Cyber Subscription Renewals and Integrations Addendum
Motorola Solutions Inc. ("Motorola") and the customer named in this Agreement ("Customer") hereby agree as follows:
Section 1. APPLICABILITY
1.1 This Addendum sets out additional and superseding terms applicable to Customer’s purchase of cyber security services, including Remote Security Update Service, Security Update Service, and Managed Detection & Response subscription services, among other subscription services, (ii) professional services, and/or (iii) retainer services (i.e., professional services when expressly purchased as a block of pre-paid hours for use, subject to expiration, within a specified period across certain offered service categories (“Retainer Services”) (all collectively herein, “Services”).
Section 2. ADDITIONAL DEFINITIONS AND INTERPRETATION
2.1. “Customer Contact Data” means data Motorola collects from Customer, its Authorized Users, and their end users for business contact purposes, including marketing, advertising, licensing and sales purposes.
2.2 “Customer Data” means Customer data, information, and content, provided by, through, or on behalf of Customer, its Authorized Users, and their end users through the use of the Services. Customer Data does not include Customer Contact Data, Service Use Data, or information from publicly available sources or other Third-Party Data or Motorola Data or anonymized or generalized data. For avoidance of doubt, so long as not specifically identifying the Customer, Customer Data shall not include, and Motorola shall be free to use, share and leverage security threat intelligence and mitigation data generally, including without limitation, third-party threat vectors and IP addresses, file hash information, domain names, malware signatures and information, information obtained from third-party sources, indicators of compromise, and tactics, techniques, and procedures used, learned or developed in the course of providing Services.
2.3 “Feedback” means comments or information, in oral or written form, given to Motorola by Customer or Authorized Users, including their end users, in connection with or relating to the Services. Any Feedback provided by Customer is entirely voluntary. Motorola may use, reproduce, license, and otherwise distribute and exploit the Feedback without any obligation or payment to Customer or Authorized Users. Customer represents and warrants that it has obtained all necessary rights and consents to grant Motorola the foregoing rights.
2.4 “Motorola Data” means data owned or licensed by Motorola.
2.5 “Process” or “Processing” means any operation or set of operations which is performed on personal information or on sets of personal information, whether or not by automated means, such as collection, recording, copying, analyzing, caching, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.6 “Service Use Data” means data generated by Customer’s use of the Services or by Motorola’s support of the Services, including personal information, threat data, security threat intelligence and mitigation data, vulnerability data, threat scenarios, malicious and third-party IP information, malware, location, monitoring and recording activity, product performance and error information, threat signatures, activity logs and date and time of use.
2.7 “Third-Party Data” means information obtained by Motorola from publicly available sources or its third-party content providers and made available to Customer through the products or Services.
Section 3. LICENSE, DATA AND SERVICE CONDITIONS
3.1 Delivery of Cyber Services
3.1.2 Subscription Services. Delivery of subscription services will occur upon Customer’s receipt of credentials required for access to the Services or upon Motorola otherwise providing access to the Services platform.
3.1.3 To the extent Customer purchases equipment from Motorola (“Supplied Equipment''), title and risk of loss to the Supplied Equipment will pass to Customer upon installation (if applicable) or shipment by Motorola. Customer will take all necessary actions, reimburse freight or delivery charges, provide or obtain access and other rights needed and take other requested actions necessary for Motorola to efficiently perform its contractual duties. To the extent Supplied Equipment is purchased on an installment basis, any early termination of the installment period will cause the outstanding balance to become immediately due.
3.2 Motorola may use or provide Customer with access to software, tools, enhancements, updates, data, derivative works, and other materials which Motorola has developed or licensed from third parties (collectively, “Motorola Materials”). The Services, Motorola Data, Third-Party Data, and related documentation, are considered Motorola Materials. Notwithstanding the use of such materials in Services or deliverables, the Motorola Materials are the property of Motorola or its licensors, and Motorola or its licensors retain all right, title and interest in and to the Motorola Materials. Motorola grants Customer and Authorized Users a limited, non-transferable, non-sublicenseable, and non-exclusive license to use the Services and associated deliverables solely for Customer’s internal business purposes.
3.3 To the extent Customer is permitted to access, use, or integrate Customer or third-party software, services, content, or data that is not provided by Motorola (collectively, “Non-Motorola Content”) with or through the Services, or will use equipment or software not provided by Motorola, which may be required for use of the Services (“Customer-Provided Equipment”), Customer will obtain and continuously maintain all rights and licenses necessary for Motorola to efficiently perform all contemplated Services under this Addendum and will assume responsibility for operation and integration of such content and equipment.
3.4 Ownership of Customer Data. Customer retains all right, title and interest, including intellectual property rights, if any, in and to Customer Data. Motorola acquires no rights to Customer Data except those rights granted under this Addendum including the right to Process and use the Customer Data as set forth in Section 3.5 – Processing Customer Data, below. The Parties agree that with regard to the Processing of personal information which may be part of Customer Data, Customer is the controller and Motorola is the processor, and Motorola may engage sub-processors pursuant to Section 3.5.3 – Sub-processors and Third-Party Providers.
3.5 Processing Customer Data.
3.5.1. Motorola Use of Customer Data. To the extent permitted by law, Customer grants Motorola and its subcontractors a right to use Customer Data and a royalty-free, worldwide, non-exclusive license to use Customer Data (including to process, host, cache, store, reproduce, copy, modify, combine, analyze, create derivative works from such Customer Data and to communicate, transmit, and distribute such Customer Data to third parties engaged by Motorola) to (a) perform Services and provide products under the Addendum, (b) analyze the Customer Data to operate, maintain, manage, and improve Motorola products and services, and (c) create new products and services. Customer agrees that this Addendum, along with any related documentation, are Customer’s complete and final documented instructions to Motorola for the processing of Customer Data. Any additional or alternate instructions must be agreed to according to the change order process. Customer represents and warrants to Motorola that Customer’s instructions, including appointment of Motorola as a processor or sub-processor, have been authorized by the relevant controller.
3.5.2 Collection, Creation, Use of Customer Data. Customer further represents and warrants that the Customer Data, Customer’s collection, creation, and use of the Customer Data (including in connection with Motorola’s Services), and Motorola’s use of such Customer Data in accordance with the Addendum, will comply with all laws and will not violate any applicable privacy notices or infringe any third-party rights (including intellectual property and privacy rights). It is Customer’s responsibility to obtain all required consents, provide all necessary notices, and meet any other applicable legal requirements with respect to collection and use (including Motorola’s and third-party provider use) of the Customer Data as described in the Addendum or any applicable third-party agreements or EULAs.
3.5.3 Sub-processors and Third-Party Providers. Motorola may use, engage, resell, or otherwise interface with third-party software, hardware or services providers (such as, for example, third-party end point detection and response providers) and other sub-processors, who in turn may engage additional sub-processors to process personal data and other Customer Data. Customer agrees that such third-party software or services providers, sub-processors or their respective sub-processors may process and use personal and other Customer Data in accordance with and subject to their own respective licenses or terms and in accordance with applicable law. Customer authorizes and will provide and obtain all required notices and consents, if any, and comply with other applicable legal requirements, if any, with respect to such collection and use of personal data and other Customer Data by Motorola, and its subcontractors, sub-processors and/or third-party software, hardware or services providers. Notwithstanding any provision to the contrary, to the extent the use or performance of certain Services is governed by any separate license, data requirement, EULA, privacy statement, or other applicable agreement, including terms governing third-party software, hardware or services, including open source software, Customer will comply, and ensure its Authorized Users comply, with any such agreements or terms, which shall govern any such Services.
3.5.4 Notwithstanding any provision to the contrary in this Addendum or any related agreement, and in addition to other uses and rights set out herein, Customer understands and agrees that Motorola may obtain, use and/or create and use, anonymized, aggregated and/or generalized Customer Data, such as data relating to actual and potential security threats and vulnerabilities, for its lawful business purposes, including improving its services and sharing and leveraging such information for the benefit of Customer, other customers, and other interested parties.
3.6 Service Use Data. Customer understands and agrees that Motorola may collect and use Service Use Data for its own purposes, including the uses described below. Motorola may use Service Use Data to (a) operate, maintain, manage, improve existing and create new products and services, (b) test products and services, (c) to aggregate Service Use Data and combine it with that of other users, and (d) to use anonymized or aggregated data for marketing, research or other business purposes. Service Use Data may be disclosed to third parties. It is Customer’s responsibility to notify Authorized Users of Motorola’s collection and use of Service Use Data and to obtain any required consents, provide all necessary notices, and meet any other applicable legal requirements with respect to such collection and use, and Customer represents and warrants to Motorola that it has complied and will continue to comply with this Section.
3.7. Data Retention and Deletion. Except as expressly provided otherwise, Motorola will delete all Customer Data following termination or expiration of this Addendum, with such deletion to occur no later than ninety (90) days following the applicable date of termination or expiration, unless otherwise required to comply with applicable law. Any requests for the exportation or download of Customer Data must be made by Customer to Motorola in writing before expiration or termination of this Addendum. Motorola will have no obligation to retain such Customer Data beyond expiration or termination unless the Customer has purchased extended storage from Motorola through a mutually executed agreement.
3.8. Third-Party Data and Motorola Data. Motorola Data and Third-Party Data may be available to Customer through the Services. Customer will not, and will ensure its Authorized Users will not: (a) use the Motorola Data or Third-Party Data for any purpose other than Customer’s internal business purposes; (b) disclose the data to third parties; (c) “white label” such data or otherwise misrepresent its source or ownership, or resell, distribute, sublicense, or commercially exploit the data in any manner; (d) use such data in violation of applicable laws; (e) remove, obscure, alter, or falsify any marks or proprietary rights notices indicating the source, origin, or ownership of the data; or (f) modify such data or combine it with Customer Data or other data or use the data to build databases. Any rights granted to Customer or Authorized Users with respect to Motorola Data or Third-Party Data will immediately terminate upon termination or expiration of this Addendum. Further, Motorola or the applicable Third-Party Data provider may suspend, change, or terminate Customer’s or any Authorized User’s access to Motorola Data or Third-Party Data if Motorola or such Third-Party Data provider believes Customer’s or the Authorized User’s use of the data violates the Addendum, applicable law or Motorola’s agreement with the applicable Third-Party Data provider. Upon termination of Customer’s rights to use any Motorola Data or Third-Party Data, Customer and all Authorized Users will immediately discontinue use of such data, delete all copies of such data, and certify such deletion to Motorola. Notwithstanding any provision of this Addendum and the Primary Agreement to the contrary, Motorola will have no liability for Third-Party Data or Motorola Data available through the Services. Motorola and its Third-Party Data providers reserve all rights in and to Motorola Data and Third-Party Data.
3.9 Customer will ensure its employees and Authorized Users comply with the terms of this Addendum and will be liable for all acts and omissions of its employees and Authorized Users. Customer is responsible for the secure management of Authorized Users’ names, passwords and login credentials for access to products and Services. “Authorized Users” are Customer’s employees, full-time contractors engaged for the purpose of supporting the products and Services that are not competitors of Motorola or its affiliates, and the entities (if any) specified in a SOW or otherwise approved by Motorola in writing (email from an authorized Motorola signatory accepted), which may include affiliates or other Customer agencies.
3.10 Motorola as a Controller or Joint Controller. In all instances where Motorola acts as a controller of data, it will comply with the applicable provisions of the Motorola Privacy Statement at https://www.motorolasolutions.com/en_us/about/privacy-policy.html#privacystatement, as may be updated from time to time. Motorola holds all Customer Contact Data as a controller and shall Process such Customer Contact Data in accordance with the Motorola Privacy Statement. In instances where Motorola is acting as a joint controller with Customer, the Parties will enter into a separate addendum to allocate the respective roles as joint controllers.
Section 4. WARRANTY
4.1 CUSTOMER ACKNOWLEDGES, UNDERSTANDS AND AGREES THAT MOTOROLA DOES NOT GUARANTEE OR WARRANT THAT IT WILL DISCOVER ALL OF CUSTOMER’S SECURITY EVENTS (SUCH EVENTS INCLUDING THE UNAUTHORIZED ACCESS, ACQUISITION, USE, DISCLOSURE, MODIFICATION OR DESTRUCTION OF CUSTOMER DATA), THREATS, OR SYSTEM VULNERABILITIES. MOTOROLA DISCLAIMS ANY AND ALL RESPONSIBILITY FOR ANY AND ALL LOSS OR COSTS OF ANY KIND ASSOCIATED WITH SECURITY EVENTS, THREATS OR VULNERABILITIES WHETHER OR NOT DISCOVERED BY MOTOROLA. MOTOROLA DISCLAIMS ANY RESPONSIBILITY FOR CUSTOMER’S USE OR IMPLEMENTATION OF ANY RECOMMENDATIONS PROVIDED IN CONNECTION WITH THE SERVICES. IMPLEMENTATION OF RECOMMENDATIONS DOES NOT ENSURE OR GUARANTEE THE SECURITY OF THE SYSTEMS AND OPERATIONS EVALUATED. CUSTOMER SHALL BE RESPONSIBLE TO TAKE SUCH ACTIONS NECESSARY TO MITIGATE RISKS TO ITS OPERATIONS AND PROTECT AND PRESERVE ITS COMPUTER SYSTEMS AND DATA, INCLUDING CREATION OF OPERATIONAL WORKAROUNDS, BACKUPS AND REDUNDANCIES.
4.2 Customer acknowledges, understands and agrees that the Services and products or equipment provided by or used by Motorola to facilitate performance of the Services may impact or disrupt information systems. Motorola disclaims responsibility for costs in connection with any such disruptions of and/or damage to Customer’s or a third party’s information systems, equipment, voice transmissions, data and Customer Data, including, but not limited to, denial of access to a legitimate system user, automatic shut-down of information systems caused by intrusion detection software or hardware, or failure of the information system resulting from the provision or delivery of the Service.
4.3. Motorola warrants that Supplied Equipment, under normal use and service, will be free from material defects in materials and workmanship for one (1) year from the date of shipment, subject to Customer providing written notice to Motorola within that period. AS IT RELATES TO THE SUPPLIED EQUIPMENT, MOTOROLA DISCLAIMS ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.
4.4 Pass-Through Warranties. Notwithstanding any provision of this Addendum or any related agreement to the contrary, Motorola will have no liability for third-party software, hardware or services resold or otherwise provided by Motorola; provided, however, that to the extent offered by third-party software, hardware or services providers and to the extent permitted by law, Motorola will pass through express warranties provided by such third parties.
Section 5. LIMITATION OF LIABILITY
5.1. DISCLAIMER OF CONSEQUENTIAL DAMAGES. EXCEPT FOR PERSONAL INJURY OR DEATH, MOTOROLA, ITS AFFILIATES, AND ITS AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, SUBCONTRACTORS, AGENTS, SUCCESSORS, AND ASSIGNS (COLLECTIVELY, THE “MOTOROLA PARTIES”) WILL NOT BE LIABLE IN CONNECTION WITH THIS ADDENDUM (WHETHER UNDER MOTOROLA’S INDEMNITY OBLIGATIONS, A CAUSE OF ACTION FOR BREACH OF CONTRACT, UNDER TORT THEORY, OR OTHERWISE) FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES OR DAMAGES FOR LOST PROFITS OR REVENUES, EVEN IF MOTOROLA HAS BEEN ADVISED BY CUSTOMER OR ANY THIRD PARTY OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES AND WHETHER OR NOT SUCH DAMAGES OR LOSSES ARE FORESEEABLE.
5.2. DIRECT DAMAGES. EXCEPT FOR PERSONAL INJURY OR DEATH, THE TOTAL AGGREGATE LIABILITY OF THE MOTOROLA PARTIES, WHETHER BASED ON A CLAIM IN CONTRACT OR IN TORT, LAW OR EQUITY, RELATING TO OR ARISING OUT OF THIS ADDENDUM OR ANY RELATED OR UNDERLYING AGREEMENT, WILL NOT EXCEED THE FEES SET FORTH IN THE APPLICABLE SOW OR PRICING FOR THE CYBER SERVICES UNDER WHICH THE CLAIM AROSE. NOTWITHSTANDING THE FOREGOING, FOR ANY SUBSCRIPTION SERVICES OR FOR ANY RECURRING SERVICES, THE MOTOROLA PARTIES’ TOTAL LIABILITY FOR ALL CLAIMS RELATED TO SUCH PRODUCT OR SERVICES IN THE AGGREGATE WILL NOT EXCEED THE TOTAL FEES PAID FOR THE CYBER SERVICES TO WHICH THE CLAIM IS RELATED DURING THE CONSECUTIVE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT FROM WHICH THE FIRST CLAIM AROSE. FOR AVOIDANCE OF DOUBT, THE LIMITATIONS IN THIS SECTION 5.2 APPLY IN THE AGGREGATE TO INDEMNIFICATION OBLIGATIONS ARISING OUT OF THIS ADDENDUM OR ANY RELATED AGREEMENTS.
5.3. ADDITIONAL EXCLUSIONS. NOTWITHSTANDING ANY OTHER PROVISION OF THIS ADDENDUM, THE PRIMARY AGREEMENT OR ANY RELATED AGREEMENT, MOTOROLA WILL HAVE NO LIABILITY FOR DAMAGES ARISING OUT OF (A) CUSTOMER DATA, INCLUDING ITS TRANSMISSION TO MOTOROLA, OR ANY OTHER DATA AVAILABLE THROUGH THE PRODUCTS OR SERVICES; (B) CUSTOMER-PROVIDED EQUIPMENT, NON-MOTOROLA CONTENT, THE SITES, OR THIRD-PARTY EQUIPMENT, HARDWARE, SOFTWARE, SERVICES, DATA, OR OTHER THIRD-PARTY MATERIALS, OR THE COMBINATION OF PRODUCTS AND SERVICES WITH ANY OF THE FOREGOING; (C) LOSS OF DATA OR HACKING, RANSOMWARE, OR OTHER THIRD-PARTY ATTACKS OR DEMANDS; (D) MODIFICATION OF PRODUCTS OR SERVICES BY ANY PERSON OTHER THAN MOTOROLA; (E) RECOMMENDATIONS PROVIDED IN CONNECTION WITH OR BY THE PRODUCTS AND SERVICES; (F) DATA RECOVERY SERVICES OR DATABASE MODIFICATIONS; OR (G) CUSTOMER’S OR ANY AUTHORIZED USER’S BREACH OF THIS ADDENDUM, THE PRIMARY AGREEMENT OR ANY RELATED AGREEMENT OR MISUSE OF THE PRODUCTS AND SERVICES; (H) INTERRUPTION OR FAILURE OF CONNECTIVITY, VULNERABILITIES, OR SECURITY EVENTS; (I) DISRUPTION OF OR DAMAGE TO CUSTOMER’S OR THIRD PARTIES’ SYSTEMS, EQUIPMENT, OR DATA, INCLUDING DENIAL OF ACCESS TO USERS, OR SHUTDOWN OF SYSTEMS CAUSED BY INTRUSION DETECTION SOFTWARE OR HARDWARE; (J) AVAILABILITY OR ACCURACY OF ANY DATA AVAILABLE THROUGH THE SERVICES, OR INTERPRETATION, USE, OR MISUSE THEREOF; (K) TRACKING AND LOCATION-BASED SERVICES; OR (L) BETA SERVICES.
5.4. Voluntary Remedies. Motorola is not obligated to remedy, repair, replace, or refund the purchase price for the disclaimed issues in Section 5.3 – Additional Exclusions above, but if Motorola agrees to provide Services to help resolve such issues, Customer will reimburse Motorola for its reasonable time and expenses, including by paying Motorola any fees set forth in this Addendum or separate order for such Services, if applicable.
5.5. Representations and Standards. Except as expressly set out in this Addendum or the applicable Motorola proposal or statement of work relating to the cyber products or services, or applicable portion thereof, Motorola makes no representations as to the compliance of Motorola cyber products and services with any specific standards, specifications or terms. For avoidance of doubt, notwithstanding any related or underlying agreement or terms, conformance with any specific standards, specifications, or requirements, if any, as it relates to cyber products and services is only as expressly set out in the applicable Motorola SOW or proposal describing such cyber products or services or the applicable (i.e., cyber) portion thereof. Customer represents that it is authorized to engage Motorola to perform Services that may involve assessment, evaluation or monitoring of Motorola’s or its affiliate’s services, systems or products.
5.6. Wind Down of Services. In addition to any other termination rights, Motorola may terminate the Services, any SOW or subscription term, in whole or in part, in the event Motorola plans to cease offering the applicable Services to customers.
5.7. Third-Party Beneficiaries. The Addendum is entered into solely between, and may be enforced only by, the Parties. Each Party intends that the Addendum will not benefit, or create any right or cause of action in or on behalf of, any entity other than the Parties. Notwithstanding the foregoing, a licensor or supplier of third-party software, products or services included in the Services will be a direct and intended third-party beneficiary of this Addendum.