before the Effective Date of the Purchasing Document and not assigned pursuant to a Purchasing Document or (ii) independently developed by or for Vendor as part of Vendor’s normal business and not developed for or paid for by Quickbase under a Purchasing Document. Vendor Intellectual Property may be included as part of the Goods, Deliverables, or Services, but the title to such Vendor Intellectual Property shall remain with Vendor. However, except as provided in this Section 7.2, for any Vendor Property incorporated into the Deliverables, Goods, or Services, Vendor grants Quickbase a royalty-free, fully-paid up, perpetual and irrevocable, world-wide, non-exclusive license to: (i) prepare derivative works; and (ii) make, use, copy, modify, have made, import, have imported, export, have exported, distribute, have distributed, publicly and privately perform, display and transmit derivative works and reproductions thereof, and to sublicense all of these rights for Quickbase’s benefit and to sublicense such rights for Quickbase’s benefit. Notwithstanding the foregoing, to the extent that the Goods, Deliverables, or Services to Quickbase consist solely of training materials developed by Vendor without use of Quickbase Intellectual Property or Quickbase Confidential Information, such license and sublicense right shall be solely for Quickbase’s use in its internal business operations. Further, where the Goods, Deliverables, or Services include providing entertainment, speaking, and/or participating as a host, lecturer, performer or guest in a meeting or conference, the rights granted in this paragraph shall further include a grant to use Vendor’s likeness and performance in Quickbase’s internal and external business operations and to record, and to broadcast, web cast or otherwise disseminate Vendor’s performance and likeness, in whole or in part, live or recorded, with or without audio or video, or with different audio or video throughout the world on all media, channels and manner of distribution now or hereafter known.
7.3.
Vendor shall prominently declare in the applicable Purchasing Document under a section entitled “Third Party Intellectual Property” any third party Intellectual Property or open source software (i) incorporated into any Services, Deliverables, or Goods or (ii) that is required for use of any Deliverable or Good (each a “Dependency”). Each Dependency declaration shall include all necessary documentation, including license terms and copyright notices, for Quickbase to be able to adequately determine its rights to use and reproduce the Dependency. Quickbase hereby rejects any Deliverables containing any Dependency that is not declared in a Purchasing Document or that is incompatible with the assignments or licenses granted in these Standard Terms or the Purchasing Document.
8. Delivery, Packing, and Shipment.
Delivery of Goods and Deliverables shall be strictly in accordance with the schedule set forth in a Purchasing Document. Any delays in shipment shall be reported immediately by Vendor to Quickbase. No partial deliveries or deliveries of additional items shall be made without Quickbase’s express prior written consent. Quickbase reserves the right to cancel a Purchasing Document in whole or in part if Vendor fails to make deliveries in accordance with its terms. All Goods and Deliverables to be shipped shall be prepared for shipment according to Quickbase’s instructions, if any, and otherwise in a manner that follows good commercial practice, is acceptable to common carriers, and is adequate to ensure safe arrival. Vendor shall mark all containers with necessary lifting, handling and shipping information, purchase order number, date of shipment and the names of Quickbase and Vendor. Unless otherwise specified herein, all shipments shall be DDP (Incoterms 2000). Notwithstanding any prior inspections, Vendor bears all risk of loss, damage, or destruction until acceptance of Goods or Deliverables by Quickbase.
9. Changes.
Quickbase may at any time make reasonable changes in the delivery schedules, designs, quantities, and specifications for Goods; provided that Quickbase shall pay only the reasonable costs associated with such changes.
10. Price.
Prices for Services, Deliverables, and Goods are as specified in the Purchasing Document. Quickbase shall have no payment obligation for (i) additional or different Services, Deliverables, or Goods rendered other than those described in a Purchasing Document (unless the parties execute an approved change order), (ii) Services performed or Goods delivered prior to the effective date of the Purchasing Document, or (iii) amounts exceeding what is expressly authorized in the Purchasing Document. All applicable direct and indirect taxes, duties and similar levies, excluding value added tax (VAT), shall be included in the estimated project costs contained in each Purchasing Document and shall be clearly identified on applicable invoices. For purposes of these Terms, “indirect taxes” mean sales tax, use tax, value added tax (VAT), goods and services tax and/or consumption tax which Vendor may have an obligation to charge and collect from Quickbase. Vendor is not responsible for a change in the indirect taxes resulting from a change in any code or regulation implemented after the submission of the estimated project cost.
11. Payment Terms.
Unless otherwise provided in a Purchasing Document, (i) Vendor shall invoice Quickbase monthly; (ii) invoiced amounts for which no due date is otherwise established will be due and payable within sixty (60) days from receipt of an undisputed invoice. An acceptable invoice shall include reference to: (i) the Quickbase entity, (ii) the valid purchase order number, (iii) a description of the items, quantities, and unit prices for all Services, Deliverables and Goods invoiced; (iv) the name of the individual from Quickbase who ordered the Services, Deliverables and Goods, (v) the contact information for an authorized representative of the Vendor, and (vi) any applicable VAT information (including the VAT code listed in the Affiliate Purchasing Guidelines, if any). Each invoice must reference only one (1) purchase order number, and Vendor shall submit a separate invoice for each Purchasing Document. For invoices submitted via email or fax in compliance with the Affiliate Purchasing Guidelines, Vendor shall submit only one (1) invoice per email or fax.
12. Expenses.
Unless expressly authorized in the Purchasing Document, Vendor will not be entitled to be reimbursed for travel, living or other expenses.
13.1 Confidentiality.
As used in these Terms, “Confidential Information” means any and all information, material or documentation, disclosed to or known by Vendor as a consequence of or through the engagement by Quickbase under this Agreement, about Quickbase or Quickbase clients’ business plans, products, processes, services and operations, including without limitation: business plans; compensation data; information or lists relating to customers, vendors, suppliers, and personnel; financial information and records; inventions; inventories; marketing strategies; new materials; research and development; research and development projects and strategies; new product information; new materials research; new product manufacturing; pending projects and proposals; product development; scientific and technical information; data; scientific data; technological data; designs; prototypes; scientific prototypes; technological prototypes; systems; procedures; formulae; scientific formulae; trade secrets; patents; copyrights; trademarks; service marks; intellectual property; computer programs; computer software or hardware; discoveries; proprietary production processes; purchasing; production methods and processes; machines; compensation information; and instruction manuals. However, Confidential Information shall not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to Quickbase, (ii) was known to Vendor prior to its disclosure by Quickbase without breach of any obligation owed to Quickbase, (iii) is received from a third party without breach of any obligation owed to Quickbase, or (iv) was independently developed by Vendor. Vendor shall: (i) use at least the same degree of care to protect Confidential Information that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care), (ii) not disclose any Confidential Information for any purpose outside the scope of the Purchasing Document and these Terms, and (iii) limit access to Confidential Information to those of its employees, contractors and agents who need such access for purposes consistent with the Purchasing Document and these Quickbase Terms and who have signed confidentiality agreements with Vendor containing protections no less stringent than those herein. Additionally, Vendor shall provide prompt notification to Quickbase of any unauthorized access to or disclosure of Confidential Information. If Vendor is compelled by law or any listing or trading agreement concerning its publicly-traded securities to disclose Confidential Information, it shall provide Quickbase with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at Quickbase’s expense, if Quickbase wishes to contest the disclosure. Upon termination or expiration of the Purchasing Document, or at the request of Quickbase at any time during or after the termination or expiration of the Purchasing Document, Vendor will deliver to Quickbase or destroy and certify destruction (at Quickbase’s election and in the manner designated by Quickbase) of all Quickbase Confidential Information. Deliverables shall be Confidential Information, but shall not be Vendor confidential information unless agreed in advance in the Purchasing Document. Nothing in a Purchasing Document shall be construed so as to preclude Quickbase from developing, acquiring, marketing or providing products or services that may perform the same or similar functions as the Goods, Deliverables and Services.
13.2
For Confidential Information that is not a trade secret, Vendor’s obligations under this Section shall (i) be perpetual, or, (ii) continue for such maximum duration as permitted by applicable statute and/or common law, which every is shorter; and for Confidential Information that is a trade secret, Recipient’s obligations under this Section shall be perpetual.
13.3
In addition to the terms described in Subsections 13.1, Vendor shall follow the requirements set forth in the applicable Privacy and Security Exhibit attached hereto.
14. No Publicity.
Vendor shall not issue any press release or make any public statement relating to the subject matter of the Purchasing Document (including naming Quickbase as a customer of Vendor) without Quickbase’s prior written approval. Any references to Quickbase or use of any Quickbase logo (including the Quickbase-certified logo), brand or trademark (whether publicly, in connection with the Services, or otherwise) are prohibited without Quickbase’s prior written approval.
15. Quickbase Facilities.
To the extent that any Purchasing Document requires or permits performance of Services by Vendor at Quickbase facilities, Vendor will perform all Services during Quickbase’s normal working hours (Monday through Friday, 8:00 a.m. to 6:00 p.m.), unless it would interfere with Quickbase’s daily business and computer operations, or Quickbase otherwise specifically requests the Services to be done outside of Quickbase’s normal working hours. Vendor Personnel performing Services at Quickbase facilities shall be designated as a “visitor” of Quickbase, and may be required to execute a standard confidentiality agreement upon each visit to Quickbase facilities.
16. Warranty.
Unless otherwise set forth in the applicable Purchasing Document, Vendor warrants that for a period of twelve (12) months following Acceptance (the “Warranty Period”), Goods and Deliverables will conform to the specifications in the Purchasing Document and, to the extent there are no directly relevant specifications, to high industry standards. During the applicable Warranty Period, Vendor will test, remedy and/or replace, without charge to Quickbase, any and all portions of any Deliverables or Goods which Quickbase finds to be defective or non-conforming. If Vendor is unable to remedy any defective or non-conforming Deliverable or Good within a reasonable period of time, Quickbase may (a) terminate the Purchasing Document, (b) return all or part of the defective or non- conforming Deliverables or Goods to Vendor and/or (c) keep the defective or non-conforming Deliverables and Goods. Quickbase shall have no payment obligation and/or shall be entitled to a refund for defective or non-conforming Deliverables or Goods.
17. Indemnification.
Subject to applicable law, each party’s sole indemnification obligation shall be as follows: Vendor shall indemnify, defend (at Quickbase’s option), and hold harmless Quickbase and its affiliates, and each of their officers, directors, employees and agents from and against all third-party claims, demands, suits, causes of action, awards, judgments and liabilities, including reasonable attorneys’ fees and costs, (collectively “Claims”) resulting from, arising out of or alleged to have resulted from or arisen out of: (a) bodily injury, including death, or damage to real or tangible personal property to the extent proximately caused by Vendor in the course of performing this Agreement, and (b) (i) Vendor or Vendor Personnel’s acts, omissions, negligence or intentional misconduct, (ii) any actual or alleged infringement, misappropriation, or violation of any intellectual property rights of a third party by any Deliverable or Good, or use thereof, or in performance of the Services, (iii) Vendor’s failure to compensate or otherwise perform any obligation imposed on Vendor by law or contract with respect to Vendor’s employment or engagement of Vendor Personnel, or (iv) Vendor breach of a provision of a Purchasing Document (v) Vendor’s failure to comply with any of its obligations under any privacy or security exhibit or policy referenced herein. Vendor shall have no liability for Quickbase’s use of Goods or Deliverables outside the scope set forth in a Purchasing Document.
18. Limitation of Liability.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, EXCEPT FOR LIABILITY ARISING OUT OF VENDOR’S BREACH OF SECTION 13 (CONFIDENTIALITY), SECTION 17 (INDEMNITIES), OR ANY PRIVACY OR SECURITY POLICY OR EXHIBIT REFERENCED HEREIN OR ATTACHED HERETO, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR CONSEQUENTIAL, INCIDENTAL OR SPECIAL DAMAGES ARISING FROM ANY CLAIM OR ACTION HEREUNDER, WHETHER BASED ON CONTRACT, TORT OR OTHER LEGAL THEORY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL QUICKBASE BE LIABLE TO VENDOR FOR DAMAGES FOR ANY CAUSE WHATSOEVER IN AN AMOUNT IN EXCESS OF THE AMOUNTS PAID TO VENDOR UNDER THE PURCHASING DOCUMENT.
19. Records and Audit.
Vendor shall maintain complete and accurate records to substantiate Vendor’s charges under the Purchasing Document (including fees, costs, and expenses) for a period of three (3) years from the date of completion of the Services to which the records apply, and Vendor shall promptly comply with Quickbase’s reasonable request for copies of such records. Upon reasonable prior notice, Quickbase (or an independent third party designated by Quickbase), up to once per year during the term of the Purchasing Document and for two years from the date of completion of the Services under the Purchasing Document, shall have the right to visit, inspect, and audit Vendor’s facilities, records, and data to ensure Vendor’s compliance with its obligations, including those with respect to financial records and Quickbase Confidential Information. All audits described in this Section will be conducted reasonably, during normal business hours, and taking reasonable precautions to minimize disruption to Vendor’s normal business. Such audit will be at Quickbase’s expense unless such audit reveals an overcharge of five percent (5%) or greater or a material breach in Vendor’s obligations, in which case such audit will be at Vendor’s expense. All Vendor reviews or audits conducted by Quickbase shall be governed by the confidentiality terms described in Section 13 (Confidentiality) above. All review or audits conducted by Quickbase’s third party designee shall be governed by a confidentiality agreement between Vendor and QuickB=base’s third party designee, which shall be the standard confidentiality agreement of such third party designee.
20. Term.
A Purchasing Document shall continue in force until the later of (a) completion of the Services or (b) expiration of all warranties for Goods or Deliverables. A Purchasing Document for Goods may be terminated or cancelled by Quickbase, in part or in whole, for any reason immediately upon notice to Vendor. A Purchasing Document for Services and/or Deliverables may be terminated or cancelled by Quickbase, in whole or in part, for convenience with thirty (30) days prior notice to Vendor. A Purchasing Document for Services and/or Deliverables may be terminated by Quickbase, in whole or in part, effective as of the occurrence of Vendor’s curable breach if Vendor fails to cure the breach within thirty (30) days of notice of such breach from Quickbase. A Purchasing Document for Services and/or Deliverables may be terminated by Quickbase, in whole or in part, immediately upon Vendor’s incurable breach. Upon the effective date of termination by Quickbase, Vendor shall: (i) immediately cease all work under the Purchasing Document and Quickbase shall be liable only for authorized work completed as of the date of termination; and (ii) provide Quickbase with any and all work in progress or completed work under the Purchasing Document. If Quickbase elects to have Vendor continue performance under a Purchasing Document, it shall remain in effect until both parties have fulfilled all of their obligations. Within thirty (30) days from the date of termination of a Purchasing Document, Vendor shall submit to Quickbase an itemized invoice for any previously approved fees or expenses accrued but unpaid until the time the Purchasing Document was terminated. There shall be no charges for canceling Purchasing Documents for standard Goods. Any claim for cancellation charges for nonstandard Goods must be submitted to Quickbase in writing within thirty (30) days after receipt of Quickbase’s cancellation notice. Vendor’s claim may include: (i) the cost of unique Goods in process, and (ii) the cost of paying claims to Vendor’s vendors for work directly allocable to Goods cancelled and which cannot be diverted to other customers of Vendor’s vendors. Vendor shall, whenever possible, place such Goods in process in inventory and sell them to other customers. In no event shall any such claim for nonstandard Goods exceed the total price for Goods cancelled. Upon payment of Vendor’s claim, Quickbase shall be entitled to all work and Goods paid for. Quickbase reserves the right to inspect Vendor’s work and Goods in process and to audit all relevant documents prior to paying Vendor’s claim.
21. Insurance.
Vendor shall, at its own cost and expense, maintain the following insurance during the term of a Purchasing Document, and shall cause each of its agents, independent contractors and subcontractors performing any Services to maintain the same insurance: (i) Workers’ Compensation (or locally applicable social scheme) as required by law where work is performed. Employer’s Liability insurance of not less than US$1,000,000 per employee and per accident. Coverage to include waiver of subrogation in favor of Quickbase for any services performed on a Quickbase location; (ii) Commercial General (or Public) Liability insurance including Products, Completed Operations Liability, Personal Injury, Contractual Liability and Broad Form Property Damage Liability coverage for bodily injury (including death) or damages to any property of not less than US$1,000,000 per occurrence. “Quickbase, Inc., its subsidiaries, officers, directors and employees” shall be noted on the policy as an additional insured; (iii) Professional Liability (or Professional Indemnity)/Errors and Omissions Liability Insurance in an amount not less than US$1,000,000 per claim. Such insurance shall cover any and all acts, errors, omissions or negligence in the delivery of products and services under a Purchasing Document. The Professional Liability Insurance retroactive coverage date shall be no later than the Effective Date of a Purchasing Document. If such coverage is written on claims-made basis, Vendor shall maintain coverage for a period of up to three (3) years following the termination of Services provided under a Purchasing Document. If Vendor is providing software, software development, software as a service or any technology services and products, then such Errors and Omissions insurance shall include coverage for Network Security and Privacy and Media Liability including but not limited to malicious code, unauthorized use or access, failure of security, invasion of privacy, wrongful disclosure of data, other negligence in handling of confidential information and infringement of intellectual property (except patent infringement); (iv) Commercial Automobile Liability. If an automobile is used by Vendor in connection with the performance of its obligations under a Purchasing Document, then Comprehensive Automobile Liability Insurance for any owned, non-owned, hired, or borrowed automobile is required in the minimum amount of US$1,000,000 each accident combined for bodily injury and property damage; (v) Employee Dishonesty/Crime insurance covering the fraudulent or dishonest acts of Vendor’s employees and agents, acting alone or in collusion with others, and including third party property coverage and computer crime coverage, with limits of not less than US$1,000,000 per occurrence if Vendor has unescorted access to Quickbase’s facilities and/or access to Quickbase’s assets and internal systems; (vi) Property Insurance. If Vendor is using its own property or the property of Quickbase in connection with the performance of its obligations under a Purchasing Document, then Property Insurance on an All Risk basis with replacement cost coverage for property and equipment of others in the care, custody, and control of Vendor is required. The foregoing insurance limits may be achieved by a combination of primary and follow form excess policies. All insurance coverages required hereunder shall be procured from insurers with a current A.M Best rating of not less than A- VII (or local equivalent). Where permitted by law, such policies shall contain a waiver of subrogation in favor of Quickbase. General Liability and Automobile Liability above shall contain provisions stating they are primary and non-contributory with any insurance Quickbase maintains. Any deductible (excess) or self-insured retention in case of an insured event shall be solely borne by the Vendor. The insurance coverage described in this section shall not limit the extent of Vendor’s responsibilities and liabilities specified within a Purchasing Document or by law. If requested by Quickbase, certificates of insurance evidencing the required coverage shall be furnished and shall evidence that the insurance carriers will provide notice of cancellation or reduction in such coverage in accordance with policy provisions. Quickbase’s failure to request certificates of insurance shall not relieve Vendor from the responsibility to maintain the specified insurance coverage.
22. Relationship of the Parties.
At all times Vendor shall be acting as an independent contractor, and shall not be construed or deemed to be an employee, agent, partner, associate or joint venturer of Quickbase within the application of any federal, state, city or local laws or regulations. Neither party has authority to assume or create any obligation or representation, express or implied, on behalf of or in the name of the other party, except as specifically provided herein.
23. Compliance with Laws.
Vendor shall comply with all applicable international, federal, state, local laws and ordinances now or hereafter enacted, including: (i) data protection and privacy laws; (ii) employment, tax, immigration, benefits, and workers compensation laws; and (iii) international anti-corruption laws, such as the Foreign Corrupt Practices Act 15 U.S.C. § 78dd-1, et seq. and the United Kingdom Bribery Act. Vendor shall make no payments or transfers of anything of value which have the purpose or effect of public or commercial bribery, acceptance of or acquiescence in extortion, kickbacks, or other unlawful or improper means of obtaining business or any improper advantage. In addition, Vendor shall not transmit, directly or indirectly, any Confidential Information or any technical data received from or disclosed by the Company, nor the direct product thereof, outside the United States without Quickbase’s prior written consent and then only in accordance with all applicable export laws and regulations of the United States. Vendor agrees that it does not intend to nor will it, directly or indirectly, export or re-export any Confidential Information to anyone who Vendor knows or has reason to know will utilize it in the design, development or production of nuclear, chemical or biological weapons or to anyone who has been prohibited from participating in US export transactions by any federal agency of the US government. Vendor agrees to maintain a record of exports, re-exports, and transfers of any company materials during the term of this Agreement and for five (5) years thereafter and to forward within that period any required records to the Company or, at the Company’s request, the US government. Vendor agrees to permit Quickbase or the US government to conduct audits as required under appropriate regulations to ensure compliance with this provision.
24. No Lien.
Neither Vendor nor any of its subcontractors or other third parties used by Vendor for the performance of any of the Services will have any lien, claim or encumbrance upon any Quickbase property, and Vendor hereby waives, and will cause each of its subcontractors and any other third party used by Vendor for the performance of any of the Services to waive, any lien, claim or encumbrance upon any Quickbase property.
25. Survival.
Any term or condition which by its nature is clearly intended to survive the expiration or termination of this Agreement, shall survive any expiration or termination of this Agreement, including Confidentiality, Indemnification, Limitation of Liability, Records and Audit, Term, and Entire Agreement Sections.
26. Entire Agreement.
All references to “Purchasing Document” include these Terms. A Purchasing Document constitutes the entire agreement between the parties with respect to its subject matter, supersedes all prior agreements, whether written or oral, and supersedes and merges all prior discussions between Quickbase and Vendor. A Purchasing Document may contain additional terms so long as they do not conflict with these Terms. These Terms shall prevail over any conflicting terms of a Purchasing Document, unless the conflicting terms are in a Purchasing Document signed by Quickbase and Vendor and labeled as “Modified Terms”. Any terms, conditions or provisions of any Vendor quotation, confirmation, order acknowledgement, invoice, or other commercial document sent to Quickbase are hereby rejected, and shall not constitute additional or modified terms. Purchasing Documents shall be construed according to their fair meaning and as if prepared by both parties. A Purchasing Document may be amended by a written document executed by both parties. A purchase order issued by Quickbase may also be amended through the issuance by Quickbase of a revised purchase order. The headings contained in these Terms have been inserted for convenience of reference only and are not intended to define, limit or affect scope or intent. If a provision of a Purchasing Document is held to be invalid, illegal or otherwise unenforceable, the remaining provisions shall be unimpaired, and it shall be replaced with a provision which comes closest to the intention of the parties. No failure or delay by either party in exercising any right under a Purchasing Document shall constitute a waiver. Any waiver must be in writing executed by Quickbase and Vendor and shall not be deemed a waiver of any future breach. The remedies provided in a Purchasing Document are in addition to any other remedies of a party at law or in equity.
27. Force Majeure.
Neither party shall be liable for any default or delay in the performance of its responsibilities under a Purchasing Document if and to the extent such default or delay is caused, directly or indirectly, by fire, flood, earthquake, elements of nature or acts of God, riots, strikes, civil disorders, quarantine restrictions, epidemics, pandemics, or any other cause beyond the reasonable control of such party (“Force Majeure”). The time for performance for the non-defaulting party under the Purchasing Document will be extended as necessary, without penalty or liability to such party, for the same period of time as the delay. However, if it appears that the Force Majeure will result in a delay in Vendor’s performance of more than thirty (30) days, Quickbase may, at its option, terminate the Purchasing Document, without liability, immediately by written notice to Vendor.
28. Notices.
All notices, permissions and approvals under a Purchasing Document shall be in writing and shall be effective upon: (i) personal delivery, (ii) the third business day after mailing, (iii) the second business day after sending by recognized overnight courier, or (iv) the first business day after sending by email. Notices of breach, termination or an indemnifiable claim may not be made by email. Notices to Quickbase shall be addressed to:
Address: Quickbase, Inc., Attn: General Counsel, 290 Congress St, Boston, MA 02210
Email: [email protected]
29. Assignment.
Vendor may not assign any of its rights or obligations under a Purchasing Document, whether by operation of law or otherwise, without the prior written consent of Quickbase, except that Vendor may assign a Purchasing Document, in its entirety, in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of Quickbase. Quickbase may freely assign a Purchasing Document.
30. Governing Law and Venue; Disputes.
Each Purchasing Document shall be governed by the laws of the Commonwealth of Massachusetts, without regard to its principles of conflicts of laws. The parties agree to submit all disputes to the state or federal courts located in Suffolk County, Massachusetts and agree to submit to the jurisdiction of such courts. Each party irrevocably waives its right to contest the jurisdiction of such courts and waives its right to a jury trial.
31. Anti-discrimination Statement.
Quickbase is committed to supporting organizations, projects and programs that do not discriminate on the basis of race, creed, color, ethnicity, national origin, religion, sex, sexual orientation, gender identity and expression, age, height, weight, physical or mental ability (including HIV status), veteran status, military obligations, marital status, or any other legally protected characteristics. Quickbase will not knowingly partner with vendors or suppliers or provide philanthropic funding to organizations that discriminate in their hiring or volunteer or client acceptance practices.
Privacy and Security Exhibits.
- I. Privacy and Security Exhibit for SaaS and Data Processors
- II. Privacy and Security Exhibit for Professional Services
I. Privacy and Security Exhibit for SaaS and Data Processors
1. Introduction
This Quickbase Privacy and Security Exhibit (“Exhibit”) governs the manner in which specified Quickbase corporate and customer-related information shall be handled or processed by Company.
2. Definitions
“Affiliate Companies” shall mean any companies controlling, being controlled by, or under common control with another company.
“Company” shall mean the party entering into an agreement with Quickbase, under this Exhibit which has been incorporated by reference, as well as all Affiliate Companies of said Company.
“Confidential Information” shall mean Information which (i) is proprietary to, about, or created by a specific person or company; (ii) gives the specified person or company some competitive business advantage or the opportunity of obtaining such advantage, or the disclosure of which could be detrimental to the interests of the specified person or company; (iii) is designated as Confidential Information by the specified person or company, or from all the relevant circumstances should reasonably be assumed by the receiving party to be confidential and proprietary to the specified person or company.
“Individual” shall mean, unless otherwise indicated, any natural person.
“Quickbase” shall mean Quickbase Inc. and its Affiliate Companies.
“Quickbase Confidential Information” shall mean Quickbase Personal Information and Confidential Information pertaining to Quickbase.
“Quickbase Personal Information” shall mean Personal Information received or collected by Quickbase or Company pertaining to Quickbase’s current, former, or potential customers and Personal information pertaining to Quickbase staff members, subcontractors, or other agents.
“Personal Information” (“PI”) shall mean any factual or subjective information that pertains to an individual about an identifiable person. PI can include, but is not limited to: name, address, phone number, fax number, email address, financial profile, medical information or profile, tax return information as defined under IRC 7216, taxpayer identification number or other governmental identifier, credit card information, personal profile, age, income, credit information, unique identifier, biometric information, and IP address. For the purposes of this Exhibit, information about an individual in the business context is considered Personal Information. For example, business contact information is considered Personal Information.
3. Data Handling and Access
a) Quickbase maintains internal privacy policies that govern how Quickbase and its third parties manage Quickbase Personal Information. These policies follow U.S. Dept. of Commerce Safe Harbor principles. Company shall apply each of these Safe Harbor principles as applicable if and when handling Quickbase Personal Information:
i) Notice – Offer clear, conspicuous notice before collection of Quickbase Personal Information from any individual.
ii) Choice – Provide individuals choice regarding additional uses of Quickbase Personal Information, including but not limited to marketing-related uses; and before sharing QuickBbse Personal Information with other third parties not acting as agent.
iii) Security – Provide adequate protections against unauthorized access and exposure of Personal Information, commensurate with the sensitivity of the Personal Information.
iv) Data Integrity – Take reasonable steps to ensure that Personal Information is relevant, reliable for its intended use, accurate, complete, and current.
v) Access – Take reasonable measures to provide individuals the ability to view, and in some cases, amend or correct, their Personal Information.
- Enforcement – Provide specific mechanisms for ensuring compliance with these principles, including recourse, and consequences for non-compliance.
b) Company shall comply with the terms of this Exhibit, the applicable Quickbase Privacy Statement(s), and all applicable laws, policies, rules and regulations relating to the collection or use of Quickbase Personal Information. Company agrees to impose and enforce compliance of this Exhibit on all its employees, contractors, and other third party service providers with access to Quickbase Personal Information.
c) Company shall document in writing Confidential Information handling procedures designed to implement technical and organization measures to protect Quickbase Confidential Information as required by the applicable Privacy Statement, laws, and this Exhibit. Company will train employees/contractors/vendors on and implement said procedures in a way that produces the same degree of care as is used with its own Personal Information and Confidential Information, but never less than a reasonable degree of care, to prevent the unauthorized collection, use, sharing, retention/destruction, and other inappropriate or prohibited Confidential Information handling practices.
d) Company and its authorized agents and vendors shall never sell, rent, or lease Quickbase Confidential Information to any individual, organization, or third party.
e) Access to Quickbase Confidential Information stored on Company’s systems and with Company’s third party providers must not be granted to members of Company’s staff, subcontractors, or other agents, unless the following conditions are met:
i) The staff member, subcontractor, or other agent has a need to view the information in order to perform authorized work;
ii) The staff member, subcontractor, or other agent is trained in the proper handling of Quickbase Confidential Information;
iii) The staff member, subcontractor, or other agent is subject to an obligation to handle Quickbase Confidential Information in ways at least as restrictive as those practices outlined in this Exhibit;
iv) The staff member, subcontractor, or other agent requesting the access can be uniquely identified (e.g., by a unique User ID);
v) The staff member, subcontractor, or other agent requesting the access has entered a correct password or other authorizing token to indicate that he/she is the authorized user of the Quickbase account. If passwords are the only method used for authentication, they must satisfy certain minimal standards mutually agreeable to Quickbase and Company (e.g., eight characters minimum length, required use of special- and/or mixed-case characters, no words that could be found in a dictionary, and required to be changed every ninety (90) days) that make them sufficiently robust to effectively resist both educated guessing and brute-force attacks.
vi) In all cases, access permissions must be established in a manner that allows only for the minimum access level(s) required for each staff member, subcontractor, or other agent to perform his or her job function. The ability to read, write, modify or delete Quickbase Confidential Information must be limited to those individuals who are specifically authorized to perform those data maintenance functions.
vii) The date, time, requestor, and nature of the access (i.e., read-only or modify) has been recorded in a log file.
f) Quickbase Confidential Information stored on Company’s systems must be stored behind firewalls with access to such data limited as described in the preceding requirement.
g) Passwords used by Quickbase’s Customers are not required to conform to the password standard described above; however, Company must ensure that Customers do not have access to Confidential Information other than that which pertains to them.
h) Company must always encrypt the following Quickbase Confidential Information when it is stored on Company's systems:
- Account numbers
- Credit Card Information
- Background check information
- Beneficiary information
- Government Issued Identifying Number (e.g. Driver’s license number, Social Security Number)
- Encryption keys
- Passwords
- Tax return information
i) In addition, Company must encrypt all Personal Information stored on laptops or other portable devices.
j) At a minimum, financial services industry-standard encryption techniques must be employed to safeguard such Information in Company's systems from retrieval by unauthorized persons. Company shall adopt best industry practices where appropriate. Whenever possible, message digest algorithms such as SHA-256 shall be used to hash and verify the user's password, and “salt” shall be added to the input string prior to encoding to ensure that the same password text chosen by different users will yield different encodings.
k) Procedures must be in place to modify or revoke access permissions to Confidential Information when staff members leave Company or when their job responsibilities change.
l) Printed material that contains Quickbase Confidential Information must be stored in secured areas to which access is limited to those staff members who have a business need to access it. It must also be disposed of in a secure manner. At a minimum, financial services industry-standard protections must be employed to ensure the secure storage and destruction of printed Confidential Information. Whenever possible, secure disposal alternatives such as on-site shredding prior to recycling or placement in publicly-accessible trash bins with subsequent off-site shredding by a licensed contractor shall be implemented.
m) Company shall under no circumstances collect, access, use, store, destroy, reproduce, disclose, or otherwise handle or process Quickbase Confidential Information other than as specifically authorized by this Exhibit or the Agreement which this Exhibit is incorporated. Should Company become legally obligated to handle Quickbase Confidential Information other than as permitted by this Exhibit or the associated agreement, it shall, unless legally prohibited from doing so, first provide notice to Quickbase.
4. Transmission of Confidential Information
a) Except as restricted by law, Company must not electronically transmit Quickbase Confidential Information over publicly-accessible networks without using 128-bit encryption in transit (TLS) or another mechanism that affords similar or greater security and confidentiality.
b) Confidential Information must never be passed in a URL (e.g., using a GET method) in a manner that potentially exposes the information to third parties and causes such information to appear in log files.
c) Company shall only send Quickbase Confidential Information in an email message over publicly-accessible networks if one of the following conditions is met
i) The email message is between representatives of Company and representatives of Quickbase.
ii) The email is encrypted using a previously-approved encryption mechanism or is otherwise made secure with an approach that has been mutually agreed upon in advance by Quickbase and Company.
5. Maintaining a Secure Environment
a) To protect the accuracy and integrity of Quickbase Confidential Information, all such data must be backed up regularly (no less often than weekly unless otherwise stipulated in this agreement), and the backups stored in secure, environmentally-controlled, limited-access facilities.
b) Company must run internal and external network vulnerability scans at least monthly and after any change in the network configuration (e.g., new system component installations, changes in network topology, firewall rule modifications, or product upgrades).
c) Company must promptly install any security-related fixes identified by its hardware or software vendors, if the security threat being addressed by the fix is one that threatens the privacy or integrity of any Confidential Information covered by this Exhibit. Such upgrades must be made as soon as they can safely be installed and integrated into Company’s existing architecture and systems.
d) Quickbase may, from time to time, advise Company of recent security threats that have come to its attention, and require Company to implement specific modifications to its software, policies, or procedures that may be necessary to counter these threats. Company must implement these modifications within a mutually-agreeable time, or must obtain written permission from Quickbase to take some other course of action to ensure that the privacy and integrity of any Confidential Information is preserved.
e) Notwithstanding the minimum standards set forth in this Exhibit, Company should monitor and periodically incorporate reasonable industry-standard security safeguards.
6. Reviews, Audits and Remedies
a) Company shall maintain records to demonstrate its compliance with the terms of this Exhibit and shall permit Quickbase, or a third party chosen by Quickbase and reasonably acceptable to Company, to audit Company’s books, records, facilities, computer systems, and practices relating to its obligations under this Exhibit upon reasonable notice and during regular business hours, and at Quickbase’s expense, at the locations where such records and data are maintained, for purposes of verifying Company’s compliance. Notwithstanding the foregoing, if Quickbase in good faith believes that a threat to security exists that could affect Confidential Information, Company must provide Quickbase or its agent access to its premises immediately upon request by Quickbase.
b) Quickbase may inspect or employ third parties to conduct studies of Company’s operational processes, systems, vulnerability scan results and computer network security relating to the collection, transmission, and storage of Quickbase Confidential Information. Quickbase agrees to coordinate the scheduling of any such study with Company to minimize disruption to Company’s business. Company agrees to cooperate with Quickbase to commence such a study within thirty (30) days from Company’s receipt of written notice of Quickbase’s intent to conduct, or to employ a third party to conduct, such a study. At Company’s request, Quickbase will require any third party it employs to conduct such a study, to sign a non-disclosure agreement and agree not to disclose any Confidential Information. Quickbase will make the results of any such study available to Company and, depending on the seriousness of any problems found, may require Company to remedy any and all such deficiencies in a timely fashion. Costs of such audits shall be borne by Quickbase, unless Company is deemed, as a result of such an audit, to be in material non-conformity with the Agreement or this Exhibit.
c) Notwithstanding any time-to-cure provision in this Agreement to the contrary, it shall be completely within Quickbase’s discretion to require correction of any demonstrated security-related problem within a shorter period of time. Quickbase shall provide written notice of the problem to Company, and Company must immediately take appropriate steps to correct the problem. If Company fails to correct any demonstrated security problem within a commercially-reasonable time, considering the work that must be completed to address the problem and resulting in the material disclosure or threatened disclosure of Quickbase’s Confidential Information, Quickbase may instruct Company to take such interim measures as necessary to protect Quickbase’s Confidential Information. If Company fails or refuses to take those interim and/or permanent measures which are necessary to prevent the material disclosure of Quickbase’s Confidential Information within a commercially-reasonable time, Quickbase may terminate any and all affected agreements between Quickbase and Company for cause.
7. Termination Obligations
After the expiration or termination of the Agreement, Company shall destroy all Quickbase Confidential Information in a manner that renders such information unrecoverable and certify that it has complied with the foregoing in writing.
8. Compliance with Applicable Laws and Regulations
a) In addition to any compliance requirements provided in the Agreement, Company will at all times be in compliance with and shall not violate any applicable privacy and security related international, national, state and local statutes, laws, rules or regulations.
b) In addition to the general requirement stated above, Company understands that if Personal Information includes sensitive tax return information subject to IRS regulations (including sections 6713 and 7216) governing its use and disclosure, the penalties for unauthorized disclosure or use of such tax return information under IRC 6713 and 7216 can result in criminal prosecution, imprisonment and the assessment of monetary fines. Company shall access such Personal Information only to provide the services specifically authorized by this Exhibit or the Agreement to which this Exhibit is incorporated, and shall not disclose it to any third persons. Additionally, Company shall notify, and hereby represents and warrants that it has notified, in writing any of its employees who may have access to such Personal Information of the applicability of sections IRC Sections 6713 and 7216 including a description of the requirements and penalties of those sections.
9. Changes to Requirements
Quickbase may amend this Exhibit from time to time as may be required by law or otherwise. If Company is not willing or is unable to meet the updated requirements of such amendments, Quickbase may terminate the Agreement under which this Exhibit is incorporated upon thirty (30) days written notice.
10. Notifications
a) As soon as commercially reasonable, Company must notify Quickbase (a) if it knows or suspects that Quickbase Confidential Information has been compromised, disclosed to unauthorized persons, or used in an unauthorized manner, (b) if there have been any complaints about Company’s information and collection practices as they relate to Quickbase Confidential Information, or (c) if there has been any meaningful or substantial deviation from the requirements contained in the Agreement or this Exhibit.
b) Company agrees that Quickbase shall have the right to participate in the investigation, response and/or correction of any of the above. In addition, unless otherwise required by law, Quickbase shall have the right to control and direct any public communication, including but not limited to communication with Quickbase customers, regarding the same.
c) Additionally, Company must immediately notify the Quickbase Internet Operations Center (“IOC”) of any relevant, urgent security issues identified by Company, including, but not limited to, ongoing denial of service attacks, actively exploited vulnerabilities, and ongoing exposure of Quickbase Confidential Information.
11. Contact Information
a) Company agrees to designate a single point of contact as its Privacy and Security Coordinator. This Privacy and Security Coordinator will (i) maintain responsibility for applying adequate protections to Quickbase Confidential Information, (ii) oversee application of Company compliance with the requirements of this Exhibit, and (iii) serve as a single point of contact for internal communications and communications with Quickbase pertaining to this Exhibit and compliance with or any breaches thereof.
b) Additionally, both Quickbase and the Company shall designate a single point of contact for urgent security issues (a “Security SPOC”) and provide contact information for such Security SPOC. Both parties agree that either the Security SPOC will be available at all times (“24/7/365”).
Quickbase Security SPOC | |
II. Privacy and Security Exhibit for Professional Services
QUICKBASE NETWORK AND COMPUTER USE
This Exhibit (“Exhibit”), is hereby incorporated by reference into the Agreement by and between Quickbase, Inc. (herein “Quickbase”) and the Vendor as defined in the Agreement.
Capitalized terms used in this Exhibit have the meaning assigned in the Agreement unless otherwise defined herein. The terms of this Exhibit supersede any conflicting terms of the Agreement.
This Exhibit establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this Exhibit are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.
Vendor acknowledges that Quickbase is providing access and use of Quickbase’s and its third parties’ hardware, software, computer systems and networking components (“Quickbase Network and Computer Systems”). In furtherance thereof, Vendor agrees that its use (and the use by its employees, consultants and agent) of the Quickbase Network and Computer Systems shall be qualified and restricted as follows:
Access to the Quickbase Network and Computer Systems has been provided for purposes related to the business of Quickbase. Any other use of the Quickbase Network and Computer Systems is strictly prohibited.
Access will be given to certain designated areas and services of the Quickbase Network and Computer Systems. Vendor will restrict use of the Quickbase Network and Computer Systems to such designated areas. Vendor will not attempt to access areas of the Quickbase Network and Computer Systems other than those areas to which Vendor has been specifically granted access by Quickbase.
Quickbase may monitor activities of Vendor and audit its use of the Quickbase Network and Computer Systems and that such monitoring by Quickbase may occur without Vendor’s knowledge. By accessing the Quickbase Network, you consent to access by authorized Quickbase representatives (including managers) to your electronic files, including Internet usage records and email, to monitor, for example, compliance with applicable regulations and Quickbase policies.
Vendor is responsible for its use of the Quickbase Network and Computer Systems and will maintain the secrecy and security of any and all accounts, access privileges, and passwords issued and further agrees to use reasonable efforts to prevent others from using such accounts, access privileges and passwords.
Vendor will have access to certain software owned by Quickbase or its third party licensors. Vendor will not make copies or derivative works of such software or decompile any source code relating thereto without the explicit permission of Quickbase or its license.