CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS EXHIBIT, MARKED BY BRACKETS ([***]), HAS BEEN OMITTED FROM THIS EXHIBIT BECAUSE THE INFORMATION (I) IS NOT MATERIAL AND AMENDMENT THREE TO ORIGINAL EQUIPMENT MANUFACTURER (OEM) PURCHASE AGREEMENT
CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS EXHIBIT, MARKED BY BRACKETS ([***]),
HAS BEEN OMITTED FROM THIS EXHIBIT BECAUSE THE INFORMATION (I) IS NOT MATERIAL AND
(II) WOULD BE COMPETITIVELY HARMFUL IF PUBLICLY DISCLOSED.
AMENDMENT THREE TO ORIGINAL EQUIPMENT MANUFACTURER (OEM) PURCHASE AGREEMENT
This Amendment three (“Amendment Three”) to the Original Equipment Manufacturer Purchase Agreement (“Agreement”) by and between SUPER MICRO COMPUTER INC. (“Supplier”) and NUTANIX, INC. and Nutanix Netherlands B.V. (both Nutanix entities shall be defined as “OEM”) is entered into as of December 30, 2020 (“Amendment Effective Date”). Collectively Supplier and OEM are referred to as the “Parties”.
RECITALS
A.WHEREAS The parties entered into the Agreement as of May 16, 2014, and
BWHEREAS The parties had previously amended the Agreement with Amendment 1 and Amendment 2 and now desire to enter into an Amendment 3 to the Agreement to add certain definitions and obligations of the parties as follows.
NOW THEREFORE, in consideration of the foregoing, and for good and valuable consideration, the sufficiency of which is hereby acknowledged, the Parties agree as follows:
1. |
Section 8 is amended to change the heading to, “APPOINTMENT AS [***]” and the “Appointment as [***]” Section will now become Section 8.1 and the “[***]” section will be added as Section 8.2 as follows: |
|
8. |
APPOINTMENT AS [***] |
|
8.1 |
APPOINTMENT AS [***]. Supplier hereby appoints […..] |
|
8.2 |
[***]. [***]. |
2. |
Section 14 is amended as follows: |
14. ENVIRONMENTAL AND OTHER COMPLIANCE
14.1 “Environmental Compliance”: Supplier represents and warrants that no Products sold by or otherwise transferred by Supplier to OEM contain: lead, cadmium, mercury, hexavalent chromium, polybrominated biphenyls (PBBs), polybrominated biphenyl ethers (PBDE), or any other hazardous substances the use of which is restricted under EU Directive 2015/863/EU (RoHS 3); chemicals restricted under the Montreal Protocol on ozone depleting
substances or the law of the countries into which Product is shipped; or other materials restricted by applicable law unless expressly agreed otherwise by OEM in writing in advance. From time to time, OEM may request evidence of Supplier’s compliance with EU Directive 2015/863/EU, and Supplier shall make commercially reasonable efforts to provide this information in a timely manner. Additionally, Supplier shall assist OEM with, and make
1
CONFIDENTIAL
CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS EXHIBIT, MARKED BY BRACKETS ([***]),
HAS BEEN OMITTED FROM THIS EXHIBIT BECAUSE THE INFORMATION (I) IS NOT MATERIAL AND
(II) WOULD BE COMPETITIVELY HARMFUL IF PUBLICLY DISCLOSED.
commercially reasonable efforts on behalf of OEM, to facilitate compliance with EU Directive 2002/96/EC (WEEE), as applicable.
14.2 “Counterfeit Components”: Supplier shall establish and maintain an industry accepted Counterfeit Component detection and avoidance system. “Counterfeit Components” are defined as an unlawful or unauthorized reproduction, substitution, or alteration of, a component that has been knowingly mismarked, misidentified, or otherwise misrepresented to be an authentic, unmodified electronic part from the original manufacturer. Unlawful or unauthorized substitutions include used electronic parts represented as new, or the false identification of grade, serial number, lot number, date code, or performance characteristic.
|
a. |
Any Counterfeit Components discovered in the Products must be immediately replaced at Supplier’s expense if such detection occurs within the warranty period provided that these components were procured by a vendor solely selected by Supplier, including any vendor that is performing RMA or repair activities on the components or Products. |
|
b. |
For any suspected out of warranty Counterfeit Component cases, OEM shall promptly notify Supplier and shall provide a description of the Counterfeit Components. Upon receipt of such description, Supplier shall conduct and provide its preliminary findings regarding the Counterfeit Components, after which the parties will mutually agree upon an appropriate plan for remediation. |
|
c. |
OEM will have no liability for Counterfeit Components procured by Supplier unless OEM directed Supplier to procure such components from a specific vendor. Supplier shall advise OEM at the earliest possible time if Supplier reasonably suspects a particular component may be a Counterfeit Component. |
3. |
Section 16, “EPIDEMIC FAILURE” is amended [***] and [***] as follows: |
Notwithstanding the foregoing, this Section 16 shall apply or be enforced with respect to third party components listed below only during the respective warranty period set forth in Section 17:
[***]
4. |
Section 21, “CONFIDENTIAL INFORMATION” is amended to add the following sections: |
21.3Supplier shall notify OEM of any Security Incident within twenty-four (24) hours of the discovery of such Security Incident by providing notice in writing to: xxxxx@xxxxxxx.xxx and xxxxxxx@xxxxxxx.xxx. "Security Incident" is defined as: (i) any unauthorized access or unlawful breach of security leading to, or reasonably believed to have led to, the theft, accidental or unlawful destruction loss, alteration, unauthorized disclosure or access to any Nutanix Data; (ii) or discovery of any threat to, or vulnerability in (whether actually known or where such threat or vulnerability should reasonably have been known) any part, component, product provided as part of the Services. "Nutanix Data" is defined as any data that is protected as "personal data" or "personal information" under applicable privacy laws or any data about
2
CONFIDENTIAL
CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS EXHIBIT, MARKED BY BRACKETS ([***]),
HAS BEEN OMITTED FROM THIS EXHIBIT BECAUSE THE INFORMATION (I) IS NOT MATERIAL AND
(II) WOULD BE COMPETITIVELY HARMFUL IF PUBLICLY DISCLOSED.
OEM’s business operations, customers, vendors, strategy, pricing or any other information that should reasonably be considered confidential and that may be provided to Supplier under this agreement.
21.4Supplier agrees to the Nutanix Vendor Data Processing Agreement (DPA) attached hereto as Attachment 1 to this Amendment 3 and such DPA is incorporated into the Agreement as Exhibit E.
1. |
Section 26, “IMPORT/EXPORT REGULATIONS” is amended to the following: |
26. Each party shall comply with all applicable import, export and re-export control laws and regulations, including the U.S. Export administration Regulations (EAR), the International Traffic in Arms Regulations (ITAR), and the sanctions maintained by the Treasury Department’s Office of Foreign Assets Control (OFAC). Each party represents that items will not be exported, re-exported, or transferred directly or indirectly to any location, entity, government or person prohibited by the applicable laws or regulations of any jurisdiction, without prior authorization from the relevant government authorities. As necessary and reasonably requested, each party will provide export information such as the Export Classification Control Number (ECCN), Harmonized Tariff Regulations (HTS) codes, Country of Origin, and/or Commodity Classification Automated Tracking System (CCCATS) for hardware components.
IN WITNESS WHEREOF, the parties have executed this Amendment Three as of the Amendment Effective Date.
By:/s/ Xxxxx Xxxxxxxx
Title: Chief Operating Officer, Nutanix
Date:12/31/2020
NUTANIX NETHERLANDS B.V.
By:/s/ Xxxx Xxxxx
Title:Director
Date:12/31/2020
ACKNOWLEDGED AND AGREED
SUPER MICRO COMPUTER INC.
By:/s/ Xxx Xxxxx
Title:SVP Worldwide Sales
Date:12/31/2020
3
CONFIDENTIAL
CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS EXHIBIT, MARKED BY BRACKETS ([***]),
HAS BEEN OMITTED FROM THIS EXHIBIT BECAUSE THE INFORMATION (I) IS NOT MATERIAL AND
(II) WOULD BE COMPETITIVELY HARMFUL IF PUBLICLY DISCLOSED.
Attachment 1 to Amendment 3:
EXHIBIT E
Nutanix – Vendor Data Processing Addendum
This Data Processing Addendum ("Addendum") sets out the terms that apply as between Nutanix (“Nutanix” or “OEM”) and Super Micro Computer, Inc. (“Supplier” or “Company”) when processing EEA personal data in connection with the existing or contemporaneous agreement between the parties under which personal data is shared (the “Agreement”) and forms part of the Agreement between the parties. Capitalized terms used in this Addendum shall have the meanings given to them in the Agreement, the Model Clauses, or unless otherwise defined in this Addendum.
1. |
Definitions: (a) "controller," "processor," "data subject," and "processing" (and "process") shall have the meanings given to them in Applicable Data Protection Law; (b) "Applicable Data Protection Law" means any and all applicable privacy and data protection laws and regulations applicable to the Personal Data in question, including, where applicable, EU Data Protection Law and California Consumer Privacy Act (CCPA) (in each case, as may be amended, superseded or replaced from time to time); (c) "EU Data Protection Law" means: (i) the EU General Data Protection Regulation (Regulation 2016/679) ("GDPR"); and (ii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iii) any national data protection laws made under or pursuant to clause (i) or (ii); (d) "Personal Data" means any information relating to an identified or identifiable natural person to the extent that such information is protected as personal data under Applicable Data Protection Law; (e) “Model Clauses” means the Standard Contractual Clauses for Controllers as approved by the European Commission and available at xxxx://xxx-xxx.xxxxxx.xx/xxxxx-xxxxxxx/XX/XXX/?xxxxXXXXX%0X00000X0000 (as amended, superseded or updated from time to time); and (f) “CCPA” means Title 1.81.5 California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100–1798.199). |
2. |
Purposes of processing. The parties acknowledge that in connection with the Agreement, each party may provide or make available to the other party Personal Data. Each party shall process such data: (i) for the purposes described the Agreement; and/or (ii) as may otherwise be permitted under Applicable Data Protection Law. |
3. |
Relationship of the parties. Each party will process the copy of the Personal Data in its possession or control as an independent controller (not as a joint controller with the other party). For the avoidance of doubt and without prejudice to the foregoing, Nutanix shall be an independent controller of any Personal Data that it receives or shares with Company in connection with the Agreement. |
4. |
Compliance with law. Each party shall separately comply with its obligations under Applicable Data Protection Law and this Addendum when processing Personal Data. Neither party shall be responsible for the other party's compliance with Applicable Data Protection Law. In particular, each party shall be individually responsible for ensuring that its processing of the Personal Data is lawful, fair and transparent, and shall make available to data subjects a privacy statement that fulfils the requirements of Applicable Data Protection Law. |
4
CONFIDENTIAL
CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS EXHIBIT, MARKED BY BRACKETS ([***]),
HAS BEEN OMITTED FROM THIS EXHIBIT BECAUSE THE INFORMATION (I) IS NOT MATERIAL AND
(II) WOULD BE COMPETITIVELY HARMFUL IF PUBLICLY DISCLOSED.
5. |
International transfers. Where Applicable Data Protection Law in the European Economic Area ("EEA"), United Kingdom and/or Switzerland (collectively for the purposes of this Addendum, the "EU'), applies to the Personal Data ("EU Personal Data"), neither party shall process any EU Personal Data (nor permit any EU Personal Data to be processed) in a territory outside of the EU unless it has taken such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law. To the extent Company transfers EU Personal Data to Nutanix and Nutanix is located in a territory outside the EU that does not provide adequate protection for Personal Data (as determined by Applicable Data Protection Law), Nutanix agrees to abide by and process such EU Personal Data in accordance with the Model Clauses, which are hereby incorporated by reference in, and form an integral part of, this Addendum. Nutanix agrees that it is a "data exporter" and Company is the "data importer" under the Model Clauses (notwithstanding that Nutanix may be an entity located outside of the EEA). |
6. |
Security: Each party shall implement and maintain all appropriate technical and organizational measures to protect any copies of the Personal Data in their possession or control from (i) accidental or unlawful destruction, and (ii) loss, alteration, or unauthorised disclosure or access and to preserve the security and confidentiality of such Personal Data. Each party shall notify the other party without undue delay on becoming aware of any breach of EU Data Protection Law/Applicable Data Protection Law. |
Nutanix Netherlands B.V. |
Super Micro Computer, Inc. |
By: /s/ Xxxx Xxxxx |
By: /s/ Xxx Xxxxx |
Name: Xxxx Xxxxx |
Name: Xxx Xxxxx |
Title: Director |
Title: SVP Worldwide Sales |
Date: 12/31/2020 |
Date: 12/31/2020 |
5
CONFIDENTIAL