Attached files
Exhibit 10.56
MASTER RELATIONSHIP AGREEMENT
This Master Relationship Agreement (“MRA”) by and between GLASSHOUSE TECHNOLOGIES, INC. (“GlassHouse”), a Delaware corporation located at 200 Crossing Boulevard, Framingham, MA 01702, and DELL MARKETING, L.P. (“Dell Marketing”), a Texas limited partnership located at One Dell Way, Round Rock, Texas 78682, by and on behalf of Dell, Inc. and their respective subsidiaries and Affiliates (as defined below), is effective as of June 23, 2008 (the “Effective Date”).
SECTION 1. AGREEMENT STRUCTURE
1.1 Definitions. Capitalized terms used herein but not defined shall have the meanings set forth in Schedule A.
1.2 This MRA, together with all schedules attached hereto (“Schedules”) and Statements of Work shall be collectively referred to as the “Agreement.” The Agreement constitutes the entire agreement between the parties and supersedes all prior discussions, both oral and written, between the parties related to the subject matter of the Agreement that occurred prior to the Effective Date. For the sake of clarity, the Agreement has no impact on the Intellectual Property License Agreement, dated as of March 6, 2008, by and between the parties (the “IP License Agreement”); moreover, the parties acknowledge and agree that nothing in this Agreement shall supersede or amend the IP License Agreement.
1.3 The Agreement constitutes the terms and conditions under which Dell will purchase Services from GlassHouse, including, but not limited to, any Deliverables provided to Dell during the course of providing the Services.
1.4 The terms and conditions of the MRA apply to all Schedules, Dell PO(s), and Statements of Work for the purchase of Services. GlassHouse shall not provide Dell with any Services and Dell shall not be obligated to pay for any Services unless Dell and GlassHouse have executed a Statement of Work and Dell has issued a Dell PO for the applicable Services.
1.5 Unless expressly stated otherwise in a Statement of Work, in the event of conflict between the MRA and any Schedule or Statement of Work, the order of precedence shall be as follows: (i) the MRA, (ii) the Schedule, and then (iii) the Statement of Work. Any additional or conflicting terms contained in a Dell PO shall be void and have no effect. Notwithstanding the order of precedence above, if a Statement of Work explicitly identifies a provision in the MRA(other than those that involve indemnification or limitation of liability which may only be modified or superseded by an amendment to the MRA), that the parties intend to be superseded or modified by a provision in the Statement of Work, the provision in the Statement of Work shall prevail for purposes of that Statement of Work.
1.6 When a Dell entity desires to purchase Services, such Dell entity and GlassHouse will execute Statement of Work. Each Statement of Work shall expressly reference this MRA and all the terms and conditions of this MRA shall govern such Statement of Work. Once the applicable Statement of Work is executed, any other Dell entity may subsequently issue a Dell PO to purchase the Services described in the applicable Statement of Work; provided, however, that GlassHouse may accept or reject any Dell PO in its reasonable discretion. For purchases of
| 1 |
Services outside of the United States, a Statement of Work and/or Dell PO will be issued by the applicable local Dell entity to GlassHouse, or to such other GlassHouse Affiliate designated by GlassHouse. All Dell PO(s) will be governed by the terms and conditions of the MRA and the applicable Statement of Work and collectively shall be deemed a separate agreement between the applicable Dell and Glasshouse Entities. To the extent the parties’ Affiliates require additional or alternative terms and conditions than those contained in this MRA in order to comply with local country law or business practices, such alternative or additional terms shall be set forth in a “Country Unique Terms” section of the applicable Statement of Work.
SECTION 2. TERM AND TERMINATION
2.1 Term. Subject to the termination provisions in this MRA, the initial term of this MRA is for three (3) years beginning on the Effective Date. This MRA will automatically renew for additional, successive, one-year terms unless a party provides written notice of non-renewal to the other party at least 180 days before the end of the then current term.
2.2 Termination for Cause. Either GlassHouse or Dell may terminate this MRA or any Statement of Work for cause in the event of a material breach by the other party if such breach is not cured within thirty (30) days of receipt of written notice.
2.3 Termination for Change of Control. In the event of a Change of Control of either party (the “Acquired Party”) to a direct competitor of the other party, then at any time within twelve (12) months after the last to occur of events constituting such Change of Control, such other party may terminate each Statement of Work with respect to all or any part of the Services by giving the Acquired Party at least thirty (30) days prior written notice and designating a date upon which such termination shall be effective.
2.4 Termination for Convenience. Dell may terminate this MRA, including, but not limited to, any Statement of Work or Dell PO and/or Schedule at any time without cause for its convenience upon thirty (30) days written notice.
2.5 Effect of Termination. In the event that this MRA or any Statement of Work or Dell PO is terminated, Dell shall pay GlassHouse, at a minimum, for all Services provided and expenses incurred up to and including the effective date of termination, in accordance with the applicable Statement of Work.
2.6 Transition Plan. Upon the early termination of any Statement of Work, GlassHouse and Dell will promptly meet to negotiate in good faith a transition plan to deal with business that is ongoing or pending at such time (the “Transition Plan”). The objective of the Transition Plan will be to promptly unwind the relationship created under the Statement(s) of Work in a manner that causes the least disruption within the marketplace. It is contemplated that the Transition Plan will deal, among other things, with the fulfillment of pending orders and outstanding tenders, and the treatment of ongoing service and support, and payment terms.
2.7 Dispute Resolution. Prior to the commencement of any litigation relating to a Statement of Work, the senior management of both GlassHouse and Dell shall meet to attempt to resolve the dispute or disputes giving rise to such potential litigation. If the senior management cannot resolve the disputes, either GlassHouse or Dell may make a written demand for formal dispute
| 2 |
resolution. Within thirty (30) days after such written demand, GlassHouse and Dell agree to meet for one day with an impartial mediator and consider dispute resolution alternatives other than litigation. The costs of engaging the mediator shall be shared equally. If an alternative method of dispute resolution is not agreed upon within thirty (30) days after the one-day mediation, either GlassHouse or Dell may begin litigation proceedings.
SECTION 3. PERSONNEL
3.1 Approval of Personnel. Reasonably prior to assigning an individual to perform Services under any Statement of Work and to the extent reasonably practicable under the circumstances, GlassHouse shall (i) notify Dell of the proposed assignment, (ii) introduce the individual to appropriate Dell representatives, (iii) provide reasonable opportunity for Dell representatives to interview the individual, and (iv) consistent with applicable law, provide Dell with a resume and such other information about the individual as may be reasonably requested by Dell. In addition, GlassHouse shall ensure that it has met all obligations under Dell’s U.S. Site Security and Environmental, Health, and Safety Addendum attached hereto as Schedule B with respect to personnel to be assigned hereunder. If Dell lawfully and in good faith objects to the proposed assignment, GlassHouse shall not assign the individual to that position and shall propose to Dell the assignment of another individual of suitable ability and qualifications.
3.2 Periodic Review. At Dell’s request from time to time, GlassHouse shall allow Dell the opportunity to conduct a review of the GlassHouse personnel performing Services under any Statement of Work and an opportunity to provide meaningful information to GlassHouse with respect to Dell’s evaluation of the performance of the GlassHouse personnel. GlassHouse (or the applicable subcontractor) shall appropriately take such evaluation into account in establishing bonus and other compensation for such individuals. During the term of any Statement of Work and unless otherwise permitted by that Statement or Work, GlassHouse shall not terminate or reassign (other than for cause) the personnel assigned under that Statement of Work.
3.3 Removal of Personnel. If Dell is dissatisfied with the performance or conduct of any GlassHouse personnel assigned to perform services under any Statement of Work, Dell may bring the matter to GlassHouse’s attention and provide a description of the problem or concern in reasonable detail, and GlassHouse will promptly discuss such concern with the employee and take appropriate remedial actions to coach, counsel or reassign such employee as determined by GlassHouse. If such remedial actions do not remedy Dell’s concern within thirty (30) days, Dell may require that GlassHouse remove such member from the performance of Services under that Statement of Work, and GlassHouse shall designate a suitable replacement in accordance with Section 3.1 as soon as reasonably possible.
3.4 No Joint Employment. The personnel deployed by GlassHouse will be and shall remain employees or contractors of GlassHouse, reporting solely to GlassHouse, and GlassHouse will provide for and pay the compensation and other benefits of such personnel, including salary, health, accident and worker’s compensation benefits and all taxes and contributions that an employer is required to pay with respect to the employment of employees. GlassHouse’s personnel performing Services shall have a duty of loyalty to GlassHouse. GlassHouse shall determine the terms of employment for its respective personnel in accordance with its standard practices, including hiring and firing. All GlassHouse personnel assigned to perform services
| 3 |
under any Statement of Work shall be required to sign an acknowledgement in form reasonably acceptable to GlassHouse that provides that although such personnel may work with employees of Dell, (i) they are employees of GlassHouse only and (ii) they are expected to follow the policies, procedures and direction of GlassHouse.
SECTION 4. PRICE AND PAYMENT
4.1 Resources. Except as provided in each Statement of Work, GlassHouse and Dell each will provide the resources necessary for discharging its responsibilities under a Statement of Work at its own cost and expense.
4.2 Taxes. Unless otherwise agreed in each Statement of Work, all payments must be stated (and payments made) in United States dollars and are exclusive of applicable sales, use or similar taxes for which Dell is obligated to pay GlassHouse. Dell has no liability for any taxes based on GlassHouse’s assets or income or for which Dell has an appropriate resale or other exemption that has been provided to GlassHouse and is acceptable to the applicable taxing authority. Dell has the right to withhold any applicable taxes from any royalties or other payments due under each Statement of Work if required by any government authority. All amounts payable under each Statement of Work shall be exclusive of value added tax or analogous taxes (if any) which Dell shall pay at the rate applicable thereto from time to time. GlassHouse shall provide Dell with a valid value added tax invoice (applicable in the country of supply). GlassHouse and Dell will cooperate to ensure so far as possible that the VAT treatment of each Statement of Work is accepted by the relevant tax authorities, and will produce all necessary invoices, records and other documentation for this purpose. In addition, upon Dell’s request, GlassHouse shall bill Dell’s or its specified subsidiaries or Affiliates on a regional or local basis.
4.3 Travel Expenses. No travel or other expenses shall be reimbursed unless approved in writing in advance by Dell. Any approved travel shall only be reimbursed if compliant with the then current Dell Travel and Expenses Policy as provided to GlassHouse in advance either by written documentation or via Dell providing GlassHouse with an electronic link. Attached hereto as Schedule D is the Dell Travel and Expenses Policy in effect as of the Effective Date. Any travel requirements specifically described in any executed Statement of Work or otherwise approved in writing by Dell shall be deemed approved by Dell and shall be reimbursed by Dell so long as such travel is incurred in accordance with the Dell Travel and Expenses Policy.
4.4 Invoicing. All invoices provided to Dell will be accumulated, upon receipt, for a period from the 6th day of a month to the 5th day of the following month (the “Accumulation Period”). Dell will pay invoices received during the Accumulation Period net thirty (30) days from the end of the Accumulation Period (EOAP 30). No invoice can be dated prior to the date Services are accepted by Dell. GlassHouse agrees to use diligent efforts to invoice Dell within thirty (30) days after it has the right to invoice under the terms of each Statement of Work. If GlassHouse fails to invoice Dell for any amount within sixty (60) days after the date GlassHouse has the right to invoice Dell pursuant to the terms of the applicable Statement of Work, GlassHouse shall be deemed to have waived any right it may otherwise have to invoice for and collect such amount.
| 4 |
4.5 Comparable Pricing. GlassHouse covenants that the pricing for Services being accorded to Dell during the term of each Statement of Work will be no less favorable than the pricing being accorded to other customers of GlassHouse purchasing like quantities or less of services that are materially comparable to Services being provided to Dell. If at any time during the term of each Statement of Work, GlassHouse accords to any other such customer more favorable pricing for services substantially similar to those Services purchased by Dell, GlassHouse will immediately offer to sell such Services to Dell at pricing that is equivalent to the more favorable pricing accorded to such other customer.
SECTION 5. REPRESENTATIONS AND WARRANTIES
5.1 Dell Work Product. GlassHouse represents and warrants that all Deliverables provided by GlassHouse will conform to the specifications and descriptions set forth or referenced in each Statement of Work for a period of one hundred eighty (180) days after the date of delivery to Dell or the applicable customer, unless an alternative warranty period is expressly set forth in a Statement of Work.
5.2 Services. GlassHouse represents and warrants that all Services as provided by GlassHouse will be performed in a good and workmanlike manner by a skilled and qualified staff in accordance with prevailing industry standards and shall conform to all specifications and descriptions set forth in the applicable Statement of Work for a period of one hundred eighty (180) days after the date of delivery to Dell or the applicable customer, unless an alternative warranty period is expressly set forth in each Statement of Work.
5.3 Rights and License. GlassHouse represents and warrants that it has all the rights and licenses in the Services and Deliverables necessary to allow Dell, and, as applicable, the customer, to use such materials without restriction or additional charge as intended. The Deliverables shall not infringe or misappropriate any copyright, patent, trade secret, trademark or other intellectual property right of any third party.
5.4 Violation. Each party represents and warrants that this MRA (including without limitation the delivery of Deliverables) does not violate any applicable laws (including without limitation all applicable import or export regulations and all licensing or permitting requirements) or breach any other agreement to which such party is a party or bound.
5.5 Copyleft. GlassHouse represents and warrants that it shall not incorporate or commingle intellectual property that constitutes open source code governed under a license that effects Copyleft or any similar or broader license, such as a General Public License, in the development, installation or support of any Deliverable.
SECTION 6. INDEMNIFICATION
6.1 Dell Indemnification. Dell will defend, indemnify, and hold harmless GlassHouse and its directors, officers, employees, representatives, and agents (collectively “GlassHouse Indemnitees”) from and against any and all third-party claims, actions, demands, and legal proceedings (collectively “Claims”) and/or liabilities to third parties for damages, losses, judgments, authorized settlements, costs and expenses including, without limitation, reasonable attorneys’ fees (collectively “Damages”), arising out of or in connection with: (a) any alleged or actual infringement and/or misappropriation by Dell of any copyright, patent, trademark, trade secret or other proprietary or intellectual property right of any third party to the extent relating to
| 5 |
any Dell Pre-existing IP; (b) any Claim that Dell has caused bodily injury including, without limitation, death or has damaged real or tangible personal property; (c) any violation by Dell of any governmental laws, rules, ordinances, or regulations; and/or (d) any Claim by or on behalf of Dell’s other subcontractors, suppliers, or employees for salary, wages, benefits or other compensation.
6.2 Glasshouse Indemnification. GlassHouse will defend, indemnify, and hold harmless Dell and its directors, officers, employees, representatives, customers and agents (collectively “Dell Indemnitees”), from and against any and all Claims and Damages arising out of or in connection with: (a) any negligent acts or omissions of GlassHouse or failure by GlassHouse to perform its obligations under this Agreement or a Statement of Work; (b) any alleged or actual infringement and/or misappropriation by GlassHouse and/or the Services and/or the Deliverables of any copyright, patent, trademark, trade secret or other proprietary or intellectual property right of any third party, provided, however, that GlassHouse shall have no liability or obligation to Dell hereunder with respect to any claim based upon (i) any use of the Deliverables not strictly in accordance with this MRA or the applicable Statement of Work, or (ii) use of any Deliverables in an application or environment or on a platform or with devices for which it was not designed or reasonably contemplated; (c) any Claim that GlassHouse and/or the Deliverables provided under each Statement of Work has caused bodily injury including, without limitation, death or has damaged real or tangible personal property; (d) any violation by GlassHouse of any governmental laws, rules, ordinances, or regulations; (e) any act of gross negligence or willful misconduct; and/or (f) any Claim by or on behalf of GlassHouse’s subcontractors, suppliers, or employees for salary, wages, benefits or other compensation.
6.3 Additional Obligations. If an infringement claim is made or appears likely to be made about the Deliverables, GlassHouse shall use reasonable efforts to (i) procure for Dell and customers, as applicable, the right to continue to use the applicable Deliverables; (ii) modify the Deliverables so that they are no longer infringing; or (iii) replace them with non-infringing Deliverables. If none of these alternatives is commercially reasonable, Dell shall cease its use of any affected Deliverables or return or destroy any affected Deliverables for a refund of the purchase price, pro-rated on a straight-line basis over a five (5) year period from the original delivery date.
6.4 Limitation on Indemnification. The party from whom indemnification is sought pursuant hereto (Indemnitor) shall have no liability or obligation to the party entitled to indemnification hereunder (an Indemnitee) to the extent that any claim, action or suit arises out of or results from (i) modifications, combinations or extensions of materials made available by the Indemnitor to the Indemnitee not created by the Indemnitor, (ii) the Indemnitee’s continuing allegedly infringing activity after being notified thereof or its continuing use of any version of the materials made available by the Indemnitor to the Indemnitee after being provided modifications that would have avoided the alleged infringement or (iii) any intellectual property right in which the Indemnitee has an interest or (iv) any Indemnitee’s negligence or misconduct.
6.5 Comparative Fault. Each party’s obligations in this SECTION 6 shall apply even if the Claim and/or Damages are due, or alleged to be due, in part to any concurrent negligence or other fault of the Indemnitee, breach of contract or warranty by the Indemnitee, or strict liability without regard to fault; provided, however, that the Indemnitor’s contractual obligations shall not extend to the percentage of the third party claimant’s Damages attributable to the Indemnitee’s negligence or other fault, breach of contract or warranty, or to strict liability imposed upon Indemnitee as a matter of law.
| 6 |
6.6 Indemnification Procedures. The following procedures will apply with respect to indemnification for Claims arising in connection with a Statement of Work:
(a) Promptly after receipt by the Indemnitee of written notice of the assertion or the commencement of any Claim, whether by legal process or otherwise, with respect to any matter within the scope of this SECTION 6, the Indemnitee will give written notice thereof to the Indemnitor and will thereafter keep the Indemnitor reasonably informed with respect thereto; provided, however, that the failure of the Indemnitee to give the Indemnitor such prompt written notice will not relieve the Indemnitor of its obligations hereunder except to the extent such failure results in prejudice to Indemnitor’s defense of such Claim. Within thirty (30) days following receipt of written notice from the Indemnitee relating to any claim, but no later than ten (10) days before the date on which any response to a complaint or summons is due, the Indemnitor will notify the Indemnitee in writing that the Indemnitor will assume control of the defense and settlement of such claim (the “Notice”).
(b) If the Indemnitor delivers the Notice relating to any Claim within the required notice period, the Indemnitor will be entitled to have sole control over the defense and settlement of such Claim; provided, however, that the Indemnitee will be entitled to participate in the defense of such claim and to employ legal advisers at its own expense to assist in the handling of such claim. After the Indemnitor has delivered a Notice relating to any claim in accordance with the preceding paragraph, the Indemnitor will not be liable to the Indemnitee for any legal expenses subsequently incurred by such Indemnitee in connection with the defense of such Claim.
(c) If the Indemnitor fails to assume the defense of any such Claim within the prescribed period of time, then the Indemnitee may assume the defense of any such Claim, the reasonable costs and expenses of which shall be deemed to be Damages. The Indemnitor will not be responsible for any settlement or compromise made without its consent, unless the Indemnitee has tendered notice and the Indemnitor has then failed to provide Notice and it is later determined that the Indemnitor was liable to assume and defend the Claim.
(d) The Indemnitee will provide reasonable assistance to the Indemnitor (at the Indemnitor’s expense), including reasonable assistance from the Indemnitee’s employees, agents, independent contractors and Affiliates, as applicable. Notwithstanding any provision of this Section 6 to the contrary, the Indemnitor will not consent to the entry of any judgment or enter into any settlement that provides for injunctive or other non-monetary relief affecting the Indemnitee without the prior written consent of the Indemnitee, which consent will not be unreasonably withheld or delayed.
| 7 |
SECTION 7. LIMITATION OF LIABILITY
7.1 Limitation of Liability. Except as provided in Section 7.2 hereof, (i) the liability of each party to the other for direct damages in connection with any and all claims, acts or omissions, and causes of action arising under or related to this Agreement and/or any Statement of Work entered into hereunder shall not exceed, in the aggregate, an amount equal to the aggregate amount paid or payable under this Agreement during the then most current trailing 12 month period, and (ii) neither party will be liable to the other for any indirect, incidental, special, punitive or consequential damages of any type including, without limitation, lost profits and lost sales, arising out of or in connection with the Agreement even if advised or aware of the possibility of such damages and even if the other party asserts or establishes a failure of the essential purpose of any limited remedy provided in this Agreement.
7.2 Exclusions. The aggregate cap on direct damages and general exclusion of indirect, incidental, special, punitive or consequential damages of any type, including without limitation, lost profits and lost sales, set forth in the limitation of liability provisions of Section 7.1 of this Agreement will not apply with respect to the following:
| (a) | GlassHouse Exclusions. GlassHouse shall be fully liable for all such damages to the extent arising from (i) any breach of its confidentiality obligations hereunder, (ii) any damage to real or tangible personal property, (iii) any violation of any governmental laws, rules, ordinances, or regulations, (iv) any act of gross negligence or willful misconduct, and/or (v) any claim for indemnity obligations arising under Section 6.2; provided, however, that any claim for indemnity arising under Section 6.2(a) shall be subject to a cap equal to the aggregate amount paid or payable under this Agreement during the then most current trailing 12 month period. |
| (b) | Dell Exclusions. Dell shall be fully liable for all such damages arising from (i) any breach of its confidentiality obligations hereunder, (ii) any damage to real or tangible personal property, (iii) any violation of any governmental laws, rules, ordinances, or regulations (iv) any acts of gross negligence or willful misconduct, and/or (v) any claim for indemnity obligations arising under Section 6.1. |
SECTION 8. INTELLECTUAL PROPERTY RIGHTS
8.1 Pre-existing Intellectual Property. GlassHouse and Dell each shall retain ownership of all right, title and interest in its Pre-existing IP, subject to any license grants under the IP License Agreement.
8.2 GlassHouse Intellectual Property. All intellectual property developed, conceived, or reduced to practice by GlassHouse during the performance of Managed Services or Other Services (collectively with GlassHouse’s Pre-existing IP, the “GlassHouse IP”) shall be owned by GlassHouse, subject to any license grants under the IP License Agreement.
8.3 Dell Work Product. Except for GlassHouse IP or intellectual property licensed to GlassHouse that is incorporated in or used in the performance of the Services or the development of the Deliverables that result from the Services, GlassHouse agrees that any intellectual property conceived or reduced to practice during the performance of Development Services shall be fully owned by and constitute the work product of Dell (the “Dell Work Product”).
| 8 |
8.4 Licensed Materials. To the extent that the Dell Work Product incorporates, or any Deliverable requires Dell to use, GlassHouse IP that is not already subject to the license grant in the IP License Agreement or intellectual property licensed to GlassHouse from a third party (collectively “Licensed Materials”), then in accordance with and subject to all applicable terms and conditions in this MRA, GlassHouse hereby grants to Dell a perpetual, irrevocable, non exclusive, worldwide, royalty free, fully paid up license to: (i) use, make, have made, sell, execute, reproduce, display, perform, prepare derivative works based upon, and distribute (internally and/or externally) copies of the Licensed Materials and their derivative works; and (ii) authorize others to do any, some, or all of the foregoing.
8.5 Work For Hire. All Dell Work Product is solely and exclusively the property of Dell. To the extent any Dell Work Product qualifies as a “work made for hire” under applicable copyright law, it will be considered a work made for hire and the copyright will be owned solely and exclusively by Dell. To the extent that any Dell Work Product is not considered a “work made for hire” under applicable copyright law, GlassHouse hereby assigns and transfers all of its right, title and interest in and to the Dell Work Product to Dell. Furthermore, GlassHouse shall ensure that its employees, subcontractors, representatives, agents or other contractors engaged to perform Services hereunder comply with the terms of each Statement of Work including, but not limited to, this Section 8.4.
8.6 Disclosure of Dell Work Product. GlassHouse will, as part of the Dell Work Product, disclose promptly in writing to Dell all of the Dell Work Product and document all intellectual property rights as Dell personnel may direct. Furthermore, GlassHouse shall, upon request, provide to Dell all of the Dell Work Product.
8.7 Further Assurances. GlassHouse agrees to take any action and fully cooperate with Dell as Dell may request to effect the provisions of this SECTION 8.
8.8 Residuals. Subject to each party’s confidentiality obligations, and to each party’s rights in intellectual property as described in this MRA: (a) nothing in this MRA shall preclude either GlassHouse or Dell from independently developing or providing for itself, or for others, materials that are competitive with the products and services of the other party, irrespective of their similarity to any products or services offered by the other party in connection with a Statement of Work; and (b) GlassHouse and Dell each shall be free, subject to the other party’s rights in intellectual property, to use its general knowledge, skills and experience, and any ideas, concepts, know-how and techniques within the scope of its business that are used or developed in the course of undertaking a Statement of Work by such party, and GlassHouse and Dell each shall remain free to provide products and services to any customer or prospective customer so long as the terms of this MRA are not violated.
| 9 |
SECTION 9. CONFIDENTIALITY
9.1 Scope. The term “Confidential Information” means, to the extent previously, presently or subsequently disclosed by or for GlassHouse to Dell or Dell to GlassHouse, all financial, business, legal and technical information of either Party or any of its Affiliates, suppliers, customers and employees (including information about research, development, operations, marketing, transactions, discoveries, inventions, methods, processes, materials, algorithms, software, specifications, designs, drawings, data, strategies, plans, prospects, know-how and ideas) that is marked or otherwise identified as proprietary or confidential at the time of disclosure, or which by its nature would be understood by a reasonable person to be proprietary or confidential. Confidential Information shall not include any information that (a) was rightfully known by the receiving party without restriction before receipt from the disclosing party, (b) is rightfully disclosed to the receiving party by a third party without restriction, (c) is or becomes generally known to the public without violation of any Statement of Work, or (d) is independently developed by the receiving party without reliance on or reference to such information.
9.2 Restrictions. GlassHouse and Dell agree (a) not to copy or use Confidential Information except and only for the purposes of the applicable Statement of Work, but not for any other purpose, (b) to maintain it as confidential, and exercise reasonable precautions to prevent unauthorized access, use or disclosure and (c) not to disclose the Confidential Information to any third party other than its employees, contractors and sublicensees who have a legitimate need to know for the purposes contemplated by the applicable Statement of Work and who are bound by written agreements that are at least as protective of the Confidential Information as the restrictions herein. The confidentiality obligations of the Statement of Work, as they apply to Confidential Information disclosed prior to termination, will survive termination for a period of 3 years; provided, however, that each party’s obligations hereunder shall survive and continue in effect thereafter with respect to any Confidential Information that is a trade secret under applicable law. As soon as reasonably practicable upon the disclosing party’s request at any time, the receiving party shall return to the disclosing party or destroy all then existing originals and copies of any Confidential Information provided to the other party solely in connection with the performance of this Statement of Work and destroy all information, records and materials developed therefrom.
9.3 Compelled Disclosures. These restrictions will not prevent either party from complying with any law, regulation, court order or other legal requirement that purports to compel disclosure of any Confidential Information or the terms and conditions of any Statement of Work. The receiving party will promptly notify the disclosing party upon learning of any such legal requirement, and cooperate with the disclosing party in the exercise of its right to protect the confidentiality of the Confidential Information before any tribunal or governmental agency. Each party may provide a copy of any Statement of Work or otherwise disclose its terms and conditions in connection with any financing transaction or due diligence inquiry, subject to obligations of confidentiality applicable to the recipient. Prior to any disclosure of this Statement of Work or its terms and conditions to a third party, the party planning such disclosure shall notify the other party and allow the other party any opportunity to recommend redactions of certain information, which recommendations shall not be unreasonably refused.
9.4 Customer Information. GlassHouse understands that Dell may not be able to provide GlassHouse with any third party (including customer) confidential information and that GlassHouse may be required to enter into a separate confidentiality agreement with any potential customer in order to obtain any Confidential Information regarding such customer under each Statement of Work.
| 10 |
SECTION 10. INSURANCE
10.1 General. In performance of the obligations under a Statement of Work, GlassHouse agrees to comply with the provisions regarding insurance coverage set forth in this SECTION 10.
10.2 Ratings. GlassHouse shall obtain and at all times during the term of any Statement of Work maintain at its own expense, with insurance companies rated “A” or better by AM Best the following types and levels of minimum insurance coverages:
10.3 Worker Compensation. Statutory workers compensation insurance in the state(s) or jurisdiction in which GlassHouse’s employees perform services for Dell, and employer’s liability insurance with limits of not less than $500,000: (i) for each accident; and (ii) for each employee for occupational disease (policy limit for disease). GlassHouse hereby waives all claims and causes of action against Dell, its officers, directors and employees for any and all injuries suffered by GlassHouse’s employees.
10.4 Commercial General Liability. Commercial General Liability insurance with limits for bodily injury and property damage liability of not less than $1,000,000 personal injury each occurrence, $2,000,000 general aggregate and products/completed operations coverage which shall include premises/operations liability. This policy shall include a waiver of subrogation in favor of Dell; will be endorsed to include Dell as additional insured; and will contain cross-liability and severability of interest coverage.
10.5 Business Automobile Liability. Business automobile liability insurance with a limit of not less than $1,000,000 per occurrence for bodily injury and property damage liability written to cover all owned, hired and non-owned automobiles arising out of the use thereof by or on behalf of the GlassHouse and its employees. This policy shall include a waiver of subrogation in favor of Dell.
10.6 Professional Liability / Errors & Omissions. Professional Liability/Errors & Omissions (E&O) insurance with limits of not less than $10,000,000 each occurrence, $10,000,000 general aggregate.
10.7 Certification of Insurance. Prior to the commencement of any work or service as provided for in each Statement of Work, GlassHouse shall furnish to Dell insurance certificates on standard Acord form, endorsements, or evidence of coverage signed by authorized representatives of the companies providing the coverage required under the terms of this MRA. All policies providing coverage shall contain provisions that no cancellation, non-renewal or material changes in the policy shall become effective, except on thirty (30) days written notice thereof to Dell. Upon request and without expense, GlassHouse shall furnish Dell with certified copies of said insurance policies signed by authorized representatives of the insurance companies providing the coverage as required in each Statement of Work.
| 11 |
10.8 Material Terms. Failure to secure the insurance coverages, or the failure to comply fully with any of the insurance provisions of these this MRA as may be necessary to carry out the terms and provisions of this MRA shall be deemed to be a material breach of this MRA. The lack of insurance coverage does not reduce or limit GlassHouse’s responsibility to indemnify Dell as set forth in this MRA. Any and all deductibles and premiums associated with the above described insurance policies shall be assumed by, for the account of, and at the sole risk of GlassHouse.
10.9 Changes to Insurance Requirements. Dell reserves the right to review the insurance coverage requirements of this MRA and to make reasonable adjustments to such requirements or to require other types of policies to support the level of Services being performed by GlassHouse or the purchases being made by Dell from GlassHouse at any time, at GlassHouse’s sole cost, unless otherwise agreed to by Dell.
SECTION 11. GENERAL
11.1 Governing Law; Venue. EACH PARTY IRREVOCABLY SUBMITS AND CONSENTS TO THE EXCLUSIVE JURISDICTION OF THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF DELAWARE AND THE DELAWARE STATE COURTS, AND HEREBY AGREES THAT SUCH COURTS SHALL BE THE EXCLUSIVE PROPER FORUM FOR THE DETERMINATION OF ANY DISPUTE ARISING HEREUNDER. THE AGREEMENT WILL BE GOVERNED BY AND CONSTRUED IN ACCORDANCE WITH THE LAWS OF THE STATE OF DELAWARE, EXCLUSIVE OF ANY PROVISIONS OF THE UNITED NATIONS CONVENTION ON THE INTERNATIONAL SALE OF GOODS AND WITHOUT REGARD TO PRINCIPLES OF CONFLICTS OF LAW. Prior to either party commencing litigation, with respect to disputes under the Agreement, the parties shall have executives on both companies meet to determine resolution to the dispute.
11.2 Survival. Upon any expiration or termination of any Statement of Work, all rights and obligations of GlassHouse and Dell thereunder shall cease, except that all obligations that accrued prior to the effective date of termination (including without limitation, payment obligations for Services performed and non-cancelable expenses incurred prior to the effective date of termination, but, with respect to non-cancelable expenses, only to the extent the payment of the same upon expiration or termination is expressly provided for in the Statement of Work) and any remedies for breach shall survive. Regardless of the circumstances of termination or expiration of a Statement of Work, or portion thereof, the provisions of SECTIONS 5 (REPRESENTATIONS AND WARRANTIES), 6 (INDEMNIFICATION), 7 (LIMITATION OF LIABILITY), 8 (INTELLECTUAL PROPERTY RIGHTS), 9 (CONFIDENTIALITY), and 11 (GENERAL) of this MRA will survive the termination or expiration and continue according to their terms.
11.3 Supplier Diversity. Dell supports the development of a diverse marketplace through our development of a diverse supply chain. Since Dell transacts business with the United States federal government, state/local governments, and several Fortune 500 companies, the Equal Opportunity Clauses at 41 CFR sections 60-1.4(a), 60-250.5(a) and 60-741.5(a) are hereby incorporated and, if applicable, GlassHouse will comply with FAR 52.212-3, Offer or Representations and Certifications-Commercial Items, and FAR 52.219-8 and FAR 52-219-9,
| 12 |
Utilization of Small Business Concerns. If subcontractors are engaged to provide any Services pursuant to this Statement of Work, GlassHouse will use commercially reasonable efforts to engage businesses that are (i) certified as minority or women owned by a third party certification agency acceptable by Dell, (ii) business concerns that are fifty-one percent owned, controlled, operated and managed by women or members of a minority group including African Americans, Hispanic Americans, Native Americans, Asian Indian Americans, Asian-Pacific Americans, or (iii) meets the criteria of a small business as defined by the guidelines of the Small Business Administration this includes, but is not limited to veteran, hubzone, 8(a), disadvantaged and woman owned businesses (“Supplier Diversity”). GlassHouse agrees to maintain accurate records illustrating that they have a Supplier Diversity plan in place, records are being maintained, and as needed will be reported to Dell. GlassHouse agrees to also cooperate in any Dell Supplier Diversity studies or surveys as may be required. In the event GlassHouse is considered a Diverse Supplier, GlassHouse must register with Dell’s Supplier Diversity program at www.dell.com (click About Dell, click Supplier Diversity). GlassHouse must comply with Dell’s Supplier Diversity policies and procedures as well as comply, in a timely manner, with any reasonable request or requirement from Dell’s Supplier Diversity office (for example, second tier reporting). Second tier reports are to be submitted within 15 business days after the close of each calendar period. GlassHouse must comply with the following Supplier Principles which may be changed from time to time by Dell: http://www1.us.dell.com/content/topics/global.aspx/corp/sup_prince/en/commit?c=us&l=en&s=corp).
11.4 Record Retention. GlassHouse will maintain accurate and legible records for a period of five (5) years from the date of completion of the applicable Services and, subject to the provisions of Section 9, will grant to Dell, or its designee, reasonable access to and copies of, any information reasonably requested by Dell with respect to GlassHouse’s performance under a Statement of Work.
11.5 No Requirements; No Supply. Except as provided in a Statement of Work, nothing in this Statement of Work requires either GlassHouse or Dell to purchase from or sell to the other party any or all of its requirements or capacity for hardware, software or services whether or not the same or similar to the Services provided hereunder. GlassHouse will cooperate and work with Dell and any other service providers that Dell may engage in connection with the provision of the Services.
11.6 Non-Exclusivity. This Statement of Work does not create an exclusive relationship between GlassHouse and Dell. Notwithstanding anything in each Statement of Work to the contrary, GlassHouse and Dell remain free, at its sole discretion, to pursue any specific opportunity or opportunities in any or all market segments and/or geographies independently or with a third party. GlassHouse and Dell are independent contractors and neither GlassHouse nor Dell is an employee, agent, servant, representative, partner, or joint venturer of the other or has any authority to assume or create any obligation or liability of any kind on behalf of the other.
11.7 Waivers. No waiver of any term or condition is valid unless in writing and signed by authorized representatives of both parties, and will be limited to the specific situation for which it is given. Use of pre-printed forms, including, but not limited to email, purchase orders, shrink-wrap or click-wrap agreements, acknowledgements or invoices, is for convenience only and all
| 13 |
pre-printed terms and conditions stated thereon, except as specifically set forth in the MRA, are void and of no effect. No amendment or modification to the Agreement will be valid unless set forth in writing and signed by authorized representatives of both parties. The Agreement may not be assigned by GlassHouse in whole or in part, even by operation of law, in a merger or stock or asset sale, without the express written permission of Dell. Any attempt to do so will be null and void.
11.8 Notice Delivery. Any notice required or permitted by the Agreement must be in writing in English and delivered by certified or registered mail, return receipt requested, postage prepaid and addressed as follows or to such other addresses as may be designated by notice from one party to the other, all such notices being effective on the date received: If to Dell: Dell, One Dell Way, Round Rock, Texas 78682, Attn: VP, General Procurement, cc: General Counsel; and, If to GlassHouse: 200 Crossing Boulevard, Framingham, MA 01702, Attn: CEO .
11.9 Violations. Whenever possible, each provision of the Agreement will be interpreted in such a manner as to be effective and valid under applicable law, but if any provision of the Agreement is found to violate a law, it will be severed from the rest of the Agreement and ignored and a new provision deemed added to the Agreement to accomplish, to the extent possible, the intent of the parties as evidenced by the provision so severed. The headings used in the Agreement have no legal effect.
11.10 Non-Exclusivity of Rights. Except as may be otherwise provided in the Agreement, the rights or remedies of the parties hereunder are not exclusive, and either party is entitled alternatively or cumulatively, subject to the other provisions of the Agreement, to damages for breach, to an order requiring specific performance, or to any other remedy available at law or in equity. Neither party or its subsidiaries or affiliates will bring a claim under the Agreement more than two (2) years after becoming aware of the events giving rise to the cause of action.
11.11 Execution of MRA. This MRA may be signed in one or more counterparts, each of which will be deemed to be an original and all of which when taken together will constitute the same agreement. Both parties agree that the receipt of a facsimile signature in the space provided below will represent final execution and acceptance of the terms and conditions contained in the MRA. Any copy of this MRA made by reliable means (e.g. photocopy or facsimile) shall be considered an original.
11.12 Exports. GlassHouse and Dell acknowledge that the Services and/or transactions contemplated by this Agreement, which may include technology and software, are subject to the customs and export control laws and regulations of the United States (“U.S.”) and may also be subject to the customs and export laws and regulations of other countries. Each party agrees to abide by those laws and regulations. Further, under U.S. law, the Services and any products applicable may not be sold, leased or otherwise transferred to restricted end-users or to restricted countries. In addition, the Services may not be sold, leased or otherwise transferred to, or utilized by an end-user engaged in activities related to weapons of mass destruction, including without limitation, activities related to the design, development, production or use of nuclear weapons, materials, or facilities, missiles or the support of missile projects, and chemical or biological weapons.
| 14 |
By signing below, the parties are agreeing to the terms and conditions contained in this Master Relationship Agreement.
| DELL MARKETING L.P. | GLASSHOUSE TECHNOLOGIES, INC. | |||||||
| By: | /s/ S. Murdoch | By: | /s/ Mark Shirman | |||||
| Name: | S. Murdoch | Name: | Mark Shirman | |||||
| Title: | VP GICS | Title: | President / CEO | |||||
| 15 |
SCHEDULE A
DEFINITIONS
“Acquired Party” shall have the meaning set forth in Section 2.3.
“Affiliate(s)” of a party shall mean any and all Entities, now or in the future and for so long as the following ownership and control exists, that: (i) own or control, directly or indirectly, the party; (ii) are owned or controlled by, or under common control with, directly or indirectly, the party; or (iii) are owned or controlled, directly or indirectly, by a Parent Company. For purposes of the preceding sentence, “own or control” shall mean: (A) if the Entity has voting shares or other voting securities, ownership or control (directly or indirectly) of more than fifty percent (50%) of the outstanding shares or securities entitled to vote for the election of directors or other similar managing authority for such Entity; or (B) if the Entity does not have voting shares or other voting securities, ownership or control (directly or indirectly) of more than fifty percent (50%) of the ownership interest representing the right to make decisions for such Entity.
“Agreement” shall have the meaning set forth in Section 1.2.
“Change of Control” shall mean, with respect to a party, a change in Control of such party (or that portion of such party’s business to which the Agreement relates) or, if such party is not the ultimate Parent Company, such party’s ultimate Parent Company, where such Control is acquired, directly or indirectly, in a single transaction or series of related transactions, or all or substantially all of the assets of such party (or that portion of such party’s business to which the Agreement relates) are acquired by any entity that was not previously an Affiliate of such party, or such party (or that portion of such party’s business to which the Agreement relates) merges with another entity and does not constitute the surviving corporation of such merger.
“Claims” shall have the meaning set forth in Section 6.1.
“Confidential Information” shall have the meaning set forth in Section 9.1.
“Control” shall mean (i) the legal or beneficial ownership, directly or indirectly, of (A) at least fifty percent (50%) of the aggregate of all equity securities of an entity or (B) equity securities having the right to at least fifty percent (50%) of the profits of an entity or, in the event of dissolution, to at least fifty percent (50%) of the assets of an entity; (ii) the right to appoint, directly or indirectly, a majority of the board of directors (or other comparable managers); or (iii) the right to control, directly or indirectly, the management or policies of the entity, whether through the ownership of voting securities, by contract or otherwise.
“Copyleft” means a licensing model that permits anyone to use, modify or redistribute software, subject to a condition of use, modification, and/or distribution of such software, whereby such software and/or any other software incorporated into such software, derived from or distributed with such software be (i) disclosed or distributed in source code form to the public, (ii) licensed to the public for the purpose of making derivative works or (iii) re-distributed to anyone at no charge.
“Damages” shall have the meaning set forth in Section 6.1.
| 16 |
“Deliverables” shall mean any software, documentation or other deliverables provided to Dell during the course of providing the Services, excluding any materials provided to GlassHouse by Dell for inclusion in such deliverables.
“Dell” shall mean Dell Marketing and its Affiliates.
“Dell Indemnitees” shall have the meaning set forth in Section 6.2.
“Dell Marketing” shall have the meaning set forth in the preamble.
“Dell PO” shall mean a purchase order issued by Dell pursuant to any Statement of Work.
“Dell Work Product” shall have the meaning set forth in Section 8.3.
“Development Services” shall mean services provided by GlassHouse to Dell whereby GlassHouse is developing certain Dell Work Product for Dell as expressly set forth in a Statement of Work.
“Effective Date” shall have the meaning set forth in the preamble.
“Entity” shall mean a corporation, association, partnership, business trust, joint venture, limited liability company, proprietorship, unincorporated association, individual or other entity that can exercise independent legal standing.
“GlassHouse Indemnitees” shall have the meaning set forth in Section 6.1.
“GlassHouse IP” shall have the meaning set forth in Section 8.2.
“GlassHouse” shall have the meaning set forth in the preamble.
“IP License Agreement” shall have the meaning set forth in Section 1.2.
“Licensed Materials” shall have the meaning set forth in Section 8.4.
“Managed Services” shall mean the management and support by GlassHouse of Dell’s day to day administrative, information technology or management functions as detailed in any Statement of Work.
“MRA” shall have the meaning set forth in the preamble.
“Notice” shall have the meaning set forth in Section 6.6(a).
“Other Services” shall mean all services provided by GlassHouse to Dell as set forth in any Statement of Work other than Managed Services or Development Services.
“Parent Company” shall mean any Entity that owns or controls (directly or indirectly) more than fifty percent (50%) of the outstanding shares or securities representing the right to vote for the election of directors or other managing authority of a party.
| 17 |
“Pre-existing IP” means, with respect to each of GlassHouse and Dell, any intellectual property (i) owned by GlassHouse or Dell, respectively, prior to entering into this MRA; (ii) developed or acquired by GlassHouse or Dell, respectively, other than in the course of performing services under this MRA; and (iii) derivatives, improvements or modifications of the foregoing.
“Schedule” shall have the meaning set forth in Section 1.2.
“Services” shall mean Development Services, Managed Services and Other Services, collectively.
“Statement of Work” shall mean a written statement of work specifically referencing this MRA that is mutually agreed between the parties and executed by the authorized representatives of both parties.
“Supplier Diversity” shall have the meaning set forth in Section 11.3.
“Transition Plan” shall have the meaning set forth in Section 2.5.
| 18 |
SCHEDULE B
U.S. Site Security and Environmental, Health, and Safety Addendum
UNITED STATES SITE SECURITY
AND ENVIRONMENTAL, HEALTH, AND SAFETY ADDENDUM
Contract Name: Master Relationship Agreement
Effective Date: June 23, 2008
This Site Security and Environmental, Health, and Safety Addendum (this “Addendum”) is subject to the terms and conditions of the Master Relationship Agreement (the “Agreement”) dated June 23, 2008 between GlassHouse Technologies, Inc. (“Provider”) and Dell Marketing, L.P. (“Dell”). Capitalized terms not specifically defined herein shall have the meaning set forth in the Agreement.
Compliance Requirements:
Strict compliance with the requirements stated within this Addendum shall be required. Dell may terminate the Agreement with Provider based on any non-compliance with this Addendum. Provider agrees to adhere to and comply with the terms of this Addendum and to require all of Provider’s agents and employees and all of the agents and employees of Provider’s contractors who will be involved in any way with the rendition of Services (“Representatives”) to adhere to and comply with the terms of this Addendum. If Dell requests Provider to replace one or more of Provider’s personnel, agents, or subcontractors for any reason, Provider shall immediately replace that individual after notice is given to Provider by Dell and not reassign that person to perform any Services or any other Dell-related project absent Dell’s specific written consent. The fact that Dell makes any such request shall not require Provider to take any employment or other action against any of Provider’s personnel, agents, or subcontractors.
Provider shall provide each Representative a copy of this Addendum (together with its Exhibits and Attachments) and ensure that each Representative carefully reads this Addendum and agrees to comply with the terms and conditions of this Addendum prior to commencing any work for, on behalf of, or otherwise related to Dell. Provider shall also obtain a certification (in the form set forth in Exhibit “A” to this Addendum) from each Representative prior to the Representative providing any Services and then again each time an individual is assigned to perform Services (other than standard warranty break/fix dispatches) at a new customer site. Additionally, each year, on the anniversary month of the Effective Date of this Addendum, Provider shall provide Dell with Provider’s Certification of Compliance (in the form set forth in Exhibit “A-1” to this Addendum). Provider shall retain all signed Certifications (Exhibit “A”) for at least four years past the termination date of the Agreement.
Site Requirements:
Provider shall personally ensure that (1) a criminal background check and drug screen is conducted on each Representative who will enter onto any Dell property or any Dell customer site (2) using ProMesa or such other third-party service provider as Dell may otherwise designate in writing from time to time referencing this Addendum (“Dell’s Check and Screen Service Provider”) (3) within the 30 day period immediately preceding the Representative’s first entry upon any Dell property or any customer site and (4) no Representative subsequently enters onto any Dell property or customer site unless a criminal background check has been conducted within the 12 months preceding the entry.
Provider understands and agrees that Dell’s Check and Screen Service Provider shall apply the standards Dell applies to Dell’s new hires (the “Dell Standards”) in conducting the criminal background checks and drug screens described above and shall determine whether Representative is identified as a sex offender using an available sex offender database selected by Dell’s Check and Screen Service Provider. Provider understands and agrees that Dell may change the Dell Standards at any time, for any reason, with or without notice to Provider. Provider may request a copy of the current Dell Standards at any time. Provider agrees the Dell Standards constitute Confidential Information.
| 19 |
Representations and Warranties:
Provider represents and warrants that neither it nor any of its contractors or subcontractors will allow any Representative to enter onto any Dell property or any Dell customer site unless and until Dell’s Check and Screen Service Provider has affirmatively indicated that the Representative has successfully passed the criminal background check and drug screen described above. By allowing any Representative to enter onto Dell property or any customer site, Provider represents and warrants that:
| • | The Representative has successfully passed the criminal background check and drug screen described above (as evidenced by an affirmative indication of same by Dell’s Check and Screen Provider) within the 30 day period preceding the Representative’s first entry onto any Dell property or any customer site; |
| • | The Representative has successfully passed the criminal background check within the 12 month period preceding any subsequent entry onto any Dell property or any customer site (i.e., annual certification of criminal background required); |
| • | The Representative is drug and alcohol free; |
| • | The Representative is authorized to work for Provider or its contractor or subcontractor in the U.S. as required by law; |
| • | The Representative does not have any weapons in his or her possession or in his or her vehicle; and |
| • | The Representative shall comply with all applicable Dell and Dell customer Rules of Conduct (available upon request). |
Information:
Upon request, Provider shall provide Dell with any and all information and documents reasonably requested by Dell to ensure that Provider and Provider’s contractors and subcontractors are complying with the requirements of this Addendum. Provider’s refusal to provide Dell with any information or document requested by Dell shall give Dell the right to terminate the Agreement.
If during an audit of technician-pass/fail status, or any other time, Dell discovers that a technician which has responded to a Dell dispatch has either not completed or failed the criminal background check or drug screen as described above, Dell has the right to require Provider to pay an amount between $1,000 and $10,000 per occurrence, which amount shall be determined on a case-by-case basis based upon the severity of the violation and the actual or potential harm caused to Dell’s business and customers.
Notice:
If Provider receives any information suggesting that any Representative has been charged with or arrested for any criminal offense (other than a minor traffic violation) or is or may be violating any of the terms of this Addendum or the Rules of Conduct of Dell or a Dell Customer, Provider shall immediately provide written notice of same to Provider’s primary Dell contact and shall ensure the Representative does not enter onto any Dell property or any customer site absent the specific written approval of Provider’s primary Dell contact following such written notice.
Compliance with Applicable Law:
If compliance with any portion of this Addendum (including this provision) would require Provider to violate an applicable law, Provider shall notify Provider’s primary Dell contact of same in writing immediately. Pending Dell’s written response to Provider’s written notice, Provider shall ensure that a Representative who has not complied with all of the requirements of this Addendum is not permitted to enter onto any Dell property or any Dell customer site.
2
Indemnity:
Provider shall indemnify, defend, and hold harmless Dell and its subsidiaries and affiliates and their respective officers, directors, employees, representatives, and agents from and against any and all claims, legal proceedings, demands, damages, losses, liabilities, judgment, settlements, costs and expenses, including without limitation reasonable attorneys’ fees that are related to any alleged or actual failure by Provider (including any failure by Provider’s agents or employees) or Provider’s contractors or subcontractors (including any failure by the agents or employees of Provider’s contractors and subcontractors) to comply with any of the requirements of this Addendum. The Indemnification Procedures identified in the Agreement shall apply to Dell’s indemnity right under this paragraph.
General Environmental, Health & Safety (EHS) Requirements:
Provider and all sub-contractors working for Provider on Dell’s premises or customer site must conduct work in a manner that minimizes the risk of injury to themselves, Dell employees or other employees at the customer site, and damage to property. Work must be conducted in accordance with all Federal, State, and local Environmental, Health & Safety regulations, policies and procedures, and all site-specific requirements (as applicable). The framework for the baseline requirements is outlined below. Adherence to these requirements is a condition of the Agreement between the parties.
| 1. | Provider will maintain a clean and safe work site at all times. Removal of trash, debris, scrap, and waste materials from the work area will occur in accordance with the terms of the applicable Statement of Work (SOW). All waste materials must be removed from Dell or a customer site by the Provider in accordance with Federal, State, and local regulations. |
| 2. | Provider will enforce all environmental, health, and safety rules and requirements for their employees and all sub-Contractors. |
| 3. | Provider will maintain records of all injuries and incidents in accordance with OSHA Recordkeeping requirements. Provider will submit incident information including but not limited to OSHA 300 logs (or similar records) to Dell upon request. |
| 4. | Dell reserves the right to review Provider’s site activities. Deficiencies in Provider’s activities on site as identified by Dell (or its agents) will be corrected to Dell’s satisfaction within an agreed upon timeframe. |
| 5. | Unless otherwise provided in the Agreement, Provider and/or its subcontractors agree that each will not use Dell provided equipment to perform Services and that the Provider and/or its subcontractors are solely responsible for the maintenance and repair of their own equipment used to perform such Services. |
Confidentiality Requirements:
Notwithstanding anything contrary in the terms of any applicable Non-Disclosure Agreement, any trade secrets or other proprietary information of Dell or Dell’s customer, whether oral, visual or written, shall constitute confidential information of Dell or Dell’s Customer even if not marked as such. Further, Provider’s obligation to preserve the confidentiality of such trade secrets or proprietary information shall continue in perpetuity. The terms and conditions of the attached Exhibit B to this Addendum shall not be disclosed by Provider without prior written approval of the authorized Dell representative.
3
Strict compliance with the above requirements in this Addendum is a material term of the Agreement. Dell reserves the right to terminate the Agreement based on any non-compliance with the terms of this Addendum.
The parties hereto have caused this Addendum to be executed by their duly authorized representatives.
| Agreed and Accepted: | Agreed and Accepted: | |||||||
| DELL MARKETING, L.P. | GLASSHOUSE TECHNOLOGIES, INC. | |||||||
| By: | By: | |||||||
| Printed Name: | Printed Name: | |||||||
| Title: | Title: | |||||||
4
Exhibit A to Site Security Addendum
Certification of Provider’s Personnel, Agents, and Subcontractors:
Signed Certifications must be kept on record with Provider’s Human Resources Department for a period of four years after the termination of the Agreement.
My signature below confirms my acknowledgement that I have read the Site Security and Environmental, Health, and Safety Addendum; that I fully understand the requirements stated therein; and that I agree to comply with the requirements stated therein while on Dell property, Dell business, or any customer site.
| Printed Name: | ||
| Signature: | ||
| Date: | ||
Exhibit A
Page 1
Exhibit A-1 to Site Security Addendum
Annual Certification of Provider’s Compliance:
Signed Certifications must be kept on record with Provider’s Human Resources Department for a
period of four years after the termination of the Agreement.
My signature below confirms Provider’s acknowledgement of compliance with the Site Security and Environmental, Health, and Safety Addendum terms; that Provider fully understands the requirements stated therein; and that Provider agrees to comply with the requirements stated therein while any of Provider’s personnel, agents or subcontractors are at Dell or any customer site.
| Printed Name: |
| Signature: |
| Title: |
| Date: |
Exhibit B
Page 2
Exhibit B to Site Security Addendum
Confidentiality Agreement
_______________________________ (insert name of Contractor or Subcontractor here) (“Contractor”) acknowledges that Provider has provided the undersigned with this Confidentiality Agreement and the undersigned has read and understands the terms of this Confidentiality Agreement. This Confidentiality Agreement applies to the following project (the “Project”): Confidentiality agreement is to be signed by ALL sub-contractors as they are not covered under Dell’s NDA. (Please delete these instructions upon execution).
___________________________________ (insert description of Project here)
___________________________________
By its signature below, the undersigned (the “Contractor”) agrees that:
The Contractor is entering upon the Project, which is owned or leased by Dell Inc. (or a subsidiary and/or affiliate of Dell Inc.) or is owned or leased by Dell’s Customer. Dell Inc. and/or each such subsidiary and/or affiliate of Dell Inc. and Dell’s Customer are referred to herein as an “Owner Party” and referred to collectively as the “Owner Parties.”
The Contractor agrees that any and all information relating to the business of any Owner Party and all Owner Parties and all information relating to, belonging to, or pertaining to any product, supplier, creditor, customer or prospect of any Owner Party and all Owner Parties, including but not limited to, information relating to products, customer and prospect lists, concepts for marketing computer hardware and software, data processing, programming, software, documentation, research and development processes, inventions, services or the internal operations of any Owner Party and all Owner Parties or any supplier, creditor, customer or prospect of any Owner Party and all Owner Parties is and shall be treated by the Contractor as confidential and proprietary at all times (including, without limitation, at all times after the Contractor is no longer performing work or providing labor, material or other services at the Project).
The Contractor agrees that, except for the purpose of any Owner Party’s right to enforce the terms of this Confidentiality Agreement, this Confidentiality Agreement does not create any privity of contract between the Contractor and any Owner, and the Contractor hereby waives any and all claims, demands, suits and causes of action against any Owner Party and all Owner Parties and releases all Owner Parties from any liability, whether any such claim, demand, suit, cause of action or liability is known or unknown, present or future.
In addition to any other remedies available to any Owner Party, any Owner Party shall have the right to seek equitable relief, including, without limitation, injunctive relief or specific performance, against the Contractor or its representatives, employees or agents in order to enforce the provisions of this Confidentiality Agreement.
| Contractor | ||
| By: | ||
| (Signature) | ||
| (Printed Name) | ||
| Its: | ||
| (Title) | ||
| Date: | ||
Exhibit A
Page 2
SCHEDULE C
INFORMATION PRIVACY AND SECURITY SCHEDULE ADDENDUM
This Information Privacy and Security Schedule Addendum (this “IPSS”), dated June 23, 2008, is subject to the terms and conditions of the GlassHouse Technologies, Inc. Master Relationship Agreement (“MRA”) dated June 23, 2008 between GlassHouse Technologies, Inc. (“Provider”) and Dell Marketing, L.P. and the terms of the Non Disclosure Agreement (#0511012) between Provider and Dell Marketing, L.P. (“NDA”). This IPSS shall be considered a Schedule under the MRA and shall be deemed part of the Agreement. “Dell” shall mean Dell Marketing, L.P. and its worldwide subsidiaries and affiliates including, but not limited to, Dell Inc. and all subsidiaries of Dell Inc. In the event of a conflict between the NDA, MRA, or any other portion of the Agreement and this IPSS, this IPSS shall prevail. Provider’s failure to comply with any of the provisions of this IPSS shall be deemed a material breach of the Agreement.
Provider shall access and use all Data exclusively for the purpose of performing its obligations under the Agreement. Provider shall not sell, rent, transfer, distribute or otherwise disclose the Data to any third party (including subcontractors and outsourcers), without prior written permission from Dell unless required by law enforcement or government bodies or as otherwise required by law. In the event Dell provides such consent, Provider shall remain liable for the actions of the third party and shall ensure that any such third party complies with the terms in the NDA and the Agreement including without limitation, this IPSS. Provider will defend and indemnify Dell for any claims arising in connection with its own failure or the failure of the third party to comply with the NDA and the Agreement including, without limitation, this IPSS. Such claims shall be deemed covered claims under the terms of the “Indemnification” section of the MRA.
If through the course of business between Dell and Provider the scope of the Agreement or geographic reach change beyond what was agreed to initially, the terms of this IPSS must be revisited. In order to ensure proper compliance with Dell policy, industry standards and applicable regional laws and regulations, Dell may propose additional or updated terms to this IPSS and will negotiate in good faith with Provider to reach agreement on such additional terms. If the parties are unable to reach agreement, Dell may terminate the Agreement.
Confidentiality
In addition to and without limiting the provisions regarding confidentiality and the definition of confidential information set forth in the Agreement and/or NDA, the term “Confidential Information” will also include: (1) all Dell non public, or proprietary information and data accessed by Provider through Dell’s network or provided to or accessed by Provider for hosting or outsourcing services whether or not it is marked or identified as such (“Electronic Data”); and (2) any information accessed, collected, retained, stored, shared, transferred, used or disclosed by Provider that relates to an identified or identifiable natural person (“Personally Identifying Information” or “PII” or “Personal Data”), whether or not it is marked or identified as such (Electronic Data and PII/Personal Data are collectively “Data”). Provider agrees to treat the Data as Dell confidential information in accordance with the NDA and the Agreement including, without limitation, this IPSS.
Notwithstanding the above, or any contrary terms in the NDA or other parts of the Agreement, any exclusion in the NDA or the Agreement to the definition of confidential information shall not apply to PII/Personal Data disclosed to Provider pursuant to the NDA and this Agreement. Provider’s obligation to protect Data shall survive the termination or expiration of the NDA and/ or the Agreement and Provider shall treat Data as Dell confidential in perpetuity. As between Provider and Dell, Dell is the exclusive owner of the Data.
Privacy Obligations
Provider agrees all access to, collection, retention, transfer, disclosure and use of PII/Personal Data will comply in all respects with Dell’s commitments to its customers set forth in Dell’s Global Privacy Policy and applicable regional privacy policies and local national laws based on the source of the data. Dell’s global and regional privacy policies are updated from time to time and are available at www.dell.com/privacy. Provider shall check the applicable privacy policies every quarter to ensure that it is complying with the most current version.
Provider shall not use PII/Personal Data to contact, solicit or target (for example by means of advertising, telemarketing or emailing) any individual (including but not limited to Dell customers or employees), without the express written permission of Dell.
Where Provider is providing services to Dell’s business customers as Dell’s subcontractor, Provider understands and accepts and agrees to comply in all respects with Dell’s customers’ privacy policies, practices and requirements as they may be communicated to Provider by Dell or Dell’s customers from time to time.
If Provider will be hosting a website, Provider must:
(1) For websites that are not clearly branded as Dell, ensure (a) that it is clearly and conspicuously communicated to users that they are no longer on a Dell site; and (b) clearly and conspicuously communicate Provider’s privacy policy to the users and (c) ensure that Provider’s privacy policy complies with all applicable laws and is consistent with the representations set forth in Dell’s applicable privacy policies.
(2) Post any informational language reasonably required by Dell;
(3) Prominently notify European Union users if their data will be hosted, transferred or processed outside the European Union.
Information Security Obligations
Provider will implement commercially reasonable safeguards to protect the Data that are no less rigorous than accepted industry practices (such as ISO 17799/27001, ITIL or COBIT) and will ensure that all such safeguards, including, how the Data is handled, processed, stored, and disposed of, are in compliance with all applicable data protection and privacy laws and in accordance with the terms of the NDA and Agreement. If Provider will have access to or will be handling, processing, storing or transmitting credit or debit card information Provider warrants that it will at all times remain in compliance with the Payment Card Industry “PCI” Data Security Standard requirements. Prior to accessing any such data and on each anniversary of the Agreement thereafter, Provider must submit a summary of the PCI DSS assessment results and remediation efforts, if any.
At a minimum, Provider shall implement physical, technical and administrative safeguards that provide for: (a) protection of business facilities, paper files, servers, computing equipment, including all mobile devices and other equipment with information storage capability, and backup systems containing the Data; (b) network, application (including databases) and platform security; (c) business systems designed to optimize security; (d) secure transmission and storage of Data (whether by encryption or other equally protective measures); (e) authentication and access control mechanisms; (f) personnel security and integrity; and (g) annual training to Provider’s employees, personnel, and/or subcontractors on how to comply with the Provider’s physical, technical, and administrative information security safeguards.
Data will be stored on servers in data centers which comply with industry standard data center security controls. Data files will not be placed on any notebook hard drive or removable media, such as compact disc or flash drives, unless encrypted. Provider will ensure that Highly Restricted PII/Personal Data and sensitive Dell data may not be co-located with information of a competitor.
Provider shall regularly test and monitor the effectiveness of its security practices and procedures relating to the Data and will evaluate and adjust its information security program in light of the results of the testing and monitoring, any material changes to its operations or business arrangements, or any other circumstances that Provider knows or reasonably should know may have a material effect on its information security program. In addition, at any point during the term of the Agreement, upon Dell’s request, Provider shall provide Dell a copy of Provider’s security standards, policies and guidelines related to the Data.
Upon request, Provider shall grant Dell or a third party on Dell’s behalf permission to perform an assessment of controls in Provider’s, or Provider’s subcontractors’ environment in relation to the services being provided to ensure compliance with the Agreement, as well as any applicable laws, regulations, directives, ordinances, or industry standards. This audit shall be performed at Dell’s expense. Provider shall fully cooperate with such assessment by providing access to knowledgeable personnel, physical premises, documentation, infrastructure and application software that processes, stores or transports Data for Dell pursuant to the Agreement.
Call Recordings
Unless not technically feasible, call recording data shall be encrypted. If not technically feasible, Provider shall comply with the following guidelines with respect to call recording data:
(1) Provider shall establish strong control processes for collection, review, distribution and removal of call recording data.
(2) Call recordings shall only be used for internal quality review and training purposes. Provider shall delete call recordings immediately after completing the quality review process, which shall in no case be longer than 60 days after the original recording was made, except for special situations involving specific identified recordings provided the recording is encrypted or highly sensitive customer information is removed.
(3) Provider shall ensure that access to the call recording data shall be highly controlled and limited to only those involved in the quality monitoring process. Logging and monitoring shall be performed by Provider to verify who has accessed these files. Prior to using a call recording for training purposes, all PII/Personal Data and must be removed from the recording or otherwise rendered in audible.
Breach
In the event that Provider experiences an actual or suspected security breach (e.g., physical trespass on a secure facility, computing systems intrusion/hacking, loss/theft of a computer [notebook, desktop, other mobile device, hard drive, or any information storage device], loss/theft of printed materials, exploitation of a vulnerability in the deliverables, or other unauthorized access), that resulted in (or is reasonably believed to have resulted in or may potentially result in) the misuse, compromise, or unauthorized release of Data (collectively, a “Security Breach”), Provider will notify Dell of the Security Breach with in 12 hours after it becomes aware of a Security Breach. A Security Breach also applies to a reported privacy complaint that Provider may receive in relation to the Data or services provided in the Agreement.
| • | Provider will provide Dell with the name and contact information for a primary security contact within Provider. Provider shall notify Dell of any Security Breaches by e-mailing with a read receipt privacy@dell.com with a copy to Provider’s primary business contact within Dell. |
| • | Immediately following such discovery and notification to Dell, the parties will coordinate with each other to investigate the Security Breach. |
| • | Provider also shall take immediate steps to remedy the Security Breach at Provider’s expense in accordance with local individual privacy rights and laws. Provider shall reimburse Dell for actual costs incurred in responding to and/or mitigating damages caused by a Security Breach. |
| • | Except as may be strictly required by applicable law, Provider agrees that it will not inform any third party of any Security Breach without first obtaining Dell’s prior written consent, other than to inform a complainant that the matter has been forwarded to Dell’s privacy office. |
Provider shall immediately notify Dell of any investigations of its information use or security practices by a government, regulatory, or self-regulatory organization.
Infrastructure Security and Connectivity
Upon request for the term of the Agreement, Provider shall provide a summary of the results of a controls audit, such as a SAS 70 Type II or information security audit as applicable to the services being provided, which has been performed within the past year. The audit will include an assessment of Provider’s general controls and security practices and procedures relating to the Data shared, accessed, and/or stored through this Agreement to ensure compliance with applicable national laws, regulations and industry standards. The audit should be performed as part of Provider’s ongoing information security program to evaluate Provider’s general security controls on a regular basis and at Provider’s expense. All such audits shall be performed by: (1) a qualified, objective, independent qualified third-party professional, such as a Certified Information System Security Professional or as a Certified Information Systems Auditor; (2) a person holding Global Information Assurance Certification from the SysAdmin, Audit, Network, Security Institute; or (3) a similarly qualified person or organization who is able to demonstrate experience in performing the required type of assessment. Provider and Dell will come to agreement on the timeframe and remediation of any gaps between the audit results and Dell’s expectations.
Dell, or a third party chosen by Dell, may evaluate the security of Provider’s I/T network and associated services, and Provider agrees to work cooperatively with Dell to determine whether additional or different security measures are required to protect the network or Data placed or proposed to be placed or transmitted on the network.
Product Security
Provider shall have processes in place to identify and to notify Dell in a timely manner of any security vulnerabilities identified in the Provider’s product, software, website or other similar item (hereafter “Product”), or in any third party component used in the Provider’s Product. Provider commits to remediate vulnerabilities identified in the Provider’s Product at the Provider’s expense and as a top priority or in a timeframe otherwise agreed upon by Dell.
Provider confirms that it uses, and that Product was designed based upon industry secure coding practices (such as OWASP or SANS Top 10 as applicable), and that information security is addressed throughout the development life-cycle, including without limitations, security development requirements, test plans, code reviews, security testing and quality assurance. The Product’s processes, direct capabilities, and other necessary actions comply with all applicable laws and payment card industry standards, where applicable, including but not limited to laws addressing privacy and information security obligations.
Upon request, Provider will submit the results and remediation efforts of an independent security assessment. The assessment scope must be agreed upon by Dell. Such an assessment is required for all products that will: (a) be customer facing, including shipped with or installed on customer systems; or (b) access, collect, store, transmit, disclose or process Highly-Restricted PII/Personal Data. Remediation efforts must be agreed upon by Dell and addressed to Dell’s satisfaction prior to acceptance of the final Product.
Data Retention
Provider will retain and delete Data in accordance with any retention schedule agreed upon between Dell and Provider. If Provider cannot retain this data for the stated amount of time, Provider will regularly provide the data to Dell for Dell to retain. If the Agreement between Dell and Provider expires prior to the agreed upon retention schedule, all Dell data hosted and maintained by Provider will be returned to Dell.
In the absence of such agreed schedule, in a manner consistent with applicable law, Provider will dispose of Data that is no longer needed throughout the term of the Agreement. Provider will provide Dell details on how the data will be disposed. In any event, no later than 30 days after the termination or expiration of the Agreement, or portion thereof, at Dell’s option Provider shall either: (1) dispose of all Data in a manner consistent with applicable law, (2) return all Data related to such terminated or expired services. Upon request, Provider shall present to Dell with a written and signed certification of such return and/or disposal. If Dell has a reasonable basis to be concerned about the continued retention of Data by the Provider after termination or expiration of the Agreement, promptly upon Dell’s written request, Provider shall obtain and fund an external audit to ensure total removal of Data from Provider’s systems. Dell has the right to oversee the audit and obtain the audit results.
In no event, however, will Provider dispose of data, which Provider has been notified that Provider must retain in response to a Dell “Legal Hold.” Provider’s obligation to retain such “Legal Hold” data exceeds any agreed-to retention policies or internal policies of Provider. If Provider cannot retain the “Legal Hold” data, Provider will provide the data to Dell for Dell to retain.
Disaster Recovery
Provider will maintain a disaster recovery plan for restoring its current and off-site data files. Provider will at all times be responsible for daily backup and preservation of any Data within its control. All backup copies of Data shall be treated as Dell confidential information. Provider will maintain a business continuity plan for restoring its critical business functions. Upon request, Provider will give Dell a copy of each plan.
| DELL MARKETING, L.P. | GLASSHOUSE TECHNOLOGIES, INC. | |||||||
| By: | By: | |||||||
| Printed Name: | Printed Name: | |||||||
| Title: | Title: | |||||||
Addendum 1 to Schedule 4
CANADA PRIVACY ADDENDUM
to Information Privacy and Security Schedule
This Canada Privacy Addendum is attached to and made part of the Information Privacy and Security Schedule (“IPSS”) between GlassHouse Technologies, Inc. (“Provider”) and Dell Marketing, L.P. and its worldwide subsidiaries and affiliates including but not limited to Dell Inc. and all subsidiaries of Dell Inc. (“Dell”). The terms of this Canada Privacy Addendum (this “Addendum”) govern Provider’s obligations related to its handling of PII concerning Canadian residents or persons located in Canada which it receives, collects, processes, transfers, discloses, uses and/or otherwise accesses in the course of providing services to Dell (the “Services”) pursuant to the Agreement and any applicable SOW(s). Capitalized terms not specifically defined in this Addendum shall have the meaning set forth in the IPSS or the MRA.
To the extent there are any inconsistencies between the terms of this Addendum and the terms of the IPSS, or the NDA, the terms of this Addendum will prevail. To the extent there are standards to be achieved by Supplier in this Addendum that are higher than the standards to be achieved by Provider in the IPSS, or the NDA, Supplier will comply with the higher standards set out in this Addendum.
Reference to Provider’s adherence to Dell’ Global Privacy Policy in the IPSS: (i) shall mean that Provider shall not take any action that will cause Dell to be in contravention of such policy; and (ii) is not intended to expand Provider’s rights with respect to any PII related obligations or activities.
| 1) | Compliance with Applicable Privacy Laws. For the purposes of this Addendum, “Applicable Privacy Laws” means the Personal Information Protection and Electronic Documents Act (Canada), as amended or supplemented from time to time, and any other Canadian federal or provincial legislation now in force or that may in the future come into force governing the collection, use, disclosure and protection of PII in the private sector or public sector applicable to either party or to the Services. In all cases and without limiting any of the other provisions in this Addendum, Provider shall comply at all times with Applicable Privacy Laws in carrying out the Services. |
| 2) | PII Protection/Safeguards. To the extent that Dell provides access or transfers to Provider any PII in connection with the Services, or to the extent that Provider otherwise collects, uses, discloses, stores, processes or otherwise handles PII on behalf of Dell in connection with providing the Services, Provider shall: |
| (a) | not use such PII for any purpose other than as necessary for the performance of its obligations with respect to the Services; |
| (b) | not disclose such PII or otherwise permit access to or make such PII available to any person except: |
| (i) | as expressly permitted or instructed by Dell; or |
| (ii) | as required to comply with applicable law or regulation or a valid court order or other binding requirement of a competent governmental authority, provided that in any such case: (A) Dell is immediately notified in writing of any such requirement (and in any event prior to disclosure of the PII), and (B) Provider provides all reasonable assistance to Dell in any attempt by Dell to limit or prevent the disclosure of the PII; |
| (c) | so long as Provider remains in possession, custody or control of such PII, use reasonable physical, organizational and technological security measures that are appropriate having regard to the sensitivity of the information to protect such PII against loss, theft and unauthorized access, disclosure, copying, use, modification or disposal; and, without limiting the foregoing, Provider shall: |
| (i) | restrict logical and physical access to PII to only those authorized employees and permitted agents and subcontractors that require access to such information to fulfill their job requirements and that are subject to binding obligations of confidentiality and data protection no less stringent than those of the Agreement (including the IPSS and this Addendum); |
| (ii) | not print, save, copy or store any PII, whether on removable, mobile or other media, in printed, electronic or optical form or otherwise, except temporarily within a secure location within Provider’s facilities and only to the extent necessary in connection with providing the Services, and immediately and securely destroy or delete any such temporary copies or saved or stored versions upon conclusion of the activity giving rise to the necessity of saving, copying or storing such PII; |
| (iii) | not move, remove, relocate or transmit any PII from Provider’s facilities without the express consent of Dell and/or without using appropriately secure encryption technology to protect such information while in transit; |
| (iv) | comply with any additional security measures, processes and procedures set out in the IPSS. |
| (d) | upon termination of the Services or upon request of Dell, whichever comes first, immediately cease all use of and return to Dell or, at the direction of Dell, dispose of, destroy, or render permanently anonymous all such PII, in each case using the security measures set out in paragraph (c) above; |
| (e) | immediately inform Dell of any actual or suspected loss, theft or accidental or unauthorized access, disclosure, copying, use, or modification of PII or other breach of Provider’s obligations in this Section 2; and |
| (f) | ensure at all times that PII and all data, databases or other records containing PII that are stored, handled or processed for Dell in connection with the Services are kept logically isolated and separate from any information, data, databases or other records stored, handled or processed by Provider for itself or for third parties. |
| 3) | Requests, Inquiries and Complaints. Provider shall: (a) immediately refer to Dell any individual who contacts Provider seeking access or correction to or with any inquiries or complaints about his or her PII in connection with or otherwise relating to the Services; (b) immediately notify Dell regarding any such request, inquiry or complaint; and (c) provide, in a timely manner, all reasonable co-operation, assistance, information and access to PII in its possession, custody or control as is necessary for Dell to promptly (and, in any event, within any timeframe required by Applicable Privacy Laws) respond to such request, inquiry or complaint. |
| 4) | Audits. On reasonable notice and during normal business hours, Provider shall: (a) permit Dell or its designee to inspect any PII in the custody or possession of Provider in connection with the Services and to audit Provider’s compliance with its obligations described in the IPSS (including, this Addendum) including, without limitation, the security measures used to protect PII; (b) permit Dell to enter onto Provider’s premises for such purposes; and (c) otherwise promptly and properly respond to all reasonable inquiries from Dell with respect to Provider’s handling of PII in connection with the Services or Provider’s compliance with the IPSS (including this Addendum). |
| 5) | Privacy Regulators. Provider shall provide, in a timely manner, all necessary and reasonable information and co-operation to Dell and to any regulatory or other governmental bodies or authorities with jurisdiction or oversight over Applicable Privacy Laws (each, a “Privacy Regulator”) in connection with any investigations, audits or inquiries made by any such Privacy Regulator under such legislation. Provider acknowledges that Dell may be required to disclose confidential information of Provider, without Provider’s consent, to such Privacy Regulators in connection with any investigation, audit or inquiry that pertains to or involves the Services. |
| 6) | Designated Individual. Provider shall designate and identify to Dell an individual to handle all aspects of the Services that relate to the handling of PII. |
| 7) | Subcontracting. Provider shall not subcontract, assign or delegate to any third party its obligations with respect to the collection, use, disclosure, storage, handling or processing of PII in connection with the Services without the express consent of Dell and without obtaining written contractual commitments of such third party substantially the same as those of the Agreement (including the IPSS and this Addendum). |
| 8) | Governing Law. This Addendum shall be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein. |
| DELL MARKETING, L.P. | GLASSHOUSE TECHNOLOGIES, INC. | |||||||
| By: | By: | |||||||
| Printed Name: | Printed Name: | |||||||
| Title: | Title: | |||||||
Addendum 2 to Schedule 4
HIPAA ADDENDUM
This HIPAA Addendum (the “HIPAA Addendum”) to the Information Privacy and Security Schedule (“IPSS”) shall apply to any Provider that, in the course of performing its obligations under the Agreement on behalf of Dell, may use and/or disclose Protected Health Information (as that term is defined in the Health Insurance Portability and Accountability Act of 1996 and its related regulations, 45 CFR Parts 160 and 164 (“HIPAA”)). “Protected Health Information” is “Data,” as that term is defined in the IPSS. Provider fully and unconditionally agrees to the terms and conditions of the HIPAA Addendum. Terms not defined in this HIPAA Addendum shall have the meaning ascribed to them in the Agreement. The terms set forth in this HIPAA Addendum are in addition to, and not a substitute for, any privacy and security obligations and restrictions set forth in the IPSS.
| 1. | Responsibilities of the Provider with Respect to Protected Health Information. With regard to its use and/or disclosure of Protected Health Information, the Provider hereby agrees to do the following: |
| 1.1. | Use and Disclosure. Use and/or disclose the Protected Health Information only as permitted or required by this HIPAA Addendum or as expressly required or permitted by law. |
| 1.2. | Reporting. Immediately report in writing to Dell any use and/or disclosure of the Protected Health Information that is not permitted by this HIPAA Addendum or any actual or suspected breach of security of electronic Protected Health Information of which Provider becomes aware. More detail as to such notice, reporting, and related obligations is set forth in the IPSS. |
| 1.3. | Safeguards. Maintain the security of the Protected Health Information and prevent unauthorized use and/or disclosure of such Protected Health Information; and implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of electronic Protected Health Information that it creates, receives, maintains or transmits pursuant to the Agreement. More detail as to the minimum level of such safeguards is set forth in the IPSS. |
| 1.4. | Subcontractors and Agents. Require all of its subcontractors and agents that receive or use, or have access to, Protected Health Information pursuant to the Agreement to agree, in writing, to adhere to the same restrictions and conditions on the use, access to, and/or disclosure of Protected Health Information that apply to the Provider pursuant to this HIPAA Addendum. Provider will remain liable and indemnify Dell for any claims arising in connection with the failure of the third party to comply. |
| 1.5. | Audit and Inspection. Make available all records, books, schedules, policies and procedures relating to the use, disclosure, and safeguarding of Protected Health Information to the Secretary of Health and Human Services for purposes of determining Dell or Dell’s customers compliance with the Privacy and Security Regulations, provided that Provider will notify Dell in writing promptly upon receiving any requests for such documents and information from the Secretary of Health and Human Services or his/her representative. |
| 1.6. | Maintenance of Disclosure Records. Maintain sufficient information (including date of disclosure, name of receiver and address, if known, and description of Protected Health Information disclosed by Provider to any third-party and the purpose of disclosure) to permit Dell to provide a complete accounting to its customers of all disclosures of Protected Health Information within the previous six (6) years (and subsequent to April 14, 2003); and provide to Dell complete information regarding any such disclosure promptly, in order to permit the Dell to respond to requests by its customers for an accounting of the disclosures of the individuals’ Protected Health Information in accordance with 45 C.F.R. Sections 164.528 and 164.314. |
| 1.7. | Access for Inspection and Amendment. Promptly upon receiving a written request from Dell, provide to Dell such records and information as is requested to permit Dell to timely respond to a customer’s request to (i) inspect and/or copy Protected Health Information within a designated record set held by Provider in accordance with 45 C.F.R. Section 164.124; and/or (ii) amend Protected Health Information in accordance with 45 C.F.R. Section 164.526. |
| 1.8. | Return or Destruction. To the extent feasible, at Dell’s request, return or destroy the Protected Health Information within its possession (including, without limitation, any Protected Health Information in the possession of any subcontractor retained by it) upon termination of the Agreement. If it is not feasible to immediately return or destroy the Protected Health Information because of other obligations or legal requirements, the protections of this HIPAA Addendum shall apply until the Protected Health Information is returned or destroyed, and no other uses or disclosures may be made except for the purposes that prevented the return or destruction of the Protected Health Information. If Provider destroys the Protected Health Information, Provider will properly dispose of and certify such disposal of the HIPAA Information in accordance with the IPSS. Upon Dell’s request, Provider will provide Dell with a copy of its information disposal policies and procedures. |
| 1.9. | Mitigation and Injunction. Cooperate with Dell to mitigate, to the extent possible, any deleterious effects from any improper use and/or disclosure of Protected Health Information, regardless of its cause. |
| 2. | Term and Termination. This HIPAA Addendum shall become effective when executed and shall continue in effect until all obligations of the Parties have been met. The terms and conditions of this HIPAA Addendum shall survive the expiration or termination of the Agreement. Dell may immediately terminate the Agreement if Dell, in its sole discretion, makes the determination that the Provider has breached a material term of this HIPAA Addendum or the IPSS. |
| 3. | Miscellaneous. The Parties agree to enter into a mutually acceptable amendment to this HIPAA Addendum as necessary to comply with applicable federal laws and regulations governing the use and/or disclosure of Data. Dell may terminate the Agreement upon thirty (30) days’ written notice in the event that the parties cannot reach mutual agreement on an amendment. To the extent that there is any conflict between the terms of the Agreement, the IPSS, and the terms of this HIPAA Addendum with respect to Protected Health Information, the terms of this HIPAA Addendum shall prevail. |
Addendum 3 to Schedule 4
DELL EMEA
PROCESSING OF PERSONAL DATA
DEFINITIONS and INTERPRETATION
“Customer Data” means customers of Dell;
“Data Protection Law” means the Data Protection Directive 95/46/EC and the Directive on Privacy and Electronic Communications 2002/58/EC, as implemented in the jurisdiction of the relevant customer and all other applicable laws and regulations relating to processing of the Personal Data;
“Dell” means Dell Inc. and all Dell entities taking part and subject to the Agreement;
“Employee” means an employee, consultant, sub-contractor, agent or officer of a person;
“European Economic Area” means the member states of the European Union together with Norway, Iceland and Liechtenstein;
“National Regulatory Authority” means the supervisory authority established under the applicable Data Protection Law for the purposes of monitoring within its territory the provisions adopted by that territory pursuant to its Data Protection Law;
“Party” means Dell or Provider, and “Parties” means Dell and Provider;
“Personal Data” means the Personal Data of Dell’s customers processed by the Provider;
“Person” includes any individual, firm, company, corporation, body corporate, government, state or agency of state, trust or foundation, or any association, partnership or unincorporated body of two (2) or more of the foregoing (whether or not having separate legal personality and wherever incorporated or established); and
“Personal data”, processing”, “data subject”, “controller” and “processor” have the same meaning as in the Data Protection Law applicable to the relevant data subject and other parts of the verb “to process” shall be construed accordingly.
1.0 Data Processing.
| 1.1 | Provider undertakes that: |
| (a) | it shall register for, and maintain its Safe Harbor status for the duration of the Agreement or shall otherwise ensure that the provisions of Article 25 of Data Protection Directive 95/46/EC, as implemented in the jurisdiction of the relevant data subjects and any other similar provisions under applicable Data Protection law are met in relation to; |
| (b) | it will process the Personal Data only in accordance with the Data Protection Law applicable to the data subject and in accordance with the terms of this Agreement; |
| (c) | following any notice from Provider to Dell, or following any notice or query to Provider (directly or through Dell) from any National Regulatory Authority or Dell customer, of an actual or reasonably suspected use or disclosure of Personal Data in violation of the Data Protection Law, the auditors of the Dell shall have the right to conduct, with reasonable prior written notice, under reasonable time, place and manner conditions, pursuant to appropriate confidentiality and technical restrictions, and at its own expense, an audit of Provider’s systems, policies and procedures relevant to Provider’s compliance with the Data Protection Law with respect to the Personal Data and the circumstances and extent of such actual or reasonably suspected use or disclosure; |
| (d) | if it shall become necessary to transfer Personal Data from one location to another within its own organisation, that transfer shall be undertaken with appropriate security measures being implemented so as to ensure the integrity of the Personal Data; and |
| (e) | it will assist Dell in responding to all subject access requests which may be received from data subjects of the personal data contained in the Personal Data and to do all reasonable and practicable things necessary to enable the Data Controller to comply with such requests, such assistance to be provided at a cost to be agreed between the Provider and Dell and based upon the Provider’s then-current professional services rates; |
| 1.2 | Provider warrants and undertakes that it has in place and will maintain appropriate operational and technological processes and procedures to safeguard against any unauthorised access, loss, destruction, theft, use or disclosure of the Personal Data. |
| 1.3 | Where the Provider discloses, or makes available any Personal Data to any third party, including, without limitation, any agent, sub-contractor (whether or not an Employee) or supplier then it shall procure the performance by such third party of the provisions set out in clauses 1.1 and 1.2. as if such third party were the Provider, mutatis mutandis. Provider shall hold the Dell harmless from any Claims or Damages, on demand and on an indemnity basis, arising from any breach or alleged breach of this clause 1.3. |
2.0 Provider will defend, indemnify, and hold harmless Dell and their respective directors, officers, employees, representatives, and agents (collectively “Indemnitees”) from and against any and all claims, actions, demands, and legal proceedings (collectively “Claims”) and all liabilities, damages, losses, judgments, authorized settlements, costs and expenses including, without limitation, reasonable attorneys’ fees (collectively “Damages”), arising out of or in connection with: (a) alleged or actual wilful misconduct or grossly negligent acts or omissions of Provider related to the processing of the Personal Data ; and (b) violation by Provider of any data protection laws, rules, ordinances, or regulations applicable to processing of the Personal Data
| DELL MARKETING, L.P. | GLASSHOUSE TECHNOLOGIES, INC. | |||||||
| By: | By: | |||||||
| Printed Name: | Printed Name: | |||||||
| Title: | Title: | |||||||
SCHEDULE D
DELL TRAVEL AND EXPENSES POLICY
(As of June 23, 2008)
The Objective
The objective of this Schedule is to set policy for travel and expenses while performing services pursuant to this Agreement. All travel must be authorized by an executed Statement of Work. All travel booked through Dell Travel will be considered to comply with Sections 2, 3 and 4 of this Schedule unless the traveler was advised at the time of booking that their specific requests were not within policy. Any travel not booked through Dell Travel must fully comply with the provisions of this Schedule below. Provider must make payment by credit card for all travel and lodging booked through Dell Travel at the time of booking.
You engage Dell Travel in the U.S. by calling (800) 503-4748 and speaking with an agent. You may reach Dell Travel in the United Kingdom by calling 011 44 (0) 1293 58 5411. In addition, from outside the U.S. you can reach Dell Travel collect at (816) 880-3085.
| 1.0 | Travel and Expenses. |
Dell will reimburse reasonable and appropriate travel and related expenses incurred in the normal course of business as defined by this Schedule subject to the limitations and provisions presented as follows:
1.1 All travel and related expenses must comply with this Schedule, and must be made in conjunction with a legitimate business purpose subject to the approval of a designated Dell representative.
1.2 All requests for reimbursements must be accompanied by support documentation commensurate with normal business practice.
1.3 Dell will not provide reimbursement for items not incurred, or those which are incidental to the normal course of performing work on the engagement.
1.4 All exceptions to these provisions and guidelines must have the approval of a designated Dell representative.
1.5 All expenditures in excess of these provisions and guidelines are the responsibility of the consultant.
1.6 Dell reserves the right to deny reimbursement to any requests that do not conform to the aforementioned requirements.
| 2.0 | Airfare. |
2.1 Dell will provide reimbursement for one coach class round trip airfare for each consultant assigned to the engagement when (a) travel is authorized, (b) required, and (c) air travel is the most effective or only reasonable option available. All air reservations must be made through Dell Travel in the time and manner necessary to achieve the lowest possible fare.
| 3.0 | Lodging. |
3.1 Dell will provide reimbursement up to $85 per night stay.
| 4.0 | Transportation. |
4.1 Dell will provide reimbursement up to $35 per day for rental car while the consultant is traveling to and from overnight stay accommodations and the engagement business office. Car rentals will be arranged through Dell Travel. Dell will provide reimbursement up to $10 per day for parking car while the consultant is traveling to and from overnight stay accommodations and the engagement business office.
| 5.0 | Meals. |
5.1 Dell will provide reimbursement up to $35 per day for customary meals (breakfast, lunch and dinner) while the consultant is on an overnight or extended consulting engagement.
| 6.0 | Living Expenses. |
6.1 Maximum costs payable per day for Lodging, meals, transportation, or other expenses (excluding airfare) will not exceed one-hundred and sixty-five dollars ($165.00).
Schedule 2
2