SaaS Services Subscription Terms
SaaS Services Subscription Terms
SAAS SERVICES SUBSCRIPTION TERMS
(LAST REVIEWED JAN 15, 2025)
IMPORTANT: IF YOU HAVE EXECUTED AN ORDER FORM (AS DEFINED BELOW) TO PURCHASE ACCESS TO AND USE OF THE SERVICES (AS DEFINED BELOW), AND HAVE NOT OTHERWISE EXECUTED A SEPARATE WRITTEN SUBSCRIPTION AGREEMENT WITH US, THEN PLEASE READ THEISE ENHANCED PLATFORM SAAS SUBSCRIPTION TERMS (THE “TERMS”, AND TOGETHER WITH YOUR ASSOCIATED ORDER FORM, THIS “AGREEMENT”) CAREFULLY BECAUSE THEY GOVERN YOUR USE OF THE SERVICES.
OVERVIEW
These SaaS Services Subscription Terms, which include the Data License Terms, attached as Exhibit A (“Data Terms”) and the Data Processing Agreement, attached as Exhibit B (“DPA”), jointly form the Terms and, together with the Order Form, constitute the “Agreement”. The Agreement is effective between the Parties, as defined below, as of date designated in the Order Form as the “Effective Date”.
To make the Agreement easier to read, the terms “Moment”, “us”, and “our” refer to Moment Technology Inc., and “Subscriber” or “you” refers to you and any organization that you are acting on behalf of as set forth in the applicable Order Form. Moment and Subscriber may each be referred to individually as a “Party” and collectively as the “Parties”.
Moment has developed: (i) the OMS which is designed to process data, take certain actions, and message communications relating to the trading of certain Fixed Income Investments (as defined below); (ii) a UI (as defined below) designed to allow investment advisors to input certain search queries or constraints to generate a responsive output of Fixed Income Investments in response to such input; and (iii) certain Data Products (as defined below) which include pricing data related to various Fixed Income Investments.
Subscriber desires to access and use the OMS, UI, and Data Products, and Moment desires to permit such access and use, in accordance with the terms and conditions of this Agreement.
DEFINITIONS
“Affiliate” means, with respect to any entity, any other entity that, directly or indirectly, through one or more intermediaries, Controls, is Controlled by, or is under common Control with, such entity. For the purposes of this definition, the term “Control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract, or otherwise.
“Applicable Law” means, with respect to any Party, any federal, state, or local statute, law, ordinance, rule, administrative interpretation, regulation, order, writ, injunction, directive, judgment, decree, or other requirement of any international, federal, state, or local court, administrative agency, or commission or other governmental or regulatory authority or instrumentality, domestic or foreign, each to the extent applicable to such Party or any of its properties, assets, or business operations.
“API” means an application programming interface and any accompanying software code or documentation provided therewith.
“Authorized User” means Subscriber’s employees, contractors, or agents authorized by Subscriber to access and use the Services and Data Products pursuant to the terms and conditions of this Agreement; for clarity, “Authorized User” includes “Investment Advisors” (as defined below).
“Clients” means any person, including individuals, broker-dealers, investment advisors, family offices, insurance companies, financial services firms, trading firms, custodians, or clearing firms for whose benefit Subscriber or its Authorized Users access or use any portion of the Services or Data Products.
“Confidential Information” means:
The terms of this Agreement and any non-public, confidential or proprietary information relating to a Disclosing Party (as defined below), including any information that by its nature should be deemed confidential regardless of whether it is designated by the Disclosing Party as Confidential Information at the time of disclosure.
With respect to Moment: Market Data, all technical information including without limitation, source code, object code or underlying structure, methods, algorithms, designs, processes, formulae, compositions, systems, techniques, inventions, machines, computer systems and programs, technology architecture, research projects and Deliverables (as defined below), and
Business or operational information such as lists of Moment personnel information, information or other data from or relating to Moment customers, product pricing data and intellectual property as well as Fixed Income Holdings (as defined below).
Notwithstanding the foregoing, “Confidential Information” does not include information, technical data, or know-how that the Receiving Party can prove, through tangible evidence:
Is generally available to the public at the time of disclosure or becomes available thereafter to the public without restriction, and in either case not as a result of the act or omission of the Receiving Party;
Is rightfully obtained by the Receiving Party from a third party without restriction as to disclosure;
Is lawfully in the possession of the Receiving Party at the time of disclosure by the Disclosing Party and not otherwise subject to restriction on disclosure;
Is approved for disclosure by prior written authorization of the Disclosing Party; or
Is developed independently and separately by the Receiving Party (or a third party from which the Receiving Party received such information, technical data, or know-how) without use of the Disclosing Party’s Confidential Information.
“Deliverables” means all documents, work product, and other materials that are delivered to Subscriber in the course of facilitating the availability of and performance of the Services or Data Products, including any deliverables identified in any statement of work provided.
“Data Products” has the meaning given to it in Exhibit A.
“Documentation” means the manuals, specifications, and other materials describing the functionality, features, operating characteristics, and use of the Services or Data Products, as provided to Subscriber or made available to Subscriber by Moment, whether in a written or electronic form, which may be updated from time to time.
“Fees” means, collectively, SaaS Fees, UI Fees, Data Products Fees and Additional Fees.
“Fixed Income Investments” are securities and other debt-based investment instruments for which Moment, in its sole discretion, has made a determination to enable transmission of attendant instruction-messages for purchase or sale.
“Harmful Code” means computer code, programs, or programming devices that are intentionally designed to disrupt, modify, access, delete, damage, deactivate, disable, harm, or otherwise impede in any manner, including aesthetic disruptions or distortions, the operation of the Services, or any other associated software, firmware, hardware, computer system, or network (including, without limitation, “Trojan horses,” “viruses,” “worms,” “time bombs,” “time locks,” “devices,” “traps,” “access codes,” or “drop dead” or “trap door” devices) or any other harmful, malicious, or hidden procedures, routines or mechanisms that would cause the Services or Data Products to cease functioning or to damage or corrupt data, storage media, programs, equipment, or communications, or otherwise interfere with the operations of the Services or Data Products.
“Intellectual Property Rights” means patent rights (including, without limitation, patent applications and disclosures), copyrights, trade secrets, know-how, data and database rights, mask work rights, and any other intellectual property or similar rights (however designated) recognized in any country or jurisdiction in the world.
“Investment Advisor” means an employee, contractor or agent or group of employees, contractors or agents of Subscriber who Subscriber Designates as an Authorized User and who accesses or uses the Services for the benefit of Clients and who operate administratively under a discrete cost and or revenue center unit.
“Market Data” means price quotes, last sale, trade volume and other content created by Moment or licensed by Moment from third-party vendors and liquidity providers and displayed or made accessible to Subscriber, its Authorized Users, and/or Clients through the Services or UI.
“Moment API” means the API provided by Moment as further described at https://docs.withmoment.com/
“Moment IP” means, collectively, the Services, Data Products, UI, PPT, OMS, Moment API, Aggregate Data, all code, database, API, method, technology architecture, design, protocol or techniques provided therewith, and all improvements, modifications or enhancements to, or derivative works of, the foregoing (regardless of inventorship or authorship), and any and all Intellectual Property Rights in or to the foregoing.
“Order” means an instruction to purchase or sell a Fixed Income Investment.
“Order Form” means an order form or other ordering document mutually agreed to in writing or electronically by you and Moment and accepted by you, in each case which incorporates the Agreement and sets forth the applicable Services or Data Products to be provided by Moment.
“Order Message” means a message entered by a Subscriber to communicate through the Services an indication of interest to purchase or sell a Fixed Income Investment.
“Order Management Service” (“OMS”) Means the Data processing service offered by Moment to Subscriber which includes the following:
Market Data and Order Messages between liquidity providers (which for the avoidance of doubt may include venues such as ATSs) and Subscribers with the objective of Identifying best available opportunities for Subscribers to enter Orders with liquidity providers, and
Orders to liquidity providers and other necessary information to Subscribers' representatives to facilitate the execution and settlement of transactions between Subscribers and liquidity providers;
“Services” means, collectively, the UI and the OMS.
“Subscriber Apps” has the meaning given to it in Exhibit A.
“Subscriber Data” means any data, information or content that Subscriber, Authorized Users, or Clients submit to the Services, including data, information or content provided for the purpose of facilitating the processing necessary to provide the Services.
“UI” means the user interface which is designed to allow Investment Advisors to input certain search queries or constraints to generate a responsive output of investments in response to such input.
ACCESS TO AND USE OF THE SERVICES
Subject to the terms and conditions of this Agreement, Moment hereby grants Subscriber during the Term (as defined below) a limited, revocable, non-exclusive, non-transferable (except as provided in Section XVIII(E) below), non-sublicensable right and license to:
Access and use the OMS for Subscriber’s own internal business purposes consistent with the terms of this Agreement, which includes but is not limited to the necessary exchange of Market Data, Order Messages and Orders to engage in the Services;
Access and use the UI for Subscriber’s own internal business purposes;
Access and use, and permit Authorized Users to access and use, the Services for the benefit of Clients; and
Access to and use of the Services are subject at all times to the terms and conditions of this Agreement.
SERVICES
For the purposes of this Agreement, the Services may only be used in a manner consistent with Section II, above.
Subscriber shall be solely responsible for the following:
Accuracy of any Subscriber Data;
Communicating all pertinent risk parameters regarding the type of Fixed Income Investment as well as quantities, limits and transaction levels, such as prices and yields that will be the subject of information exchanges through the Services.
Communicating the parameters regarding Client access to information, including pricing and transactional data, necessary to comply with Applicable Law.
Subscriber understands and acknowledges that for purposes of this Agreement, Moment:
Is not a registered Financial Institution such as a Bank, Investment Advisor, Broker or Dealer;
Does not accept any Orders for execution;
Does not provide financial advice or exercise any discretion with respect to Subscriber’s and Clients’ interest to purchase or sell Fixed Income Investments, including the negotiation of terms in connection with any transaction;
Is not and will not act as a Qualified Custodian, as defined in 17 CFR §275.206(4)-2.
Does not exercise any discretion with respect to the provision of any of the Services;
Is not a party to any transaction between Subscriber and any third-party liquidity provider;
Is not involved in the clearance and settlement of any transaction between Subscriber and any third-party liquidity provider, other than by facilitating the exchange of information between the Subscriber and its carrying or custody firm;
Is not responsible for any losses, whether realized or unrealized, resulting from errors, or incorrect execution of Orders;
Is not responsible in any direct or indirect way for financial performance or lack thereof in connection with the provision of the Services.
As deemed appropriate by Moment, access to the Services or Data Products or their use may be limited to comply with Applicable Law.
The Parties agree that they shall operate independently with no obligations to supervise the activities or personnel of the other Party.
Each Party shall be responsible for its own actions, conduct and business operations and actions and inactions and for compliance with any Applicable Laws to which it is subject.
The Parties agree that the Deliverables are not deemed a “work made for hire” under U.S. copyright laws but are instead owned solely by Moment and its Affiliates consistent with Section IV below.
The Parties agree that the Services and Data Products may only be used in the United States and all activity involving the Services or Data Products is deemed to be performed in the United States.
OWNERSHIP
As between the Parties, Moment (or its licensors or Affiliates), reserves, solely owns and shall continue to own the Moment IP, and all right, title and interest, including all Intellectual Property Rights, in and to the foregoing, including without limitation any copy, translation, modification, enhancement, upgrade, adaptation, or derivation thereof.
Subscriber does not obtain any rights to any of the foregoing, except for the limited license rights expressly set forth in Section II.A.
Moment and its Affiliates are, and shall be, the exclusive owners of all rights, titles, and interests in and to the Deliverables, including all Intellectual Property Rights therein.
RELATIONSHIP WITH THIRD PARTIES AND AUTHORIZED USERS
Subscriber acknowledges and agrees that:
the access to and use of the Services by any contractor or agent who has been designated as an Authorized User or Investment Advisor shall be limited to such Authorized User or Investment Advisor’s provision of services to Subscriber or Clients; and
Subscriber is responsible for the acts and omissions of Authorized Users and any other person who accesses and uses the Services using any Authorized Users’ Credentials (as defined below), except to the extent caused by the gross negligence or willful misconduct of Moment or any of its Affiliates.
Certain aspects of the Market Data are licensed to Moment by third-party vendors and liquidity providers that may require that Subscriber have a direct contractual relationship in order to access or receive such Market Data. Under such circumstances, Moment will not provide such Market Data to Subscriber unless it has received written consent from the Market Data provider.
This Agreement is non-exclusive and nothing in this Agreement shall prevent Moment or any of its Affiliates from providing similar services to other subscribers.
During the Term, neither Party shall:
disparage the other Party or the other Party’s products and services, or
encourage any person that such Party knows to be an existing client of the other Party to terminate or breach its agreement with such other Party.
The foregoing shall not preclude or restrict either Party from:
doing business with any person that contacts such Party, or
responding truthfully or accurately to inquiries from regulators.
Subscriber will not, and will not authorize, permit, or encourage any third party (including, without limitation, its Authorized Users) to do any of the following, and will ensure that written agreements on whose behalf it accesses or uses the Services or Data Products (“Client Contract”) include terms prohibiting the following:
Allow Clients to use the Services.
Allow anyone other than Authorized Users to access and use the Services.
Allow an Authorized User or Client to share with any third party any Credentials (as defined below).
Reverse engineer, decompile, disassemble, or otherwise attempt to discern the source code or interface protocols of the Services, Data Products, or of Moment IP.
Modify, adapt, or translate the Services or Data Products or make any copies of the Services, Data Products or of Moment IP.
Resell, distribute, or sublicense the Services or Data Products, except as provided in Exhibit A, Data License Terms.
Use the Services or Data Products in violation of any Applicable Law.
Use the Services or Data Products to build a competitive product or service, or for any purpose not specifically permitted in this Agreement, or
Introduce, post, or upload to the Services or Data Products any Harmful Code.
When accessing the Services, each Authorized User’s will require a set of discrete identifiers that authenticates sign-on to the Services and records, in an auditable fashion, the time and purpose for which the Services was accessed, including any data, entered, altered or deleted therein. (collectively, “Credentials”).
Subscriber is solely responsible for the confidentiality and use of all Credentials, as well as for any use or misuse by any Authorized User of the Services using such Credentials.
Subscriber is responsible for verifying that any Authorized Users and Clients are those intended by Subscriber to have access to the Services, and for any misuse of the Services by its Authorized Users and Clients, absent willful misconduct or gross negligence by Moment or its employees or agents;
Use of the Services by an Authorized User or Client does not give rise to any direct or indirect or implied legal or contractual relationship between such party and Moment or any of its Affiliates;
Subscriber’s agreements and relationships with Authorized Users and Clients do not imply or create any direct legal or contractual obligations or formal relationship between Moment or its Affiliates and such Authorized Users or Clients;
Subscriber will promptly inform Moment in the event that Subscriber suspects, obtains knowledge of, or has reason to believe that Credentials may have been used in any way that may put at risk the integrity of any aspect of the Services.
Moment’s obligations regarding the Services or Data Products arise only under this Agreement and remain solely to Subscriber and not to any Authorized User or any Client.
Third Party Services. Certain features and functionalities within the Services or Data Products may allow Subscriber, Client or the Authorized Users of either to interface or interact with, access and/or use compatible third-party services, products, technology and content (collectively, “Third-Party Services”). Moment does not provide any aspect of the Third-Party Services and is not responsible for any compatibility issues, errors or bugs in the Services or Third-Party Services caused in whole or in part by the Third-Party Services or any update or upgrade thereto. Subscriber is solely responsible for maintaining the Third-Party Services and obtaining any associated licenses and consents necessary for Subscriber to use the Third-Party Services in connection with the Services or Data Products.
LICENSE GRANT BY SUBSCRIBER
Subject to the terms and conditions of this Agreement, Subscriber hereby grants to Moment a limited, non-exclusive, non-transferable, non-sublicensable right and license to access, use and reproduce Subscriber’s name and logo.
FEES AND PAYMENT
All payments are due as specified in this Section VII within seven (7) calendar days of receipt of invoice.
As consideration for the access to and use of the OMS as set forth herein, Subscriber will pay Moment fees for the software access being provided as a service (“SaaS Fees”) detailed individually for each of the Services based on the selections made in the Order Form.
As consideration for the access to and use of the UI as set forth herein, Subscriber will pay Moment the fees (“UI Fees”) as detailed in the Order Form.
As consideration for access to and use of the Data Products as specified in Exhibit A, Subscriber will pay Moment the fees specified in the applicable Order Form (“Data Products Fees”).
As consideration for additional services detailed in the Order Form, if applicable, Subscriber will pay Moment the additional fees set forth in the Order Form (“Additional Fees”).
Unless otherwise agreed in writing by the Parties, the Order Form shall be locked for the Term (as defined below), except that all Fees therein will be subject to an automatic 1.7% inflation compensation increment on each six-month anniversary of the Effective Date during the Term. Moment reserves the right to change or increase any applicable Fees upon any Renewal Term.
Subscriber is solely responsible for any applicable sales, use or other taxes (including transaction related fees imposed by law or regulation) or charges related to the payment of the Fees and for the use and receipt of Market Data or the Moment IP. Undisputed payments that are past due shall accrue interest at the lesser of one- and one-half percent (1.5%) per month or part of a month, or the maximum rate permitted by law. Moment shall be entitled to recover all reasonable costs of collection (including reasonable attorneys’ fees, expenses, and costs) incurred in attempting to collect undisputed payments from Subscriber that are more than seven (7) calendar days delinquent.
For clarity, Subscriber agrees that unpaid payments that are more than seven (7) calendar days delinquent shall constitute a material breach of this Agreement.
BOOKS AND RECORDS. During the Term and for three (3) years thereafter, Subscriber shall maintain books and records in connection with the use of the Services or Data Products.
RIGHT TO AUDIT
During the Term (as defined below) and for one (1) year thereafter, Moment and its agents shall have the right, not more than once per calendar year, to audit, inspect and make copies of Subscriber’s books and records that relate to the terms, conditions and obligations of this Agreement, upon thirty (30) days advance written notice to Subscriber.
Moment and its agents shall have the right to conduct additional audits during a particular calendar year and subsequent calendar years if a particular audit indicates a lack of compliance with the terms of conditions of this Agreement.
The books and records reviewed during an audit shall be considered Confidential Information.
Moment will bear the cost and expense of any audit except that in the event any such audit reveals that Subscriber has breached the terms and conditions of this Agreement in any significant way, then Subscriber shall promptly pay and reimburse Moment for all out-of-pocket costs and expenses reasonably and actually incurred by Moment and its agents in conducting the audit. Any such audit shall be conducted during Subscriber’s normal business hours, in accordance with Subscriber’s policies and procedures, and in a manner designed to limit disruption to Subscriber’s operations.
TERMINATION AND SUSPENSION
This Agreement is effective as of the Effective Date and shall continue in full force and effect for the period specified in the Order Form (“Initial Term”), unless earlier terminated as set forth herein.
After the Initial Term, this Agreement shall automatically renew each time for consecutive terms equal in length to the Initial Term (each, a “Renewal Term”), unless terminated by a Party on written notice to the other Party at least thirty (30) days prior to the expiration of the Initial Term or the then-current Renewal Term, as applicable.
The Initial Term and all Renewal Terms shall be collectively referred to as the “Term”.
Termination for Material Breach. Either Party may, by written notice to the other Party, terminate this Agreement with immediate effect if such other Party is in material breach of any provision of this Agreement, and such breach is not cured within thirty (30) days after the impacted Party gives the other Party written notice of such breach.
Termination Without Cause. Unless otherwise provided in the applicable Order Form, Subscriber may terminate an Order Form or this Agreement upon at least sixty (60) days prior written notice to Moment, provided that if Subscriber terminates any Order Form before the completion of the applicable term provided in such Order Form, Subscriber shall pay to Moment the early termination fee (“Early Termination Fee”) equal to the aggregate amount of Fees for the Term or the then-current Renewal Term, as applicable. Such Early Termination Fee will be due and payable to Moment within five (5) days’ of the effective date of termination of such Order Form, and is a condition precedent to the effectiveness of such termination. The Parties agree that the Early Termination Fee is reasonable compensation for Moment’s administrative and operational costs associated with such early termination, and not a penalty.
Effect of Termination. Upon termination of this Agreement, Subscriber will immediately cease, and cause its Authorized Users and Clients to cease, all access to and use of the Services and Data Products.
Survival The following provisions will survive termination of this Agreement: Section I. (“Definitions”), Section IV. (“Ownership”), Section V (“Relationship With Third-Parties And Authorized Users”), Section VII (“Fees and Payment”), Section VIII. (“Books and Records”), Section IX. (“Right to Audit”), Section X. (“Termination and Suspension”), Section XI. (“Confidentiality”), Section XIII. (“Feedback”), Section XIV. (“Subscriber Data”), Section XV. (“Representations and Warranties”), Section XVI. (“Limitation of Liability”), Section XVII. (“Indemnities”), and Section XVIII. (“Miscellaneous”).
Suspension, Limitation or Termination. Moment is entitled, without liability to Subscriber, to immediately suspend, terminate or limit Subscriber’s access to any or all part of the Services or Data Products at any time in the event: (a) that Moment reasonably suspects that the Services or Data Products are being used in violation of any applicable law or regulation or in a manner inconsistent with this Agreement or the Documentation; (b) that Moment determines that the Services are being used in an unauthorized or fraudulent manner; (c) that Moment determines that the use of the Services or Data Products adversely affects Moment’s equipment or service to other subscribers; (d) Moment is prohibited by an order of a court or other governmental agency from providing the Services or Data Products; or (e) any other event which Moment determines, in its sole discretion, may create a risk to the Services or to any other users of the Services or Data Products. Without limitation, Moment will have no liability for any damages, liabilities or losses as a result of any suspension, limitation or termination of Subscriber’s right to use the Services or Data Products in accordance with this Agreement.
CONFIDENTIALITY
Each party receiving Confidential Information in connection with this Agreement, the “Receiving Party”, will retain the Confidential Information disclosed by the other Party (the “Disclosing Party”) in the strictest confidence and will not disclose such Confidential Information to any person without the Disclosing Party’s express written consent, other than, on a need-to-know basis, to its employees or professional advisors of the Receiving Party or of an Affiliated Entity (“Representatives”).
Notwithstanding anything to the contrary herein, the obligation to maintain the confidentiality of Confidential Information will not apply to the extent that the Receiving Party is required to disclose such Confidential Information pursuant to Applicable Law or a legally enforceable order of, or a request for information from, a Governmental Authority, self-regulatory organization or recognized securities or commodities exchange; provided that, to the extent reasonably permitted under the circumstances, the Receiving Party first provides notice to the Disclosing Party to enable the Disclosing Party to seek a protective order or an injunction. In the event that such protective order or other remedy is not obtained, or that the Disclosing Party waives compliance with the provisions hereof, the Receiving Party shall furnish only that portion of the Confidential Information which it is advised by counsel is legally required to be disclosed, and shall use commercially reasonable efforts to ensure that confidential treatment shall be afforded such disclosed portion of the Confidential Information.
Notwithstanding anything to the contrary herein, with respect to either Party, the obligation to maintain the confidentiality of this Agreement will not apply to the extent that such Party discloses this Agreement to a potential buyer in connection with a financing round or the sale of substantially all of its assets; provided however, that prior to such disclosure, such potential buyer has entered into a non-disclosure agreement with such party on terms similar to those contained herein.
Each Party acknowledges that in the event of a breach or threatened breach of this Section XI., substantial injury could result to the Disclosing Party and money damages may not be a sufficient remedy for such breach. Therefore, in the event that the Receiving Party engages in, or threatens to engage in any act which violates any provision of this Section XI., the Disclosing Party shall be entitled, in addition to all other remedies which may be available to it under law, to seek injunctive relief (including, without limitation, temporary restraining orders or preliminary or permanent injunctions) and specific enforcement of the terms of this Section XI.. The Disclosing Party shall not be required to post a bond or other security in connection with the granting of any such relief.
DATA PROCESSING
Moment’s processing of any personally identifiable information, if any, in connection with this Agreement will be governed by the Data Processing Addendum (“DPA”) attached as Exhibit B.
FEEDBACK
During the Term, Subscriber, Authorized Users, or Clients may elect to provide Moment with feedback, comments or suggestions (collectively, “Feedback”) relating to the Services or Data Products.
Moment may elect not to act on any Feedback.
Subscriber hereby grants Moment a perpetual, irrevocable, royalty-free, fully paid-up license, with the unlimited right to sublicense, to use, reproduce, disclose, and otherwise exploit any and all Feedback in any matter or medium known or later developed, including, without limitation, to test, develop, maintain or improve the Services or Data Products, without compensation or attribution to Subscriber or any Authorized User or Client or third party.
SUBSCRIBER DATA
Subject to the terms and conditions of this Agreement, Subscriber hereby grants Moment an exclusive, limited, worldwide, fully paid-up, royalty-free right and license, with the right to grant sublicenses through multiple tiers to Affiliates and vendors providing services to Moment (such as hosting providers), to reproduce, use, store, archive, modify perform, display, and distribute Subscriber Data solely in connection with the mutually agreed upon purpose which is limited to what is deemed necessary for Moment to make the Services or Data Products operational and available.
Subscriber represents and warrants to Moment that it has obtained all Client or third-party consents and authorizations required under Applicable Law or otherwise to provide Subscriber with the Subscriber Data and to make such Subscriber Data available to Moment for use as set forth herein.
Subscriber acknowledges and agrees that it is solely responsible for accuracy and quality of the Subscriber Data that it provides in connection with the Deliverables or that it makes available through the Services or Data Products.
Moment monitors the performance and use of the Services by Subscriber, Authorized Users, and Clients, and Moment collects data in connection therewith, including, without limitation, date and time when Subscriber Data was provided to the Services or Data Products, when the Services or Data Products were accessed, the portions of the Services or Data Products used, the frequency and number of times of such access and use, and other usage data (the “Usage Data”). Moment may combine Usage Data and Subscriber Data with other data, including, without limitation data relating to other Moment customers, provided that the resultant data is anonymized to avoid the identification of individual Clients (“Aggregate Data”). Subscriber hereby agrees that Moment will be free to use, transfer and otherwise exploit the Aggregate Data for its business purposes.
REPRESENTATIONS AND WARRANTIES
Each Party represents and warrants to the other Party that:
it is duly organized, validly existing, and in good standing under its jurisdiction of organization and has the right to enter into this Agreement;
the execution, delivery, and performance of this Agreement, and the consummation of the transactions contemplated hereby, are within the corporate powers of such Party and have been duly authorized by all necessary corporate action on the part of such Party, and constitute a valid and binding agreement of such Party, and
its performance under this Agreement shall comply with all Applicable Laws.
Disclaimers
THE SERVICES, DATA PRODUCTS AND ANY MATERIALS PROVIDED BY MOMENT OR ITS LICENSORS HEREUNDER ARE PROVIDED “AS IS” AND “AS AVAILABLE,” AND MOMENT DOES NOT MAKE ANY REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE SAME OR OTHERWISE IN CONNECTION WITH THIS AGREEMENT, AND HEREBY DISCLAIMS ANY AND ALL EXPRESS, IMPLIED, OR STATUTORY WARRANTIES, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF NON-INFRINGEMENT, SUBSCRIBER ABILITY, FITNESS FOR A PARTICULAR PURPOSE, AVAILABILITY, ERROR-FREE OR UNINTERRUPTED OPERATION, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. TO THE EXTENT THAT MOMENT MAY NOT AS A MATTER OF APPLICABLE LAW DISCLAIM ANY IMPLIED WARRANTY, THE SCOPE AND DURATION OF SUCH WARRANTY WILL BE THE MINIMUM PERMITTED UNDER SUCH LAW.
ANY OBLIGATION OF MOMENT UNDER THIS AGREEMENT IS TO THE SUBSCRIBER ONLY AND NOT TO ANY CLIENT, ANY END-CUSTOMER OF ANY CLIENT, OR ANY OTHER THIRD PARTY. THIS AGREEMENT DOES NOT GIVE RISE TO ANY DIRECT, INDIRECT, OR IMPLIED LEGAL OR CONTRACTUAL RELATIONSHIP BETWEEN MOMENT AND ANY CLIENT, END-CUSTOMER OF ANY CLIENT, OR ANY OTHER THIRD PARTY.
ANY MARKET DATA, OUTPUTS OF THE DATA PRODUCTS, OR ONLINE REPORTS ARE PROVIDED WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS OF A PARTICULAR PURPOSE OR NON-INFRINGEMENT. YOU ACKNOWLEDGE THAT THE INFORMATION CONTAINED IN ANY REPORTS PROVIDED BY MOMENT IS OBTAINED FROM SOURCES BELIEVED TO BE RELIABLE BUT IS NOT GUARANTEED AS TO ITS ACCURACY, COMPLETENESS, TIMELINESS OR SEQUENCING. SUCH INFORMATION COULD INCLUDE TECHNICAL OR OTHER INACCURACIES, ERRORS OR OMISSIONS. SUBSCRIBER ACKNOWLEDGES THAT MOMENT IS PROVIDING INFORMATION ABOUT INDICATIONS OF TRADING INTEREST IN CERTAIN FIXED INCOME INVESTMENTS PROVIDED BY LIQUIDITY PROVIDERS, BUT THESE INDICATIONS OF INTEREST MAY NOT BE IMMEDIATELY EXECUTABLE QUOTES OR ORDERS ON THE PART OF THE LIQUIDITY PROVIDERS, AND MOMENT MAKES NO REPRESENTATION CONCERNING WHETHER ANY LIQUIDITY PROVIDER ULTIMATELY WILL BE WILLING TO TRANSACT IN THOSE FIXED INCOME INVESTMENTS AT THE PRICES CONTAINED IN THE INDICATIONS OF INTEREST, OR AT ALL. IN NO EVENT SHALL MOMENT OR ANY OF MOMENT’S AFFILIATES BE LIABLE TO THE SUBSCRIBER OR TO ANY THIRD-PARTY FOR THE ACCURACY, TIMELINESS, COMPLETENESS OR SEQUENCING OF ANY INFORMATION MADE AVAILABLE TO THE SUBSCRIBER OR FOR ANY DECISION MADE OR TAKEN BY THE SUBSCRIBER, ITS AFFILIATES AND CLIENTS IN RELIANCE UPON SUCH INFORMATION.
MOMENT IS NOT A FIDUCIARY AND DOES NOT HAVE ANY FIDUCIARY OBLIGATION TO EITHER THE SUBSCRIBER OR ITS CLIENTS.
MOMENT MAY HAVE UNDISCLOSED CONFLICTS OF INTERESTS IN CONNECTION WITH THE EXECUTION OF THIS AGREEMENT.
NEITHER PARTY SHALL BE LIABLE FOR ANY LOSS OF ANY KIND OR FAILURE TO PERFORM ITS OBLIGATIONS UNDER THIS AGREEMENT CAUSED DIRECTLY OR INDIRECTLY BY FIRE, FLOOD, WAR, TERRORISM, EARTHQUAKE, ELEMENTS OF NATURE OR ACTS OF GOD OR THE PUBLIC ENEMY; RIOTS, CIVIL DISORDERS, REBELLIONS OR REVOLUTIONS; STRIKES, EPIDEMICS, PANDEMICS, LOCKOUTS, OR LABOR DIFFICULTIES; GOVERNMENT IMPOSED QUARANTINES OR DENIAL OF ACCESS OR OPERATION, ACTS OR OMISSIONS OF REGULATORY OR GOVERNMENTAL AUTHORITIES, SELF-REGULATORY ORGANIZATIONS OR SECURITIES EXCHANGES, CLEARING FIRMS, CUSTODIANS, MARKET DATA PROVIDERS, THE INTERNET OR COMMUNICATION LINK PROVIDERS, TECHNOLOGY FAILURE, CHANGES IN LAW, RULE OR REGULATION; OR ANY OTHER CAUSE BEYOND ITS REASONABLE CONTROL, WHETHER OR NOT SIMILAR TO THE FOREGOING., EXCEPT THAT THE FOREGOING DOES NOT APPLY TO AN OBLIGATION TO PAY FEES.
MOMENT IS NOT RESPONSIBLE FOR OR REQUIRED TO UNDERSTAND APPLICABLE LAWS RELATING TO SUBSCRIBER OR ANY CLIENT OR THEIR RESPECTIVE BUSINESSES, AND MOMENT IS NOT RESPONSIBLE FOR ENSURING THAT THE SERVICES OR DATA PRODUCTS COMPLY WITH SUCH APPLICABLE LAWS EXCEPT INSOFAR AS APPLICABLE TO MOMENT OR ITS BUSINESS.
SUBSCRIBER OR CLIENTS ARE SOLELY RESPONSIBLE FOR ANY REPORTING REQUIRED BY APPLICABLE LAWS RELATING TO SUBSCRIBER’S OR ANY CLIENT’S BUSINESS, AND MOMENT SHALL NOT HAVE ANY RESPONSIBILITY OR LIABILITY IN CONNECTION THEREWITH, EVEN IF SUCH REPORTING IS PRODUCED BY OR DERIVED FROM THE SERVICES OR DATA PRODUCTS.
LIMITATION OF LIABILITY
EXCEPT IN CONNECTION WITH SUBSCRIBER’S FAILURE TO PAY ANY AMOUNTS DUE AND OWING HEREUNDER, SUBSCRIBER’S UNAUTHORIZED USE OR MISUSE OF THE MOMENT IP, SERVICES OR DATA PRODUCTS, AND EXCEPT AS EXPRESSLY PERMITTED BY THIS AGREEMENT OR A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT: (I) IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY INCIDENTAL, INDIRECT, CONSEQUENTIAL, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES OF ANY KIND (INCLUDING, BUT NOT LIMITED TO, LOST REVENUES OR PROFITS) ARISING FROM OR RELATING TO THE AGREEMENT, REGARDLESS OF WHETHER SUCH PARTY WAS ADVISED, HAD OTHER REASON TO KNOW, OR IN FACT KNEW OF THE POSSIBILITY THEREOF, AND (II) EACH PARTY’S AGGREGATE LIABILITY FOR DIRECT DAMAGES UNDER THE AGREEMENT WILL NOT EXCEED $25,000.
INDEMNITIES
Indemnification by Subscriber
Subscriber will indemnify, defend, and hold Moment and its Representatives harmless from and against any and all losses, damages, costs and expenses (including, without limitation, reasonable attorneys’ fees, regulatory fines or settlements) (collectively, “Losses”) incurred by Moment and its Representatives in connection with any third-party action, claim, or proceeding (each, a “Claim”) (including, without limitation, any Claim made by a Client), arising from:
the Subscriber Apps infringing or misappropriating or otherwise violating the intellectual property rights of any third-party;
use of the Services or Data Products by Subscriber, Client or their Authorized Users in a manner that is not in accordance with this Agreement or the Documentation, including, without limitation, any breach of the license restrictions in Section II.A.;
the negligence, gross negligence or willful misconduct of Subscriber, any Authorized User or Clients.
Indemnification by Moment
Moment will indemnify, defend, and hold Subscriber and its Representatives harmless from and against any and all Losses incurred by any such parties in connection with any third-party Claim, other than Losses stemming from allegations by government, regulatory and/or self-regulatory (including exchanges) authorities:
arising from Moment’s gross negligence or willful misconduct, or
alleging that Subscriber’s and its Authorized Users’ access to and use of the Services or Data Products, Services in accordance with this Agreement infringes or misappropriates any third-party copyrights or trade secrets.
In the event that Moment reasonably determines that the Services or Data Products are likely to be the subject of a third-party Claim, Moment, in its sole discretion, may:
procure for Subscriber the right to continue to use the Services or Data Products as provided in this Agreement;
suitably modify the Services or Data Products or any component thereof, so that it is non-infringing, or
if none of the foregoing options are available to Moment on commercially reasonable terms, Moment may terminate this Agreement and refund all funds pre-paid by Subscriber for services not rendered.
Notwithstanding the foregoing, Moment is not obligated to indemnify, defend, or hold Subscriber or its Representatives harmless with respect to any third-party Claim to the extent the third-party Claim arises from or is based upon:
use of the Services or Data Products by Subscriber or any Authorized user other than in accordance with the Documentation or this Agreement;
any unauthorized modifications, alterations, or implementations of the Services or Data Products that have not been made by or authorized in writing by Moment;
use of the Services or Data Products in combination with unauthorized modules, apparatus, hardware, software, or services not supplied, specified or authorized in writing by Moment;
use of the Services or Data Products in a manner or for a purpose for it was not designed; or
any Subscriber Data.
This Section XVII.B. states Subscriber’s sole and exclusive remedy, and Moment’s sole and exclusive liability, regarding any third-party Claim.
The indemnification obligations set forth in XVII.B.1. and XVII.B.2. are subject to the indemnified Party:
promptly notifying the indemnifying Party of the Claim, provided that failure to provide such notice will not relieve the indemnifying Party of its indemnity obligations unless it is materially prejudiced by such failure;
providing the indemnifying Party, at its sole cost and expense, with reasonable cooperation in the defense of the Claim; and
providing the indemnifying Party with sole control over the defense and negotiations for a settlement or compromise of the Claim, provided that the indemnifying Party may not make any admission of liability on behalf of the indemnified Party without the indemnified Party’s approval.
MISCELLANEOUS
The relationship of the Parties is one of independent contractors. Nothing in this Agreement will be construed to establish any partnership, joint venture or agency relationship between the Parties. Neither Party will have the power or authority to bind the other or incur any obligations on the other’s behalf without the other Party’s prior written consent.
This Agreement sets forth the entire agreement of the Parties as to its subject matter and supersedes all prior agreements, negotiations, representations, and promises between the Parties with respect to the subject matter hereof.
These SaaS Services Subscription Terms may be updated, amended and/or supplemented periodically by Moment by publication on its website (www.withmoment.com/terms-of-service/saas-services-subscription-terms). All such updates, amendments and/supplements shall apply to the Agreement and be binding upon the Parties.
Any notices or other communications required to be delivered under this Agreement shall be made in writing and delivered electronically via email.
Neither Party may assign or otherwise transfer any of its rights or obligations under this Agreement without the prior, written consent of the other Party, which consent will not be unreasonably withheld, conditioned or delayed. Notwithstanding the foregoing, either Party may assign or transfer this Agreement to a third party that succeeds to all or substantially all of the assigning Party’s business and assets relating to the subject matter of this Agreement, whether by sale, merger, operation of law or otherwise.
Any assignment or other transfer in violation of this provision will be null and void.
Subject to the foregoing, this Agreement will be binding upon and inure to the benefit of the Parties hereto and their permitted successors and assigns.
A waiver of rights under this Agreement will not be effective unless it is in writing and signed by an authorized representative of the Party that is waiving the rights.
In the event that any provision of this Agreement conflicts with any Applicable Laws, such provision shall be deemed null and void and this Agreement shall be read as if such provision were no longer a part of this Agreement.
If any term, condition, or provision of this Agreement is held by a court or arbitral tribunal of competent jurisdiction to be invalid, void or unenforceable, the remainder of the provisions of this Agreement shall remain in full force and effect and shall in no way be affected, impaired or invalidated.
U.S. Government End Users. The Services and Data Products and Documentation were developed solely at private expense and are “commercial products”, “commercial items”, or “commercial computer software” as defined in the Federal Acquisition Regulation 2.101 and other relevant government procurement regulations including agency supplements. Any use, duplication, or disclosure of the Services, Data Products, software and Documentation by or on behalf of the U.S. Government is subject to restrictions as set forth in this Agreement as consistent with federal law and regulations. If these terms fail to meet the U.S. Government’s needs or are inconsistent in any respect with federal law, Subscriber will immediately discontinue its use of the Services, Data Products and Documentation.
Export Regulation. Subscriber affirms that it is not named on, owned by, or acting on behalf of any U.S. Government denied-party list, and it agrees to comply fully with all relevant export control and sanctions laws and regulations of the United States (“Export Laws”) to ensure that neither the Services, Data Products, software, nor any technical data related thereto is: (i) used, exported or re-exported directly or indirectly in violation of Export Laws; or (ii) used for any purposes prohibited by the Export Laws, including, but not limited to, nuclear, chemical, or biological weapons proliferation, missile systems or technology, or restricted unmanned aerial vehicle applications. Subscriber will complete all undertakings required by Export Laws, including obtaining any necessary export license or other governmental approval.
Third-Party Beneficiary. This Agreement is solely for the benefit of the Parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer upon any other person or entity any legal or equitable right, benefit, or remedy of any nature whatsoever under, or by reason of, this Agreement.
Governing Law. This Agreement will be governed by and construed in accordance with the law of the State of New York without regard to the conflicts of law rules of such state.
Dispute Resolution. All disputes under or relating to this Agreement shall be resolved by mandatory binding arbitration. The arbitration proceeding shall be administered by the American Arbitration Association (“AAA”) or such other administrator, as mutually agreed upon by the parties in writing. Arbitration shall be conducted in accordance with the AAA Commercial Arbitration Rules. If there is any inconsistency between the terms hereof and any such rules, the terms and procedures set forth herein shall control. A single arbitrator will resolve the dispute and shall be selected by mutual agreement of the parties. If the parties are unable to agree to an arbitrator, the AAA shall select and appoint the arbitrator. The arbitration shall be conducted in New York County, New York, and the parties irrevocably consent to such venue. All statutes of limitation applicable to any dispute shall apply to any arbitration proceeding. All discovery activities shall be expressly limited to matters directly relevant to the dispute being arbitrated and subject to limitation by the arbitrator to a level commensurate with the amount in controversy and complexity of the issues involved. Judgment upon any award rendered in arbitration may be entered in any court having jurisdiction.
Jurisdiction. Each party:
Hereby irrevocably consents to the jurisdiction of the United States District Court for the Southern District of New York or any New York court sitting in the Borough of Manhattan (and of the appropriate appellate courts therefrom) with respect to the entering of arbitration awards or with respect to any other matter found to be not arbitrable pursuant to XVIII.M. above, and
Irrevocably waives, to the fullest extent permitted by law, any objection that it may now or hereafter have to the laying of the venue of any proceeding brought in any such court or that any such proceeding has been brought in an inconvenient forum.
EXHIBIT A
DATA LICENSE TERMS
These Data Terms are incorporated into the Agreement. Any capitalized term used in these Data Terms that is not defined in the Data Terms will have the definition provided in the Terms.
DEFINITIONS.
"Subscriber Apps” means Subscriber’s web, mobile applications or other means to facilitate digital interface, including any API developed by Subscriber which facilitates Subscriber’s provision of services to Clients and, for clarity, excluding the Moment IP.
“Data Products” means the data services described in the Order Form which may include reference data, market/intraday and/or end-of-day pricing data which may be historical and/or evaluated pricing data relating to (i) US Treasury securities, (ii) public debt securities issued by foreign governments, (iii) securities issued by enterprises sponsored by the US Government or other federally related entities, (iv) securities issued by a State or Territory of the US or by one of its political subdivisions, agencies or instrumentalities, (v) certificates of deposit that are traded publicly, and (vi) debt securities that are issued by corporate entities and that are traded publicly. Data Products are provided subject to availability and compliance with Third-Party Data Terms and the laws and regulation of the United States and its administrative and political dependencies.
“Desktop User” means individual Authorized Users receiving Data Products via the Subscriber Apps for use on each such Desktop User’s own desktop/computing device.
“Governmental Authority” means any transnational, domestic or foreign national, federal, state or local governmental authority, department, court, agency, or official, including any political subdivision thereof.
“Person” means an individual, corporation, partnership, limited liability company, association, trust, or other entity or organization, including a Governmental Authority.
LICENSE GRANT.
License Grant by Moment.
Subject to the terms and conditions of the Data Terms, including, without limitation, any usage limits and restrictions set forth in the Order Form, Moment hereby grants to Subscriber during the Term a limited, revocable, non-exclusive, non-transferable (except as provided in Section XVIII.E. of the Terms), non-sublicensable right and license, solely in connection with Subscriber’s internal business purposes consistent with the DATA USE CASE specified in the Order Form, to access, reproduce and display the Data Products internally in a downloadable format only to to Desktop Users who comply with the following conditions:
Each such Desktop User must be issued a unique password. No transferring or sharing of passwords shall be permitted by Authorized Users or Subscriber;
Each Desktop User may download Data Products to a desktop/computing device used solely for such Desktop User’s individual use and not for any centralized, interdepartmental or shared use;
Once downloaded to a Desktop User’s desktop/computing device, the Data Products must remain on such Desktop User’s desktop/computing device and may not be uploaded, copied, transferred to, stored or managed in any other desktop/computing device, including that of another Desktop User, or any device, directory, database or other repository that is shared or can be accessed by others (e.g. the download functionality may not be used to populate master security databases);
Desktop Users may download Data Products only as a convenience in connection with Desktop Users’ services to Subscriber and not as an alternative to obtaining the Data Products from and/or pursuant to a separate or additional license agreement; and
Subscriber shall report to Moment within ten (10) business days following the end of each calendar quarter, the identity of any Desktop User that has downloaded more than: (i) 3,000 unique CUSIP Identifiers, or (ii) 3,000 unique CINS Identifiers, or (iii) 3,000 unique ISIN Identifiers via download for three (3) consecutive months.
To the extent necessary for Subscriber to execute on the DATA USE CASE specified in the Order Form, and subject to the restrictions set forth in Section 2.a.iv, Moment hereby grants to Subscriber during the Term a limited, revocable, non-exclusive, non-transferable (except as provided in Section XVIII.E. of the Terms), non-sublicensable right and license to display the Data Products to Clients through the Subscriber Apps in a view-only, non-downloadable format.
Subject to the terms and conditions of the Agreement, Moment hereby grants Subscriber a limited, revocable, non-exclusive, non-transferable license to use the Moment API solely to access and use the Data Products on and through the Subscriber App.
The limited license granted in Section 2.a.ii. is expressly conditioned upon Subscriber:
before such display, causing each individual or entity to whom Subscriber displays the Data Products to enter into a Client Contract with Subscriber, the terms and conditions of which are at least as protective of the Moment IP as this Agreement, and which will include all the restrictions provided in the Data Terms and, as applicable in the Terms; and
hereby agreeing to be responsible for all acts or omissions of Clients in connection with their use of the Data Products and their compliance with the Client Contract.
Creation of Derived Data. Subject to any usage limits and restrictions set forth in the Order Form, Subscriber may (i) create and (ii) use Derived Data in connection with Subscriber’s internal business purposes only in a manner consistent with the DATA USE CASE specified in the Order, and (iii) distribute to Clients bond analytics such as yields, spreads and durations on a bond-by-bond or portfolio basis by using the Data Products as one of multiple sources or analytical inputs in conjunction with additional third-party data and professional experience, provided that the data has been transformed, incorporated or used, in each case in a process such that Derived Data cannot be easily identified or reverse engineered as originating or directly derived from the Data Products (“Derived Data”).
SUBSCRIBER OBLIGATIONS. Subscriber shall:
Use the Data Products solely in the manner consistent with the DATA USE CASE represented in the Order Form;
Not modify the Data Products in any way, including without limitation during transmission to Clients through the Subscriber Apps;
Use the Data Products strictly as set forth herein and not share the Moment IP with any third parties except as expressly permitted herein;
Comply with all Applicable Laws in connection with its use of the Moment IP or any components thereof; and
Reproduce any copyright or other proprietary notice (or any source identifier) that Moment provides with the Moment IP or to Subscriber from time to time, and shall not remove, alter or obscure any of the foregoing proprietary notices or source identifiers.
RESTRICTION ON USE.
Subscriber shall not (and shall not authorize or knowingly permit any third-party to) make any use or disclosure of the Data Products except as expressly permitted under this Agreement.
Without limiting the foregoing, Subscriber shall not (and shall not authorize or knowingly permit any third-party to):
Except as provided in Annex A - USE OF ARTIFICIAL INTELLIGENCE, modify, reproduce, transfer, publish, disclose, distribute, sell, resell, license, sublicense, or rent the Moment IP, in whole or in part; or
Remove or modify any proprietary markings or restrictive legends placed on the Data Products.
Moment reserves the right to reject requests or temporarily throttle the Moment API if Moment receives an unusual number of requests, as determined by Moment in its sole discretion, and Subscriber acknowledges and agrees that such action by Moment does not constitute a breach of any obligation of Moment under this Agreement.
THIRD-PARTY TERMS. The Data Products include data sourced from third parties (“Third-Party Data”).
Access to and use of the Third-Party Data is subject to the terms of this Agreement, as well as any additional terms and conditions required by the providers of the Third-Party Data (the “Third-Party Data Terms”).
Subscriber acknowledges and agrees that:
Third-Party Data providers may require Moment to present Subscriber and/or Clients with, and cause Subscriber and/or Clients to agree to, Third-Party Data Terms in order for Subscriber and/or Clients to access such Third-Party Data via the Data Products (See, Annex B - Third-Party Data Terms);
If Subscriber and/or Client does not agree to such Third-Party Terms, then Moment may not allow Subscriber and/or Client to access the Data Products; and
As between Subscriber and a Third-Party Data provider, the Third-Party Data provider reserves and shall solely own the Third-Party Data .
In the event of a conflict between the Third-Party Data Terms and any other provision of this Agreement, the Third-Party Data Terms will prevail solely with respect to the applicable Third-Party Data.
If a provider of Third-Party Data requires Moment to agree to changes to the Third-Party Data Terms, or additional Third-Party Data Terms, in order for Moment to continue providing Third-Party Data, Moment will notify Subscriber of the changes and their effective date by any reasonable means.
If Subscriber does not wish to agree to the updated or new Third-Party Data Terms, Subscriber must promptly provide Moment with written notice.
Once Subscriber provides such written notice, Moment will exercise commercial efforts to cease the provision of such Third-Party Data to Subscriber. Moment will have complete discretion as to the time, manner and process undertaken to cease providing the Third-Party Data, including ceasing to provide components of the Data Products unrelated to the Third-Party Data or, in its sole discretion, terminating this Agreement.
If Subscriber does not provide the written notice required in subparagraph 5.d.i. above by the effective date of the changes to Third-Party Data Terms, or continues to use the applicable Third-Party Data on or after such effective date, then Subscriber shall be deemed to have accepted and agreed to the updated Third-Party Data Terms.
ACKNOWLEDGEMENT AND BRANDING.
Subscriber agrees to acknowledge Moment's contribution on its website or any Services where the Data Products are used or presented in a form and manner mutually acceptable to Subscriber and Moment and to link such acknowledgement to the following disclosure in a manner obvious to the person using or being presented the Data Products:
THE INFORMATION BEING PROVIDED (“INFORMATION”) IS BEING SUPPLIED BY MOMENT TECHNOLOGY INC. (“MOMENT”) SOURCED FROM THIRD PARTY DATA SOURCES. MOMENT IS NOT A FINANCIAL ORGANIZATION REGISTERED FOR THE PURPOSE OF PURCHASING OR SELLING FINANCIAL INSTRUMENTS. THE INFORMATION IS FOR INFORMATIONAL PURPOSES ONLY. THE INFORMATION IS NOT AN OFFER OR SOLICITATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, AND SHOULD NOT BE RELIED UPON EXCLUSIVELY TO MAKE FINANCIAL DECISIONS. THE INFORMATION SHOULD NOT BE CONSTRUED AS A RECOMMENDATION OR DETERMINATION OF SUITABILITY. MOMENT MAKES NO REPRESENTATIONS, GUARANTEES OR WARRANTIES REGARDING THE ACCURACY, COMPLETENESS OR FAIRNESS OF THE INFORMATION. ALL INFORMATION IS AS OF A PARTICULAR DATE AND MAY HAVE NOT BEEN UPDATED. THE PROVISION OF THIS INFORMATION DOES NOT IMPLY ANY OBLIGATION BY MOMENT TO UPDATE OR MAINTAIN THE INFORMATION CURRENT.
EFFECT OF TERMINATION. Upon termination of the Agreement:
All rights or licenses granted by Moment to Subscriber hereunder shall immediately terminate and Subscriber shall: (i) immediately cease all access to and use of the Moment IP, and no longer offer any such access to or use of the foregoing to Clients; (ii) remove all Moment IP and all copies and portions thereof in all forms and types of media from the Subscriber Apps; and (iii) purge all archived Moment IP from the Subscriber Apps or from any other portion of Subscriber’s systems and/or archives within fifteen (15) calendar days.
Subscriber shall immediately pay any Fees plus accruals (as set forth in Section VII. of the Terms) due and owing, and
The Receiving Party shall either return to the Disclosing Party (or, at the Disclosing Party’s instruction, destroy and provide the Disclosing Party with written certification of the destruction of) all documents, computer files, and other materials containing any Confidential Information of the Disclosing Party.
SURVIVAL. The following provisions will survive termination of the Agreement: Section 1 (“Definitions”), Section 7 (“Effect of Termination”), this Section 8 (“Survival”), Section 9 (“Representations and Warranties”), and Section 10 (“Disclaimer”).
REPRESENTATIONS AND WARRANTIES.
Moment Representations and Warranties.
Moment represents and warrants to Subscriber that:
The Data Products conform in all material respects to the descriptions set forth in the Order Form;
That it will use reasonable efforts to provide access to Moment IP on a timely basis;
That it will use commercially reasonable efforts to ensure that the Data Products shall be free from any viruses, worms, Trojan horses, or other harmful or malicious code or components; and
As Subscriber’s sole and exclusive remedy and Moment’s sole and exclusive obligation in connection with any breach of this Section 9.a.i.1., 2. and 3., Moment will promptly re-perform any non-conforming Data products.
It is not acting as an investment advisor, as defined in 15 U.S.C. §80b–2(a)(11) or as broker or dealer under 15 U.S.C. §78a et seq.
Subscriber represents and warrants to Moment that:
Its use of the Moment IP as contemplated hereunder will not violate the Intellectual Property Rights or any other right of a third-party;
It is not involved in any legal proceeding relating to the Subscriber Apps; and
It is not aware of any facts or circumstances that might lead to a legal proceeding relating to the Subscriber Apps.
For purposes of its use of the Moment IP, Moment is not acting as an investment advisor, as defined in 15 U.S.C. §80b–2(a)(11) or a broker or dealer under 15 U.S.C. §78a et seq.
DISCLAIMER. In addition to the disclaimers contained otherwise in this Agreement:
THE DATA PRODUCTS ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND ARE NOT INTENDED FOR ANY OTHER PURPOSE, INCLUDING PURCHASE, SALE OR RETENTION OF ANY CURRENCY, SECURITY, COMMODITY OR OTHER FINANCIAL PRODUCT AND THEIR PROVISION DOES NOT CONSTITUTE INVESTMENT ADVICE OR AN OFFER OR A SOLICITATION OF AN OFFER TO BUY OR SELL ANY CURRENCY, SECURITY, COMMODITY OR OTHER FINANCIAL PRODUCT.
ANY OPINIONS OR ASSERTION CONTAINED IN THE DATA PRODUCTS DO NOT REPRESENT THE OPINIONS OR BELIEFS OF MOMENT OR ITS AFFILIATES OR OF ANY OF THEIR RESPECTIVE EMPLOYEES, PRINCIPALS OR INVESTORS. THE DETERMINATION OF THE SUITABILITY OF THE DATA PRODUCTS FOR ANY USE, AND ALL DECISIONS MADE AS A RESULT OF USE OF THE DATA PRODUCTS, IS THE RESPONSIBILITY OF THE USER OF THE INFORMATION AND THE USER OF THE INFORMATION ASSUMES ALL RISK OF DAMAGE OR LOSS RESULTING FROM THE USE OF THE DATA PRODUCTS.
GIVEN THE GENERAL SCARCITY OF FIXED INCOME DATA AND THE UNCERTAINTY SOMETIMES ASSOCIATED WITH SUCH DATA, THE DATA PRODUCTS MAY INVOLVE DISCRETIONARY ASSUMPTIONS MADE BY MOMENT. SUCH ASSUMPTIONS AS WELL AS THEIR CORRESPONDING OUTCOMES MAY BE INCORRECT, LACK COMPLETE AND/OR FULL INFORMATION OR MAY BE UNDULY RELIANT ON LIMITED INFORMATION SELECTED AT MOMENT’S DISCRETION.
ANNEX A - USE OF ARTIFICIAL INTELLIGENCE
For the purposes of this Agreement,
“AI” means any program or system that is intended to mimic human cognitive functions and abilities and that is intended to generate data, mine data, identify patterns in data, or produce insights or correlations, or make predictions, recommendations, or decisions.
“Subscriber AI” means the AI utilized by Subscriber to
identify information necessary for Subscriber to provide ad hoc information to its retail investors, and
clean up issuer names to make them more human-readable and to reformat data to extract semantic meaning from unstructured, non-uniformed and inconsistent data.
“Output” means any data or other material that is produced by the Subscriber AI in furtherance of the use rights as set out in this Agreement.
Moment acknowledges and permits Subscriber, solely during the Term, to use the Data Products as an input to Subscriber AI in compliance with the terms of the Agreement and only in connection with Subscriber’s internal business purposes, in a manner consistent with the DATA USE CASE specified in the Order Form.
As a condition of and in connection with the aforementioned use of the Data Products in conjunction with Subscriber AI:
Subscriber shall set up a secure environment designed in accordance with good industry practice within Subscriber’s own information technology systems or third-party hosted Services (provided that (a) such third-party does not have access to Subscriber AI or the Data Products in the environment, and that no other access to the environment is given to any other third-party and (b) Subscriber shall be liable for any use, misuse, or security breaches involving the Data Products on such third-party Services) (the “Internal Environment”). Any Subscriber AI shall be hosted and retained within the Internal Environment only, and such Subscriber AI shall be accessible only by Subscriber’s employees and subcontractors.
Subscriber represents and warrants that each Subscriber AI and Output: (a) does not and will not provide material or data bearing any resemblance to the Data Products (including any trademarks or symbology), (b) cannot be reverse engineered, disassembled or decompiled such that a third-party may access the Data Products, (c) cannot be used in a manner which could be a substitute for the Data Products, (d) cannot be used in a manner which competes with and/or is otherwise comparable to the Data Products or in the creation of price assessments and/or price indices; and (e) will not be used, portrayed, or promoted in a way that implies Moment’s, its affiliates’, and/or Third-Party Data providers’ review, monitoring, sponsorship, endorsement, promotion or sale of such Subscriber AI or Output, and Subscriber shall include a disclaimer to that effect. Subscriber shall not use the Subscriber AI or Output to provide services to any third-party if such services would replace the need for such third-party to have a license to the Data Products.
Subscriber represents and warrants that its use of the Data Products in conjunction with Subscriber AI does not and will not, in any manner (a) tarnish, blur or dilute the trademarks or associated goodwill of Moment; or (b) appeal to prurient interests or, in Moment’s reasonable opinion, otherwise be offensive or unethical (e.g., for fake news, deep faking/impersonations, plagiarism, micro targeting, bias/discriminatory outcomes, weapon manufacture or guidance systems, etc.).
Subscriber shall not use the Data Products or Subscriber AI to learn how Moment formats, links or organizes Data Products to then independently collect, validate, homogenize and format independently sourced information or other third-party data as substitute for the Data Products.
Subscriber represents and warrants that the Subscriber AI does not or following the expiry or termination of the Order Form will not have the ability to produce copies of or regurgitate the Data Products or any parts thereof, without having access to such Data Products or any parts thereof.
In addition to Subscriber’s indemnification obligation set out in the Agreement, Subscriber shall indemnify and defend Moment and their Third-Party Data providers from and against any and all costs, claims, damages or liabilities (including reasonable attorneys’ fees) arising out of any claim or litigation against Moment or Third-Party Data providers arising out of any access to, use or distribution of any or all of the following: (a) the Data Products, (b) Subscriber AI, (c) Outputs.
Subscriber shall cooperate with all reasonable requests by Moment to add to or delete portions of the Data Products from the Subscriber AI or Output (including, but not limited to, adding further disclaimers) in order to comply with applicable laws, rules, regulations, or Moment’s policies.
Upon termination of this Order Form, Subscriber must immediately stop using any Data Products and shall (i) purge, destroy, delete and/or expunge the Data Products, Output and any portion or copies thereof from all electronic systems and databases, (ii) ensure that Clients purge, destroy, delete and/or expunge the Output and any portion or copies thereof from all electronic systems and databases, in each case except as required for regulatory or compliance purposes which shall be held subject to the confidentiality terms of the Agreement. Upon request by Moment, Company shall promptly certify in writing that it and the Clients has/have complied with this requirement.
ANNEX B - THIRD PARTY DATA TERMS
Additional Contract Terms in Connection with the Use of the CUSIP Database
“Subscriber agrees and acknowledges that the CUSIP Database and the information contained therein is and shall remain valuable intellectual property owned by, or licensed to, CUSIP Global Services (“CGS”) and the American Bankers Association (“ABA”), and that no proprietary rights are being transferred to Subscriber in such materials or in any of the information contained therein. Any use by Subscriber outside of the clearing and settlement of transactions requires a license from CGS, along with an associated fee based on usage. Subscriber agrees that misappropriation or misuse of such materials will cause serious damage to CGS and ABA, and that in such event money damages may not constitute sufficient compensation to CGS and ABA; consequently, Subscriber agrees that in the event of any misappropriation or misuse, CGS and ABA shall have the right to obtain injunctive relief in addition to any other legal or financial remedies to which CGS and ABA may be entitled.”
“Subscriber agrees that Subscriber shall not publish or distribute in any medium the CUSIP Database or any information contained therein or summaries or subsets thereof to any person or entity except in connection with the normal clearing and settlement of security transactions. Subscriber further agrees that the use of CUSIP numbers and descriptions is not intended to create or maintain, and does not serve the purpose of the creation or maintenance of, a master file or database of CUSIP descriptions or numbers for itself or any third-party recipient of such service and is not intended to create and does not serve in any way as a substitute for the CUSIP MASTER , DATABASE, INTERNET, ELECTRONIC Services and/or any other future services developed by CGS.”
“NEITHER CGS, ABA NOR ANY OF THEIR AFFILIATES MAKE ANY WARRANTIES, EXPRESS OR IMPLIED, AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF ANY OF THE INFORMATION CONTAINED IN THE CUSIP DATABASE. ALL SUCH MATERIALS ARE PROVIDED TO SUBSCRIBER ON AN “AS IS” BASIS, WITHOUT ANY WARRANTIES AS TO MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE NOR WITH RESPECT TO THE RESULTS WHICH MAY BE OBTAINED FROM THE USE OF SUCH MATERIALS. NEITHER CGS, ABA NOR THEIR AFFILIATES SHALL HAVE ANY RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR OMISSIONS NOR SHALL THEY BE LIABLE FOR ANY DAMAGES, WHETHER DIRECT OR INDIRECT, SPECIAL OR CONSEQUENTIAL, EVEN IF THEY HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL THE LIABILITY OF CGS, ABA OR ANY OF THEIR AFFILIATES PURSUANT TO ANY CAUSE OF ACTION, WHETHER IN CONTRACT, TORT, OR OTHERWISE, EXCEED THE FEE PAID BY SUBSCRIBER FOR ACCESS TO SUCH MATERIALS IN THE MONTH IN WHICH SUCH CAUSE OF ACTION IS ALLEGED TO HAVE ARISEN. FURTHERMORE, CGS AND ABA SHALL HAVE NO RESPONSIBILITY OR LIABILITY FOR DELAYS OR FAILURES DUE TO CIRCUMSTANCES BEYOND THEIR CONTROL.”
“Subscriber agrees that the foregoing terms and conditions shall survive any termination of its right of access to the materials identified above.”
“In the event Subscriber has a CGS License Agreement that permits broader rights than those granted above, then the terms of that Subscriber’s CGS License Agreement shall govern such Subscriber’s use of the CUSIP Database and/or any information contained therein for so long as such agreement remains in effect.”
Additional Contract Terms in Connection with the Use of Third Party Provider II Database
The following fields, if included in the Data Products are provided by the Third Party Provider II identified in the order form, or any of the Third Party Provider II's subsidiaries.
Important information regarding the use of Third Party Provider II data:
Third Party Provider II, their affiliates nor any of their suppliers shall have any liability for the accuracy or completeness of the information or software furnished through the Data Products, or for delays, interruptions or omissions therein nor for any lost profits, indirect, special or consequential damages;
Third Party Provider II products, data, services and software are not investment advice and a reference to a particular investment or security, a credit rating or any observation concerning a security or investment provided in connection with the products, data, services and software is not a recommendation to buy, sell or hold such investment or security or make any other investment decisions;
Third Party Provider II, their affiliates or their suppliers have exclusive proprietary rights in the Third Party Provider products, data, services and software and any information and software received in connection therewith;
Subscriber shall not use or permit anyone to use the Third Party Provider II products, data, services and software for any unlawful or unauthorized purpose;
The Third Party Provider II products, data, services and software are being provided for Subscriber’s internal use only and Subscriber is not authorized or permitted to distribute or otherwise furnish such information or software to any third-party without prior written approval of Third Party Provider II;
Access to Third Party Provider II's products, data, services and software is subject to termination in the event that any agreement between Moment and Third Party Provider II terminates for any reason.
To the extent any Derived Data created by Subscriber includes as input Third Party Provider II data, Subscriber is required to promptly purge and permanently delete the Derived Data from all electronic systems (save to the extent a Subscriber is required to retain any data or information pursuant to applicable law or regulation, provided that any data so retained shall not be used or distributed for any purpose and shall be maintained in a confidential manner), and to provide all reasonable cooperation to Third Party Provider II to verify compliance with this obligation, and
Subscriber is required to include these contractual provisions in its agreements with Clients.
EXHIBIT B
DATA PROCESSING ADDENDUM
This Data Processing Agreement (“DPA”) is incorporated into and forms part of the Services Agreement (“Principal Agreement”), by and between Moment Technology Inc. (“Processor”) and Subscriber (“Controller”) for the provision of Services as further set out in the Principal Agreement (the “Services”). Capitalized terms used but not defined herein shall have the meaning set out in the Principal Agreement.
WHEREAS Controller is a Data Controller (as defined below) in relation to its processing of certain Personal Information (as defined below) and has engaged Processor for the provision of Services which shall involve the processing of Personal Information as a Data Processor on behalf of Controller.
Processor and Controller agree as follows:
“Controller Personal Information” means the Personal Information that is processed by Processor under this DPA of: (i) data subjects that are end-customers of Controller and/or business clients of Controller; and (ii) employees of Controller and its affiliates.
“Data Controller” and “Data Processor” or terms addressing similar data protection and privacy roles, have, in respect of each relevant jurisdiction, the meanings given to those terms under the applicable Data Protection Laws for that jurisdiction. For example, “service provider”, “business” or “covered entity”. If the applicable jurisdiction does not have such a term, the “controller” and “processor” definitions from GDPR shall apply.
“Data Protection Laws” means all applicable data protection, data privacy and cybersecurity laws and regulations applicable to a party’s processing of Controller Personal Information pursuant to this DPA, including, where applicable, Regulation S-P, EU/UK Data Protection Laws, and Non-EU Data Protection Laws.
“Data Subject” shall in each relevant jurisdiction have the same meaning as the term “data subject”, “consumer”, “customer” or other term for natural persons under the Data Protection Law.
“EU/UK Data Protection Laws” means: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (the “EU GDPR”); (ii) means the GDPR as applicable as part of UK domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (as amended) (the “UK GDPR”); (iii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iv) any and all applicable national data protection laws made under, pursuant to or that apply in conjunction with any of (i), (ii) or (iii); in each case as may be amended or superseded from time to time, provided that, in the event of a conflict in the meaning of the defined terms in the EU/UK Data Protection Laws, the meaning from the law applicable to the location of the relevant Data Subject shall apply.
“Non-EU Data Protection Laws” means any applicable data protection, cybersecurity or data privacy laws other than the EU/UK Data Protection laws applying to the processing of Controller Personal Information, including without limitation: (i) the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act of 2020 (California Civil Code §§ 1798.100 to 1798.199) (“CPRA”); (ii) privacy and safeguards rules promulgated pursuant to the Gramm-Leach-Bliley Act (“GLBA”) which includes Regulation S-P by the Securities Exchange Commission; (“Regulation S-P”); (iii) US state data breach notification laws; and (iv) any and all applicable national data protection laws made under, pursuant to or that apply in conjunction with any of (i), (ii), (iii) or (iv); in each case as may be amended or superseded from time to time.
“Personal Information” shall in each relevant jurisdiction, have the same meaning as the term “personal data,” “personally identifiable information (PII),” “personal information”, “non-public personal information”, “customer information”, or other equivalent under Data Protection Laws for that jurisdiction.
“Processor Personnel” means any employee, consultant, contractor or agent of Processor.
“Security Incident” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Controller Personal Information that is processed by Processor under this DPA;
“Standard Contractual Clauses” mean:
i. the standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR, adopted by the European Commission under Commission Implementing Decision (EU) 2021/914, including the text from Module II of such clauses: Controller to Processor, as supplemented by this DPA (“EU Standard Contractual Clauses”);
ii. the EU Standard Contractual Clauses, provided that any references in the clauses to the GDPR shall refer to the Swiss Federal Act on Data Protection; the term ‘member state’ must not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence in accordance with clause 18(c) of the clauses;
iii. the International Data Transfer Addendum to the EU Standard Contractual Clauses, issued by the Information Commissioner and laid before Parliament in accordance with s.119A of the Data Protection Act 2018 on 2 February 2022 but, as permitted by clause 17 of such addendum, the parties agree to change the format of the information set out in Part 1 of the addendum so that:
a. the details of the parties in table 1 shall be as set out in DPA Annex to the Order Form (“DPA Annex”. with no requirement for signature)
b. for the purposes of table 2, the addendum shall be appended to the EU Standard Contractual Clauses (including the selection of modules and disapplication of optional clauses as noted above) and clause 1.13.1 below selects the option and timescales for clause 9; and
c. the appendix information listed in table 3 is set out in DPA Annex; and
iv. any other form of standard contractual clauses for the transfer of Personal Information to a third country pursuant to Data Protection Laws amended to include the information set out in DPA Annex to the extent required by Data Protection Laws.
“UK GDPR” means the GDPR as applicable as part of UK domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (as amended); and
“controller”, “processor”, “data subject”, “sensitive personal data”, “processing”, “records of processing activities”, “data protection officer”, “consent”, “international transfer of personal data”, “anonymization”, “data protection impact assessment or DPIA”, “restriction”, “sub-processor”, “portability” and “appropriate technical and organizational measures” shall be interpreted in accordance with Data Protection Laws, if no such definition exists in the Data Protection Laws the term shall be interpreted in accordance with the GDPR.
1. PURPOSE; SCOPE AND ROLE
1.1 This DPA applies to the processing of Controller Personal Information by Processor on behalf of Controller in the course of providing the Services (for the purposes of this DPA only, the “Processing Activities”).
1.2 The parties agree that Controller acts as the Data Controller and Processor acts as the Data Processor in respect of the Processing Activities. To the extent a third party (such as an Controller business client) or an affiliate of Controller is the Data Controller and Controller is the Data Processor in relation to any part of the Processing Activities then Processor acts as a sub-Data Processor (“Sub-Processor”) on behalf of Controller and this DPA shall apply to such processing construed as a processor to sub-processor arrangement.
1.3 This DPA shall not apply to any processing of Controller Personal Information in connection with the Principal Agreement where Controller or Processor are processing such Controller Personal Information as separate or joint controllers. If Processor is required to process Controller Personal Information for any other purpose by applicable laws to which Processor is subject, Processor shall inform Controller of this requirement prior to that processing activity.
1.4 The term of this DPA shall be the same as of the Principal Agreement and will endure until Processor fully complies with all its obligations hereunder.
1.5 By signing the Principal Agreement, Controller enters into this DPA (including where applicable, the Standard Contractual Clauses).
2. DATA PROCESSING
2.1 Processor will Process Controller Personal Information solely for the purposes set forth in Section A of Schedule 1 (the “Business Purpose”) and will not retain, use, or disclose the Controller Personal Information for any purpose other than the Business Purpose.
2.2 Processor will comply with the requirements of Data Protection Laws in respect of provision of the Services and otherwise in connection with this DPA and will not knowingly do anything or permit anything to be done which would lead to a breach by Controller of the Data Protection Laws. Processor shall promptly notify Controller in writing if Processor believes that it can no longer meet its obligations under Data Protection Laws or this DPA.
2.3 Controller represents and warrants that: (i) it has complied and will comply with Data Protection Laws; (ii) it has obtained and will obtain and continue to have, during the term, all necessary rights, lawful bases, authorizations, consents, and licenses for the Processing of Controller Personal Information as contemplated by the Principal Agreement; and (iii) Processor’s Processing of Controller Personal Information in accordance with the Principal Agreement will not violate Data Protection Laws.
2.4 To the extent Processor directly collects and then transfers the Controller Personal Information to Controller, it is understood that such Personal Information will be integrated into Controller’s databases and will be managed exclusively by Controller under its sole discretion in compliance with Data Protection Laws.
2.6 For all Processing Activities, Processor shall:
2.6.1 act only on written instructions and directions from Controller and will comply promptly with all such instructions and directions received from Controller from time to time;
2.6.2 not process Controller Personal Information for any purpose other than for the Business Purpose and only to the extent reasonably necessary for the performance of the Principal Agreement or this DPA;
2.6.3 not disclose Controller Personal Information to any person, affiliate, government, authority or any other third party except where authorized by the Principal Agreement or this DPA, to comply with applicable laws or with Controller’s prior written consent. To the extent permitted by applicable laws, Processor will promptly notify Controller in writing if Processor receives a request to disclose Controller Personal Information to any third party. Where possible and permitted by applicable laws, the notice will: (a) include a copy of the request; and (b) to the extent not covered by “(a)”, specify the identity of the requester, the scope and purpose of the request, the date of the request and any deadline for a response;
2.6.4 implement and maintain appropriate technical and organizational measures, including those outlined in Article 32 of GDPR and Schedule 2 of this DPA designed to protect the Controller Personal Information against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure of Personal Information. These measures shall be appropriate to the harm which might result from any unauthorized or unlawful processing, accidental loss, destruction, damage or theft of the personal data to the data subject and having regard to the nature of the Personal Information which is to be protected.
2.6.5 promptly notify Controller in writing of any complaint, request, demand, petition, lawsuit or plea presented by a data subject or any authority regarding Processor’s processing of Controller Personal Information, including requests for the fulfillment of the data subjects’ rights envisioned by the Data Protection Law. Processor will not respond to such requests;
2.6.6 process Controller Personal Information only in accordance with the specified duration, for the specified Business Purposes, type and categories of data subjects as set out in Schedule 1;
2.6.7 promptly notify Controller in writing if in Processor’s reasonable opinion complying with an instruction given by Controller regarding processing under this DPA would infringe Data Protection Laws. Processor shall either not commence or immediately suspend any processing activity related to the potentially unlawful instruction; and
2.6.9 promptly cease any Processing Activity as requested by Controller, as well as to the extent possible, rectify, update, delete, de-identify and/or restrict the Controller Personal Information and/or any specific Processing Activity, following Controller’s written instructions.
3. SPECIFIC DATA PROTECTION LAW REQUIREMENTS
3.1 To the extent the CCPA is applicable to the Processing Activities and to the extent required or reasonably necessary for compliance with other Data Protection Laws, Processor:
3.1.1 is prohibited from Selling or Sharing (each as defined in the CCPA) Controller Personal Information. Processor shall only process Controller Personal Information for the limited and specified Business Purpose.
3.1.2 is prohibited from retaining, using, or disclosing the Controller Personal Information for any purposes or commercial purpose other than for the Business Purpose, unless expressly permitted by Controller.
3.1.3 is prohibited from retaining, using, or disclosing Controller Personal Information outside the direct business relationship between Processor and Controller unless expressly permitted by the CCPA. For example, Processor may not combine or update Controller Personal Information with Personal Information that it received from another source or collected from its own interaction with a consumer, unless expressly permitted by Controller.
3.1.4 shall comply with all applicable sections of the CCPA, including with respect to the Controller Personal Information it collected pursuant to the Principal Agreement, providing the same level of privacy protection as required of Controller by the CCPA.
3.1.5 grants Controller the right to take reasonable and appropriate steps, at Controller’s expense and subject to Processor’s consent, to ensure that it uses Controller Personal Information in a manner consistent with Controller’s obligations under the CCPA. Reasonable and appropriate steps may, subject to Processor’s approval, include ongoing manual reviews and automated scans of Processor’s system and regular internal or third-party assessments, audits, or other technical and operational testing at least once every 12 months.
3.1.6 grants Controller the right, upon notice, to take reasonable and appropriate steps to stop and remediate Processor’s unauthorized processing of Controller Personal Information.
3.1.7 Shall reasonably assist Controller at Controller’s expense to comply with consumer requests made pursuant to CCPA or Controller shall inform Processor of any consumer request made pursuant to the CCPA that it must comply with and provide the information necessary for Processor to comply with the request.
3.2 Processor certifies that it understands the restrictions set forth in sub-Section 3.1 and will comply with them.
3.3 To the extent that GLBA or Regulation S-P applies to Processor, Processor will comply with the GLBA Privacy Rule and Safeguards Rule and will not reuse or redisclose any non-public personal financial information other than as permitted by GLBA or Regulation S-P.
3.4 Processor shall comply with all transparency and privacy notice obligations under Data Protection Laws, including but not limited to identifying Controller as the Data Controller of Controller Personal Information in Processor’s externally facing privacy notices where required under Article 9 of the LGPD;
4. COOPERATION AND AUDIT RIGHTS
4.1 Processor shall provide reasonable assistance and all information reasonably requested by Controller from time to time to assess and verify Processor’s compliance with this DPA and Data Protection Laws.
4.2 Processor shall reasonably assist Controller in ensuring Controller’s compliance with Data Protection Laws, including the obligations set out in Article 32 to 36 of GDPR (and the UK GDPR equivalent) taking into account the nature of processing and information available to the Processor and the following:
4.2.1 Registration, notification and reporting obligations to Supervisory Authorities and/or data subjects;
4.2.2 Accountability (e.g. Article 5, paragraph 2 of GDPR);
4.2.3 Ensuring the security of Controller Personal Information;
4.2.4 Satisfying the rights of data subjects with regards to Controller Personal Information, including accessing, correcting, deleting and providing information concerning processing of Controller Personal Information;
4.2.5 Third party and international transfers;
4.2.6 Records of processing activities; and
4.2.7 Controller’s obligation to only use processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of Data Protection Laws and ensure the protection of the rights of the data subject.
4.3 In addition to any audit rights of Controller set forth in the Principal Agreement, where Controller has reasonable concerns about Processor’s technical and organizational measures, after a Security Incident or following an instruction or other communication from a data protection authority, upon at least thirty (30) days advance written request and no more than once in a 12 month period, Processor will allow for and contribute to reasonable audits of its records conducted by Controller (or Controller’s independent third-party auditor). Processor and Controller shall each be responsible for their own costs in relation to any audits undertaken. The process of such audits will be determined by Controller in consultation with Processor covering such matters as scope, timing, costs, confidentiality and impact to Processor’s regular business operations. All such audits will be conducted at Controller’s expense and Processor shall charge Controller for such audit at Processor’s then-current rates.
5. PROCESSOR AFFILIATES AND SUB-PROCESSORS
5.1Controller acknowledges and agrees that Processor may retain its affiliates and/or third parties to process Controller Personal Information on Processor’s behalf (each a “Sub-Processor”). Processor shall enter into a written agreement with each Sub-Processor containing data protection and data privacy terms not less protective than those in this DPA with respect to the protection and privacy of Controller Personal Information.
5.2 The list of Processor’s Sub-Processors as of the signature date of this DPA is set forth in paragraph G of Schedule 1. Controller hereby approves the Sub-Processors listed on Schedule 1 (each, an “Approved Sub-Processor”)for the Processing of Controller Personal Information on Processor’s behalf.
5.3 Processor will notify Controller in writing of any new Sub-Processor (including the respective location where Controller Personal Information is or could be processed) to process Controller Personal Information in connection with the applicable Services. Controller may object, in its reasonable discretion to such Sub-Processor within 7 days after receipt of such notice by notifying Processor in writing. If Controller objects to the addition of a new Sub-Processor, the Parties will negotiate a mutually agreeable alternative and if no such alternative is agreed within 30 days of the objection, Controller will have the right to terminate, without penalty, any Service for which Controller Personal Information would be processed by the new Sub-Processor.
5.4 Processor will remain fully liable to Controller for any acts and omissions of its Sub-Processors to the same extent Processor would be liable if performing the services of each Sub-Processor directly under the terms of this DPA.
6. INCIDENT MANAGEMENT AND NOTIFICATION
6.1 Processor maintains an incident response program that is integrated into its business activities and business continuity procedures and that is designed to ensure Processor becomes aware of any Security Incidents in a timely manner. In the event Processor becomes aware of a Security Incident, Processor shall notify Controller in writing without undue delay, but in any event not later than forty-eight (48) hours from the time Processor became aware of the Security Incident.
6.2 Any notification made under this Section 5 must be in writing by email sent to the Controller at the email address provided by the Controller in the Order Form providing a reasonable description of the nature of the Security Incident and of the measures taken by Processor has taken to address and/or mitigate the Security Incident; and specify a point of contact at Processor whom Controller can contact about the Security Incident for regular updates.
6.4 Processor will take reasonable steps to mitigate and minimize any damage resulting from the Security Incident. Processor will promptly comply with any instructions provided by, and cooperate with, Controller in relation to the Security Incident.
7. PROCESSOR PERSONNEL
7.1 Processor shall provide training as necessary from time to time to Processor Personnel Processing Controller Personal Information with respect to Processor’s obligations under Data Protection Laws.
8.2 Processor shall limit access to Controller Personal Information to those Processor Personnel performing the Services on a need-to-know basis and who have been trained as required under this Section 7 and ensure that any Processor Personnel with access to Controller Personal Information are bound by confidentiality obligations in respect of access or processing of Controller Personal Information.
8. DATA PROTECTION IMPACT ASSESSMENTS
8.1 Upon Controller’s request, Processor will provide Controller at Controller’s expense with reasonable cooperation and assistance needed to fulfill Controller’s obligation to carry out data protection impact assessments regarding Controller’s use of the Services to the extent such information is available to Processor.
8.2 Processor will provide reasonable assistance to Controller at Controller’s expense in the cooperation or prior consultation with the applicable supervisory authority in the performance of its tasks relating to Section 8.1 of this DPA, to the extent required under applicable Data Protection Laws.
9. RETURN AND DELETION OF CONTROLLER PERSONAL INFORMATION
9.1 At the end of the Services or upon Controller's request, unless prohibited by applicable laws, Processor shall at Controller’s choice either a) return and securely destroy; or b) securely destroy Controller Personal Information on Processor’s systems or in Processor's possession.
9.2 Processor shall ensure that all secure destruction of Controller Personal Information meets industry standard data destruction requirements and complies with Data Protection Laws. Upon Controller’s request, Processor will provide a written confirmation of the secure destruction of Controller Personal Information under this Section 9.
9.3 Where Processor retains Controller Personal Information for the purpose of complying with Processor’s applicable laws, Processor will be a sole controller and therefore Controller shall bear no level of responsibility as to any processing activity, including simple storage, that Processor may undertake.
9.4 Notwithstanding the termination of this DPA at any time, in any circumstances and for whatever reason, the parties agree that their respective obligations with respect to the rights of any data subject shall remain in force, until any such Controller Personal Information has been permanently and irrevocably deleted or anonymised.
10. TRANSFERS OF PERSONAL INFORMATION
10.1 Controller and Processor shall enter into the applicable Standard Contractual Clauses for the Processing Activities.
10.2 For the purposes of the EU Standard Contractual Clauses, the following shall apply:
10.2.1 in Clause 7, the optional docking clause will not apply;
10.2.2 Clause 9 option 1 will apply;
10.2.3 in Clause 11, the optional language will not apply;
10.2.4 Clause 17 (Governing law): the clauses shall be governed by the laws of Ireland;
10.2.5 Clause 18 (Choice of forum and jurisdiction) the courts of Ireland shall have jurisdiction.
10.3 Processor is prohibited from transferring any Controller Personal Information to any third party (including an affiliate) that is not an Approved Sub-Processor under this DPA. For any transfer of Controller Personal Information under this DPA to an Approved Sub-Processor:
10.3.1 Processor shall fully comply with the requirements of Data Protection Laws related to the international transfer of such Controller Personal Information, including that such transfer occurs pursuant to the applicable Standard Contractual Clauses or other compliant mechanisms under Data Protection Laws; and
10.3.2 In the event that Controller gives its consent to Processor transferring Controller Personal Information outside of the country Controller has approved for Processing Activities or a decision or other valid adequacy method under Data Protection Law on which Controller has relied in authorizing the data transfer is held to be invalid, or that any supervisory authority requires transfers of personal data made pursuant to such decision to be suspended, then the parties agree to discuss in good faith and facilitate the use of an alternative transfer mechanism.
11. OTHER PROVISIONS
11.1 The provisions contained in this DPA shall survive the termination of this DPA and the Principal Agreement for as long as the Processing Activities continue.
11.2 Only to the extent required by applicable Data Protection Law (e.g., in relation to the governing law of the Standard Contractual Clauses) this DPA shall be governed by the law of the applicable jurisdiction. In all other cases, this DPA shall be governed by the laws of the jurisdiction that governs the Principal Agreement.
11.3 This DPA shall take effect between Processor and Controller and become legally binding on the parties on the effective date of the Principal Agreement (“Effective Date”). The Standard Contractual Clauses (if applicable) shall take effect and become legally binding between the Data Importer and Data Exporter on the Effective Date.
/
Schedule 1
Data processing information
A. Business Purposes and Subject-Matter
The personal data transferred and processed is for the following subject-matter and purpose(s):
● The personal data that is necessary for Processor to provide the Services (purpose) and the context for how Controller Personal Information will be processed as part of the Services (subject-matter).
B. Categories of data subject
The personal data transferred and processed concern the following categories of data subjects (please specify):
● End-customers of Controller
● Employees of Controller, its affiliates and third-party representatives (as Authorized Users under the Principal Agreement)
C. Categories of personal data
The personal data transferred and processed concern the following categories of data (please specify):
End-customer of Controller
● Account number or other unique identifier
● Mailing address (including zip code)
● Transaction and trade activity information
Employees of Controller, its affiliates and third-party representatives
● Password
● Meta data regarding Authorized Users’ date and time of access, frequency of access
D. Special categories of data (if appropriate)
The personal data transferred and processed concern the following special categories of data (please specify):
● Not applicable
E. Duration of Processing
The personal data shall be processed for as long as necessary to provide the Services and in accordance with Data Protection Law.
F. Frequency of Transfer
The personal data shall be transferred on a continuous basis.
The personal data shall be transferred primarily through Controller APIs and Processor APIs.
G. Approved Sub-Processors
[Processor to provide a list of sub processors here including contact details and the subject-matter, nature and duration of their processing].
● Amazon Web Services (AWS)
○ Subject-Matter: Hosting and infrastructure support required for providing the Services ○ Nature: Storage, backup, and processing of personal data
○ Duration: As long as necessary to provide the Services in accordance with Data
Protection Law
● MultiLynq
○ Subject-Matter: Connectivity and integration solutions for transaction and trade activity information
○ Nature: Facilitation of data exchange
○ Duration: As long as necessary to provide the Services in accordance with Data
Protection Law
● Datadog
○ Subject-Matter: Monitoring, analytics, and optimization of performance
○ Nature: Collection and analysis of metrics, traces, and logs for optimizing performance and security
○ Duration: As long as necessary to provide the Services in accordance with Data
Protection Law
● TimeScale DB
○ Subject-Matter: Data warehouse and Analytics
○ Nature: Data warehouse that stores all the data for reference data, orders and messages between the services.
○ Duration: As long as necessary to provide the Services in accordance with Data
Protection Law
Schedule 2
TECHNICAL AND ORGANIZATIONAL MEASURES
Description of the technical and organizational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.
Data Protection
All data (personal and otherwise) is encrypted at rest using industry standard AES 256 encryption. Data in transit is encrypted using TLS 1.2 and greater. We review and monitor configurations to ensure that systems stay in compliance with our encryption requirements.
Data Management
Our current program’s key elements include data inventory and classification, data governance policies, and data retention policies.
Our policy outlines roles, responsibilities, and processes for data management, including access controls, sharing, quality, and lifecycle management. Our policy states that we only retain data for the duration of an agreement with a customer except as otherwise required by applicable laws.
We have also established procedures for secure data disposal helps prevent unnecessary data accumulation and minimizes data breach risks.
In addition, employee training and awareness is present to communicate policy and best practices. Periodic internal risk assessments and third party reviews have been established to ensure the program remains up-to-date and effective, aligning with changing regulations.
Our data management practices are implemented with technical controls that map back to the specific policy and controls that are in place that align with SOC 2 Control Criteria along with regulatory requirements.
Security and Compliance Program Elements
We have established a robust information security framework based on NIST 800-53 and elements of ISO 27001. We utilize the following principles to manage our infrastructure and management of information. These are supported by policies that are reviewed and updated on an annual basis. Our program includes:
Access Control and Authentication:
● Implement strong access controls to limit system access to authorized personnel only.
● Use multi-factor authentication (MFA) to add an extra layer of security to user logins.
● Regularly review and update user access privileges based on their roles and responsibilities.
Data Encryption:
● Encrypt sensitive data both in transit and at rest to protect it from unauthorized access.
● Utilize strong encryption algorithms and keep encryption keys secure.
Regular Security Updates and vulnerability review:
● Stay up-to-date with the latest security patches and updates for all software and systems.
● Apply security updates according to policy to address known vulnerabilities.
Security Groups and Intrusion Detection Systems (IDS):
● Utilize cloud infrastructure security groups to limit access to external facing assets.
● Intrusion Detection to detect and respond to potential security breaches or attacks.
Data Backups and Disaster Recovery:
● Regularly back up critical data and systems to secure offsite locations.
● Develop and derive tests of a disaster recovery plan to ensure business continuity in case of unexpected events.
Monitoring and Logging:
● Implement monitoring tools to track system activity
● Logs for auditing, incident investigation, and compliance purposes.
Employee Training and Awareness:
● Educate employees about cybersecurity best practices and potential threats.
● Conduct annual training sessions to raise awareness of phishing, social engineering, and other security risks that are specific to the industry
Vendor Management:
● Assess the security practices of third-party vendors and service providers.
● Ensure that they meet industry standards and comply with data protection regulations.
Vulnerability Assessments:
● Address vulnerabilities promptly to reduce the risk of exploitation.
Incident Response and Contingency Planning:
● Incident response plan to handle security breaches effectively.
● Roles and responsibilities for incident response team members.
Compliance and Regulations:
● Stay informed about relevant data protection and privacy regulations.
● Ensure that systems and services comply with the applicable laws.
Continuous Monitoring and Improvement:
● Establish a culture of continuous improvement for security practices.
● Conduct annual SOC 2 Type 2 Audit (Completion expected on Q1 2025)