ASP LICENSE AND SERVICES AGREEMENT (DLR Agreement No. 08098M)
Exhibit
99.01
ASP
LICENSE AND SERVICES AGREEMENT
(DLR
Agreement No. 08098M)
This
Software License and Hosting Services Agreement ("Agreement") is made and
entered into as of February 25, 2008, by and between DISNEYLAND RESORT, A DIVISION OF XXXX
DISNEY WORLD CO. ("DLR"), located at 0000 X.
Xxxxxx Xxxxxxxxx, Xxxxxxx, Xxxxxxxxxx 00000, and DIGITALPOST INTERACTIVE, INC.
(“DPI”), located at 0000
Xx Xxxxxx Xxxx, Xxxxxx, XX 00000.
1. THE
HOSTED SOLUTION
1.1 Grant of
License. DPI hereby grants to DLR for use and access by DLR
and its Affiliates a nonexclusive, worldwide license to access, use, display and
perform the software programs listed in Statement of Work No. 1 set forth in
Exhibit A
attached hereto (the “Programs”) and the associated
users’ manual and other documentation made available by DPI (collectively, the
“Documentation”) during
the period set forth therein. The Programs and the Documentation are
hereinafter collectively referred to as the “Software”. DLR’s
end users may access and use the Programs in accordance with Statement of Work
No. 1. “Affiliate” means any entity
controlling or controlled by or in common control with a party, where “control”
is defined as the ownership of at least 50% of the equity or beneficial interest
of such entity or the right to vote for or appoint a majority of the board of
directors or other governing body of such entity. For the purposes of
this Agreement, a DLR Affiliate shall include: (1) any other entity with respect
to which DLR or any of its Affiliates has management or operational
responsibility (even though DLR or its Affiliate may own less than 50% of the
equity of such entity); and (2) any other entity or venue operated by or under
license from The Xxxx Disney Company or any of its Affiliates.
1.2 Development
Services. DPI will perform all services set forth in Statement
of Work No. 1 (the “Development
Services”) in order to develop a hosted solution based on the Programs
(the “Hosted
Solution”).
1.3 Hosting
Services. Once configured, DPI shall encode, host, serve,
monitor, manage and maintain the Hosted Solution (the “Hosting
Services”). Without limiting the foregoing, DPI shall (a)
provide all facilities, equipment, connections, bandwidth, software and other
resources necessary to fulfill its obligations under this Agreement (“DPI’s Systems”) and (b)
provide access to the Hosted Solution by DLR, its Affiliates and their end users
via the Internet. DPI shall implement control measures consistent
with the highest industry standards to protect the Hosted Solution from
unauthorized access to the Hosted Solution and from the introduction of any
willfully introduced computer virus or any other similar harmful, malicious or
hidden program or data.
1.4 Acceptance
Procedure. Upon completion of all configuration, development,
implementation and other services described in Statement of Work No. 1, DLR
shall conduct an acceptance test. If the Hosted Solution functions in
conformance with this Agreement, Statement of Work No. 1 and the Documentation
(the “Acceptance
Criteria”) for the period specified in Exhibit A, but
in no event less than thirty (30) consecutive days, DLR shall provide DPI with
prompt written notice thereof (“Acceptance”). If
the Hosted Solution does not function in conformance with the Acceptance
Criteria, DLR shall notify DPI as to the failure and DPI shall have ten (10)
days to correct all nonconforming components. Such notice shall
document the nonconformance in reasonable detail. Upon receipt of a
corrected version of the Hosted Solution, DLR shall conduct a new acceptance
test. If the Hosted Solution still does not function in conformance
with the Acceptance Criteria throughout the acceptance test period, DLR may
terminate this Agreement without any further payment obligations to DPI and DLR
shall be entitled to a refund of any amounts previously paid
hereunder.
2. TRAINING
DPI shall
provide to DLR, the training specified in Statement of Work No. 1 (if any) for
the cost specified therein and shall make available any additional training
requested by DLR in accordance with DPI’s rates as specified
therein.
3.
|
INVOICES
AND PAYMENTS
|
3.1 Software. The
Software shall be provided on a fixed price basis, for the one-time or annual
license fees set forth in Statement of Work No. 1.
3.2 Services. Services
shall be provided at the rates set forth in Statement of Work No. 1. Any
additional Services, other that those provided for under Statement of Work No. 1
shall be provided at rates which the parties shall agree upon in writing in
subsequent Statements of Work.
3.3 Sales and Use
Taxes. DLR shall be solely responsible for the payment of any
and all sales and use taxes assessed by any governmental authority with respect
to the transactions contemplated by this Agreement.
3.4 Reimbursable
Expenses. All expenses incurred in the performance of this Agreement
shall be subject to the Disney Reimbursable Expense Guidelines, a copy of which
is attached hereto as Exhibit
B. Reimbursable expenses will be detailed and DPI shall
provide DLR with original receipts or other documents to substantiate
expenditures. Expenses shall be invoiced by DPI at their actual
cost.
3.5 Invoices. Unless
otherwise requested by the DLR Project Manager in writing, DPI shall invoice DLR
for amounts due hereunder as set forth in Statement of Work No.
1. Invoices shall include reasonable documentation to substantiate
all labor charges. DPI shall send all invoices to the attention
of:
Disneyland
Resort
0000
Xxxxx Xxxxxx Xxxxxxxxx
Xxxxxxx,
Xxxxxxxxxx 00000
Attn: Xxxxx
Xxxxxx
Each
Invoice shall reference the above provided contract number. Invoices submitted
for payment without the appropriate contract number will be returned to
DPI. DLR shall pay each approved invoice within forty-five (45) days
after receipt thereof.
4. TERM
AND TERMINATION
4.1 Term. The
term of this Agreement shall commence upon the date hereof and continue in
perpetuity unless and until this Agreement is terminated pursuant to the
provisions of this section.
4.2 Termination. Either
party may terminate this Agreement or any individual statement of
work:
(a) based
on the breach of this Agreement by the other party so long as the terminating
party has given the other party thirty (30) days’ written notice specifying the
circumstances of the breach unless the events or circumstances specified in the
notice have been remedied or a plan for remedying them in a prompt and effective
manner has been proposed to and accepted by the terminating party and the other
party has proceeded diligently to cure; or
(b) by
providing written notice to the other party: (a) upon the institution by or
against the other party of insolvency, receivership or bankruptcy proceedings
that are not dismissed within sixty (60) days, (b) upon the other party making
an assignment for the benefit of creditors, or (c) upon the other party’s
dissolution or cessation of business.
4.3 Upon
termination of this Agreement, (a) DPI will promptly return to DLR all of DLR’s
Confidential Information received by DPI pursuant to this Agreement and all
copies thereof in its possession or control, (b) DPI will deliver to DLR copies
of the Deliverables, and (c) DLR will terminate its use of DLR’s Systems and
Hosted Solution (excluding any Deliverables included as part of the Hosted
Solution).
4.4 Survival. Any
terms of this Agreement which by their nature extend beyond its termination or
expiration remain in effect until fulfilled and apply to respective successors
and permitted assigns, including Sections 5, 6 and
8-13.
5. CONFIDENTIALITY
AND SECURITY
5.1 DPI
may, during the course of providing its services hereunder, have access to, and
acquire knowledge from material, data, systems and other information of or with
respect to The Xxxx Disney Company or any of its Affiliates which may
not be accessible or known to the general public, including information
concerning its or their hardware, software, designs, drawings, specifications,
techniques, processes, procedures, data, research, development, future projects,
products or services, projects, products or services under consideration,
content under development, business plans or opportunities, business strategies,
finances, costs, vendors, employees or customers and third party proprietary or
confidential information that DLR or an Affiliate treats as confidential ("Confidential
Information"). Confidential Information shall not include any
information that: (a) has entered or subsequently enters the public
domain without DPI’s breach of any obligation under this Agreement; (b) was
known to DPI prior to DLR’s or an Affiliate’s disclosure of such information to
DPI; (c) is obtained from a third party without violation of an obligation of
nondisclosure and without restrictions on its disclosure; or (d) is
independently developed by DPI without reference to the Confidential
Information.
5.2 Any
knowledge acquired by DPI from such Confidential Information or otherwise
through its engagement hereunder shall not be used by DPI other than for the
limited purpose of performing services for DLR under this Agreement nor used,
published or divulged by DPI in connection with any products sold or services
rendered by DPI to any other person, firm or corporation, in any advertising or
promotion regarding DPI or its products or services, or in any other manner or
connection whatsoever without first having obtained the written permission of
DLR, which permission may be withheld by DLR in its sole
discretion.
5.3 Nothing
in this Agreement shall be deemed or construed to grant DPI a license to use,
sell, develop, exploit, copy, or further develop any Confidential Information
acquired by DPI through its engagement hereunder.
5.4 In
performing its services for DLR or an Affiliate (hereinafter collectively known
as “Disney”), DPI shall
comply with all of DLR’s or such Affiliate’s security requirements. In the event
that DPI is provided direct or remote access to any Disney computer system,
computers, networks, related communications circuits and associated software
programs (collectively, “Disney
Computer System”) by any method, DPI must comply with all of the security
requirements described in Exhibit C, “Computer
System Security and Remote Access Requirements,” as may be amended by Disney
from time to time. DPI shall only access Disney Computer Systems for the limited
purpose of fulfilling its obligations hereunder. Such access shall be limited to
that period of time necessary for DPI to accomplish this purpose under this
Agreement. DPI acknowledges that Disney retains the right to terminate access to
any Disney Computer System at any time, in its sole discretion without any
liability. Any violation of Exhibit F or
unauthorized use of or access to a Disney Computer System by DPI’s employees,
subcontractors or agents shall constitute a breach of this
Agreement.
5.5 DPI
shall implement and maintain reasonable security procedures and practices
appropriate to the nature of the information, to protect any Personal
Information obtained hereunder from unauthorized access, destruction, use,
modification or disclosure. For purposes of this section: (1) “Personal Information” means an
individual’s first name or first initial and his or her last name in combination
with any one or more of the following data elements, when either the name or the
data elements are not encrypted or redacted: (A) social security number, (B)
driver’s license number or California identification card number, (C) account
number, credit or debit card number, in combination with any required security
code, access code, or password that would permit access to an individual’s
financial account, or (D) Medical Information. “Medical Information” means any
individually identifiable information in electronic or physical form, regarding
the individual’s medical history or medical treatment or diagnosis by a health
care professional. Personal Information does not include publicly
available information that is lawfully made available to the general public from
federal, state or local government records.
5.6 If
pursuant to this Agreement, DPI or its systems store, process, or transmit
credit card or other payment card data for or on behalf of DLR or Affiliates, or
provide software, equipment or systems that DLR or Affiliates will use to store,
process, or transmit credit card or other payment card data, the provisions of
Exhibit D are
incorporated into this Agreement.
6. OWNERSHIP
6.1 DPI's Ownership
Rights. The parties acknowledge and agree that DPI retains all
ownership right, title and interest in the Software.
6.2 DLR’s Ownership
Rights. The parties acknowledge and agree that DLR shall
exclusively own all right, title and interest in and to: (a) all information
provided by DLR or on behalf of DLR under this Agreement, (b) all information
provided by any third party entities, individuals and users through the Hosted
Solution, and (c) the Hosted Solution (excluding elements of the Programs that
may be included as part of the Hosted Solution). Additionally, unless
otherwise specified in a statement of work, all deliverables arising out of the
work performed by DPI under this Agreement and all statements of work and any
inventions, ideas or original works of authorship in whole or in part conceived
or made by DPI which arise from or result from the work performed by DPI for DLR
hereunder shall belong exclusively to DLR, whether or not fixed in a tangible
medium of expression. Without limiting the foregoing, DPI agrees that
any such deliverables or original works (collectively “Works”) shall be deemed to be
“works made for hire”, provided that in the event and to the extent that such
Works are determined not to constitute “works made for hire” as a matter of law,
DPI hereby irrevocably assigns and transfers such property, and all right, title
and interest therein, including patents and copyrights, to DLR and its
successors and assigns. DPI grants DLR all rights including, without
limitation, moral rights, worldwide with respect to such Works.
7. PERFORMANCE
METRICS AND SERVICE LEVEL WARRANTY.
Unless
otherwise set forth in a statement of work, the performance metrics and service
level warranty set forth in Exhibit B, attached
hereto, shall apply to the Hosted Solution, DPI’s Systems and DPI’s services
under this Agreement.
8. GENERAL
REPRESENTATIONS AND WARRANTIES.
8.1 General. DPI
hereby represents and warrants to DLR that (a) it has the right, experience and
skill to enter into and fully perform this Agreement and to grant the rights
granted hereunder; (b) it shall comply with all applicable laws, rules and
regulations in effect at the time its services are performed, including all
professional registration requirements; (c) it is adequately financed to meet
any financial obligation it may be required to incur hereunder; (d) all elements
of the Hosted Solution other than those provided by DLR shall be original with
DPI, in the public domain or otherwise owned or licensed by DPI and shall not
defame any person or entity, or violate any patent, trademark, copyright, right
of privacy or publicity, or any other rights of any party and is not subject to
litigation; and (e) it shall discharge all obligations of an employer with
respect to all personnel hired by DPI in connection with its services,
including, but not limited to the withholding and reporting of contributions,
insurance deductions and applicable taxes required by applicable law, including
payroll taxes and unemployment insurance.
8.2 No Illicit
Code. DPI further represents and warrants that DPI’s Systems
and any software that may be part of the Hosted Solution shall not contain any
computer instructions or inappropriate functions whose purpose or result is to
disrupt, damage or interfere with DLR’s or its Affiliates’ use of or access to
Hosted Solution.
8.3 No Public
Software. DPI further represents and warrants that, except as
set forth in Exhibit
F attached hereto, DLR’s Systems do not and the Hosted Solution will not
use, embed or incorporate any software which is subject to any “open source”,
“copyleft,” or other similar types of license terms (including any GNU General
Public License, Library General Public License, Lesser General Public License,
Mozilla license, Berkeley Software Distribution license, Open Source Initiative
license, MIT, Apache, or Public Domain Licenses, and the like). DPI
represents and warrants that the utilization of DPI’s services and the Hosted
Solution will not subject DLR, its Affiliates or their customers to the terms
and conditions of any “open-source” license agreements governing DPI’s rights in
DPI’s Systems.
8.4 Disclaimer. EXCEPT
FOR THE EXPRESS WARRANTIES SET FORTH IN THIS AGREEMENT, NEITHER MAKES ANY
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.
9.
|
INSURANCE
|
9.1 Insurance. DPI
and anyone performing services under a contract, either oral or written (“Vendor”) shall, throughout the
performance of its services pursuant to this Agreement and for such additional
time as may be specified below, maintain: (i) (a) Commercial General Liability
Insurance to include contractual liability, products/completed operations
liability and cross-liability, (which must be maintained for three years
following completion of the work) with minimum limits of $2,000,000 on an
occurrence form basis, and (b) Automobile Liability coverage with minimum
combined single limits of $2,000,000 (coverage shall include all owned, leased,
non-owned and hired automobiles) protecting it, additional insureds and DLR from
claims for personal injury (including bodily injury and death) and
65
property
damage which may arise from or in connection with the performance of Vendor’s
services hereunder or from or out of any negligent act or omission of Vendor,
its officers, directors, agents, subcontractors or employees; (ii) Workers’
Compensation Insurance as required by applicable law and Employer’s Liability
Insurance with minimum limits of $1,000,000; and (iii) Professional Liability
Insurance to include contractual coverage and an endorsement either (a) allowing
cross liability or (b) excepting from the “insured v. insured” exclusion a claim
by an additional insured, with a minimum limit of $1,000,000 per claim,
protecting it and DLR from errors and omissions of Vendor in connection with the
performance of Vendor’s services during and for a period of at least three years
after the completion of said services.
9.2. Insurance
Procedures. All such insurance required in this Section 9 shall be
with companies and on forms acceptable to DLR and shall provide that the
coverage thereunder may not be reduced or canceled unless thirty (30) days’
unrestricted prior written notice thereof is furnished to DLR. All
insurance required in this Section 9 shall be
primary and not contributory with regard to any other available insurance to
DLR, its parent, and any subsidiaries, related and affiliated companies of each,
and the officers, directors, shareholders, employees, agents and assigns of
each. All insurance shall be written by companies with a BEST Guide
rating of B+ VII or better. Certificates of insurance (or copies of
policies, if required by DLR) shall be furnished to DLR. All
insurance required under this Section 9 shall
include DLR, its parent, and any subsidiaries, related and affiliated companies
of each, and the officers, directors, shareholders, employees, agents and
assigns of each as additional insureds and contain a waiver of subrogation in
their favor. The additional insured requirement applies to all
coverages except Workers’ Compensation and Employer’s Liability. The
waiver of subrogation applies to all coverages. DLR’s failure to
request, review or object to the terms of such certificates or insurance shall
not be deemed a waiver of Vendor’s obligations or the rights of
DLR. The minimum limits of the insurance required in this Section 9 shall in no
way limit or diminish Vendor’s liability under other provisions of this
Agreement.
10. INDEMNIFICATION
DPI shall
defend (if required by DLR and with counsel selected by DLR), indemnify and hold
DLR, its Affiliates, and the officers, directors, shareholders, agents,
employees and assigns of each, harmless from and against any and all claims,
demands, suits, judgments, losses, or expenses of any nature
whatsoever (including reasonable attorneys’ fees) arising, in whole
or in part, from or out of any third party claim alleging, arising from or
related to: (a) any act, error, or omission of DPI, its Subcontractors or its or
their respective officers, directors, agents, subcontractors,
invitees or employees; and/or (b) any occupational injury or illness sustained
by an employee or agent of DPI in furtherance of DPI’s services hereunder;
and/or (c) any failure of DPI to perform the Services hereunder in accordance
with the highest generally accepted professional standards; and/or (d) any
breach of DPI’s representations, warranties, obligations or agreements as set
forth in this Agreement; and/or (e) any other failure of DPI to comply with the
obligations on its part to be performed under this Agreement. The
indemnification obligations set forth in this Section shall survive the
expiration or early termination of this Agreement.
11. LIMITATION
OF LIABILITIES
EXCEPT IN
CONNECTION WITH SECTIONS 5, 10 AND
12, GROSS NEGLIGENCE OR WILFULL MISCONDUCT, AND EXCEPT FOR ANY PERSONAL
INJURY (INCLUDING DEATH) OR PROPERTY DAMAGE, NEITHER PARTY SHALL BE LIABLE FOR
INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES WITH RESPECT TO, ARISING OUT OF,
OR IN CONNECTION WITH, THIS AGREEMENT EVEN IF APPRISED OF THE LIKELIHOOD OF SUCH
DAMAGES OCCURRING.
12. PROMOTION
AND CREDIT
12.1. Publicity. Neither
party or its Affiliates shall release or publish news releases, public
announcements, advertising or other publicity relating to this Agreement or to
the transactions contemplated by it without the prior review and express written
approval by an officer of the other party, which approval may be withheld for
any reason; provided, however, that each
party may make such disclosures as are required by legal, accounting or
regulatory requirements after making reasonable efforts in the circumstances to
consult in advance with the other party and to obtain appropriate nondisclosure
agreements to protect any Confidential Information.
12.2. No
Promotion. DPI and its Affiliates shall acquire no right under
this Agreement to use, and shall not use, the name “Disneyland Resort”,
“Disney”, “ESPN” or “ABC” (either alone or in conjunction with or as a part of
any other word or name) or any fanciful characters or designs of The Xxxx Disney
Company or any of its Affiliates in any advertising, publicity or promotion or
other disclosures, or to express or imply any endorsement of the products or
services of DPI or its Affiliates, or in any manner or for any purpose
whatsoever. The provisions of this section shall survive termination
or expiration of this Agreement or any determination that this Agreement or any
portion is void or voidable.
13. MISCELLANEOUS
13.1 Governing Law, Forum and
Jurisdiction. This Agreement shall be governed by the laws of
the State of California applicable to contracts entered into and to be performed
entirely within the State of California. DLR and DPI agree that any
action at law or in equity arising out of or relating to this Agreement shall be
filed only in the state or federal courts located in the County of Orange,
California. The parties hereby consent and submit to the exclusive jurisdiction
of the state or federal courts located in the County of Orange, California, for
the purposes of litigating any such action.
13.2 Notices. All
notices which either party is required or may desire to serve upon the other
party shall be in writing and addressed as follows:
If to
DLR: Disneyland
Resort
0000 X.
Xxxxxx Xxxxxxxxx
Xxxxxxx,
Xxxxxxxxxx 00000
Attn: Xxxxx
Xxxxxx
With a
copy to:
The Xxxx
Disney Company
000 Xxxxx
Xxxxx Xxxxx Xxxxxx
Xxxxxxx,
XX 00000-0000
Attn:
SVP & Assistant
General Counsel
Technology &
Patents
If to
DPI: DigitalPost
Interactive, Inc.
0000 Xx
Xxxxxx Xxxx
Xxxxxx,
XX 00000
Attn: Xxxxx Xxxx,
VP
Notices
may be served personally or by facsimile (provided confirmation of receipt is
obtained or a hard copy is concurrently sent by internationally commercially
recognized overnight delivery service or courier). Notice shall be
deemed served upon personal delivery or upon the date sent; provided, however, that DLR
shall be deemed to have been served with a notice of a request for approval of
materials only upon DLR’s actual receipt of the request and of any required
accompanying materials. Materials, other than language, which require
DLR’s approval shall be sent by overnight delivery service, or served
personally. Either party may change the address to which notices are
to be delivered by written notice to the other party served as provided
herein.
13.3 Waiver of Injunctive
Relief. DPI hereby
irrevocably waives any right to injunctive relief or right of rescission, and
hereby agrees that DPI’s sole and exclusive remedy in the event of any breach or
alleged breach, termination, or cancellation of this Agreement by DLR shall be
an action for damages. DPI understands and agrees that DPI’s Services
are unique and that DLR may suffer irreparable harm in the event that DPI fails
to comply with any of DPI’s obligations under this Agreement, and that monetary
damages in such event would be substantial and inadequate to compensate
DLR. Consequently, DPI agrees that in such event DLR shall be
entitled, in addition to such monetary relief as may be recoverable by law, to
such temporary, preliminary and/or permanent injunctive or other equitable
relief as may be necessary to restrain any threatened, continuing or further
breach by DPI, without showing or proving any actual damages sustained by DLR,
without bond.
13.4 Assignment. This
Agreement shall be binding upon and shall inure to the benefit of the parties
hereto and their respective heirs, executors, administrators, successors and
assigns. This Agreement and DPI’s rights and obligations hereunder
are personal to DPI and may not be assigned by DPI. A DLR may assign,
transfer, delegate and/or grant all or any part of its rights, privileges and
property hereunder to any party.
13.5 Independent Contractor's
Declaration. DPI is acting as an independent contractor in the
performance of the Services, and nothing herein shall be deemed to create an
employment or agency relationship between DPI and DLR. DPI shall in
no event be entitled to participate in, or to receive any benefits from, any of
DLR’s benefit or welfare plans. DPI shall be solely responsible for
the payment of all federal and state income taxes, social security taxes,
federal and state unemployment insurance and similar taxes and all other
assessments, taxes, contributions or sums payable with respect to DPI and/or
DPI’s employees and subcontractors in connection with the Services and DPI shall
file all returns and reports with respect to any of the foregoing.
13.6 Non-Exclusivity. Each
party’s obligations and rights hereunder are non-exclusive. Nothing
herein is intended to prevent either party from entering into agreements or
arrangements with other developers, content providers or third parties with
respect to other products or services whether or not similar in nature to those
set forth herein.
13.7 Waiver. No
waiver of any provision of this Agreement or any rights or obligations hereunder
shall be effective, except pursuant to a written instrument signed by the party
waiving compliance.
13.8 Cumulative Remedies.
Except as may be specifically set forth in this Agreement, the rights and
remedies of the parties set forth in this Agreement are not exclusive and are in
addition to any other rights and remedies provided hereunder or by
law.
13.9 Severability. If
any restriction, covenant or provision of this Agreement shall be adjudged by a
court of competent jurisdiction to be void, such restriction, covenant or
provision shall apply with such modifications as may be necessary to make it
valid and effective and the validity, legality and enforceability of the
remaining provisions contained herein shall not in any way be affected or
impaired.
13.10 Headings. Section,
paragraph and exhibit headings appearing in this Agreement are inserted only as
a matter of convenience. Such headings in no way define, govern,
limit, modify or construe the scope or extent of the provisions of this
Agreement to which they may relate and therefore shall not be given any legal
effect.
13.11 Amendments. All
amendments to this Agreement and all statements of work shall be binding upon
the parties so long as the same shall be in writing, specifically reference this
Agreement (or the applicable statement of work) and executed by both
parties. No trade usage or other regular practice or method of
dealing between the parties shall modify, interpret, supplement or alter in any
manner the express terms of this Agreement or any statement of
work. Additionally, preprinted terms on any invoice, proposals, click
through agreements or shrink wrap agreements shall have no force or effect on
the parties even if previously or subsequently signed, clicked or the product
used.
13.12 Counterparts. This
Agreement may be executed by manual or facsimile signature in counterparts, each
of which shall be an original and all of which together shall constitute one and
the same instrument. Facsimile signatures shall hold the same force
and effect as an original signature for purposes of binding the parties to this
Agreement.
13.13 Entire
Agreement. This Agreement, all fully executed statements of
work and all attached exhibits, schedules and attachments, each of which is
hereby incorporated herein by reference, constitutes the complete, final and
exclusive agreement between the parties with respect to the subject matter
hereof, and supersedes any and all prior or contemporaneous oral or written
representation, understanding, agreement or communication between them
concerning the subject matter hereof.
IN
WITNESS WHEREOF, the parties have duly executed this Agreement as of the date
set forth above.
DISNEYLAND
RESORT DIGITALPOST
INTERACTIVE, INC.
a
division of Xxxx Disney World Co.
By: /s/Xxxx
Xxxxxxxx
By: /s/Xxxx
Xxxxxxx
Name: Xxxx
Xxxxxxxx Name: Xxxx
Xxxxxxx
Title: VP
Operations Title: CEO/President
Date: 3/21/08
Date: 3/20/08
EXHIBIT A
Statement of Work No.
1
This
Statement of Work No. 1 is made and entered into as of the February 24, 2008, by
and between DISNEYLAND RESORT,
A DIVISION OF XXXX DISNEY WORLD CO. ("DLR"), located at 0000 X.
Xxxxxx Xxxxxxxxx, Xxxxxxx, Xxxxxxxxxx 00000, and DIGITALPOST INTERACTIVE, INC.
(“DPI”), located at 0000
Xx Xxxxxx Xxxx, Xxxxxx, XX 00000 and is made pursuant to the Software License
and Hosting Services Agreement dated as of February 24. 2008, entered into by
DLR and DPI (the "Agreement"). Capitalized
terms used without definition in this Statement of Work and the Attachments
shall have the same meanings as in the Agreement.
I.
|
PROJECT
|
Build Your Own Dream Home ("BYODH") Project ("Project")
II. PROGRAMS
A. The “Program”: DPI’s Media
Sharing Platform
B. Acceptance test
period: 30 days
C. Training: 2
days
III.
|
SERVICES
("Services")
|
|
A.
|
The Hosted
Solution. DPI will design and develop a private label,
customized version of its interactive photo sharing platform for DLR’s
Build Your Own Dream Home (BYODH) concept (the “BYODH
Platform”). The BYODH Platform will have two versions,
(1) a “BYODH Kiosk
Version” that will be accessible by users from BYODH kiosks located
at the Innoventions Dream Home Party Tent and (2) a “BYODH Web Version” that
will be accessible by users from their personal computer via the
Internet.
|
|
B.
|
Design
Specifications.
|
The
parties will mutually agree upon the detailed specifications for the BYODH
Platform (the “Detailed
Specifications”) provided that they are consistent with the
following:
|
1.
|
The
user experience within each version is illustrated in Attachment No.
1 hereto.
|
|
2.
|
The
BYODH Platform will exchange information so that (i) log in/password
information will be is carried through from the BYODH Kiosk Version to the
BYODH Web Version and (ii) a consumer’s BYODH design from the BYODH Kiosk
Version is carried through to the BYODH
Version.
|
|
3.
|
Each
of DLR’s designed vendors will have a branded page for advertising
purposes.
|
|
4.
|
Users
will have access to a “Build your Dream Home” flash
application.
|
|
5.
|
Users
will be able to view and share photos and
videos.
|
|
6.
|
Users
will be able to easily create and send Dream Home-themed email newsletters
with text & photos.
|
|
7.
|
Each
user’s Dream Home model will only be stored and accessible by such user
for 60 days following the day he or she first logs into the BYODH
Platform.
|
|
C.
|
Development
Services. DPI will design, develop and deliver to DLR
the BYODH Platform in accordance with the Design Specifications and
pursuant to the Performance Schedule. In addition to any
performance warranties set forth in the Agreement, DPI represents and
warrants that throughout the Performance Period, the BYODH Platform will
conform to and will operate in accordance with the Design
Specifications.
|
|
D.
|
Hosting
Services. DPI will host, serve and maintain the BYODH
Platform on DPI’s servers and systems during the Performance Period in
accordance with Attachments 2 and
3 hereto.
|
|
E.
|
Maintenance and
Support Services. Throughout the Performance Period, DPI
will provide all maintenance and support services requested by DLR,
including incorporating in to the BYODH Platform all upgrades, updates and
enhancement for DPI’s Media Sharing
Platform.
|
IV. PERFORMANCE
PERIOD
A.
|
Performance
Period. The Services shall be provided and the licenses
shall be valid during the period commencing as of the full execution of
this Statement of Work, and continuing for two years following the date of
Acceptance by DLR of the Hosted Solution by DLR (the “Performance Period”),
unless otherwise amended or terminated as provided in the
Agreement.
|
B.
|
Performance
Schedule. The Services will be performed in
accordance with the following
schedule:
|
Activity/Deliverable
|
Delivery Date
|
Develop
the Design Specifications
|
March
20 – April 5, 2008
|
Delivery
of the first draft of the BYODH Platform
|
April
6, 2008
|
Delivery
of revisions to the BYODH Platform based on DLR feedback
|
April
26, 2008
|
Delivery
of the Final BYODH Platform
|
May
22, 2008
|
|
C.
|
Effect of
Termination. Upon the expiration or termination of this
Statement of Work, DPI will deliver to DLR copies of all user information
and data in DPI’s possession or control and will permanently delete such
information from DPI’s Systems and
records.
|
V. COMPENSATION
A.
|
DPI
shall provide the Software, Deliverables and all Services under this
Statement of Work for the following fixed
fees:
|
|
1.
|
Development
Cost: US$50,000
|
|
2.
|
License and Hosting
Fee: US$1,500 per month during the Performance Period commencing
January 1, 2009.
|
|
3.
|
Support and
Maintenance. DPI will provide 10 hours of monthly
technical support for the BYODH Platform at no additional
cost. Support services in excess of such 10 hours per month
must be authorized by DLR in writing and will be billed on a monthly basis
at US$125 per hour.
|
|
B.
|
There
are no reimbursable expenses authorized for this Statement of
Work.
|
VI. DELIVERABLES
The
following deliverables shall be delivered by DPI pursuant to this Statement of
Work (“Deliverables”):
A. Certificate
of Insurance upon execution of this Statement of Work.
|
B.
|
All
deliverables specified above in Section IV,
B.
|
VII. PROJECT
MANAGEMENT AND KEY PERSONNEL
A. DLR
Project Manager: Xxxxx
Xxxxxx
B. DPI
Responsible Individual: Xxxxx
Xxxx
VIII.
|
ACCEPTANCE
|
This
Statement of Work No. 1 is made pursuant to the Agreement between DPI and
DLR dated as of February 24, 2008. Upon execution by both parties,
this Statement of Work No. 1 is incorporated by reference into and is made
a part of the Agreement, and is subject to the terms and conditions of said
Agreement.
AGREED
AND ACCEPTED:
DISNEYLAND
RESORT DIGITALPOST
INTERACTIVE, INC.
a
division of Xxxx Disney World Co.
By: /s/Xxxx
Xxxxxxxx
By: /s/Xxxx
Xxxxxxx
Name: Xxxx
Xxxxxxxx Name: Xxxx
Xxxxxxx
Title: VP
Operations Title: CEO/President
Date: 3/21/08
Date: 3/20/08
ATTACHMENT
1
to
Statement of Work No.
1
Design
Specifications
Attached
hereto.
to
Statement of Work No.
1
Detailed Description of the
Hosting Services
A. Summary
The
Services provided by DPI shall include, without limitation:
|
1.
|
Locating
and connecting host systems for the BYODH Platform, including load
balancing and a fully redundant network providing a solution for failover
and high availability. The services shall meet or exceed the availability
requirements and service levels specified
herein.
|
|
2.
|
Notification
to DLR within one hour in the event of any problem with a website server,
application, or database or a major connectivity problem to the
website. DPI will also implement appropriate mechanisms to
discover such problems promptly, on a 24x7 basis, and will keep a
permanent record of such outages in a trouble-ticket or database
system.
|
|
3.
|
Full
tape backups shall be weekly and transferred to off-site
locations. Incremental backups shall be performed
daily. A minimum of three (3) weeks worth of backup data shall
be retained prior to reuse or destruction of the tape. Data
backups will be tested weekly. All media will be systematically
restored to ensure media quality.
|
B. Installation and Change
Management
DPI shall
be responsible for initial set-up and on-going configuration management of the
operating system environment including, but not limited to, operating system
patches/fixes, system management utilities and tools, back-up utilities and tape
management/scheduling software, peripheral attachment and server-to-network
interfaces and configurations.
C. Network Connectivity,
Capacity, and Management
|
1.
|
Bandwidth. DPI
will provide an Internet connection over shared redundant bandwidth for
HTTPS web access to file servers on which to publish, store and retrieve
the BYODH Platform and user data.
|
|
2.
|
Monitoring. DPI
will monitor network components between the websites and exchange points
where DPI exchanges traffic with other Internet Service Providers, in a
manner which will permit DPI to identify loss of connectivity, bandwidth
utilization, and performance degradation between the website and the
exchange points.
|
D. Security
|
1.
|
DPI
shall install and maintain appropriate IT security measures for the BYODH
Platform and user data including security updates, authentications/logging
controls, data encryption and virus protections. DPI will
support firewall systems, which will monitor all attempts to access the
host machines.
|
|
2.
|
DPI
shall maintain the websites and network infrastructure in a manner that is
designed to prevent unauthorized modification of the BYODH Platform, user
data or server software, and unauthorized disruption of Services and
designed to protect the privacy of data entered by
users.
|
|
3.
|
DPI
shall use filtering routers and/or firewall technologies designed to allow
access from the Internet only to those ports necessary for guests to use
the service. The ports that have access to the servers may be
modified based on mutual agreement of DPI and DLR. Unnecessary
software shall be removed from DLR servers, and unnecessary
daemons/services turned off. Security patches recommended by
software vendor and the Computer Emergency Response Team (CERT) must be
applied immediately unless they conflict with other software in use or a
later time period has been agreed upon by
DLR.
|
|
4.
|
DLR's
environment, backup media (whether current or scratched) and all technical
documentation, usage or management reports and relevant correspondence
will be kept confidential and secure from any non-DPI personnel (except as
required to fulfill obligations in the Agreement), and to the extent
practical under DPI's normal business practices, confidential and secure
from DPI employees not involved in the support of the
websites.
|
|
5.
|
DPI
will allow DLR to perform security assessment(s) of the entire DLR
environment at DPI. Such assessments will be performed at DLR's
expense but DPI must supply adequate design information for such
assessments to occur. Such activities will be reasonably
managed by DPI and DLR so as to avoid impacting service to DLR or other
DPI customers.
|
|
6.
|
At
DLR's request, DPI will implement a token-based access control system
and/or other mutually agreed upon security mechanisms designed to prevent
unauthorized access to the DLR server
environment.
|
|
7.
|
DLR
and DPI agree to evolve the environment as required to address ongoing
security needs and threats as these may evolve from time to
time. This may include the purchase of new software, hardware,
and/or services, which will be paid by DLR provided they are pre-approved
and agreed to in writing by DLR.
|
|
8.
|
DPI
shall inform DLR whenever a suspected or actual security breach has
occurred. DPI shall cooperate and share information with DLR in
investigation and prosecution of any attempted, perceived, or actual
intrusions into the web sites. DPI shall provide a reasonable
level of assistance to DLR in an analysis of data or events related to any
attempted, perceived, or actual intrusion into the web
site.
|
|
(End of Attachment
2)
|
|
EXHIBIT
B
|
Performance
Warranty
1.
|
SERVICE
AVAILABILITY
|
|
A.
|
Definition. DPI’s
Systems (as defined above) will have a ninety-nine and nine tenths of a
percent (99.9%) Service Availability 24x7x365. “Service Availability”
means that DPI’s Equipment are fully operating in accordance with the
Agreement and all applicable Statements of Work without any downtime,
delays or other problems.
|
|
B.
|
Notification by
DPI. DPI will monitor DPI’s Systems 24x7x365 and shall
notify DLR:
|
|
(i)
|
within
one hour in the event that DPI discovers a Severity Level 1 or Severity
Level 2 incident (as defined
below),
|
|
(ii)
|
within
four hours in the event that DPI discovers a Severity Level 3 incident (as
defined below), or
|
(ii)
|
within
twenty-four hours in the event that DPI discovers a Severity Level 4
incident (as defined below).
|
2.
|
SCHEDULED
DOWNTIME/MAINTENANCE
|
DPI will
notify each DLR of any scheduled downtime for any part of DPI’s Systems
(including downtime for DPI to implement platform upgrades, patches and/or
fixes) (“Scheduled
Downtime”) at least 30 days prior to such Scheduled
Downtime. All Scheduled Downtime shall be scheduled at times and for
durations to minimize their impact on DLR and its customers.
3.
|
SEVERITY LEVELS AND
RESOLUTION PROCESSES
|
|
A.
|
Level 1 -
Emergency. DPI’s Systems suffer an Error which cannot be
reasonably circumvented and which either (i) causes any significant
functionality of DPI’s Systems to fail to execute, (ii) impairs any critical
function of the DPI’s Systems, or (iii) otherwise
so substantially slows the performance of the DPI’s Systems as to
effectively render it unusable. DPI will respond to DLR’s
notice of such Error within 30 minutes. Following DPI’s
response to the Error notice from DLR, DPI shall exercise its best efforts
working 24 hours a day, 7 days a week to address and remedy such
Error. DPI shall provide DLR with updates on the status of the
Level 1 Error at reasonable intervals as the status changes and until
resolved. “Error” means any
nonconformance in DPI’s systems which prevent them from performing in
accordance with the specifications set forth in the Agreement and each
Statement of Work, as applicable.
|
|
X.
|
Xxxxx 0 -
Xxxxxx. XXX’s Systems suffer an Error (which is not a
Level 1 Error) which cannot be reasonably circumvented by DLR in a timely
fashion and which substantially impairs the use of one or more portions or
features of DPI’s Systems but that does not impair any necessary business
functions of DLR’s business. DPI will respond to DLR’s notice
of such Error within 1 hour. Following DPI’s response to the
Error notice from DLR, DPI shall exercise its best efforts working
continually to address and remedy such Error during DPI’s normal business
hours within 7 days.
|
|
C.
|
Level 3 -
Significant. DPI’s Systems suffer an Error (which is not
a Level 1 or 2 Error) which impairs the use of one or more portions or
features of DPI’s Systems but that does not impair any necessary business
functions of DLR’s business and can be reasonably circumvented by DLR in a
timely fashion. DPI will respond to DLR’s notice of such Error
within 24 hours. Following DPI’s response to the Error notice
from DLR DPI shall exercise commercially reasonable efforts working
continually to address and remedy such error during DPI’s normal business
hours within 14 days. A Level 3 incident shall be automatically
escalated to a Level 2 Error if DPI does not resolve such Error within 48
hours of the end of the foregoing 14 day
period.
|
|
D.
|
Level 4 - Other Errors
and Issues. If DLR reports an Error with DPI’s Systems
that is not classified as a Xxxxx 0, 0 xx 0 Xxxxx, XXX may address such
Error in its next scheduled software
release.
|
4. SUPPORT PERSONNEL;
ESCALATION PROCEDURES
|
A.
|
DPI’s
customer care representatives shall be available by phone 24x7x365 to
address any questions, issues or
Errors.
|
|
B.
|
In
the event that a DLR is not satisfied by the responsiveness or level of
support provided by DPI, it shall have the right to escalate the issue as
follows:
|
i. Xxxx
Xxxxxx, VP Product Develpoment, xxxxxxx@xxxx.xxx,
000-000-0000
ii. Xxx
Xxxxx, VP Technology, xxxxxx@xxxx.xxx,
000-000-0000 (cell)
iii. Xxxxx
Xxxx, VP Business Development, xxxxx@xxxx.xxx, 000-000-0000 (cell)
5.
|
TERMINATION FOR
SERVICE LEVEL FAILURES.
|
DLR may
terminate any of its Statements of Work for breach by DPI in the event that a
Termination Event occurs. A “Termination Event” will be
deemed to have occurred if the following occurs more than 4 times in a 12 month
period: (a) a Level 1 incident (or a series of Level 1 incidents) lasts for more
than 24 hours (from the time DPI receives notice of such emergency) in any
consecutive 6 month period, and (b) the Level 1
incident is not caused by DLR’s systems or the systems of DLR’s other
contractors, which includes, but is not limited to, its servers, operating
systems and telecommunications systems or any third party systems, which
includes, but it not limited to, any broadband systems.
6. SERVICE
CREDITS
If
“Service Outages” occur in a given calendar month, in addition to any other
rights and remedies the applicable DLR may have, DLR shall be entitled to a
credit equal to the charges for the days in which the Error occurs.
7. CONTINUING
IMPROVEMENTS.
DPI shall
make efforts to continuously improve its systems and services. This
includes, but is not limited to, improvements in terms of efficiency,
functionality and performance.
(End
of Exhibit
B)
EXHIBIT
C
DISNEYLAND
RESORT
Reimbursable Expense
Guidelines
GENERAL:
All
travel should be booked by DLR’s Project Manager through Disney's Corporate
Travel Division. Arrangements will be made for air fare, hotel, and
rental cars. However, if the traveler books its own arrangements in
order to obtain higher applicable discounts, the airline ticket, car rental and
hotel charges shall be paid directly by the traveler and reimbursement requested
through normal invoicing.
For West Coast
Travel:
Disney's
Corporate Travel Division – West Coast can be reached between 8:00 am and 6:00
pm PST by calling - (000) 000-0000
For East Coast
Travel:
Disney's
Corporate Travel Division – East Coast can be reached between 8:00 am and 6:00
pm EST by calling - (000) 000-0000
For all
international travel please call: - (000) 000-0000
For
general information or the main receptionist please call: - (000)
000-0000
Original invoices and
receipts shall be submitted to substantiate all charges.
AIR TRAVEL:
All
travelers shall fly coach on a Disney-preferred airline as directed by Corporate
Travel.
HOTELS:
Travelers
will be booked into Disney-owned hotel properties or one of the hotels
participating in Disney's preferred hotel program. The Corporate
Travel Division will direct the traveler to an appropriate hotel.
Requests
for specific hotels will be honored if the rate is the same or lower than the
hotel booked by Disney's Corporate Travel Division.
Lodging
expenses shall include the cost of the room plus applicable taxes. It
does not include room service, recreation or any other direct charges to the
room. See Miscellaneous Travel Expenses for further discussion
regarding these charges.
AUTOMOBILE
EXPENSE:
Auto
rentals will be provided by one of Disney's preferred car rental suppliers as
directed by Corporate Travel, and billing shall be direct to the
traveler. Reimbursement will cover no more than the cost of a full
size car. Additional insurance coverage, as provided in the rental
agreement, will not be reimbursed. Mileage for travel in Consultant's
or Consultant's employees own vehicles shall be reimbursed at a rate not to
exceed the current rate set forth by the Internal Revenue Service, as may be
amended from time to time, for travel by Consultant in its or their own
vehicles. This provision shall not apply to daily commuting, for
which Consultant shall not be reimbursed. Tolls for
office-to-office travel only shall be reimbursed. Mileage and tolls
should be supported by appropriate contemporaneous logs. Limousine
service is expressly prohibited unless authorized in advance and in writing by
the Project Manager.
MISCELLANEOUS TRAVEL
EXPENSES:
Receipts
shall be submitted for all expenses in order to be
reimbursable. These expenses shall include all meals, taxi fares,
parking and other costs for which receipts can be typically
obtained.
Expenses,
such as tips, which are usually unreceipted should be reasonable for the service
provided and supported by a personal log or other contemporaneous
record. Employee expense reports submitted as documentation for
reimbursement are to be signed by appropriate management personnel and are to
include original receipts as supporting documentation. Documentation
of business meals shall include the names of all individuals, the date of the
meals, the business relationship of the individuals and the business topic of
discussion.
Per diem
expenses for meals, tips and incidentals shall not exceed $40/day or $50/day for
"high cost" cities. The following are considered "high cost"
cities:
Atlanta,
GA New
York, NY
Birmingham,
AL Oakland,
CA
Boston,
MA Philadelphia,
PA
Charlotte,
NC Phoenix,
AZ
Chicago,
IL
Pittsburgh, PA
Dallas,
TX
San Diego, CA
Honolulu,
HI
San Francisco, CA
Houston,
TX San
Jose, CA
Los
Angeles,
CA Santa
Barbara, CA
Newark,
NJ
Seattle, WA
New
Orleans,
LA Washington,
DC
OTHER EXPENSES:
Reimbursement
for such costs as reproduction, computer time, CADD time, air freight, postage
and long distance telephone calls will be made upon presentation of satisfactory
documentation. This documentation may include office logs which indicate a
reasonable effort to identify specific costs with the appropriate
project.
SUBCONSULTANTS:
If the
traveler, in performing its contractual services, is required to employ other
consultants ("Subconsultants"), the following shall apply:
|
1.
|
The
traveler shall coordinate the services of any
Subconsultants.
|
|
2.
|
The
traveler agrees to incorporate as a condition of employment the applicable
provisions set out in the traveler's contract with
Disney.
|
NOTE: All of the
above expenses will be reimbursed at actual cost without xxxx-up upon approval
by the Project Manager.
(End of Exhibit
C)
EXHIBIT
D
Computer System Security and
Remote Access Requirements
1. Consultant,
its employees, subcontractors and agents shall:
|
1.1
|
Immediately
inform Disney Worldwide Services, Inc. (“DWS”) Enterprise IT
Security of any security breach, attempted breach, or lapse in security
that might adversely affect a Disney Computer System or any Consultant
system on which Disney data resides, including any unauthorized access to
or compromise of Disney data or
resources.
|
|
1.2
|
Maintain
secure network connections through the utilization of DWS-approved
encryption technology while transferring Sensitive Data. “Sensitive Data” includes
payment card information of Disney or Disney customers or employees,
personal information of Disney customers or employees (including Social
Security number, drivers license number, or name associated with data such
as job performance or health insurance records), financial data, trade
secrets, or any data that, if improperly disclosed, could result in damage
or liability to Disney.
|
|
1.3
|
Store
all Sensitive Data in an encrypted format utilizing DWS-approved
encryption technology and provide security key management and escrow
facilities to ensure that encrypted Sensitive Data is not lost or
irretrievable should the encryption keys become
unavailable.
|
|
1.4
|
Ensure
that all inbound and outbound remote access to and from Disney Computer
Systems and any systems that process, transmit or store Sensitive Data
utilize a DWS-approved end-to-end encryption
method.
|
|
1.5
|
Maintain
a DWS-approved firewall at all logical demilitarized zones (“DMZ”) and Internet
connection points, with access control restricted to that necessary for
the conducting of the business authorized by this
Agreement.
|
|
1.6
|
Prevent
possible bridging of Disney Computer Systems or networks with non-Disney
networks. This includes the prevention of logical connectivity
from Consultant computer systems to non-Disney networks (e.g., the
Internet) while simultaneously connected to Disney Computer Systems (e.g., “split
tunneling” VPNs).
|
|
1.7
|
Allow
only authorized individuals to access Disney Computer Systems from
authorized locations under this
Agreement.
|
|
1.8
|
Provide
physical security to prevent unauthorized access to any device used to
access Disney Computer Systems or systems that process, store or transmit
Disney data.
|
|
1.9
|
Ensure
that all remote personal computing systems, workstations and laptops that
access Disney Computer Systems or process Disney data have functional and
current antivirus and firewall software
installed.
|
|
1.10
|
Allow
Disney or a Disney-approved auditing entity to periodically verify that
Consultant is in compliance with the terms of this
Agreement. Depending on the sensitivity and criticality of the
services or data provided, Disney shall have the option of commissioning
or requesting a review of the Consultant's internal control structure and
business continuity plans.
|
2.
|
Consultant
must further ensure that all of its employees, subcontractors or agents
with any access to any Disney Computer System comply with the following
procedures:
|
|
2.1
|
Sign
an appropriate agreement that acknowledges Disney’s security requirements
contained in this exhibit prior to gaining access to a Disney Computer
System.
|
|
2.2
|
Not
attempt to access any Disney Computer System, device, program or data file
without signing a nondisclosure and confidentiality statement provided by
or acceptable to DWS.
|
|
2.3
|
Not
attempt to access any Disney Computer System with anything other than his
or her individual User ID provided by Disney; “group IDs” or “generic IDs”
are not authorized.
|
|
2.4
|
Not
attempt unauthorized access to any Disney Computer System, device or
asset, including program and data
files.
|
|
2.5
|
Not
attempt to connect any network, computer system, device, site or asset to
the Disney Computer System without explicit authorization from
DWS.
|
|
2.6
|
Not
attempt to access any Disney Computer System, device or site from any
unauthorized device, location, or
software.
|
|
2.7
|
Not
attempt to remove, copy, compromise or replace system files or processes
on any Disney Computer System unless authorized by the Disney Project
Manager.
|
|
2.8
|
Not
attempt to install software on any Disney Computer System unless
authorized by Disney Information
Technology.
|
(End
of Exhibit
D)
EXHIBIT
E
Card Association
Standards
1. Consultant
represents and warrants to Initials, and Consultant covenants with Initials, as
of the date provided, that all equipment, software, systems, and services
provided hereunder will fully comply with (i) the rules, regulations, policies
and processes of the credit, charge and/or debit card payment clearing networks
(such as those operated by Visa, MasterCard, American Express, Diners Club,
Discover Card, NYCE, Star, Pulse and Japan Credit Bureau); (ii) the requirements
of the PCI Security Standards Council as specified on the website located at:
xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/xxxxx.xxx
or its successor, as such requirements may be updated and/or amended from time
to time in the sole discretion of the payment clearing networks. Subparagraphs
(i) and (ii) above are referred to herein, collectively, as the “Card Association Standards”. Consultant
acknowledges and understands its responsibility for securing cardholder data in
accordance with the Card Association Standards.
2. Consultant
shall defend, indemnify and hold each of Initials and its Affiliates (and the
officers, directors, representatives, employees, agents, successors and assigns
of each) forever harmless from and against any and all suits, claims, demands,
penalties, fines, charges, demands, proceedings, causes of action, damages
losses, liabilities, and costs and expenses of every kind and nature (including
without limitation reasonable fees and expenses of attorneys and other
professionals) to the extent resulting from or arising out of Consultant’s
failure to fully comply with the Card Association Standards.
3. Consultant
covenants that it will comply with the applicable audit, security scanning, and
self-assessment requirements under the Card Association Standards, and with the
requirements of Sections 3.1 through 3.4, below.
3.1. If
the Card Association Standards require a third party to audit Consultant’s
compliance with the Card Association Standards, then within 30 days of receiving
any associated report and recommendations with respect to compliance, Consultant
will provide Initials with a copy thereof.
3.2. If
the Card Association Standards require a third party to perform security scans
to validate Consultant’s compliance with the Card Association Standards, then
within 30 days of receiving any report and recommendations with respect to
compliance, Consultant will provide Initials with a copy thereof.
3.3. If
the Card Association Standards require Consultant to assess its own compliance
with the Card Association Standards by completing a self-assessment report or
questionnaire, then within 30 days of completing any such report or
questionnaire, Consultant will provide Initials with a copy
thereof.
3.4. In
addition to the foregoing requirements in Section 3, Consultant will, within 30
days of their receipt or production, provide Initials with copies of all
associated follow-up reports and remediation plans, and all correspondence with
the PCI Security Standards Council and the credit, charge and/or debit card
payment clearing networks, relating to Consultant’s compliance (or
non-compliance) with the Card Association Standards.
4. Return and
Termination. In the event that the equipment, software, systems, or
services provided by Consultant hereunder are not fully compliant with the Card
Association Standards in accordance with this exhibit, then Initials shall, in
addition to any other rights or remedies available to Initials or its Affiliates
at law or in equity, have the unilateral right at its sole option and discretion
to: (i) return the non-compliant items and all associated equipment and software
to Consultant, terminate all related services, and receive a full refund of the
amounts paid by Initials therefor; (ii) terminate all maintenance and support
associated with such items and receive a prorated refund of all prepaid fees by
Initials therefor as prorated on a straight-line basis over a five-year period;
(iii) cancel any executory orders for equipment, software, systems, and/or
services without further obligation or liability of any kind to Consultant;
and/or (iv) terminate this Agreement.
(End
of Exhibit
E)
EXHIBIT
F
Open Source
Code
Linux
Apache
mySQL
php
gd
ado-db
cakePHP
ffmpeg
ffmpeg-php
jQuery
mooTools
prototype/scriptaculous
tinyMCE
toolman.js
swfObject.js
(End
of Exhibit
F)