Contracts
- Mutual Nondisclosure Agreement
- End User Agreement
- Service Level Agreement
- Customer Data Processing Addendum
- Business Associate Agreement
- Partner Large Deal Confirmation
- Criminal Justice Information Addendum
- Reseller Partner Agreement
- Ethical Business Practices
- Apple Wallet Mobile NFC Terms and Elections
- エンドユーザ契約書 (End User Agreement)
- Command Connector Compatibility Waiver
Mutual Nondisclosure Agreement
Effective June 18th 2024
DownloadTable of Contents
This Mutual Nondisclosure Agreement (this “Agreement”) is made and entered between Verkada Inc. and you, the party who accepts this Agreement (“Counterparty”) whether by clicking a box indicating acceptance, navigating through a login page where a link to this Agreement is provided, or providing another form of electronic acceptance.
This Agreement is effective between Verkada and the Counterparty as of the date that Counterparty accepts the terms of this Agreement as indicated above (the “Effective Date”). Verkada reserves the right to modify or update the terms of this Agreement in its discretion, the effective date of which will be the earlier of (i) 30 days from the date of such update or modification and (ii) to Counterparty’s continued participation in Verkada’s programs.
1. Purpose. The parties wish to explore a business opportunity of mutual interest and in connection with this opportunity, each party may disclose to the other certain confidential technical and business information that the disclosing party desires the receiving party to treat as confidential.
2. “Confidential Information” means any information disclosed by either party to the other party, directly or indirectly, in writing, orally, or by inspection of tangible objects (including documents, prototypes, samples, plant, and equipment), which is designated as “Confidential,” “Proprietary,” or which would reasonably be considered confidential under the circumstances. Information communicated orally will be considered Confidential Information unless otherwise indicated by the disclosing party. Confidential Information may also include information disclosed to the disclosing party by third parties. Confidential Information will not, however, include any information that (i) was publicly known and made generally available in the public domain prior to the time of disclosure by the disclosing party, (ii) becomes publicly known and made generally available after disclosure by the disclosing party to the receiving party through no action or inaction of the receiving party, (iii) is already in the possession of the receiving party at the time of disclosure by the disclosing party, as shown by the receiving party’s files and records, (iv) is obtained by the receiving party from a third party without a breach of the third party’s obligations of confidentiality, or (v) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information, as shown by documents and other competent evidence in the receiving party’s possession.
3. Non-use and Nondisclosure. Each party will not use the other party’s Confidential Information for any purpose except to evaluate and engage in discussions concerning a potential business relationship between the parties. Each party will not disclose the other party’s Confidential Information to third parties or to such party’s employees, except to those employees of the receiving party who are required to have the information in order to evaluate or engage in discussions concerning the contemplated business relationship. A party may disclose the other party’s Confidential Information if required by law so long as the receiving party gives the disclosing party prompt written notice of the requirement prior to the disclosure and assistance in obtaining an order protecting the information from public disclosure. Neither party will reverse engineer, disassemble, or decompile any prototypes, software, or other tangible objects that embody the other party’s Confidential Information and that are provided to the party in accordance with this Agreement.
4. Maintenance of Confidentiality. Each party will take reasonable measures to protect the secrecy of and avoid disclosure and unauthorized use of the other party’s Confidential Information. Without limiting the foregoing, each party will take at least those measures that it takes to protect its own most highly confidential information and, prior to any disclosure of the other party’s Confidential Information to its employees, will have the employees sign a non-use and nondisclosure agreement that is substantially similar in content to this Agreement. Neither party will make any copies of the other party’s Confidential Information unless approved in writing by the other party. Each party will reproduce the other party’s proprietary rights notices on any approved copies.
5. No Obligation. Nothing in this Agreement will obligate either party to proceed with any transaction between them, and each party reserves the right, in its sole discretion, to terminate the discussions contemplated by this Agreement.
6. No Warranty. ALL CONFIDENTIAL INFORMATION IS PROVIDED “AS IS.” NEITHER PARTY MAKES ANY WARRANTIES, EXPRESS, IMPLIED, OR OTHERWISE, REGARDING THE ACCURACY, COMPLETENESS, OR PERFORMANCE OF ITS CONFIDENTIAL INFORMATION.
7. Return of Materials. All documents and other tangible objects containing or representing Confidential Information and all copies of them will be and remain the property of the disclosing party. Upon the disclosing party’s request, the receiving party will promptly deliver to the disclosing party all Confidential Information, without retaining any copies.
8. Feedback; No Other Licenses. Counterparty may provide comments, suggestions, and recommendations to Verkada about Verkada’s products or services (collectively, “Feedback”). Verkada may freely use and exploit Feedback without obligation to Counterparty, unless the parties agree otherwise in writing. Except for the foregoing and the limited right to use the Confidential Information for the purpose set forth in this Agreement, this Agreement does not grant a party any rights in or to the Confidential Information of the other party.
9. Term. The obligations of each receiving party under this Agreement will survive until the earlier of (i) such date as all Confidential Information of the other party becomes publicly known and made generally available through no action or inaction of the receiving party and (ii) three years from the date hereof.
10. Remedies. Each party acknowledges that any violation or threatened violation of this Agreement may cause irreparable injury to the other party, entitling the other party to seek injunctive relief in addition to all legal remedies.
11. Miscellaneous. This Agreement will bind and inure to the benefit of the parties and their successors and assigns. This Agreement will be governed by the laws of the state of California, without reference to conflict of laws principles. This document contains the entire agreement between the parties with respect to the subject matter of this Agreement. Neither party will have any obligation, express or implied by law, with respect to trade secret or proprietary information of the other party except as set forth in this Agreement. Any failure to enforce any provision of this Agreement will not constitute a waiver of that provision or of any other provision. This Agreement may not be amended, nor any obligation waived, except by a writing signed by both parties.
Effective June 18th 2024 to October 7th 2024
DownloadTable of Contents
This Mutual Nondisclosure Agreement (this “Agreement”) is made and entered between Verkada, Inc. and you, the party who accepts this Agreement (“Counterparty”) whether by clicking a box indicating acceptance, navigating through a login page where a link to this Agreement is provided, or providing another form of electronic acceptance.
This Agreement is effective between Verkada and the Counterparty as of the date that Counterparty accepts the terms of this Agreement as indicated above (the “Effective Date”). Verkada reserves the right to modify or update the terms of this Agreement in its discretion, the effective date of which will be the earlier of (i) 30 days from the date of such update or modification and (ii) to Counterparty’s continued participation in Verkada’s programs.
1. Purpose. The parties wish to explore a business opportunity of mutual interest and in connection with this opportunity, each party may disclose to the other certain confidential technical and business information that the disclosing party desires the receiving party to treat as confidential.
2. “Confidential Information” means any information disclosed by either party to the other party, directly or indirectly, in writing, orally, or by inspection of tangible objects (including documents, prototypes, samples, plant, and equipment), which is designated as “Confidential,” “Proprietary,” or which would reasonably be considered confidential under the circumstances. Information communicated orally will be considered Confidential Information unless otherwise indicated by the disclosing party. Confidential Information may also include information disclosed to the disclosing party by third parties. Confidential Information will not, however, include any information that (i) was publicly known and made generally available in the public domain prior to the time of disclosure by the disclosing party, (ii) becomes publicly known and made generally available after disclosure by the disclosing party to the receiving party through no action or inaction of the receiving party, (iii) is already in the possession of the receiving party at the time of disclosure by the disclosing party, as shown by the receiving party’s files and records, (iv) is obtained by the receiving party from a third party without a breach of the third party’s obligations of confidentiality, or (v) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information, as shown by documents and other competent evidence in the receiving party’s possession.
3. Non-use and Nondisclosure. Each party will not use the other party’s Confidential Information for any purpose except to evaluate and engage in discussions concerning a potential business relationship between the parties. Each party will not disclose the other party’s Confidential Information to third parties or to such party’s employees, except to those employees of the receiving party who are required to have the information in order to evaluate or engage in discussions concerning the contemplated business relationship. A party may disclose the other party’s Confidential Information if required by law so long as the receiving party gives the disclosing party prompt written notice of the requirement prior to the disclosure and assistance in obtaining an order protecting the information from public disclosure. Neither party will reverse engineer, disassemble, or decompile any prototypes, software, or other tangible objects that embody the other party’s Confidential Information and that are provided to the party in accordance with this Agreement.
4. Maintenance of Confidentiality. Each party will take reasonable measures to protect the secrecy of and avoid disclosure and unauthorized use of the other party’s Confidential Information. Without limiting the foregoing, each party will take at least those measures that it takes to protect its own most highly confidential information and, prior to any disclosure of the other party’s Confidential Information to its employees, will have the employees sign a non-use and nondisclosure agreement that is substantially similar in content to this Agreement. Neither party will make any copies of the other party’s Confidential Information unless approved in writing by the other party. Each party will reproduce the other party’s proprietary rights notices on any approved copies.
5. No Obligation. Nothing in this Agreement will obligate either party to proceed with any transaction between them, and each party reserves the right, in its sole discretion, to terminate the discussions contemplated by this Agreement.
6. No Warranty. ALL CONFIDENTIAL INFORMATION IS PROVIDED “AS IS.” NEITHER PARTY MAKES ANY WARRANTIES, EXPRESS, IMPLIED, OR OTHERWISE, REGARDING THE ACCURACY, COMPLETENESS, OR PERFORMANCE OF ITS CONFIDENTIAL INFORMATION.
7. Return of Materials. All documents and other tangible objects containing or representing Confidential Information and all copies of them will be and remain the property of the disclosing party. Upon the disclosing party’s request, the receiving party will promptly deliver to the disclosing party all Confidential Information, without retaining any copies.
8. Feedback; No Other Licenses. Counterparty may provide comments, suggestions, and recommendations to Verkada about Verkada’s products or services (collectively, “Feedback”). Verkada may freely use and exploit Feedback without obligation to Counterparty, unless the parties agree otherwise in writing. Except for the foregoing and the limited right to use the Confidential Information for the purpose set forth in this Agreement, this Agreement does not grant a party any rights in or to the Confidential Information of the other party.
9. Term. The obligations of each receiving party under this Agreement will survive until the earlier of (i) such date as all Confidential Information of the other party becomes publicly known and made generally available through no action or inaction of the receiving party and (ii) three years from the date hereof.
10. Remedies. Each party acknowledges that any violation or threatened violation of this Agreement may cause irreparable injury to the other party, entitling the other party to seek injunctive relief in addition to all legal remedies.
11. Miscellaneous. This Agreement will bind and inure to the benefit of the parties and their successors and assigns. This Agreement will be governed by the laws of the state of California, without reference to conflict of laws principles. This document contains the entire agreement between the parties with respect to the subject matter of this Agreement. Neither party will have any obligation, express or implied by law, with respect to trade secret or proprietary information of the other party except as set forth in this Agreement. Any failure to enforce any provision of this Agreement will not constitute a waiver of that provision or of any other provision. This Agreement may not be amended, nor any obligation waived, except by a writing signed by both parties.
End User Agreement
Effective November 8th 2023
DownloadTable of Contents
1. DEFINITIONS
2. LICENSE AND RESTRICTIONS
3. COURTESY RETURNS; 	HARDWARE WARRANTY AND WARRANTY RETURNS
4. VERKADA OBLIGATIONS
5. CUSTOMER OBLIGATIONS
6. TERM AND TERMINATION
	7. CONFIDENTIALITY
	8. DATA PROTECTION
	9. OWNERSHIP
	10. INDEMNIFICATION
	11. LIMITATIONS OF LIABILITY
	12. MISCELLANEOUS
This Agreement is the entire agreement between Customer and Verkada and supersedes all prior agreements and understandings concerning the subject matter hereof. Customer and Verkada are independent contractors, and this Agreement will not establish any relationship of partnership, joint venture, or agency between Customer and Verkada. Failure to exercise any right under this Agreement will not constitute a waiver. There are no third-party beneficiaries to this Agreement. This Agreement is governed by the laws of California without reference to conflicts of law rules. Any notice provided by one party to the other under this Agreement will be in writing and sent either (i) by overnight courier or certified mail (receipt requested), in the case of Customer to Customer’s address on record in Verkada’s account information and in the case of Verkada, to 406 E. 3rd Ave., San Mateo, CA 94401, or (ii) by electronic mail to Customer’s email address on record in Verkada’s account information or to Verkada at legal@verkada.com. If any provision of this Agreement is found unenforceable, the Agreement will be construed as if such provision had not been included. Neither party may assign this Agreement without the prior, written consent of the other party, except that either party may assign this Agreement without such consent in connection with an acquisition of the assigning party or a sale of all or substantially all of its assets. In the event of an assignment by Customer in connection with an acquisition of Customer or a sale of all or substantially all of Customer’s assets, Customer’s License may be transferred to the party acquiring Customer or purchasing all or substantially all of its assets, subject to Verkada’s prior written consent, such consent not to be unreasonably withheld.
A party will not be liable for any failure to perform caused by circumstances beyond its reasonable control which would otherwise make such performance commercially impractical including, but not limited to, acts of God, fire, flood, acts of war, pandemics, government action, accident, labor difficulties or shortage, inability to obtain materials, equipment or transportation (each, a “Force Majeure Event”). If a Force Majeure Event lasts longer than five (5) business days, the parties will meet to determine if performance under the Agreement can resume as agreed. If the parties cannot agree, then Verkada may terminate the applicable Purchase Order or this Agreement.
If any disputes arise, the parties will first attempt to resolve the dispute informally via good faith negotiation. If the dispute has not been resolved after 30 days, the parties will resolve any claim, dispute, or controversy (excluding any claims for injunctive or other equitable relief) by binding arbitration before a single arbitrator administered by JAMS, its successors and assigns, in San Mateo County, California, unless otherwise agreed by the parties in writing, and pursuant to its arbitration rules. Each party will be responsible for paying any arbitration fees in accordance with the foregoing rules, and the award rendered by the arbitrator may include costs of arbitration, reasonable attorneys’ fees and reasonable costs for expert and other witnesses. Any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction. Nothing in this Section shall be deemed to prevent either party from seeking injunctive or other equitable relief from the courts as necessary to prevent the actual or threatened infringement, misappropriation, or violation of its data security, intellectual property rights or other proprietary rights.
EXHIBIT A
The Service Level Agreement is available at https://www.verkada.com/support/sla/.
EXHIBIT B
Alarms Addendum
This “Alarms Addendum” sets forth the terms applicable to Customer’s use of the Monitoring Services (as defined below).
1. Certain Definitions.
2. Monitoring Services.
3. Customer’s Obligations.
4. Monitoring Services Exclusions.
5. Suspension & Termination.
6. No Representations or Warranties.
7. Indemnity.
8. Exculpatory Clause.
9. Insurance.
10. Conflict Resolution.
Service Level Agreement
Effective April 17th 2019
DownloadTable of Contents
Service Levels
Service Credits
If Verkada fails to achieve the availability percentage above, Company will be eligible to receive a credit (“Service Credit”) calculated as a certain number of days added to the end of Company’s paid Subscription Period. The Service Credits increase is based on the amount of aggregate outage as set forth below.
Service Availability | Service Credit |
---|---|
Less than 99.99% | 3 days |
Less than 99.9% | 7 days |
Less than 99% | 15 days |
Less than 90% | 30 days |
Exclusions
Sole Remedy
Effective April 17th 2019 to October 7th 2024
DownloadTable of Contents
Service Levels
Service Credits
If Verkada fails to achieve the availability percentage above, Company will be eligible to receive a credit (“Service Credit”) calculated as a certain number of days added to the end of Company’s paid Subscription Period. The Service Credits increase is based on the amount of aggregate outage as set forth below.
Service Availability | Service Credit |
---|---|
Less than 99.99% | 3 days |
Less than 99.9% | 7 days |
Less than 99% | 15 days |
Less than 90% | 30 days |
Exclusions
Sole Remedy
Customer Data Processing Addendum
Effective March 28th 2024
DownloadTable of Contents
Verkada reserves the right to modify or update the terms of this Addendum in its discretion, the effective date of which will be the earlier of (i) 30 days from the date of such update or modification and (ii) Customer’s continued use of the Products.
Customer has purchased a subscription to the Software pursuant to the Agreement that involves the Processing of Personal Data subject to Data Protection Laws.
In the provision of the Software by Verkada to Customer pursuant to the Agreement, Customer acts as Controller and Verkada acts as Processor or Service Provider with respect to the Personal Data, or, as the case may be, Customer acts as a Processor for its end user customers including such end user customers’ affiliated companies (as ultimate Controllers) and Verkada will act as a sub-Processor acting on the instruction of the Customer vis-a-vis its end user customers.
The parties agree as follows:
- Definitions. Unless otherwise defined in the Agreement, all capitalized terms used in this Addendum will have the meanings given to them herein or in applicable Data Protection Laws.
“Controller” means the entity or Business which solely or jointly with other entities determines the purposes and means of the Processing of Personal Data, and for the purposes of this Addendum means Customer, including when acting on behalf of its own end user customer.
“Data Breach” has the meaning given to it in the Data Protection Laws and for the purpose of this Addendum relates to the personal data Processed by Verkada on behalf of Customer.
“Data Protection Laws” means to the extent applicable to Customer’s use of the Software, all applicable data protection and privacy laws, their implementing regulations, regulatory guidance, and secondary legislation, each as updated or replaced from time to time, including, as they may apply: (i) the General Data Protection Regulation ((EU) 2016/679) (the “GDPR”) and any applicable national implementing laws; (ii) the UK General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act 2018; (iii) U.S. legislation (e.g., the California Consumer Privacy Act and the California Privacy Rights Act); and (iv) any other laws that may be applicable.
“Data Subject” means the identified or identifiable person to whom the Personal Data relates, as defined in applicable Data Protection Laws.
“EEA” means the European Economic Area.
“EU Standard Contractual Clauses” or “EU SCCs” or “Clauses” means the standard data protection clauses for the transfer of Personal Data to processors established in third countries, as described in Article 46 of the EU GDPR pursuant to the European Commission’s decision (C(2010)593) of 5 February 2010 on Standard Contractual Clauses, as approved by the European Commission in the European Commission’s Implementing Decision 2021/914/EU of 4 June 2021, as each may be amended, updated, or replaced from time to time.
“Personal Data” has the meaning given to it in the Data Protection Laws, and for the purpose of this Addendum relates to the personal data Processed by Verkada on behalf of Customer as described in Section 3.
“Processing” has the meaning given to it in the Data Protection Laws and “process”, “processes” and “processed” will be construed accordingly.
“Processor” means the entity or Service Provider which Processes Personal Data on behalf of the Controller, as defined in applicable Data Protection Laws and for the purposes of this Addendum means Verkada. - Compliance with Laws. Each party will comply with the Data Protection Laws as applicable to it. In particular, Customer will comply with its obligations as Controller (or on behalf of Controller), and Verkada will comply with its obligations as Processor.
- Data Processing.
- Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Personal Data, where such terms are used by applicable Data Protection Laws, (i) the Customer is the Controller, (ii) Verkada is the Processor or Service Provider and that (iii) the Processor may engage sub-Processors or other Service Providers pursuant to the requirements set forth in Section 10 below.
- Customer Obligations.
- Customer (as Controller or on behalf of the ultimate Controller) undertakes that all instructions for the Processing of Personal Data under the Agreement or this Addendum or as otherwise agreed will comply with the Data Protection Laws, and such instructions will not in any way cause Verkada to be in breach of any Data Protection Laws.
- The Customer will have sole responsibility for the means by which the Customer acquired the Personal Data.
- Verkada’s Processing of Personal Data.
- Verkada will Process Personal Data only in accordance with Customer’s (i) instructions as outlined in the Agreement and this Addendum or (ii) as otherwise documented by Customer, in either event only as permitted by applicable Data Protection Laws and for purpose of providing the Products to Customer in accordance with the terms of the Agreement.
- Unless prohibited by applicable law, Verkada will notify Customer if, in its opinion, an instruction infringes any Data Protection Law to which it is subject, in which case Verkada will be entitled to suspend performance of such instruction without any kind of liability towards the Customer, until Customer confirms in writing that such instruction is valid under such Data Protection Law. Any additional instructions regarding the manner in which Verkada Processes the Personal Data will require prior written agreement between Verkada and Customer.
- Verkada will not be liable in the event of any claim brought by a third party, including, without limitation, a Data Subject, arising from any act or omission of the Processor, to the extent that such act or omission is a result of the Customer’s instructions.
- Verkada will not disclose Personal Data to any government, except as necessary to comply with applicable law or a valid and binding order of a law enforcement agency (such as a subpoena or court order). If Verkada receives a binding order from a law enforcement agency for Personal Data, Verkada will notify Customer of the request it has received so long as Verkada is not legally prohibited from doing so.
- Where Verkada acts as Customer’s Service Provider, Verkada shall not: (i) sell Personal Data; (ii) collect, retain, use, or disclose Personal Data (a) for any purpose other than providing the Products specified in the Agreement and this Addendum or (b) outside of the direct business relationship between Verkada and Customer; or (iii) combine this Personal Data with Personal Data that Processor obtains from other sources except as permitted by applicable Data Protection Laws. Verkada certifies that it understands the prohibitions outlined in this Section 3(c)(v) and will comply with them.
- Verkada will take reasonable steps to ensure that individuals with access to or involved in the Processing of Personal Data are subject to appropriate confidentiality obligations and/or are bound by related obligations under Data Protection Laws or other applicable laws.
- The duration of the Processing, the nature and specific purposes of the Processing, the types of Personal Data Processed, and categories of Data Subjects under this Addendum are further specified in the Annexes to this Addendum and, on a more general level, in the Agreement.
- Transfers of Personal Data. Verkada shall transfer Personal Data between jurisdictions as a Data Processor in accordance with applicable Data Protection Laws, including as relevant provisions of this Section 4.
- Transfers of Personal Data Outside the EEA.
- Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from EEA to other jurisdictions where such jurisdictions are deemed to provide an adequate level of data protection under applicable Data Protection Laws.
- Transfers to other third countries. If the Processing of Personal Data includes transfers from EEA/EU Member States to countries outside the EEA/EU which have not been deemed adequate under applicable Data Protection Laws, the parties’ EU Standard Contractual Clauses are hereby incorporated into and form part of this Addendum. The Parties agree to include the optional Clause 7 (Docking clause) to the EU SCCs incorporated into this Addendum. With regards to clauses 8 to 18 of the EU SCCs, the different modules and options will apply as follows:
- Module Two shall apply.
- The Option within Clause 11(a) of the EU SCCs, providing for the optional use of an independent dispute resolution body, is not selected.
- The Options and information required for Clauses 17 and 18 of the EU SCCs, covering governing law and jurisdiction, are outlined in Section 13 of this Addendum.
- Option 2 within Clause 9(a) of the EU SCCs, covering authorization for sub-processors, is selected, as discussed within Section 10 of this Addendum.
- Transfers of Personal Data Outside Switzerland. If Personal Data is transferred from Switzerland in a manner that would trigger obligations under the Federal Act on Data Protection of Switzerland (“FADP”), the EU SCCs shall apply to such transfers and shall be deemed to be modified in a manner to that incorporates relevant references and definitions that would render such EU SCCs an adequate tool for such transfers under the FADP.
- Transfers of Personal Data Outside the UK. If Personal Data is transferred in a manner that would trigger obligations under UK GDPR, the parties agree that Annex IV shall apply.
- Annexes. This Addendum and its Annexes, together with the Agreement, including as relevant applicable Clauses, serve as a binding contract that sets out the subject matter, duration, nature, and purpose of the Processing, the type of Personal Data and categories of data subjects as well as the obligations and rights of the Controller. Verkada may execute relevant contractual addenda, including as relevant the EU SCCs (Module 3) with any relevant Subprocessor (as hereinafter defined, including Affiliates). Unless Verkada notifies Customer to the contrary, if the European Commission subsequently amends the EU SCCs at a later date, such amended terms will supersede and replace any EU SCCs executed between the parties.
- Alternative Data Export Solution. The parties agree that the data export solutions identified in this Section 4 will not apply if and to the extent that Customer adopts an alternative data export solution for the lawful transfer of Personal Data (as recognized under applicable Data Protection Laws), in which event, Customer shall reasonably cooperate with Verkada to implement such solution and such alternative data export solution will apply instead (but solely to the extent such alternative data export solution extends to the territories to which Personal Data is transferred under this Addendum).
- Customer shall be responsible for obligations corresponding to Data Controllers under Data Protection Laws
- Transfers of Personal Data Outside the EEA.
- Technical and Organizational Measures. Verkada will implement appropriate technical and organizational measures to ensure a level of security of Personal Data appropriate to the risk, as further described in Annex II to this Addendum. In assessing the appropriate level of security, Verkada will take into account the risks that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed.
- Data Subjects rights. Verkada will assist Customer in responding to Data Subjects’ requests exercising their rights under the Data Protection Laws. To that effect, Verkada will (i) to the extent permitted by applicable law, promptly notify Customer of any request received directly from Data Subjects to access, correct or delete its Personal Data without responding to that request, and (ii) upon written request from Customer, provide Customer with information that Verkada has available to reasonably assist Customer in fulfilling its obligations to respond to Data Subjects exercising their rights under the Data Protection Laws.
- Data Protection Impact Assessments. If Customer is required under the Data Protection Laws to conduct a Data Protection Impact Assessment, then upon written request from Customer, Verkada will use commercially reasonable efforts to assist in the fulfilment of Customer’s obligation as related to its use of the Products, to the extent Customer does not otherwise have access to the relevant information. If required under Data Protection Laws, Verkada will provide reasonable assistance to Customer in the cooperation or prior consultation with Data Protection Authorities in relation to any applicable Data Protection Impact Assessment.
- Audit of Technical and Organizational Measures. Verkada will make available all information necessary to demonstrate its compliance with data protection policies and procedures implemented as part of the Products. To this end, upon written request (not more than once annually) Customer may, at its sole cost and expense, verify Verkada’s compliance with its data protection obligations as specified in this Addendum by: (i) submitting a security assessment questionnaire to Verkada; and (ii) if Customer is not satisfied with Verkada’s responses to the questionnaire, then Customer may conduct an audit in the form of meetings with Verkada’s information security experts upon a mutually agreeable date. Such interviews will be conducted with a minimum of disruption to Verkada’s normal business operations and subject always to Verkada’s agreement on scope and timings. Such audit will be performed during normal business hours, in such a manner as not to unreasonably disrupt normal business operations, and in no event will take place over the course of more than two business days. The Customer may perform the verification described above by itself or through a mutually agreed upon third party auditor, so long as Customer or its authorized auditor executes a mutually agreed upon non-disclosure agreement. Customer will be responsible for any actions taken by its authorized auditor. All information disclosed by Verkada under this Section 8 will be deemed Verkada’s Confidential Information, and Customer will not disclose any audit report to any third party except as obligated by law, court order or administrative order by a government agency. Verkada will remediate any mutually agreed, material deficiencies in its technical and organizational measures identified by the audit procedures described in this Section 8 within a mutually agreeable timeframe.
- Breach notification. If Verkada becomes aware of a Data Breach, then Verkada will notify the Customer without undue delay after becoming aware of such Data Breach, will co-operate with the Customer, and will take commercially reasonable steps to investigate, mitigate, and remediate such Data Breach. Verkada will provide all reasonably required support and cooperation necessary to enable Customer to comply with its legal obligations pursuant applicable Data Protection Laws.
- Sub-processing.
- Customer agrees that Verkada may engage either Verkada affiliated companies or third-party providers as sub-Processors under the Agreement and this Addendum (“Subprocessors”) and hereby authorizes Verkada to engage such Subprocessors in providing the Products to Customer. Verkada will restrict the Processing activities performed by Subprocessors to only what is necessary to provide the Products to Customer pursuant to the Agreement and this Addendum. Verkada will impose appropriate contractual obligations in writing upon the Subprocessors that are no less protective than this Addendum.
- Verkada maintains an updated list of all Subprocessors used by Verkada which is available upon written request. Verkada may amend the list of Subprocessors by adding or replacing Subprocessors at any time. Customer will be entitled to object to a new Subprocessor by notifying Verkada in writing the reasons of its objection. Verkada will work in good faith to address Customer’s objections. If Verkada is unable or unwilling to adequately address Customer’s objections to Customer’s reasonable satisfaction, then Customer may terminate this Addendum and the Agreement in accordance with Section 6.2 of the Agreement.
- Return or Deletion of Personal Data. Verkada will delete or return, in Customer’s discretion, Personal Data within a reasonable period of time following the termination or expiration of the Agreement following written request from Customer unless otherwise required by applicable Data Protection Laws.
- Termination. This Addendum shall automatically terminate upon the termination or expiration of the Agreement. Sections 3(b), 3(c)(iii), and 14 of this Addendum shall survive the termination or expiration of this Addendum for any reason. This Addendum cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this Addendum shall automatically terminate.
- Governing Law. This Addendum shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws. For the purposes of Clauses 17 and 18 of the EU SCCs, where applicable, to the extent that the governing law and jurisdiction provisions in the Agreement do not meet the requirements of the EU SCCs, the parties select Option 2 of Clause 17, and agree that the EU SCCs shall be governed by the law of the EU Member State in which the data exporter is established; where such law does not allow for third-party beneficiary rights, the EU SCCs shall be governed by the laws of the country of Ireland. Pursuant to Clause 18, any dispute between the Parties arising from the EU SCCs shall be resolved by the courts of Ireland, and the Parties submit themselves to such jurisdiction. For the purposes of Clause 13 of the GDPR, the Supervisory Authority shall be the data exporter’s applicable Supervisory Authority. Data exporter shall notify data importer of the applicable Supervisory Authority by email at legal-notice@verkada.com and shall provide any necessary updates without undue delay.
- Entire Agreement; Conflict. Except as amended by this Addendum, the Agreement will remain in full force and effect. If there is a conflict between the Agreement and this Addendum as to the subject matter herein, the terms of this Addendum will control.
ANNEX I
- LIST OF PARTIES
Data exporter(s):
Name: The Customer named in the Agreement
Address: The address of the Customer’s corporate headquarters
Contact person’s name, position and contact details: The primary administrative contact listed in the Hosted Software.
Activities relevant to the data transferred under these Clauses: Purchase of subscription and use of Software under the Agreement
Role (controller/processor): Controller
Data importer(s):
Name: Verkada Inc.
Address: 406 E. 3rd Ave, San Mateo, CA 94401, USA
Contact details Elizabeth Davies, CPO, privacy@verkada.com
Activities relevant to the data transferred under these Clauses: Processing of personal data to provide Products as set forth in the Agreement
Role (controller/processor): Processor - DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred:
Individuals who may appear in the video footage captured by Data Exporter’s security cameras and individuals authorized by Data Exporter to use the Software on behalf of Data Exporter or individuals whose personal data the Data Exporter chooses to provide.
Categories of personal data transferred:
•Audio and video data to provide the Services and Products,
•Contact information, including names, emails and phone number(s), and
•Personal Data that the Controller chooses to provide at its own direction
Note: Data Importer does not process sensitive data except at the direction of or as permitted by Data Exporter.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis):
Continuous basis during the Term of the Agreement
Nature of the processing:
As specified under the Agreement (i.e., enterprise Software-as-a-Service platform for physical security)
Purpose(s) of the data transfer and further processing:
For the provision of the specific business purpose and services/Products under the Agreement
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:
During the term of the Agreement and as provided therein.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing:
During the Term of the Agreement for the purpose of providing the services/Products. COMPETENT SUPERVISORY AUTHORITY
The competent supervisory authority/ies applicable to Data Exporter as notified to Data Importer in accordance with Section 13(a) of the Addendum.
ANNEX II – TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
ANNEX III – LIST OF SUB-PROCESSORS
ANNEX IV
UK ADDENDUM TO EU STANDARD CONTRACTUAL CLAUSES
PART 1: TABLES
Table 1: Parties
Start date | Effective the date of the execution of the Addendum | |
---|---|---|
The Parties | Exporter (who sends the Restricted Transfer) As listed in Annex I | Importer (who receives the Restricted Transfer) As listed in Annex I |
Parties’ Details | As listed in Annex I | As listed in Annex I |
Key Contacts | As listed in Annex I | As listed in Annex I |
Table 2: Selected SCCs, Modules and Selected Clauses
"Addendum EU SCCs” | The version of the approved EU SCCs agreed to in the Addendum to which this UK Addendum is appended to, including the Appendix Information. |
---|
Table 3: Appendix Information
"Appendix Information" means the information which must be provided for the selected modules as set out in the Appendix of the Approved SCCs (other than the Parties), and which for this UK Addendum is set out in:
Annex 1A: List of Parties: See Annex I |
---|
Annex 1B: Description of Transfer: Annex I |
Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data: Annex II |
Annex III: List of Sub processors: Annex III |
Table 4: Ending this Addendum when the Approved Addendum Changes
Ending this Addendum when the Approved Addendum changes | Which Parties may end this Addendum: ☐ Importer ☐ Exporter ☐ neither Party |
---|
PART 2: MANDATORY CLAUSES
"Mandatory Clauses" | Part 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses. |
---|
Effective March 28th 2024 to October 7th 2024
DownloadTable of Contents
Verkada reserves the right to modify or update the terms of this Addendum in its discretion, the effective date of which will be the earlier of (i) 30 days from the date of such update or modification and (ii) Customer’s continued use of the Products.
Customer has purchased a subscription to the Software pursuant to the Agreement that involves the Processing of Personal Data subject to Data Protection Laws.
In the provision of the Software by Verkada to Customer pursuant to the Agreement, Customer acts as Controller and Verkada acts as Processor or Service Provider with respect to the Personal Data, or, as the case may be, Customer acts as a Processor for its end user customers including such end user customers’ affiliated companies (as ultimate Controllers) and Verkada will act as a sub-Processor acting on the instruction of the Customer vis-a-vis its end user customers.
The parties agree as follows:
- Definitions. Unless otherwise defined in the Agreement, all capitalized terms used in this Addendum will have the meanings given to them herein or in applicable Data Protection Laws.
“Controller” means the entity or Business which solely or jointly with other entities determines the purposes and means of the Processing of Personal Data, and for the purposes of this Addendum means Customer, including when acting on behalf of its own end user customer.
“Data Breach” has the meaning given to it in the Data Protection Laws and for the purpose of this Addendum relates to the personal data Processed by Verkada on behalf of Customer.
“Data Protection Laws” means to the extent applicable to Customer’s use of the Software, all applicable data protection and privacy laws, their implementing regulations, regulatory guidance, and secondary legislation, each as updated or replaced from time to time, including, as they may apply: (i) the General Data Protection Regulation ((EU) 2016/679) (the “GDPR”) and any applicable national implementing laws; (ii) the UK General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act 2018; (iii) U.S. legislation (e.g., the California Consumer Privacy Act and the California Privacy Rights Act); and (iv) any other laws that may be applicable.
“Data Subject” means the identified or identifiable person to whom the Personal Data relates, as defined in applicable Data Protection Laws.
“EEA” means the European Economic Area.
“EU Standard Contractual Clauses” or “EU SCCs” or “Clauses” means the standard data protection clauses for the transfer of Personal Data to processors established in third countries, as described in Article 46 of the EU GDPR pursuant to the European Commission’s decision (C(2010)593) of 5 February 2010 on Standard Contractual Clauses, as approved by the European Commission in the European Commission’s Implementing Decision 2021/914/EU of 4 June 2021, as each may be amended, updated, or replaced from time to time.
“Personal Data” has the meaning given to it in the Data Protection Laws, and for the purpose of this Addendum relates to the personal data Processed by Verkada on behalf of Customer as described in Section 3.
“Processing” has the meaning given to it in the Data Protection Laws and “process”, “processes” and “processed” will be construed accordingly.
“Processor” means the entity or Service Provider which Processes Personal Data on behalf of the Controller, as defined in applicable Data Protection Laws and for the purposes of this Addendum means Verkada. - Compliance with Laws. Each party will comply with the Data Protection Laws as applicable to it. In particular, Customer will comply with its obligations as Controller (or on behalf of Controller), and Verkada will comply with its obligations as Processor.
- Data Processing.
- Roles of the Parties. The Parties acknowledge and agree that with regard to the Processing of Personal Data, where such terms are used by applicable Data Protection Laws, (i) the Customer is the Controller, (ii) Verkada is the Processor or Service Provider and that (iii) the Processor may engage sub-Processors or other Service Providers pursuant to the requirements set forth in Section 10 below.
- Customer Obligations.
- Customer (as Controller or on behalf of the ultimate Controller) undertakes that all instructions for the Processing of Personal Data under the Agreement or this Addendum or as otherwise agreed will comply with the Data Protection Laws, and such instructions will not in any way cause Verkada to be in breach of any Data Protection Laws.
- The Customer will have sole responsibility for the means by which the Customer acquired the Personal Data.
- Verkada’s Processing of Personal Data.
- Verkada will Process Personal Data only in accordance with Customer’s (i) instructions as outlined in the Agreement and this Addendum or (ii) as otherwise documented by Customer, in either event only as permitted by applicable Data Protection Laws and for purpose of providing the Products to Customer in accordance with the terms of the Agreement.
- Unless prohibited by applicable law, Verkada will notify Customer if, in its opinion, an instruction infringes any Data Protection Law to which it is subject, in which case Verkada will be entitled to suspend performance of such instruction without any kind of liability towards the Customer, until Customer confirms in writing that such instruction is valid under such Data Protection Law. Any additional instructions regarding the manner in which Verkada Processes the Personal Data will require prior written agreement between Verkada and Customer.
- Verkada will not be liable in the event of any claim brought by a third party, including, without limitation, a Data Subject, arising from any act or omission of the Processor, to the extent that such act or omission is a result of the Customer’s instructions.
- Verkada will not disclose Personal Data to any government, except as necessary to comply with applicable law or a valid and binding order of a law enforcement agency (such as a subpoena or court order). If Verkada receives a binding order from a law enforcement agency for Personal Data, Verkada will notify Customer of the request it has received so long as Verkada is not legally prohibited from doing so.
- Where Verkada acts as Customer’s Service Provider, Verkada shall not: (i) sell Personal Data; (ii) collect, retain, use, or disclose Personal Data (a) for any purpose other than providing the Products specified in the Agreement and this Addendum or (b) outside of the direct business relationship between Verkada and Customer; or (iii) combine this Personal Data with Personal Data that Processor obtains from other sources except as permitted by applicable Data Protection Laws. Verkada certifies that it understands the prohibitions outlined in this Section 3(c)(v) and will comply with them.
- Verkada will take reasonable steps to ensure that individuals with access to or involved in the Processing of Personal Data are subject to appropriate confidentiality obligations and/or are bound by related obligations under Data Protection Laws or other applicable laws.
- The duration of the Processing, the nature and specific purposes of the Processing, the types of Personal Data Processed, and categories of Data Subjects under this Addendum are further specified in the Annexes to this Addendum and, on a more general level, in the Agreement.
- Transfers of Personal Data. Verkada shall transfer Personal Data between jurisdictions as a Data Processor in accordance with applicable Data Protection Laws, including as relevant provisions of this Section 4.
- Transfers of Personal Data Outside the EEA.
- Transfers to countries that offer adequate level of data protection. Personal Data may be transferred from EEA to other jurisdictions where such jurisdictions are deemed to provide an adequate level of data protection under applicable Data Protection Laws.
- Transfers to other third countries. If the Processing of Personal Data includes transfers from EEA/EU Member States to countries outside the EEA/EU which have not been deemed adequate under applicable Data Protection Laws, the parties’ EU Standard Contractual Clauses are hereby incorporated into and form part of this Addendum. The Parties agree to include the optional Clause 7 (Docking clause) to the EU SCCs incorporated into this Addendum. With regards to clauses 8 to 18 of the EU SCCs, the different modules and options will apply as follows:
- Module Two shall apply.
- The Option within Clause 11(a) of the EU SCCs, providing for the optional use of an independent dispute resolution body, is not selected.
- The Options and information required for Clauses 17 and 18 of the EU SCCs, covering governing law and jurisdiction, are outlined in Section 13 of this Addendum.
- Option 2 within Clause 9(a) of the EU SCCs, covering authorization for sub-processors, is selected, as discussed within Section 10 of this Addendum.
- Transfers of Personal Data Outside Switzerland. If Personal Data is transferred from Switzerland in a manner that would trigger obligations under the Federal Act on Data Protection of Switzerland (“FADP”), the EU SCCs shall apply to such transfers and shall be deemed to be modified in a manner to that incorporates relevant references and definitions that would render such EU SCCs an adequate tool for such transfers under the FADP.
- Transfers of Personal Data Outside the UK. If Personal Data is transferred in a manner that would trigger obligations under UK GDPR, the parties agree that Annex IV shall apply.
- Annexes. This Addendum and its Annexes, together with the Agreement, including as relevant applicable Clauses, serve as a binding contract that sets out the subject matter, duration, nature, and purpose of the Processing, the type of Personal Data and categories of data subjects as well as the obligations and rights of the Controller. Verkada may execute relevant contractual addenda, including as relevant the EU SCCs (Module 3) with any relevant Subprocessor (as hereinafter defined, including Affiliates). Unless Verkada notifies Customer to the contrary, if the European Commission subsequently amends the EU SCCs at a later date, such amended terms will supersede and replace any EU SCCs executed between the parties.
- Alternative Data Export Solution. The parties agree that the data export solutions identified in this Section 4 will not apply if and to the extent that Customer adopts an alternative data export solution for the lawful transfer of Personal Data (as recognized under applicable Data Protection Laws), in which event, Customer shall reasonably cooperate with Verkada to implement such solution and such alternative data export solution will apply instead (but solely to the extent such alternative data export solution extends to the territories to which Personal Data is transferred under this Addendum).
- Customer shall be responsible for obligations corresponding to Data Controllers under Data Protection Laws
- Transfers of Personal Data Outside the EEA.
- Technical and Organizational Measures. Verkada will implement appropriate technical and organizational measures to ensure a level of security of Personal Data appropriate to the risk, as further described in Annex II to this Addendum. In assessing the appropriate level of security, Verkada will take into account the risks that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed.
- Data Subjects rights. Verkada will assist Customer in responding to Data Subjects’ requests exercising their rights under the Data Protection Laws. To that effect, Verkada will (i) to the extent permitted by applicable law, promptly notify Customer of any request received directly from Data Subjects to access, correct or delete its Personal Data without responding to that request, and (ii) upon written request from Customer, provide Customer with information that Verkada has available to reasonably assist Customer in fulfilling its obligations to respond to Data Subjects exercising their rights under the Data Protection Laws.
- Data Protection Impact Assessments. If Customer is required under the Data Protection Laws to conduct a Data Protection Impact Assessment, then upon written request from Customer, Verkada will use commercially reasonable efforts to assist in the fulfilment of Customer’s obligation as related to its use of the Products, to the extent Customer does not otherwise have access to the relevant information. If required under Data Protection Laws, Verkada will provide reasonable assistance to Customer in the cooperation or prior consultation with Data Protection Authorities in relation to any applicable Data Protection Impact Assessment.
- Audit of Technical and Organizational Measures. Verkada will make available all information necessary to demonstrate its compliance with data protection policies and procedures implemented as part of the Products. To this end, upon written request (not more than once annually) Customer may, at its sole cost and expense, verify Verkada’s compliance with its data protection obligations as specified in this Addendum by: (i) submitting a security assessment questionnaire to Verkada; and (ii) if Customer is not satisfied with Verkada’s responses to the questionnaire, then Customer may conduct an audit in the form of meetings with Verkada’s information security experts upon a mutually agreeable date. Such interviews will be conducted with a minimum of disruption to Verkada’s normal business operations and subject always to Verkada’s agreement on scope and timings. Such audit will be performed during normal business hours, in such a manner as not to unreasonably disrupt normal business operations, and in no event will take place over the course of more than two business days. The Customer may perform the verification described above by itself or through a mutually agreed upon third party auditor, so long as Customer or its authorized auditor executes a mutually agreed upon non-disclosure agreement. Customer will be responsible for any actions taken by its authorized auditor. All information disclosed by Verkada under this Section 8 will be deemed Verkada’s Confidential Information, and Customer will not disclose any audit report to any third party except as obligated by law, court order or administrative order by a government agency. Verkada will remediate any mutually agreed, material deficiencies in its technical and organizational measures identified by the audit procedures described in this Section 8 within a mutually agreeable timeframe.
- Breach notification. If Verkada becomes aware of a Data Breach, then Verkada will notify the Customer without undue delay after becoming aware of such Data Breach, will co-operate with the Customer, and will take commercially reasonable steps to investigate, mitigate, and remediate such Data Breach. Verkada will provide all reasonably required support and cooperation necessary to enable Customer to comply with its legal obligations pursuant applicable Data Protection Laws.
- Sub-processing.
- Customer agrees that Verkada may engage either Verkada affiliated companies or third-party providers as sub-Processors under the Agreement and this Addendum (“Subprocessors”) and hereby authorizes Verkada to engage such Subprocessors in providing the Products to Customer. Verkada will restrict the Processing activities performed by Subprocessors to only what is necessary to provide the Products to Customer pursuant to the Agreement and this Addendum. Verkada will impose appropriate contractual obligations in writing upon the Subprocessors that are no less protective than this Addendum.
- Verkada maintains an updated list of all Subprocessors used by Verkada which is available upon written request. Verkada may amend the list of Subprocessors by adding or replacing Subprocessors at any time. Customer will be entitled to object to a new Subprocessor by notifying Verkada in writing the reasons of its objection. Verkada will work in good faith to address Customer’s objections. If Verkada is unable or unwilling to adequately address Customer’s objections to Customer’s reasonable satisfaction, then Customer may terminate this Addendum and the Agreement in accordance with Section 6.2 of the Agreement.
- Return or Deletion of Personal Data. Verkada will delete or return, in Customer’s discretion, Personal Data within a reasonable period of time following the termination or expiration of the Agreement following written request from Customer unless otherwise required by applicable Data Protection Laws.
- Termination. This Addendum shall automatically terminate upon the termination or expiration of the Agreement. Sections 3(b), 3(c)(iii), and 14 of this Addendum shall survive the termination or expiration of this Addendum for any reason. This Addendum cannot, in principle, be terminated separately to the Agreement, except where the Processing ends before the termination of the Agreement, in which case, this Addendum shall automatically terminate.
- Governing Law. This Addendum shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Laws. For the purposes of Clauses 17 and 18 of the EU SCCs, where applicable, to the extent that the governing law and jurisdiction provisions in the Agreement do not meet the requirements of the EU SCCs, the parties select Option 2 of Clause 17, and agree that the EU SCCs shall be governed by the law of the EU Member State in which the data exporter is established; where such law does not allow for third-party beneficiary rights, the EU SCCs shall be governed by the laws of the country of Ireland. Pursuant to Clause 18, any dispute between the Parties arising from the EU SCCs shall be resolved by the courts of Ireland, and the Parties submit themselves to such jurisdiction. For the purposes of Clause 13 of the GDPR, the Supervisory Authority shall be the data exporter’s applicable Supervisory Authority. Data exporter shall notify data importer of the applicable Supervisory Authority by email at legal-notice@verkada.com and shall provide any necessary updates without undue delay.
- Entire Agreement; Conflict. Except as amended by this Addendum, the Agreement will remain in full force and effect. If there is a conflict between the Agreement and this Addendum as to the subject matter herein, the terms of this Addendum will control.
ANNEX I
- LIST OF PARTIES
Data exporter(s):
Name: The Customer named in the Agreement
Address: The address of the Customer’s corporate headquarters
Contact person’s name, position and contact details: The primary administrative contact listed in the Hosted Software.
Activities relevant to the data transferred under these Clauses: Purchase of subscription and use of Software under the Agreement
Role (controller/processor): Controller
Data importer(s):
Name: Verkada, Inc.
Address: 406 E. 3rd Ave, San Mateo, CA 94401, USA
Contact details Elizabeth Davies, CPO, privacy@verkada.com
Activities relevant to the data transferred under these Clauses: Processing of personal data to provide Products as set forth in the Agreement
Role (controller/processor): Processor - DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred:
Individuals who may appear in the video footage captured by Data Exporter’s security cameras and individuals authorized by Data Exporter to use the Software on behalf of Data Exporter or individuals whose personal data the Data Exporter chooses to provide.
Categories of personal data transferred:
•Audio and video data to provide the Services and Products,
•Contact information, including names, emails and phone number(s), and
•Personal Data that the Controller chooses to provide at its own direction
Note: Data Importer does not process sensitive data except at the direction of or as permitted by Data Exporter.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis):
Continuous basis during the Term of the Agreement
Nature of the processing:
As specified under the Agreement (i.e., enterprise Software-as-a-Service platform for physical security)
Purpose(s) of the data transfer and further processing:
For the provision of the specific business purpose and services/Products under the Agreement
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period:
During the term of the Agreement and as provided therein.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing:
During the Term of the Agreement for the purpose of providing the services/Products. COMPETENT SUPERVISORY AUTHORITY
The competent supervisory authority/ies applicable to Data Exporter as notified to Data Importer in accordance with Section 13(a) of the Addendum.
ANNEX II – TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
ANNEX III – LIST OF SUB-PROCESSORS
ANNEX IV
UK ADDENDUM TO EU STANDARD CONTRACTUAL CLAUSES
PART 1: TABLES
Table 1: Parties
Start date | Effective the date of the execution of the Addendum | |
---|---|---|
The Parties | Exporter (who sends the Restricted Transfer) As listed in Annex I | Importer (who receives the Restricted Transfer) As listed in Annex I |
Parties’ Details | As listed in Annex I | As listed in Annex I |
Key Contacts | As listed in Annex I | As listed in Annex I |
Table 2: Selected SCCs, Modules and Selected Clauses
"Addendum EU SCCs” | The version of the approved EU SCCs agreed to in the Addendum to which this UK Addendum is appended to, including the Appendix Information. |
---|
Table 3: Appendix Information
"Appendix Information" means the information which must be provided for the selected modules as set out in the Appendix of the Approved SCCs (other than the Parties), and which for this UK Addendum is set out in:
Annex 1A: List of Parties: See Annex I |
---|
Annex 1B: Description of Transfer: Annex I |
Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data: Annex II |
Annex III: List of Sub processors: Annex III |
Table 4: Ending this Addendum when the Approved Addendum Changes
Ending this Addendum when the Approved Addendum changes | Which Parties may end this Addendum: ☐ Importer ☐ Exporter ☐ neither Party |
---|
PART 2: MANDATORY CLAUSES
"Mandatory Clauses" | Part 2: Mandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses. |
---|
Business Associate Agreement
Effective April 29th 2021
DownloadTable of Contents
This Agreement is effective between Verkada and the Covered Entity as of the date that Covered Entity accepts the terms of this Agreement as indicated above (the “Effective Date”). Verkada reserves the right to modify or update the terms of this Agreement in its discretion, the effective date of which will be the earlier of (i) 30 days from the date of such update or modification and (ii) to Covered Entity’s continued participation in Verkada’s programs.
1. Covered Entity is or may be subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and the implementing regulations thereof (the “HIPAA Regulations”). As used herein, “PHI” refers to Protected Health Information maintained, transmitted, created or received by Business Associate for or from Covered Entity.
2. Business Associate may maintain, transmit create or receive data for or from Covered Entity that constitutes Protected Health Information (as defined in the HIPAA Regulations) to perform tasks on behalf of Covered Entity;
3. To the extent required by the HIPAA Regulations and applicable state law, Business Associate is or may be directly subject to certain privacy and security obligations and penalty provisions of HIPAA, HITECH, the HIPAA Regulations and state law.
The parties agree as follows:
7. Access to Books and Records. Except for disclosures of PHI by Business Associate that are excluded from the accounting obligation as set forth in the HIPAA Regulations or regulations issued pursuant to HITECH, Business Associate shall record for each disclosure the information required to be recorded by covered entities pursuant to the HIPAA Regulations. Within twenty (20) days of notice by Covered Entity to Business Associate that it has received a request for an accounting of disclosures of PHI, Business Associate shall make available to Covered Entity, or the individual (if requested by Covered Entity), the information required to be maintained pursuant to this Section 7. In the event the request for an accounting is delivered directly to Business Associate, Business Associate shall within ten (10) days forward such request to Covered Entity.
8. Accountings. At Covered Entity’s or HHS’ request, Business Associate shall make its internal practices, books and records relating to the use and disclosure of PHI available to HHS for purposes of determining compliance with the HIPAA Regulations.
- 	
- use the PHI for its proper management and administration and to carry out its legal responsibilities.	 	
- disclose PHI for its proper management and administration and to carry out its legal responsibilities, provided that disclosures do not violate the HIPAA Regulations.	 	
- use and disclose PHI to report violations of law to appropriate Federal and State authorities.	 	
- aggregate the PHI in its possession with the Protected Health Information of other covered entities that Business Associate has in its possession through its capacity as a business associate to other covered entities, provided that such aggregation conforms to the requirements of the HIPAA Regulations.	 	
- use PHI to create de-identified information, and use such de-identified information for its own purposes, provided that the de-identification and use thereof conforms to the requirements of the HIPAA Regulations.	
Partner Large Deal Confirmation
Effective July 1st 2024
DownloadTable of Contents
- The Partner has made no written or oral representations, agreements, or arrangements to or with Verkada that would modify, supersede, or in any other way be inconsistent with the terms of the purchase order submitted to Verkada.
- All non-standard terms on the above-described purchase are included either (a) on the Purchase Order submitted to Verkada or (b) in an amendment letter signed by Verkada. Otherwise, I understand and agree that Verkada has no obligation to honor such non-standard terms.
- The Purchase Order was submitted to Verkada after the customer’s final approval and purchasing processes were completed.
- I have no knowledge of any fraud, suspected fraud, or allegations of fraud associated with the above-described purchase.
- I am not aware of any violations or possible violations of any laws or regulations associated with the above-described purchase.
If you do not think you can make each and every representation listed above, do not sign and contact the Verkada Finance Team (Finance@verkada.com). |
Effective June 27th 2024 to July 1st 2024
DownloadTable of Contents
- The Partner has made no written or oral representations, agreements, or arrangements to or with Verkada that would modify, supersede, or in any other way be inconsistent with the terms of the purchase order submitted to Verkada.
- All non-standard terms on the above-described purchase are included either (a) on the Purchase Order submitted to Verkada or (b) in an amendment letter signed by Verkada. Otherwise, I understand and agree that Verkada has no obligation to honor such non-standard terms.
- The Purchase Order was submitted to Verkada after the customer’s final approval and purchasing processes were completed.
- I have no knowledge of any fraud, suspected fraud, or allegations of fraud associated with the above-described purchase.
- I am not aware of any violations or possible violations of any laws or regulations associated with the above-described purchase.
If you do not think you can make each and every representation listed above, do not sign and contact the Verkada Finance Team (Finance@verkada.com). |
Effective June 27th 2024 to June 27th 2024
DownloadTable of Contents
- The Partner has made no written or oral representations, agreements, or arrangements to or with Verkada that would modify, supersede, or in any other way be inconsistent with the terms of the purchase order submitted to Verkada.
- All non-standard terms on the above-described purchase are included either (a) on the Purchase Order submitted to Verkada or (b) in an amendment letter signed by Verkada. Otherwise, I understand and agree that Verkada has no obligation to honor such non-standard terms.
- The Purchase Order was submitted to Verkada after the customer’s final approval and purchasing processes were completed.
- I have no knowledge of any fraud, suspected fraud, or allegations of fraud associated with the above-described purchase.
- I am not aware of any violations or possible violations of any laws or regulations associated with the above-described purchase.
If you do not think you can make each and every representation listed above, do not sign and contact the Verkada Finance Team (Finance@verkada.com). |
Effective June 24th 2024 to June 27th 2024
DownloadTable of Contents
- The Partner has made no written or oral representations, agreements, or arrangements to or with Verkada that would modify, supersede, or in any other way be inconsistent with the terms of the purchase order submitted to Verkada.
- All non-standard terms on the above-described purchase are included either (a) on the Purchase Order submitted to Verkada or (b) in an amendment letter signed by Verkada. Otherwise, I understand and agree that Verkada has no obligation to honor such non-standard terms.
- The Purchase Order was submitted to Verkada after the customer’s final approval and purchasing processes were completed.
- I have no knowledge of any fraud, suspected fraud, or allegations of fraud associated with the above-described purchase.
- I am not aware of any violations or possible violations of any laws or regulations associated with the above-described purchase.
If you do not think you can make each and every representation listed above, do not sign and contact the Verkada Finance Team (Finance@verkada.com). |
Effective June 24th 2024 to June 24th 2024
DownloadTable of Contents
- The Partner has made no written or oral representations, agreements, or arrangements to or with Verkada that would modify, supersede, or in any other way be inconsistent with the terms of the purchase order submitted to Verkada.
- All non-standard terms on the above-described purchase are included either (a) on the Purchase Order submitted to Verkada or (b) in an amendment letter signed by Verkada. Otherwise, I understand and agree that Verkada has no obligation to honor such non-standard terms.
- The Purchase Order was submitted to Verkada after the customer’s final approval and purchasing processes were completed.
- I have no knowledge of any fraud, suspected fraud, or allegations of fraud associated with the above-described purchase.
- I am not aware of any violations or possible violations of any laws or regulations associated with the above-described purchase.
If you do not think you can make each and every representation listed above, do not sign and contact the Verkada Finance Team (Finance@verkada.com). |
Criminal Justice Information Addendum
Effective July 15th 2024
DownloadTable of Contents
This Criminal Justice Information Addendum (“Addendum”) hereby amends and revises the End User Agreement previously entered into between Verkada Inc. (“Verkada”) and you, the end customer, (“Customer”) (the “Agreement”) to include the following:
Capitalized terms not defined in this Addendum, or in the FBI’s Criminal Justice Information Services Security Policy, will have the meaning provided in the Agreement.
1.1. “CJI Covered Services” means the functionality of the Hosted Software allowing for matching of license plate information against a database of stolen vehicle license plate information.
1.2. “Criminal Justice Information Services Security Policy” means Version 5.9.4 dated December 20, 2023, or a successor policy. Unless a successor policy implements material changes, Version 5.9.4 shall be the controlling policy for purposes of the Addendum and Agreement. Each party is independently required to maintain awareness of and compliance with subsequent versions of the policy, if any exist.
2.1. This Addendum only applies to the CJI Covered Services.
2.2. The Security Addendum appended as Exhibit A hereto is hereby incorporated by reference and made part of the Agreement.
	
	
EXHIBIT A
FEDERAL BUREAU OF INVESTIGATION
CRIMINAL JUSTICE INFORMATION SERVICES
SECURITY ADDENDUM
The goal of this document is to augment the CJIS Security Policy to ensure adequate security is provided for criminal justice systems while (1) under the control or management of a private entity or (2) connectivity to FBI CJIS Systems has been provided to a private entity (contractor). Adequate security is defined in Office of Management and Budget Circular A-130 as “security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information.”
The intent of this Security Addendum is to require that the Contractor maintain a security program consistent with federal and state laws, regulations, and standards (including the CJIS Security Policy in effect when the contract is executed), as well as with policies and standards established by the Criminal Justice Information Services (CJIS) Advisory Policy Board (APB).
This Security Addendum identifies the duties and responsibilities with respect to the installation and maintenance of adequate internal controls within the contractual relationship so that the security and integrity of the FBI's information resources are not compromised. The security program shall include consideration of personnel security, site security, system security, and data security, and technical security.
The provisions of this Security Addendum apply to all personnel, systems, networks and support facilities supporting and/or acting on behalf of the government agency.
	
Information Security Officer
Criminal Justice Information Services Division, FBI
1000 Custer Hollow Road
Clarksburg, West Virginia 26306
FEDERAL BUREAU OF INVESTIGATION
CRIMINAL JUSTICE INFORMATION SERVICES
SECURITY ADDENDUM
CERTIFICATION
I hereby certify that I am familiar with the contents of (1) the Security Addendum, including its legal authority and purpose; (2) the NCIC Operating Manual; (3) the CJIS Security Policy; and (4) Title 28, Code of Federal Regulations, Part 20, and agree to be bound by their provisions.
I recognize that criminal history record information and related data, by its very nature, is sensitive and has potential for great harm if misused. I acknowledge that access to criminal history record information and related data is therefore limited to the purpose(s) for which a government agency has entered into the contract incorporating this Security Addendum. I understand that misuse of the system by, among other things: accessing it without authorization; accessing it by exceeding authorization; accessing it for an improper purpose; using, disseminating or re-disseminating information received as a result of this contract for a purpose other than that envisioned by the contract, may subject me to administrative and criminal penalties. I understand that accessing the system for an appropriate purpose and then using, disseminating or re-disseminating the information received for another purpose other than execution of the contract also constitutes misuse. I further understand that the occurrence of misuse does not depend upon whether or not I receive additional compensation for such authorized activity. Such exposure for misuse includes, but is not limited to, suspension or loss of employment and prosecution for state and federal crimes.
				 			 | 							 			 | 							 			 | 		
				 Printed Name/Signature of Contractor Employee Date 			 | 							 			 | 			Date | 		
				 			 | 							 			 | 							 			 | 		
				 Printed Name/Signature of Contractor Representative Date 			 | 							 			 | 			Date | 		
				 			 | 							 			 | 							 			 | 		
Organization and Title of Contractor Representative				 			 | 							 			 | 							 			 | 		
Reseller Partner Agreement
Effective September 18th 2024
DownloadTable of Contents
1. Definitions
2. Appointment
3. Partner Obligations
4. Pricing; Registration
5. Product Orders; Delivery
6. Payments
7. Returns
8. Indemnification
9. Insurance
10. Term and Termination
11. Confidentiality
12. Disclaimer of Warranties; Limitation of Liability
13. Miscellaneous
EXHIBIT A	
Alarms Addendum
1. Definitions
2. Monitoring Services; General. Verkada does not itself provide the CSMS, is not a Central Monitoring Station, and does not respond to signals and data, notify the personnel designated by the End Customer as the responsible parties, request dispatch of emergency responders or other agents to an End Customer’s premises to investigate alarm events. Rather, the SRS only routes the signals and data to a third-party platform which re-routes such information to the Central Monitoring Station. Verkada and the Central Monitoring Station are independent and unrelated entities.
3. Dealer Indemnification; Waiver of Subrogation. Solely as it relates to CSMS, SRS, and this Addendum, Dealer’s indemnification obligations under Section 8.1 of the Agreement are supplemented to include the following:
4. Limitation of Liability. Section 12.3 of the Agreement is supplemented to include the following:
5. Exculpatory Clause. Dealer agrees that Verkada is not an insurer, and no insurance is offered herein. The SRS is designed to reduce certain risks of loss, though Verkada does not guarantee that no loss or damage will occur.
6. Insurance / Allocation Risk. Dealer will maintain a general liability policy of insurance with alarm industry errors and omissions coverage through a carrier familiar with alarm industry practices under which Dealer is named as insured and which shall on a primary and non-contributing basis cover any loss or damage for its performance, and obligations, under this Addendum including with respect to the resale of CSMS and SRS, it being understood Dealer’s commercial general liability policy will be deemed to satisfy the requirement in this Section 6 provided such policy contains no exclusions of coverage with respect to the CSMS and SRS and Dealer’s obligations under this Addendum. Dealer will submit certificates of insurance for the coverages required by above upon written request by Verkada.
7. Waiver of Jury Trials. Notwithstanding any term contrary in the Agreement, the parties hereby waive a trial by jury in any action, proceeding or counterclaim brought by either of the Parties hereto against the other in respect of any matter arising out of or in connection with this Addendum.
Effective August 1st 2024 to September 18th 2024
DownloadTable of Contents
1. Definitions
2. Appointment
3. Partner Obligations
4. Pricing; Registration
5. Product Orders; Delivery
6. Payments
7. Returns
8. Indemnification
9. Insurance
10. Term and Termination
11. Confidentiality
12. Disclaimer of Warranties; Limitation of Liability
13. Miscellaneous
EXHIBIT A	
Alarms Addendum
1. Definitions
2. Monitoring Services; General. Verkada does not itself provide the CSMS, is not a Central Monitoring Station, and does not respond to signals and data, notify the personnel designated by the End Customer as the responsible parties, request dispatch of emergency responders or other agents to an End Customer’s premises to investigate alarm events. Rather, the SRS only routes the signals and data to a third-party platform which re-routes such information to the Central Monitoring Station. Verkada and the Central Monitoring Station are independent and unrelated entities.
3. Dealer Indemnification; Waiver of Subrogation. Solely as it relates to CSMS, SRS, and this Addendum, Dealer’s indemnification obligations under Section 8.1 of the Agreement are supplemented to include the following:
4. Limitation of Liability. Section 12.3 of the Agreement is supplemented to include the following:
5. Exculpatory Clause. Dealer agrees that Verkada is not an insurer, and no insurance is offered herein. The SRS is designed to reduce certain risks of loss, though Verkada does not guarantee that no loss or damage will occur.
6. Insurance / Allocation Risk. Dealer will maintain a general liability policy of insurance with alarm industry errors and omissions coverage through a carrier familiar with alarm industry practices under which Dealer is named as insured and which shall on a primary and non-contributing basis cover any loss or damage for its performance, and obligations, under this Addendum including with respect to the resale of CSMS and SRS, it being understood Dealer’s commercial general liability policy will be deemed to satisfy the requirement in this Section 6 provided such policy contains no exclusions of coverage with respect to the CSMS and SRS and Dealer’s obligations under this Addendum. Dealer will submit certificates of insurance for the coverages required by above upon written request by Verkada.
7. Waiver of Jury Trials. Notwithstanding any term contrary in the Agreement, the parties hereby waive a trial by jury in any action, proceeding or counterclaim brought by either of the Parties hereto against the other in respect of any matter arising out of or in connection with this Addendum.
Ethical Business Practices
Effective March 2nd 2024
DownloadTable of Contents
To have registering partners agree to the terms of ethical business practices and abide by applicable laws (e.g., FCPA, UK Anti-bribery, Export etc.), use the portal registration flow to apply the following (e.g., as a pop-up or page with its own with default off check box for acceptance purposes):
Verkada Partner Program & Ethical Business Practices
Apple Wallet Mobile NFC Terms and Elections
Effective August 2nd 2024
DownloadTable of Contents
VERKADA MOBILE NFC LICENSE TERMS FOR APPLE WALLET
These Verkada Mobile NFC License Terms for Apple Wallet (“Terms”), by and between Verkada Inc. (“Verkada”) and the counterparty listed in the signature block below (“Customer”), supplement the Verkada End User Agreement (“Agreement”) entered into between the parties and set forth additional terms related to Customer’s purchase and use of Verkada mobile NFC licenses to provision NFC-based credentials for Apple Wallet. These Terms are incorporated into the Agreement. Capitalized terms not defined in these Terms shall have the meanings set forth in the Agreement or the Apple Pass-Through Terms (“Apple Pass-Through Terms”), a current version of which is set forth in Exhibit A.
NOTE: MOBILE NFC LICENSE SKU SUPPORTED ONLY ON VERKADA READERS. AD31 AND AD32 ARE NOT COMPATIBLE WITH iOS DEVICES.
Exhibit A
Participating Provider Pass-Through Terms for the Apple Access Platform
These Terms and Conditions (“Terms and Conditions”) are in addition to the Verkada End User Agreement (“Terms of Service”). These additional terms apply if You use Apple Access Technology to securely execute instructions given by Users via Apple Access Technology and for the purpose of enabling Users to securely use Provisioned Credentials to make Transactions (the “Program”). All foregoing terms shall have the meaning set forth below.
In the event of a conflict between these Terms and Conditions and the Terms of Service, these Terms and Conditions shall govern with respect to Your use of the Apple Access Technology.
Definitions.
“Access Partner” shall mean Verkada Inc. or an affiliated entity of Verkada Inc.
“Access Partner Data” means any data supplied by Access Partner to Apple or Participating Provider for the purpose of facilitating Participating Provider’s provisioning path decision process.
“Access Partner Technology” means Technology owned, controlled or licensable by Access Partner or any of its Affiliates (other than Apple Technology).
“Access Services” means the provisioning of Apple Access Technology to Participating Providers to enable Users to virtually authenticate to and/or to gain access to a physical space or service to utilize such physical space or service controlled or provided by a Participating Provider.
“Account” means any account under which a User may initiate any Access Service through Participating Provider pursuant to a User Agreement.
“Affiliate” means, with respect to a party, any Person that controls, is controlled by, or is under common control with such party. As used in this definition, the term “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of a Person, whether through the ownership of voting securities, by contract, or otherwise. For the avoidance of doubt, but not by way of limitation, the direct and indirect ownership of more than fifty percent (50%) of (i) the voting securities or (ii) an interest in the assets, profits, or earnings of a Person will be deemed to constitute “control” of the Person.
“Apple” means Apple Inc.
“Apple Access Guidelines” means documentation outlining the minimum program requirements and best practice guidelines that are required to support Access Services and/or the Program. Such Apple Access Guidelines may be updated from time to time will and be provided by Access Partner as a .pdf upon request until a hyperlink becomes available.
“Apple Access Platform” means Apple’s platform that utilizes Apple Technology, and may utilize Access Partner Technology pursuant to Apple’s agreement with Access Partner, to enable Users to gain access to or authenticate virtually to use a physical space or controlled service using physical, digital or virtual access cards, credentials or account access devices and to access other related services using Apple Products designated by Apple or any of its Affiliates.
“Apple Access Technology” means the Apple Technology that enables Users to gain access to a physical space or controlled service, or authenticate virtually to use (physically, virtually, or otherwise) Participating Provider services, using Apple Products designated by Apple or any of its Affiliates.
“Apple Brand Guidelines” means the guidelines set forth at http://www.apple.com/legal/trademark/guidelinesfor3rdparties.html (“Apple Trademark and Copyright Guidelines”) and https://developer.apple.com/apple-pay/marketing (“Apple Pay Marketing Guidelines”).
“Apple Marks” means all Marks set forth in Exhibit C (Apple Marks), as may be amended by Apple from time to time. “Apple Technology” means Technology owned, controlled or licensable by Apple or any of its Affiliates.
“Apple Product” means any Technology, product, or service distributed under an Apple Mark, or used internally and under development for distribution under an Apple Mark or an Apple Affiliate.
“Confidential Information” means: (i) either Party’s product plans and roadmaps; (ii) the terms and conditions of this Agreement; and (iii) any other information disclosed by a Party or its Affiliates to the other Party or its Affiliates in connection with this Agreement, or the development of the Parties’ or their respective Affiliates’ respective systems in connection with the activities contemplated by this Agreement, and designated by the disclosing Party as confidential in writing or, if disclosed orally, designated as confidential at the time of disclosure; provided, however, that Confidential Information will not include information that: (A) is now or subsequently becomes generally known or available to the public through no fault or breach on the part of the receiving Party or its Affiliates; (B) the receiving Party can demonstrate to have had rightfully in its possession or the possession of its Affiliates prior to disclosure from the disclosing Party or its Affiliates (that is not precluded from being disclosed as a result of confidentiality obligations owed to a third party); (C) is independently developed by the receiving Party or its Affiliates without use of or reliance in any way on the disclosing Party’s Confidential Information; (D) the receiving Party or its Affiliates rightfully obtain from a third party who has the right to transfer or disclose it to the receiving Party or its Affiliates without any obligation of confidentiality; or (E) is released for publication by the disclosing Party or its Affiliates in writing.
“Credential” means any digital or virtual card, account access device, or other device capable of accessing an Account issued by Access Partner at the request of Participating Provider for the purposes of initiating an Access Service.
“Effective Date” means the Effective Date of your Terms of Service applicable to Your use of Verkada Products.
“Enabled Device” means any Apple Product that has been enabled to store and/or transmit Provisioned Credentials.
“Governmental Authority” means any domestic or foreign, federal, state, provincial, municipal or local government, any political subdivision thereof and any entity exercising executive, legislative, judicial, regulatory, or administrative functions of or pertaining to government, regardless of form, including any agency, bureau, court, tribunal, or other instrumentality.
“Intellectual Property Rights” means the rights in and to all (i) patents and patent applications in any jurisdiction or under any international convention claiming any inventions or discoveries made, developed, conceived, or reduced to practice, including all divisions, divisionals, substitutions, continuations, continuations-in-part, reissues, re-examinations, renewals and extensions thereof; (ii) copyrights; (iii) confidential information and other proprietary information or data that qualifies for trade secret protection; (iv) semiconductor chip or mask work rights; (v) design patents or industrial designs, and (vi) other similar intellectual or other proprietary rights (excluding all Marks) now known or hereafter recognized in any jurisdiction.
“Law” means any federal, state, local or foreign law (including common law), code, statute, ordinance, rule, regulation, published standard, permit, judgment, writ, injunction, rulings or other legal requirement.
“Marks” means all trademarks, service marks, trade dress, trade names, brand names, product names, business marks, logos, taglines, slogans, and similar designations that distinguish the source of goods or services, whether registered or unregistered, along with all registrations and pending applications for any of the foregoing.
“Non-Apple Access Service” means any software, other than the Apple Pay Technology, that enables the use of a digital or virtual card for the purposes of gaining access to a physical space or authenticating to utilize a controlled service on personal electronic devices.
“Participating Provider” shall mean You.
“Participating Provider Data” means all information related specifically to an Account, Credential, Participating Provider, and/or User that is obtained, generated or created by or on behalf of such Participating Provider in connection with Account establishment, processing and maintenance activities, customer service, and transaction data (as enumerated in the Apple Access Guidelines).
“Participating Provider Properties” means properties owned, leased, or controlled by Participating Provider that are participating in the Program.
“Participating Provider Technology” means Technology owned, controlled or licensable by Participating Provider or any of its Affiliates.
“Person” means any individual, corporation, limited liability company, partnership, firm, joint venture, association, trust, unincorporated organization, Governmental Authority or other entity.
“Provisioned Credential” means a Credential that has been provisioned to an Enabled Device so that the Enabled Device may be used to make Access Services available using such Provisioned Credential.
“Service Provider” means any subcontractor, independent contractor, or third party service provider engaged by a party to provide a service on behalf of such party.
“Technology” means any information, ideas, know-how, designs, drawings, specifications, schematics, software (including source and object codes), manuals and other documentation, data, databases, processes (including technical processes and business processes), or methods (including methods of operation or methods of production).
“Terms of Service” has the meaning given such term in the preamble.
“Transaction” means using an Enabled Device to gain access to a physical space, or utilize a service controlled or provided by an entity that controls access to physical spaces, in locations agreed to by Access Partner, Participating Provider and Apple.
“User” means a Person that has entered into a User Agreement establishing an Account with a Participating Provider.
“User Agreement” means the agreement between Participating Provider and a User , establishing a User Account and governing the use of a Credential, together with any amendments, modifications or supplements that may be made to such User Agreement (and any replacement of such agreement).
“You” and its correlative terms refer to You, the Access Partner customer / Participating Provider who is executing or otherwise agreeing to these Terms and Conditions.
Terms.
All aspects of the Participating Provider implementation will meet the Apple Access Guidelines.
Participating Provider will ensure that Provisioned Credentials can be used everywhere physical access credentials can be used in Participating Provider Properties, unless an exception is pre-approved in writing by Access Partner and based on guidelines provided by Apple.
To support the end-to-end user mobile contactless experience, if Participating Provider Properties are enabled for the hospitality use case, all Participating Provider’s payment systems accepting payment cards (credit/debit) at such properties will accept Apple Pay (including Apple Pay Cash, as described in the Apple Access Guidelines), unless an exception is pre-approved in writing by Apple.
For provisioning of Credentials, Participating Provider will authorize Access Partner to send data, including Access Partner Data in its possession or control, and any other necessary identifiers for Credentials issued by Participating Provider to Apple necessary to provision credentials.
Participating Provider will support Users by ensuring that the level of service (both in quality and the types of transactions that can be supported) provided for Provisioned Credentials is at least on parity with the level of service provided to physical credentials and credentials offered by Non-Apple Access Services.
Participating Provider will be responsible for the management of the relationship with Users, including being responsible for: (i) the decision to approve or deny provisioning of Credentials to an Enabled Device; (ii) the right to decline the use of a Provisioned Credential to make Transactions (where technically possible to do so); (iii) the on-going management and operation of Accounts, including whether any Provisioned Credential, should be suspended or deactivated; and (iv) providing all access services to Users in connection with Provisioned Credentials.
Apple (on behalf of itself and each of its Affiliates) hereby grants Participating Provider and each of its Affiliates, during the term, a non-exclusive, non-assignable, non-transferable, non-sublicensable, royalty-free, fully paid-up, worldwide right and license to use, reproduce, have reproduced, display, and have displayed any of the Apple Marks solely for the purposes of announcing and promoting the provisioning of Credentials on Enabled Devices at Participating Provider Properties, subject in all cases to Apple’s prior written consent. Use of the Apple Marks by Participating Provider, its Affiliates or Service Providers will be pursuant to, and in accordance with, the Apple Brand Guidelines, unless otherwise agreed in writing by Apple and Participating Provider. For the avoidance of doubt, in the event Participating Provider wishes to use any of the Apple Marks in any paid advertising, Participating Provider must first obtain Apple’s written consent for such advertising. Apple represents and warrants that, as of the Effective Date, Apple has the right to grant all of the licenses and other rights granted to Participating Provider and each of its Affiliates and Service Providers in these Terms and Conditions. For clarity, the foregoing license shall terminate immediately upon termination of Participating Provider’s participation in the Program for any reason.
Participating Provider will ensure that the level of user awareness (both in quality and the types of use cases featured) provided by Participating Provider for Provisioned Credentials is at least on parity with the user awareness provided for physical credentials and/or credentials on Non-Apple Access Services.
Participating Provider will market and describe the Program to potential users in accordance with the Apple Access Marketing Guidelines unless an exception is pre-approved by in writing Apple.
In no event will Participating Provider promote or advertise the launch of credential services for Non-Apple Access Service using the Apple Access Guidelines or the Apple Access Marketing Guidelines provided by Apple.
System Changes. Absent prior written notice to Access Partner, Participating Provider may not implement changes to its systems, procedures, processes or functionality, which, as the case may be, may have a material impact on: (a) the Apple Access Technology; (b) the manner in which Credentials are provisioned on an Enabled Device, or (c) the manner in which Credentials provisioned to an Enabled Device function or are processed on the Apple Access Technology (such changes to systems, procedures, processes or functionality are referred as to “System Changes”). In addition, and not by way of limitation, Participating Provider will (i) notify Access Partner not less than ninety (90) days prior to any System Change that Participating Provider reasonably believes will disable any core functionality of the Apple Access Technology, or introduce any material additional security exposure to Apple or consumers and (ii) provide support to Access Partner to work in good faith with Apple to address any bona fide concerns of Apple with regard to such proposed System Change. If Apple objects to any System Change, the System Change may not go forward until the objection is resolved.
Intellectual Property.
- Participating Provider and its Affiliates own or have the right to use all Participating Provider Technology (and all Intellectual Property Rights therein or thereto). Apple and its Affiliates own or have the right to use all Apple Technology (and all Intellectual Property Rights therein or thereto).
- Except as agreed in writing by Apple and Participating Provider, no other rights or licenses to exploit (in whole or in part), in any manner, form or media, any of the Technology, Intellectual Property Rights or Marks of the other party are granted. Nothing contained in these Terms and Conditions will be construed as constituting a transfer or an assignment to a party by the other party of any of the Technology, Intellectual Property Rights or Marks of such other party or any of its Affiliates.
Governmental Authority. Participating Provider shall promptly notify Access Partner if it is notified by any Governmental Authority, or otherwise reasonably believes, upon advice of counsel, that it is not complying with applicable Law due to the processes used by Apple, Access Partner or Participating Provider, for use and provisioning of Credentials using the Apple Access Platform.
Confidentiality. Participating Provider will protect Apple Confidential Information obtained pursuant to these Terms and Conditions from unauthorized dissemination and use with the same degree of care that it uses to protect its own like information. Apple will protect Participating Provider Confidential Information obtained pursuant to the Program from unauthorized dissemination and use with the same degree of care that it uses to protect its own like information. Except as expressly set forth herein, Participating Provider will not use the Apple Confidential Information for purposes other than those necessary to directly further the purposes of these Terms and Conditions. Except as expressly permitted under these Terms and Conditions, Participating Provider will not disclose to third parties the Apple Confidential Information without the prior written consent of Apple, including (i) the public disclosure of any metrics related to the Program and (ii) Participating Provider’s planned participation in the Program prior to the public launch of Participating Provider’s participation in the Program.
Termination. Apple may suspend or terminate Participating Provider’s participation in the Program in the event of Participating Provider’s breach of any of these terms and such breach is not remedied within thirty (30) days of receiving written notice of such breach by Apple. Participating Provider also acknowledges and agrees that any violation of the requirements set forth in these terms will be grounds for Apple to suspend the provisioning of Credentials to Enabled Devices.
Data Privacy and Security.
- Participating Provider and Apple acknowledge that any information which directly or indirectly identifies individuals (“Personal Data”) collected, accessed, processed, maintained, stored, transferred, disclosed, or used in relation to these terms, shall be done for each party’s own benefit and not on behalf of the other party, and each party shall be independently and separately responsible for its own relevant activities. Participating Provider and Apple further acknowledge that Apple does not determine the purpose and means of the processing of Personal Data subject to these Terms and Conditions by Participating Provider, which is determined by Participating Provider solely in its own independent capacity. Participating Provider and Apple acknowledge and agree that the Access Partner is processing Personal Data in relation to the Program for the benefit of the Participating Provider as its data processor.
- Solely in its own independent capacity and commitment to the protection of Personal Data, Participating Provider shall comply with Exhibit B (“Apple Data Privacy and Information Security Terms”) and all applicable data protection laws (altogether, “Data Protection Laws”), including entering into data processing agreements as may be required with Access Partner and, where necessary, ensuring that international data transfers take place only in compliance with the conditions laid down in Data Protection Laws (for example, by executing approved standard contractual clauses). Participating Provider must also ensure that its Service Providers are bound by the same privacy and security obligations as Participating Provider under these Terms and Conditions and will comply with the Data Protection Laws which shall continue to apply regardless of the location of processing of the data for which Participating Provider acts as data controller. Apple will comply with all Data Protection Laws with respect to the handling and use of Personal Data.
- Participating Provider will promptly notify Access Partner and Apple if it (i) discovers that any person or entity has breached security measures relating to the Program, or gained unauthorized access to any data related to the Program, including Participating Provider Data, Access Partner Data, or Access Partner Provisioning Data, (in each such case an “Information Security Breach”) or (ii) receives a written supervisory communication, written guidance or written direction from a Governmental Authority that requires a modification to or suspension of the provisioning of Credentials on Enabled Devices. Upon discovery of an Information Security Breach for which Participating Provider is responsible, the Participating Provider will, at its cost, (A) appropriately investigate, remediate, and mitigate the effects of the Information Security Breach and (B) provide Access Partner and Apple with assurances reasonably satisfactory to such parties that appropriate measures have been taken to prevent such Information Security Breach from recurring.
Unauthorized Transactions. Participating Provider acknowledges and agrees that Apple will not be liable to any party for any Transaction initiated by a person or party who is not authorized to make a Transaction on an Account, including without limitation any fraudulent Transaction.
Parity with Physical Access Credential and other Access Services. Participating Provider may not process or decline Transactions, or activate, suspend or cancel Credentials or Accounts, in a manner that discriminates against the Program compared to physical access credentials and Non-Apple Access Services.
Reporting Data. Participating Provider agrees to provide Apple (via Access Partner) the data and statistics identified in Exhibit A (Data to be included in Reports) and in accordance with the Apple Access Guidelines (the “Reports”). Apple may use the data and statistics provided by Participating Provider for purposes of (1) performing its obligations and exercising its rights under these Terms and Conditions, or (2) improving the Apple Pay Technology and other Apple Products or technology used internally by Apple in connection with Apple Products.
Pass Data. Participating Provider expressly agrees to provide User Personal Data directly to Enabled Devices to support in the creation of representations of Credentials in accordance with Apple Access Guidelines and according to the User’s preferences to the extent such provision is allowed under applicable Law.
Third Party Beneficiaries. Apple shall be entitled to rely upon, shall be an express third party beneficiary of, and shall be entitled to enforce, the provisions of these Terms and Conditions. The parties hereto agree that Apple shall be an express third-party beneficiary of these Terms and Conditions as provided herein.
Effective August 1st 2024 to August 2nd 2024
DownloadTable of Contents
VERKADA MOBILE NFC LICENSE TERMS FOR APPLE WALLET
These Verkada Mobile NFC License Terms for Apple Wallet (“Terms”), by and between Verkada Inc. (“Verkada”) and the counterparty listed in the signature block below (“Customer”), supplement the Verkada End User Agreement (“Agreement”) entered into between the parties and set forth additional terms related to Customer’s purchase and use of Verkada mobile NFC licenses to provision NFC-based credentials for Apple Wallet. These Terms are incorporated into the Agreement. Capitalized terms not defined in these Terms shall have the meanings set forth in the Agreement or the Apple Pass-Through Terms (“Apple Pass-Through Terms”), a current version of which is set forth in Exhibit A.
NOTE: MOBILE NFC LICENSE SKU SUPPORTED ONLY ON VERKADA READERS. AD31 AND AD32 ARE NOT COMPATIBLE WITH iOS DEVICES.
Exhibit A
Participating Provider Pass-Through Terms for the Apple Access Platform
These Terms and Conditions (“Terms and Conditions”) are in addition to the Verkada End User Agreement (“Terms of Service”). These additional terms apply if You use Apple Access Technology to securely execute instructions given by Users via Apple Access Technology and for the purpose of enabling Users to securely use Provisioned Credentials to make Transactions (the “Program”). All foregoing terms shall have the meaning set forth below.
In the event of a conflict between these Terms and Conditions and the Terms of Service, these Terms and Conditions shall govern with respect to Your use of the Apple Access Technology.
Definitions.
“Access Partner” shall mean Verkada Inc. or an affiliated entity of Verkada Inc.
“Access Partner Data” means any data supplied by Access Partner to Apple or Participating Provider for the purpose of facilitating Participating Provider’s provisioning path decision process.
“Access Partner Technology” means Technology owned, controlled or licensable by Access Partner or any of its Affiliates (other than Apple Technology).
“Access Services” means the provisioning of Apple Access Technology to Participating Providers to enable Users to virtually authenticate to and/or to gain access to a physical space or service to utilize such physical space or service controlled or provided by a Participating Provider.
“Account” means any account under which a User may initiate any Access Service through Participating Provider pursuant to a User Agreement.
“Affiliate” means, with respect to a party, any Person that controls, is controlled by, or is under common control with such party. As used in this definition, the term “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of a Person, whether through the ownership of voting securities, by contract, or otherwise. For the avoidance of doubt, but not by way of limitation, the direct and indirect ownership of more than fifty percent (50%) of (i) the voting securities or (ii) an interest in the assets, profits, or earnings of a Person will be deemed to constitute “control” of the Person.
“Apple” means Apple Inc.
“Apple Access Guidelines” means documentation outlining the minimum program requirements and best practice guidelines that are required to support Access Services and/or the Program. Such Apple Access Guidelines may be updated from time to time will and be provided by Access Partner as a .pdf upon request until a hyperlink becomes available.
“Apple Access Platform” means Apple’s platform that utilizes Apple Technology, and may utilize Access Partner Technology pursuant to Apple’s agreement with Access Partner, to enable Users to gain access to or authenticate virtually to use a physical space or controlled service using physical, digital or virtual access cards, credentials or account access devices and to access other related services using Apple Products designated by Apple or any of its Affiliates.
“Apple Access Technology” means the Apple Technology that enables Users to gain access to a physical space or controlled service, or authenticate virtually to use (physically, virtually, or otherwise) Participating Provider services, using Apple Products designated by Apple or any of its Affiliates.
“Apple Brand Guidelines” means the guidelines set forth at http://www.apple.com/legal/trademark/guidelinesfor3rdparties.html (“Apple Trademark and Copyright Guidelines”) and https://developer.apple.com/apple-pay/marketing (“Apple Pay Marketing Guidelines”).
“Apple Marks” means all Marks set forth in Exhibit C (Apple Marks), as may be amended by Apple from time to time. “Apple Technology” means Technology owned, controlled or licensable by Apple or any of its Affiliates.
“Apple Product” means any Technology, product, or service distributed under an Apple Mark, or used internally and under development for distribution under an Apple Mark or an Apple Affiliate.
“Confidential Information” means: (i) either Party’s product plans and roadmaps; (ii) the terms and conditions of this Agreement; and (iii) any other information disclosed by a Party or its Affiliates to the other Party or its Affiliates in connection with this Agreement, or the development of the Parties’ or their respective Affiliates’ respective systems in connection with the activities contemplated by this Agreement, and designated by the disclosing Party as confidential in writing or, if disclosed orally, designated as confidential at the time of disclosure; provided, however, that Confidential Information will not include information that: (A) is now or subsequently becomes generally known or available to the public through no fault or breach on the part of the receiving Party or its Affiliates; (B) the receiving Party can demonstrate to have had rightfully in its possession or the possession of its Affiliates prior to disclosure from the disclosing Party or its Affiliates (that is not precluded from being disclosed as a result of confidentiality obligations owed to a third party); (C) is independently developed by the receiving Party or its Affiliates without use of or reliance in any way on the disclosing Party’s Confidential Information; (D) the receiving Party or its Affiliates rightfully obtain from a third party who has the right to transfer or disclose it to the receiving Party or its Affiliates without any obligation of confidentiality; or (E) is released for publication by the disclosing Party or its Affiliates in writing.
“Credential” means any digital or virtual card, account access device, or other device capable of accessing an Account issued by Access Partner at the request of Participating Provider for the purposes of initiating an Access Service.
“Effective Date” means the Effective Date of your Terms of Service applicable to Your use of Verkada Products.
“Enabled Device” means any Apple Product that has been enabled to store and/or transmit Provisioned Credentials.
“Governmental Authority” means any domestic or foreign, federal, state, provincial, municipal or local government, any political subdivision thereof and any entity exercising executive, legislative, judicial, regulatory, or administrative functions of or pertaining to government, regardless of form, including any agency, bureau, court, tribunal, or other instrumentality.
“Intellectual Property Rights” means the rights in and to all (i) patents and patent applications in any jurisdiction or under any international convention claiming any inventions or discoveries made, developed, conceived, or reduced to practice, including all divisions, divisionals, substitutions, continuations, continuations-in-part, reissues, re-examinations, renewals and extensions thereof; (ii) copyrights; (iii) confidential information and other proprietary information or data that qualifies for trade secret protection; (iv) semiconductor chip or mask work rights; (v) design patents or industrial designs, and (vi) other similar intellectual or other proprietary rights (excluding all Marks) now known or hereafter recognized in any jurisdiction.
“Law” means any federal, state, local or foreign law (including common law), code, statute, ordinance, rule, regulation, published standard, permit, judgment, writ, injunction, rulings or other legal requirement.
“Marks” means all trademarks, service marks, trade dress, trade names, brand names, product names, business marks, logos, taglines, slogans, and similar designations that distinguish the source of goods or services, whether registered or unregistered, along with all registrations and pending applications for any of the foregoing.
“Non-Apple Access Service” means any software, other than the Apple Pay Technology, that enables the use of a digital or virtual card for the purposes of gaining access to a physical space or authenticating to utilize a controlled service on personal electronic devices.
“Participating Provider” shall mean You.
“Participating Provider Data” means all information related specifically to an Account, Credential, Participating Provider, and/or User that is obtained, generated or created by or on behalf of such Participating Provider in connection with Account establishment, processing and maintenance activities, customer service, and transaction data (as enumerated in the Apple Access Guidelines).
“Participating Provider Properties” means properties owned, leased, or controlled by Participating Provider that are participating in the Program.
“Participating Provider Technology” means Technology owned, controlled or licensable by Participating Provider or any of its Affiliates.
“Person” means any individual, corporation, limited liability company, partnership, firm, joint venture, association, trust, unincorporated organization, Governmental Authority or other entity.
“Provisioned Credential” means a Credential that has been provisioned to an Enabled Device so that the Enabled Device may be used to make Access Services available using such Provisioned Credential.
“Service Provider” means any subcontractor, independent contractor, or third party service provider engaged by a party to provide a service on behalf of such party.
“Technology” means any information, ideas, know-how, designs, drawings, specifications, schematics, software (including source and object codes), manuals and other documentation, data, databases, processes (including technical processes and business processes), or methods (including methods of operation or methods of production).
“Terms of Service” has the meaning given such term in the preamble.
“Transaction” means using an Enabled Device to gain access to a physical space, or utilize a service controlled or provided by an entity that controls access to physical spaces, in locations agreed to by Access Partner, Participating Provider and Apple.
“User” means a Person that has entered into a User Agreement establishing an Account with a Participating Provider.
“User Agreement” means the agreement between Participating Provider and a User , establishing a User Account and governing the use of a Credential, together with any amendments, modifications or supplements that may be made to such User Agreement (and any replacement of such agreement).
“You” and its correlative terms refer to You, the Access Partner customer / Participating Provider who is executing or otherwise agreeing to these Terms and Conditions.
Terms.
All aspects of the Participating Provider implementation will meet the Apple Access Guidelines.
Participating Provider will ensure that Provisioned Credentials can be used everywhere physical access credentials can be used in Participating Provider Properties, unless an exception is pre-approved in writing by Access Partner and based on guidelines provided by Apple.
To support the end-to-end user mobile contactless experience, if Participating Provider Properties are enabled for the hospitality use case, all Participating Provider’s payment systems accepting payment cards (credit/debit) at such properties will accept Apple Pay (including Apple Pay Cash, as described in the Apple Access Guidelines), unless an exception is pre-approved in writing by Apple.
For provisioning of Credentials, Participating Provider will authorize Access Partner to send data, including Access Partner Data in its possession or control, and any other necessary identifiers for Credentials issued by Participating Provider to Apple necessary to provision credentials.
Participating Provider will support Users by ensuring that the level of service (both in quality and the types of transactions that can be supported) provided for Provisioned Credentials is at least on parity with the level of service provided to physical credentials and credentials offered by Non-Apple Access Services.
Participating Provider will be responsible for the management of the relationship with Users, including being responsible for: (i) the decision to approve or deny provisioning of Credentials to an Enabled Device; (ii) the right to decline the use of a Provisioned Credential to make Transactions (where technically possible to do so); (iii) the on-going management and operation of Accounts, including whether any Provisioned Credential, should be suspended or deactivated; and (iv) providing all access services to Users in connection with Provisioned Credentials.
Apple (on behalf of itself and each of its Affiliates) hereby grants Participating Provider and each of its Affiliates, during the term, a non-exclusive, non-assignable, non-transferable, non-sublicensable, royalty-free, fully paid-up, worldwide right and license to use, reproduce, have reproduced, display, and have displayed any of the Apple Marks solely for the purposes of announcing and promoting the provisioning of Credentials on Enabled Devices at Participating Provider Properties, subject in all cases to Apple’s prior written consent. Use of the Apple Marks by Participating Provider, its Affiliates or Service Providers will be pursuant to, and in accordance with, the Apple Brand Guidelines, unless otherwise agreed in writing by Apple and Participating Provider. For the avoidance of doubt, in the event Participating Provider wishes to use any of the Apple Marks in any paid advertising, Participating Provider must first obtain Apple’s written consent for such advertising. Apple represents and warrants that, as of the Effective Date, Apple has the right to grant all of the licenses and other rights granted to Participating Provider and each of its Affiliates and Service Providers in these Terms and Conditions. For clarity, the foregoing license shall terminate immediately upon termination of Participating Provider’s participation in the Program for any reason.
Participating Provider will ensure that the level of user awareness (both in quality and the types of use cases featured) provided by Participating Provider for Provisioned Credentials is at least on parity with the user awareness provided for physical credentials and/or credentials on Non-Apple Access Services.
Participating Provider will market and describe the Program to potential users in accordance with the Apple Access Marketing Guidelines unless an exception is pre-approved by in writing Apple.
In no event will Participating Provider promote or advertise the launch of credential services for Non-Apple Access Service using the Apple Access Guidelines or the Apple Access Marketing Guidelines provided by Apple.
System Changes. Absent prior written notice to Access Partner, Participating Provider may not implement changes to its systems, procedures, processes or functionality, which, as the case may be, may have a material impact on: (a) the Apple Access Technology; (b) the manner in which Credentials are provisioned on an Enabled Device, or (c) the manner in which Credentials provisioned to an Enabled Device function or are processed on the Apple Access Technology (such changes to systems, procedures, processes or functionality are referred as to “System Changes”). In addition, and not by way of limitation, Participating Provider will (i) notify Access Partner not less than ninety (90) days prior to any System Change that Participating Provider reasonably believes will disable any core functionality of the Apple Access Technology, or introduce any material additional security exposure to Apple or consumers and (ii) provide support to Access Partner to work in good faith with Apple to address any bona fide concerns of Apple with regard to such proposed System Change. If Apple objects to any System Change, the System Change may not go forward until the objection is resolved.
Intellectual Property.
- Participating Provider and its Affiliates own or have the right to use all Participating Provider Technology (and all Intellectual Property Rights therein or thereto). Apple and its Affiliates own or have the right to use all Apple Technology (and all Intellectual Property Rights therein or thereto).
- Except as agreed in writing by Apple and Participating Provider, no other rights or licenses to exploit (in whole or in part), in any manner, form or media, any of the Technology, Intellectual Property Rights or Marks of the other party are granted. Nothing contained in these Terms and Conditions will be construed as constituting a transfer or an assignment to a party by the other party of any of the Technology, Intellectual Property Rights or Marks of such other party or any of its Affiliates.
Governmental Authority. Participating Provider shall promptly notify Access Partner if it is notified by any Governmental Authority, or otherwise reasonably believes, upon advice of counsel, that it is not complying with applicable Law due to the processes used by Apple, Access Partner or Participating Provider, for use and provisioning of Credentials using the Apple Access Platform.
Confidentiality. Participating Provider will protect Apple Confidential Information obtained pursuant to these Terms and Conditions from unauthorized dissemination and use with the same degree of care that it uses to protect its own like information. Apple will protect Participating Provider Confidential Information obtained pursuant to the Program from unauthorized dissemination and use with the same degree of care that it uses to protect its own like information. Except as expressly set forth herein, Participating Provider will not use the Apple Confidential Information for purposes other than those necessary to directly further the purposes of these Terms and Conditions. Except as expressly permitted under these Terms and Conditions, Participating Provider will not disclose to third parties the Apple Confidential Information without the prior written consent of Apple, including (i) the public disclosure of any metrics related to the Program and (ii) Participating Provider’s planned participation in the Program prior to the public launch of Participating Provider’s participation in the Program.
Termination. Apple may suspend or terminate Participating Provider’s participation in the Program in the event of Participating Provider’s breach of any of these terms and such breach is not remedied within thirty (30) days of receiving written notice of such breach by Apple. Participating Provider also acknowledges and agrees that any violation of the requirements set forth in these terms will be grounds for Apple to suspend the provisioning of Credentials to Enabled Devices.
Data Privacy and Security.
- Participating Provider and Apple acknowledge that any information which directly or indirectly identifies individuals (“Personal Data”) collected, accessed, processed, maintained, stored, transferred, disclosed, or used in relation to these terms, shall be done for each party’s own benefit and not on behalf of the other party, and each party shall be independently and separately responsible for its own relevant activities. Participating Provider and Apple further acknowledge that Apple does not determine the purpose and means of the processing of Personal Data subject to these Terms and Conditions by Participating Provider, which is determined by Participating Provider solely in its own independent capacity. Participating Provider and Apple acknowledge and agree that the Access Partner is processing Personal Data in relation to the Program for the benefit of the Participating Provider as its data processor.
- Solely in its own independent capacity and commitment to the protection of Personal Data, Participating Provider shall comply with Exhibit B (“Apple Data Privacy and Information Security Terms”) and all applicable data protection laws (altogether, “Data Protection Laws”), including entering into data processing agreements as may be required with Access Partner and, where necessary, ensuring that international data transfers take place only in compliance with the conditions laid down in Data Protection Laws (for example, by executing approved standard contractual clauses). Participating Provider must also ensure that its Service Providers are bound by the same privacy and security obligations as Participating Provider under these Terms and Conditions and will comply with the Data Protection Laws which shall continue to apply regardless of the location of processing of the data for which Participating Provider acts as data controller. Apple will comply with all Data Protection Laws with respect to the handling and use of Personal Data.
- Participating Provider will promptly notify Access Partner and Apple if it (i) discovers that any person or entity has breached security measures relating to the Program, or gained unauthorized access to any data related to the Program, including Participating Provider Data, Access Partner Data, or Access Partner Provisioning Data, (in each such case an “Information Security Breach”) or (ii) receives a written supervisory communication, written guidance or written direction from a Governmental Authority that requires a modification to or suspension of the provisioning of Credentials on Enabled Devices. Upon discovery of an Information Security Breach for which Participating Provider is responsible, the Participating Provider will, at its cost, (A) appropriately investigate, remediate, and mitigate the effects of the Information Security Breach and (B) provide Access Partner and Apple with assurances reasonably satisfactory to such parties that appropriate measures have been taken to prevent such Information Security Breach from recurring.
Unauthorized Transactions. Participating Provider acknowledges and agrees that Apple will not be liable to any party for any Transaction initiated by a person or party who is not authorized to make a Transaction on an Account, including without limitation any fraudulent Transaction.
Parity with Physical Access Credential and other Access Services. Participating Provider may not process or decline Transactions, or activate, suspend or cancel Credentials or Accounts, in a manner that discriminates against the Program compared to physical access credentials and Non-Apple Access Services.
Reporting Data. Participating Provider agrees to provide Apple (via Access Partner) the data and statistics identified in Exhibit A (Data to be included in Reports) and in accordance with the Apple Access Guidelines (the “Reports”). Apple may use the data and statistics provided by Participating Provider for purposes of (1) performing its obligations and exercising its rights under these Terms and Conditions, or (2) improving the Apple Pay Technology and other Apple Products or technology used internally by Apple in connection with Apple Products.
Pass Data. Participating Provider expressly agrees to provide User Personal Data directly to Enabled Devices to support in the creation of representations of Credentials in accordance with Apple Access Guidelines and according to the User’s preferences to the extent such provision is allowed under applicable Law.
Third Party Beneficiaries. Apple shall be entitled to rely upon, shall be an express third party beneficiary of, and shall be entitled to enforce, the provisions of these Terms and Conditions. The parties hereto agree that Apple shall be an express third-party beneficiary of these Terms and Conditions as provided herein.
エンドユーザ契約書 (End User Agreement)
Effective November 8th 2023
DownloadTable of Contents
1. 定義
2. ライセンス及び制限
3. 無条件返品、ハードウェアの保証及び保証返品
4. Verkadaの義務
5. お客様の義務
6. 契約期間及び解除
7. 守秘義務
8. データの保護
9. 所有権
10. 補償
11. 責任の制限
12. 雑則
別紙A
別紙B
アラームに関する付属合意書
a.「アラーム」とは、お客様の社屋に設置されたハードウェアが発信するアラーム信号、データ、映像又は音声の伝送であって、対応を行う目的で、ホストソフトウェアを介してコールセンターに送信される特定の事態を通知するものをいいます。
b.「コールセンター」とは、以下に詳述するとおり、お客様のためにアラームを受信し、これに対応する中央モニタリングステーションをいいます。
c.「コールリスト」とは、電話番号及び電子メールアドレスが併記される、お客様がアラーム通知の受信を希望する順に記載された名簿であって、お客様がホストソフトウェアを介して作成し、随時更新を行う必要のあるものをいいます。
d.「初期対応者」とは、コールセンターから連絡を受け、当該センターが受信したアラームに対応する事業体(消防署や警察署等)をいいます。
e.「モニタリングサービス」とは、ドキュメンテーションの詳細な定めに従い、ソフトウェアが作動させる自動アラーム送信機能であって、作動すると、アラームがコールセンターに送信され、対応がなされるものをいいます。モニタリングサービスは、本契約に基づく製品とみなされます。
2. モニタリングサービス
a. モニタリングサービスを使用するには、お客様は、ドキュメンテーションの詳細な定めに従い、(i)モニタリングサービスが提供される場所ごとに本ライセンス(以下「モニタリングライセンス」といいます。)を購入し、(ii)ホストソフトウェア内の「緊急時派遣」トグルを有効にしなければなりません。
b. コールセンターは、ホストソフトウェアを通じて送信される各アラームについて、内部の運用手順に従い、コールセンターの独自の裁量により保証される場合に限り、対応を行います。全てのアラームが、初期対応者への通知を要するわけではありません。ビデオ検証設定が「通常モード」に設定されている場合(ドキュメンテーションに説明があります。)、提供されたビデオから脅威を認めることができない、又はトリガー事象のビデオにアクセスできないなどの理由により、人や財産に脅威が及ぶとの判断が不可能な場合には、コールセンターは、コールリスト掲載者に通知を行わないことがあります。派遣がなされると、コールセンターは、初期対応者の取消しを行うことができないことがあります。
c. お客様に通知する場合、コールセンターは、お客様が設定した順に、コールリスト掲載者に架電します。お客様が、コールセンターから、コールリストに従い何らかの通知を受けた場合は、本契約に基づく通知義務(SMS又はボイスメールメッセージが含まれることがあります。)が果たされたものとみなします。
d. コールセンターは、ビデオ又は音声のアラームを受信した場合、コールセンターが、独自の裁量により適切と見なす場合に限り、その内部の運用手順に従い、当該ビデオ又は音声のモニタリングを行うものとします。
3. お客様の義務
a. お客様(又はお客様が選択した適切なライセンスが付与されたインストーラー)は、自らの責任において、本製品の設置(当該設置の設計を含みます。)、保守、サービス、修理、検査及び試験を行うものとします。設置後、モニタリングサービスを有効化するための本製品の設定は、お客様(又はお客様が選択した適切なライセンスが付与されたインストーラー)の責任において行うものとします。かかる本製品の設定には、ホストソフトウェアを介して行う適切なトリガー及び対応行動の作成及び維持による場合(すなわち、ホストソフトウェアのお客様アカウント内に「アラームアドレス」を作成し、お客様の裁量により設定することによる場合)が含まれます。モニタリングサービスは、ハードウェア製品が、上記の方法により、アラームをコールセンター送信するように設定されている場合に限り提供されます。
b. お客様は、自らの責任において、お客様の社屋において本製品を稼動させるために必要な全てのシステム及び付随機能(高速インターネットアクセス、IPアドレス及び無線サービス等(全て110ボルト交流電力))を、もっぱら自らの費用負担で供給するものとします。
c. 引渡し後は、お客様がハードウェア製品を所有・管理するものとし、お客様の全責任において、定期的に本製品の動作を試験するものとします。Verkadaは、お客様のために、本製品の設置の設計、インストール、検査、保守、サービス、修理又は試験を行うことはありません。
d. お客様は、自らの責任において、本製品及びモニタリングサービスの全ての認可、登録及び許可を取得し、維持するものとします。これには、適用法令に従い、アラームに関する付属合意書において予定される本製品の使用を行うために必要な、お客様の所在地の現地自治体により要求される認可、登録及び許可が含まれます。
4. モニタリングサービスの除外
a. Verkadaがホストソフトウェアを提供するために使用し、自ら管理するシステムを除き、アラームは、Verkadaの支配の及ばない、Verkadaが保守していない第三者通信ネットワークを介して送信されます。Verkadaは、かかる第三者ネットワークの障害により、アラームがコールセンターに到達しなかった場合又はこれにより生じた損害については責任を負いません。
b. Verkadaは、許可手数料、誤報、誤報による罰金、初期対応者による対応方法、初期対応者による対応の遅延、初期対応者による対応の不履行、又はコールセンター若しくは初期対応者によるアラームの取扱方法については一切責任を負いません。
c. Verkadaは、本製品が、あらゆる面において、コード要件を満たすこと、又は警報システム、盗難警報システム、火災警報システム、CCTVシステム、入退室管理システムその他電子セキュリティシステムを構成すること(上記用語は、お客様が本製品を使用する法域の適用法上定義されるものとします。)を表明するものではありません。
d. Verkadaはコールセンターではないため、コールセンター業務を提供いたしません。Verkadaは、アラームへの対応、コールリスト掲載者への通知や通知の試み、アラームの調査又は確認を目的とする、初期対応者その他代理人のお客様の社屋への派遣要請を行うことはありません。モニタリングサービスのうちVerkadaの実施部分については、Verkadaの自動信号及びデータ再送ソフトウエア、受信機及び関連部品、並びにお客様の社屋において本製品が生成したアラームを、その対応を目的として第三者ネットワークを通じてコールセンターに送信することに厳密に限られます。お客様は、コールセンター業務の提供を受けるためにVerkadaと契約を締結しているのではありません。Verkada及びコールセンターは、別個独立の事業体であり、両者間において、下請業者、雇用主又は従業員の関係、主従関係、ジョイントベンチャー、パートナーシップや契約関係は存在しないものとします。
5. 停止及び終了 Verkadaは、(a)モニタリングサービスのいずれかの面が動作不能又は実行不能となる不可抗力事由が生じた場合、(b)適用法若しくは第三者のプライバシー権の違反となるような、お客様による本契約上の義務の不履行、若しくは本製品の使用があった場合、(c)コールセンターの施設若しくは通信ネットワークの動作不能が生じた場合、(d)お客様が、本製品から過度の誤報や暴走信号を送信し、若しくはVerkadaやコールセンターのシステムに不当に過度な負担をかけた場合、又は (e)お客様が、コールリストの正確な情報を提供しなかった若しくはコールリストの適切な更新を怠った場合には、Verkadaの独自の裁量により、事前の通知なく、モニタリングサービスを停止又は終了することがあります。
6. 表明又は保証の不存在 モニタリングサービスを含む本製品が、強盗、窃盗、強奪、火災等の事由によるかを問わず、人若しくは財産に対するあらゆる損失、損害若しくは傷害を防止すること、又は本製品が、あらゆる場合において、その設置目的若しくは意図された目的である保護を提供することについて、Verkadaは、明示又は黙示の表明又は保証を一切行いません。モニタリングサービスには、エラーが生じないわけではありません。Verkadaは、保険会社ではなく、お客様は、自己の社屋、コンテンツ、事業の中断又は社屋内若しくはその周辺の者に生じた損失又は損害に対する全てのリスクを負うものとします。Verkadaによる本別紙Bの違反に対してお客様の有する唯一の救済は、本契約第3.2条に定める作動しない本製品の交換をVerkadaに要求することとします。
お客様の社屋が所在する場所の準拠法により、黙示の保証の除外が禁止されている場合には、上記の除外は適用されないものとします。
7. 補償 本契約第10.2条に加え、準拠法により認められる最大限において、お客様は、自らのモニタリングサービスの使用、又は本別紙Bに定める自己の義務の履行若しくは不履行に起因して生じた本請求(合理的弁護士費用、訴訟費用、調査関連費用又は許可や誤報に関連する料金や罰金を含みます。)について、補償し、防御し、Verkadaの被補償者に何らの損害も与えないものとします。
8. 免責条項
a. 準拠法により認められる最大限において、Verkadaは、たとえコールセンター、Verkadaその他第三者の過失(その種類や程度を問いません。)に起因して又はこれを一因として生じた場合であっても、本別紙Bに基づくモニタリングサービスの履行又は不履行に起因して又はこれを一因としてお客様が被った損失又は損害については一切責任を負いません。ただし、重過失、無謀及び故意の責任の免除を認めない法域におけるVerkadaの重過失については、この限りではありません。
b. お客様の社屋が所在する場所の準拠法により、免責条項が執行不能の場合、本契約第11条の責任の制限が適用され、これが優先するものとします。
9. 保険 お客様は、賠償責任、傷害、火災、盗難及び物的損害に対する一般賠償責任及び財産保険の保険証書を維持し、また、要求に応じて、Verkadaが追加被保険者として指定されていることを確認するものとし、かかる保険証書は、元受かつ非拠出型であって、お客様による本製品の使用に関連するあらゆる損失又は損害を補償するものとします。お客様は、本製品の不具合により生じ得る全てのリスク及び損害を負い、損失が生じた場合には、自社の保険業者に請求を行い又は当該損失のリスクを負うものとします。Verkadaは、お客様が当該損失又は損害を補償対象とする保険から回収した若しくは回収し得る損失若しくは損害はいずれも、又はお客様が補償を受ける若しくは保険をかけている損失若しくは損害については一切責任を負わないものとします。お客様及びお客様の保険証書上の権利を主張する者は全て、本製品による発見が想定された危険、又はお客様が取得した保険の補償対象となっている危険に起因して生じた損失又は損害について、Verkada及びその下請業者に対する全ての権利を放棄するものとします。ただし、お客様等の有する保険金に対する権利を除きます。
Command Connector Compatibility Waiver
Effective October 2nd 2024
DownloadTable of Contents
- the use of any Potentially Incompatible Device with the Verkada Command Connector and/or the Hosted Software is at the Customer’s sole risk and discretion. Verkada (i) makes no representations or warranties regarding, and disclaims all liability in connection with, the compatibility, performance, or functionality of any Potentially Incompatible Device with the Verkada Command Connector or the Hosted Software, and (ii) provides no assurances that the Verkada Command Connector will conform to the Documentation when used with any Potentially Incompatible Device;
- Verkada is under no obligation to provide Support or any other form of troubleshooting assistance for issues related to the use of Potentially Incompatible Devices, either on their own or with Verkada Command Connector and/or the Hosted Software; and
- Customer is solely responsible for addressing any technical issues or problems arising from the use of Potentially Incompatible Devices or from the Verkada Command Connector when used with any Potentially Incompatible Device.