These terms of service, collectively, the "SaaS Terms of Service" or "ToS" apply to ALL THREE THINGS SaaS and other related Services, whether under an Order with All Three Things directly or through a All Three Things reseller unless otherwise agreed in writing by All Three Things for the Order. For Services purchased through a All Three Things reseller, All Three Things' obligations and Client's rights relating to Services shall be governed solely by these ToS and those Subscription Term details for the SaaS stated in the Order unless otherwise agreed in writing by All Three Things and Client for that Order. By clicking "Accept" or by accessing or using the Services, you, the "Client", agree to these ToS. If you are an individual accepting these ToS on behalf of an entity, the entity is the "Client" and you represent that you have the legal capacity and authority to enter, and you are entering, into this agreement on the Client's behalf. IF YOU DO NOT AGREE, DO NOT ACCESS OR USE THE SERVICES OR CLICK "ACCEPT".
(a) Access to SaaS. During the Subscription Term, Client and its Authorized Users may access and use the SaaS only for their use according to the applicable Order and not for resale.
(b) Use Restrictions.
(i) General. Client shall not use the SaaS for any purpose other than the access and use granted by the Order. Client shall not, and shall not permit any Authorized Users to (directly or indirectly, in whole or in part): (a) copy, modify, or create derivative works of any All Three Things IP; (b) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available All Three Things IP; (c) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any All Three Things IP; (d) remove any proprietary notices from All Three Things IP; (e) use the All Three Things IP or data derived from the All Three Things IP to create, train, or improve a similar or competing product or service; (f) use the SaaS in any manner or for any purpose that is fraudulent or which infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law including privacy laws, governmental order, or decree; (g) use the SaaS to try to gain unauthorized access to or to disrupt any service, data, device, account or network, to spam or distribute malware or in a way that could harm SaaS or others' use of the SaaS; or (h) allow multiple users to access any SaaS feature that is made available on a per user basis.
(ii) High-Risk Use. The SaaS is not designed to support situations where failure of the SaaS could lead to death or serious bodily injury of any person or to severe physical or environmental damage (High Risk Use). Client's High Risk Use of the SaaS is at its own risk. Client must design and implement appropriate measures so the safety of people, property, and the environment are not reduced below a general or specific industry level that is reasonable, appropriate, and lawful upon any interruption, defect, error or other failure of the SaaS.
(iii) Prohibited Uses. Client is solely responsible for compliance with and interpretation of all laws, regulations, and requirements impacting its business and its and its Authorized Users' use of the Services. Client and its Authorized Users must not use the Services for any purpose, or to process Client Data in a manner or for any purpose, prohibited by applicable law. Without limiting the restriction in the immediately preceding sentence, any facial recognition capabilities or functionality of the SaaS shall not be used by or for any US police departments.
(iv) Reservation of Rights. All Three Things reserves all rights not expressly granted to Client in the Order. Except for the limited rights and licenses expressly granted under the Order, nothing in the Order grants, by implication, waiver, estoppel, or otherwise, to Client, its Authorized Users or to any third party any intellectual property rights or other right, title, or interest in, or to, All Three Things IP.
(a) General. Client is responsible and liable for all uses of the Services and All Three Things IP resulting from access provided to Client and its Authorized Users, directly or indirectly, whether the access or use is permitted by, or contrary to, the Order. If All Three Things provides a master administrative credential to Client for the Services, Client shall issue access credentials to its Authorized Users. Client is responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of the Order if taken by Client will constitute a breach of the Order by Client. Client shall cause Authorized Users to comply with the terms of the Order.
(b) Adequate Rights. Client represents and warrants to All Three Things that: (i) Client or its licensors own all right, title, and interest in and to Client Data and Feedback; (ii) Client has rights in Client Data and Feedback sufficient to grant the rights contemplated by the Order; (iii) Client Data and Authorized Users' use of Client Data or the Services, or both, will not violate any terms applicable to the Services; and (iv) Client's instructions, including appointment of All Three Things as a processor or sub processor, have been authorized by the relevant controller.
(c) Tools. All Three Things may use and may provide software tools ("Tools") for installation in Client's and its Authorized Users' environment(s) during the Service Term so that All Three Things may deliver, and Client and the Authorized Users may receive, the Services. Client agrees these Tools are All Three Things Confidential Information and agrees to destroy or return the Tools to All Three Things when All Three Things' Services end.
(d) Third-Party Content. Third-Party Content is subject to its own terms and conditions and any applicable flow-through provisions and documents referenced or included in the Order. If Client does not agree to abide by the applicable terms for any Third-Party Content, then Client must not install or use the Third-Party Content and All Three Things will be relieved of any Service obligations that rely on that Third-Party Content. The Order does not add additional conditions or restrictions, or affect any rights or duties Client or its Authorized Users may have under an open source license to any copy of open source software All Three Things provides with the Services.
(a) Fees. If Client purchased the Services directly from All Three Things, All Three Things shall invoice Client the subscription fees for the SaaS per the terms agreed upon by the Client at the time the Order was placed. Client shall make all payments to All Three Things according to the Payment Term without offset or deduction. If Client fails to make any payment when due, without limiting All Three Things' other rights and remedies: (i) All Three Things may charge interest on the past due amount at the rate of up to 1.5% for each month calculated daily and compounded monthly or, if less, the highest rate permitted under applicable law; and (ii) Client shall reimburse All Three Things for all costs incurred by All Three Things to collect any late payments or interest, including attorneys' fees, court costs, and collection agency fees. If Client purchased the Services through a All Three Things reseller, Client shall pay the reseller the reseller's charges according to payment terms Client has agreed with the reseller. If All Three Things does not receive timely payment from Client (or All Three Things reseller if Client purchased through a reseller), without limiting All Three Things other rights and remedies, All Three Things may suspend or terminate the Services and Client's and its Authorized Users' access to the Services until All Three Things is paid provided that All Three Things shall first provide Client with at least ten (10) days written notice and an opportunity to pay All Three Things the applicable overdue All Three Things fees.
(b) Taxes. All fees and other amounts payable by Client to All Three Things are exclusive of taxes and similar assessments. Client is responsible for and shall pay any tax imposed on the fees and other amounts payable to All Three Things, including all sales, use, excise and any withholding taxes, value added, personal property, goods and services, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable to All Three Things by Client, other than any taxes imposed on All Three Things' net income.
Client or All Three Things (the "Discloser") may disclose or make available to the other (the "Receiver") information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form, that is marked, designated or otherwise identified as "confidential" (collectively, "Confidential Information"). Confidential Information does not include information that, at the time of disclosure is: (a) publicly available; (b) known to the Receiver at the time of disclosure; (c) rightfully obtained by the Receiver on a non-confidential basis from a third party; or (d) independently developed by the Receiver.
The Receiver shall not disclose the Discloser's Confidential Information to any person or entity, except to the Receiver's employees, agents, advisors, consultants, and others who are required by Receiver to protect the Confidential Information from unauthorized access, use, or distribution according to terms no less protective than this provision and who have a need-to-know or a need-to-use the Confidential Information for the Receiver to exercise its rights or perform its duties under these ToS.
The Receiver may disclose Confidential Information to the limited extent required (i) to comply with an order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided the Receiver shall first have given written notice to the Discloser, if permitted by applicable law, and made a reasonable effort to obtain a protective order; or (ii) to establish its rights, including making any required court filings.
Upon the end of the Services, the Receiver shall promptly return to the Discloser all copies, whether in written, electronic, or other form or media, of the Discloser's Confidential Information, or destroy all copies and certify in writing to the Discloser that the Discloser's Confidential Information has been destroyed. Receiver may retain in system archives and backups copies of the Discloser's Confidential Information that would be impractical to retrieve or are required by law and any copies that remain in systems archives and backups shall remain subject to this Confidential Information provision. Receiver's duties for Discloser's Confidential Information will end 5 years after receipt from the Discloser.
(a) All Three Things IP. As between Client and All Three Things, All Three Things owns all right, title, and interest, including all intellectual property rights, in and to the All Three Things IP. The applicable third-party providers own all right, title, and interest, including all intellectual property rights, in and to the Third Party Content.
(b) Client Data. As between All Three Things and Client, Client owns all right, title, and interest, including all intellectual property rights, in and to the Client Data. Client grants to All Three Things a non-exclusive, royalty-free, worldwide license to reproduce, distribute, and otherwise use and display the Client Data and perform all acts reasonably required for All Three Things to provide the Services to Client. Client grants to All Three Things a non exclusive, perpetual, irrevocable, royalty-free, worldwide license to reproduce, distribute, modify, and otherwise use and display Client Data incorporated within System and Usage Data. Client is the controller of any Personal Data that Client or its Authorized Users process with the Services. These ToS, including the terms of Attachment A, Data Privacy Addendum (the "DPA"), apply to the processing of the Personal Data by All Three Things for the Services as a processor or sub-processor and not as a controller.
(c) Feedback. Client or any of its Authorized Users, employees, contractors, and agents may send or transmit communications or materials to All Three Things by mail, email, telephone, or otherwise, suggesting or recommending changes to the SaaS, including without limitation, new features or functionality, or any comments, questions, or suggestions, ("Feedback"). All Three Things is free to use Feedback and Client hereby assigns to All Three Things on Client's behalf, and on behalf of its Authorized Users, employees, contractors and agents, all right, title, and interest in any ideas, know-how, concepts, techniques, or other intellectual property rights in the Feedback, for any purpose without any attribution or compensation. All Three Things is not required to use any Feedback.
THE SERVICES, SUBSCRIPTION CONTENTS AND ANY OTHER ALL THREE THINGS IP ARE PROVIDED "AS IS, WITH ALL FAULTS" AND ALL THREE THINGS DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. ALL THREE THINGS SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. ALL THREE THINGS MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES, SUBSCRIPTION CONTENTS, AND ANY OTHER ALL THREE THINGS IP OR RESULTS OF THE USE OF THE SERVICES SUBSCRIPTION CONTENTS, AND ALL THREE THINGS IP, WILL MEET CLIENT'S OR ANY OTHER PERSON'S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE.
(a) Client Indemnification. Client shall indemnify, hold harmless and, at All Three Things' option, defend All Three Things from and against any Losses resulting from any claim asserted against All Three Things, by any person or entity not related to All Three Things, that the Client Data, or any use of the Client Data according to the Order, (i) constitutes a breach by Client of its duties under any applicable privacy law or other law or the Order, or both; or (ii) infringes or misappropriates the claimant's intellectual property or other rights and (iii) any claims based on Client's or any Authorized User's (A) negligence or willful misconduct; (B) High Risk Uses, Prohibited Uses or other use of the Services or All Three Things IP in a manner not authorized by the Order, including any claims based in strict liability or that All Three Things or its suppliers were negligent in designing or providing the Service(s) to Client; (C) use of the All Three Things IP in combination with data, software, hardware, equipment or technology not provided by All Three Things or authorized by All Three Things in writing; or (D) modifications to the All Three Things IP not made by All Three Things, provided that Client may not settle any claim against All Three Things unless All Three Things consents to the settlement, and further provided that All Three Things may defend any claim or participate in the defense of the claim with counsel of its own choice.
IN NO EVENT WILL ALL THREE THINGS, ITS SUPPLIERS, SUBCONTRACTORS, OR RESELLERS BE LIABLE UNDER OR IN CONNECTION WITH THE SERVICES, ALL THREE THINGS IP OR THE ORDER, OR ANY COMBINATION OF THEM, UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (b) ANTICIPATED SAVINGS, INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (c) LOSS OF GOODWILL OR REPUTATION; (d) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (e) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE WHETHER ALL THREE THINGS, ITS SUPPLIERS, SUBCONTRACTORS, OR RESELLERS WERE ADVISED OF THE POSSIBILITY OF THE LOSSES OR DAMAGES OR THE LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. IN NO EVENT WILL THE AGGREGATE LIABILITY OF ALL THREE THINGS, ITS SUPPLIERS, SUBCONTRACTORS, AND RESELLERS ARISING OUT OF OR RELATED TO THE SERVICES, ALL THREE THINGS IP, OR THE ORDER, OR ANY COMBINATION OF THEM, UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED THE GREATER OF: THE AMOUNTS PAID TO ALL THREE THINGS FOR THE SERVICES IN THE 3-MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR $10,000.00 USD.
(a) Term. Non SaaS Services will start on a mutually agreed date following All Three Things acceptance of the Order and continue until the earlier of: (i) the date the non-SaaS Services are completed, (ii) the date specified in the Order, or (iii) the end of the related SaaS Subscription Term (the "non-SaaS Services Term"). The subscription for the SaaS will start on the "Start Date" in the Order and will continue for the "Initial Term" in the Order. If the Order does not include a Start Date then the subscription will start when Client clicks "ACCEPT," "AGREED," or All Three Things first makes any subscription credentials or the SaaS available to Client for access and use. If the Order does not include an Initial Term then the Initial Term for the SaaS will be One (1) month. The subscription will end upon the expiration of the Initial Term.
(b) Termination. In addition to any other termination right in the Order:
(i) All Three Things may suspend or cancel the Services, effective on written notice to Client, if Client: (A) fails to pay any amount when due and the failure continues more than 5 days after All Three Things' delivery of written notice; or (B) breaches any of its duties under Section 1(b), Use Restrictions, or Section 4, Confidential Information;
(ii) either Client or All Three Things may cancel the Services effective on written notice to the other party, if the other party materially breaches the Order, and the breach: (A) is incapable of cure; or (B) being capable of cure, remains uncured 30 days after the other party receives written notice of the breach; or
(iii) to the extent permitted by applicable law, either Client or All Three Things may terminate the Services and access to and use of other All Three Things IP, effective upon written notice to the other party, if the other party: (A) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (B) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (C) makes or seeks to make a general assignment for the benefit of its creditors; or (D) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or to sell any material portion of its property or business.
(c) Effect of Expiration, Termination, or Cancellation. To the extent All Three Things embeds All Three Things IP in a non-SaaS Services report or other tangible deliverable required to be delivered to Client under an Order and subject to All Three Things receipt of payment of any fees for the non-SaaS Services, All Three Things grants Client a personal, non-exclusive and non-transferable license to use and copy the All Three Things IP solely as part of the deliverable for its internal use; provided that any All Three Things IP that is a modification, customization or enhancement to separately licensed software is licensed on the same terms as the underlying software. When SaaS Services end, Client's and its Authorized Users' access to and use of any related All Three Things IP will also end. Upon the end of the SaaS Service, Client shall discontinue use of the related All Three Things IP (other than that All Three Things IP that may be separately licensed to Client) and, without limiting Client's duties under Section 4, Confidential Information, Client shall delete, destroy, or return all copies of the All Three Things IP and certify in writing to All Three Things that the All Three Things IP has been deleted or destroyed. Client's duty to pay all fees that may have become due to All Three Things before the end of the Services shall survive. Except as expressly provided in the Order, Client is not entitled to receive and All Three Things is not obligated to provide any refunds.
(d) Survival. Upon the end of the Services, the rights and obligations of Client and All Three Things, which by their nature, context, intent, and meaning would reasonably be expected to survive shall survive. Without limiting the immediately preceding sentence, Client and All Three Things agree the following provisions survive the end of the Services: this Section 9(d), Survival, Definitions, Section 3, Fees and Payment, Section 4, Confidential Information, Section 5, Ownership and Feedback, Section 6, Warranty Disclaimer, Section 7, Indemnification, Section 8, Limitations of Liability, Section 9, Term and Termination, Section 10, Other Documents, and Section 11, Miscellaneous.
The SaaS Services are instantiated in, and the Services may apply Third-Party Content from a Cloud Hosting Provider and other third parties, including Third-Party Content that may run in, the Cloud Hosting Provider's cloud. All Three Things may provision the Cloud Hosting Provider or other Third Party Content:
(a) on behalf of All Three Things in a All Three Things account; or,
(b) on behalf of Client and resold to Client, as provided in the applicable Order.
In each instance, Client agrees the following are included in the Order for Services:
(c) The All Three Things SaaS Service Description;
(d) the Cloud Hosting Provider's and any other Third-Party Content provider terms, including terms in the License and Attribution Documents and at any listed or incorporated URLs or at All Three Things Site. For Cloud Hosting Provider content from Microsoft, the Cloud Hosting Provider terms include the terms of the Microsoft Customer Agreement published at https://www.microsoft.com/licensing/docs/customeragreement. All Three Things duties to Client for the elements of the Services that use or rely on Third-Party Content, including the Third-Party Content available from or through the Cloud Hosting Provider, are coextensive with the Third Party Content provider's duties to All Three Things for the same products and content (used or relied upon by the Service) according to the Third-Party Content provider's terms.
(e) The All Three Things Privacy Statement at https://www.All Three Things.com/All Three Things-legal/privacy
(f) Attachment A to these SaaS ToS – The DPA, including the attachments and documents incorporated by reference in the DPA, any updates to the DPA, and any jurisdiction specific data processing terms.
All Three Things may change these ToS (including any documents that are reference by these ToS or incorporated in these ToS) at any time on at least 90 days' notice in advance of the effective date of the changes by: (i) posting a revised version on the All Three Things Site; or, (ii) by giving Client notice according to Section 11.(b), Notices. By continuing to use the Services after the effective date of any changes, Client agrees to the changes. The changes will be effective 90 days after All Three Things posts the revised version on the All Three Things Site or sends the notice unless a later date is stated in the notice or at All Three Things Site. Client may terminate the Services before the effective date of the change(s) upon at least 30 days advance written notice to All Three Things if Client does not want to continue the Services with the changes.
(a) Entire Agreement. Except as otherwise provided in a written agreement signed by Client and All Three Things, the applicable Order, including these ToS, together with any other documents included in these ToS according to Section 10, Other Documents, are the sole and entire agreement of Client and All Three Things for the subject matter of the Order and supersedes all earlier and contemporaneous understandings, agreements, and representations and warranties, both written and oral, for the subject matter.
(b) Notices. All notices, requests, consents, claims, demands, waivers, and other communications under the Order (each, a "Notice") must be in writing and, if to Client, to the address Client provided to subscribe to the SaaS Service. Notice to All Three Things shall be given in writing to the All Three Things address in the applicable Order. Client or All Three Things may change its address for Notices by giving the other party advance written notice according to this section. All Notices must be delivered by at least one of the following methods: personal delivery, nationally recognized overnight courier (with all fees pre-paid), email (with confirmation of transmission), or certified or registered mail (in each case, return receipt requested, postage pre-paid).
(c) Force Majeure. In no event shall either party be liable to the other party, or breach the Order, for any failure or delay in performing its duties under the Order (except for any duty to make payments), if and to the extent the failure or delay is caused by any circumstances beyond the party's reasonable control, including but not limited to acts of God, flood, fire, earthquake, explosion, war, terrorism, invasion, riot or other civil unrest, strikes, labor stoppages or slowdowns or other industrial disturbances, or passage of law or any action taken by a governmental or public authority, including imposing an embargo.
(d) Amendment and Modification; Waiver. Except as otherwise agreed in writing by All Three Things and Client, no amendment to or modification of the Order is effective unless it is in writing and signed by an authorized representative of Client and an authorized representative of All Three Things. No waiver of any of the provisions of these ToS will be effective against a party unless explicitly in writing and signed by the party. No failure to exercise, or delay in exercising, any right, remedy, power, or privilege arising from the Order will operate or be construed as a waiver; no single or partial exercise of any right, remedy, power, or privilege under the Order will preclude any other or further exercise of the right, remedy, power, or privilege or the exercise of any other right, remedy, power, or privilege.
(e) Severability. If any provision of the Order is invalid, illegal, or unenforceable in any jurisdiction, the invalidity, illegality, or unenforceability will not affect any other term or provision of the Order or invalidate or render unenforceable the provision in any other jurisdiction.
(f) Governing Law; Submission to Jurisdiction. Each Order is governed by and construed according to the internal laws of the State of New Jersey, without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any other jurisdiction. Any legal suit, action, or proceeding arising out of or related to the Services or an Order, or both, shall be instituted exclusively in the federal courts of the United States or the courts of the State of New Jersey, in each case located in the city of Jersey City and the County of Hudson, and each party irrevocably submits to the exclusive jurisdiction of these courts in any suit, action, or proceeding.
(g) Assignment. Client may not assign any of its rights or delegate any of its duties under the Order, in each case whether voluntarily, involuntarily, by operation of law, or otherwise. All Three Things may assign its rights or delegate its duties under an Order to an affiliate or other third party. Any purported assignment or delegation in violation of this Section will be null and void.
(h) Export Regulation. Client shall comply with import, re-import, sanctions, anti-boycott, export, and re-export control laws and regulations ("Trade Laws"), including Trade Laws that apply to a U.S. company, including U.S. Export Administration Regulations, International Traffic in Arms Regulations, and economic sanctions programs implemented by the Office of Foreign Assets Control. Client is solely and entirely responsible for its own and its Authorized Users' compliance with Trade Laws and how Client and its Authorized Users choose to use the Services, including the transfer and processing of Client Data and the provision of Client Data to Authorized Users. Client assures All Three Things that:
(i) Client and the financial institutions used by Client to process payment for the Services, or any person or entity that owns or controls Client or the financial institutions used by Client to process payment for Services are not; and
(ii) each Authorized User is not subject to sanctions or otherwise designated on any list of prohibited or restricted parties, including but not limited to the lists maintained by the United Nations Security Council, the U.S. Government (for example, the Specially Designated Nationals List and Foreign Sanctions Evaders List of the U.S. Department of Treasury, and the Entity List of the U.S. Department of Commerce), the European Union or its Member States, or other applicable government authority.
(i) US Government Rights. The Service, including software, documentation and technical data provided in connection with the Services are "commercial items", comprised of "commercial computer software", "commercial computer software documentation", and "technical data" with the same rights and restrictions generally applicable to the Service. The terms "commercial items", "commercial computer software", "commercial computer software documentation", and "technical data" are defined in the applicable US Federal Acquisition Regulations and the Defense Federal Acquisition Regulation Supplement. If Client is using the Service on behalf of the U.S. Government and these terms fail to meet the U.S. Government's needs or are inconsistent in any way with U.S. federal law, Client will immediately discontinue use of the Service.
(j) Equitable Relief. Each party acknowledges and agrees that a breach or threatened breach by it of any of its duties under Section 4, Confidential Information, or, in the case of Client, Section 1(b), Use Restrictions, may cause the other Party irreparable harm for which monetary damages may not be an adequate remedy and agrees that, in the event of a breach or threatened breach, the other party will be entitled to seek equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court. These remedies are not exclusive and are in addition to all other remedies that may be available.
"Authorized User" means Client's employees, consultants, contractors, agents, and any other entities or individuals (i) who are authorized by Client to access and to use the Services according to the Order and (ii) for whom access to the Services has been purchased by Client according to an Order.
"Client Data" means non-public or proprietary information and data, in any form or medium, including Personal Data (as defined in the DPA), submitted, posted or otherwise transmitted by or on behalf of Client and its Authorized User(s) through the Services. Client Data excludes System and Usage Data.
"Cloud Hosting Provider" means the public cloud provider from whom All Three Things procures the cloud computing resources on which the All Three Things SaaS is instantiated.
"Documentation" means any All Three Things guides for the Services that are provided by All Three Things to Client, directly in electronic or in hard copy form, or made available to Client at a website according to the applicable Order(s).
"License and Attribution Documents" mean notices and license terms for open source and other third party software, including those notices and terms that accompany the Tools or are incorporated in URLs, including, in the case of distributed All Three Things brand software,https://public.support.All Three Things.com/common/ShowWebPage.aspx?id=6316&pla=ps&nav=ps.
"Losses" means losses, damages, liabilities, and costs (included in a settlement approved by the indemnitor or included in a final non-appealable order or award) that result from an indemnified claim under these ToS.
"Order" means a written order from Client for the Services of which these ToS are a part (A) directly with All Three Things that is accepted by All Three Things, or (B) with a All Three Things reseller, subject to All Three Things acceptance of an order for the Services from its reseller.
"Payment Term" means the time for payment of All Three Things charges in the Order, or if no Payment Term is in the Order, 30 days from the All Three Things invoice date.
"SaaS" means the All Three Things software as a service provided under an Order, including all related All Three Things IP.
"SaaS Service Description" means the Service description for the SaaS described in an Order or the All Three Things Site.
"Services" means work, products, or services provided under an Order, including any SaaS provided on a recurring charge or subscription basis.
"Subscription Term" means the Initial Term of the SaaS subscription, including any Ordered extensions or renewals.
"System and Usage Data" means information about the Services, including access, performance, and technical information, derived from All Three Things' monitoring of the (i) SaaS environment (to provide support, updates and other services); and, (ii) Authorized Users' access to and use of the Services that is captured and used by All Three Things in an aggregated and anonymized manner with statistics of other subscribers and users.
"Technical and Organizational Measures" means the measures implemented by All Three Things and further described in the DPA.
"Term" means the Subscription Term for the SaaS and the non-SaaS Services Term for the non-SaaS Services.
"Third Party Content" means third-party products or services, or both, that All Three Things makes available to Client in connection with the Services.
"Tools" mean software service tools that All Three Things uses and may provide for installation in Client or its Authorized Users' environments during the Term so All Three Things can provide and Client and its Authorized Users may receive the Services, but which All Three Things does not separately license to Client.
"All Three Things" means the All Three Things legal entity on whom Client placed the Order for the Services, or if Client placed the Order for the Services through a All Three Things' reseller, the All Three Things legal entity that accepted the reseller's corresponding order for the Services. The All Three Things entity through which the Services are available in the United States is All Three Things Corporation, 801 Lakeview Drive, Suite 100, Blue Bell, Pennsylvania 19422.
"All Three Things IP" means the Documentation, Tools and all intellectual property used by All Three Things to provide the Services or provided to Client or any Authorized User in connection with the Services or Documentation. All Three Things IP includes System and Usage Data and any other information derived from All Three Things' provision and operation of the Services. All Three Things IP excludes Client Data.
"All Three Things Site" means the site where Client and its Authorized Users access the Services, All Three Things support site at https://AllThreeThings.com/support or other All Three Things URL identified by All Three Things in the Order.
The following clauses are a part of the agreement between Client and All Three Things for the Services, whether under a written order (A) directly with All Three Things that is accepted by All Three Things, or (B) with a All Three Things reseller, subject to All Three Things acceptance of an order and payment for the Services from the reseller (the "Order"). The following clauses shall apply only to the extent All Three Things processes Personal data as a Data Processor or a subprocessor.
Terms not defined in this DPA shall have the meaning in the Order. In the event of a conflict between the DPA and the other terms of the Order, the DPA shall prevail with regard to the parties' data protection obligations. The terms of this DOA shall survive expiration or termination of the Order.
1.1. "Applicable Data Protection Laws" means all data protection laws applicable to the Personal Data processing under this DPA, including local, state, national, and/or foreign laws, treaties, and/or regulations, EU Data Protection laws and implementation of EU Data Protection laws into national law.
1.2. "Data Controller": shall mean the party/entity which, alone of jointly with others, determines the purposes and means of the Processing of Personal Data.
1.3. "Data Processor": shall mean the entity which Processes Personal data on behalf of the Data Controller.
1.4. "Data Subject": shall mean the person to whom the Personal Data relates.
1.5. "EEA": shall mean the European Economic Area.
1.6. "EU Data Protection law" or "GDPR": shall mean: (i) up to 25 May 2018, the Data Protection Directive 95/46/EC; and (ii) from 25 May 2018 onwards the General Data Protection Regulation (EU) 2016/679.
1.7. "Personal Data" means any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable natural person is one who can be identified, directly or indirectly, as provided in Applicable Data Protection Laws, and in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and has the same meaning as the term personally identifiable information (PII) or the equivalent term under Applicable Data Protection Laws;
1.8. "Personal Data Breach" shall mean (i) a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
1.9. "Process" or "Processed" or "Processing" shall mean any operation or set of operations performed on Personal Data or sets of Personal Data, whether or not by automated means, such as, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.10. Third Party Subprocessor: means a third party, other than a All Three Things Affiliate, which All Three Things subcontracts with and which may Process Personal Data as set out in clause 8.
1.11. Regulator: Supervisory Authority, Data Protection Authority or equivalent term under Applicable Data Protection Law)
2.1. Each party is responsible for compliance with its respective obligations under Applicable Data Protection Laws.
2.2. For the purpose of this DPA, Client and its Affiliates are the Data Controller(s) and All Three Things and its Affiliates are the Data Processor. All Three Things will process Personal Data solely to perform the Services according to the Order
2.3. Unless otherwise specified in the Order, Client may not provide All Three Things with any sensitive or special Personal Data that imposes specific data security or data protection obligations on All Three Things in addition to or different from those specified in in this DPA.
2.4. To the extent All Three Things discloses Personal Data in its performance of the Services to enable Client to receive the Services, the provisions in this DPA shall apply to Processing of such Personal Data with All Three Things acting as the controller and Client acting as the processor or subprocessor for the purpose of the disclosure.
3.1. Client will comply with Applicable Data Protection Laws in its role as Controller when collecting Personal Data and when providing Personal Data to All Three Things as a Processor. Client as Data Controller warrants that is has all necessary rights to provide the Personal Data to All Three Things as Data Processor for the processing to be performed in relation to the Services, and that one or more lawful bases under Applicable Data Protection Law support the lawfulness of the processing. To the extent required by EU Data Protection Law the Data Controller is responsible for ensuring that all necessary privacy notices are provided to data subjects, and unless another legal basis in EU Data Protection Law supports the lawfulness of the processing that any necessary data subject consents to the processing are obtained, and for ensuring that a record of the consents is maintained. Should the consent be revoked by a data subject, the Data Controller will provide notice of the revocation to the Data Processor, and the Data Processor remains responsible for implementing Data Controller's instruction for processing of that Personal Data.
3.2. Client will use reasonable endeavors to ensure that the processing instructions which it provides to All Three Things as a Processor pursuant to the Order comply with Applicable Data Protection Laws.
3.3. Client warrants that the disclosure of Personal Data to All Three Things is limited to what is necessary in order for All Three Things to perform the Processing in accordance with the processing instructions set out in the Order.
3.4. Subject to All Three Things complying with its obligation under clause b) in 4.1 below, Client will respond to all requests made by Data Subjects under Applicable Data Protection Laws and all communications from Regulators which relate to Personal Data Processed by All Three Things for Client, in accordance with Applicable Data Protection Laws.
3.5. In addition to the instructions incorporated into the Order, Client may provide additional instructions in writing to All Three Things for the Processing of Personal Data according to Applicable Data Protection Laws. All Three Things will promptly comply with such instructions to the extent necessary for All Three Things to (i) comply with its Processor obligations under Applicable Data Protection Laws; or (ii) assist Client to comply with its Controller obligations under Applicable Data Protection Laws. Client's right to provide instructions to All Three Things under Applicable Data Protection Laws includes instructions for (i) data transfers and (ii) assistance with Data Subject requests to access, delete or erase, restrict, rectify, receive and transmit (data portability), block access to or object to Processing of specific Personal Data. To the extent required under Applicable Data Protection Laws, All Three Things will immediately inform Client if, in its opinion, Clients' instructions infringe Applicable Data Protection Laws. Client acknowledges and agrees that All Three Things is not responsible for performing legal research and/or for providing legal advice to Client.
4.1. When Processing Personal Data in its capacity as a Processor, All Three Things will:
a) Comply with its obligations as stated in Section 10, "Processing Details" and Section 11, "Technical and Organizational Measures" below.
b) if All Three Things receives any request from any Data Subject relating to the Personal Data processed by All Three Things on behalf of Client, All Three Things will immediately provide a copy of that request to Client and provide reasonable assistance to Client in responding to the request. All Three Things will also provide reasonable assistance to Client in responding to communications from any Regulator relating to the Personal Data processed by All Three Things on behalf of Client;
c) provide reasonable assistance to enable Client to comply with its obligations under Applicable Data Protection Laws, including, where applicable, Articles 32 – 36 of the GDPR, as described in Section 11;
d) keep records of all Processing of Personal Data which All Three Things carries out for Client, which will include the information required to be kept, including, where required by Applicable Data Protection Laws, documentation of transfers to third countries under Article 30 of the GDPR, and provide Client with a copy of those records on request;
e) where required by Applicable Data Protection Laws, designate a data protection officer and promptly provide the contact details to Client;
f) not disclose the Personal Data to third parties (except to All Three Things Affiliates, Third Party subprocessors and employees as permitted by this DPA) unless required to disclose the Personal Data by applicable laws, in which case All Three Things will (to the extent permitted by law) notify Client promptly in writing and work with Client before complying with the request to limit the disclosure to the extent legally permissible.
5.1. All Three Things will retain Personal Data only for so long as necessary to provide the Services.
5.2. Upon expiration or termination of the provision of the Services pursuant to the Order, or on Client request at any time, at Client's choice, subject to clause 5.3 below, All Three Things will securely destroy all Personal Data including any copies thereof held in its possession and/or control, and on request send Client a written certification that all Personal Data has been so destroyed or return the Personal Data in the format it was stored by All Three Things.
5.3. If All Three Things is required to retain Personal Data in order to comply with applicable laws, then All Three Things may retain the Personal Data, and will retain it in compliance with Applicable Data Protection Laws and not Process the Personal Data, except for the purpose of complying with applicable laws.
6.1. All Three Things will notify Client's point of contact as detailed in the Order promptly after becoming aware of any actual or suspected Personal Data Breach, and will provide reasonable cooperation and assistance to enable Client to investigate the Personal Data Breach, comply with all reporting and notification obligations required by Applicable Data Protection Laws and take reasonable and appropriate corrective action to:
a) remedy the Personal Data Breach;
b) prevent a recurrence of the breach; and
c) avoid and/or prevent any further loss or damage arising from the Personal Data Breach.
6.2. Except as required by Applicable Data Protection Laws, All Three Things agrees that: (i) it shall not inform any third party of any Personal Data Breach without first obtaining Client's prior written consent, other than to inform a complainant that Client shall be/has been informed of the Personal Data Breach; and (ii) Client shall have the sole right to determine whether notice of the Personal Data Breach is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others and the contents of the notice.
6.3. If the Personal Data Breach was a result of All Three Things' breach of the requirements of this DPA, All Three Things shall bear all costs associated with (i) the investigation and resolution of the Security Breach; and (ii) notifications to individuals, regulators, or others or any other remedial actions to the extent required by law.
7.1. Client hereby provides All Three Things general written authorization to engage All Three Things Affiliates and/or Third Party Subprocessors identified in the Order or SaaS Service Description to act as subprocessors of Personal Data. All Three Things will inform Client of any addition, removal or replacement of the subprocessor(s). Within fourteen (14) calendar days of All Three Things providing Client notice of the change, Client may object to the involvement of a new proposed subprocessor in the Processing of Personal Data, providing objective justifiable grounds related to the ability of such subprocessor to adequately protect Personal Data according to the DPA or Applicable Data Protection Laws in writing to the All Three Things. All Three Things and Client will work together in good faith to find a mutually acceptable resolution to address such objection. To the extent Client and All Three Things do not reach a mutually acceptable resolution within a reasonable timeframe, Client may terminate the relevant Services (i) upon serving thirty (30) days prior written notice to All Three Things; (ii) without liability to Client or All Three Things and (iii) without relieving Client from payment obligations under the Order up to the date of termination If All Three Things uses a Third Party Subprocessor to fulfill its obligation under the Order, it will conduct reasonable due diligence to ensure that each Third Party Subprocessor has provided sufficient guarantees that it will comply with Applicable Data Protection Laws when Processing the Personal Data, including that:
a) the disclosure of Personal Data to a subprocessor is limited to the relevant and minimum amount necessary; and
b) the subprocessor has entered into a written, valid and enforceable agreement which imposes on it the same or equivalent obligations to those imposed on All Three Things in this DPA.
7.2. All Three Things is responsible for the performance of its subprocessors in compliance with the terms of this DPA and Applicable Data Protection Laws.
8.1. Without prejudice to any applicable regional data center restrictions for hosted Services specified in the Order, All Three Things may Process Personal Data globally as necessary to perform the Services. To the extent such global access involves a transfer of Personal Data subject to cross-border transfer restrictions under Applicable Data Protection Law, the transfers shall be subject to (i) for transfers to All Three Things Affiliates, the terms of the All Three Things Intragroup Data Transfer Agreement based on the model Standard Contractual Clauses (SCC's), which requires all transfers of Personal Data to be made in compliance with Applicable Data Protection Law and all applicable All Three Things security and data privacy policies and standards globally; and (ii) for transfers to Third Party Subprocessors, security and data privacy requirements consistent with the relevant requirements of this DPA and Applicable Data Protection Laws.
9.1. Client and All Three Things acknowledge and agree that:
a) The subject-matter of the processing is limited to Personal Data as defined under Applicable Data Protection Law(s);
b) The duration of the processing shall be for the duration of the Client's right to use the SaaS and until all Personal Data is deleted or returned according to Client instructions or the terms of the Order;
c) The nature and purpose of the processing shall be to provide the Services according to the Order;
d) Transfers of any Personal Data for the purpose of processing shall comply with Applicable Data Protection Laws;
e) The types of Personal Data may include but are not limited to personal contact information such as first and last name, business or personal email address, mailing address, phone numbers, business or personal identification documents and numbers, IP addresses, and personal details including but not limited to age, birth date, employment and education status, history and qualifications, photographic images, fingerprints, voice recordings, financial details, goods and services provided or of interest, and online behavior and interest data,;
f) The categories of data subjects are Client's representatives and end users, including its employees, job applicants, contractors, partners, suppliers, clients and customers;
g) Additional or more specific descriptions of Processing activities, categories of Personal Data and Data Subjects may be described in the Order.
11.1. As a Data Processor, All Three Things shall:
a) Ensure that the Personal Data can be accessed only by authorized personnel for the purposes in Client's Order;
b) Take all reasonable measures to prevent unauthorized access to Personal Data through the use of appropriate physical and logical (passwords), entry controls, securing areas for data processing, and implementing procedures for monitoring the use of data processing facilities;
c) Build in system and audit trails;
d) Use secure passwords, network intrusion detection technology, encryption and authentication technology, secure logon procedures and virus protection;
e) Account for risks that are presented by processing, for example from accidental or unlawful destruction, loss, or alteration, unauthorized or unlawful storage, processing, access or disclosure of Personal Data;
f) Ensure pseudonymisation and/or encryption of Personal Data when appropriate;
g) Maintain the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
h) Maintain the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
i) Implement a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Personal Data;
j) Monitor compliance on an ongoing basis;
k) Implement measures to identify vulnerabilities with regard to the processing of Personal Data in systems used to provide services to the Data Controller; and,
l) Provide employee and contractor training to ensure ongoing capabilities to carry out the security measures established in policy.
12.1. Affiliates. Each party is entering into this DPA also on behalf of its Affiliates. Each party will coordinate all communication with the other party on behalf of its Affiliates with regard to this DPA. Each party represents that it is authorized to issue instructions and make and receive any communications or notifications relating to this DPA on behalf of its Affiliates. Either party's Affiliates may enforce the terms of the DPA directly against the other party subject to the following provisions: (i) each party will bring any legal action, suit, claim or proceeding which that Affiliate would otherwise have if it were a party to the Order (each an Affiliate Claim) directly against the other party on behalf of the Affiliate, except where the Applicable Data Protection Laws or other applicable laws to which the relevant Affiliate is subject require that the Affiliate itself bring or be party to the Affiliate Claim and (ii) for the purpose of any Affiliate Claim brought directly against one party by the other on behalf of its Affiliate according to this Section, any losses suffered by the relevant Affiliate may be deemed to be losses suffered by the party bringing the claim. If needed for local legal reasons the parties will enter into a local DPA with their relevant local Affiliates.
12.2. Termination. The term of this DPA will end simultaneously and automatically at the later of (i) the termination of the Order or (ii) when all Processing activities under the DPA have ended.
By using our services, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service.
Last updated: May 12, 2025