The URL can be used to link to this page

Home My WebLink AboutAgreement A-21-262 with Domo Inc..pdf-1- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 A G R E E M E N T THIS AGREEMENT (“Agreement”) is made and entered into this day of , 2021 (“Effective Date”), by and between the County of Fresno, a political subdivision of the state of California ("COUNTY"), and Domo, Inc., a Utah corporation, whose address is 772 E. Utah Valley Drive, American Fork, UT 84003 ("CONTRACTOR"). W I T N E S S E T H: WHEREAS, the COUNTY currently uses business intelligence (“Business Intelligence”) tools available to COUNTY staff to analyze complex health data to better serve COUNTY residents; WHEREAS, the COUNTY is in need of a more robust cloud-hosted HIPAA-compliant Business Intelligence solution to provide high-level, data-driven information that can be made available to both internal COUNTY staff and contracted providers; WHEREAS, CONTRACTOR provides a cloud-hosted and HIPAA-Compliant Business Intelligence solution that is compatible with the COUNTY’s Behavioral Health data and will provide the desired Business Intelligence tools to COUNTY staff and other relevant partners; WHEREAS, COUNTY and CONTRACTOR desire to execute this Agreement for software maintenance, support, and related services. NOW, THEREFORE, in consideration of the mutual covenants, terms and conditions herein contained, the parties hereto agree as follows: 1.DEFINITIONS: The following terms are defined as follows for purposes of this Agreement: Change Control Process means the process used by the Information Services Division of COUNTY’s Internal Services Department (“ISD”) to inform COUNTY staff of new or updated production use systems. County System Hardware means the central processing units owned or leased by COUNTY on which COUNTY is licensed to use the System Software, any back-up equipment for such central processing units, and any peripheral hardware such as terminals, printers, and personal computers. 13th July Agreement No. 21-262 -2- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 COUNTY System Software means the operating system and database software installed on the County System Hardware. ISD is the COUNTY’s Internal Services Department. License is the license to the Service granted under Section 2(A) of this Agreement. Service Order means the Service Order attached to this Agreement as Exhibit C (the “Attached Service Order”) and any other ordering document entered into between CONTRACTOR and COUNTY and us specifying the services to be provided thereunder, including any addenda and supplements thereto. By entering into a Service Order under this Agreement, an affiliate agrees to be bound by the terms of this Agreement as if it were an original party to the Agreement. System refers to the System Software and System Documentation, collectively, including all modifications and enhancements. System Documentation means the documentation relating to the System Software as defined in the Services Agreement. System Software is the Service as defined under the Services Agreement Domo provides Business Intelligence analytics tools for COUNTY Behavioral Health data as described in the Attached Service Order. All systems are web applications that will be accessed via internet browsers on personal computers. System Software does not include operating system software, or any other third-party software. System Software Maintenance and Support means the technical support package for the version of the Service to which COUNTY is subscribed as set forth in the applicable Service Order. 2.OBLIGATIONS OF THE CONTRACTOR A.SOFTWARE LICENSE 1)GRANT OF LICENSE CONTRACTOR grants to COUNTY, and COUNTY accepts a non-exclusive, non-transferable, license to use the System Software, subject to the terms and limitations set forth in this Agreement, including in the Services Agreement and any Service Orders. 2)SCOPE OF LICENSE -3- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 The license granted under this Agreement consists solely of the non-exclusive, non-transferable right of COUNTY to access and use the System Software as set forth in the Services Agreement and applicable Service Orders. 3)OWNERSHIP The parties acknowledge and agree that, as between CONTRACTOR and COUNTY, title and full ownership of all rights in and to the System Software, System Documentation, and all other materials provided to COUNTY by CONTRACTOR under the terms of this Agreement shall remain with CONTRACTOR. COUNTY will take reasonable steps to protect trade secrets of the System Software and System Documentation. COUNTY may not disclose or make available to third parties the System Software or System Documentation or any portion of either. CONTRACTOR owns all right, title and interest in and to all CONTRACTOR’s corrections, modifications, or enhancements to the System that are conceived, created or developed, alone or with COUNTY or others, as a result of or related to the performance of this Agreement, including all proprietary rights therein and based thereon. For purposes of this Agreement, “enhancement” means new software that is an interface between the System Software and other software. Except and to the extent expressly provided herein, CONTRACTOR does not grant to COUNTY any right or license, express or implied, in or to the System. The parties acknowledge and agree that, as between CONTRACTOR and COUNTY, full ownership of all rights in and to all COUNTY data, whether in magnetic or paper form, including without limitation printed output from the System, are the exclusive property of COUNTY. 4)POSSESSION, USE, AND UPDATE OF SOFTWARE COUNTY agrees that COUNTY will only use the System Software for COUNTY purposes, as provided in this Agreement. CONTRACTOR may, at reasonable times, inspect the COUNTY’s premises and equipment to verify that all of the terms and conditions of the License are being observed. CONTRACTOR may create, from time to time, updated versions of the System Software and System Documentation, and CONTRACTOR shall make such System Updates available to COUNTY if and as provided under the terms of the applicable Service Order. All System Updates set forth in the Service Order shall be licensed under the terms of this Agreement. COUNTY agrees to follow the prescribed -4- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 instructions for updating System Software and System Documentation provided to COUNTY by CONTRACTOR. 5)POSSESSION AND USE OF SOURCE CODE Source code and other material that results from custom programming by CONTRACTOR released to COUNTY under the License are deemed CONTRACTOR software subject to all of the terms and conditions of the License. If COUNTY creates computer code in the process of developing an enhancement for the System Software that is not a derivative of System Software, that specific new code shall be owned by COUNTY, and may be used by COUNTY’s employees, officers, or agents for COUNTY’s own internal business operations to carry out statutory public functions that benefit the public, including individual members of the public. However, if COUNTY’s enhancement results in the creation of a derivative work from the System Software, the copyright to such derivative work shall be owned by CONTRACTOR, and COUNTY’s right to use such derivative work is limited to those granted with respect to the System Software in this Agreement. 6)RESTRICTIONS ON USE COUNTY shall not (i) license, sublicense, sell, resell, transfer, assign, distribute or otherwise commercially exploit or make available to any third party the System Software or the System Documentation in any way; (ii) modify the System Software or make derivative works based upon the System Software or the System Documentation; (iii) create Internet “links” to the System Software or “frame” or “mirror” any System Documentation on any other server or wireless or Internet -based device; (iv)use the System to send spam or otherwise duplicative or unsolicited messages in violation of applicable law; (v) use the System to send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material, including material harmful to children or violative of third party privacy rights; (iv) use the System to send or store material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs; (vii) interfere with or disrupt the integrity or performance of the System Software or the data contained therein, including but not limited to COUNTY data; (viii) attempt to gain unauthorized access to the System Software or its related systems or networks; (ix) reverse engineer or access the System Software in order to (a) build a -5- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 competitive product or service, (b) build a product using similar ideas, features, functions or graphics of the System Software, or (c) copy any ideas, features, functions or graphics of the System Software. No right or license is granted under this Agreement for the use of the System, directly or indirectly, for the benefit of any other person or entity, except as provided in this Agreement. 7)INTELLECTUAL PROPERTY, TRADEMARK, AND COPYRIGHT CONTRACTOR retains ownership of and all rights in the System Software, any portions or copies thereof. CONTRACTOR reserves all rights not expressly granted to COUNTY. This License does not grant COUNTY any rights in connection with any trademarks or service marks of CONTRACTOR, its suppliers or licensors. All right, title, interest and copyrights in and to the System, and any copies of the System Software are owned by CONTRACTOR, its suppliers or its licensors. All title and intellectual property rights in and to the content which may be accessed through use of the System Software are the property of the respective content owner, and may be protected by applicable copyright or other intellectual property laws and treaties. This License grants COUNTY no rights to use such content. 8)SERVICES AGREEMENT COUNTY and CONTRACTOR agree that the purchase of the licenses and services will be governed by the Services Agreement, which is attached and incorporated herein as Exhibit A (the “Services Agreement”). All terms of the Services Agreement are incorporated into this Agreement by this reference. To the extent of any inconsistency between this Agreement and the Services Agreement, the terms of this Agreement will govern. If there is a conflict between the terms of this Agreement, the Services Agreement, and an applicable Service Order, the terms of the Service Order will control. B.SERVICES TO BE PROVIDED BY CONTRACTOR TO COUNTY 1)Implementation Services CONTRACTOR will make available Professional Services for COUNTY to implement and launch the System Software. As set forth in the Service Order attached to this Agreement, this will consist of 120 hours of Professional Services at a rate of $250 per hour in order to set up the System Software, train relevant staff in its use, and otherwise prepare the System for use, up to the number of hours -6- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 purchased. All implementation services shall be fully described and governed by a Service Order document to be completed by the COUNTY’s Contract Administrator as defined in Section 3, below. C.SYSTEM MAINTENANCE AND SUPPORT BY CONTRACTOR CONTRACTOR shall provide System Software Maintenance and Support as per the technical support package purchased by the COUNTY as set forth in the Service Order. CONTRACTOR will support day-to-day operation of the System as follows: 1)SUPPORT HOURS/SCOPE: Provide technical assistance in accordance with the requirements of the support package purchased by the COUNTY as set forth in the Service Order . 2)SUPPORT RESPONSE: During the term of this Agreement, CONTRACTOR will (a) correct any error or malfunctions in the System that prevent the System from operating in material conformance with the specifications set forth in Section 1 and Section 2.C of this Agreement, or (b) if correction is not commercially reasonable, refund any prepaid unused fees for the non-conforming service and terminate the applicable Service Order. COUNTY must notify us of any such error or malfunction within 30 days of the date on which the condition first appears. If analysis by CONTRACTOR indicates a reported problem is caused by a reproducible error or malfunction in the then-current release of the System Software, which significantly impedes effective use of the System by COUNTY for the COUNTY’s purposes described in the recitals, and in Section 2 above, CONTRACTOR will, if the System is inoperable, as reported by COUNTY, use commercially reasonable efforts to correct the error or to resolve the problem by providing a circumvention. In such cases, CONTRACTOR will provide COUNTY with corrective information, such as corrective documentation, corrective program code in the form of an update to the System Software, or both. CONTRACTOR shall respond to COUNTY's service -7- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 request within the time frame set forth in the technical support package applicable to the version of the System Software to which COUNTY is subscribed. 3)ERROR CORRECTION PROCESS If, during the term of this Agreement, COUNTY determines that a System Software error exists, COUNTY will first follow the error procedures specified in the System Documentation. If following the error procedures does not correct the software error, COUNTY shall immediately notify CONTRACTOR via phone or email, setting forth the defects noted with specificity. Upon notification of a reported software error, CONTRACTOR shall use commercially reasonable efforts to correct the error in accordance with the technical support package applicable to the version of the System Software to which COUNTY is subscribed. D.ADDITIONAL SYSTEM MAINTENANCE SERVICES BY CONTRACTOR CONTRACTOR may provide additional maintenance services (“Additional Maintenance and Support Services” or “Additional Maintenance Services”) at an additional charge. Charges will be as identified in Section 6 of this Agreement; or, if the Additional Maintenance and Support Services are not specifically listed in this Agreement, charges will be at current prices in effect at the time goods or services are provided. Any Additional Maintenance and Support Services requested by COUNTY and determined by CONTRACTOR not to be specifically listed in this Agreement must be identified as a chargeable service prior to the service being performed, and must be approved in writing in advance by COUNTY’s Contract Administrator, as defined in Section 3, below. Additional Maintenance Services include, but are not limited to, the following: 1)ADDITIONAL TRAINING Training was previously provided to COUNTY staff under a previous agreement. Additional training at a COUNTY facility is available upon request by COUNTY at an additional charge under the terms of this Agreement. Requests for additional training will be reviewed by CONTRACTOR, and must be requested in writing in advance by COUNTY’s Contract Administrator. 2)DATA AND SYSTEM CORRECTIONS -8- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 CONTRACTOR shall, for an additional charge, use commercially reasonable efforts to provide data and system corrections that are necessary due to COUNTY errors or unauthorized source code or data access by COUNTY. Unauthorized data access is defined as any COUNTY editing of data through other than normal System Software usage, as defined in System Documentation. Unauthorized source code access is defined as any COUNTY access whatsoever to System Software source code. COUNTY will not pay any compensation to CONTRACTOR for services that result from errors caused by System Software or written instruction provided by CONTRACTOR, provided that COUNTY complied with all terms of this Agreement and Services Agreement and any such instructions. E.SYSTEM UPDATES From time to time CONTRACTOR will develop and provide updates to the System Software. Updates to the System Software are subject to the terms and conditions of this Agreement, and shall be deemed licensed System Software under this Agreement. F.OPERATING SYSTEM UPDATES The System Software must run on an operating system (O/S) that is consistently and currently supported by the O/S vendor. The System Software version is expected to always be no more than one year older than the current released O/S version. 1)ANTI-VIRUS MANAGEMENT COUNTY will actively run anti-virus management, where appropriate, on all application servers and PCs. The System Software is expected to perform adequately while anti-virus management is active. G.ADHERE TO CHANGE CONTROL PROCESS CONTRACTOR must adhere to COUNTY’s Change Control Process, which is amended from time to time, and which shall be provided to CONTRACTOR in writing. COUNTY employs a procedure to implement updates, upgrades, and version releases to a system that is in production use. H.OTHER -9- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 The System Software being provided runs in a Local Area Network and Web environment. As such, the performance of the System Software is directly related to, among other things: available network bandwidth, and the performance of other applications. For this reason, CONTRACTOR makes no guarantees as to System Software response time. COUNTY will not allow CONTRACTOR to access to COUNTY’s intranet, internal data, or email system, and CONTRACTOR shall not require such access in order to provide the System. I.DATA SECURITY CONTRACTOR shall comply with all obligations in Exhibit B, “Data Security,” which is attached and incorporated by this reference. 3.OBLIGATIONS OF COUNTY A.COUNTY CONTRACT ADMINISTRATOR COUNTY hereby appoints its Director of Internal Services/Chief Information Officer, or his or her designee, as COUNTY's Contract Administrator, with full authority to deal with CONTRACTOR in the administration of this Agreement. B.SYSTEM HARDWARE AND SYSTEM SOFTWARE COUNTY will, at its own expense, provide and properly maintain and update on an ongoing basis all necessary hardware required to operate the System Software. COUNTY’s hardware shall meet or exceed CONTRACTOR’s recommendations, as provided in the System Documentation. C.OTHER COUNTY OBLIGATIONS 1)COUNTY’s ISD staff will provide technical assistance to CONTRACTOR during the installation of the System Software. In particular, COUNTY will provide: a.Network connectivity and troubleshooting assistance; b.Ability for COUNTY staff to monitor network traffic and isolate bottlenecks; c.Technical assistance concerning the integration with existing COUNTY systems (if applicable); and -10- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 d.Expertise to handle issues with COUNTY PCs, printers, and cabling before, during, and after First Production Use. 4.TERM The term of this Agreement shall be for a period of three (3) years, commencing on July 13, 2021 through and including July 12, 2024. This Agreement will be extended for two (2) additional consecutive twelve (12) month periods automatically unless notice of non-renewal is provided no later than thirty (30) days prior to the first day of the next twelve (12) month extension period. If the parties enter into a Service Order that extends beyond the term of this Agreement, the terms of this Agreement, including the Services Agreement, will continue to apply with respect to such Service Order. 5.TERMINATION A.Non-Allocation of Funds - The terms of this Agreement, and the services to be provided hereunder, are contingent on the approval of funds by the appropriating government agency. Should sufficient funds not be allocated for an applicable one-year term of a Service Order, the services provided may be modified, or this Agreement terminated, without penalty by giving the CONTRACTOR at least thirty (30) days’ advance written notice prior to commencement of the applicable one-year term. Neither this Agreement nor the services can be terminated or modified during any annual term of a Service Order once the applicable annual term has commenced. B.Breach of Contract - The COUNTY may immediately suspend or terminate this Agreement in whole or in part, upon written notice to CONTRACTOR, where there is: 1)An illegal or improper use of funds by CONTRACTOR; or 2)A failure by CONTRACTOR to comply with any material term of this Agreement if such failure is not cured within 30 days’ of written notice by COUNTY of such failure. In no event shall any payment by the COUNTY constitute a waiver by the COUNTY of any breach of this Agreement or any default which may then exist on the part of the CONTRACTOR. Neither shall such payment impair or prejudice any remedy available to the COUNTY with respect to the breach or default. 6.COMPENSATION/INVOICING: COUNTY agrees to pay CONTRACTOR, and -11- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 CONTRACTOR agrees to receive compensation, as follows: A.Software Support and Maintenance/Subscription Fees: COUNTY agrees to compensate CONTRACTOR for the System as described in the Attached Service Order (or any other Service Order entered into by the parties or their affiliates). The total maximum compensation payable to CONTRACTOR during the initial term of this Agreement for the System Software for the same subscription services, platform configuration and number of Authorized Users described in the Attached Service Order is $288,000.00. If this Agreement is extended for the first additional year as provided in Section 4, above, the total maximum compensation payable to CONTRACTOR for the System Software for the same subscription services, platform configuration and number of Authorized Users described in the Attached Service Order to this Agreement will increase to $388,320.00. The maximum total compensation payable for the System Software for the same subscription services, platform configuration and number of Authorized Users described in the Attached Service Order for all five years, if this Agreement is extended for both additional years as provided in Section 4, above, is $493,154.40. It is understood that all expenses incidental to CONTRACTOR's performance of services under this Agreement shall be borne solely by CONTRACTOR (except, if applicable, any actual, pre-approved travel expenses for performing training or other professional services). B.Implementation Services: COUNTY agrees to compensate CONTRACTOR for 120 Professional Services hours for the purposes of one-time implementation costs, at a rate of $250.00 per hour. The maximum total compensation payable for these 120 hours of implementation services is $30,000.00. CONTRACTOR shall submit monthly invoices referencing the provided contract number via email, to the Internal Services Business Office (ISDBusinessOffice@FresnoCountyCA.gov) or via mail to County of Fresno, Department of Internal Services, Attention: Business Office, 333 W. Pontiac Way, Clovis, CA 93612. COUNTY shall pay CONTRACTOR within forty-five (45) days of receipt of invoice (unless disputed in good faith). COUNTY shall remit payment to CONTRACTOR’s address specified in the approved invoice. The total maximum compensation payable to CONTRACTOR during the initial term of this -12- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Agreement under subsections A and B above is $318,000.00. If this Agreement is extended for the first additional year as provided in Section 4, above, the total maximum compensation payable to CONTRACTOR will increase to $418,320.00. The maximum total compensation payable for all goods and services under this Agreement under subsections A and B above for all five years, if the Agreement is extended for both additional years as provided in Section 4, above, is $523,154.40. It is understood that all expenses incidental to CONTRACTOR's performance of services under this Agreement shall be borne solely by CONTRACTOR (except, if applicable, any actual, pre-approved travel expenses for performing training or other professional services). 7.INDEPENDENT CONTRACTOR: In performance of the work, duties and obligations assumed by CONTRACTOR under this Agreement, it is mutually understood and agreed that CONTRACTOR, including any and all of the CONTRACTOR'S officers, agents, and employees will at all times be acting and performing as an independent contractor, and shall act in an independent capacity and not as an officer, agent, servant, employee, joint venturer, partner, or associate of the COUNTY. Furthermore, COUNTY shall have no right to control or supervise or direct the manner or method by which CONTRACTOR shall perform its work and function. However, COUNTY shall retain the right to administer this Agreement so as to verify that CONTRACTOR is performing its obligations in accordance with the terms and conditions thereof. CONTRACTOR and COUNTY shall comply with all provisions of law and the rules and regulations, if any, of governmental authorities having jurisdiction over matters the subject thereof as applicable to the respective party in relation to this Agreement. Because of its status as an independent contractor, CONTRACTOR shall have absolutely no right to employment rights and benefits available to COUNTY employees. CONTRACTOR shall be solely liable and responsible for providing to, or on behalf of, its employees all legally-required employee benefits. In addition, CONTRACTOR shall be solely responsible and save COUNTY harmless from all matters relating to payment of CONTRACTOR'S employees, including compliance with Social Security withholding and all other regulations governing such matters. It is acknowledged that during the term of this Agreement, CONTRACTOR may be providing services to others unrelated to the COUNTY or to this Agreement. 8.MODIFICATION: Any matters of this Agreement may be modified from time to time -13- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 by the written consent of all the parties without, in any way, affecting the remainder. 9.NON-ASSIGNMENT: Neither party shall assign or transfer this Agreement nor their rights or duties under this Agreement without the prior written consent of the other party except as provided under the Services Agreement. 10.HOLD HARMLESS: A.Defense of Infringement Claims. CONTRACTOR will, at its expense, either defend the COUNTY from or settle any claim, proceeding, or suit brought by a third party (“Claim”) against the COUNTY alleging that the COUNTY’s use of the System Software infringes or misappropriates any patent, copyright, trade secret, trademark, or other intellectual property right. The COUNTY must (a) give CONTRACTOR prompt written notice of the Claim; (b) grant CONTRACTOR control over the defense and settlement of the Claim; (c) provide assistance in connection with the defense and settlement of the Claim as CONTRACTOR may reasonably request; and (d) comply with any settlement or court order made in connection with the Claim. The COUNTY will not defend or settle any Claim under this Section 10(A) without CONTRACTOR’s prior written consent. The COUNTY may participate in the defense of the Claim at the COUNTY’s own expense and with counsel of the COUNTY’s own choosing, subject to the CONTRACTOR’s control over the defense and settlement of the Claim as provided above. B.Indemnification of Infringement Claims. CONTRACTOR will indemnify the COUNTY and its affiliates from, and pay: (i) all damages, costs, and attorneys’ fees finally awarded against the COUNTY and its affiliates in any Claim under Section 10(A); (ii) all out-of-pocket costs, including reasonable attorneys’ fees reasonably incurred by the COUNTY in connection with the defense of a Claim under Section 10(A) (other than attorneys’ fees and costs incurred without CONTRACTOR’s consent after CONTRACTOR has accepted defense of the Claim and expenses incurred pursuant to the last sentence of Section 10(A); and (iii) all amounts that CONTRACTOR agrees to pay to any third party to settle any Claim under Section 10(A). C.Exclusions from Obligations. CONTRACTOR has no obligation under this Section 10 for any infringement or misappropriation to the extent that it arises out of or is based upon (i) use of the System in combination with other products or -14- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 services not provided, or approved in writing, by CONTRACTOR; (ii) the COUNTY’S designs or specifications if such designs or specifications are the cause of the infringement or misappropriation; (iii) use of the System by the COUNTY, any affiliate, or any Permitted Third Party (as defined under the Services Agreement) outside the scope of the rights granted in this Agreement and the Services Agreement; (iv) failure of the COUNTY, any Affiliate, or any Permitted Third Party to use the System Software in accordance with instructions provided by CONTRACTOR; or (v) any modification of the System Software not made or authorized in writing by CONTRACTOR. D.Infringement Remedies. In the defense or settlement of any infringement Claim, CONTRACTOR may, at the CONTRACTOR’s sole option and expense: (i) procure for the COUNTY a license to continue using the System; (ii) replace or modify the allegedly infringing technology to avoid the infringement; or (iii) if the foregoing are not commercially feasible in CONTRACTOR’s sole judgment, then terminate the COUNTY’s license and access to the System Software and refund any prepaid, unused System Software fees as of the date of termination. This Section 10 states CONTRACTOR’s sole and exclusive liability, and the COUNTY’s sole and exclusive remedy, for the actual or alleged infringement or misappropriation of any third-party intellectual property right by the System. The provisions of this Section 10 survive the termination of this Agreement. 11.INSURANCE A.Required Policies Without limiting the COUNTY’s right to obtain indemnification from CONTRACTOR or any third parties if and to the extent provided in this Agreement, CONTRACTOR, at its sole expense, shall maintain in full force and effect the following insurance policies throughout the term of the Agreement: 1.Commercial General Liability. Commercial general liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and an annual aggregate of Four Million Dollars ($4,000,000) which can be met by way an umbrella or excess liability policy. This policy must be issued on a per occurrence basis. CONTRACTOR shall obtain an endorsement to this policy including the County of Fresno, its officers, agents, employees, and volunteers, individually -15- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 and collectively, as additional insureds on a blanket basis, as required by contract, but only insofar as the operations under this Agreement are concerned. Such coverage for additional insureds will apply as primary insurance and any other insurance, or self-insurance, maintained by COUNTY is excess only and not contributing with insurance provided under CONTRACTOR’s policy. 2.Automobile Liability. Automobile liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for property damages. Coverage must include any auto used in connection with this Agreement. 3.Workers Compensation. Workers compensation insurance as required by the California Labor Code. 4.Technology Professional Liability. Technology professional liability (errors and omissions), including cyber liability, insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence. Coverage must encompass all of CONTRACTOR’s obligations under this Agreement, including but not limited to claims involving Cyber Risks. The technology professional liability policy must be endorsed to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of CONTRACTOR. 5.Definition of Cyber Risks. “Cyber Risks” include but are not limited to (i) data security breaches; (ii) infringement of intellectual property, including but not limited to infringement of copyright, trademark, and trade dress; (iii) invasion of privacy, including release of private information; (v) information theft; (iv) damage to or destruction or alteration of electronic information; (v) extortion related to CONTRACTOR’s obligations under this Agreement regarding electronic information, including personal information; (vii) network security; (vii) data breach response costs; (viii) regulatory fines and penalties related to CONTRACTOR’s obligations under this Agreement regarding electronic information, including personal information; and (iv) credit monitoring expenses. B.Additional Requirements Relating to Insurance 1.Verification of Coverage. Within 30 days after CONTRACTOR signs this Agreement, CONTRACTOR shall deliver, or cause its broker or producer to deliver, to the ISD Business Office at 333 W. Pontiac Way, Clovis, CA 93612, or at ISDBusinessOffice@fresnocountyca.gov -16- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 certificates of insurance and endorsements for all of the coverages required under this Agreement. a.All insurance certificates must state that CONTRACTOR has waived its right to recover from COUNTY, its officers, agents, employees, and volunteers any amounts paid under any insurance policy required by this Agreement, and that waiver does not invalidate the insurance policy. b.The commercial general liability insurance certificate must also state that: (1) the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, are additional insureds insofar as the operations under this Agreement are concerned; (2) the coverage shall apply as primary insurance and any other insurance, or self-insurance, maintained by COUNTY shall be excess only and not contributing with insurance provided under CONTRACTOR’s policy. c.The automobile liability insurance certificate must state that the policy covers any auto used in connection with this Agreement. 2.Acceptability of Insurers. All insurance policies required under this Agreement must be issued by admitted insurers licensed to do business in the State of California, and possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of A:VII or greater. 3.Notice of Cancellation of Coverage. For each insurance policy required under this Agreement, CONTRACTOR shall provide to COUNTY, written notice of any cancellation in the policy as required in this paragraph. 4.Waiver of Subrogation. CONTRACTOR waives its right to recover from COUNTY, its officers, agents, employees, and volunteers any amounts paid under the policy of worker’s compensation insurance required by this Agreement. CONTRACTOR is solely responsible to obtain any policy endorsement that may be necessary to accomplish that waiver, but CONTRACTOR’s waiver of subrogation under this paragraph is effective whether or not CONTRACTOR obtains such an endorsement. 5.County’s Remedy for Contractor’s Failure to Maintain. If CONTRACTOR fails to keep in -17- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 effect at all times any insurance coverage required under this Agreement, COUNTY may, in addition to any other remedies it may have, suspend or terminate this Agreement upon the occurrence of that failure effective upon written notice to CONTRACTOR. 12.HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT A.The parties to this Agreement shall be in strict conformance with all applicable Federal and State of California laws and regulations, including, but not limited to, Sections 5328, 10850, and 14100.2 et seq. of the Welfare and Institutions Code, Sections 2.1 and 431.300 et seq. of Title 42, Code of Federal Regulations (CFR), Section 56 et seq. of the Civil Code, and the Health Insurance Portability and Accountability Act (HIPAA), including, but not limited to, Section 1320(D) et seq. of Title 42, United States Code (USC) and its implementing regulations, including, but not limited to Title 45, CFR, Sections 142, 160, 162, and 164, The Health Information Technology for Economic and Clinical Health Act (HITECH), regarding the confidentiality and security of patient information, and the Genetic Information Nondiscrimination Act (GINA) of 2008 regarding the confidentiality of genetic information, in each case to the extent applicable to the respective party in relation to this Agreement. Terms used in this Section 12 not otherwise defined in this Agreement shall have the same meaning as those terms under 45 CFR 160 and 164. Except as otherwise provided in this Agreement, CONTRACTOR, as a Business Associate of COUNTY, may use or disclose Protected Health Information (PHI) as permitted or required to perform functions, activities or services for or on behalf of COUNTY, as specified in this Agreement, including in the Services Agreement, and any Service Orders between the parties. The uses and disclosures of PHI may not be more expansive than those applicable to COUNTY, as the “Covered Entity” under the HIPAA Privacy Rule (45 CFR 164.500 et seq), except for proper management and administration or to carry out legal responsibilities of the Business Associate and to provide data aggregation services relating to the healthcare operations of the COUNTY . B.CONTRACTOR, including its subcontractors and employees, shall use appropriate safeguards, and comply with Subpart C of 45 CFR 164, to protect electronic PHI from unauthorized access, use, or disclosure. This pertains to the electronic PHI of any and all persons receiving services pursuant to a COUNTY funded program. This requirement applies to electronic PHI. -18- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 CONTRACTOR shall not use such identifying information or genetic information for any purpose other than carrying out CONTRACTOR’s obligations, or as otherwise permitted, under this Agreement, including the Services Agreement and any Service Orders. C.CONTRACTOR, including its subcontractors and employees, shall not disclose any PHI to any person or entity, except as otherwise specifically permitted by this Agreement, including the Services Agreement, or any Service Orders, authorized by Subpart E of 45 CFR Part 164 or other law, required by the Secretary, or authorized by the client/patient in writing. In using or disclosing PHI that is permitted by this Agreement or authorized by law, CONTRACTOR shall make reasonable efforts to limit PHI to the minimum necessary to accomplish intended purpose of use, disclosure, or request. D.For purposes of the above sections, individually identifying health information shall have the meaning set forth in 45 CFR Part 160. E.For purposes of the above sections, genetic information shall have the meaning set forth in GINA, and includes genetic tests of family members of an individual or individual, manifestation of disease or disorder of family members of an individual, or any request for or receipt of, genetic services by individual or family members. Family member means a dependent or any person who is first, second, third, or fourth degree relative. F.CONTRACTOR shall provide access, at the request of COUNTY, and without undue delay, to PHI in a designated record set (as defined in 45 CFR Section 164.501), to an individual or to COUNTY in order to meet the requirements of 45 CFR Section164.524 regarding access by individuals to their PHI. With respect to individual requests received directly by CONTRACTOR, CONTRACTOR will promptly forward the request to the COUNTY so that the COUNTY may satisfy its obligations under 45 CFR 164.524. CONTRACTOR shall make any amendment(s) to PHI in a designated record set at the request of COUNTY, and without undue delay, in accordance with 45 CFR Section 164.526. If CONTRACTOR receives a request for amendment directly from an individual, CONTRACTOR will promptly forward the request to the COUNTY so that the COUNTY may satisfy its obligations under 45 CFR 164.526. -19- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 CONTRACTOR shall provide to COUNTY or to an individual, in a time and manner designated by COUNTY, information collected in accordance with 45 CFR Section 164.528, to permit COUNTY to respond to a request by the individual for an accounting of disclosures of PHI in accordance with 45 CFR Section 164.528. G.CONTRACTOR shall report to COUNTY, in writing, any knowledge or reasonable belief that there has been unauthorized access, viewing, use, disclosure, security incident, or Breach of unsecured PHI not permitted by this Agreement of which it becomes aware, without undue delay and in no case later than five (5) business days of discovery. Such notification shall be made to COUNTY’s Information Security Officer and Privacy Officer and COUNTY’s DBH HIPAA Representative (whose contact information is set forth below). The notification shall include, to the extent possible, a description of the breach. To the extent caused by CONTRACTOR, CONTRACTOR shall take prompt corrective action to cure any deficiencies and any action pertaining to such unauthorized disclosure required by applicable Federal and State Laws and regulations. CONTRACTOR shall investigate such breach and assist COUNTY with providing all notifications required by law and regulation, and shall provide a written report of the investigation and reporting required to COUNTY’s Information Security Officer and Privacy Officer and COUNTY’s DBH HIPAA Representative. This written investigation and description of any reporting necessary shall be postmarked within the thirty (30) working days of the discovery of the breach to the addresses below: County of Fresno County of Fresno Department of Behavioral Health Information Technology Services HIPAA Representative Information Security Officer (559) 600-6798 (559) 600-5800 3147 N. Millbrook Ave 333 W. Pontiac Way Fresno, CA 93703 Clovis, CA 93612 H.CONTRACTOR shall maintain its internal practices, books, and records relating to the use and disclosure of PHI received from COUNTY, or created or received by the CONTRACTOR on behalf of COUNTY, in compliance with HIPAA’s Privacy Rule, including, but not limited to the requirements set forth in Title 45, CFR, Sections 160 and 164. CONTRACTOR shall -20- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 make its internal practices, books, and records relating to the use and disclosure of PHI received from COUNTY, or created or received by the CONTRACTOR on behalf of COUNTY, available to the United States Department of Health and Human Services (Secretary) as required under HIPAA for purposes of determining compliance with HIPAA. CONTRACTOR shall cooperate with the compliance and investigation reviews conducted by the Secretary. PHI access to the Secretary must be provided during the CONTRACTOR’s normal business hours or as may be otherwise required by law. Upon the Secretary’s compliance or investigation review, if PHI is unavailable to CONTRACTOR and in possession of a Subcontractor, it must certify efforts to obtain the information to the Secretary. I.Safeguards CONTRACTOR shall implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule, Subpart C of 45 CFR 164, that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI, including electronic PHI, that it creates, receives, maintains or transmits on behalf of COUNTY and to prevent unauthorized access, viewing, use, disclosure, or breach of PHI other than as provided for by this Agreement. CONTRACTOR shall conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidential, integrity and availability of electronic PHI. CONTRACTOR shall develop and maintain a written information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of CONTRACTOR’s operations and the nature and scope of its activities. Upon COUNTY’s request, CONTRACTOR shall provide COUNTY with information concerning such safeguards. CONTRACTOR shall implement strong access controls and other security safeguards and precautions in order to restrict logical and physical access to confidential, personal (e.g., PHI) or sensitive data to authorized users only. Said safeguards and precautions shall include the following administrative and technical password controls for all systems used to process or store confidential, personal, or sensitive data: 1.Passwords must not be: a.Shared or written down where they are accessible or recognizable by -21- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 anyone else; such as taped to computer screens, stored under keyboards, or visible in a work area; b.A dictionary word; or c.Stored in clear text 2.Passwords must be: a.Eight (8) characters or more in length; b.Changed every ninety (90) days; c.Changed immediately if revealed or compromised; and d.Composed of characters from at least three of the following four groups from the standard keyboard: 1)Upper case letters (A-Z); 2)Lowercase letters (a-z); 3)Arabic numerals (0 through 9); and 4)Non-alphanumeric characters (punctuation symbols). CONTRACTOR shall implement the following security controls on each workstation or portable computing device (e.g., laptop computer) containing confidential, personal, or sensitive data: 1.Network-based firewall and/or personal firewall; 2.Continuously updated anti-virus software; and 3.Patch management process, including installation of all operating system/software vendor security patches. CONTRACTOR shall utilize a commercial encryption solution that has received FIPS 140-2 validation to encrypt all confidential, personal, or sensitive data stored on portable electronic media (including, but not limited to, compact disks and thumb drives) and on portable computing devices (including, but not limited to, laptop and notebook computers). CONTRACTOR shall not transmit confidential, personal, or sensitive data via e-mail or other internet transport protocol unless the data is encrypted by a solution that has been validated by the National Institute of Standards and Technology (NIST) as conforming to the Advanced Encryption Standard (AES) Algorithm. CONTRACTOR must apply appropriate sanctions against its employees who fail to comply with -22- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 these safeguards. CONTRACTOR must adopt procedures for terminating access to PHI when employment of employee ends. J.Mitigation of Harmful Effects CONTRACTOR shall mitigate, to the extent practicable, any harmful effect that is suspected or known to CONTRACTOR of an unauthorized access, viewing, use, disclosure, or breach of PHI by CONTRACTOR or its subcontractors in violation of the requirements of these provisions. CONTRACTOR must document suspected or known harmful effects and the outcome. K.CONTRACTOR’s Subcontractors CONTRACTOR shall ensure that any of its contractors, including subcontractors, if applicable, to whom CONTRACTOR provides PHI received from or created or received by CONTRACTOR on behalf of COUNTY, agree to the same restrictions, safeguards, and conditions that apply to CONTRACTOR with respect to such PHI and to incorporate, when applicable, the relevant provisions of these provisions into each subcontract or sub-award to such agents or subcontractors. L.Employee Training and Discipline CONTRACTOR shall train and use reasonable measures to ensure compliance with the requirements of these provisions by employees who assist in the performance of functions or activities on behalf of COUNTY under this Agreement, and use or disclose PHI and discipline such employees who intentionally violate any provisions of these provisions, including termination of employment. M.Termination for Cause Upon COUNTY’s knowledge of a material breach of these provisions by CONTRACTOR, COUNTY shall either: 1.Provide written notice to CONTRACTOR and an opportunity for CONTRACTOR to cure the breach or end the violation within 30 days’ from the date of notice and terminate this Agreement if CONTRACTOR does not cure the breach or end the violation within such 30 day time period or longer time specified by COUNTY; or 2.Immediately terminate this Agreement upon written notice to CONTRACTOR if CONTRACTOR has breached a material term of these -23- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 provisions and cure is not possible. 3.If neither cure nor termination is feasible, and such breach results in the unauthorized use, disclosure, alteration or destruction of PHI, the COUNTY Privacy Officer shall report the violation to the Secretary of the U.S. Department of Health and Human Services. N.Judicial or Administrative Proceedings COUNTY may terminate this Agreement in accordance with the terms and conditions of this Agreement as written hereinabove, if: (1) CONTRACTOR is found guilty in a criminal proceeding for a violation of the HIPAA Privacy or Security Laws or the HITECH Act; or (2) a finding or stipulation that the CONTRACTOR has violated a privacy or security standard or requirement of the HITECH Act, HIPAA or other security or privacy laws applicable to CONTRACTOR in an administrative or civil proceeding in which the CONTRACTOR is a party. O.Effect of Termination Upon termination or expiration of this Agreement for any reason, CONTRACTOR shall promptly return or destroy all PHI received from COUNTY (or created or received by CONTRACTOR on behalf of COUNTY) that CONTRACTOR still maintains in any form, and shall retain no copies of such PHI. If return or destruction of PHI is not feasible or is needed for CONTRACTOR’s business or administrative purposes or for compliance with law, it shall continue to extend the protections of these provisions to such information, and limit further use of such PHI to those purposes that make the return or destruction of such PHI infeasible. This provision shall apply to PHI that is in the possession of subcontractors or agents, if applicable, of CONTRACTOR. If CONTRACTOR destroys the PHI data, a certification of date and time of destruction shall be provided to the COUNTY by CONTRACTOR. P.Disclaimer COUNTY makes no warranty or representation that compliance by CONTRACTOR with these provisions, the HITECH Act, HIPAA, or the HIPAA regulations will be adequate or satisfactory for CONTRACTOR’s own purposes, or that any information in CONTRACTOR’s possession or control, or transmitted or received by CONTRACTOR, is or will be secure from unauthorized access, viewing, use, disclosure, or breach. CONTRACTOR is solely responsible for all decisions made by CONTRACTOR -24- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 regarding the safeguarding of PHI. Q.Amendment The parties acknowledge that Federal and State laws relating to electronic data security and privacy are rapidly evolving, and that amendment of these provisions may be required to provide for procedures to ensure compliance with such developments. The parties specifically agree to take such action as is necessary to amend this Agreement in order to implement the standards and requirements of HIPAA, the HIPAA regulations, the HITECH Act, and other applicable laws relating to the security or privacy of PHI. COUNTY may terminate this Agreement upon thirty (30) days written notice in the event that CONTRACTOR does not enter into an amendment providing assurances regarding the safeguarding of PHI that COUNTY, in its sole discretion, deems sufficient to satisfy the standards and requirements of HIPAA, the HIPAA regulations, and the HITECH Act. R.No Third-Party Beneficiaries Nothing express or implied in the terms and conditions of these provisions is intended to confer, nor shall anything herein confer, upon any person other than COUNTY or CONTRACTOR and their respective successors or assignees, any rights, remedies, obligations, or liabilities whatsoever. S.Interpretation The terms and conditions in these provisions shall be interpreted as broadly as necessary to implement and comply with HIPAA, the HIPAA regulations and applicable State laws. The parties agree that any ambiguity in the terms and conditions of these provisions shall be resolved in favor of a meaning that complies and is consistent with HIPAA and the HIPAA regulations. T.Regulatory References A reference in the terms and conditions of these provisions to a section in the HIPAA regulations means the section as in effect or as amended. U.Survival The respective rights and obligations of CONTRACTOR as stated in this Section shall survive the termination or expiration of this Agreement. V.No Waiver of Obligations No change, waiver or discharge of any liability or obligation hereunder on any one or more -25- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 occasions shall be deemed a waiver of performance of any continuing or other obligation, or shall prohibit enforcement of any obligation on any other occasion. 13.AUDITS AND INSPECTIONS: The CONTRACTOR shall, promptly following the COUNTY’s request, make available to the COUNTY for examination its most recent SOC2 report, ISO 27001 certification, and other independent security audits and assessments that CONTRACTOR makes generally available to its customers with respect to the matters covered by this Agreement. The CONTRACTOR shall, upon request by the COUNTY, permit the COUNTY to audit and inspect all of such records and data necessary to ensure CONTRACTOR'S compliance with the terms of this Agreement. If this Agreement exceeds ten thousand dollars ($10,000.00), CONTRACTOR shall be subject to the examination and audit of the California State Auditor for a period of three (3) years after final payment under contract as set forth under Government Code Section 8546.7. 14.NOTICES: The persons and their addresses having authority to give and receive notices under this Agreement include the following: COUNTY CONTRACTOR COUNTY OF FRESNO Domo, Inc Director of Internal Services/CIO 772 E. Utah Valley Drive 333 W. Pontiac Way American Fork, UT 84003 Clovis, CA 93612 ISDBusinessOffice@FresnoCountyCA.gov Orders@domo.com All notices between the COUNTY and CONTRACTOR provided for or permitted under this Agreement must be in writing and delivered either by personal service, by first-class United States mail, by an overnight commercial courier service, or by telephonic facsimile transmission. A notice delivered by personal service is effective upon service to the recipient. A notice delivered by first-class United States mail is effective three COUNTY business days after deposit in the United States mail, postage prepaid, addressed to the recipient. A notice delivered by an overnight commercial courier service is effective one COUNTY business day after deposit with the overnight commercial courier service, delivery fees prepaid, with delivery instructions given for next day delivery, addressed to the recipient. A notice delivered by telephonic facsimile is effective when transmission to the recipient is completed (but, if such transmission is -26- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 completed outside of COUNTY business hours, then such delivery shall be deemed to be effective at the next beginning of a COUNTY business day), provided that the sender maintains a machine record of the completed transmission. For all claims arising out of or related to this Agreement, nothing in this section establishes, waives, or modifies any claims presentation requirements or procedures provided by law, including but not limited to the Government Claims Act (Division 3.6 of Title 1 of the Government Code, beginning with section 810). 15.VENUE AND GOVERNING LAW: Venue for any action arising out of or related to this Agreement shall only be in Fresno County, California. The rights and obligations of the parties and all interpretation and performance of this Agreement shall be governed in all respects by the laws of the State of California. 16.DISCLOSURE OF SELF-DEALING TRANSACTIONS This provision is only applicable if the CONTRACTOR is operating as a corporation (a for-profit or non-profit corporation) or if during the term of the agreement, the CONTRACTOR changes its status to operate as a corporation. Members of the CONTRACTOR’s Board of Directors shall disclose any self-dealing transactions that they are a party to while CONTRACTOR is providing goods or performing services under this agreement. A self-dealing transaction shall mean a transaction to which the CONTRACTOR is a party and in which one or more of its directors has a material financial interest associated with this Agreement. Upon the COUNTY’s request, members of the Board of Directors shall disclose any such self-dealing transactions that they are a party to by completing and signing a Self-Dealing Transaction Disclosure Form, attached hereto as Exhibit D and incorporated herein by reference. 17.ELECTRONIC SIGNATURE: The parties agree that this Agreement may be executed by electronic signature as provided in this section. An “electronic signature” means any symbol or process intended by an individual signing this Agreement to represent their signature, including but not limited to (1) a digital signature; (2) a faxed version of an original handwritten signature; or (3) an electronically scanned and transmitted (for example by PDF document) of a handwritten signature. Each electronic signature affixed or attached to this Agreement (1) is deemed equivalent to a valid original handwritten signature of the person signing this -27- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Agreement for all purposes, including but not limited to evidentiary proof in any administrative or judicial proceeding, and (2) has the same force and effect as the valid original handwritten signature of that person. The provisions of this section satisfy the requirements of Civil Code section 1633.5, subdivision (b), in the Uniform Electronic Transaction Act (Civil Code, Division 3, Part 2, Title 2.5, beginning with section 1633.1). Each party using a digital signature represents that it has undertaken and satisfied the requirements of Government Code section 16.5, subdivision (a), paragraphs (1) through (5), and agrees that each other party may rely upon that representation. This Agreement is not conditioned upon the parties conducting the transactions under it by electronic means and either party may sign this Agreement with an original handwritten signature. 18.ENTIRE AGREEMENT: This Agreement, including the Services Agreement and any other exhibits attached to this Agreement, and any Service Orders entered into between the parties, constitutes the entire agreement between the CONTRACTOR and COUNTY with respect to the subject matter hereof, and supersedes all previous Agreement negotiations, proposals, commitments, writings, advertisements, publications, and understanding of any nature whatsoever unless expressly included in this Agreement. II DocuSign Envelope ID : 8D6A55DD-88D1-4E1 C-83AA-27959DEC30C4 1 IN WITNESS WHEREOF, the parties hereto have executed this Agreement as of the day and year first 2 hereinabove written . 3 4 ~CP.!iToBtt,CTOR 5 }ff Sl:bl,(.SUA, ~ ~~~; VP Sales 6 7 8 9 10 11 12 13 14 15 16 FOR ACCOUNTING USE 17 ONLY: Fund: 1020 18 Subclass: 10000 19 ORG: 8905 20 Account: 7311 21 22 23 24 25 26 27 28 COUNTYO~ Steve Bran~e Board of Supervisors of the County of Fresno ATTEST: Bernice E . Seidel Clerk of the Board of Supervisors County of Fresno, State of California By:___..~~· ~~--- ~uty -28- EXHIBIT A DOMO SERVICES AGREEMENT This Domo Services Agreement (“Domo Services Agreement”) governs your purchase of a license to and use of our services. The parties agree as follows: IF YOU REGISTER FOR A FREE VERSION OF THE SERVICE OR A FREE TRIAL OF THE SERVICE, THE APPLICABLE PROVISIONS OF THIS AGREEMENT ALSO GOVERN YOUR USE OF THOSE SERVICES. BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE OR BY EXECUTING A SERVICE ORDER THAT REFERENCES THIS AGREEMENT, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND YOUR AFFILIATES TO THESE TERMS AND CONDITIONS. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICE. 1.DEFINITIONS 1.1 “Affiliate” means any entity that, directly or indirectly, controls, is controlled by or is under common control with such entity (but only for so long as such control exists), where “control” means the ownership of more than 50% of the outstanding shares or securities representing the right to vote in the election of directors or other managing authority of such entity. 1.2 “Agreement” means, collectively, the Agreement entered into between the parties to which this Domo Services Agreement is attached as Exhibit A (the “Primary Agreement”), this Domo Services Agreement, and any Service Orders you enter into with us. For clarity, references in this Domo Services Agreement to “this Agreement” include both the Primary Agreement and this Domo Services Agreement, together with any Service Orders between the parties. 1.3 “Authorized User” means your employee, your Affiliate’s employee, or a Permitted Third Party’s employee for whom you create a unique user name and password under your account. 1.4 “Client Software” means software components to be installed on your, your Affiliates’, or your Authorized Users’ computer systems or devices, including but not limited to Domo Workbench. 1.5 “Documentation” means our user documentation, in all forms, relating to the Service (e.g., user manuals, on-line help files, etc.). 1.6 “Permitted Third Party” means an entity under contract with you or your Affiliates who needs to access the Service to perform its obligations to you or your Affiliates and who is not our competitor. 1.7 “Professional Services” means the professional services specified in a Service Order, potentially including but not limited to implementation and configuration services, consulting, and training. 1.8 “Service” means the service identified in the Service Order, as we may modify the service from time to time in our discretion, including any associated Client Software provided by us to you. 1.9 “Service Order” means an ordering document entered into between you and us specifying the services to be provided thereunder, including any addenda and supplements thereto. By entering into a Service Order under this Agreement, an Affiliate agrees to be bound by the terms of this Agreement as if it were an original party to the Agreement. 1.10 “Subscriber Data” means any data uploaded into the Service, or otherwise provided for processing by the Service, by or on behalf of you and your Affiliates in accordance with this Agreement. 1.11 “Subscription Fees” means the fees for the Service specified in the Service Order. 1.12 “Technical Support Services” means our then-current technical support services offering, as described at http://www.domo.com/company/support-package. 1.13 “We” or “Us” or “Our” means Domo, Inc., a Utah corporation, or its designated Affiliate as specified in a Service Order or invoice. 1.14 “You” or “Your” or “Subscriber” means the customer named on the Service Order, the person indicating acceptance of this Agreement, or if the person indicating acceptance of this Agreement is acting on behalf of a company or other legal entity, such company or legal entity. 2.FULL DOMO SERVICE; FREE VERSIONS AND FREE TRIALS 2.1 Full Domo Service. We offer various versions of our Service. The most comprehensive version of the Service requires payment for continued use of the Service. The version of the Service that requires payment is currently referred to as “Full Domo Service.” 2.2 Free Versions. Certain versions of the Service may be provided to you free-of-charge. The versions of the Service that do not require payment to be accessed are currently referred to as “Free Versions.” 2.3 Free Trials. From time to time, we may offer trials of the Full Domo Service for a specified period of time without payment or at a reduced rate (each, a “Free Trial”). If you register on our website or via a Service Order for a Free Trial, we will make the Service available to you under the Free Trial until the earlier of (a) the end of the Free Trial period for which you registered to use the Service, or (b) the start date of any Full Domo Service subscription ordered by you for such Service, or (c) termination by us in our sole discretion. Additional Free Trial terms and conditions may appear on the Free Trial registration web page. Any such additional terms and conditions are incorporated into this Agreement by reference and are legally binding. We reserve the right, in our absolute discretion, to determine your eligibility for a Free Trial, and, subject to applicable laws, to withdraw or to modify a Free Trial at any time without prior notice and with no liability, to the greatest extent permitted under law. ANY DATA YOU ENTER INTO THE SERVICE, AND ANY CONFIGURATION 2 CHANGES MADE TO THE SERVICE BY OR FOR YOU, DURING YOUR FREE TRIAL WILL BE PERMANENTLY LOST UNLESS YOU PURCHASE A SUBSCRIPTION TO THE SAME SERVICE AS THOSE COVERED BY THE FREE TRIAL OR EXPORT SUCH DATA, BEFORE THE END OF THE FREE TRIAL PERIOD. YOU CANNOT TRANSFER DATA ENTERED OR CONFIGURATION CHANGES MADE DURING THE FREE TRIAL TO A FREE VERSION OF THE SERVICE, UNLESS THE DATA ENTERED OR CONFIGURATION CHANGES ARE TO FEATURES AVAILABLE IN THE FREE VERSIONS; THEREFORE, YOU MUST EXPORT YOUR DATA BEFORE THE END OF THE TRIAL PERIOD OR YOUR DATA WILL BE PERMANENTLY LOST. Please review the applicable Documentation for the Service during the Free Trial period so that you become familiar with the functionality and features of the Service before you make your purchase. 2.4 Inapplicable Provisions. NOTWITHSTANDING SECTION 9 (WARRANTIES AND DISCLAIMER), BETA VERSIONS, FREE VERSIONS, AND FREE TRIALS OF THE SERVICE ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY. SECTION 10 (INTELLECTUAL PROPERTY INFRINGEMENT INDEMNIFICATION) DOES NOT APPLY TO, AND SECTION 12.2 (CAP ON LIABILITY) DOES NOT LIMIT THE TOTAL LIABILITY OF, SUBSCRIBERS USING FREE VERSIONS OR FREE TRIALS OF THE SERVICE. 3.USE OF THE SERVICE 3.1 Use of the Service. Subject to the terms and conditions of this Agreement, we grant to you and your Affiliates a limited, worldwide, non-exclusive, non-transferable (except as explicitly permitted in this Agreement) right during the term of this Agreement to use the Service solely in connection with your internal business operations. Your and your Affiliates’ rights to use the Service are subject to any limitations on use of the Service based on the version of the Service you register for (e.g., applicable usage limits) and as set forth in the Service Order (collectively, the “Scope Limitations”) and your rights to use the Service are contingent upon your compliance with the Scope Limitations and this Agreement. As part of the Service, we may provide you and your Affiliates with Client Software, which you and your Affiliates may install on your computer system or other devices and use solely to upload Subscriber Data into the Service. You are solely responsible for your conduct (including by and between all users), the content of Subscriber Data, and all communications with others while using the Service. You acknowledge that we have no obligation to monitor any information on the Service, but we may remove or disable any information that you make publicly available on the Service at any time for any reason. We are not responsible for the availability, accuracy, appropriateness, or legality of Subscriber Data or any other information you may access using the Service. 3.2 Use of the Documentation. Subject to the terms and conditions of this Agreement, we grant to you and your Affiliates a limited, worldwide, non-exclusive, non-transferable (except as explicitly permitted in in this Agreement) right during the term of this Agreement to reproduce, without modification, and internally use a reasonable number of copies of the Documentation solely in connection with use of the Service in accordance with this Agreement. 3.3 Use Restrictions. Except as otherwise explicitly provided in this Agreement or as may be expressly permitted by applicable law, you will not, and will not permit or authorize your Affiliates or third parties to: (a) rent, lease, or, except as explicitly set forth in this Agreement, otherwise permit third parties to use the Service or Documentation; (b) use the Service to provide services to third parties as a service bureau or in any way that violates applicable law; (c) circumvent or disable any security or other technological features or measures of the Service, or attempt to probe, scan or test the vulnerability of a network or system, or to breach security or authentication measures; (d) upload or provide for processing any information or material that is illegal, defamatory, offensive, abusive, obscene, or that violates privacy or intellectual property rights of any third party; (e) use the Service to harm, threaten, or harass another person or organization; or (f) send, store, or distribute any viruses, worms, Trojan horses, or other disabling code or malware component harmful to a network or system. You will not copy, reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer, or create derivative works of any Client Software or provide, disclose, or make any Client Software available to any third party, except that you may make one copy of Client Software solely for backup and archival purposes. You will neither alter nor remove any trademark, copyright notice, or other proprietary rights notice that may appear in any part of the Documentation or any Client Software and will include all such notices on any copies. You will ensure that your Affiliates and Permitted Third Parties comply with this Agreement. You will be directly and fully responsible to us for their conduct and any breach of this Agreement by them. We reserve the right to deactivate, change, or require you to change your user ID and any custom or vanity URLs, custom links, or vanity domains you may obtain through the Service at any time with reasonable notice. 3.4 Authorized Users Only. This Agreement restricts the use of the Service to Authorized Users, up to the number of users specified in the Service Order. An Authorized User account must not be shared among users. Additional Authorized Users may be added by paying the applicable fees to us at our then-current rate or as otherwise specified in a Service Order. The Authorized Users who are employees of Permitted Third Parties may access and use the Service solely to perform the Permitted Third Party’s contractual obligations to you subject to the use limitations set forth in this Agreement. As part of the registration process, you may be asked to identify your company and other Authorized Users who should be associated with your account. You will not misrepresent the identity or nature of the company or Authorized Users who should be associated with your account. We may reassign the domain name associated with your account and change the way you access the Service at any time with reasonable notice. You are responsible for maintaining the confidentiality of your login, password, and account and for all activities that occur under your login and account, including the activities of Authorized Users. 3.5 Protection against Unauthorized Use. You will, and will ensure that your Affiliates and Permitted Third Parties use reasonable efforts to prevent any unauthorized use of the Service or Documentation, and you will immediately notify us in writing of any unauthorized use that comes to your attention. If there is unauthorized use by anyone who obtained access to the Service or Documentation directly or indirectly through you, your Affiliate, or a Permitted Third Party, you will take all steps reasonably necessary to terminate the unauthorized use. You will cooperate and assist with any actions taken by us to prevent or terminate unauthorized use of the Service or Documentation. We may, at our expense and no more than once every 12 months with reasonable notice, appoint our own personnel or an independent third party to verify that your use of the Service complies with the terms of this Agreement. 3.6 Beta Versions. From time to time, we may make available for you to try, at your sole discretion, certain functionality related to the Service, which is clearly designated as beta, pilot, limited release, non-production, or by a similar description (each, a “Beta Version”). Beta Versions are intended for evaluation purposes and not for production use, are not supported, and may be subject to additional terms. We may discontinue Beta Versions at any time in our sole discretion and may never make them generally available. We have no liability for any harm or damage arising out of or in connection with a Beta Version. 3.7 Reservation of Rights. We retain all right, title, and interest in and to the Service, Client Software and Documentation and all related intellectual property rights, including without limitation any modifications, updates, customizations, cards, apps, or other add- ons. Your rights to use the Service, Documentation, and Client Software are limited to those expressly set forth in this Agreement. We reserve all other rights in and to the Service, Client Software, and Documentation. 3 3.8 Service Availability. We perform and maintain regular database backups according to the retention policy appropriate for the particular system. We incorporate database and system maintenance operations and processes designed to address data consistency, indexing, and integrity requirements that also help improve query performance. We have implemented and will maintain commercially reasonable measures intended to avoid unplanned Service interruptions. We will use commercially reasonable efforts to notify you in advance of planned Service interruptions. In the event of an unplanned Service interruption, you may contact us for Technical Support Services, as described in this Agreement. The Service depends on the availability of the Subscriber Data from you and third-party data providers. You are responsible for making the Subscriber Data available that is necessary for us to provide the Service. 4.PROFESSIONAL SERVICES AND TECHNICAL SUPPORT SERVICES 4.1 Professional Services. You may contract with us to perform Professional Services. The specific details of the Professional Services to be performed will be determined on a per-project basis, and the details for each project will be described on the Service Order. Unless otherwise specified in the applicable Service Order, any unused portion of the Professional Services and training will expire and may not be carried over after 12 months from the Service Order effective date. 4.2 Changes to Professional Services. You may reasonably request in writing that revisions be made with respect to the Professional Services set forth in a Service Order. If your requested revisions materially increase the scope of the Professional Services or the effort required to perform the Professional Services under the Service Order, then we will deliver to you a written proposal reflecting our reasonable determination of the revised Professional Services, delivery schedule, and payment schedule, if any, that applies to the requested revisions. If you approve the proposal, then the parties will execute an amendment to the Service Order. Otherwise, the then- existing Service Order will remain in full force and effect, and we will have no obligation with respect to the relevant change requests. 4.3 Technical Support Services. We will provide you with the applicable Technical Support Services for the version of the Service to which you are subscribed so long as you are current in payment of the Subscription Fees (if applicable). You are responsible for providing support to Permitted Third Parties. 4.4 Your Responsibilities. You will provide assistance, cooperation, information, equipment, data, a suitable work environment, and resources reasonably necessary to enable us to perform the Professional Services and Technical Support Services. You acknowledge that our ability to provide Professional Services as described in the Service Order and Technical Support Services may be affected if you do not meet your responsibilities as set forth above. 4.5 Feedback and Other Content. The Service may permit you, your Affiliates, and Permitted Third Parties to submit feedback, user community contributions and comments, technical support information, suggestions, enhancement requests, recommendations, and messages relating to the use and operation of the Service. You grant to us a royalty-free, fully paid, non-exclusive, perpetual, irrevocable, worldwide, transferable license to display, use, copy, modify, publish, perform, translate, create derivative works from, sublicense, distribute, and otherwise exploit such content without restriction. 5.FEES AND PAYMENT 5.1 Fees and Payment Terms. Unless otherwise specified in a Service Order, the Subscription Fees for the initial subscription term and Professional Service fees set forth in the Service Order are due within Net 45 days after execution of the Service Order. After the initial subscription term, Subscription Fees will be invoiced annually at the then-current rate for the Service or as otherwise specified in a Service Order, at least 30 days in advance of the start of each renewal period. Fees for additional Service quantities and Professional Services will be invoiced at the time of order, unless otherwise agreed in writing by the parties. You will pay all amounts in full within 45 days after the invoice date. The charges in an invoice will be considered accepted by you unless we are notified of a good faith dispute in writing within 30 days of the date of the invoice. Unless expressly provided otherwise in a Service Order, all amounts payable under this Agreement are denominated in United States dollars, and you will pay all such amounts in United States dollars. 5.2 Credit Card. If you use a credit card to set up an account or pay for the Service, you must be authorized to use the credit card information that you enter when you create the billing account. You authorize us to charge you for the Service plus a reasonable processing fee using your credit card and for any paid feature of the Service that you choose to sign up for or use under this Agreement. We may bill: (a) in advance; (b) at the time of purchase; (c) shortly after purchase; or (d) on a recurring basis for a subscription to the Service. If you set up a Free Trial using a credit card or if you paid the Subscription Fees using a credit card, you agree that we may automatically charge your credit card account the applicable Subscription Fee when the Free Trial ends or renew your subscription and charge your credit card account on the one-year anniversary of your last subscription date (the “Renewal Date”), unless you cancel your subscription before the end of the Free Trial or the Renewal Date (as applicable). We will automatically renew your subscription each year on the Renewal Date until you terminate your subscription or we no longer offer the Service to which you subscribed. We will notify you in advance of the difference for recurring Subscription Fees. We may charge you up to the amount you approve plus a reasonable processing fee. You must keep all information in your billing account current. You may change your payment method at any time. If you tell us to stop using your payment method and we no longer receive payment from you for a Service that requires payment, we may terminate your access to that Service. 5.3 Late Payment. You will reimburse any costs or expenses (including, but not limited to, reasonable attorneys’ fees ) incurred by us to collect any amount that is not paid when due. Amounts due from you under this Agreement may not be withheld or offset by you against amounts due to you for any reason. 5.4 Taxes. The fees stated in a Service Order do not include local, state, federal, or foreign taxes (e.g., value-added, sales, or use taxes), or fees, duties, or other governmental charges resulting from this Agreement, excluding taxes on our net income or property (“Taxes”). You are responsible for paying all applicable Taxes. If we determine that we have the legal obligation to pay or collect Taxes, we will add such Taxes to the applicable invoice and you will pay such Taxes, unless you provide us with a valid tax exemption certificate from the appropriate taxing authority. If a taxing authority subsequently pursues us for unpaid Taxes for which you are responsible under this Agreement and which you did not pay to us, we may invoice you and you will pay such Taxes to us or directly to the taxing authority, plus all applicable interest, penalties and fees. 5.5 Future Functionality. Your purchases are not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by us regarding future functionality or features. 4 6.TERM AND TERMINATION 6.1 Term. The term of this Agreement is as set forth in the Primary Agreement, unless this Agreement is terminated earlier in accordance with the terms of this Agreement. 6.2 Termination. The terms of this Agreement, and the services to be provided hereunder, are contingent on the approval of funds by the appropriating government agency. Should sufficient funds not be allocated for an applicable one-year term of a Service Order, the services provided may be modified, or this Agreement terminated, without penalty by giving Domo thirty (30) days advance written notice prior to commencement of the applicable one-year term. Neither the services nor this Agreement can be terminated or modified during any annual term of a Service Order once the applicable annual term of has commenced, and Subscriber will not enter into a Service Order unless funds for payment of the fees under such Service Order have been approved. Either party may terminate this Agreement if the other party does not cure its material breach of this Agreement within 30 days of receiving written notice of the material breach from the non-breaching party. A breach of this Agreement by your Affiliate, or a Permitted Third Party will be treated as a breach by you. Termination in accordance with this Subsection will take effect when the breaching party receives written notice of termination from the non-breaching party, which notice must not be delivered until the breaching party has failed to cure its material breach during the 30-day cure period. If you fail to timely pay any Subscription Fees or Professional Services Fees, we may, without limitation to any of our other rights or remedies, suspend performance of the Service, Professional Services, and Technical Support Services until we receive all amounts due, or may terminate this Agreement pursuant to this Subsection. We may terminate your license to use Free Versions at any time in our sole discretion. 6.3 Post-Termination Obligations. If this Agreement is terminated for any reason: (a) we have no obligation to provide or perform any Service, Professional Services, or Technical Support Services after the effective date of the termination; (b) you will immediately pay to us any Subscription Fees, Professional Services Fees, and other amounts that have accrued prior to the effective date of the termination; (c) any and all liabilities accrued prior to the effective date of the termination will survive; (d) you will provide us with a written certification signed by your authorized representative certifying that all use of the Service and Documentation by you, your Affiliates, and Permitted Third Parties has been discontinued and the Client Software has been de-installed from your and your Affiliates’ computer systems; and (e) Sections and Subsections 1, 2, 3.7, 4.5, 5, 6.3, 7, 8.3, 9.4, Error! Reference source not found., 12, and 14 will survive termination. If you terminate this Agreement for our uncured material breach, we will provide you a pro-rata refund of all prepaid but unused Subscription Fees for the remainder of the then-current term. 7.CONFIDENTIAL INFORMATION 7.1 Definition. “Confidential Information” means non-public business information, know-how, and trade secrets in any form, including information regarding our product plans, Beta Versions, terms of this Agreement, Subscriber Data, and any other information a reasonable person should understand to be confidential, which is disclosed by or on behalf of either party or its Affiliates to the other party or its Affiliates, directly or indirectly, in writing, orally, or by inspection of tangible objects, and whether such information is disclosed before or after the Effective Date specified on the Service Order. Confidential Information includes this Agreement and its terms. “Confidential Information” excludes information that (a) is publicly known and made generally available in the public domain prior to the time of disclosure by the disclosing party through no action or inaction of the receiving party; (b) is already in the possession of the receiving party at the time of disclosure by the disclosing party, as shown by the receiving party’s files and records; (c) is obtained by the receiving party from a third party without a breach of the third party’s oblig ations of confidentiality; or (d) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidenti al Information, as shown by documents and other competent evidence in the receiving party’s possession. 7.2 Maintenance of Confidentiality. The party receiving Confidential Information hereunder agrees to take reasonable steps, at least substantially equivalent to the steps it takes to protect its own proprietary information, but not less than reasonable care, to prevent the unauthorized duplication or disclosure of the Confidential Information to third parties without the disclosing party’s prior written consent. The receiving party may disclose the disclosing party’s Confidential Information to the receiving party’s employees, subcontractors, or agents who reasonably need to have access to such information to perform the receiving party’s obligations under this Agreement, and who will treat such Confidential Information under the terms of this Agreement. Provided that such Permitted Third Party is bound by obligations of confidentiality and nonuse no less restrictive than the terms of this Agreement, you may disclose our Confidential Information to a Permitted Third Party solely to the extent required for such Permitted Third Party to be able to access and use the Service pursuant to this Agreement. Also, we may disclose this Agreement to actual and potential investors and funding sources and their representatives, in each case who agree to hold it in confidence. The receiving party may disclose the disclosing party’s Confidential Information if required by law so long as the receiving party gives the disclosing party written notice of the requirement prior to the disclosure (where permitted) and reasonable assistance, at the disclosing party’s expense, in limiting disclosure or obtaining an order protecting the information from public disclosure. 7.3 Return of Materials and Effect of Termination. Upon written request of the disclosing party, or in any event upon any termination or expiration of this Agreement, the receiving party will return to the disclosing party or destroy all materials, in any medium, to the extent containing or reflecting any of the disclosing party’s Confidential Information. Following expiration or termination of this Agreement, we may purge your Subscriber Data and your Service environment from our systems. The obligations in this Section 7 survive for three years following expiration or termination of this Agreement, except that Confidential Information that constitutes a trade secret of the disclosing party will continue to be subject to the terms of this Section 7 for as long as such information remains a trade secret under applicable law. 7.4 Public Records. The provisions of this Section 7 in no way limit the County’s obligations under the California Public Records Act, Government Code section 6250, et. seq., and the Ralph M. Brown Act, Government Code section 54650 et. seq. 8.DATA SECURITY 8.1 Data Security. We implement and maintain physical, electronic, and managerial procedures intended to protect against the loss, misuse, unauthorized access, alteration, or disclosure of Subscriber Data. These measures include encryption of Subscriber Data during transmission to the Service, and encryption of backups of Subscriber Data and authentication credentials at rest. We will notify you of any unauthorized access to, or use of, Subscriber Data that comes to our attention. If any unauthorized disclosure of Subscriber Data resulting from your use of the Service comes to our attention, we will work with you to investigate the cause of such unauthorized disclosure, and will work together in good faith to take the steps reasonably necessary to prevent any future reoccurrence and to comply with applicable data breach notification laws. 5 8.2 Data Transmission. You acknowledge that use of the Service involves transmission of Subscriber Data and other communications over the Internet and other networks, and that such transmissions could potentially be accessed by unauthorized parties. You must protect your Authorized User login names and passwords from access or use by unauthorized parties, and are solely responsible for any failure to do so. You must promptly notify us of any suspected security breach at security@domo.com. 8.3 Subscriber Data. Subscriber Data is your property. You grant us a non-exclusive, worldwide, royalty-free license to use, copy, transmit, sub-license, index, store, aggregate, and display Subscriber Data as required to provide or perform the Service, Technical Support Services, account management services, and Professional Services, and to publish, display, and distribute de-identified, aggregated information derived from Subscriber Data and from your use of the Service for purposes of improving our products and services, and developing, displaying, and distributing benchmarks and similar reports, provided that any such data is not publicly identified or identifiable as originating with or associated with you or any individual person. 9.WARRANTIES AND DISCLAIMER 9.1 Mutual Warranties. Each party represents and warrants to the other that: (a) this Agreement constitutes a valid and binding agreement enforceable against such party in accordance with its terms; and (b) no authorization or approval from any third party is required in connection with such party’s execution and delivery of the Service Order, or performance of this Agreement. 9.2 Our Warranty. We warrant that the Service as delivered to you will materially conform to the specifications set forth in the applicable Service Order, during the term of the Service Order. You must notify us of a claim under this warranty within 30 days of the date on which the condition giving rise to the claim first appears. We further warrant that we will perform Professional Services in a professional and workmanlike manner in accordance with the Service Order. To the extent permitted by law, your sole and exclusive remedy arising out of or in connection with a breach of warranty is limited to correction of the non-conforming Service or re-performance of the Professional Service, as applicable, or if correction or re-performance is not commercially reasonable, termination of the applicable Service Order and a refund of any prepaid unused fees for the applicable Service or Professional Services . 9.3 Sensitive Personal Data. Unless we specifically agree otherwise in writing, you represent and warrant that you will not upload into the Service, or otherwise provide for processing by the Service, any Sensitive Personal Data. “Sensitive Personal Data” is as defined under applicable privacy or data protection laws relating to this term or any similar term (such as “sensitive personal information”), or where no such laws apply, means an individual’s financial account information, sexual orientation, medical or health information, personal information of children protected under child protection laws, and social security, national identity, and similar personal identifiers. You further represent and warrant that you will comply with all applicable laws, regulations, self-regulatory guidelines, and your privacy policy with respect to the collection, transfer, and use of any personally identifiable information in connection with the Service, including proper disclosure and receipt of all required consents from each individual to transfer such personally identifiable information to us. 9.4 Disclaimer. EXCEPT FOR THE EXPRESS REPRESENTATIONS AND WARRANTIES STATED IN THIS SECTION, NEITHER PARTY MAKES ANY ADDITIONAL REPRESENTATION OR WARRANTY OF ANY KIND WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, AS TO ANY MATTER WHATSOEVER. WE EXPRESSLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY, ACCURACY, AND TITLE. WE DO NOT WARRANT AGAINST INTERFERENCE WITH THE ENJOYMENT OF THE SERVICE OR DOCUMENTATION. WE DO NOT WARRANT THAT THE SERVICE OR DOCUMENTATION IS ERROR-FREE OR THAT OPERATION OR USE OF THE SERVICE OR DOCUMENTATION WILL BE SECURE OR UNINTERRUPTED. WE EXERCISE NO CONTROL OVER AND EXPRESSLY DISCLAIM ANY LIABILITY ARISING OUT OF OR BASED UPON THE RESULTS OF USE OF THE SERVICE OR DOCUMENTATION. 9.5 High-Risk Activities. THE SERVICE IS NOT DESIGNED OR LICENSED FOR USE IN HAZARDOUS ENVIRONMENTS REQUIRING FAILSAFE CONTROLS, INCLUDING WITHOUT LIMITATION OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATIONS SYSTEMS, AIR TRAFFIC CONTROL, OR LIFE SUPPORT OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF THE SERVICE OR SOFTWARE COULD LEAD TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE. WE SPECIFICALLY DISCLAIM ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR SUCH HIGH-RISK ACTIVITIES. 10.RESERVED 11.RESERVED. 12.LIMITATIONS OF LIABILITY 12.1 Disclaimer of Indirect Damages. TO THE EXTENT PERMITTED BY LAW, NEITHER PARTY WILL, UNDER ANY CIRCUMSTANCES, BE LIABLE TO THE OTHER PARTY OR TO ANY THIRD PARTY FOR INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, OR EXEMPLARY DAMAGES, OR FOR LOST PROFITS OR LOSS OF BUSINESS ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE SERVICE, EVEN IF THE PARTY IS APPRISED OF THE LIKELIHOOD OF SUCH DAMAGES OCCURRING. 12.2 Cap on Liability. TO THE EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCES WILL EITHER PARTY’S TOTAL LIABIILITY OF ALL KINDS ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE SERVICE (INCLUDING BUT NOT LIMITED TO WARRANTY CLAIMS), REGARDLESS OF THE FORUM AND REGARDLESS OF WHETHER ANY ACTION OR CLAIM IS BASED ON CONTRACT, TORT, OR OTHERWISE, EXCEED THE TOTAL AMOUNTS PAID BY UNDER THIS AGREEMENT DURING THE 12 MONTHS IMMEDIATELY PRECEDING THE DATE OF THE EVENT GIVING RISE TO THE CLAIM. HOWEVER, THE ABOVE LIMITATIONS WILL NOT LIMIT YOUR OBLIGATION TO PAY ANY FEES UNDER THIS AGREEMENT OR ANY SERVICE ORDER. 12.3 Independent Allocations of Risk. EACH PROVISION OF THIS AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS TO ALLOCATE THE RISKS OF THIS AGREEMENT BETWEEN THE PARTIES. THIS ALLOCATION IS REFLECTED IN THE PRICING OFFERED BY US TO YOU AND IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE AND INDEPENDENT OF ALL OTHER PROVISIONS OF THIS AGREEMENT. THE LIMITATIONS IN THIS SECTION WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY IN THIS AGREEMENT. 13.THIRD-PARTY PRODUCTS 13.1 Third-Party Products. Any third-party product that we provide as identified in an applicable Service Order or that is made available in connection with the Service (e.g., a Non-Domo App) is provided pursuant to the terms of the applicable third-party agreement, and your use of any such third-party product constitutes your agreement to comply with the terms of the applicable third- party agreement. We assume no responsibility for, and specifically disclaim any liability or obligation with respect to, any third-party product. 6 13.2 Non-Domo Apps. “Non-Domo App” means a software application developed by a third party or by you that interoperates with the Service and that may be listed in the Domo Appstore. We do not warrant or support Non-Domo Apps, regardless of whether the Non-Domo App is certified by us. If you install or enable a Non-Domo App for use with the Service, you grant us permission to allow the provider of that Non-Domo App to access Subscriber Data as required for the interoperation of that Non-Domo App with the Service. We are not responsible for any disclosure, modification, or deletion of Subscriber Data by the Non-Domo provider resulting from access by a Non-Domo App. If we believe a Non-Domo App violates our policies, this Agreement, applicable law, or the rights of any third party, we may disable the Non-Domo App and suspend use of the Non-Domo App until the potential violation is resolved. 14.MISCELLANEOUS 14.1 Insurance. Each party, at its sole cost and expense, will maintain during the term of this Agreement insurance in the type and amount required by law and consistent with standard industry practices based on its business and the scope of this Agreement. Upon request of the other party, a party shall provide evidence of its insurance coverage. 14.2 Access by Competitors. You may not access the Service if you are our direct competitor, except with our prior written consent. In addition, you may not access the Service for purposes of monitoring its availability, performance, or functionality, or for any other benchmarking or competitive purpose. 14.3 Patent Marking. The Service is protected by one or more claims of patents in the U.S. and elsewhere. Please see the following link for details on these patents: https://www.domo.com/company/patents. 14.4 U.S. Government Use. If the Service is licensed under a United States government contract, you acknowledge that the Service is a "commercial item" as defined in 48 CFR 2.101, consisting of "commercial computer software" and "commercial computer soft ware documentation," as such terms are defined in FAR Section 2.101 and Section 252.227-7014 of the Defense Federal Acquisition Regulation Supplement (48 CFR 252.227-7014) and used in 48 CFR 12.212 or 48 CFR 227.7202-1, as applicable. You also acknowledge that the Service is "commercial computer software" as defined in 48 CFR 252.227-7014(a)(1). United States government agencies and entities and others acquiring under a United States government contract will have only those rights, and will be subject to all restrictions, set forth in this Agreement. 14.5 Anti-Corruption. You have not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of our employees or agents in connection with this Agreement. If you learn of any violation of the above restriction, you will use reasonable efforts to promptly notify our Legal Department at legal@domo.com. 14.6 Relationship. We will be and act as an independent contractor (and not as the agent or representative of you) in the performance of this Agreement. 14.7 Publicity. We may only use your name, trademarks, and service marks to the extent necessary to fulfill our obligations under this Agreement or as otherwise explicitly authorized in this Agreement or a Service Order. We reserve the right to use your name and trademark as a reference for marketing and promotional purposes on our website and in other communications with our existing and prospective customers. If you do not want to be listed as reference for the Service, you may send an email to legal@domo.com stating that you do not wish to be identified as a reference. 14.8 Assignment and Delegation. You may not assign any of your rights or delegate any of your obligations under this Agreement (in whole or in part) without our prior written consent, except in connection with a change of control, merger, or by operation of law. Your assignment or delegation will not relieve you of your obligations under this Agreement nor release you of your liability under this Agreement. We may voluntarily, involuntarily, or by operation of law assign any of our rights or delegate any of our obligations under this Agreement without your consent. Any purported assignment or delegation in violation of this Subsection will be null and void. Subject to this Subsection, this Agreement will bind and inure to the benefit of each party’s respective permitted successors and permitted assigns. 14.9 Subcontractors. We may use subcontractors or other third parties in carrying out our obligations under this Agreement and any Service Order. We remain responsible to you for the performance of the services that are subcontracted under this Agreement. 14.10 Notices. Any notice required or permitted to be given in accordance with this Agreement will be effective if it is in writing and sent by certified or registered mail, or overnight courier, return receipt requested, to the appropriate party at the address set forth in the Service Order and with the appropriate postage affixed. Either party may change its address for receipt of notice by notice to the other party in accordance with this Subsection. Notices are deemed given two business days following the date of mailing or one business day following delivery to a courier. 14.11 Force Majeure. Neither party will be liable for, or be considered to be in breach of or default under this Agreement on account of, any delay or failure to perform as required by this Agreement as a result of any cause or condition beyond its reasonable control and not reasonably foreseeable, so long as that party uses all commercially reasonable efforts to avoid or remove the causes of non- performance. 14.12 Governing Law. This Agreement will be interpreted, construed, and enforced in all respects in accordance with the local laws of the State of California, U.S.A. Venue for any action arising out of this Agreement shall be in Fresno County, CA. Each party irrevocably waives the right to trial by jury. 14.13 Arbitration. Reserved. 14.14 No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement, including, without limitation, your Affiliates, Permitted Third Parties, or Authorized Users. 14.15 Waiver and Modifications. Failure, neglect, or delay by a party to enforce the provisions of this Agreement or its rights or remedies at any time, will not be construed as a waiver of the party’s rights under this Agreement and will not in any way af fect the validity of the whole or any part of this Agreement or prejudice the party’s right to take subsequent action. Exercise or enforcement by either party of any right or remedy under this Agreement will not preclude the enforcement by the party of any other right or remedy under this Agreement or that the party is entitled by law to enforce. We reserve the right, at our discretion, to change the terms of this Agreement on a going-forward basis at any time. Please check the terms of this Agreement periodically for changes. If a change materially modifies your rights or obligations, you will be required to accept the modified Agreement in order to continue to use the Service. Material modifications are effective upon your acceptance of the modified Agreement. Immaterial modifications are effective upon publi cation. 7 Disputes arising under this Agreement will be resolved in accordance with the version of this Agreement that was in effect at the time the dispute arose. 14.16 Severability. If any part of this Agreement is found to be illegal, unenforceable, or invalid, the remaining portions of this Agreement will remain in full force and effect. If any material limitation or restriction on the use of the Service under this Agreement is found to be illegal, unenforceable, or invalid, your right to use the Service will immediately terminate. 14.17 Headings. Headings are used in this Agreement for reference only and will not be considered when interpreting this Agreement. 14.18 Counterparts. The Service Order may be executed in any number of identical counterparts, notwithstanding that the parties have not signed the same counterpart, with the same effect as if the parties had signed the same document. All counterparts will be construed as and constitute the same agreement. The Service Order may also be executed and delivered by facsimile or electronically and such execution and delivery will have the same force and effect of an original document with original signatures. 14.19 Partner Transactions. If you order our services from a Domo reseller or other authorized partner, the terms of this Agreement apply to your receipt and use of the services. If you do not accept the terms of this Agreement, then you must not use, or must immediately cease using, the relevant services. 14.20 Entire Agreement. This Agreement, including all Service Orders and all exhibits, contain the entire agreement of the parties with respect to the subject matter of this Agreement and supersede all previous communications, representations, understandings, and agreements, either oral or written, between the parties with respect to said subject matter, including any prior Nondisclosure Agreement between the parties or their Affiliates. No usage of trade or other regular practice or method of dealing between the parties will be used to modify, interpret, supplement, or alter the terms of this Agreement. Neither party will be bound by, and specifically objects to, any term, condition, or other provision that is different from or in addition to this Agreement (whether or not it would material ly alter this Agreement) that is proffered by the other party in any acceptance, confirmation, invoice, purchase order, receipt, correspondence, or otherwise, unless each party mutually and expressly agrees to such provision in writing. Exhibit B “Data Security” A-1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 A. Definitions. Capitalized terms used in this Exhibit B have the meanings set forth in this section A. “Authorized Employees” means CONTRACTOR’s employees who have access to Personal Information. “Authorized Persons” means: (i) any and all Authorized Employees; and (ii) any and all of CONTRACTOR’s subcontractors, representatives, agents, outsourcers, and consultants, and providers of professional services to CONTRACTOR, who have access to Personal Information and are bound by law or in writing by confidentiality obligations sufficient to protect Personal Information in accordance with the terms of this Exhibit B. “Director” means COUNTY’s Director of Internal Services-Chief Information Officer or his or her designee. “Disclose” or any derivative of that word means to disclose, release, transfer, disseminate, or otherwise provide access to or communicate all or any part of any Personal Information orally, in writing, or by electronic or any other means to any person. “Person” means any natural person, corporation, partnership, limited liability company, firm, or association. “Personal Information” means any and all information, including any data, provided, or to which access is provided, to CONTRACTOR by or upon the authorization of COUNTY, under this Agreement, including but not limited to vital records, that: (i) identifies, describes, or relates to, or is associated with, or is capable of being used to identify, describe, or relate to, or associate with, a natural person (including, without limitation, names, physical descriptions, signatures, addresses, telephone numbers, e-mail addresses, education, financial matters, employment history, and other unique identifiers, as well as statements made by or attributable to the person); (ii) is used or is capable of being used to authenticate a natural person (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or personal identification numbers Exhibit B “Data Security” A-2 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 (PINs), financial account numbers, credit report information, answers to security questions, and other personal identifiers); or is personal information within the meaning of California Civil Code section 1798.3, subdivision (a), or 1798.80, subdivision (e). Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. “Privacy Practices Complaint” means a complaint received by COUNTY relating to CONTRACTOR’s (or any Authorized Person’s) privacy practices, or alleging a Security Breach. Such complaint shall have sufficient detail to enable CONTRACTOR to promptly investigate and take remedial action under this Exhibit B. “Security Safeguards” means physical, technical, administrative or organizational security procedures and practices put in place by CONTRACTOR (or any Authorized Persons) that relate to the protection of the security, confidentiality, value, or integrity of Personal Information. Security Safeguards shall satisfy the minimal requirements set forth in subsection C.(5) of this Exhibit B. “Security Breach” means any unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, any Personal Information. “Use” or any derivative thereof means to receive, acquire, collect, apply, manipulate, employ, process, transmit, disseminate, access, store, disclose, or dispose of Personal Information. B. Standard of Care. (1) CONTRACTOR acknowledges that, in the course of its engagement by COUNTY under this Agreement, CONTRACTOR, or any Authorized Persons, may Use Personal Information only in connection with performance of services for the COUNTY and as otherwise permitted in this Agreement, including in the Services Agreement. (2) CONTRACTOR acknowledges that Personal Information is deemed to be confidential information of, or owned by, COUNTY (or persons from whom COUNTY Exhibit B “Data Security” A-3 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 receives or has received Personal Information) and is not confidential information of, or owned or by, CONTRACTOR, or any Authorized Persons. CONTRACTOR further acknowledges that all right, title, and interest in or to the Personal Information remains in COUNTY (or persons from whom COUNTY receives or has received Personal Information) regardless of CONTRACTOR’s, or any Authorized Person’s, Use of that Personal Information. (3) CONTRACTOR agrees and covenants in favor of COUNTY that CONTRACTOR shall: (i) keep and maintain all Personal Information in strict confidence, using such degree of care under this Subsection B as is reasonable and appropriate to avoid a Security Breach; (ii) Use Personal Information exclusively for the purposes for which the Personal Information is permitted to be used pursuant to the terms of this Exhibit B; (iii) not, except as permitted or contemplated under the Agreement or required under applicable law, Use, Disclose, sell, rent, license, or otherwise make available Personal Information for CONTRACTOR’s own purposes or for the benefit of anyone other than COUNTY, without COUNTY’s express prior written consent, which the COUNTY may give or withhold in its sole and absolute discretion; and (iv) not, directly or indirectly, except as required under applicable law, Disclose Personal Information to any person (an “Unauthorized Third Party”) other than Authorized Persons pursuant to this Agreement, without the Director’s and the Recorder’s express prior written consent. Notwithstanding the foregoing paragraph, in any case in which CONTRACTOR believes it, or any Authorized Person, is required to disclose Personal Information to government regulatory authorities, or pursuant to a legal proceeding, or otherwise as may be required by applicable law, Contractor shall, to the extent legally permissible: (a) notify COUNTY without undue delay of the specific demand for, and legal authority for the disclosure, including providing County with a copy of any relevant notice, discovery demand, subpoena, or order, as applicable, received by CONTRACTOR, or any Authorized Person, Exhibit B “Data Security” A-4 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 from any government regulatory authorities, or in relation to any legal proceeding, and (b) promptly notify COUNTY before such Personal Information is offered by CONTRACTOR for such disclosure so that COUNTY may have sufficient time to obtain a court order or take any other action COUNTY may deem necessary to protect the Personal Information from such disclosure, and CONTRACTOR shall reasonably cooperate with COUNTY to minimize the scope of such disclosure of such Personal Information. CONTRACTOR shall remain liable to COUNTY for the actions and omissions of any Authorized Persons concerning its Use of such Personal Information to the same extent that CONTRACTOR is responsible to COUNTY for its own actions and omissions. C. Information Security. (1) CONTRACTOR covenants to COUNTY that Contractor shall at all times comply with all applicable federal, state, and local, privacy and data protection laws, as well as all other applicable regulations and directives, including but not limited to California Civil Code, Division 3, Part 4, Title 1.81 (beginning with section 1798.80), and the Song-Beverly Credit Card Act of 1971 (California Civil Code, Division 3, Part 4, Title 1.3, beginning with section 1747), as are applicable to CONTRACTOR in its Use of Personal Information under this Agreement. (2) CONTRACTOR covenants to COUNTY that, as of the Effective Date, CONTRACTOR has not received notice of any violation of any privacy or data protection laws, as well as any other applicable regulations or legally-binding directives from any government regulatory authority, and is not the subject of any pending legal action or investigation by, any government regulatory authority regarding same. (3) Without limiting CONTRACTOR’s obligations under subsection C.(1) of this Exhibit B, CONTRACTOR’s (or Authorized Person’s) Security Safeguards shall be no less rigorous than accepted industry practices and include the following: (i) limiting Use of Personal Information strictly to CONTRACTOR’s and Authorized Persons’ technical and Exhibit B “Data Security” A-5 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 administrative personnel who are necessary for the CONTRACTOR’s, or Authorized Persons’, Use of the Personal Information pursuant to this Agreement; (ii) ensuring that all of CONTRACTOR’s connectivity to County computing systems will only be through COUNTY’s security gateways and firewalls, and only through security procedures approved upon the express prior written consent of the Director; (iii) to the extent that they contain or provide access to Personal Information, (a) securing business facilities, data centers, paper files, servers, back-up systems and computing equipment, operating systems, and software applications, including, but not limited to, all mobile devices and other equipment, operating systems, and software applications with information storage capability; (b) employing adequate controls and data security measures, both internally and externally, designed to protect (1) the Personal Information from potential loss or misappropriation, or unauthorized Use, and (2) the COUNTY’s operations from disruption and abuse as relating to the COUNTY’s use of the Service; (c) having and maintaining network, device application, database and platform security; (d) maintaining authentication and access controls within media, computing equipment, operating systems, and software applications; and (e) installing and maintaining in all mobile, wireless, or handheld devices a secure internet connection, having continuously updated anti-virus software protection and a remote wipe feature enabled where applicable,; (iv) encrypting all Personal Information at advance encryption standards of Advanced Encryption Standards (AES) of 128 bit or higher (a) stored on any mobile devices, including but not limited to hard disks, portable storage devices, or remote installation, or (b) transmitted over public or wireless networks (the encrypted Personal Information must be subject to password or pass phrase, and be stored on a secure server and transferred by means of a Virtual Private Network (VPN) connection, or another type of secure connection,; (v) strictly segregating Personal Information from all other information of CONTRACTOR, including any Authorized Person, or anyone with whom CONTRACTOR or any Authorized Person deals so that Personal Information is not Exhibit B “Data Security” A-6 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 commingled with the personal information of any other of CONTRACTOR’s customers; (vi) having a patch management process including installation of all operating system/software vendor security patches; (vii) maintaining appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks of Authorized Employees consistent with applicable law; and (viii) providing appropriate privacy and information security training to Authorized Employees. (4) During the term of each Authorized Employee’s employment by CONTRACTOR, CONTRACTOR shall cause such Authorized Employees to abide strictly by CONTRACTOR’s obligations under this Exhibit B. CONTRACTOR further agrees that it shall maintain a disciplinary process to address any unauthorized Use of Personal Information by any Authorized Employees. (5) CONTRACTOR shall, in a secure manner, backup daily, or more frequently if it is CONTRACTOR’s practice to do so more frequently, Personal Information received from COUNTY, and the COUNTY shall have immediate access to such backups via a secure, remote access connection provided by CONTRACTOR, through the Internet, upon request. (6) At the COUNTY’s request, CONTRACTOR shall provide COUNTY with the name and contact information for the Authorized Employee (including at least one alternate Authorized Employee) who shall serve as COUNTY’s primary security contact with CONTRACTOR and shall be available to assist COUNTY as a contact in resolving CONTRACTOR’s and any Authorized Persons’ obligations associated with a Security Breach or a Privacy Practices Complaint. D. Security Breach Procedures. (1) Promptly upon CONTRACTOR’s awareness or reasonable belief of a Security Breach, CONTRACTOR shall (a) notify the Director of the Security Breach, such notice to be given first by telephone at the following telephone number, followed promptly by email at the following email address: (559) 600-6200 / ematthews@fresnocountyca.gov (which Exhibit B “Data Security” A-7 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 telephone number and email address COUNTY may update by providing notice to CONTRACTOR), and (b) preserve all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The notification shall include, to the extent reasonably possible, the identification of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. (2) Promptly following CONTRACTOR’s notification to COUNTY of a Security Breach, as provided pursuant to subsection D.(1) of this Exhibit B, the Parties shall coordinate with each other to investigate the Security Breach. If the Security Breach was caused by CONTRACTOR’s or an Authorized Person’s breach, CONTRACTOR agrees to reasonably cooperate with COUNTY, including, without limitation, as may be reasonably requested by the COUNTY: (i) assisting COUNTY in conducting any investigation; (ii) providing COUNTY with reasonable physical access to the facilities and operations affected;(iii) facilitating interviews with Authorized Persons and any of CONTRACTOR’s other employees knowledgeable of the matter; and (iii) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law or regulation, or as otherwise reasonably required by COUNTY. To that end, CONTRACTOR shall, with respect to a Security Breach caused by CONTRACTOR’s or an Authorized Person’s breach, be Responsible for the cost for all notifications required by law and regulation and CONTRACTOR shall provide a written report of the investigation and reporting required to the Director within thirty (30) days after the CONTRACTOR’s discovery of the Security Breach caused by CONTRACTOR’s or an Authorized Persons’ breach. (3) County shall promptly notify CONTRACTOR of the Director’s knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon CONTRACTOR’s receipt of notification thereof, CONTRACTOR shall promptly reasonably assist the COUNTY in Exhibit B “Data Security” A-8 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 addressing such Privacy Practices Complaint, including, if the Privacy Practices Complaint arises from CONTRACTOR’s breach, taking any corrective action required under this Exhibit B, all at CONTRACTOR’s sole expense, in accordance with applicable privacy rights, laws, regulations and standards. In the event CONTRACTOR discovers a Security Breach, CONTRACTOR shall treat the Privacy Practices Complaint as a Security Breach. Promptly upon CONTRACTOR’s receipt of a Privacy Practices Complaint, CONTRACTOR shall cooperate with the COUNTY to determine whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason therefor. (4) CONTRACTOR shall take prompt corrective action to respond to and remedy any Security Breach caused by CONTRACTOR’s breach and take mitigating actions, including but not limiting to, actions designed to prevent any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at CONTRACTOR’s sole expense, in accordance with applicable privacy laws and regulations. CONTRACTOR shall reimburse COUNTY for all reasonable costs incurred by COUNTY in responding to, and mitigating damages caused by, any Security Breach caused by CONTRACTOR’s or an Authorized Person’s breach, including all reasonable costs of COUNTY incurred in relation to any litigation or other action described subsection D.(5) of this Exhibit B arising from CONTRACTOR’s breach. (5) CONTRACTOR agrees to reasonably cooperate with COUNTY in any litigation or other action to protect COUNTY’s rights relating to Personal Information, including the rights of persons from whom COUNTY receives Personal Information. Such cooperation shall be at CONTRACTOR’s expense if such litigation or action arises from CONTRACTOR’s breach and otherwise shall be at COUNTY’s expense. E.Oversight of Security Compliance. Exhibit B “Data Security” A-9 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 (1) CONTRACTOR shall have and maintain a written information security policy that specifies Security Safeguards appropriate to the size and complexity of CONTRACTOR’s operations and the nature and scope of its activities. (2) Upon COUNTY’s written request, to confirm CONTRACTOR’s compliance with this Exhibit B, as well as any applicable laws, regulations and industry standards, CONTRACTOR will make available to COUNTY or, upon COUNTY’s election, a third party on COUNTY’s Behalf that not is not a competitor of CONTRACTOR, its annual SOC 2 report, ISO 27001 certification, and other independent third party certifications and assessments CONTRACTOR generally makes available to its customers (the “Independent Assessments”). If COUNTY identifies an area of risk not addressed under the Independent Assessments, upon COUNTY’s request, no more than once per year, CONTRACTOR will grant COUNTY permission to perform an assessment, audit, examination or review of relevant controls in CONTRACTOR’s physical and technical environment in relation to all Personal Information that is Used by CONTRACTOR pursuant to this Agreement with the scope and timing of the assessment, audit, examination or review to be agreed upon by the parties in advance. CONTRACTOR shall reasonably cooperate with such assessment, audit or examination, as applicable, by providing COUNTY or the third party on COUNTY’s behalf, access to its relevant physical premises, documentation, infrastructure and application software that is Used by CONTRACTOR for Personal Information pursuant to this Agreement. In addition, upon COUNTY’s written request, CONTRACTOR shall provide COUNTY with the results of any audit by or on behalf of CONTRACTOR that assesses the effectiveness of CONTRACTOR’s information security program as relevant to the security and confidentiality of Personal Information Used by CONTRACTOR or Authorized Persons during the course of this Agreement under this Exhibit B that CONTRACTOR generally makes available to its customers. All audit results and other information obtained under this subsection (2) is confidential information of CONTRACTOR. Exhibit B “Data Security” A-10 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 (3) CONTRACTOR shall ensure that all Authorized Persons who Use Personal Information agree to the Security Standards at least as protective of Personal Information as those set forth in this Exhibit B. that apply to CONTRACTOR with respect to such Personal Information. F. Return or Destruction of Personal Information. Upon the termination of this Agreement, CONTRACTOR shall, and shall instruct all Authorized Persons to, promptly securely destroy all such Personal Information, and, at the COUNTY’s request, certify in writing to the COUNTY that such Personal Information have been disposed of securely, as applicable. If return or disposal of such Personal Information or copies of Personal Information is not feasible, CONTRACTOR shall notify COUNTY according, specifying the reason, and continue to extend the protections of this Exhibit B to all such Personal Information and copies of Personal Information. CONTRACTOR shall not retain any copy of any Personal Information after returning or disposing of Personal Information as required by this section F. CONTRACTOR’s obligations under this section F survive the termination of this Agreement 28 and apply to all Personal Information that CONTRACTOR retains if return or disposal is not feasible and to all Personal Information that CONTRACTOR may later discover. G. Equitable Relief. CONTRACTOR acknowledges that any breach of its covenants or obligations set forth in this Exhibit B may cause COUNTY irreparable harm for which monetary damages may not be adequate compensation and agrees that, in the event of such breach or threatened breach, COUNTY is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance and any other relief that may be available from any court, in addition to any other remedy to which COUNTY may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available to COUNTY at law or in equity or under this Agreement. Exhibit B “Data Security” A-11 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 H. Indemnification. CONTRACTOR shall defend, indemnify and hold harmless COUNTY, its officers, employees, and agents, (each, a “COUNTY Indemnitee”) from and against any third party claim or action against any COUNTY Indemnitee arising out of or based upon CONTRACTOR’s, its officers, employees, or agents, or any Authorized Employee’s or Authorized Person’s, breach of this Exhibit B. The COUNTY must (a) give CONTRACTOR prompt written notice of the claim; (b) grant CONTRACTOR control over the defense and settlement of the claim; (c) provide assistance in connection with the defense and settlement of the claim as CONTRACTOR may reasonably request; and (d) comply with any settlement or court order made in connection with the claim. The COUNTY will not defend or settle any claim under this Exhibit B without CONTRACTOR’s prior written consent. The COUNTY may participate in the defense of the claim at the COUNTY’s own expense and with counsel of the COUNTY’s own choosing, subject to the CONTRACTOR’s control over the defense and settlement of the Claim as provided above. The provisions of this section H are cumulative to any other obligation of CONTRACTOR to, defend, indemnify, or hold harmless any COUNTY Indemnity under this Agreement. The provisions of this section H shall survive the termination of this Agreement. I. Survival. The respective rights and obligations of CONTRACTOR and COUNTY as stated in this Exhibit B shall survive the termination of this Agreement. J. No Third Party Beneficiary. Exhibit B “Data Security” A-12 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Nothing express or implied in the provisions of in this Exhibit B is intended to confer, nor shall anything herein confer, upon any person other than COUNTY or CONTRACTOR and their respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever. L. County Obligations; No County Warranty. COUNTY is responsible for compliance with all terms of this Agreement, including the Services Agreement, and all applicable laws and regulations, with respect to its collection, upload, and use of Subscriber Data that is Personal Information. Except as set forth in this Agreement, including the Services Agreement, COUNTY does not make any warranty or representation whether any Personal Information in CONTRACTOR’s (or any Authorized Person’s) possession or control, or Use by CONTRACTOR (or any Authorized Person), pursuant to the terms of this Agreement is or will be secure from unauthorized Use, or a Security Breach or Privacy Practices Complaint. EXHIBIT C SERVICE ORDER -ENTERPRISE- Domo, Inc. Confidential Page 1 of 1 Subscriber Name: The County of Fresno Effective Date: July 13, 2021 Primary Contact: Michael Miller Initial Term End Date: July 12, 2024 Primary Contact Phone: 559.600.5800 Subscription Services Annual Fees (US$) Domo Enterprise Platform •Connections: Unlimited standard data connectors, Workbench, & Workbench API •Data Storage: Up to 2 billion data rows •Admin Controls •Full Domo Appstore Access (separate App fees may apply) •Version Upgrades •Technical Support: Standard Support Package $50,000 Authorized User Licenses Unit Price: $2,100 QTY 10 $21,000 Domo Embed: includes up to 1,000 Embed User Licenses $25,000 Annual Subscription Fees $96,000 One-time Services One-time Fees Professional Services Hours: •Additional hours may be purchased at $250 per hour (hourly rate subject to change; hours expire after one year) Unit Price: $250 QTY 120 $30,000 One-time Fees $30,000 Pricing Expires: April 2021 Total Initial Fees $126,000 Payment Schedule Invoice Amount One-time Fees Invoice on Effective Date, Payment due Net 30 $30,000 Subscription Fees Invoice annually in advance on Effective Date, payment due Net 45 Invoice annually in advance on June 13, 2022, payment due Net 45 Invoice annually in advance on June 13, 2023, payment due Net 45 $96,000 $96,000 $96,000 Terms and Conditions You agree to pay the non-refundable fees described in this Service Order plus applicable taxes or other government charges. Our invoices to you will include applicable taxes and charges as well as actual travel expenses we incur in providing professional s ervices and training. This Service Order will automatically renew on the Initial Term End Date for successive 12-month terms unless at least 30 days before the end of the then-current term one of us provides written notice to the other that it does not want to renew. Renewal Price Protection: As long as Subscriber timely pays all applicable Subscription Fees during the Initial Term of this Service Order, at the conclusion of Initial Term, the pricing for the two (2) annual Renewal Terms (for the per Authorized User License and Platform Fees set forth above; for the same number of previously ordered Authorized User Licenses, and for the same Platform configuration) may increase by no more than the greater of: (a) 4% of the current price, or (b) the percentage increase in CPI from the date the price was last set. “CPI” means the then-most recent U.S. City Average (December to December percent) for All Urban Consumers for the first and second annual renewal periods after the Initial Term. This Service Order is between Domo, Inc. and Subscriber as of the Effective Date specified above. Each of us may sign this Service Order using an electronic or handwritten signature, which are of equal effect, whether on original or electronic copies. Subscriber Domo, Inc. By_______________________________ Date____________ Print Name: Title: By________________________________ Date____________ Print Name__________________ Title__________________ Billing Address: 333 W Pontiac Way Clovis, CA 93612 Address: 772 E. Utah Valley Drive American Fork, UT 84003 Billing Contact: Claudia Favors Attention: Finance Department Billing Phone Number: 559.600.5800 Phone Number: (801) 805-9400 Billing E-Mail Address: cfavors@fresnocoutyca.gov E-Mail Address: orders@domo.com Project Manager: Michael Miller Account Executive: Jon Mendenhall Exhibit D SELF-DEALING TRANSACTION DISCLOSURE FORM In order to conduct business with the County of Fresno (hereinafter referred to as “County”), members of a contractor’s board of directors (hereinafter referred to as “County Contractor”), must disclose any self-dealing transactions that they are a party to while providing goods, performing services, or both for the County. A self-dealing transaction is defined below: “A self-dealing transaction means a transaction to which the corporation is a party and in which one or more of its directors has a material financial interest associated with the Agreement” The definition above will be utilized for purposes of completing this disclosure form. INSTRUCTIONS (1)Enter board member’s name, job title (if applicable), and date this disclosure is being made. (2)Enter the board member’s company/agency name and address. (3)Describe in detail the nature of the self-dealing transaction that is being disclosed to the County. At a minimum, include a description of the following: a.The name of the agency/company with which the corporation has the transaction; and b.The nature of the material financial interest in the Corporation’s transaction that the board member has. (4)Describe in detail why the self-dealing transaction is appropriate based on applicable provisions of the Corporations Code. (5)Form must be signed by the board member that is involved in the self-dealing transaction described in Sections (3) and (4). Exhibit D (1)Company Board Member Information: Name: Date: Job Title: (2)Company/Agency Name and Address: (3)Disclosure (Please describe the nature of the self-dealing transaction you are a party to): (4)Explain why this self-dealing transaction is consistent with the requirements of Corporations Code 5233 (a): (5)Authorized Signature Signature: Date: