PLATFORM SERVICES, TRANSFER AGENT AND REGISTRAR AGREEMENT
Exhibit 6.5
PLATFORM SERVICES, TRANSFER AGENT AND REGISTRAR AGREEMENT
THIS PLATFORM SERVICES, TRANSFER AGENT AND REGISTRAR AGREEMENT, including all exhibits hereto ("Agreement"), is made and entered into as of December 23, 2020 (the "Effective
Date"), and is by and between Securitize LLC, a Delaware limited liability company with offices at 000 Xxxx Xxxxxx, Xxxxx 0000, Xxx Xxxxxxxxx, XX 00000 ("Securitize"),
and Exodus Movement, Inc., a Delaware corporation with an address of 00000 Xxxx Xxxxxx, Xx. 000, Xxxxx, XX 00000 ("Issuer"), each a "Party",
together the "Parties".
RECITALS
WHEREAS, Issuer desires that certain services be provided by Securitize with regard to the issuance, transfer and registration of certain Securities (as defined below) of Issuer;
WHEREAS, Securitize is engaged in the business of providing technological and transfer agent services for issuers of securities and seeks to provide such services to Issuer; and
WHEREAS, the Parties desire to set forth the terms and conditions for the provision of services by Securitize to Issuer.
NOW THEREFORE, in consideration of the terms and conditions set forth below and other good and valuable consideration, the sufficiency of which is hereby acknowledged, the Parties agree as follows:
TERMS AND CONDITIONS
1.
|
DEFINITIONS. For purposes of this Agreement, each capitalized word or phrase listed below shall have the meaning designated:
|
"Affiliate" of a Party means a business entity that directly or indirectly controls, is controlled by, or is under common control with, such Party. For purposes of this definition, "Control" (including, with
correlative meaning, the term "Controlled by"), as used with respect to any entity, means the direct or indirect ownership of more than fifty percent (50%) of the voting stock, or more than fifty percent (50%) of the voting power at general meetings,
or the power to appoint and dismiss a majority of the board of directors or otherwise to direct the activities, of such entity. Unless otherwise specified in this Agreement, the term "Affiliate" includes current and future Affiliates of a Party.
"Applicable Laws" means all US federal, state and local laws, statutes, ordinances, regulations and rules applicable to the provision of the Services including, for the avoidance of doubt, all laws governing
the offering and sale or issuance of Securities in each jurisdiction where Issuer is offering and selling or issuing Securities, and the laws governing the Issuer Smart Contract, its performance and the interpretation thereof.
"Authorized Participants" has the meaning described in Section 7.2.
"Authorized User" means a natural person who is an employee, agent, or contractor of Issuer or Issuer's Affiliates who has been authorized by Issuer to access and use the Platform or other Services of
Securitize under this Agreement solely for the benefit of Issuer.
"Company Offering" has the meaning described in Section 7.2.
1
"Confidential Information" has the meaning described in Section 10.1.
"Digital Token" means digital representations of the Securities that are evidenced on and can be electronically received and stored using distributed ledger technology.
"Exodus Wallet" means Issuer's unhosted and non-custodial cryptocurrency software wallet for multiple types of cryptocurrency and other digital assets, which, as of the date of this Agreement, (i) is branded
the "Exodus Wallet" and (ii) can be downloaded from the xxxxxx.xx website, the iOS app store, and the Google Play store.
"Exchange Act" means the Securities Exchange Act of 1934, as amended. "Harmful Code" has the meaning described in Section 7.5.2.
"Intellectual Property Rights" means all tangible and intangible rights associated with works of authorship throughout the world, including but not limited to, copyrights, moral rights, and mask works;
trademarks and trade name rights and similar rights; trade secret rights; patents, designs, algorithms, and other legally protectable intellectual or industrial property rights (of every kind and nature throughout the world and however designated);
and all registrations, initial applications, renewals, extensions, continuations, divisions, or reissues now or hereafter in force (including any rights in the foregoing) anywhere in the world, that exist as of the Effective Date or hereafter come
into existence, regardless of whether or not such rights have been registered with the appropriate authorities in such jurisdictions in accordance with the relevant legislation.
"Issuer Data" means all electronic data or information submitted by or on behalf of Issuer to the Platform whether included in the Issuer Smart Contract or otherwise, including any data or information
submitted by Authorized Participants; provided, however, that Issuer Data shall not include any information submitted by Authorized Participants that registered on the Platform utilizing Securitize's "Securitize ID" Product, which
shall be proprietary to Securitize and governed by existing agreements between Securitize and such Authorized Participants; provided, further, that, for the avoidance of doubt, Issuer Data does not include the Intellectual Property
Rights of the Issuer set forth in Section 13.1.2.
"Issuer Due Diligence Information" means information provided by Issuer to Securitize, either before or after the Effective Date, for the purposes of Securitize's evaluation of Issuer's suitability as a
party to this Agreement.
"Issuer Intellectual Property Rights" means the Intellectual Property Rights over Issuer Data, Issuer Instructions, Issuer Materials, the Issuer Smart Contract (other than the Securitize Intellectual
Property contained therein) and Feedback, as well as any other Intellectual Property Rights owned or held by Issuer prior to the Effective Date and as otherwise set forth under Section 13.1.2.
"Issuer Instructions" means written instructions provided to Securitize by Issuer.
"Issuer Materials" means required content, information, instructions (including Issuer Instructions) or other materials reasonably requested by Securitize; provided, however,
that, for the avoidance of doubt, Issuer Materials does not include the Intellectual Property Rights of the Issuer set forth in Section 13.1.2.
2
"Issuer Smart Contract" means the smart contract consisting of software code that exists on the Ethereum blockchain and which has been created by Issuer Instructions.
"Joinder Agreement" means the Joinder Agreement to this Agreement, the form of which is included herein as Exhibit E, to be entered into among the Parties and any Affiliate of Issuer that may issue
Securities.
"Order Form" means the order form agreed between the Parties in substantially similar form as Exhibit A.
"Platform" means the Securitize cloud-based services as described in Exhibit A, including any related mobile applications, and all upgrade and enhancements to the Platform that may be provided by Securitize
(for itself or on behalf or through any of its Affiliates) under this Agreement.
"PII" means personally identifiable information as defined in Section 10.5.
"Securities" means Issuer's Class A Common Stock, which may be represented by Digital Tokens. "Securities Act" means the Securities Act of 1933, as amended.
"Securitize Intellectual Property Rights" means the Intellectual Property Rights over all material contained on or available through the Platform and/or other Securitize Services, as well as any other
Intellectual Property Rights held by Securitize prior to the date hereof, but in each case excluding the Issuer Intellectual Property Rights.
"Services" means the provision of the Platform, related documentation, and any other specified services or deliverables required to be provided by Securitize (for itself or on behalf or through any of its
Affiliates) under this Agreement as described in the Order Form.
"Service Level Agreement" or "SLA" has the meaning described in Exhibit B as attached hereto and incorporated by reference.
"Term" has the meaning described in Section 12.
"Territory" means the world, excluding those countries or parties subject to applicable prohibitions under U.S. export laws or in which the use of the Securitize Services would be prohibited or constrained.
2.
|
GENERAL APPOINTMENT OF SECURITIZE AS TRANSFER AGENT.
|
Securitize is hereby appointed as the transfer agent for the issuance, transfer and registration of the Securities and to perform such other services related to the Securities as provided in this Agreement. If an Affiliate of Issuer is to issue
the Securities, the Parties and such Affiliate shall enter into a Joinder Agreement to formally appoint Securitize as transfer agent for such Affiliate's Securities and for such Affiliate to assume the obligations of an Issuer hereunder.
3.
|
ISSUANCE OF SECURITIES.
|
Securitize is authorized and directed to facilitate the issuance of Securities of Issuer, including Digital Tokens, from time to time upon receiving from Issuer all of the following:
3.1.
|
Written instructions as to the issuance of the Securities from an authorized officer of Issuer.
|
3
3.2.
|
A certified copy of any order, consent, decree or other governmental authorization existing as of the date of issue of the Securities.
|
3.3. |
An opinion of Issuer's counsel that (i) the Securities are duly authorized, validly issued, fully paid and nonassessable, (ii) the issuance of the Securities has been registered under the Securities Act (as amended), or, if exempt from
registration, the basis of such exemption, and (iii) no order or consent of any governmental or regulatory authority other than that provided to Securitize is required in connection with the issuance of the Securities or, if no such order or
consent is required, a statement to that effect. The opinion should also indicate whether it is necessary that the Securities be subject to transfer restrictions or a statement to the effect that all Securities to be issued are freely
transferable upon presentation to Securitize for that purpose.
|
3.4. |
Such further documents as Securitize may reasonably request.
|
4. |
REGISTRAR; TRANSFER OF SECURITIES.
|
4.1. |
Securitize is authorized and directed to act as the official registrar of the Securities.
|
4.2. |
Securitize is authorized and directed to make transfers of Securities from time to time upon the books of Issuer as maintained by Securitize. Securities, in either certificated or book entry form (or other appropriate form of ownership),
will be transferred or exchanged upon the surrender of the old Securities (or appropriate instructions in the case of noncertificated shares) in form reasonably deemed by Securitize to be properly endorsed for transfer, accompanied by such
documents as Securitize may deem necessary to evidence the authority of the person making the transfer. Securitize reserves the right to refuse to transfer Securities until it has received reasonable assurance that each necessary endorsement
is genuine and effective, that the transfer of the Securities is legally valid and genuine and that the requested transfer is otherwise legally in order. For that purpose, Securitize may require an acceptable guaranty of the signature of the
person signing and appropriate assurance of authority to do so. Securitize may rely upon the Uniform Commercial Code, Applicable Law, and generally accepted industry practice in effecting transfers, or in delaying or refusing to effect
transfers. Securitize may delay or refuse to process any transfer that in its reasonable judgment appears improper or unauthorized. If, on a transfer of a restricted item, Issuer counsel fails to issue an opinion or to provide adequate
reasons therefore within five (5) business days of a request to do so, Securitize is authorized, but not required, to process such transfer upon receipt of an appropriate opinion of presenter's counsel.
|
4.3. |
Securitize shall be fully protected and held harmless in recognizing and acting upon written instructions of an authorized officer of Issuer.
|
4.4. |
When Securitize deems it expedient it may apply to Issuer, or counsel for Issuer, or to its own counsel for instructions and advice; Issuer will promptly furnish or will cause its counsel to furnish such instructions and advice, and, for
any action taken in accordance with such instructions or advice, or in case such instructions and advice shall not be furnished within five (5) business days, Issuer will indemnify and hold harmless Securitize from any and all liability,
including reasonable attorney's fees and court costs.
|
4
4.5. |
Issuer will at all times advise Securitize of any and all stop transfer notices or adverse claims lodged against Securities of Issuer and further, will promptly notify Securitize when any such notices or claims have expired or been
removed. Securitize is not otherwise responsible for stop transfer notices or adverse claims from either Issuer or third parties unless it has received actual written notice.
|
5. |
[RESERVED]
|
6. |
PLATFORM SERVICES
|
Attached hereto as Exhibit A and Exhibit B are the exhibits executed by the Parties contemporaneously with this Agreement and incorporated herein by reference. Each Party will (directly or through its Affiliates or designated
contractors provided however that delegation of any duty or obligation shall not relieve the Party of such duty or obligation) perform its duties and obligations in relation to such exhibits in a timely and professional manner consistent with
industry standards. Issuer understands and agrees that delays or failure of Issuer or its representatives to deliver Issuer Materials in a timely manner will excuse Securitize from related performance requirements under this Agreement but only to the
extent such delay materially caused or contributed to delays or disruption in the performance of Services. Without limiting the generality of the foregoing, Securitize reserves the right to prohibit transactions on the Platform until all Issuer
Materials required by Securitize and requested by Securitize in writing to perform such actions are provided. Unless otherwise specified in an exhibit, each Party is to bear its own costs and expenses of performance.
7. |
RIGHTS
|
7.1. |
Ownership. Subject to the licenses specifically granted to Issuer herein, all right, title and interest in and to Securitize Intellectual Property Rights remain, as between the Parties, in and with
Securitize and/or its suppliers. Subject to the licenses specifically granted to Securitize herein, all right, title and interest in and to Issuer Intellectual Property Rights remain, as between the Parties, in and with Issuer and/or its
Affiliates.
|
7.2. |
Limited License Grant. Securitize shall make available to Issuer the Securitize services that are specified in an Order Form (the "Securitize Services").
During the term of the applicable Order Form, and subject to the terms of this Agreement, Securitize grants to Issuer, and Issuer accepts from Securitize, a non-exclusive, non-transferable limited license, without a right to sublicense, in
the Territory, to access the Platform solely for the purpose of preparing, facilitating and managing an offering and sale or issuance by Issuer of Securities (or such other similar transactions) as described in the applicable Order Form (the
"Company Offering"). In addition, Securitize agrees that it will grant, in accordance with relevant Securitize documentation, to prospective investors solicited by Issuer or its agents who are
interested in purchasing Securities in Issuer's offering ("Authorized Persons" and, together with Authorized Users, "Authorized Participants") the right to access
the Platform in order to utilize the Securitize Services for the benefit of Issuer. If, based on the reasonable determination of Securitize or Issuer, any Authorized Participant is using the Securitize Services in a manner that is prohibited
by Securitize or otherwise inconsistent with the intended use of the Securitize Services (a "Prohibited Use"), in addition to any of its other rights or remedies, Securitize may, without liability to
Issuer, suspend or limit Issuer's or such Authorized Participant's access to the Securitize Services until such prohibited usage is fully remedied. Issuer shall use commercially reasonable efforts to provide Securitize notice of any
Prohibited Use as soon as reasonably practicable after gaining knowledge thereof.
|
5
7.3. |
Restrictions; No Reverse Engineering. Issuer shall not, and shall not knowingly allow any employee, agent, contractor, Affiliate, Authorized Participant, or others to (i) decompile, disassemble, or
otherwise reverse engineer or attempt to reconstruct or discover any source code, underlying ideas, or interoperability interfaces of the Securitize Services by any means whatsoever; (ii) remove any product identification, copyright or other
notices on the Securitize Services; (iii) provide, lease, lend, use for timesharing, service bureau, hosting purposes or otherwise use the Securitize Services to or for the benefit of third parties other than Issuer and its Affiliates; or
(iv) modify, adapt, alter, translate or incorporate into or with other software or create a derivative work of any part of the Securitize Services, except as required for Issuer to integrate any
Securitize Service into the Exodus Wallet.
|
7.4. |
Issuer Smart Contract. Securitize hereby grants to Issuer, and Issuer accepts from Securitize, a royalty free, perpetual, irrevocable, worldwide, non-exclusive, transferable limited license, without
a right to sublicense or create derivative works thereon, in the Territory, to Securitize's Intellectual Property Rights included in, or forming part of, the Issuer Smart Contract, to use and exploit the Issuer Smart Contract as contemplated
by this Agreement. Issuer hereby assumes all prospective obligations, liabilities and duties attendant to the Issuer Smart Contract. The foregoing does not and is not intended to transfer or grant, and shall not otherwise affect in any way,
ownership by Securitize of, or rights of Securitize in, any of Securitize's Intellectual Property Rights or other proprietary rights, assets, content, products and services, and nothing in this Agreement shall be construed as the assignment
or transfer of any ownership rights in any Intellectual Property Rights or other proprietary rights, assets, technology, content, products or services of Securitize and/or its Affiliates, including, without limitation, Securitize's
technology, software, ideas, know-how, or information, except for the limited license granted herein to the specific Issuer Smart Contract. Securitize hereby expressly reserves all of its rights not expressly granted to Issuer under of this
Agreement, and nothing herein shall be construed as granting Issuer any rights in or to the Ethereum blockchain. For the avoidance of doubt, Securitize shall have no obligation to update or maintain the Issuer Smart Contract, or to defend any
third party claim arising or related to the Issuer Smart Contract or any liability arising out of or related to Issuer Smart Contract after the term of the applicable Order Form.
|
7.5. |
Security and Access Policies.
|
7.5.1. Platform Security. Securitize shall use commercially reasonable efforts consistent with industry
standards to protect the physical security and electronic security of the Platform and other systems utilized to provide the Securitize Services, including but not limited to using up-to-date anti-virus, security and firewall technology commonly used
in the industry. Securitize shall perform regularly scheduled data backups of the Issuer Data. Issuer agrees that it will, and shall ensure that its Affiliates and Authorized Participants, will not knowingly take actions that negatively affect the
confidentiality, integrity, and availability of Securitize's systems and information assets.
6
7.5.2. Harmful Code. If either Party becomes aware that an unauthorized party has accessed Issuer Data, or
Confidential Information, or that Harmful Code has infected a relevant network or system of such Party, then it shall notify the other Party as soon as reasonably practical, so the Parties can work together to mitigate any potential adverse
effect and undertake any further steps that may be applicable or required by law. "Harmful Code" means computer instructions whose primary purpose or effect is to disrupt, damage or interfere with use of
any computer or telecommunications facilities, including, without limitation, any automatic restraint, time-bomb, trap-door, virus, worm, Trojan horse, or other harmful code or instrumentality that will cause a system to cease to operate or to
fail to conform to its specifications. Each Party shall take commercially reasonable precautions to avoid, prevent, stop, find and eliminate the spread of all Harmful Code on its hardware systems and networks.
7.5.3. No Export. Issuer will, and will instruct its Affiliates to, not remove or export from the United States or re-export
from anywhere any part of the Securitize Services or any direct product thereof in violation of the export laws of the United States. Further, each Party warrants to the other that neither it, nor any of its Affiliates, is on any applicable
export-related or sanctions-related prohibited party list maintained by the U.S. Government and is not located in or a national or resident of any country subject to a U.S. trade embargo.
7.5.4. Limited Storage and Retrieval of Data. All Issuer Data including third party PII that is received,
stored or otherwise maintained by Securitize and/or its Affiliates for Issuer pursuant to this Agreement shall be maintained in a secure hosting environment that meets or exceeds industry standards.
8. |
FEES AND PAYMENT TERMS
|
8.1. |
Fees. The fees charged by Securitize for the provision of the Services, and any other fees shall be set forth in the applicable Order Form and exhibits to this Agreement.
|
8.2. |
Payment Terms. Fees are due and shall be paid within thirty (30) days of Issuer's receipt of the invoice unless otherwise specified in the Order Form and applicable exhibits (the "Due Date").
Payments from Issuer to Securitize will be made in U.S. dollars. Invoices may be delivered in any manner provided by Section 17 ("Notices"), and in addition may be delivered electronically by
email or facsimile transmission. Issuer shall notify Securitize of any invoice dispute by email or facsimile transmission within five (5) business days of receipt of the invoice and shall pay the undisputed portion of such invoice on or
before the Due Date. The Parties shall work in good faith to resolve any disagreements over disputed amounts as quickly as reasonably possible.
|
8.3. |
Late payments. Any payment due that is not received by the Due Date will accrue interest at a rate of one percent (1%) per month, or the highest rate allowed by Applicable Law, whichever is lower.
For the avoidance of doubt, interest on late payments due is in addition to any remedies allowed by Applicable Law.
|
7
9. |
TAXES
|
Issuer shall be responsible for the payment of any and all taxes applicable to the license and use of the Securitize Services under this Agreement (other than those based upon Securitize's net income) including, without limitation, Issuer's
income, payroll, sales, VAT, use, gross receipts, real estate, personal property or other taxes imposed upon transactions under this Agreement ("Taxes"), and will indemnify and hold harmless Securitize for any
loss or damage (including without limitation any penalties and interest) sustained because of Issuer's failure to pay such taxes. If Securitize has the legal obligation to collect Taxes for which Issuer is responsible under this section, the
appropriate amount shall be invoiced to and paid by Issuer upon notice and documentation (if any, within Securitize's possession) by Securitize to Issuer unless Issuer provides Securitize with a valid tax exemption certificate authorized by the
appropriate taxing authority.
10. |
CONFIDENTIAL INFORMATION
|
10.1. |
Generally. "Confidential Information" shall mean confidential or other non-public proprietary information that is disclosed by either Party to the other under
this Agreement, including without limitation, software code and designs, hardware, product specifications and documentation, financial data, business, marketing and product plans, or technology, and Authorized Participant information (which
includes, without limitation, any of the names, addresses, phone numbers, email addresses, and all other PII relating to Authorized Participants).
|
10.2. |
Obligations of Confidentiality. Each Party agrees that it and its Affiliates will hold in strict confidence and not disclose the Confidential Information of the other Party to any third party and to
use the Confidential Information of the other Party for no purpose other than the purposes expressly permitted by this Agreement. Each Party shall only permit access to the other Party's Confidential Information to those of its or its
Affiliates' employees, contractors and advisors, including the Authorized Participants, having a need to know and who have signed or are bound by confidentiality obligations or agreements containing terms at least as restrictive as those
contained in this Agreement. Each Party shall maintain the confidentiality and prevent accidental or other loss or disclosure of any Confidential Information of the other Party with at least the same degree of care as it uses to protect its
own Confidential Information, but in no event with less than reasonable care.
|
10.3. |
Exclusions from Obligations. A Party's obligations of confidentiality under this Agreement shall not apply to information which (i) is in the public domain without the breach of any agreement or
fiduciary duty or the violation of any law, (ii) was known to the Party prior to the time of disclosure without the breach of any agreement or fiduciary duty or the violation of any law, (iii) is proven by contemporaneous records to be
independently developed by the Party without use of such Confidential Information.
|
10.4. |
Legally Required Disclosure. In the event either Party is required to disclose, pursuant to a judicial order, a requirement of a governmental agency or by operation of law, any Confidential
Information provided to it by the other Party then such Party shall provide the other Party written notice of any such requirement promptly after learning of any such requirement, and take commercially reasonable measures at the other Party's
expense to avoid or limit disclosure under such requirements and to obtain confidential treatment or a protective order and allow the other Party to participate in the proceeding.
|
8
10.5. |
Personally Identifiable Information. The Parties hereby acknowledge that each has a special responsibility under applicable data protection laws to keep personally identifiable information regarding
Authorized Participants ("PII") private and confidential. Securitize acknowledges that in no way shall it gain possession of any ownership or other proprietary rights with respect to Authorized
Participant PII. Securitize agrees that it shall store and process the Authorized Participant PII in strict compliance with the terms of this Agreement and all Applicable Laws governing the use, collection, disclosure and storage of such
information. In relation to the processing of EU Personal Data (each as defined in Exhibit C) in performing the Services, the Parties shall comply with the obligations set out in Exhibit C. Securitize shall only permit access to such data to
those of its employees having a need to know and who have signed confidentiality agreements containing terms at least as restrictive as those contained in this Agreement, and Securitize further agrees that it shall not further disclose such
information to any third party without the prior written consent of Issuer except to its legal counsel or as may be required by law.
|
10.6. |
Storage of Data. All PII that is received, stored or otherwise maintained by Securitize for Issuer pursuant to this Agreement shall be maintained in a secure environment with physical, technical, and
administrative information and data security safeguards that meet or exceed industry standards. Issuer is responsible for transmitting all PII and Issuer Confidential information to Securitize in encrypted or otherwise secure form if it is
transmitted outside the normal operation of the Platform. In the event of a breach or suspected breach of security of any Securitize system, website, database, equipment or storage medium or facility that results or may have resulted in
unauthorized access to any PII or any Issuer Confidential Information by any third party (including any employee, agent or subcontractor of Securitize that is not authorized to access such information) (collectively, a "Security Breach"), Securitize shall (i) notify Issuer within twenty four (24) hours of being informed of such breach of security, (ii) make commercially reasonable efforts to re-secure its systems
immediately and remedy the Security Breach, (iii) cooperate with Issuer, at Securitize's expense, to draft disclosures, press releases and other communication for Issuer to use with its customers, the public or government entities, and (iv)
take any other remedial measures.
|
10.7. |
Injunctive Relief. Each Party recognizes and acknowledges that any use or disclosure of the Confidential Information of the other Party in a manner inconsistent with the provisions of this Agreement
will cause the other Party irreparable damage for which remedies at law may be inadequate. Accordingly, the non-breaching Party shall have the right to seek an immediate injunction in respect of any material breach of these confidentiality
obligations to obtain such relief. Notwithstanding the foregoing, this paragraph shall not in any way limit the remedies in law or equity otherwise available to the non-breaching Party.
|
11. |
FEEDBACK
|
Issuer may, during the Term, provide Securitize with requests, suggestions and other feedback related to Issuer's use of the Platform or Services, including, but not limited to, feedback in support requests. Such information, ideas, concepts, and
feedback provided by Issuer to Securitize concerning the Platform, Services or any other Securitize products or services ("Feedback") may be used by Securitize and/or its Affiliates in any manner and media to
develop and improve the Platform and Services, and Issuer hereby grants to Securitize and Securitize's Affiliates and successors and assigns a transferable, non-exclusive, royalty-free, irrevocable, perpetual, worldwide right and license to reproduce
and use Feedback, in any manner and media, for any lawful purpose.
12.
|
Term and Termination.
|
9
12.
|
Term and Termination.
|
12.1. |
Term. The term of this Agreement commences as of the Effective Date and, unless terminated earlier pursuant any of the Agreement's express provisions, will continue in effect until two (2) years
from such date (the "Term").
|
12.2. |
Termination.
|
12.2.1. Termination for Cause. Either Party may cancel or terminate this Agreement or any Order Form by giving
written notice if the other Party (a) becomes insolvent, unable to pay debts when due, or the subject of bankruptcy proceedings not terminated within thirty (30) days of any filing; or makes a general assignment for the benefit of creditors; or if a
receiver is appointed for substantially all of its property; or (b) breaches or defaults on its undisputed payment obligations, and such breach or default remains uncured after ten(10) business days; or (c) breaches or defaults on other material
obligations under this Agreement and fails to cure the breach or default within sixty (60) days after receipt of written notice. Furthermore, Securitize may terminate this agreement at any time upon written notice if (i) Securitize determines in its
sole and reasonable discretion based on review of the Issuer Due Diligence Information that Issuer is not a suitable counterparty to this Agreement or (ii) it reasonably believes that Issuer intends to use the Platform to violate Applicable Laws, or
if Issuer intends to take other actions that would cause an offering by Issuer conducted pursuant to an Order Form to violate Applicable Laws.
12.2.2. Termination for Convenience. At any time without cause and without causing any breach or incurring any
additional obligation, liability, or penalty, either Party may terminate this Agreement and, except as may otherwise expressly be set forth therein, any Order Form(s), in each case by providing at least ninety (90) days' prior written notice to the
other Party.
12.2.3. Effect of Termination; Data Retention. In addition, unless otherwise expressly provided in this
Agreement or the applicable Order Form, and upon and after the termination or expiration of this Agreement or one or more Order Forms for any or no reason:
(i)
|
subject to the continuing rights, licenses, and obligations of either party under this Agreement, including this Section 12.2.3, or any Order Form, all authorizations and licenses granted hereunder will immediately terminate and the
respective parties shall cease all activities concerning, including in the case of Issuer, all use of, the expired or terminated Services and the Platform, and, in the case of Securitize, the Issuer Data, Issuer Due Diligence Information,
and the Issuer Materials;
|
(ii) |
Issuer shall pay to Securitize all undisputed charges and amounts due and payable to Securitize, if any, for Services actually performed under the terminated or expired Order Form;
|
(iii) |
Securitize shall repay, on a pro rata basis, all fees, expenses, and other amounts paid in advance for any Services that Securitize has not performed as of the effective date of such expiration or termination, as applicable, with respect
to Services required to be performed under the terminated or expired Order Form or Order Forms;
|
10
(iv) |
at Issuer's option and upon its written request, Securitize shall: (A) continue to retain the Issuer Data, or solely such specific databases or other collections or articles of Issuer Data as Issuer may request, as though this Agreement
and all Order Forms were still in force, for a period to be agreed to by the parties in writing, but that in no event shorter than sixty (60) days or longer than one-hundred twenty (120) days after the effective date of such expiration or
termination, as applicable, provided that Issuer pays in full all undisputed Fees due Securitize as of the effective date of such expiration or termination and pays monthly data storage fees to Securitize for its retention of such Issuer Data
pursuant to such reasonable prevailing industry rates as may be agreed to by the parties in writing; and (B) at Issuer's reasonable expense, immediately upon the conclusion of such Issuer Data retention period, taking all steps required or
reasonably requested to make an orderly transition of the Services and to assist Issuer and any of Issuer's designees in migrating such Issuer Data to the such systems as designated by Issuer in both Securitize's data format and a
platform-agnostic format.
|
(v) |
upon Issuer's termination of this Agreement, or any Order Form, for a breach by Securitize pursuant to this Agreement, Issuer shall have the right and option to continue to access and use the Services and Platform under each applicable
Order Form, in whole and in part, for a period not to exceed one-hundred twenty (120) days from the effective date of such termination pursuant to the terms and conditions of this Agreement and each applicable Order Form hereunder and for the
applicable Fees set forth in each such Order Form.
|
12.2.4. Disclaimer and Waiver. NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR COMPENSATION, REIMBURSEMENT OR
DAMAGES ON ACCOUNT OF THE LOSS OF PROSPECTIVE REVENUE, INVESTMENT, PROFITS OR ANTICIPATED SALES OR ON ACCOUNT OF EXPENDITURES, INVESTMENTS, LEASES OR COMMITMENTS IN CONNECTION WITH THE BUSINESS OR GOODWILL OF SECURITIZE OR ISSUER BECAUSE OF
TERMINATION OR EXPIRATION OF THIS AGREEMENT IN ACCORDANCE WITH ITS TERMS.
12.2.5. Survival. The following provisions will survive any expiration or termination of the Agreement:
Sections 1, 7.1, 8, 10, 11, 12, 13, 14, 15 16, 17.
11
13. |
INTELLECTUAL PROPERTY OWNERSHIP.
|
13.1. |
Issuer Intellectual Property.
|
13.1.1. General. Subject to the provisions of Section 11, neither this Agreement
nor any provision herein transfers ownership from Issuer to Securitize of any Issuer Intellectual Property Rights of any kind whatsoever. Without limiting the generality of the foregoing, Issuer shall own and retain ownership of all Issuer
Instructions and other Issuer Materials. Issuer hereby grants (for itself and on behalf of applicable Authorized Participants and Affiliates) to Securitize and Securitize's Affiliates, successors and assigns a (i) transferable, non-exclusive,
royalty-free, irrevocable, perpetual, worldwide right and license, under all Intellectual Property Rights of Issuer in and to Issuer Instructions and Issuer Data, to reproduce, create derivative works based on and otherwise use, in any manner and
media, all Issuer Instructions and Issuer Data, to the extent any such Issuer Instructions and Issuer Data, or any derivative works based thereon, are expressed, implemented or otherwise incorporated in any manner in any Issuer Smart Contract, for
any lawful purpose, and (ii) transferable, non-exclusive, royalty-free, irrevocable, worldwide right and license during the Term, under all Intellectual Property Rights of Issuer in and to Issuer Materials, to reproduce, create derivative works
based on and otherwise use, in any manner and media, all Issuer Materials, for purposes of providing the Securitize Services.
13.1.2. Exodus Wallet. Issuer owns all rights, title, and interest in and to any documentation, materials,
source code, inventions, developments, or works of authorship developed, produced, or authored by Issuer, including, without limitation, all patent rights, copyrights, trademarks, trade secrets, and all other intellectual property rights. Issuer owns
and shall retain all right, title and interest in the Exodus Wallet, and shall own all improvements thereon that are developed in connection with this Agreement. Securitize shall not acquire any rights, title, or interest, express or implied, to the
Exodus Wallet or any other software or service produced by Issuer, nor to any derivative works, modifications, enhancements, improvements, translations or other alterations thereto, and nothing in this Agreement shall be deemed to grant Securitize
any right, title or interest in the Exodus Wallet, nor to any derivative works, modifications, enhancements, improvements, translations or other alterations thereto ("Issuer Exodus Wallet Derivative Works").
To the extent any assignment is necessary to evidence the intent of this section, Securitize agrees to assign to Issuer, as applicable, all of its right, title and interest in and to such Issuer Exodus Wallet Derivative Works, and any part thereof,
and in and to all copyrights, patents, and other proprietary rights Securitize may have in such Issuer Derivative Works.
13.2. |
Securitize Intellectual Property. Subject to Issuer's rights in all Feedback and Issuer Materials, all Securitize Intellectual Property Rights, unless otherwise indicated, are protected by Applicable
Laws including, but not limited to, copyright, trade secret, and trademark laws, as well as other state, national, and international laws and regulations. Except as expressly provided herein, Securitize does not grant any express or implied
right to Authorized Participants under any patent(s), copyright(s), trademark(s), or trade secret information or other Intellectual Property Rights. Accordingly, unauthorized use of any material contained on the Platform may violate copyright
laws, trademark laws, trade secret laws, the laws of privacy and publicity, and other regulations and statutes.
|
12
14. |
INDEMNIFICATION
|
14.1. |
Reliance on Issuer. Securitize may conclusively rely and act or refuse to act without further investigation upon any list, instruction, certification, authorization, stock certificate or other
communication, including electronic communication, instrument or paper believed by it in good faith to be genuine and unaltered, and to have been signed, countersigned or executed by any duly authorized person or persons, or upon the
instruction of any officer of Issuer, the Authorized Participants or the advice of counsel for Issuer, or counsel for Securitize. Securitize may make any transfer or registration of ownership for such Securities which is believed by it in
good faith to have been duly authorized or may refuse to make any such transfer or registration if in good faith Securitize deems such refusal necessary in order to avoid any liability upon either Issuer or itself. Issuer agrees that it
shall, and shall instruct its Authorized Participants to, not knowingly give Securitize direction to take any action or refrain from taking any action, if implementing such direction would be a violation of applicable law or regulation.
Issuer agrees that it shall, and shall instruct its Authorized Participants to, not direct Securitize to act in connection with the Securities if such action is subject to any restriction or prohibition on transfer to or from a securities
intermediary in its capacity as such, and Securitize shall be protected in refusing to effect any such transfer. Securitize may conclusively and in good faith rely and act, or refuse to act, upon the records and information provided to it by
or on behalf of Issuer and its prior transfer agent or recordkeeper without independent review and shall have no responsibility or liability for the accuracy or inaccuracy of such records and information.
|
14.2. |
Indemnification by Securitize. Securitize shall defend, indemnify and hold Issuer and Issuer's Affiliates, and its and their officers, directors, managers, shareholders, members, employees, agents,
representatives and successors and assigns ("Issuer Indemnitees") harmless from and against any loss, liability, damage or expense (including, without limitation, reasonable attorney's fees arising out
of third party claims (collectively, "Losses") to which Issuer Indemnitees may become subject (a) arising out of or related to the Services, (b) arising out of or related to Securitize's breach of the
representations and warranties in Section 15.2, or (c) based upon the existence of this Agreement, except those arising out of or otherwise related to (i) the willful misconduct, bad faith or gross negligence of Issuer or its Affiliates; (ii)
any failure of Issuer or any Issuer Affiliate to comply with any applicable law, which, for the avoidance of doubt, includes any Applicable Laws; (iii) any material breach by Issuer of its obligations herein; ; or (iv) Claims that any Issuer
Data or other materials provided by Issuer to be included or hosted by Securitize infringe the Intellectual Property Rights or other rights of any third party.
|
14.3. |
Indemnification by Issuer. Issuer shall defend, indemnify, and hold Securitize and Securitize's Affiliates, and its and their officers, directors, managers, shareholders, members, employees,
representatives and successors and assigns ("Securitize Indemnitees") harmless from and against any Losses to which Securitize Indemnitees may become subject based upon the offering of Securities and
any action or inaction related thereto, except those arising out of or otherwise related to: (i) the willful misconduct, bad faith or gross negligence of the Securitize Indemnitees, (ii) any failure of any of the Securitize Indemnitees to
comply with applicable law, which, for the avoidance of doubt, includes any Applicable Laws; (iii) any material breach by any of the Securitize Indemnitees of their obligations herein, , including but not limited to, any breach of any of the
Securitize Indemnitees obligations under Sections 7.5 and 10 of this Agreement, or (iv) Claims that any of the Services or the Platform infringe, violate or misappropriate the intellectual property rights of any third party.
|
14.4. |
Procedure. As an express condition to the indemnifying Party's obligation under this Section 10, the Party seeking indemnification must: (a) promptly notify the indemnifying Party in writing
of the applicable Claim for which indemnification is sought; (b) tender control of the defense to the indemnifying Party; and (c) provide the indemnifying Party with non-financial assistance, information, and authority reasonably required for
the defense and settlement of such Claim. The indemnified Party may select its own counsel and participate in the defense of a Claim if it chooses to do so, but at its own expense. The indemnifying Party may settle any Claim, to the extent it
seeks a money payment, with or without the consent of the indemnified Party providing the settlement is a full and complete settlement of all Claims against the indemnified Party and the indemnifying Party satisfies
the settlement payment obligation. The indemnifying Party must obtain the indemnified Party's prior written consent to any settlement to the extent it consents to injunctive relief or requires any admission of fault or any public
statement or contains contract terms governing future activities that would materially affect the indemnified Party's business or interests, said consent not to be unreasonably withheld, conditioned, or delayed.
|
13
15. |
REPRESENTATIONS AND WARRANTIES
|
15.1. |
Authorization and Enforceability. Each Party represents and warrants to the other Party that (a) it is duly organized, incorporated or established (as the case may be), and validly existing under
the laws of its jurisdiction of organization, incorporation or establishment (as the case may be); (b) it has the legal power and authority to execute and deliver this Agreement; (c) the execution, delivery and performance of this Agreement
by it have been duly authorized by all necessary actions and do not violate its organizational documents or any other material agreements to which it is a Party; and (d) this Agreement constitutes a legally valid and binding obligation of it
enforceable against it in accordance with its terms, except as such enforcement may be limited by applicable law.
|
15.2. |
Securitize Representations and Warranties. Securitize represents, warrants and agrees that (a) it has secured all licenses, registrations and other credentials necessary to provide the Services and
it will maintain all such licenses, registrations and other credentials through the term of this Agreement (b) it will perform the Services in compliance with all Applicable Laws, (c) it shall provide the Services in a professional and
workmanlike manner, (d) the Services and the Platform do not knowingly infringe, violate or misappropriate the intellectual property rights of any third party, (e) Securitize has the full right to provide Issuer with the Services as provided
for herein, and (f) Securitize possesses and maintains physical security and electronic security measures for the Services and the Platform that meet or exceed industry standards
|
15.3. |
Issuer Representations and Warranties. Issuer represents, warrants and agrees that (a) its use of the Services and Platform by Authorized Participants complies and will comply with all Applicable
Laws, and all applicable anti-bribery, anti-money laundering, customer due diligence, know your clients, and anti-terrorist laws and regulations, (B) it shall make any and all registrations, filings and pay any and all fees required by
Applicable Laws in connection with any Issuer Offering or the secondary trading of the Securities, (C) any Securities issued and outstanding on the date hereof have been duly authorized, validly issued and are fully paid and are
non-assessable; and any Securities to be issued hereafter, when issued, shall have been duly authorized, validly issued and fully paid and will be non- assessable, (d) any Securities issued and outstanding on the date hereof have been duly
registered under the Securities Act, and such registration has become effective, or are exempt from such registration; and shall have been duly registered under the Exchange Act, or are exempt from such registration, (e) any Securities to be
issued hereafter, when issued, shall have been duly registered under the Securities Act, and such registration shall have become effective, or shall be exempt from such registration; and shall have been duly registered under the Exchange Act,
or shall be exempt from such registration, and (f) Issuer has paid or caused to be paid all taxes, if any, that were payable upon or in respect of the original issuance of the Securities issued and outstanding on the date hereof.
|
14
15.4. |
Disclaimer. EXCEPT AS OTHERWISE EXPRESSLY PROVIDED HEREIN, SECURITIZE AND ITS SUPPLIERS EXPRESSLY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION, ANY
IMPLIED WARRANTIES OF NONINFRINGEMENT, TITLE, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SECURITIZE MATERIALS ARE PROVIDED "AS IS". . NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY
SECURITIZE OR ITS AFFILIATES, EMPLOYEES OR AGENTS WILL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF ANY WARRANTY PROVIDED HEREIN.
|
16. |
LIMITATION OF LIABILITY
|
16.1. |
EXCEPT FOR LIMITED INDEMNIFICATION OBLIGATIONS AS EXPRESSLY PROVIDED FOR IN SECTION 14, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY OR ITS SUPPLIERS BE LIABLE TO THE OTHER PARTY, OR ANY OTHER
PERSON OR ENTITY, FOR ANY INDIRECT, INCIDENTAL, COVER, SPECIAL, STATUTORY, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OR ANY FINES OR PENALTIES, OR ANY LOSS OF OR HARM TO PROFITS, ASSETS, OPPORTUNITIES, OR DATA WHATSOEVER, ARISING FROM OR
RELATED TO THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF SUCH DAMAGES ARE FORESEEABLE AND A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ADDITION, SECURITIZE AND ITS AFFILIATES MAY CONSULT WITH
COUNSEL AND ACCOUNTANTS IN RESPECT OF SECURITIZE'S AFFAIRS, INCLUDING, WITHOUT LIMITATION, WITH RESPECT TO APPLICABLE LAWS, AND BE FULLY PROTECTED AND JUSTIFIED IN ANY ACTION OR INACTION WHICH IS TAKEN IN GOOD FAITH AND IN ACCORDANCE WITH THE
INFORMATION, REPORTS, STATEMENTS, ADVICE OR OPINION PROVIDED BY SUCH PERSONS, PROVIDED THAT THEY WERE SELECTED WITH REASONABLE CARE AND THE MATTER CONSULTED ON IS REASONABLY BELIEVED BY SECURITIZE AND ITS AFFILIATES TO BE WITHIN SUCH PERSONS'
PROFESSIONAL OR EXPERT COMPETENCE.
|
16.2. |
EXCLUDING CLAIMS FOR FEES DUE PURSUANT TO SECTION 8.1 OF THIS AGREEMENT, AND INFRINGEMENT OF THE OTHER PARTY'S, OR A THIRD PARTY'S, INTELLECTUAL PROPERTY RIGHTS, OR A PARTY'S INDEMNIFICATION OBLIGATIONS PURSUANT TO SECTION 14,
IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANY OTHER PERSON OR ENTITY WHETHER UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR ANY OTHER LEGAL OR EQUITABLE THEORY FOR ANY AMOUNTS IN EXCESS OF THE TOTAL
AMOUNTS PAID OR PAYABLE BY ISSUER TO SECURITIZE UNDER THIS AGREEMENT DURING THE PREVIOUS TWELVE (12) MONTHS.
|
16.3. |
Allocation of Risk and Material Term. THE PROVISIONS OF THIS SECTION 16 ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN THE PARTIES AND ARE AN INTRINSIC PART OF THE BARGAIN BETWEEN THE
PARTIES. THE FEES PROVIDED FOR IN THIS AGREEMENT REFLECT THIS ALLOCATION OF RISKS AND THE LIMITATION OF LIABILITY AND SUCH LIMITATION WILL APPLY NOTWITHSTANDING A FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY AND TO THE FULLEST EXTENT
PERMITTED BY LAW.
|
15
17. |
GENERAL PROVISIONS
|
17.1. |
Notices. All notices, demands, requests or other communications given under this Agreement shall be in writing and be given by personal delivery, certified mail, return receipt requested, or
nationally recognized overnight courier service to the address set forth in the Order Form, or by electronic delivery to email or facsimile numbers as set forth in the Order Form, or to such address or email or facsimile numbers which have
been subsequently designated by a Party by a notice made under this paragraph.
|
17.2. |
Publicity. Either Party may disclose the existence of this Agreement including, without limitation, disclosure deemed reasonably necessary to comply with applicable law. Each Party will obtain the
other Party's prior written consent prior to any press release that references such Party or this Agreement, said consent not to be unreasonably withheld, conditioned, or delayed. Notwithstanding the foregoing, the other terms and conditions
of this Agreement remain the Confidential Information of both Parties.
|
17.3. |
Independent Contractor Status; No Fiduciary Duties. It is expressly agreed and understood that Securitize (and any officer, director, employee, Affiliate, agent or other representative of Securitize)
is at all times acting as an independent contractor to Issuer, and is neither an employee, nor agent of or on behalf of, Issuer. Each Party specifically disclaims and waives the formation of any fiduciary relationship between them under or in
relation to this Agreement and the Services. Issuer acknowledges and agrees that (i) Securitize is not a registered investment advisor nor a broker-dealer, (ii) Securitize is not providing any legal, tax, investment or marketing advice, (iii)
no Authorized Person or any other person was or will be solicited by Securitize or will be referred by Securitize to any third party, (iv) Securitize has no role in effectuating or otherwise executing the sale or issuance of any Securities
for Issuer and does not communicate with any Authorized Person or any other person regarding the suitability of an investment in Securities and (v) Securitize is not involved in the drafting or review of white papers or offering memoranda and
in no event shall Securitize be liable to Issuer, to any Authorized Person or any other person for any losses arising out of any statements or omissions therein.
|
17.4. |
No Waiver or Modification. This Agreement may not be amended, modified or terminated orally, and no amendment, modification, or attempted waiver of any of the provisions hereof shall be binding
unless in writing and executed by authorized representatives of both Parties.
|
17.5. |
Severability. Should any provision hereof be deemed, for any reason whatsoever, to be invalid or inoperative, such provision shall be deemed severable and shall not affect the force and validity of
other provisions of this Agreement.
|
16
17.6.
|
Governing Law and Dispute Resolution by Arbitration. This Agreement shall be interpreted in accordance with the laws of the State of Delaware , (excluding conflict of laws rules) as applied to
agreements entered into and to be performed entirely within the State of Delaware between Delaware residents, without giving effect to any conflict of law principles that would require the application of the laws of a different
jurisdiction. The U.N. Convention on Contracts for the International Sale of Goods shall not apply to this Agreement. Any controversy or claim arising out of or relating to this contract, or the breach thereof, shall be determined by
arbitration administered by the American Arbitration Association/International Centre for Dispute Resolution (xxx.xxx.xxx) in accordance with its Commercial Arbitration Rules (or
International Arbitration Rules if applicable); the number of arbitrators shall be three, the place of arbitration shall be San Francisco, California, and the language of the arbitration shall be English. Each Party acknowledges that any
actual or threatened breach of Section 10 may cause the other Party irreparable harm for which money damages may not be an adequate remedy, and that injunctive relief may be an appropriate remedy for such breach in arbitration and
in any court of competent jurisdiction.
|
17.7. |
Attorney's Fees. In any action or proceeding to enforce rights or obligations under this Agreement, the substantially prevailing Party shall be entitled to recover in addition to any other costs or
damages awarded, all reasonable costs, including, but not limited to expert witness' fees and attorneys' fees, as determined by a court of competent jurisdiction in a final non-appealable judgment.
|
17.8. |
Force Majeure. No failure, delay or default in performance of any obligation of either Securitize or Issuer, including without limitation, with respect to the Services or Platform, shall constitute
an event of default or breach of this Agreement to the extent that such failure to perform, delay or default arises out of a cause, existing or future, that is beyond the control and without negligence of such Party, including, without
limitation, action or inaction of governmental, civil or military authority, change in law, fire, strike, lockout or other labor dispute, flood, terrorist act, war, or riot, theft earthquake and other natural disaster (a "Force Majeure
Event"). In addition, no failure, delay or default in performance of Securitize, including without limitation, with respect to the Services or Platform, shall constitute an event of default or breach of this Agreement to the extent that such
failure to perform, delay or default arises out of a cause, existing or future, that is beyond the control and without negligence of Securitize, including, without limitation errors of implementation (e.g., "bugs" and classic coding errors),
errors of design, and errors resulting from unexpected interaction of various code modules or systems, failures of such systems or equipment, interruptions in access to or the operations of such systems or equipment; loss of functionality of
such systems or equipment; degradation or corruption of such systems or equipment; compromises in the security or integrity of such systems or equipment; loss of power to such systems or equipment; and other situations that adversely affect
such systems or equipment, however caused or occurring. The Party affected by such cause shall (i) provide prompt notice to the other party, stating the period of time the occurrence is expected to continue, and (ii) use diligent efforts to
end the failure or delay and minimize the effects of such Force Majeure Event. Notwithstanding the foregoing or any other provisions of this Agreement, in no event shall any shutdown, disruption, or malfunction of the Services or Platform or
any of the telecommunication or internet services of a party, other than as a result of general and widespread internet or telecommunications failures that are not limited to the Services and Platform, be considered a Force Majeure Event.
|
17
17.9. |
Assignment. Either Party may assign this Agreement in connection with the sale of all, or substantially all, of its business (whether by merger, consolidation, transfer of control, sale of assets,
operation of law or otherwise) upon not less than thirty (30) days written notice of such proposed sale and assignment to the other Party, provided that any proposed assignee assumes all rights and obligations of the assigning Party under the
Agreement and is ready, willing and able to do so. Furthermore, either Party may assign this Agreement, with thirty (30) days written notice to the other Party, to any of its subsidiaries or affiliates. Any other attempt to assign this
Agreement without prior written consent shall be null and void; provided that Securitize may perform any of the Services, and share fees received from Issuer with, subcontractors at its sole discretion, provided that such use of
subcontractors shall not relieve Securitize of any of its obligations pursuant to this Agreement.
|
17.10. |
Counterparts. This Agreement may be executed in counterparts, each of which is deemed to be an original and all of which together constitute one and the same agreement. Each Party may sign this
Agreement using an electronic or handwritten signature, which are of equal effect, whether on original or electronic copies. Each copy of this Agreement bearing the facsimile transmitted signature of the authorized representatives of each of
the Parties shall be deemed to be an original.
|
17.11. |
Entire Agreement. The provisions herein constitute the entire agreement between the Parties and supersede all prior agreements, oral or written, and all other communications between the Parties,
including any and all supplier or distribution agreements and purchase orders. No term or condition contained in any document provided by one party to the other Party pursuant to this Agreement shall be deemed to amend, modify, or supersede
or take precedence over the terms and conditions contained herein; provided, however, that to the extent the terms and conditions of an exhibit under this Agreement may conflict, the exhibit shall control as to its subject matter.
|
[Signatures on next page]
18
IN WITNESS WHEREOF, the Parties acknowledge that each has fully read and understood this Agreement, and intending to be legally bound thereby, executed this Agreement on the date set forth below.
SECURITIZE LLC
|
EXODUS MOVEMENT,INC. | ||
By:
|
/s/ Xxxxx Xxxx |
By:
|
/s/ Xxx Xxxx Xxxxxxxxxx |
Name:
|
Xxxxx Xxxx
|
Name:
|
Xxx Xxxx Xxxxxxxxxx
|
|
Title:
|
Co-Founder/President
|
Title:
|
Chief Executive Officer
|
|
Date:
|
December 24, 2020
|
Date:
|
December 24, 2020
|
|
19
This Order Form is entered in entered into as of D e c . 2 3 , 2020 ("Order Form Effective Date") in accordance with the terms of the PLATFORM SERVICES, TRANSFER AGENT AND
REGISTRAR AGREEMENT, dated D e c . 2 3 (the "Agreement"), entered into by and between Securitize LLC, a Delaware limited liability company ("Securitize"), and Exodus Movement, Inc., a Delaware corporation ("Issuer"). Any capitalized terms below not defined in the Order
Form shall have the meanings set forth in the Agreement.
1.
|
DESCRIPTION OF ISSUER OFFERING
|
•
|
Class A Common Stock
|
2.
|
FEES
|
Service
|
Description
|
Fee
|
Due Date
|
||||
Customer Onboarding/Investor Relations Portal available within the Exodus Wallet
|
Part I: Issuer Management Dashboard
Dashboard for issuer to manage investors, issuances, cap tables, admin and transfer agent functions. (note: this is non-investor facing)
|
$30,000 (40% Discount)
|
Due and payable on the Order Form Effective Date.
|
||||
Part II: Investor On-boarding
|
|||||||
Securitize APIs for individual investors to access issuer data to accredited investors, non- accredited investors, and international investors in the United States and 50+ countries along with the requirements for Reg A offerings.
|
|||||||
Integration of applicable Securitize APIs into the Exodus Wallet, so that (i) investor onboarding can occur by clicking a link in the Exodus Wallet, which will send the investor to a Securitize website to open an account with Securitize
and
(ii) after completing the onboarding process, the investor will click on a link back to the Exodus Wallet to complete the process of purchasing shares of stock through applicable Securitize APIs.
|
20
Service
|
Description
|
Fee
|
Due Date
|
||||
Issuance of Securities
|
Issuance of shares of Class A common stock to investors, which will be reflected by the generation of Digital Tokens
|
$ 10,000
|
Due and payable prior to any issuance.
|
||||
Support
|
Dedicated developer to support integration into the Exodus Wallet, updates, manage feedback, site hosting and maintenance.
|
$2,000/month
|
Invoices to be sent by the 5th of the month following services
|
||||
Transfer Agent Services
|
Cap Table Management, Lost and Stolen Securities and Dividend Distribution Management
|
0 - 500 Investors: $750/mo
50 - 000 Investors: $ ,000/mo
00 - 2000 Investors:
$ ,250/mo 200 + Investors: $ ,500/mo
|
Invoices to be sent by the 5th of the month following services; quantity determined based on the count at the end of the month of services. Invoices are
due upon receipt.
|
||||
KYC/AML
|
Know-Your-Customer (KYC) and Anti-Money Laundering checks during onboarding of investors
|
$500 Annually for Individuals (paid upfront)
$50/entity
|
Invoices to be sent by the 5th of the month following services; quantity determined based on the count at the end of the month of services. Invoices are
due upon receipt.
|
||||
Yearly Tax Form Generation
|
Preparation of yearly 099 forms for investors.
|
$7.00/year/investor
|
Due and payable on December 5th of each calendar year.
|
||||
Distribution Payouts
|
Distribution of payouts to investors
|
TBD - fees deducted from investor payment
|
Due and payable at time of distribution.
|
||||
Secondary Market Integration Support
|
Tech integration with secondary marketplaces to manage ongoing compliance around trading and data management
|
$250/month/marketplace
|
Invoices to be sent by the 5th of the month following services; quantity determined based on the count
at the end of the month of services. Invoices are due upon receipt.
|
21
Any work or customization requests by Issuer not explicitly described herein shall be subject to additional negotiation and fees. Issuer shall be billed for such fees that are
mutually agreed in writing and, denoted in a supplemental Order Form, prior to beginning work on such requests.
Securitize will issue invoices for fees on the applicable Due Date referenced above. Invoices may be sent electronically and delivered to Issuer at:
Issuer:
|
|||
ADDRESS:
|
00000 Xxxx Xxxxxx, Xx. 000
|
||
PHONE:
|
x0 (000) 000-0000
|
||
ATTENTION:
|
Accounting
|
||
EMAIL:
|
xxxxxxxxxx@xxxxxx.xx
|
3.
|
ORDER FORM TERM AND RENEWAL.
|
This Order Form shall be effective on the Order Form Effective Date and shall terminate two (2) years from the Order Form Effective Date (the "Initial Term") unless early terminated pursuant to the terms of the Agreement.
4.
|
INTEGRATION OF APPLICABLE SECURITIZE API INTO EXODUS WALLET.
|
During the Term of this Agreement, Securitize shall (i) promptly respond to any reasonable inquiries from Issuer with respect to the integration of the applicable Securitize APIs into the Exodus Wallet and (ii) provide Issuer with all of the
software APIs and supporting information and documentation that Issuer reasonably requires to integrate the Securitize API into the Exodus Wallet. Securitize shall provide a direct support channel to Issuer, to assist with any issues in relation to
the Securitize API and its integration. In integrating the Securitize API into the Exodus Wallet, Issuer shall comply with all applicable statutes and regulations, including, but not limited to, any applicable regulations of, or published guidance
from OFAC or any other applicable regulatory authority.
Subject to the other terms and conditions of this Agreement, Securitize grants to Issuer, during the Term of this Agreement, a limited, royalty-free, paid-up, worldwide, non-exclusive, and non-transferable right and license to (i) execute and
use Securitize API in the Exodus Wallet, (ii) use Securitize's copyrighted work embodied in the Securitize Platform for the sole purpose of Issuer executing its duties under this Agreement, and (iii) use Securitize's trademark (both word xxxx and
logo) in the Exodus Wallet software application and xxxxxx.xx website.
Subject to the other terms and conditions of this Agreement, Issuer grants to Securitize, during the Term of this Agreement, a limited, royalty-free, paid-up, worldwide, non-exclusive, and non-transferable right and license to use Issuer's
trademark (both word xxxx and logo) in the Securitize Platform for the sole purpose of Securitize executing its duties under this Agreement.
22
Securitize and Issuer agree that the integration of the Securitize API into the Exodus Wallet shall be implemented so that (i) investor onboarding can occur by clicking a link in the Exodus Wallet, which will send the investor to the website of
Securitize to open an account with Securitize; (ii) after completing the onboarding process, the investor will click on a link back to the Exodus Wallet to complete the process of purchasing shares of stock through applicable Securitize APIs; (iii)
in the Exodus Wallet, the Securitize app (or user interface component) would have an access token that will permit an investor to have continued access to the same session in the Securitize account for 365 days after the initial date of login.
(Note: As long as the investor does not invalidate their session in some way, i.e., requiring this for security reasons or because they request a password change on Securitize iD); and (iv) Past the initial session creation, the actions related
with the initial gathering of investor information for KYC purposes, as well as the rest of the investment process will be effected from within the Exodus Wallet, communicating the information to Securitize through applicable Securitize APIs. This
is notwithstanding Securitize needing to reach the investor in case some clarification needs to be provided on their information for the integrity of the KYC process.
[Signatures on next page]
23
IN WITNESS WHEREOF, the Parties acknowledge that each has fully read and understood this Order Form, and intending to be legally bound thereby, executed this Agreement on the date set forth below.
SECURITIZE LLC
|
EXODUS MOVEMENT,INC. | ||
By:
|
/s/ Xxxxx X Xxxx
|
By:
|
/s/ Xxx Xxxx Xxxxxxxxxx |
Name:
|
Xxxxx X Xxxx
|
Name:
|
Xxx Xxxx Xxxxxxxxxx
|
|
Title:
|
Co-Founder / President
|
Title:
|
Chief Executive Officer
|
|
Date:
|
December 24, 2020
|
Date:
|
December 24, 2020
|
|
24
EXHIBIT B ("SERVICE LEVELS AND SUPPORT")
Subject to the terms and conditions of the Agreement, Securitize and/or its Affiliates will make the Platform and the Securitize Services available to Issuer subject to the following service level requirements and limitations commencing upon the
Effective Date:
1.
|
AVAILABILITY/UPTIME FOR THE SECURITIZE ENVIRONMENT
|
1.1.
|
Securitize Environment. The "Securitize Environment" consists of the servers, storage and networking hardware, operating systems, database management
systems and operating systems, as well as computers owned or used by Securitize and those of its agents, that are used in or required to be provided by Securitize to provide the Platform services to Issuer.
|
1.2.
|
Issuer Environment. The "Issuer Environment" consists of Issuer's or third party servers, storage and networking hardware, operating systems, Internet
connectivity, database management systems and operating platforms and all application software, as well as computers owned by Issuer and those of its agents and Affiliates, that are required to be provided by Issuer in relation to its
authorized use of the Platform under the Agreement.
|
1.3.
|
SLA. The following is the Service Level Agreement ("SLA") for the Platform:
|
1.3.1.
|
Scheduled Maintenance. Periodic maintenance on the servers and system elements that support the Securitize Environment, for purposes of system upgrades, maintenance, and backup procedures ("Scheduled Maintenance") will be scheduled by Securitize. Primary hours of Securitize service level standard support operations are 24x7, less Scheduled Maintenance. Scheduled Maintenance up to two (2)
days per month, between the hours of 11:00 p.m. and 3:00 a.m., Pacific Time, or on some other schedule as determined by Securitize. If emergency maintenance is needed to fix critical security vulnerabilities, Securitize will notify Issuer
as soon as possible. Issuer acknowledges that it may be necessary for Securitize to begin work and/or apply fixes prior to notification of Issuer. Notification of Scheduled Maintenance will be sent via email at least 7 days in advance.
Notification of emergency maintenance will both be called into Issuer at and sent via email to the email address identified in the Order Form as soon as is technically feasible.
|
1.3.2.
|
"Business Hours" means 24 hours a day, 7 days a week in each year of the Term, less the times of Scheduled Maintenance up to two (2) days per month, between the hours of 11:00 p.m. and 3:00 a.m.,
Pacific Time (or on some other schedule as determined by Securitize), with Securitize providing written notice to Issuer via email to the email address identified in the Order Form at least 1 day in advance.
|
1.3.3.
|
Unscheduled Maintenance. The application of ad hoc updates to the Platform ("Updates") will be scheduled by Securitize in the event it is necessary for
such Updates to occur outside of the Scheduled Maintenance times ("Unscheduled Maintenance"). Notification of Unscheduled Maintenance will be sent via email to the email address identified in the
Order Form at least 1 day in advance.
|
25
1.3.4.
|
Securitize Environment Service Level. In addition to Scheduled Maintenance and Unscheduled Maintenance, there may be events that from time to time will make the Securitize Environment not
Available (as defined below) for a limited amount of time due to unforeseen software, hardware, network, power and/or Internet outages ("Unscheduled Downtime"). Notwithstanding anything herein to
the contrary, Securitize shall have no liability for any failure to meet the Environment Performance Requirement set forth herein in the event that: (a) such failure is caused by independent, external circumstances that are not within the
reasonable control of Securitize; (b) the outage condition is not directly caused by the Securitize Environment (e.g., outages caused by plant issues, operational or maintenance errors in Issuer Environment); or (c) the failure by Issuer
to implement any fixes, patches or other workarounds recommended by Securitize to Issuer to the extent the implementation of such fixes, patches or other workarounds are technically feasible and commercially practical.
|
1.3.5.
|
Environment Performance Requirement. Securitize and/or its Affiliates will operate the Securitize Environment, as set forth below, to be Available and functioning within the relevant SLA defined
herein, measured on a monthly basis (the "Environment Performance Requirement"). For the purposes of this SLA Addendum, "Available" means that the Securitize
Environment is accessible based on SLA measurement techniques for ninety-nine and five tenths percent (99.5%) of the time 24 hours a day, seven days per week, excluding Scheduled Maintenance or any loss or interruption of services
resulting from actions or inactions of Issuer, or their respective equipment or service providers. Actual availability percentage will be calculated with the following formula:
|
1.
|
100% minus [((X) Total Unscheduled Downtime and Unscheduled Maintenance minutes in a month; divided by (Y) total minutes in said month); multiplied by (Z) 100%] = availability percentage
|
2.
|
Uptime measurements are on fifteen minute intervals, utilizing Keynote UP5 measurements or another equivalent, technically feasible and commercially- reasonable measurement technique.
|
2.
|
SUPPORT SERVICES
|
2.1.
|
Support Service Issues. Support service issues are grouped into the following three levels, in each case pertaining to issues that are caused by and in the sole control of Securitize, and
excluding, for example, problems caused by Issuer or the Issuer Environment.
|
Service Level
|
Definition
|
||
P1
|
Severe problems with Platform resulting
in complete work stoppage for a large number of
users. No alternatives or work-around identified and
work cannot continue.
|
||
P2
|
Critical issue which interferes with investors
accessing the Platform or making an investment
using the standard flow.
|
||
P3
|
Issue which interferes with a minor function of
Platform but an acceptable work-around is in
place.
|
26
2.2.
|
Target Response Times. Securitize and/or its Affiliates will notify and respond to Issuer regarding a reported issue as soon as an issue is noted within the response times below:
|
Service Level
|
Target Response Times
|
||
P1
|
2 Business Hours
|
||
P2
|
4 Business Hours
|
||
P3
|
Within 7 days
|
2.2.1.
|
Updates. Securitize and/or its Affiliates shall provide an update by email to a mutually agreed upon distribution list each hour in the case of P1 problems and every 4 hours in the case of P2
problems.
|
2.2.2.
|
Online Technical Support System. Issuer shall have direct access 24 hours per day, 7 days per week, 365 days per year, to Securitize or its Affiliates' online technical support system to report
any service issues. In the event of a failure in the case of P1, or in the case of P2 a multiple failure, on the part of Securitize to achieve target response times, Securitize will promptly apply additional technical resources to the
problems, including without limitation, Securitize's technical resources most knowledgeable about the problems. This addition of resource shall continue until all relevant technical resources have been applied and/or the relevant problem
has been resolved. In such cases and at Issuer's request, Securitize shall promptly supply Issuer with a list of all technical resources working to resolve the problem.
|
3.
|
ISSUER OBLIGATIONS
|
3.1.
|
General; Compliance with Procedures. Issuer shall at all times comply with Securitize's policies, procedures and controls, as relevant, that Securitize has provided to Issuer in writing prior to
the Effective Date.
|
3.2.
|
Issuance Size Notification. Issuer shall at all times provide true and accurate information to Securitize concerning Issuer's authorized and outstanding securities. Issuer must notify Securitize
of any changes to the number of authorized and outstanding securities in writing at xxxxxxxxxx@xxxxxxxxxx.xx, or any other email address selected by
Securitize, promptly after any change is made. Securitize shall have the right to restrict any follow on, secondary, or any increases of Issuer's outstanding Class A Common Stock in the event that Issuer has failed to make adequate
disclosure to investors or similar regulatory compliance issues.
|
3.3.
|
Control Affiliate Certification. Prior to the commencement of any issuance, Issuer shall provide a true and accurate list of all "affiliates" for purposes of Rule 144 of the Securities Act of
1933, as amended. Issuer shall provide Securitize with a quarterly update certificate, to be delivered within five (5) days of the end of each fiscal quarter, specifying whether there have been any changes to their previously provided
affiliate list. Additionally, on an ongoing basis, Issuer shall promptly notify Securitize in writing when any new persons or entities attain affiliate status during a fiscal quarter.
|
27
EXHIBIT C: DATA PROTECTION (EU DATA SUBJECTS)
1.
|
Definitions
|
In this Exhibit C, the following terms shall have the meanings set out below. Capitalized terms used in this Exhibit C but not defined shall have the meaning set out in the Agreement.
"EU Data Subject" means an identified or identifiable natural person who is domiciled in the European Union, Switzerland, and the United Kingdom.
"Data Subject Request" means a request made by an EU Data Subject to exercise any rights of data subjects under applicable EU Data Protection Laws.
"Delete" means the removal or obliteration of EU Personal Data such that it cannot be recovered or reconstructed.
"EU Data Protection Laws" means any applicable law regarding the processing, privacy and use of EU Personal Data including any laws and regulations of the
European Union, the European Economic Area and their member states, Switzerland, and the United Kingdom including the GDPR and the UK Data Protection Xxx 0000.
"EU Personal Data" means any personal data of an EU Data Subject as processed by Securitize or any Sub-Processor on behalf of Issuer, pursuant to or in
connection with the Agreement.
"GDPR" means the EU General Data Protection Regulation 2016/679.
"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access
to, EU Personal Data transmitted, stored or otherwise processed.
"Standard Contractual Clauses" means the Standard Contractual Clauses (processors) set out in Decision 2010/87/EC and included in Annex 4 to this Exhibit C.
"Sub-Processor" means any person (including a third party) appointed by or on behalf Securitize to process EU Personal Data on behalf of Issuer in connection
with the Services.
"Supervisory Authority" means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or
professional body, regulatory or supervisory authority, board or other body responsible for administering applicable EU Data Protection Laws.
In this Exhibit C references to "controller", "data subject", "personal data",
"processor" and "processing" shall have the meanings ascribed to them in the GDPR and their cognate terms shall be construed accordingly.
28
2.
|
Data Processing
|
2.1 The Parties acknowledge and agree that some or all of the Services to be provided by Securitize pursuant to this Agreement may involve Securitize processing EU Personal Data and that
Issuer will be a controller and Securitize will be the processor when processing such EU Personal Data pursuant to this Agreement.
2.2 Securitize shall:
(a) comply with applicable EU Data Protection Laws when processing EU Personal Data; and
(b) only process EU Personal Data in accordance with Issuer's documented written instructions or as otherwise agreed in writing between the Parties, and is prohibited from processing personal
data for any other purpose. Issuer's instructions are documented in this Exhibit C and any applicable Statement Of Work.
2.3 Annex 1 to this Exhibit C sets out the scope, nature, purpose of the processing by Securitize the duration of the processing, the types of EU Personal Data and the categories of EU Data
Subjects.
3.
|
Technical and organisational measures and security
|
3.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for
the rights and freedoms of natural persons, Securitize shall implement and maintain, appropriate technical and organisational measures in relation to the processing of EU Personal Data by Securitize to ensure a level of security appropriate to that
risk including, as appropriate, the measures referred to in applicable EU Data Protection Laws.
3.2 Securitize must implement appropriate technical and organizational measures to ensure that any employee, agent or contractor of Securitize or any Sub-Processor do not process EU Personal
Data except on the instructions of Issuer. Securitize must ensure that any employee, agent or contractor of Securitize or any Sub-Processor who may have access to EU Personal Data are subject to confidentiality undertakings or other contractual,
professional or statutory obligations of confidentiality.
4.
|
Sub-Processors
|
4.1 Issuer authorizes Securitize to appoint (and permits each Sub-Processor appointed in accordance with this paragraph 4 to appoint) Sub-Processors in accordance with this paragraph 4.
4.2 Securitize may continue to use those Sub-Processors already engaged by Securitize as at the date of this Agreement including Amazon Web Services. The Sub-Processors, as of the date of this Agreement, are
as follows: Amazon Web Services.
29
4.3 Securitize shall give Issuer notice of the appointment of any new Sub-Processor. If, within ten (10) business days of receipt of that notice, Issuer notifies Securitize in writing of any objections (on
reasonable grounds) to the proposed appointment, Securitize shall not appoint that proposed Sub-Processor until reasonable steps have been taken to address the objections raised by Issuer and Issuer has been provided with a reasonable written
explanation of the steps taken. Where Securitize is unable to address the objections raised by Issuer, notwithstanding any other provisions in this document, either Party may by written notice to the other Party with immediate effect terminate this
Agreement. Securitize must obtain sufficient guarantees from all Sub-Processors that they will implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of EU Data Protection Laws.
Securitize must enter into a written agreement with all Sub-Processors which imposes the same obligations on the Sub-Processors as this Exhibit C imposes on Securitize. Securitize must provide a copy of Securitize's agreements with Sub-Processors
to Issuer upon request. If any Sub-Processor fails to fulfil its obligations under EU Data Protection Laws, this Exhibit, or the agreements between Securitize and Sub-Processor, Securitize will be fully liable to Issuer for the performance of such
obligations
5.
|
EU Data Subject rights
|
Securitize shall:
(a) notify Issuer without undue delay if it receives a Data Subject Request in respect of any EU Personal Data; and
(b) use commercially reasonable efforts to assist Issuer in dealing with any Data Subject Requests.
6.
|
Data protection impact assessment and audit
|
6.1 Securitize shall provide commercially reasonable assistance to Issuer with any data protection impact assessments, and prior consultations with Supervisory Authorities which Issuer
reasonably considers to be required by Article 35 or 36 of the GDPR in each case solely in relation to processing of EU Personal Data by Securitize and taking into account the nature of the processing and information available to Securitize.
6.2 Issuer agrees to exercise its right to conduct an audit or inspection under EU Data Protection Laws by instructing Securitize or its Sub-Processors to carry out the audit described in
paragraph 6.3 (below). If Issuer wishes to change this instruction regarding audit, then Issuer has the right to request a change to this instruction by sending Securitize a written notice as provided in clause 17.1 of the Agreement.
6.3 Securitize and its Sub-Processors verify the adequacy of its technical and organisational security measures by performing an audit at least once annually.
7.
|
Incident and breach notification
|
Securitize, on becoming aware of a Personal Data Breach shall:
(a) notify Issuer without undue delay and no later than 48 hours after becoming aware of the occurrence of such Personal Data Breach; and
30
(b) provide Issuer with sufficient information as is reasonably available to allow Issuer to meet any of its obligations to report a Personal Data Breach or to inform EU Data Subjects under
applicable EU Data Protection laws. In particular, Securitize must, either in the initial notice or in subsequent notices as soon as the information becomes available, inform Issuer of the nature of the Personal Data Breach, the categories and number
of data subjects, the categories and amount of personal data, the likely consequences of the Personal Data Breach, and the measures taken or proposed to be taken to address the Personal Data Breach and mitigate possible adverse effects. If
Securitize's notice or subsequent notices are delayed, they must be accompanied by reasons for the delay.
8.
|
Deletion or Return of Personal Data
|
8.1 Subject to paragraph 8.2 of this Exhibit C, Securitize shall on receipt of a written request from Issuer upon termination of the Services:
(a) return a complete copy of all EU Personal Data it and each Sub-Processor has in current possession, to Issuer by secure file transfer; and /or
(b) Delete and procure the Deletion of all copies of EU Personal Data held by itself and any Sub-Processor.
8.2 Notwithstanding paragraph 8.1 of this Exhibit C, the Parties agree that Securitize and each Sub-Processor may retain EU Personal Data to the extent required by and for such period as
required by applicable EU laws.
9.
|
Transfer outside the European Economic Area
|
9.1 Each of Securitize (as "data importer") and Issuer (as "data exporter") hereby enter into these Standard Contractual Clauses in connection with any transfer of EU Personal Data where an appropriate
safeguard is to be implemented in accordance with Article 46 of the GDPR. If compliance with the Standard Contractual Clauses, including because an updated set of Standard Contractual Clauses enters into force, is affected by circumstances outside
of Securitize's control, Issuer and Securitize will work together in good faith to reasonably resolve such non-compliance.
31
Annex 1 to Exhibit C
This Annex 1 includes certain details of the processing of EU Personal Data as required by Article 28(3) of the GDPR.
Subject Matter of processing
|
The performance of the Services under this Agreement.
|
||
Duration of processing
|
The processing shall continue until the later of:
the Agreement being terminated in accordance with its terms and any notice period or transition period prescribed by Agreement having expired; and
Securitize no longer being subject to an applicable legal or regulatory requirement to continue to store the EU Personal Data.
|
||
Nature and purpose of processing
|
The processing of Personal Data is being conducted in order to facilitate the performance of the Services. Securitize will be storing data, accessing data and sharing data with affiliates in order to manage the (i) AML/KYC identification
of investors and confirming the accreditation status of investors, (ii) issuance of shares of Class A Common Stock to investors in exchange for subscription payments,
(iii) facilitating authorized transfers of Class A Common Stock to the stockholders, (iv) providing stockholder reports to Issuer, and (v) conducting other activities that are ancillary to providing the Services to Issuer or meeting
regulatory compliance requirements.
|
||
Types of EU Personal Data
|
The types of Personal Data from Authorized Participants includes: name, home address, personal email address, personal telephone number, copy of ID card, bank account, cryptocurrency wallet address, nationality, date of birth, government
identification number, salary and asset amount information.
|
||
Categories of EU Data Subject
|
Securitize collects Personal Data from Authorized Participants. The categories of natural persons that provide Personal Data to Securitize include application end-users and customers (along with contact persons and representatives.)
|
||
Obligations and rights of Issuer
(as controller)
|
As set out in this Agreement.
|
32
ANNEX 2 TO EXHIBIT C
POPULATION OF APPENDIX 1 OF THE STANDARD CONTRACTUAL CLAUSES
Data exporter
The data exporter is Exodus Movement. Inc.
Data importer
The data importer is Securitize LLC.
Data subjects
The personal data transferred concern the following categories of data subjects:
This section is deemed to be populated with the content of the section headed "Categories of Data Subject" in Annex 1 to this Exhibit D.
Categories of data
The personal data transferred concern the following categories of data:
This section is deemed to be populated with the content of the section headed "Types of Personal Data" in Annex 1 to this Exhibit D.
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data: No special categories of EU Personal Data are processed.
Processing operations
The personal data transferred will be subject to the following basic processing activities:
The processing operations are processing of personal data as necessary to provide the Services as set out in the Agreement.
33
ANNEX 3 TO EXHIBIT C
Technical and Organizational Measures
1.1
|
The technical and organizational measures (the "Measures") set out within clause 7.5 of this Agreement shall apply wherever EU Personal Data is processed by Securitize (i.e. whether processing
is undertaken the EEA or elsewhere), unless otherwise expressly stated and agreed between the Parties in writing.
|
1.2
|
The Measures shall be deemed to populate Appendix 2 of the Standard Contractual Clauses.
|
1.3
|
Securitize will, at a minimum, implement the following types of security measures:
|
1.
|
Physical access control
|
Technical and organizational measures to prevent unauthorized persons from gaining access to the data processing systems available in premises and facilities (including databases, application servers and related
hardware), where Personal Data are Processed, include:
☐
|
Establishing security areas, restriction of access paths;
|
☐
|
Establishing access authorizations for employees and third parties;
|
☐
|
Door locking (electric door openers etc.); and
|
☐
|
Securing decentralized data processing equipment and personal computers.
|
2.
|
Virtual access control
|
Technical and organizational measures to prevent data processing systems from being used by unauthorized persons include:
□ |
User identification and authentication procedures;
|
□ |
ID/password security procedures (special characters, minimum length, change of password);
|
□ |
Automatic blocking (e.g. password or timeout);
|
□ |
Monitoring of break-in-attempts and automatic turn-off of the user ID upon several erroneous passwords attempts;
|
□ |
Creation of one master record per user, user-master data procedures per data processing environment; and
|
□ |
Encryption of archived data media.
|
34
3.
|
Data access control
|
Technical and organizational measures to ensure that persons entitled to use a data processing system gain access only to such Personal Data in accordance with their access rights, and that Personal
Data cannot be read, copied, modified or deleted without authorization, include:
□ |
Internal policies and procedures;
|
□ |
Control authorization schemes;
|
□ |
Differentiated access rights (profiles, roles, transactions and objects);
|
□ |
Monitoring and logging of accesses;
|
□ |
Disciplinary action against employees who access Personal Data without authorization;
|
□ |
Reports of access;
|
□ |
Access procedure;
|
□ |
Change procedure;
|
□ |
Deletion procedure; and
|
□ |
Encryption.
|
4.
|
Disclosure control
|
Technical and organizational measures to ensure that Personal Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media (manual or
electronic), and that it can be verified to which companies or other legal entities Personal Data are disclosed, include:
□ |
Encryption/tunneling;
|
□ |
Logging; and
|
□ |
Transport security.
|
5.
|
Entry control
|
Technical and organizational measures to monitor whether Personal Data have been entered, changed or removed (deleted), and by whom, from data processing systems, include:
□ |
Logging and reporting systems; and
|
□ |
Audit trails and documentation.
|
35
6.
|
Control of instructions
|
Technical and organizational measures to ensure that Personal Data are Processed solely in accordance with the instructions of the Controller include:
□ |
Unambiguous wording of the contract;
|
□ |
Formal commissioning (request form); and
|
□ |
Criteria for selecting the Processor.
|
7.
|
Availability control
|
Technical and organizational measures to ensure that Personal Data are protected against accidental destruction or loss (physical/logical) include:
□ |
Backup procedures;
|
□ |
Mirroring of hard disks (e.g. RAID technology);
|
□ |
Uninterruptible power supply (UPS);
|
□ |
Remote storage;
|
□ |
Anti-virus/firewall systems; and
|
□ |
Disaster recovery plan.
|
8.
|
Separation control
|
Technical and organizational measures to ensure that Personal Data collected for different purposes can be Processed separately include:
□ |
Separation of databases;
|
□ |
"Internal client" concept / limitation of use;
|
□ |
Segregation of functions (production/testing); and
|
□ |
Procedures for storage, amendment, deletion, transmission of data for different purposes.
|
36
ANNEX 4 TO EXHIBIT C
STANDARD CONTRACTUAL CLAUSES (PROCESSORS) SET OUT IN DECISION 2010/87/EC
1. DEFINITIONS
For the purposes of the Clauses:
(a) personal data, special categories of data, process/processing, controller, processor, data subject and supervisory authority shall have the same
meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1);
(b) the data exporter means the controller who transfers the personal data;
(c) the data importer means the processor who agrees to receive from the data exporter personal data intended for processing on its behalf after the transfer in
accordance with its instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) the sub-processor means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data
importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with its instructions, the terms of the
Clauses and the terms of the written subcontract;
(e) the applicable data protection law means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy
with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) technical and organizational security measures means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental
loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
2. DETAILS OF THE TRANSFER
The details of the transfer and in particular the special categories of personal data where applicable are specified in Annex A which forms an integral part of the Clauses.
3. THIRD-PARTY BENEFICIARY CLAUSE
The data subject can enforce against the data exporter this Clause 3, Clause 4(b) to Clause 4(i),
Clause 5(a) to Clause 5(e) and Clause 5(g) to Clause 5(j), Clause 6.1 and Clause 6.2, Clause 7, Clause 8.2 and Clause 9 to Clause 12 as third-party beneficiary.
The data subject can enforce against the data importer this Clause, Clause 5(a) to Clause 5(e) and Clause 5(g), Clause 6, Clause 7, Clause 8.2 and Clause 9 to Clause 12, in cases where the data exporter has factually disappeared or has ceased to
exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data
subject can enforce them against such entity.
37
3.1 The data subject can enforce against the sub-processor this Clause 3.1, Clause 5(a) to Clause 5(e) and Clause 5(g), Clause 6, Clause 7, Clause 8.2, and Clause 9 to Clause 12, in cases where both the data
exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of
which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the
Clauses.
The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
4. OBLIGATIONS OF THE DATA EXPORTER
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law
(and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and
in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Annex B to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental
loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security
appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to
a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8.3 to the data protection supervisory authority if the data exporter decides to
continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Annex B and a summary description of the security measures, as well as a copy of any contract for sub-
processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the
rights of data subjects as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to Clause 4(i).
38
5. OBLIGATIONS OF THE DATA IMPORTER
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform
promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the
event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the
data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organizational security measures specified in Annex B before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve
the confidentiality of a law enforcement investigation;
(ii) any accidental or unauthorized access; and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of
the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection
body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may
remove such commercial information, with the exception of Annex B which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
39
(i) that the processing services by the sub-processor will be carried out in accordance with Clause 11; and
(j) to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.
6. LIABILITY
6.1 The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or
sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
6.2 If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or its sub-processor of any of their
obligations referred to in Clause 3 or in Clause 11 because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as
if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
6.3 If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations
referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the
data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by
contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub- processor shall be limited to its own processing operations under the Clauses.
7. MEDIATION AND JURISDICTION
7.1 The data importer agrees that if the data subject invokes against its third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision
of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
7.2 The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
8. COOPERATION WITH SUPERVISORY AUTHORITIES
8.1 The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
40
8.2 The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to
the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
8.3 The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-
processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).
9. GOVERNING LAW
The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely ....................................................................................
10. VARIATION OF THE CONTRACT
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clauses.
11. SUB-PROCESSING
11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data
importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the
data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor's
obligations under such agreement.
11.2 The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able
to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has
assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
11.3 The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is
established, namely ...........................................
11.4 The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The
list shall be available to the data exporter's data protection supervisory authority.
41
12. OBLIGATION AFTER THE TERMINATION OF PERSONAL DATA PROCESSING SERVICES
12.1 The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data
transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or
part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
12.2 The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures
referred to in paragraph 1.
42
EXHIBIT D: ("FORM OF JOINDER AGREEMENT")
THIS JOINDER AGREEMENT, dated as of this [DATE], by and among [Exodus Movement, Inc.], a Delaware corporation ("Issuer"), Securitize LLC, a Delaware limited liability company ("Securitize"), and [Name of
Additional Party], a (the "Additional Party").
Reference is made to that certain Platform Services, Transfer Agent and Registrar Agreement (the "Agreement"), dated as of [ ], 2020, by and between Issuer and
Securitize. All capitalized terms used but not defined in this Joinder Agreement shall have the meanings accorded such terms in the Agreement.
The Additional Party [has issued][will issue] Securities, called [insert class name of Securities], in accordance with the Agreement, subject to the execution of this Joinder Agreement.
By executing this Joinder Agreement, the Additional Party hereby agrees to be bound by the terms of the Agreement as if it were an original Issuer signatory to such Agreement and shall be deemed to
be an issuer of Securities thereunder, but only with respect to the Securities referenced in this Joinder Agreement. For the avoidance of doubt, the Additional Party appoints Securitize as transfer agent and registrar for the Securities pursuant to
the terms of the Agreement.
[The remainder of this page has been left intentionally blank]
43
IN WITNESS WHEREOF, the Additional Party has executed this Joinder Agreement under seal as of the date written above.
ADDITIONAL PARTY:
[ ]
By:
|
Name:
|
Title:
|
Date:
|
ACKNOWLEDGED:
44