DATA TRANSFER AGREEMENT
EXHIBIT 10.14
CONFIDENTIAL
EXECUTION VERSION
This Data Transfer Agreement ("DTA") is made as of the date set forth below (the "Effective Date") between Pioneer Hi-Bred International, Inc. and its Affiliates ("Pioneer") and the undersigned company ("Company"). The parties hereto hereby agree as follows:
1.0 SCOPE OF DTA
This DTA shall apply to all Transfers of Personal Information from Pioneer to Company and the Company Affiliates and to the Processing of Personal Information by Company and the Company Affiliates as reflected in commercial agreements between the parties. To the extent any Company Affiliate receives Personal Information from Pioneer or a Pioneer Affiliate, Company shall cause each such Company Affiliate to comply with the terms and conditions of this DTA, as if such affiliate were a named party to this DTA. Company shall be liable for the actions or omissions of each Company Affiliate with respect to all Transfers and Processing of Personal Information in accordance with the terms of this DTA. The terms of this DTA shall prevail in the event of any conflict with any terms in any other written agreements between the parties, to the extent the conflict relates to the transfer of Personal Information.
If any Transfer is subject to any law or regulation of any country which requires a change in the terms of this DTA or additional actions, the parties will use reasonable commercial efforts to promptly amend this DTA or otherwise comply with any such laws.
2.0 WARRANTIES
2.1 Warranties, Representations, and Covenants by Pioneer
With respect to each Transfer of Personal Information, Pioneer hereby warrants, represents, and covenants to Company that:
- Pioneer has obtained any and all legally required consents and has the right to Transfer Personal Information to Company and the Company Affiliates, as applicable; and
- Pioneer has full legal authority to give the warranties, make the representations, enter into the covenants, and fulfill the undertakings set out in this DTA.
2.2 Warranties, Representations, and Covenants by Company
With respect to each Transfer of Personal Information, Company hereby represents, warrants and covenants to Pioneer regarding such Personal Information that:
- Company will comply with all Applicable Laws and this DTA with respect to the receipt, use, Processing, and any subsequent transfer of such Personal Information to a third party by Company;
- Company has full legal authority to give the warranties, make representations, enter into the covenants, and fulfill the undertakings set out in this DTA.
- To the extent applicable, Company has obtained any and all legally required consents and has the right to Transfer Personal Information to Pioneer;
3.0 OBLIGATIONS OF COMPANY
3.1 Company may only use Personal Information for the purpose of providing products or services to Pioneer, in compliance with Applicable Law, and will not use Personal Information received from Pioneer for any purpose, including for its own commercial benefit, not specifically permitted in writing by this DTA and any underlying commercial agreement. Except with the prior written consent of Pioneer, Company shall not:
- contact Individuals to obtain consent for additional types of Processing;
- undertake any direct marketing to any Individuals; or
- use any Personal Information as the basis to grant or deny any material benefit to an individual, the determination of which is wholly automated.
3.2 Cross Border Obligations
- Where Company and any Company Affiliate, as applicable, receives Personal Information from Pioneer and is located in any of the countries listed in the Special Jurisdictional Provisions (attached as Exhibit C), or from Pioneer that relates to Personal Information Collected or controlled by Pioneer Affiliates located in one of the countries listed in the Special Jurisdictional Provisions, Company will treat such Personal Information in accordance with the Special Jurisdictional Provisions.
- Where Company and any Company Affiliate, as applicable, receives Personal Information from Pioneer or another Pioneer Affiliate which has certified to the Safe Harbor, which relates to Personal Information Collected or controlled by Pioneer Affiliates located in the European Economic Area or Switzerland ("European Personal Information"),
1
CONFIDENTIAL
EXECUTION VERSION
- Where Company and any Company Affiliate, as applicable, receives Personal Information directly from any Pioneer Affiliate located in the European Economic Area or Switzerland, Company (and Company Affiliates) shall enter into appropriate data transfer agreements with any individual Pioneer Affiliate) as needed to satisfy cross-border transfer obligations relating to Personal Information, such as the Standard Contractual Clauses issued by the European Commission or other similar agreements.
- Where Company and any Company Affiliate, as applicable, is in the US and has certified to the EU-US and/or Swiss-US Safe Harbor, Company will handle all European Personal Information consistently with the Safe Harbor.
Company shall Process the European Personal Information in accordance with the relevant Safe Harbor Principles as they may be amended from time to time (a copy of the current principles are attached as Exhibit B) with the exception of the notice, choice and enforcement principles.
3.3 Use of Security Controls
- Company shall have a written comprehensive security program that protects Personal Information Transferred by Pioneer and includes appropriate and commercially reasonable technical and organizational Security Controls, to prevent accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and against all other unlawful forms of Processing or as otherwise required or deemed to be adequate under any Applicable Law. Such Security Controls will be at least as stringent as the data protection rules that Company uses to protect its own employee, customer, or supplier Personal Information.
- In the event that there is any unauthorized access, unauthorized, unlawful or accidental loss, destruction, acquisition of or damage to Personal Information in Company's or any Company Affiliate's control (Security Incident), Company will immediately notify Pioneer (and in any event within 24 hours) of such unauthorized access or acquisition and will fully cooperate with Pioneer to investigate, remediate, and mitigate the effects of the Security Incident and to comply with any notification provisions to individuals or regulatory authorities that Pioneer deems appropriate. To the extent that such Security Incident arises out of an act or omission by Company, any Company Affiliate or their respective personnel, or is a breach of this DTA by Company or any Company Affiliate, Company will be responsible for any liability, claims, costs or expenses arising from such unauthorized access or acquisition.
- Company will hold Personal Information in strict confidence and require employees and personnel who will be provided access or will otherwise Process Personal Information to protect all Personal Information in accordance with the requirements of this Agreement (including during the term of their employment and thereafter).
- Company will limit access to Personal Information to only those individuals who have a legitimate business need to access the Personal Information and will grant access to the smallest number of necessary individuals. Company will also implement appropriate technical and physical access controls (such as passwords, card key readers, and locks on files) to limit access to Personal Information.
- Company will provide employees and personnel who will be provided access, or will otherwise Process Personal Information, with appropriate training regarding information security and the protection of Personal Information.
- Company will comply with any Security Controls required by any country having jurisdiction over the Personal Information.
- Company will encrypt, using industry standard encryption tools, all Special Personal Information that Company: (i) transmits or sends wirelessly or across public networks; (ii) stores on laptops or storage media; and (iii) stores on portable devices, where technically feasible. Company shall safeguard the security and confidentiality of all encryption keys associated with encrypted Special Personal Information.
3.4 Accuracy
Company will take reasonable steps to maintain the accuracy of Personal Information for the intended purposes of Processing and will assist Pioneer in updating or deleting Personal Information as requested by Pioneer.
3.5 Access and Correction
Company shall reasonably cooperate with Pioneer to provide all Individuals with the ability to effectively exercise any right to access and correct Personal Information. Company shall reasonably cooperate in correcting any Personal Information that Pioneer determines contains inaccurate Personal Information regarding Individuals who have requested such
2
CONFIDENTIAL
EXECUTION VERSION
correction, provided that Pioneer communicates such corrected Personal Information to Company.
3.6 Supervision of Personnel
Company shall be fully responsible and liable for the acts or omissions of its personnel with access to Personal Information and will hold those of its personnel with access to Personal Information accountable for violations of this DTA.
3.7 Notification and Implementation of Opt-Outs
Company will timely notify Pioneer of (i) any Opt-Out or any other choice or request for access or rectification, blocking or similar requests made by any Individual, and shall not respond to any such requests unless expressly authorized to do so by Pioneer; (ii) any complaint relating to the Processing of Personal Information, including allegations that the Processing infringes on an Individual's rights under Applicable Law; or (iii) any order, demand, warrant, or any other document purporting to compel the production of Personal Information under Applicable Law. Company shall use and Process all such Personal Information in accordance with all such Opt-Outs or other choices and will promptly notify Pioneer of such actions, and shall cooperate with Pioneer with respect to any action taken relating to such request, complaint, or order or other document.
3.8 Risk of Loss in Transfer
Company shall bear the risk of loss associated with any alteration, degradation or corruption of Personal Information during any Transfer to or from Company and while such Personal Information is in Company's possession, to the extent any such losses arise out of the negligence, willful misconduct, or breach of this DTA by Company or any third party having been provided with access to Personal Information by Company.
3.9 Subsequent Transfers
Company shall not make any Transfers of Personal Information to any third party, including contractors, affiliates or service providers of Company received from Pioneer, unless it has received written permission from Pioneer to make such a Transfer, except where such disclosure, transfer or access is mandated by Applicable Law (subject to Company providing Pioneer with prompt written notice of such requirement to transfer or disclose, unless such notice is prohibited by Applicable Law). If Pioneer has agreed, then to the extent that Company retains a contractor or service provider in order to provide services to Pioneer and such contractors or service providers have granted access to Personal Information, Company must enter into an agreement with each contractor or service provider that is at least as stringent as this DTA and imposes on each contractor or service provider all of the obligations under this DTA. Such agreement shall be provided to Pioneer promptly upon request. Company shall remain accountable and responsible for all actions by such third parties with respect to the disclosed or transferred Personal Information.
3.10 Retention and Destruction of Personal Information
Company shall retain all Personal Information only for the period necessary to complete the purposes for which the Personal Information was Transferred to Company by Pioneer. Upon the expiration or earlier termination of the underlying commercial agreement, Company will cease Processing and will permanently destroy all of Pioneer's Personal Information so that the Personal Information is unreadable or return the Personal Information to Pioneer, as instructed by Pioneer. Company will obtain permission from Pioneer before destroying any of the Pioneer Personal Information.
3.11 Direct Marketing and Online Tracking
- To the extent that Company provides any direct marketing or tracking services to Pioneer, Company shall provide notice to, and obtain consent as appropriate under direct marketing and commercial communications laws.
- By providing Personal Information to Pioneer relating to direct marketing or tracking, Company represents and warrants that it has provided all necessary notices and obtained all necessary consents to provide the Personal Information for those purposes.
- Company will comply with all Applicable Laws when using cookies and similar online tracking technologies on behalf of Pioneer, on any website operated by Pioneer, and shall refrain from engaging in any behavior which renders or is likely to render Pioneer in breach of Applicable Laws.
3.12 Inspection
Company shall provide Pioneer and its authorized representatives with access to, and the right to inspect, all Records relating to the Collection, Processing or Transfer of Personal Information, all Processing premises and all Security Controls used to protect such Personal Information subject to this DTA. Unless otherwise agreed, any such inspection shall occur only at the business offices or data centers of the Company, during normal business hours, and shall be conducted by a mutually acceptable third party inspector. Pioneer shall pay the third party inspection costs of any such inspection but shall not be obligated to reimburse Company for any costs incurred by Company in the inspection process.
3
CONFIDENTIAL
EXECUTION VERSION
3.13 Provision of DTA to Individuals
Company and Pioneer shall make copies of this DTA available to any Individual, upon reasonable request by the Individual.
3.14 Regulatory Investigations
Company and Pioneer shall cooperate in any regulatory investigation or in any internal investigation by either party arising out of this DTA, whether or not related to a regulatory investigation. In addition, both parties shall cooperate in responding to any inquiry by any Individual. In the event of any such investigation or inquiry, upon notice to the other party, either party may suspend any further Transfers for so long as may be necessary to obtain assurances that any additional Transfers will not provide the basis for further regulatory action or possible liabilities. Except as provided in Section 3.15 such suspension will not relieve either party of any liability arising from a default of this DTA or any other related commercial agreements. A default under this DTA will, at the option of the non-defaulting party, be deemed to be a default under the terms and conditions of any such related commercial agreements.
3.15 Right to Suspend Transfers
If the performance of this DTA will violate Applicable Law, then either Company or Pioneer shall have the right to suspend, and not execute, any such Transfer but only to the extent that such Transfer violates Applicable Law. If any such suspension is material, then such suspension will be treated as an event of force majeure under the terms and conditions of any related commercial agreements between the parties.
3.16 Allocation of Costs
Unless otherwise specified, Company and Pioneer shall perform all of their obligations under this DTA at their own respective cost and expense.
4.0 INDEMNITIES AND LIMITATION OF LIABILITY
4.1 Indemnity
Company and Pioneer shall each indemnify, defend, and hold harmless the other party against all third party claims for liabilities, damages, losses or expenses incurred to the extent arising out of the negligence, willful misconduct, breaches of this DTA, or violations of Applicable Law in the performance of this DTA by the party at fault, its employees, agents, subcontractors or assigns. Further, in the event the parties are jointly at fault, they agree to indemnify each other in proportion to their relative fault.
4.2 Scope
The claims for liabilities, damages, losses or expenses covered under Section 4.1 include, but are not limited to: settlements, judgments, court costs, reasonable attorneys' fees and other litigation expenses, fines and penalties arising out of actual or alleged (a) injury to or death of any person, including employees of each party, or (b) loss or damage to property, including intangible property.
4.3 Limitations
EXCEPT FOR THE INDEMNITY OBLIGATIONS CONTAINED IN THIS SECTION 4, VIOLATIONS OF ANY LAW, ANY DAMAGES ARISING FROM PERSONAL INFORMATION LOSS RESULTING FROM THEFT OF A COMPUTER OR UNAUTHORIZED ACCESS TO OR USE OF THE PERSONAL INFORMATION BY EMPLOYEES, SUBCONTRACTORS OR AGENTS OF THE COMPANY OR COMPANY AFFILIATES, ANY OTHER UNAUTHORIZED DISCLOSURES OF PERSONAL INFORMATION IN VIOLATION OF ANY CONFIDENTIALITY OBLIGATIONS; OR THE FAILURE TO OTHERWISE PROVIDE ADEQUATE PHYSICAL AND ELECTRONIC SECURITY AS REQUIRED BY THIS DTA, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES, INCLUDING, BUT NOT LIMITED TO, DAMAGES BASED UPON LOSS OF PROFITS AND/OR LOSS OF BUSINESS ARISING OUT OF OR IN ANY WAY RELATED TO THIS DTA OR THE PERFORMANCE THEREOF, EVEN IF THAT PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
4.4 Confidentiality
Personal Information will be deemed to be confidential information of the party disclosing the Personal Information under the terms of any confidentiality provisions of any applicable commercial agreement or separate confidentiality or non-disclosure agreement between the parties.
4.5 Survival
The provisions of this Section 4 shall survive the termination of this DTA.
5.0 TERM AND TERMINATION
This Agreement shall be effective as of the date specified below the signature block, unless specified otherwise with respect to a particular entity in the signature pages of this Agreement.
In the event of a material breach by Company or Pioneer of this DTA, the non-breaching party may terminate this DTA, by written notice to the breaching party, 30 days after the party first delivered written notice declaring such breach, and upon the failure of such breach to be cured within such 30 days. With
4
CONFIDENTIAL
EXECUTION VERSION
respect to any Transfers occurring prior to the termination of this DTA, the provisions of Section 3 shall survive such termination.
6.0 MISCELLANEOUS
6.1 Choice of Law
Except as otherwise required by Applicable Law:
- This DTA will be governed by and construed in accordance with the laws of the State of Delaware without giving effect to principles of conflict or choice of laws.
- The courts within the State of Delaware will be the only courts of competent jurisdiction for enforcement or interpretation of this DTA.
- Company and Pioneer do hereby irrevocably submit themselves to the personal jurisdiction of the courts of the State of Delaware, including the U.S. District Courts for the District of Delaware.
6.2 Change of Law
In the event of a change in Applicable Law which would make the continued Transfer of Personal Information under this DTA, or the continued Processing of such Personal Information by Company, unlawful, then, prior to the effective date of any such change in Applicable Law, either (a) if commercially reasonable alternatives exist for adjusting the procedures for Transfer or Processing in order to avoid a violation of Applicable Law, then Pioneer and Company, at their own respective cost and expense, shall cooperate by implementing such alternatives, or (b) if no such alternatives exist, then either Pioneer or Company shall be entitled to terminate all further Transfers which, if executed, would be unlawful following the change in Applicable Law. Any such suspension of Transfers will be treated as an event of force majeure under the terms and conditions of any related commercial agreement between the parties relating to such Collection of Personal Information, Processing or Transfer and may be the basis for termination of such related commercial agreement.
6.3 Severability
Any provision of this DTA that is determined by a court of competent jurisdiction to be invalid or unenforceable will be ineffective to the extent of such determination without invalidating the remaining provisions of this DTA or affecting the validity or enforceability of such remaining provisions.
6.4 Waiver; Successors & Assigns
No oral modification or waiver of any of the provisions of this DTA shall be binding upon either Company or Pioneer. This DTA is for the benefit of, and shall be binding upon, the parties and their respective successors and assigns.
6.5 Notices
Whenever Company or Pioneer desires or is required to give any notice, demand, or request with respect to this DTA, such communication shall be made in writing. Communications in writing must be delivered by a courier service that confirms delivery in writing or via certified or registered mail, postage prepaid, return receipt requested, addressed to the representative as set forth in Exhibit A.
6.6 Complaints
Company and Pioneer agree to designate a person to receive and respond to any complaints by Individuals about their Personal Information.
6.7 Third Party Rights
No Individual or third party with Personal Information has any other beneficial rights under this DTA, except, the parties agree that Pioneer Affiliates are intended third-party beneficiaries of this Agreement and that this Agreement is intended to inure to the benefit of such Pioneer Affiliates. Without limiting the foregoing, Pioneer Affiliates will be entitled to enforce this Agreement as if each was a signatory to this Agreement.
6.8 Amendments in Writing
Company and Pioneer agree that any and all amendments to this DTA must be made in writing and signed by both parties. No amendment can be made by electronic means.
6.9 Counterparts
This DTA may be executed by the parties on any number of separate counterparts, and all executed counterparts shall constitute one agreement binding on all the parties notwithstanding that all the parties are not signatories to the same counterpart. For purposes of this DTA, a document (or signature page thereto) signed and transmitted by facsimile machine or e-mail is to be treated as an original document. The signature of any party thereon, for purposes hereof, is to be considered as an original signature, and the document transmitted is to be considered to have the same binding effect as an original signature on an original document.
7.0 DEFINITIONS
The following capitalized terms shall have the following meanings when used in this DTA:
7.1 "Applicable Law" means any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding restriction (including any and all legislative and/or regulatory amendments or successors thereto), to which a party to this Agreement is subject and which
5
CONFIDENTIAL
EXECUTION VERSION
is applicable to a party's information protection and privacy obligations.
7.2 "Collect" (including the usage of "Collected" or "Collection") means to conduct the initial gathering and recording of data regarding Individuals, whether or not the data constitutes Personal Information.
7.3 "Company Affiliate" means each Affiliate (as such term is defined in the APSA) of the Company.
7.4 "Pioneer Affiliate" means any domestic or foreign partnership, joint venture, corporation or other form of enterprise in which Pioneer possesses (directly or indirectly) an ownership interest of 20 percent or greater (or lesser ownership if such is the maximum allowed by law) or where Pioneer has a written management agreement to manage the relevant procurement activities of the Pioneer entity.
7.5 "Individual" means a Person to whom Personal Information relates and about whom Personal Information may be Processed under this Agreement.
7.6 "Notice" means a disclosure to an Individual in connection with the Collection or Processing of Personal Information that informs the Individual regarding:
- The identity of the entity making decisions about the Personal Information;
- The types of Personal Information being Collected;
- The purposes for which Personal Information may be used;
- Any recipients (or categories of recipients) of Personal Information;
- Any right of the Individual to have access to Personal Information;
- Any right of the Individual to rectify any Personal Information which is inaccurate; and
- The consequences, if any, to Individual of not providing Personal Information.
7.7 "Opt-Out" means a choice given to or exercised by an Individual to decline, reject or refuse the Collection or Processing of his or her Personal Information.
7.8 "Personal Information" means any information that identifies an Individual or relates to an identifiable individual. Examples of Personal Information include, but are not limited to, name, address, telephone number, and email address.
7.9 "Process" (including the usage of "Processes", "Processed" or "Processing") means any operation or set of operations which is performed upon Personal Information, whether or not by automatic means, including, without limitation, any Collection, Transfer, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, combination, blocking, erasure or destruction thereof.
7.10 "Record" means information that is inscribed on a tangible medium or is stored in an electronic or other medium and which is retrievable in perceivable form.
7.11 "Safe Harbor Program" shall mean individually and collectively the U.S.-E.U. Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework developed by the U.S. Department of Commerce in consultation with, respectively, the European Commission and the Federal Data Protection and Information Commissioner of Switzerland.
7.12 "Security Controls" means any controls that are used to regulate access to, or prevent the alteration, loss or destruction of, any Personal Information.
7.13 "Special Personal Information" means any of the following types of Personal Information: (i) social security number, taxpayer identification number, passport number, driver's license number or other government-issued identification number; or (ii) credit or debit card details or financial account number, with or without any code or password that would permit access to the account; credit history, or (iii) information on race, religion, ethnicity, sexual orientation, medical or health information, genetic or biometric information, political or philosophical beliefs, trade union membership, background check information, judicial data such as criminal records or information on other judicial or administrative proceedings.
7.14 "Transfer" (including the usage of "Transfers", "Transferred", "Transference" or "Transferring") means the access to or sharing of Personal Information by electronic or other means.
[Signature page to follow.]
6
IN WITNESS WHEREOF, the parties have executed and delivered this DTA as of the Effective Date.
"PIONEER" PIONEER HI-BRED INTERNATIONAL, INC.
By_________________________________ ___________________________________ Title: ___________________________________ Effective Date: December 31, 2014 |
"COMPANY" S&W SEED COMPANY
By_________________________________ ___________________________________ Title: ___________________________________
|
[Signature Page to Data Trsnsfer Agreement]