EX-10.3 4 dex103.htm AGREEMENT DC6 EQUINIX IBX® SERVICE ORDER Service price quotation for Service Order Number Service Order Date Valid Until Currency TALEO CORPORATION S-103965 May 16, 2011 July 19, 2011 USD PREPARED BY: CONWAY, MR. CHRISTOPHER...
Exhibit 10.3
DC6 EQUINIX IBX® SERVICE ORDER
Service price quotation for
Service Order Number
Service Order Date
Valid Until
Currency
TALEO CORPORATION
S-103965
May 16, 2011
July 19, 2011
USD
PREPARED BY:
XXXXXX, XX. XXXXXXXXXXX
xxxxxxx@xxxxxxx.xxx
000-000000
Direct
Fax
PREPARED FOR:
Xxxxx Xxxxxx
xxxxxxx@xxxxx.xxx
x0 (000)0000000
Direct x1295
Fax
Unit Pricing Total
Service Description Qty (USD) Charges (USD)
NRC MRC NRC MRC
CAG10009 Premium Private Cage 1 0.00 36,000.00 0.00 36,000.00
CAB00134 Demarcation Rack 1 0.00 0.00 0.00 0.00
CAB10001 Cabinet-Eq-5 kVA 21 1,000.00 0.00 21,000.00 0.00
CAB10001 Cabinet-Eq-5 kVA 3 1,000.00 0.00 3,000.00 0.00
POW10045 208V AC Power 3P - Primary-30A 19 700.00 0.00 13,300.00 0.00
POW10009 208V AC Power - Primary-20A 12 350.00 0.00 4,200.00 0.00
POW10010 208V AC Power - Redundant-20A 12 350.00 0.00 4,200.00 0.00
POW10046 000X XX Xxxxx 0X - Xxxxxxxxx-00X 19 700.00 0.00 13,300.00 0.00
POW10006 120V AC Power - Primary-20A 1 350.00 0.00 350.00 0.00
CAB00265 Overhead suspended per 10-ft section - Installation Fee 18 800.00 0.00 14,400.00 0.00
POW00181 Power Capacity for Contracted Space 1 0.00 36,000.00 0.00 36,000.00
CAB10001 Cabinet-Eq-5 kVA 1 1,000.00 0.00 1,000.00 0.00
Maximum Power Draw (kVA) 156.00
Total Charges 74,750.00 72,000.00
GENERAL TERMS AND CONDITIONS
Order Introduction
This Service Order (“Order”) is between Equinix Operating Co., Inc. (Equinix, Inc. if the Order is for Services delivered in Equinix’s Newark or Secaucus IBX Centers) (in either case, “Equinix”) and the customer identified above (“Customer”), who wishes to order the products or services listed above (each a “Service”), each of which will be delivered at the IBX Center designated above.
This Order is governed by and incorporated by reference into the applicable Master Service Agreement (“MSA”).
Service Term
This Order will have an Initial Service Term which will commence on the Billing Commencement Date and will terminate at the end of the month in which the Initial Service Term expires. For example, if the Billing Commencement Date is March 5, 2008, and the Initial Service Term is two (2) years then the Order will terminate on March 31, 2010.
For additional Services installed in the Cage, the service term will be concurrent with the service term of this Order.
After the Initial Service Term, the service term will automatically renew for additional service terms of one (1) year each, unless either Party provides written termination notification to the other Party at least ninety (90) days prior to the end of the then-current service term, in which event this Order will terminate at the end of then-current service term.
Notwithstanding anything in this Order or the MSA to the contrary, if the MSA has a date-certain expiration date or if either Party notifies the other that it intends not to renew the MSA pursuant to the terms thereto, then this Order will remain in effect after the MSA terminates and all of the terms and conditions of the MSA (including all limitation of liability and indemnification provisions) will continue to apply to this Order and all Services until this Order expires or terminates at the end of the then-current service term.
Pricing and Billing
All invoices will be paid in U.S. Dollars.
For purposes of this Order, the Private Cage MRC (“Cage MRC”) and the Power Capacity for Contracted Space MRC (“Power MRC”) shall be as follows:
Period 1 shall begin on June 1, 2011 and end on May 31, 2012. During Period 1, Customer shall pay the Cage MRC of Thirty-Six Thousand Dollars ($36,000) and the Power MRC for 156 kVA of Thirty-Six Thousand Dollars ($36,000), for the Total Charges MRC of Seventy-Two Thousand Dollars ($72,000).
Period 2 shall begin on June 1, 2012 and end on May 31, 2013. During Period 2, Customer shall pay the Cage MRC of Fifty-Five Thousand
Xxxx Xxxxxx
e-Signed 2011-05-23 03:07PM PDT
xxxxxxx@xxxxx.xxx
Taleo
SVP & General Counsel
Waiting for Signature
xxxxxxxxxxxx@xxxxxxx.xxx
EQUINIX
Page 1 of 3
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
DC6 EQUINIX IBX® SERVICE ORDER
Service price quotation for
Service Order Number
Service Order Date
Valid Until
Currency
TALEO CORPORATION
S-103965
May 16, 2011
July 19, 2011
USD
PREPARED BY:
XXXXXX, XX. XXXXXXXXXXX
xxxxxxx@xxxxxxx.xxx
000-000000
Direct
Fax
PREPARED FOR:
Xxxxx Xxxxxx
xxxxxxx@xxxxx.xxx
x0 (000)0000000
Direct x1295
Fax
Eight Hundred Dollars ($55,800) and the Power MRC for 228 kVA of Fifty-Five Thousand Eight Hundred Dollars ($55,800), for the Total Charges MRC of One Hundred Eleven Thousand Six Hundred Dollars ($111,600) (“Period 2 Total Charges MRC”).
Period 3 shall begin on June 1, 2013 and end on the last day of the Initial Service Term. During Period 3, Customer shall pay the Cage MRC of Seventy-Five Thousand Six Hundred Dollars ($75,600) and the Power MRC for 300 kVA of Seventy-Five Thousand Six Hundred Dollars ($75,600), for the Total Charges MRC of One Hundred Fifty-One Thousand Two Hundred Dollars ($151,200) (“Period 3 Total Charges MRC”).
If Customer’s actual installed power in the Cage exceeds 156 kVA at any time prior to the beginning of Period 2, Customer shall pay the Period 2 Total Charges MRC from the beginning of the billing period in which Customer’s actual installed power in the Cage exceeds 156 kVA through the end of Period 1.
If Customer’s actual installed power in the Cage exceeds 228 kVA at any time prior to the beginning of Period 3, Customer shall pay the Period 3 Total Charges MRC from the beginning of the billing period in which Customer’s actual installed power in the Cage exceeds 228 kVA through the end of Period 2.
Notwithstanding anything in this Order or the MSA to the contrary, after the first twelve months of the Initial Service Term, Equinix may change the Service Fees for all Services except power Services at a rate not to exceed five percent (5%) per year.
Notwithstanding anything in this Order or the MSA to the contrary, after the first twelve months of the Initial Service Term, Equinix may change the Service Fees for power Services at a rate not to exceed five percent (5%) per year unless Equinix’s direct electrical supply costs increases by more than five percent (5%) per year, in which case Equinix may increase the Service Fees by such increased cost. Additionally, if the rate of such increased cost for power Services is greater than ten percent (10%), Equinix will provide Customer with written documentation of such increased cost.
Customer shall pay Equinix such increased rates pursuant to this Order and the MSA throughout the Term, including renewal periods.
Any additional Service(s) ordered by Customer on a subsequent order that is not specifically listed above, shall be subject to the then-current rate for such Service, and shall be subject to the automatic price increase set forth herein.
Prices shown above do not include any applicable taxes which are the responsibility of the Customer.
Unless otherwise specified in the MSA, if Customer wishes to dispute any charge billed to Customer by Equinix (a “Disputed Amount”), Customer must submit a good faith claim regarding the Disputed Amount with documentation as may reasonably be required to support the claim within ninety (90) days of receipt of the initial invoice sent by Equinix regarding the Disputed Amount. If Customer does not submit a documented claim within ninety (90) days of receipt of the initial invoice sent by Equinix regarding such Disputed Amount, notwithstanding anything in this Order to the contrary, Customer waives all rights to dispute the Disputed Amount and Customer waives all rights to file a claim thereafter of any kind relating to such Disputed Amount (and Customer also waives all rights to otherwise claim that it does not owe such Disputed Amount or to seek any set-offs or reimbursements or other amounts of any kind based upon or relating to such Disputed Amount). If the MSA includes a provision that specifically describes the processes relating to Customer’s ability to dispute billed charges, then this paragraph will be of no force and effect.
In addition, the “Confidentiality Provisions” contained in Exhibit A to the MSA and the “Minimum Taleo Customer Data Security Standards Definition” contained in Exhibit D to the MSA will apply to the provision of Services under this Order.
Power Limitations
Customer may not draw more than the kVA or kW amount listed above (“Power Cap”) in the Cage. If the power draw exceeds the Power Cap, Equinix will provide written notification to Customer and Customer must reduce the power draw to the Power Cap within 72 hours. If Customer does not resolve the situation with a mutually agreeable plan, Equinix may suspend Customer’s power until the aggregate rated capacity of all power circuits equal the Power Cap.
Definitions
Billing Commencement Date: June 1, 2011
Cage: The cage in the IBX Center in which the Services are delivered by Equinix. If the cage is a shared cage, “Cage” will refer to the cabinets in the shared cage that are licensed by Customer.
Expected Delivery Date: The date Equinix expects to deliver the Services to Customer as determined by Equinix upon the booking of this Order by Equinix.
Xxxx Xxxxxx
e-Signed 2011-05-23 03:07PM PDT
xxxxxxx@xxxxx.xxx
Taleo
SVP & General Counsel
Waiting for Signature
xxxxxxxxxxxx@xxxxxxx.xxx
EQUINIX
Page 2 of 3
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
DC6 EQUINIX IBX® SERVICE ORDER
Service price quotation for
Service Order Number
Service Order Date
Valid Until
Currency
TALEO CORPORATION
S-103965
May 16, 2011
July 19, 2011
USD
PREPARED BY:
XXXXXX, XX. XXXXXXXXXXX
cconway@equinix. com
000-000000
Direct
Fax
PREPARED FOR:
Xxxxx Xxxxxx
xxxxxxx@xxxxx.xxx
x0 (000)0000000
Direct x1295
Fax
Initial Service Term: Sixty (60) months.
MRC: Monthly recurring charges.
MSA: Master Service Agreement dated 14 April 2006 and its Exhibits and Amendments, if any.
NRC: Non-recurring charges.
Order Effective Date: The date the Order is signed by both parties.
Conclusion
Please sign and return all referenced exhibits, addenda and/or policy documents with this order. Failure to do so may result in a delay in processing.
Return Order Info
Digital signatures are not acceptable. Please sign and return all referenced exhibits, addenda and/or policy documents with this order. Failure to do so may result in a delay in processing.
Sending Instructions:
1) Fax a signed copy of this Order to (000) 000-0000, or
2) Email to xxxxxxxxxxxx@xxxxxxx.xxx
(if file size is larger than 10mb, please separate multiple documents or zip file).
Order_V5_ASK_052011
TALEO CORPORATION
Signature: Xxxx Xxxxxx (May 23, 2011)
Email: xxxxxxx@xxxxx.xxx
Title: SVP & General Counsel
Company: Taleo
Date: e-mail Address:
May 23, 2011
EQUINIX
Signature:
Email: xxxxxxxxxxxx@xxxxxxx.xxx
Title: Xxxxx X. Xxxxxxx
Senior Customer Contracts Manager
Company:
Xxxx Xxxxxx
e-Signed 2011-05-23 03:07PM PDT
xxxxxxx@xxxxx.xxx
Taleo
SVP & General Counsel
Waiting for Signature
xxxxxxxxxxxx@xxxxxxx.xxx
EQUINIX
Page 3 of 3
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
Exhibit D to MSA between Equinix-US and Taleo Corporation
Minimum Taleo Customer Data Security Standards Definition
Equinix Operating Co., Inc., will ensure that it and its employees, contractors, suppliers, and to the extent they are working under the direction of Equinix any other Equinix business partners and their employees that enter an Equinix facility that contains Taleo’s equipment (collectively “You” or “Equinix”) will not access, process or store Taleo’s Customer Data (as defined herein). Likewise, Taleo will ensure it does not direct or authorize Equinix to access, process or store Taleo’s Customer Data. If Equinix does access, process or store Taleo’s Customer Data, then after notice from Taleo, Equinix will comply with the requirements set forth in this Minimum Taleo Customer Data Security Standard Definition (“Standards”) with respect to any such information. “Taleo Customer Data” is defined as any data that any customer or other user (referenced in this Exhibit as “Taleo Customer”) uploads into Taleo’s equipment within an Equinix facility This obligation is, in addition, not in lieu of, any other contractual obligations and applicable laws applicable with respect to Taleo Customer Data. For the avoidance of doubt, the mere placement of materials or equipment containing Taleo Customer Data at Your IBX Centers does not constitute accessing, processing or storing of such Taleo Customer Data by You .
1. Customer Controls Data. You may not access, collect, store, retain, transfer, use or otherwise process in any manner any Taleo Customer Data, except as directed by authorized personnel of Taleo Corporation (“Taleo”) in writing and Taleo agrees not to direct or authorize Equinix to do so. Without limiting the generality of the foregoing, You may not make Taleo Customer Data accessible to any subcontractors or relocate Taleo Customer Data to new locations, except as set forth in written agreements with, or written instructions from Taleo.
2. Access to Licensed Space. Equinix will not access, process or store the Taleo Customer Data residing within Taleo’s equipment, but will comply with Equinix’s security processes related to physical access to Taleo’s Licensed Space, which shall be consistent with current industry standards and reasonable under the circumstances. .
3. Comply with Approved Policies. Notwithstanding the foregoing, if Taleo directs Equinix to access, process or stores Taleo Customer Data and Equinix agrees in writing to do so, Equinix will comply with Taleo’s Information Security Policy with regard to Taleo Customer Data clearly posted or provided to You in writing and/or Your own information security policy with regard to Taleo Customer Data posted or approved in writing by Taleo. You have to comply with the approved version of Your own security policy(ies), refrain from making any changes that reduce the level of security, and provide 30 days prior written notice to Taleo of any proposed changes to Your own applicable security policy and obtain Taleo’s written approval before implementation of any changes to the security policy which would adversely affect Taleo’s use of Your Services to manage Taleo Customer Data. Notwithstanding the foregoing, except were Taleo provides its written approval, Taleo may terminate the Services without additional liability if Equinix changes its security policies to adversely affect Taleo’s use of Equinix Services to manage Taleo Customer Data.
With respect to Equinix’s IBX Centers SV, CH3 and DC6 and any IBX Center used to provide access to these facilities, Equinix has obtained SAS 70 II certification (or equivalent, e.g. SSAE16) for the facilities specified in the title of this document and shall use commercially reasonable efforts to maintain such certification. You must comply with Your SAS 70 II (or equivalent) standards and provide Taleo 30 days notice of any changes which would adversely affect Taleo’s use of Your Services.
4. Cooperate with Compliance Obligations. Notwithstanding the foregoing, if Taleo directs Equinix to access, process or store Taleo Customer Data, then Equinix may terminate the Services or upon mutual agreement of the Parties, Equinix must (a) execute and/or contractually agree with Taleo to comply to the extent applicable to Your Services with model contracts, laws or industry standards designed to protect Taleo Customer Data, including, without limitation, the Standard Contractual Clauses approved by the European Commission for data transfers from data controllers to data processors which is personal data or sensitive personal data (as defined under applicable data protection legislation), PCI Standards, HIPAA requirements for business associates, as well as similar and other frameworks, or (b) allow Taleo to terminate without liability certain or all Orders issued under the MSA to which this Exhibit is attached if You are unable to comply with the requirements of paragraph 4(a) above within ninety (90) days of receipt of Taleo’s written request by You, subject to (i) a proportionate refund of any prepaid fees, and (ii) transition or migration assistance as reasonably required and at time and materials rates not exceeding Your then current rates for professional services offered to Your customers.
Exhibit to 14 April 2006 MSA
Page 1 of 2
Xxxx Xxxxxx
e-Signed 2011-05-23 03:07PM PDT
xxxxxxx@xxxxx.xxx
Taleo
SVP & General Counsel
Waiting for Signature
xxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
Taleo represents and Equinix acknowledges that as between Taleo Corporation and its affiliates inside the European Union Member States the Standard Contractual Clauses (“SCC”) attached hereto and incorporated by reference is entered with respect to the transfer of personal data of Taleo Customers. Taleo agrees it will fulfill the obligations of exporter and importer as more fully described in the attached SCC with respect to its use of the Equinix Services.
5. Submit to Audits. You must submit to reasonable data security and privacy compliance annual audits (unless required more frequently by a data protection regulatory authority or for a data subject access request) by Taleo and, at Taleo’s written request and with Your consent (such consent not to be unreasonably withheld, conditioned or delayed), by Taleo Customer, data subject, or a data protection regulatory authority, to verify compliance with these Standards, applicable law, and any other applicable contractual undertakings, which govern Taleo Customer Data, provided such audits shall occur during regular business hours; each party responsible for their own costs; and on a mutually agreed upon date (which shall be no less than ten (10) business days after written notice from Taleo), time, location and duration, IBX Auditors may perform a confidential audit to verify that the IBX Centers comply with the standards set forth in this Agreement, subject to reasonable postponement by Equinix upon Equinix’s request, which postponement shall not exceed twenty (20) business days. Taleo agrees that (i) such audits shall not adversely affect other customers of Equinix or Equinix’s operation of the IBX Center; (ii) all IBX Auditors (defined below) shall comply with Equinix’s Policies during such audit; and (iii) Taleo shall ensure that any third party IBX Auditors treat all of Equinix’s Confidential Information disclosed to such third party IBX Auditor as a result of such audit in the same manner Taleo is required to treat such Confidential Information. For purposes of this section, “IBX Auditor” shall mean Taleo, Taleo Customer, or data subject, or any of their third-party auditors or any regulatory examining authority having jurisdiction over Taleo, Taleo Customer, or data subject that participates in an audit described in this section.
Specifically, upon request from Taleo, Equinix shall provide to Taleo copies of Equinix’s annual Type II SAS 70 (or equivalent) reports and certificates for the purpose to determine the adequacy of Equinix’s systems, controls, security, integrity, fees, and confidentiality. If there are any testing exceptions set forth in the Type II SAS 70 (or equivalent) reports or issues preventing sustained certification status, Equinix will provide Taleo with a written plan of action, which shall include, at a minimum: (A) details of actions to be taken by Equinix and/or its subcontractors to correct the testing exceptions or issues and (B) target dates for successful correction of the testing exceptions and issues, and (C) any subsequent reports or certification re-activation notices addressing resolution of any testing exceptions and issues identified. Equinix acknowledges and agrees that Taleo and its independent certified public accountants shall have the right to interview Equinix’s audit personnel, at Taleo’s expense, who did the actual audit work in the event that Taleo or its independent certified public accountants require clarification on the report. Equinix shall be responsible for its costs associated with SAS 70 Type II (or equivalent) reports and certifications, correcting any testing exceptions or issues identified and for the preparation of any other reports required to be delivered under this provision. Taleo shall be responsible for its own costs associated with audits conducted by it under this provision.
6. Notify Breaches. If You become aware of any unauthorized access to Taleo Customer Data, You must immediately notify Taleo, consult and cooperate with investigations and potentially required notices, and provide any information reasonably requested by Taleo.
Acknowledged and agreed:
Equinix Operating Co., Inc.
Authorized Signature
Taleo Corporation Authorized Signature
Signature:
Email: xxxxxxxxxxxx@xxxxxxx.xxx
Xxxxx X. Xxxxxxx
Title: Senior Customer Contracts Manager
Company:
Signature: Josh Paddis (May 23, 2011)
May 23, 2011
Email: xxxxxxx@xxxxx.xxx
Title: SVP & General Counsel
Company: Taleo
Exhibit to 14 April 2006 MSA
Page 2 of 2
Xxxx Xxxxxx
e-Signed 2011-05-23 03:07PM PDT
xxxxxxx@xxxxx.xxx
Taleo
SVP & General Counsel
Waiting for Signature
xxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2NDGMM7L57497C
ATTACHMENT 4
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
Name of the data exporting organisation:
Taleo (Europe) B.V. (a subsidiary of Taleo Corporation) and Taleo (UK) Limited, Taleo (France) SAS, and other subsidiaries of Taleo Corporation located in EU Member States; or
Clients of Taleo Corporation with operations in the EU Member States to whom Taleo Corporation is under contract to perform services.
Address: Poortgebouw, Xxxxx Xxxxxx 00-00, 0000 XX Xxxxxxxx-Xxxx, Xxx Xxxxxxxxxxx
Tel.: 000-000-0000; fax: 000-000-0000; e-mail: xxxxxxx@xxxxx.xxx
Other information needed to identify the organisation
Taleo (Europe) B.V. File No. 30175073 Taleo (UK) Limited Company No. 4881364
Taleo (France) SAS Registration No. Paris B 439 042 185 (2001B13854)
(the data exporter)
And
Name of the data importing organisation:
Taleo Corporation or its subsidiary Taleo (Canada), Inc., Taleo (Australia) Pty Ltd and other subsidiaries located outside the EU Member States.
Address: Worldwide Headquarters: 0000 Xxxxxx Xxxx., Xxxxx 000, Xxxxxx, XX 00000
Tel.: 000-000-0000; fax: 000-000-0000; e-mail: xxxxxxx@xxxxx.xxx
Other information needed to identify the organisation:
Taleo Corporation Tax ID: 00-0000000
Taleo (Canada), Inc. Québec Enterprise Number (NEQ): 1148036180
Taleo (Australia) Pty Ltd ACN: 108 380 347
(the data importer)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
EN
Xxxx Xxxxxx
e-Signed 2011-05-23 03:07PM PDT
xxxxxxx@xxxxx.xxx
Taleo
SVP & General Counsel
1
Waiting for Signature
xxxxxxxxxxxx@xxxxxxx.xxx
EN
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
Clause 1
Definitions
For the purposes of the Clauses:
(a) personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data 1;
(b) ‘the data exporter’ means the controller who transfers the personal data;
(c) ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
(d) ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
(f) ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
1 Parties may reproduce definitions and meanings contained in Directive 95/46/EC within this Clause if they considered it better for the contract to stand alone.
EN 2 EN
Xxxx Xxxxxx
e-Signed 2011-05-23 03:07PM PDT
xxxxxxx@xxxxx.xxx Taleo
SVP & General Counsel
Waiting for Signature
xxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
Clause 3
Third-party beneficiary clause
1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
3. The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses. 4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.
Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
(a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
(c) that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
(d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the
EN 3 EN
Xxxx Xxxxxx
e-Signed 2011-05-23 03:07PM PDT
xxxxxxx@xxxxx.xxx Taleo
SVP & General Counsel
Waiting for Signature
xxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
(e) that it will ensure compliance with the security measures;
(f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
(g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
(h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
(i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
(j) that it will ensure compliance with Clause 4(a) to (i).
Clause 5
Obligations of the data importer2
The data importer agrees and warrants:
(a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
2 Mandatory requirements of the national legislation applicable to the data importer which do not go beyond what is necessary in a democratic society on the basis of one of the interests listed in Article 13(1) of Directive 95/46/EC, that is, if they constitute a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of breaches of ethics for the regulated professions, an important economic or financial interest of the State or the protection of the data subject or the rights and freedoms of others, are not in contradiction with the standard contractual clauses. Some examples of such mandatory requirements which do not go beyond what is necessary in a democratic society are, inter alia, internationally recognised sanctions, tax-reporting requirements or anti-money-laundering reporting requirements.
EN 4 EN
Xxxx Xxxxxx
e-Signed 2011-05-23 03:07PM PDT
xxxxxxx@xxxxx.xxx
Taleo
SVP & General Counsel
Waiting for Signature
xxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
(b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
(d) that it will promptly notify the data exporter about:
(i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
(ii) any accidental or unauthorised access, and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
(e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
(f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
(g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
(h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;
(i) that the processing services by the subprocessor will be carried out in accordance with Clause 11;
(j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
EN 5 EN
Xxxx Xxxxxx
e-Signed 2011-05-23 03:07PM PDT
xxxxxxx@xxxxx.xxx
Taleo
SVP & General Counsel
Waiting for Signature
xxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
Clause 6
Liability
1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered.
2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.
Clause 7
Mediation and jurisdiction
1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
(a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
(b) to refer the dispute to the courts in the Member State in which the data exporter is established.
2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.
EN 6 EN
Xxxx Xxxxxx
e-Signed 2011-05-23 03:07PM PDT
xxxxxxx@xxxxx.xxx
Taleo
SVP & General Counsel
Waiting for Signature
xxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
Clause 8
Cooperation with supervisory authorities
1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b).
Clause 9
Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely The Netherlands.
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Subprocessing
1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses3. Where the subprocessor fails to fulfil its data protection
3 This requirement may be satisfied by the subprocessor co-signing the contract entered into between the data exporter and the data importer under this Decision.
EN 7 EN
Xxxx Xxxxxx
e-Signed 2011-05-23 03:07PM PDT
xxxxxxx@xxxxx.xxx
Taleo
SVP & General Counsel
Waiting for Signature
xxxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement.
2. The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law.
Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
3. The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established, namely The Netherlands.
4. The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
Clause 12
Obligation after the termination of personal data processing services
1. The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
2. The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.
EN 8 EN
Xxxx Xxxxxx e-Signed 2011-05-23 03:07PM PDT xxxxxxx@xxxxx.xxx Taleo SVP & General Counsel
Waiting for Signature xxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
On behalf of the primary data exporter: Taleo (Europe) B.V.
Name (written out in full): Xxxxxxxx Xxxxxx
Position: SVP Legal Affairs and General Counsel
Address: Poortgebouw, Xxxxx Xxxxxx 00-00, 0000 XX Xxxxxxxx-Xxxx, Xxx Xxxxxxxxxxx
Other information necessary in order for the contract to be binding (if any):
Date May 23, 2011 Signature J Xxxxxx Xxxx Xxxxxx (May 23, 2011)
(stamp of organisation)
On behalf of the data importer: Taleo Corporation
Name (written out in full): Xxxxxxxx Xxxxxx
Position: SVP Legal Affairs and General Counsel
Address: 0000 Xxxxxx Xxxx., Xxxxx 000, Xxxxxx, XX 00000
Other information necessary in order for the contract to be binding (if any):
Date May 23, 2011 Signature J Xxxxxx Xxxx Xxxxxx (May 23, 2011)
(stamp of organisation)
EN 9 EN
Xxxx Xxxxxx e-Signed 2011-05-23 03:07PM PDT xxxxxxx@xxxxx.xxx Taleo SVP & General Counsel
Waiting for Signature xxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and signed by the parties
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix
Data exporter.
The data exporter is (please specify briefly your activities relevant to the transfer):
The Netherlands subsidiary of the Data importer.
Data importer.
The data importer is (please specify briefly activities relevant to the transfer):
Taleo Corporation and its subsidiaries (“Taleo”) provide on-demand talent management solutions that enable organizations of all sizes to assess, acquire, develop, compensate and align their workforces for improved business performance. Taleo’s software applications are offered to Taleo customers primarily on a subscription basis.
Data subjects.
The personal data transferred concern the following categories of data subjects (please specify):
Employees and prospective employees of Taleo’s customers.
Categories of data.
The personal data transferred concern the following categories of data (please specify):
Employment data.
Special categories of data (if appropriate).
The personal data transferred concern the following special categories of data (please specify):
Where processing is necessary for the purposes of carrying out the obligations and specific rights of the controller (Taleo customers) in the field of employment law insofar as it is authorized by national law providing for adequate safeguard.
EN 10 EN
Xxxx Xxxxxx e-Signed 2011-05-23 03:07PM PDT xxxxxxx@xxxxx.xxx Taleo SVP & General Counsel
Waiting for Signature xxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
Processing operations.
The personal data transferred will be subject to the following basic processing activities (please specify):
Automatic collection, recording, organization, storage, adaptation or alteration, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of personal data owned by Taleo customers for the Taleo’s performance of its contract with Taleo customers.
DATA EXPORTER
Name: Taleo Corporation on behalf of its subsidiaries with operations in EU Member States or in the performance of its contracts with Taleo Clients located in EU Member States.
Authorised Signature J Xxxxxx Xxxx Xxxxxx (May 23, 2011) Date May 23, 2011
DATA IMPORTER
Name: Taleo Corporation on behalf of its subsidiaries with operations outside EU Member States
Authorised Signature J Xxxxxx Xxxx Xxxxxx (May 23, 2011) Date May 23, 2011
EN 11 EN
Xxxx Xxxxxx e-Signed 2011-05-23 03:07PM PDT xxxxxxx@xxxxx.xxx Taleo SVP & General Counsel
Waiting for Signature xxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
This Appendix forms part of the Clauses and must be completed and signed by the parties
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
Taleo technical and organisational security measures include: A certified security staff led by CISSP and infrastructure professionals; SSL encryption; Encryption of sensitive data at rest; 24x7 network monitoring; ISO-27001 based policies; SAS 70 Type II certification; Regular third-party security evaluations; Multi-tier, biometrically controlled access to caged environments; Comprehensive corporate and production level security policies; Taleo security training & awareness.
Liability
The parties agree that if one party is held liable for a violation of the clauses committed by the other party, the latter will, to the extent to which it is liable, indemnify the first party for any cost, charge, damages, expenses or loss it has incurred.
Indemnification is contingent upon:
(a) the data exporter promptly notifying the data importer and, if applicable, the subprocessor of a claim; and
(b) the data importer and, if applicable, the subprocessor being given the possibility to cooperate with the data exporter in the defence and settlement of the claim.
DATA EXPORTER
Name: Taleo Corporation on behalf of its subsidiaries with operations in EU Member States or in the performance of its contracts with Taleo Clients located in EU Member States.
Authorised Signature J Xxxxxx Xxxx Xxxxxx (May 23, 2011) Date May 23, 2011
DATA IMPORTER
Name: Taleo Corporation on behalf of its subsidiaries with operations outside EU Member States
Authorised Signature J Xxxxxx Xxxx Xxxxxx (May 23, 2011) Date May 23, 2011
EN 12 EN
Xxxx Xxxxxx e-Signed 2011-05-23 03:07PM PDT xxxxxxx@xxxxx.xxx Taleo SVP & General Counsel
Waiting for Signature xxxxxxxxxxxx@xxxxxxx.xxx
Document Integrity Verified
EchoSign Transaction Number: 2ND6MM7L57497C
