HPE Cloud Volumes
Customer Subscription
Agreement
Effective October 8, 2020
This
Customer Subscription Agreement (the "Agreement") is made and entered
into by and between Hewlett Packard Enterprise Company ("HPE"), and
you (if you are entering into this Agreement as an individual) or the business
entity you represent ("Customer"). If you are entering into this
Agreement on behalf of an entity, you represent and warrant that you have the
legal authority to bind that entity and that entity will be deemed the Customer
for purposes of this Agreement.
Customer
desires to access and use HPE’s cloud based data storage and management
services (the "Services"), and HPE desires to provide the Services to
Customer subject to the terms and conditions of this Agreement. This Agreement
is effective on the earlier of the date Customer clicks the "I
Accept" button, when Customer submits its first order to HPE, or when Customer
commences using the Services (the “Effective Date”).
This Agreement consists of the terms
and conditions of this Customer Subscription Agreement and all applicable
policies, procedures and/or guidelines related to the Services that are posted
on the HPE website at www.hpe.com/storage/cloudvolumes (the "Website") from time to time.
1)
Services
a)
To access and use the Services, Customer
will be required to create an account associated with a valid e-mail address.
Customer may create only one account per email address, although Customer may
establish one or more logins associated with the account. Customer is
responsible for all activities that occur under Customer’s account, regardless
of whether the activities are undertaken by Customer, its employees, or a third
party (including contractors or agents) and HPE and its affiliates are not
responsible for unauthorized access to Customer’s account. Customer will
contact HPE immediately if it believes an unauthorized third party may be using
Customer’s account or if Customer’s account information is lost or stolen.
Customer may terminate Customer’s account and this Agreement at any time in
accordance with Section 15.
b)
Subject
to the terms and conditions of this Agreement, during the term of this
Agreement, HPE will provide Customer access to the Services described in the
applicable order submitted through the Website. Each and all orders Customer
submits to HPE through the Website are deemed to be Customer’s consent to the
terms of this Agreement and constitute Customer’s binding selection of the type
of Services to be provided and all associated specifications, prices, policies
and documentation related to the delivery of the Services.
2)
Use of the Services
a)
Customer may use the Services to
store, process, and retrieve all content (including but not limited text,
audio, video, and images), data, software, applications, technology or other information
provided to HPE by, or on behalf of, Customer or Customer’s end users through
use of the Services ("Customer Data"). Diagnostic Data and Customer
Account Information (both as defined below) are not Customer Data. Customer
acknowledges and agrees that HPE will not be responsible in any manner, and
Customer is solely responsible, for the development, operation, and maintenance
of all Customer Data. Personal Data and Customer Personal Data is defined in
Schedule 1 - HPE Data Privacy and Security Agreement Schedule.
b)
Customer may not (and may not permit
anyone else to): (a) copy, modify, create derivative works of, reverse
engineer, decompile or otherwise attempt to extract the source code for the
Services or any part thereof; (b) attempt to hack, disable or circumvent any
security mechanisms used by the Services; (c) access or use the Services in a
way intended to avoid incurring fees or exceeding usage limits or quotas; or
(d) resell or sublicense the Services.
c)
HPE welcomes feedback, questions,
comments, and suggestions for improvements to the Services (“Feedback”).
Customer grants to HPE a non-exclusive, worldwide, perpetual, irrevocable,
fully-paid, royalty-free, sublicensable and transferable license under any and
all intellectual property rights that Customer owns or controls to use, copy,
modify, create derivative works based upon and otherwise exploit the Feedback
for any purpose.
d)
Customer acknowledges and agrees
that the Services transmit to HPE and/or HPE may collect and use certain
information and diagnostic data in connection with Customer’s use of the
Services, including without limitation system performance, capacity and memory
usage, performance metrics, error and information messages, and Service usage
data related to Customer’s account, such as resource identifiers, metadata
tags, security and access roles, rules, usage policies, permissions, usage
statistics and analytics (“Diagnostic Data”).
e)
Customer acknowledges and agrees
that HPE and HPE’s authorized third party payment processor will also collect
identifying information about Customer, including but not limited to Customer
name, contact information and billing information, to establish and maintain
Customer’s account (“Business Contact Data”).
f)
HPE will not disclose Diagnostic
Data to any third party (other than HPE affiliates, contractors and service
providers working on HPE’s behalf) except in aggregated, anonymized form that
does not link such Diagnostic Data to Customer.
3)
Pre-Release Materials
a)
HPE may make available to Customer
pre-release, evaluation and/or trial services and/or software (“Pre-Release
Materials”). Customer agrees the
Pre-Release Materials: (i) are not to be used in a production environment; (ii)
may or may not ever be made generally available to HPE customers as part of an
update or otherwise; (iii) are not under warranty or support; (iv) are not at
the level of compatibility, performance and/or scalability of the Services as
the case may be; (v) may not operate correctly; and, (vi) may be subject to
additional terms and conditions that are specific to such Pre-Release
Materials. Customer agrees to notify HPE
of any bugs, errors or problems with respect to Pre-Release Materials. Upon
termination or expiration of any evaluation period, Customer will either
convert to a paid contract covering the use of the Services or immediately
terminate use of and/or remove the Pre-Release Materials and Services.
4)
Modifications
a)
Customer agrees HPE may modify any
of the terms and conditions of this Agreement (including any policies), the
Support Schedule and the HPE Data Privacy and Security Agreement Schedule (as
set forth below) at any time and in its sole discretion, by posting a change
notice or a new agreement on the Website. If any modification is unacceptable
to Customer, Customer may stop using the Services. Customer’s continued use of
the Services following the posting of a change notice or revision to this
Agreement on the Website will constitute Customer's binding acceptance of the
change.
b)
Customer will comply with HPE's
policies and guidelines applicable to the use of the Services, as posted on the
Website from time to time. Customer further acknowledges and agrees that HPE
may change, discontinue, deprecate, or remove features or functionality of the
Services from time to time. Without
limiting the foregoing, HPE will notify Customer in advance of any material
change to or discontinuation of the Service.
5)
Fees, Billing and Payment
a)
Customer will pay HPE the applicable
fees and charges for use of the Services as more specifically described on the
Website (which may include through monthly credit card auto-deduction),
administered by HPE’s authorized third party payment processor. HPE may allow
Customer a pre-pay option. HPE may
provide a separate bonus amount to Customer based on the amount of prepaid
services purchased by Customer. If applicable, fees and charges will be applied
towards any bonus credits first. Once the bonus
credit amount has been completely extinguished, fees and charges will be applied against
any prepaid amount, if applicable. Both prepaid amounts and any bonus amounts
expire thirteen (13) months from the purchase date. If applicable, upon
renewal, previous unused prepaid amounts may be extended through the renewal
expiration date. Unused bonus amounts
will not extend beyond their thirteen (13) month expiration date for any
reason. All amounts payable under this Agreement will be made without setoff or
counterclaim, and without any deduction or withholding. Fees and charges for
any new Service or new features of the Services will be effective when HPE
posts updated fees and charges on the Website, unless HPE expressly states
otherwise in a notice. HPE may increase or add new fees and charges for any
existing Services by giving Customer at least fifteen (15) days' advance notice.
If the change is unacceptable to Customer, Customer may stop use of the
Services. If Customer does not cease its
use within fifteen (15) days, the new fees and charges will be deemed accepted
by Customer.
b)
Customer is responsible for any
taxes and duties including VAT and applicable sales tax (other than HPE's
income tax), and Customer will pay HPE the fees without any reduction or
withholding for taxes. If HPE is obligated to collect or pay any taxes, the taxes
will be invoiced to Customer, unless Customer provides HPE with a valid tax
exemption certificate authorized by the appropriate taxing authority.
c)
HPE calculates and bills fees and
charges monthly in arrears, based on the greater of the stated minimum fee for
the Service (as specified on the Website) or Customer’s actual usage of the
Services in the prior month. HPE may bill Customer more frequently for fees
accrued if HPE suspects Customer’s account is at risk of non-payment. Customer
usage charge will be calculated daily, based on Customer’s maximum allocation
of resources for that day, and such charges shall be aggregated and billed on a
monthly basis. Customer will be responsible for all fees and will pay all fees
in U.S. Dollars or in such other currency as agreed to in writing by the
parties. Customer will pay all fees in accordance with the payment terms as
more specifically described on the Website. Late payments hereunder will accrue
interest at a rate of one and one-half percent (1 1/2 %) per month, or the
highest rate allowed by applicable law, whichever is lower. HPE reserves the
right to have Customer complete a credit application to determine Customer’s
creditworthiness as a condition of receiving further Services. If HPE initiates
a collection process to recover fees due and payable hereunder, Customer will
pay all costs associated with such collection efforts. Without limiting the foregoing, Customer is
solely responsible for any third party charges that may be associated with and
external to the Service, including but not limited to Customer’s compute
resources for the applications accessing the Services and data egress usage
from other cloud providers.
6)
Support
a)
HPE will provide support for the
Services in accordance with the support guidelines and/or documentation HPE
makes available through the Website and the applicable service levels set forth
in the Support Schedule attached as Schedule 2 hereto, which may be revised and
updated by HPE from time to time. The Support Schedule provides for certain
service level credits for downtime. Customer agrees that such credits are and
will be Customer’s sole and exclusive remedy under this Agreement and the
Support Schedule.
7)
Confidential Information
a)
Certain information regarding the
Services and HPE’s business, including technical, marketing, financial,
employee, planning, and other confidential or proprietary information, is
considered HPE’s “Confidential Information”. In the event Customer does not
have a current non-disclosure agreement in place with HPE that protects HPE
Confidential Information, then Customer will protect the Confidential
Information from unauthorized dissemination and use with the same degree of
care Customer uses to protect its own like information and, in any event, will
use no less than a reasonable degree of care in protecting such Confidential
Information. Customer will use the
Confidential Information only for those purposes expressly authorized in this
Agreement. Customer will not disclose to third parties the Confidential
Information without the prior written consent of HPE.
8)
Ownership
a)
Customer does not acquire any right,
title or interest in or to any Service, HPE Confidential Information, or other
intellectual property owned or supplied by HPE. Except for the limited licenses
granted hereunder, HPE reserves all rights not expressly granted and no license
for such additional rights is implied or may be assumed.
b)
To the extent Customer discloses,
uses, displays, performs, copies, distributes, creates derivative works of, makes,
sells, or imports any Customer or third party products, data, or Customer Data
using the Services, (i) Customer make the warranties and representations in
Section 9 below; and (ii) HPE does not acquire any right, title or interest
therein other than the limited right to operate such with the Services for
Customer benefit.
9)
Warranties, Representations, Agreements
a)
Customer represents and warrants
that (i) Customer has the full corporate right, power and authority to enter
into this Agreement, (ii) the execution of this Agreement by and the
performance of its obligations and duties hereunder do not and will not violate
any agreement to which Customer is party or by which Customer is bound, and
(iii) when executed and delivered, this Agreement will constitute the legal,
valid and binding obligation of Customer, in accordance with its terms.
b)
In connection with the subject
matter of this Agreement, Customer agrees to comply with all applicable laws
and regulations, including export laws and data transfer laws.
c)
Customer is solely responsible for
the development, content, operation, maintenance, and use of the Customer Data,
including, without limitation: (i) the technical operation of Customer Data;
(ii) compliance of the Customer Data with this Agreement, the HPE Privacy
Statement, and all applicable laws or regulations; (iii) any claims relating to
the Customer Data; and (iv) properly handling and processing notices sent to
Customer by any person claiming that the Customer Data violates such person's
rights, including notices pursuant to the Digital Millennium Copyright Act.
d)
Customer is responsible for properly
configuring and using the Services and taking its own steps to maintain
appropriate security, protection and backup of the Customer Data, which may
include the use of encryption technology to protect the Customer Data from
unauthorized access and routine archiving of the Customer Data. HPE does not
encrypt Customer Data-at-rest. HPE recommends Customer encrypt all Customer
Data within the Services. HPE’s log-in credentials and private keys generated
by the Services are for Customer's internal use only and Customer may not sell,
transfer or sublicense them to any other entity or person, except that Customer
may disclose its private key to its agents and subcontractors performing work
on its behalf.
e)
Customer will be deemed to have
taken any action that Customer permits, assists or facilitates any person or
entity to take related to this Agreement, the Customer Data or use of the
Services. Customer is responsible for its End Users' use of the Customer Data
and the Services. "End User" means any individual or entity that
directly or indirectly through another user: (a) accesses or uses the Customer
Data; or (b) otherwise accesses or uses the Services under Customer's account.
Customer will ensure that all End Users comply with Customer's obligations
under this Agreement and that the terms of Customer's agreement with each End
User are consistent with this Agreement. If Customer becomes aware of any
violation of its obligations under this Agreement by an End User, Customer will
immediately terminate such End User's access to the Customer Data and the
Services.
f)
Customer is responsible for
providing customer service (if any) to End Users. HPE does not provide any
support or services to End Users unless HPE has a separate agreement with
Customer or an End User obligating HPE to provide such support or services.
g)
Customer is
responsible for defining and maintaining its own individualized business
continuity and disaster recovery plans should the Services become unavailable
due to a disruptive event, such as a physical, social or financial disaster. HPE will use commercially reasonable efforts
to prevent disruption to Services and to restore Services as soon as possible.
HPE does not guarantee continuous availability of the Services in the event of
such disruption or disaster.
h)
Customer is
responsible for implementing appropriate backup procedures for all Customer
Data within the Services.
i)
EXCEPT AS EXPRESSLY PROVIDED FOR HEREIN,
THE SERVICES ARE PROVIDED “AS IS”. TO
THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, HPE AND ITS AFFILIATES AND
LICENSORS EXPRESSLY DISCLAIM ANY WARRANTY OF ANY KIND, WHETHER EXPRESS,
IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR USE, AND NONINFRINGEMENT. HPE AND ITS
AFFILIATES AND LICENSORS ARE NOT RESPONSIBLE OR LIABLE FOR THE DELETION OF OR
FAILURE TO STORE ANY CUSTOMER DATA AND OTHER COMMUNICATIONS MAINTAINED OR
TRANSMITTED THROUGH USE OF THE SERVICES. CUSTOMER IS SOLELY RESPONSIBLE FOR SECURING AND BACKING
UP CUSTOMER DATA. HPE AND ITS AFFILIATES AND LICENSORS DO NOT WARRANT
THAT THE OPERATION OF THE SERVICES WILL BE ERROR-FREE OR UNINTERRUPTED OR THAT
CUSTOMER DATA WILL BE SECURE OR NOT OTHERWISSE LOST OR DAMAGED.
10) Limitations of
Liability
a)
HPE AND HPE’S AFFILIATES OR
LICENSORS WILL NOT BE LIABLE TO CUSTOMER FOR ANY INDIRECT, INCIDENTAL, SPECIAL,
CONSEQUENTIAL OR EXEMPLARY DAMAGES, OR FOR ANY LOSS OF PROFITS, GOODWILL, USE,
OR DATA, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
FURTHER, NEITHER HPE NOR ANY OF HPE’S AFFILIATES OR LICENSORS WILL BE
RESPONSIBLE FOR ANY COMPENSATION, REIMBURSEMENT, OR DAMAGES ARISING IN
CONNECTION WITH: (A) CUSTOMER’S INABILITY TO USE THE SERVICES, INCLUDING AS A
RESULT OF ANY (I) TERMINATION OR SUSPENSION OF THIS AGREEMENT OR CUSTOMER’S USE
OF OR ACCESS TO THE SERVICES, (II) HPE’S DISCONTINUATION OF ANY OR ALL OF THE
SERVICES, OR, (III) WITHOUT LIMITING ANY OBLIGATIONS UNDER THE SUPPORT
SCHEDULE, ANY UNANTICIPATED OR UNSCHEDULED DOWNTIME OF ALL OR A PORTION OF THE
SERVICES FOR ANY REASON, INCLUDING AS A RESULT OF POWER OUTAGES, SYSTEM
FAILURES OR OTHER INTERRUPTIONS; (B) THE COST OF PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; (C) ANY INVESTMENTS, EXPENDITURES, OR COMMITMENTS BY
CUSTOMER IN CONNECTION WITH THIS AGREEMENT OR CUSTOMER’S USE OF OR ACCESS TO
THE SERVICES; OR (D) ANY UNAUTHORIZED ACCESS TO, ALTERATION OF, OR THE
DELETION, DESTRUCTION, DAMAGE, LOSS OR FAILURE TO STORE ANY OF CUSTOMER’S
CUSTOMER DATA. IN ANY CASE AND TO THE MAXIMUM EXTENT ALLOWED BY LAW, HPE’S AND
HPE’S AFFILIATES’ AND LICENSORS’ AGGREGATE LIABILITY UNDER THIS AGREEMENT WILL
BE LIMITED TO THE AMOUNT CUSTOMER ACTUALLY PAYS HPE UNDER THIS AGREEMENT FOR THE
SERVICE THAT GAVE RISE TO THE CLAIM DURING THE SIX (6) MONTHS PRECEDING THE
CLAIM.
11) Indemnification
a)
Customer will defend, indemnify, and
hold harmless HPE, HPE’s affiliates and licensors, and each of their respective
employees, officers, directors, and representatives from and against any
claims, damages, losses, liabilities, costs, and expenses (including reasonable
attorneys’ fees) arising out of or relating to any third party claim
concerning: (a) Customer or any End Users’ use of the Services (including any
activities under Customer account and use by Customer employees and personnel);
(b) breach of this Agreement or violation of applicable law by Customer or any
End User; (c) Customer Data or the
combination of Customer Data with other applications, content or processes,
including any claim involving alleged infringement or misappropriation of third-party
rights by Customer Data or by the use, development, design, production,
advertising or marketing of Customer Data; or (d) a dispute between Customer
and any End User. If HPE or HPE’s affiliates are obligated to respond to a
third party subpoena or other compulsory legal order or process described
above, Customer will also reimburse HPE for reasonable attorneys’ fees, as well
as HPE’s employees’ and contractors’ time and materials spent responding to the
third party subpoena or other compulsory legal order or process at HPE’s
then-current hourly rates.
b)
HPE will promptly notify Customer of
any claim subject to Section 11) a), but HPE’s failure to promptly notify
Customer will only affect Customer’s obligations under Section 11) a) to the
extent that HPE’s failure prejudices Customer’s ability to defend the claim.
Customer may: (a) use counsel of Customer’s own choosing (subject to HPE’s
written consent) to defend against any claim; and (b) settle the claim,
provided that Customer obtains HPE’s prior written consent before entering into
any settlement. HPE may also assume control of the defense and settlement of
the claim at any time.
12) Acceptable Use
a)
Customer will comply at all times
with the Website Terms of Use, as modified by HPE from time to time. Customer’s failure to comply with the Website
Terms of Use will be deemed a material breach hereunder and HPE may terminate
or suspend access to the Services based on any such failure at its sole
discretion.
b)
HPE reserves the right, but does not
assume the obligation, to investigate any violation of Website Terms of Use or
misuse of the Services. Without limiting the foregoing or any other remedies
available in the Agreement, if HPE reasonably believes that any Customer Data
violates the law, infringes or misappropriates the rights of any third party or
otherwise violates a material term of the Agreement (including the
documentation, this Agreement, or the Website Terms of Use (“Prohibited
Content”), HPE will notify Customer of the Prohibited Content and may request
such content be removed from the Services or access to it be disabled. If
Customer does not remove or disable access to the Prohibited Content within two
(2) business days of HPE’s notice, HPE may remove or disable access to the
Prohibited Content or suspend the Services to the extent HPE is not able to
remove or disable access to the Prohibited Content. Notwithstanding the
foregoing, HPE may remove or disable access to any Prohibited Content without
prior notice in connection with illegal content, where the content may disrupt
or threaten the Services, pursuant to the Digital Millennium Copyright Act or
as required to comply with law or any judicial, regulatory or other
governmental order or request. In the event that HPE removes content without
prior notice, HPE will provide prompt notice to Customer unless prohibited by
law.
c)
Customer must comply with the
current technical documentation applicable to the Services (including the
applicable developer guides) as posted by HPE and updated by HPE from time to
time on the Website. In addition, if Customer creates technology that works
with a Service, Customer must comply with the current technical documentation
applicable to that Service (including the applicable developer guides) as
posted by HPE and updated by HPE from time to time on the Website.
d)
Customer will ensure that all
information Customer provides to HPE via the Website (for instance, information
provided in connection with Customer’s registration for the Services, requests
for increased usage limits, etc.) is accurate, complete and not misleading.
e)
Customer agrees to provide
information and/or other materials as reasonably requested by HPE to verify
Customer's compliance with this Agreement.
HPE may monitor the external interfaces (e.g., ports) of Customer Data
to verify compliance with the Agreement.
Customer will not block or interfere with HPE’s monitoring, but Customer
may use encryption technology or firewalls to keep Customer’s Customer Data
confidential.
13)
Security and Data Privacy.
a)
Customer may specify the HPE regions
in which Customer Data will be stored. Customer consents to the transfer to and
storage of Customer Data in the HPE regions Customer selects. HPE, HPE
affiliates and third party service providers will not access or use Customer
Data except as necessary to maintain or provide the Services, or as necessary
to comply with the law or a binding order of a governmental body. HPE and
Customer agree to comply with the attached Schedule 1 - HPE Data Privacy and
Security Agreement Schedule - HPE Cloud Volume Services. HPE recommends
Customer notify HPE by emailing CV-PHI@hpe.com
before introducing any sensitive data (including protected health information)
within the Services.
b)
HPE will receive Diagnostic Data as
a result of Customer’s use of the Services.
HPE may use and disclose Diagnostic Data at HPE’s discretion for any
purpose, except where HPE is required to do otherwise under applicable
law. HPE may disclose Diagnostic Data to
HPE affiliates, contractors and service providers who are working on HPE’s
behalf to maintain and provide the Services. HPE also may use or disclose
Diagnostic Data: (i) where it is in an aggregated, anonymized form that does
not link such to a particular customer; or (ii) as HPE believes it to be
necessary or appropriate (a) under applicable law, which may include laws
outside Customer’s country of residence; (b) to respond to a governmental body
or requests from courts, law enforcement agencies, regulatory agencies, and
other public and government authorities, which may include such authorities
outside Customer’s country of residence; (c) to enforce HPE terms and conditions; and (d) to protect HPE rights, privacy, safety or property, and/or
that of HPE affiliates, Customer or
others. “Diagnostic Data” are certain information and diagnostic data in
connection with Customer’s use of the Services, including without limitation
system performance, capacity and memory usage, performance metrics, and error
and information messages, and Service usage data related to Customer’s account,
such as resource identifiers, metadata tags, security and access roles, rules,
usage policies, permissions, usage statistics and analytics that the Services
transmit to HPE and/or HPE may collect and use.
c)
HPE may use affiliates and third
party service providers to perform the Services. Customer understands, agrees and authorizes
HPE to share access to Customer Data and Diagnostic Data with such third
parties to maintain and provide the Services. Upon request, HPE will provide
Customer with a list of current service providers performing hereunder.
14) Third Party Content
a)
Third party content, such as
software applications provided by third parties, may be made available directly
to you by other companies or individuals under separate terms and conditions,
including separate fees and charges. Because HPE may not have tested or
screened the third party content, Customer use of any third party content is at
Customer’s sole risk.
15) Term and Termination
a)
This Agreement will commence on the
Effective Date and continue until terminated in accordance with this Section
15.
b)
HPE may suspend Customer’s or any
End User’s right to access or use any portion or all of the Services
immediately upon notice to Customer if HPE determines: (a) Customer’s or an End User’s use of or
registration for the Services (i) poses a security risk to the Services or any
third party, (ii) may adversely impact the Services or the systems or data of
any other HPE customer, (iii) may subject HPE, HPE’s affiliates, or any third
party to liability, or (iv) may be fraudulent;
(b) Customer is, or any End User is, in breach of this Agreement,
including if Customer is delinquent on Customer’s payment obligations for more
than fifteen (15) days; or (c) Customer
has ceased to operate in the ordinary course, made an assignment for the
benefit of creditors or similar disposition of Customer assets, or become the
subject of any bankruptcy, reorganization, liquidation, dissolution or similar
proceeding.
c)
If HPE suspends Customer’s right to
access or use any portion or all of the Services: (a) Customer remains responsible for all fees
and charges Customer has incurred through the date of suspension; (b) Customer remains responsible for any
applicable fees and charges for any Services to which Customer continues to
have access, as well as applicable data storage fees and charges, and fees and
charges for in-process tasks completed after the date of suspension; (c)
Customer will not be entitled to any service credits under the Support Schedule
for any period of suspension; and (d) HPE will not erase any Customer Data as a
result of Customer’s suspension, except as specified elsewhere in this
Agreement.
d)
HPE’s right to suspend Customer’s or
any End User’s right to access or use the Services is in addition to HPE’s
right to terminate this Agreement pursuant to Sections 15) e) and f).
e)
Either party may terminate this
Agreement for convenience by providing the other party thirty (30) days advanced
written notice.
f)
Either party may terminate this
Agreement for cause upon thirty (30) days advance written notice to the other
party if there is any material default or breach of this Agreement by the other
party, if the defaulting party has not cured the material breach within the
thirty (30) day notice period.
g)
HPE reserves the right to terminate
this Agreement (and/or Customer’s account) or Customer access to the Service or
any APIs and/or Software provided under this Agreement, and to delete Customer
Data: (i) due to a suspension under Section 15) b) above or termination for
cause under Section 15) f); or (ii) immediately if HPE is compelled by court
order or otherwise discover any use of the Services or APIs and/or Software by
Customer that in HPE's reasonable discretion presents a security risk or that
might be the subject of a legal claim or dispute. Upon any termination or
notice of any discontinuance, all of Customer’s rights under the Agreement
immediately terminate, Customer remains responsible for all fees and charges
incurred through date of termination, and Customer agrees to return (or destroy
per HPE’s instruction) all HPE Confidential Information in Customer’s
possession.
h)
Unless HPE terminates all or a portion
of the Services or the Agreement for cause, Customer will have an opportunity,
upon Customer request, to remove all Customer Data from the Services for a
period of thirty (30) days of the termination date of the Customer’s account
(the "Data Removal Period"). HPE may, at HPE's sole option, delete
any and all Customer Data from HPE's cloud servers, website or any other data
storage systems, including without limitation any and all backup copies thereof
post-Data Removal Period. HPE is not responsible for (i) any Customer deletion
of Customer Data (at any time) nor (ii) deletion, destruction, damage, loss or
failure by Customer to backup any Customer Data removed by HPE post Data
Removal Period.
16) Survival
a)
The following sections of this
Agreement and each party’s rights and obligations thereunder will survive any
termination or expiration of the Agreement:
Sections 7-18. The parties'
respective obligations of confidentiality will survive the expiration,
termination or rescission of this Agreement and continue in full force and
effect for one (1) year thereafter.
17) Governing Law/Disputes
a)
This Agreement and any action
related thereto will be governed by the laws of the State of California without
regard to its conflict of law rules. The United Nations Convention for the
International Sale of Goods does not apply to this Agreement.
18) Miscellaneous
Provisions
a)
Customer will not assign this
Agreement, or delegate, sublicense or transfer any of Customer’s rights under
this Agreement, without HPE’s prior written consent. Any assignment in violation of this Section
18) a) will be void. This Agreement will
bind and inure to the benefit of each party's successors and permitted assigns.
b)
Neither party will be deemed to be
an agent of the other party and the relationship of the parties will be that of
independent contractors. Neither party will have any right or authority to
assume any obligations, or to make any representations or warranties, whether
express or implied, on behalf of the other party, or to bind the other party in
any matter whatsoever.
c)
HPE may provide any notice to
Customer under this Agreement by: (i) posting a notice on the Website; or (ii)
sending a message to the email address then associated with Customer’s account.
Notices HPE provide by posting on the Website will be effective upon posting
and notices HPE provide by email will be effective when HPE send the email. It
is Customer’s responsibility to keep Customer’s email address current. Customer
will be deemed to have received any email sent to the email address then
associated with Customer account when HPE sends the email, whether or not
Customer actually receives the email.
d)
Customer may provide HPE notice
under this Agreement by contacting HPE by personal delivery, overnight courier
or registered or certified mail to HPE, Legal Dept., 6280 America Center Drive,
San Jose, California 95002, USA. HPE may update the address for notices to HPE
by posting a notice on the Website. Notices provided by personal delivery will
be effective immediately. Notices provided registered or certified mail will be
effective three (3) business days after they are sent.
e)
All communications and notices to be
made or given pursuant to this Agreement must be in the English language.
f)
This Agreement, together with all
orders, represents the sole, exclusive and integrated mutual statement of
understanding of the parties concerning the Services to be provided hereunder,
and supersedes and cancels all previous and contemporaneous written and oral
agreements and communications between the parties relating to the subject
matter of this Agreement. HPE will not
be bound by any term, condition or other provision which is different from, or
in addition to the provisions of this Agreement and which is submitted by
Customer in any order, receipt, acceptance, confirmation, correspondence or
other document.
g)
If any provision of this Agreement,
or a portion thereof, will be adjudged by a court of competent jurisdiction to
be unenforceable or invalid, that portion will be eliminated or limited to the
minimum extent necessary so that this Agreement will remain in full force and
effect and enforceable.
h)
Except for performance of a payment
obligation, neither party will be liable under this Agreement for delays,
failures to perform, damages, losses or destruction, or malfunction of any
equipment, or any consequence thereof, caused or occasioned by, or due to fire,
earthquake, flood, water, the elements, labor disputes or shortages, utility
curtailments, power failures, explosions, civil disturbances, acts of war or
terror, governmental actions, shortages of equipment or supplies,
unavailability of transportation, acts or omissions of third parties, or any
other cause beyond its reasonable control. If the force majeure continues for
more than thirty (30) calendar days, then either party may terminate the
Agreement for convenience upon written notice to the other party.
i)
Customer will, in connection with
Customer's use of the Services, comply with all applicable export and re-export
control laws and regulations, including the Export Administration Regulations,
the International Traffic in Arms Regulations, and country-specific economic
sanctions programs implemented by the Office of Foreign Assets Control.
j)
HPE may use Customer’s name and logo
in HPE’s marketing materials, website(s) and communications, subject to
Customer’s then-current trademark usage guidelines, for the purpose of
indicating Customer is a user of the Services.
SCHEDULE 1
HPE Data Privacy and Security Agreement Schedule
HPE Cloud Volume Services
This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection with the Services on Customer’s behalf and is made a part of the Agreement.
1. This DPSA forms part of the Agreement. To the extent there are any conflicts between the terms of this DPSA and the Agreement, the DPSA shall prevail.
2. Definitions:
2.1. “Personal Data” or “Customer Personal Data” means any (Customer) information relating to an identified or identifiable natural persons or as otherwise defined in applicable Privacy Laws that Customer will provide to HPE for Processing on Customer's (or the applicable Controller's) behalf, which may include protected health information covered by Health Insurance Portability and Accountability Act 1996 (“HIPAA”).
2.2. “Binding Corporate Rules – Processors or BCR-P” means the Intercompany Agreement and the applicable policies and procedures which form HPE's Binding Corporate Rules for Processors as they apply to the Customer and as developed, amended or updated by HPE from time to time in accordance with the applicable Working Documents adopted by the Article 29 Working Party (and subsequently the European Data Protection Board). A copy of the documentation comprising the BCR-P, which is incorporated by reference and is an integral part of this DPSA, will be made available by HPE upon a Customer’s written request.
2.3. “Business Contact Data” means contact information of Customer's representatives for invoicing, billing, and other business inquiries, (ii) information required for payment and its processing, (iii) information on Customer's usage of Services, and (iv) other information that HPE collects and needs to communicate with Customer.
2.4. “Controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the Processing of Personal Data; where the purposes and means of Processing are determined by applicable Privacy Law, the Controller or criteria for the Controller’s nomination will be as designated by applicable Privacy Law.
2.5. “General Data Protection Regulations or GDPR” means Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (and its implementing legislation), with effect from 25th May 2018
2.6. “HIPAA” means the federal Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. ss 1320d-1320d-8.
2.7. “Intercompany Agreement” means the intercompany agreement on the Processing and Transfer of HPE Customer owned Personal Data entered into by HPE companies.
2.8. “Privacy Laws” mean all applicable laws and regulations relating to the Processing of Personal Data and privacy that may exist in the relevant jurisdictions, including HIPAA and the GDPR.
2.9. “Processor” means any natural or legal person, public authority, agency, or other body which Processes Personal Data on behalf of a Controller or on the instruction of another Processor acting on behalf of a Controller.
2.10. “Process,” “Processing,” or “Processed” means an operation or set of operations performed on or with Personal Data whether or not by automatic means (including, without limitation, accessing, collecting, recording, organizing, retaining, storing, adapting or altering, retrieving, consulting, using, disclosing, making available, aligning, combining, blocking, erasing, and destroying Personal Data) and any equivalent definitions in Privacy Law to the extent that such definition should modify this definition.
2.11. "Relevant Country" means a third country outside of the EEA, Switzerland and the UK (once the UK has ceased to be a member state of the EU) which has not been given an adequacy finding pursuant to Article 45 of the GDPR.
2.12. “Special Category Data” means Customer Personal Data which relates to an individual's racial/ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health, sexual life, biometric data (if used for the purpose of uniquely identifying an individual) or genetic data.
3. Appointment and Instructions:
3.1. HPE shall Process Customer Personal Data as necessary to provide the Services and to meet HPE's obligations under this DPSA, the Agreement, and applicable Privacy Law as a service provider and Processor of Customer Personal Data. Details of the Processing including the subject matter, purpose and duration of the Processing the types of personal data and categories of data to whom the data are set out in Exhibit A.
3.2. HPE shall Process Customer Personal Data in accordance with Customer’s instructions as set out in this DPSA, the Agreement, or other documented instructions between HPE and Customer. Potential costs and charges associated with such additional instructions shall be agreed pursuant to the terms of the Agreement.
3.3. HPE may Process Customer Personal Data other than on the instructions of Customer if it is required under law applicable to HPE. In this situation, HPE shall inform Customer of such a requirement before HPE Processes Customer Personal Data unless the law prohibits this on important grounds of public interest. If HPE is unable to comply with Customer’s instructions or this DPSA due to changes in legislation or, if HPE believes (without having to conduct a comprehensive legal analysis) that any instruction from Customer will violate applicable law or for any other reason, HPE shall promptly notify Customer in writing.
3.4. HPE acknowledges that HPE has no right, title, or interest in Customer Personal Data (including all intellectual property or proprietary information contained therein). HPE may not sell, rent, or lease Customer Personal Data to anyone.
3.5. If Customer uses the Services to Process any categories of data not expressly covered by this DPSA, Customer acts at its own risk and HPE shall not be responsible for any potential compliance deficits related to such use.
4. Compliance with laws
4.1. The Parties shall at all times comply with their respective obligations under this DPSA and Privacy Laws that apply to their respective processing of Personal Data. In addition, if HPE interacts with Protected Health Information as defined under the Health Insurance Privacy and Portability Act, the parties agree to comply with the terms of the Business Associate Agreement found at www.hpe.com/info/customer-privacy.html.
4.2. HPE shall also comply with all applicable laws and HPE’s privacy policy with respect to the Processing of Business Contact Data and use Business Contact Data only for legitimate business purposes, including, without limitation, invoicing, collections, service usage monitoring and optimization, service improvements, maintenance, support, communications relating to contract renewals (directly or through a subprocessor acting on HPE’s behalf or an HPE approved reseller for contract renewal purposes), and information about new and additional services.
4.3.
Where HPE discloses its personnel’s personal
data to Customer or HPE personnel provide their personal data directly to
Customer, which Customer Processes to manage its use of the Services, Customer
shall Process that data in accordance with its privacy policies and applicable
Privacy Laws. Such disclosures shall be made by HPE only where lawful for the
purposes of contract management, service management, or Customer’s reasonable
and lawful background screening verification or security purposes.
5. Security
5.1. HPE shall implement and maintain the physical, technical, and organizational security measures set out in Exhibit A, as may be supplemented or modified in the applicable transaction document, to protect Customer Personal Data and Business Contact Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure, or access.
5.2. Customer acknowledges that HPE may change the security measures through the adoption of new or enhanced security technologies and authorises HPE to make such changes provided that they do not diminish the level of protection. HPE shall make information about the most up to date security measures applicable to the Services available to Customer upon request.
6. Subprocessing and Location of Processing
6.1. Customer authorises HPE to engage affiliated and unaffiliated subprocessors (“Subprocessors”) to perform some or all of its obligations under the Agreement. Only where necessary to provide the Services, HPE will provide its Subprocessors with access to Customer Personal Data. HPE will provide its affiliates and subcontractors with access to Customer Personal Data. HPE shall make details of the identity of its affiliated and third party subcontractors and the processing locations available to Customer via a website easily accessible to Customer.
6.2. The Subprocessors applicable to the Services and location of processing can be found at www.hpe.com/info/customer-privacy.html and are deemed as approved by Customer. Customer will subscribe to HPE’s notification tool on the above website, and in the event of changes to approved Subprocessors, HPE will notify Customer via the notice subscription tool. Customer shall have ten (10) business days from receipt of the information on Subprocessors to object to the appointment or replacement of a Subprocessor, and the parties shall use all reasonable endeavours to resolve Customer’s objection. If the parties fail to resolve Customer’s objection within a reasonable period of time, the matter shall be addressed pursuant to the dispute resolution procedure in the Agreement. In case HPE and customer fail to agree on an amicable resolution to the proposed subprocessor change, HPE shall have a right to terminate the contract without further obligations.
6.3. HPE shall conduct appropriate due diligence of its Subprocessors and execute valid, enforceable, and written contracts with Subprocessors requiring the Subprocessor to abide by terms no less protective than those in this DPSA regarding the Processing and protection of Customer Personal Data (including the EU Model Contract terms relating to data importers in the case of an onward transfer of EU, EEA, or Swiss Personal Data to a non-adequate country).
6.4. HPE remains responsible for the acts and omissions of the affiliates and Subprocessors it engages to provide the Services to Customers giving rise to a breach of this DPSA as if they were its own acts or omissions.
7. Audit and Assurance
7.1. HPE shall arrange for audits of HPE's data
Processing and protection practices to confirm compliance with applicable
Privacy Law by reputable third party auditors and provide Customer with a
report summary and additional information on request.
7.2. Customer shall have the right to conduct
additional audits of HPE’s compliance with its obligations under this DPSA in
accordance with the Agreement. The audit rights are generally exercised in
consultation with HPE. HPE is obliged to assist Customer in such audits and any
audits of the competent authorities. These audits must be carried out in
consideration of the business processes and HPE's need for security and
confidentiality.
7.3. Certain information about HPE’s
security standards and practices are sensitive confidential information which
will not be disclosed by HPE to Customer.
Upon request, HPE agrees to respond, no more
than once per year, to a reasonable information security questionnaire
concerning security practices specific to the Services provided hereunder.
7.4. On Customer’s request, HPE shall within a reasonable timeframe make appropriate information available to Customer to demonstrate its compliance with applicable Privacy Law, save where that information is readily available to Customer direct through its use of the Services.
8. Providing Customer Assistance
8.1. At Customer's request HPE shall cooperate with Customer and provide Customer with assistance necessary to facilitate the Processing of Customer Personal Data in compliance with Privacy Laws applicable to Customer in relation to HPE Services, including by way of example:
8.1.1. assist
Customer by implementing appropriate and reasonable technical and
organizational measures, insofar as this is possible, to assist with Customer's
obligation to respond to requests from individuals seeking to exercise their
rights under the Privacy Laws applicable to Customer;
8.1.2. provide
reasonable assistance to Customer in Customer's assessment and implementation
of appropriate technical and organizational measures to ensure a level of
security appropriate to the risks represented by the Processing and the nature
of Customer Personal Data;
8.1.3.
the notification of Security Incidents pursuant
to Exhibit A;
8.1.4.
provide reasonable assistance to Customer in
carrying out a privacy impact assessment.
8.2. If Customer requests cooperation or assistance pursuant to this Section, Customer shall notify HPE in writing of the requirements and formulate Customer's instructions. HPE shall respond within a reasonable period of time and provide Customer with approximate time and fee estimates for the implementation of any changes necessary to accommodate Customer's compliance needs. To the extent that compliance with this Section constitutes a change to the scope of the Services, the parties shall, acting reasonably, agree on appropriate change order.
9. Data Return or Destruction Service
9.1.
Upon
termination of the Agreement, HPE shall at the election of Customer return or
delete Customer Personal Data and HPE shall not retain copies of Customer
Personal Data unless otherwise agreed with Customer or where it is required to
do so under applicable law, in which case HPE shall stop actively Processing
the data and maintain the security and confidentiality of the data.
10. International Transfers of EU Customer Personal Data
10.1.
The
Customer acknowledges that as part of the Services the EU Customer Personal
Data may be processed in or accessed from the US or another Relevant Country.
10.2.
Where
this involves any HPE company based in a Relevant Country and the Customer is
established in the EU/ EEA/Switzerland/UK the Customer wishes to rely on HPE's
BCR-P in relation to the transfer of the EU Customer Personal Data to the
Relevant Country in connection with the provision of the Services. Accordingly
the parties have agreed that:
10.2.1.
HPE
(and any other HPE company whom the Customer authorizes to Process EU Customer
Personal Data pursuant to Clause 4 of this DPSA) may receive and/or transfer EU
Customer Personal Data to the Relevant Country in accordance with the BCR-P;
and
10.2.2.
the
BCR-P shall be binding to the Customer by means of the third party rights set
out in Clause 4.1 of the BCR-P which shall include the right to enforce the
BCR-P against HPE
including judicial remedies and the right to receive
compensation.
10.3.
Customer
shall:
10.3.1.
ensure
that if the transfer involves Special Category Data, that EU Data Subjects have
been informed of the transfer, or will be informed before the transfer, that
this Special Category Data could be transmitted to a Relevant Country; and
10.3.2.
inform
EU Data Subjects regarding the existence of Processors outside of the EU/EEA/Switzerland/UK
and of Customer's reliance on the BCR-P as required by Privacy Laws and shall
make available to EU Data Subjects upon request a link to HPE's BCR Rights
Notice at https://www.hpe.com/uk/en/privacy/binding-corporate-rules.html .
Exhibit A - Cloud Volume Services Data
Processing
In this Exhibit, HPE describes the terms
specific to Cloud Volume Services, including its commitment to technical and
organizational security measures to protect Customer Personal Data.
|
HPE
performs the following Personal Data Processing as part of Services |
As part of providing
customer access and use of HPE’s cloud based storage and management services,
HPE may have access to data stored within Customer’s business
applications through Customer’s use of the Cloud Volume Services.This data may include Customer Personal
Data. |
|
Type
of Customer Personal Data Processed |
The type of Personal Data Processed will
depend on the data the Customer has stored through their use of the Cloud
Volume Services and may include sensitive Personal Data. |
|
Categories
of Data Subjects |
Any data subject whose
Personal Data is stored by the Customer through use of the Cloud Volume
Services including, without limitation, Customer’s clients, end users,
employees, contractors, and temporary workers. |
|
Duration
of Processing |
HPE shall process Customer Personal Data for the duration of the customer subscription agreement and any applicable transaction document(s). |
|
Security Measures |
HPE shall maintain the following
information and physical security program for the protection of Customer
Personal Data. |
1.1. HPE implements reasonable measures designed to help secure Customer
Personal Data against accidental or unlawful loss, access or disclosure. HPE,
HPE affiliates and third party service providers will only use Customer Data to
maintain or provide the Cloud Volume Services.
1.2. Customer may specify the HPE regions in which Customer Data will be
stored. Customer consents to the transfer to and storage of Customer Data in
the HPE regions Customer selects. HPE, HPE affiliates and third party service
providers will not access or use Customer Data except as necessary to maintain
or provide the Cloud Volume Services, or as necessary to comply with the law or
a binding order of a governmental body.
1.3. HPE will not (a) disclose Customer Data to any government or third
party (other than HPE affiliates and service providers) or (b) store Customer
Data in a region other than the HPE regions selected by Customer; except in
each case as necessary to comply with the law or a binding order of a
governmental body. Unless it would violate the law or a binding order of a
governmental body, HPE will give Customer notice of any legal requirement or
order referred to in this Section.
1.4. HPE may use affiliates and third party service providers to perform the
Services. Customer understands, agrees and authorizes HPE to share access to
Customer Data with such third parties to maintain and provide the Services.
1.5. HPE will provide Customer with a list of current service providers
performing the Services in accordance with Section 6.2 of this Agreement.
1.6. Computers and servers have reasonable up-to-date versions of system
security software which may include host firewall, anti-virus protection, and
up-to-date patches and virus definitions.
Software is
configured to scan for and promptly remove or fix identified findings. HPE
maintains logs of various components of the infrastructure and an intrusion
detection system to monitor, detect, and report misuse patterns, suspicious
activities, unauthorized users, and other actual and threatened security risks.
1.7.
Employees
and contractors are trained on HPE’s privacy and security policies and made
aware of their responsibilities with regard to privacy and security practices.
HPE employees and contractors are contractually bound to maintain the
confidence of Customer Personal Data and comply with applicable HPE policies,
standards, or requirements in relation to the Processing of Customer Personal
Data. Failure to comply with those policies, standards, or requirements will be
subject to investigation which may result in disciplinary action up to and
including termination of employment or engagement by HPE.
1.8.
The
processing of Customer’s payment card for Services payments shall comply with
the Payment Card Industry Data Security Standard ("PCI DSS") version
in effect at the time of signing the Customer Subscriber Agreement. Future versions of PCI DSS shall be
implemented in accordance with change control terms under that Agreement.
1.9.
In
the event HPE confirms a security breach leading to the accidental or unlawful
destruction, loss, alteration, or unauthorized disclosure of, or access to,
Customer Personal Data (“Security Incident”), HPE will:
1.9.1.
without
undue delay, notify Customer of the Security Incident. HPE will provide Customer with updates on the
status of the Security Incident until the matter has been remediated. The
reports will include, without limitation, a description of the Security
Incident, actions taken, and remediation plans.
If Customer becomes aware of a Security Incident that affects the
Services, Customer shall promptly notify HPE of such and inform HPE of the
scope of the Security Incident by reporting a security vulnerability here: https://www.hpe.com/us/en/services/security-vulnerability.html
1.9.2.
at
the request and cost of the Customer, (i) provide reasonable assistance to the Customer
in notifying a security breach to the supervisory authority competent under the
Privacy Laws applicable to the Customer; and (ii) provide reasonable assistance
to the Customer in communicating a data breach to data subjects in cases where
the data breach is likely to result in a high risk to the rights and freedoms
of individuals.
Schedule 2 - SUPPORT
SCHEDULE
In the event of a conflict between
the terms of this Support Appendix and the terms of the Agreement or other
agreement with HPE governing Customer’s use of HPE’s Services, the terms and
conditions of these Support Schedule apply, but only to the extent of such
conflict. Capitalized terms used herein but not defined herein will have the
meanings set forth in the Agreement.
1.1.
Subject to Customer’s payment of the
applicable purchase price for support, HPE Storage or its designated support
partners will provide support to Customer for so long as Customer has
subscribed to the Services. In the event
that Customer fails to pay for support in a timely basis, then without limiting
HPE’s other rights and remedies, HPE reserves the right to immediately suspend
or discontinue support.
1.2 From
time to time, HPE may apply upgrades, patches, bug fixes or other maintenance
to the Services (“Maintenance”). HPE will use reasonable efforts to provide Customer with
prior notice of any scheduled Maintenance (except for emergency Maintenance)
and Customer agrees to use reasonable efforts to comply with any Maintenance
requirements that HPE notifies Customer about.
1.3
HPE
or its designated support partners will provide telephone and e-mail support
for the use of the Services twenty-four hours a day, seven days a week. Such support will be provided solely to the
Customer individual(s) assigned to the volume or the Service account (as the
case may be), and will consist of answering questions regarding the proper
operation of the Services, providing troubleshooting assistance, and rendering
general information, advice, and instructions in connection with the use of the
Services. HPE will have no obligation to accept calls or messages directly
from, or otherwise interact directly with, personnel other than those Customer
individuals assigned to the volume and/or Service account.
1.4
As
a condition to all of HPE’s obligations under this Support Appendix, Customer
will provide the following:
1.4.1
Customer
will (a) provide HPE, at its request, with reasonable access to appropriate personnel,
records, network resources, and maintenance logs; and (b) comply with HPE’s
instructions regarding the use of the Services.
1.4.2
Customer
agrees and acknowledges that HPE’s obligations under this Support Appendix is
limited to the Services, and that HPE is not responsible for the operation and
general maintenance of Customer’s computing environment. Customer will also be
responsible for activities related to data backup, and Customer will ensure
that all necessary data backup functions have been performed. HPE will not be responsible for any losses or
liabilities arising in connection with any failure of data backup processes.
1.4.3
Notwithstanding
anything to the contrary in this Support Appendix, HPE will have no obligation
to provide any support to Customer to the extent that such support arises from
or relate to any conditions that are listed as a Service Commitment Exclusion
(as defined below).
Standard
Response Levels
The below describes the HPE support
offerings that are available for purchase by Customer for the Services. Such offerings are available subject to HPE’s
then-current technical support policies, which may be updated by HPE from time
to time.
|
Type of Response |
Response Time |
Restrictions/Special Terms |
|
Enterprise |
·
P1*:
Telephone response in 30 minutes or less with immediate escalation to
Engineering, if required ·
P2:
Response in 2 business hours or less ·
P3:
Response in 8 business hours or less ·
P4:
Next business day (Monday through Friday) *Customer must telephone
Support to establish a P1 case |
· FAQ and documentation available through the Website · Available seven (7) days each week, twenty-four (24) hours each day - including holidays
(telephone and email) · 24 x 7 Engineering Escalation Support |
P1: Not
serving data or severe performance degradation, inability to create a new
volume
P2:
Performance degradation or intermittent software faults or network degradation
P3: Issue
or defect causing minimal business impact
P4: Request for information; administrative
requests, billing and credit inquiries
Uptime
Service Level Agreement
This Uptime Service
Level Agreement (“SLA”) applies separately to each account using the Services.
Unless otherwise provided herein, this SLA is subject to the terms of the
Agreement and capitalized terms will have the meaning specified in the
Agreement. HPE reserves the right to change the terms of this SLA in accordance
with the Agreement.
Service Commitment
HPE will use
commercially reasonable efforts to make the Service available with a Monthly
Uptime Percentage (as defined below) of at least 99.95%, during any monthly
billing cycle (the “Service Commitment”). In the event HPE does not meet the
Service Commitment, Customer will be eligible to receive a Service Credit as
more fully described below.
Definitions
·
“Monthly Uptime Percentage” is
calculated by subtracting from 100% the percentage of minutes during the month
in which the Service was Unavailable to Customer. Monthly Uptime Percentage
measurements exclude downtime resulting directly or indirectly from any SLA
Exclusion (defined below).
- “Unavailable” and “Unavailability” means when all of
your attached volumes perform zero read write IO, with pending IO in the
queue.
- “Service Credit” is a dollar credit, calculated as set
forth below, that HPE may credit back to an eligible account.
Service Credits
Service Credits are calculated as a percentage of the
total charges paid by you for the affected Service for the monthly billing
cycle in which the Unavailability occurred in accordance with the schedule
below.
|
Monthly Uptime Percentage |
Service Credit Percentage |
|
Less than 99.95% but equal to or greater
than 99.0% |
10% |
|
Less than 99.0% |
30% |
HPE will apply any
Service Credits only against future Service payments otherwise due from
Customer. At HPE’s discretion, HPE may issue the Service Credit to the credit
card Customer used to pay for the billing cycle in which the Unavailability
occurred. Service Credits will not entitle Customer to any refund or other
payment from HPE. A Service Credit will be applicable and issued only if the
credit amount for the applicable monthly billing cycle is greater than one US
dollar ($1 USD). Service Credits may not be transferred or applied to any other
account. Unless otherwise provided in the Agreement, Customer’s sole and
exclusive remedy for any unavailability, non-performance, or other failure by
HPE to provide the Service is the receipt of a Service Credit (if eligible) in
accordance with the terms of this SLA.
Credit Request and
Payment Procedures
To receive a Service
Credit, Customer must submit a claim by opening a case with HPE support. To be
eligible, the credit request must be received by HPE by the end of the second
billing cycle after which the incident occurred and must include:
- the
words “SLA Credit Request” in the subject line;
- the
dates and times of each incident of Unavailability the Customer is
claiming; and
- Customer
documentation that corroborates Customer claimed outage (any confidential
or sensitive information in these materials should be removed).
If the Monthly Uptime
Percentage applicable to the month of such request is confirmed by HPE and is
less than the applicable Service Commitment, then HPE will issue the Service
Credit to Customer within one billing cycle following the month in which
Customer request is confirmed by HPE. Customer failure to provide the request
and other information as required above will disqualify Customer from receiving
a Service Credit.
HPE SLA Exclusions
The Service Commitment does not apply to any unavailability, suspension or termination of the Service, or any other Service performance issues: (i) that result from a suspension of Services and/or support as described in the Agreement; (ii) caused by factors outside of our reasonable control, including any force majeure event or Internet access or related problems beyond the demarcation point of the Service; (iii) that result from any actions or inactions of Customer or any third party; (iv) that result from Customer equipment, software or other technology and/or third party equipment, software or other technology (other than third party equipment within our direct control); or (v) arising from our suspension and termination of Customer right to use Service in accordance with the Agreement (collectively, the “HPE SLA Exclusions”). If availability is impacted by factors other than those used in HPE’s calculation of the Unavailability, then HPE may issue a Service Credit considering such factors at HPE’s discretion.