Last revised: 07/10/23
These Otava Cloud Backup Services – Product Terms of Use (“Product Terms”) are entered into by and between Otava, LLC (“Otava”) and the Client on the effective date set forth on the applicable Sales Order (“Effective Date”). These Product Terms provide terms and conditions specific to Otava Cloud Backup Services and are not intended to replace or supersede the Master Agreement between Parties, unless expressly agreed upon in writing by both Parties. Client understands that these Product Terms are legally binding upon Client where Client’s Sales Order includes Otava Cloud Backup Services as a line item, and Client agrees to be bound thereby. Otava and Client are referred to herein collectively, as the “Parties” and individually, each a “Party.”
2.1. “Agreement” means the Master Agreement entered into between Parties, as applicable, together with these Product Terms, Statements of Work, if any, and all product-specific terms linked to or referenced in the Agreement.
2.2. “Assisted Recovery” means that certain support service provided by Otava whereby Otava assists Client with the restoration of backups into the Otava Cloud.
2.3. “Master Agreement” means The General Terms of Sale, the Master Service Agreement, or the Master Terms, as applicable, between Parties.
2.4. “Microsoft 365 Objects” means those certain objects stored in the Microsoft 365TM or Office 365® cloud environment that are supported by Client’s version of the Veeam Backup for Microsoft Office 365 software for backup into the Otava Cloud. Microsoft 365 Objects does not include any Microsoft or Office objects stored in Client’s on-premise environment.
2.5. “Otava Cloud” means the infrastructure-as-a-service infrastructure that is controlled and maintained by Otava and which Otava uses to deliver the Otava Cloud Backup Service. Otava Cloud does not include any equipment, hardware, or software which operates outside of Otava’s premises.
2.6. “Otava Cloud Backup” means, collectively and individually, Otava Cloud Backup Powered by Veeam and Otava Cloud Backup for Microsoft.
2.7. “Otava Cloud Backup Powered by Veeam” means one of the following Service offerings purchased by Client pursuant to a separate Addendum signed by an authorized representative of each Party: (a) Otava Cloud Connect Repository as further described in Section 3.1; (b) Otava Cloud Backup Self-Managed as further described in Section 3.2; or (c) Otava Cloud Backup Otava-Managed as further described in Section 3.3.
2.8. “Otava Cloud Backup for Microsoft 365” means the Otava Cloud Backup for Microsoft 365 Service offering further described in Section 3.4, which is purchased by Client pursuant to a separate Addendum signed by an authorized representative of each Party.
2.9. “Portal” means that certain web-based portal that Otava may make available to Client to access and manage Services.
2.10. “Sales Order” means a separately executed document that describes the Services to be performed by Otava.
2.11. “Services” means the services purchased by Client from Otava as set forth in one or more Sales Orders.
2.12. “Veeam Backup for Microsoft Office 365” or “VBO” means that certain software made available by Veeam to enable backups of Microsoft 365 Objects.
2.13. “Veeam Software” means software owned or licensed by Veeam. Veeam Software includes that certain Veeam Backup for Microsoft Office 365 software. Veeam Software does not include that certain Veeam M365 Restore Software, as it may be renamed from time to time.
3.1. Otava Cloud Connect Repository. The Otava Cloud Connect Repository is a backup and replication service that leverages the Veeam Cloud Connect® software and enables clients with on-premise Veeam deployments to replicate native Veeam backups into the Otava Cloud (“Otava Cloud Connect Repository”, which will be deemed a “Service”). The Otava Cloud Connect Repository Service permits Client to backup within Client’s local on-premise environment (i.e., within the four walls where the data originated) as well as to backup and replicate into the Otava Cloud, separate from any of Client’s local storage. Additionally, Client may recover into Client’s local, on-premise environment and may request that Otava provide Assisted Recovery to recover into the Otava Cloud. The Otava Cloud Connect Repository Service does not permit Client to recover into the Otava Cloud without Otava’s assistance and if Client desires to do so, Client must provide Otava with a written request for Assisted Recovery. Client understands that any Assisted Recovery provided pursuant to Client’s request will be billed to Client as further described in Section 5.2(ii) (Other Fees). The Otava Cloud Connect Repository Service permits Client to have direct control over backup and retention schedules and Client is solely responsible for properly scheduling and testing backup and retention. In addition to Section 4 (Additional Service Terms), Client understands that to use Otava Cloud Connect Repository, Client must also maintain a Veeam license that supports or permits the use of Veeam Cloud Connect for each virtual machine (“VM”) and physical machine that Client wishes to have backed up and replicated and that such license must be a version deemed by Veeam to be compatible with the version of Veeam software in use by the Otava Cloud Connect Repository. Client may purchase such licenses from Otava or from another vendor. Otava will provide Client with such licenses only if the Sales Order expressly includes such licenses as a line item.
3.2. Otava Cloud Backup Self-Managed. The Otava Cloud Backup Self-Managed Service is a backup and replication Service that leverages Veeam software and permits Client to self‑manage Client’s backup and replication Services in the Otava Cloud (“Otava Cloud Backup Self-Managed” or “OCB Self-Managed”), which will be deemed a “Service.” The OCB Self-Managed Service permits Client to backup directly within the Otava Cloud and to recover into the Otava Cloud deployment from where the relevant data originated. For example, if Client’s OCB Self-Managed deployment includes Otava Cloud backup and recovery Services at Otava’s Austin, Texas data center, then Client may self-recover into the Austin, Texas data center. However, if, under such circumstances, Client desires to recover into Otava’s Indianapolis, Indiana data center, then Client must provide Otava with a written request for Assisted Recovery. Any Assisted Recovery provided pursuant to Client’s request will be billed to Client as further described in Section 5 (Other Fees). Recovery into Client’s local, on-premise environment is not available with the OCB Self‑Managed service offering. In using the OCB Self-Managed service, Client will have direct control over backup and retention schedules and Client is solely responsible for properly scheduling and testing backup and retention.
3.3. Otava Cloud Backup Otava-Managed. Otava Cloud Backup Otava-Managed Microsoft 365 Cloud Backup. The Otava Cloud Backup for Microsoft 365 Service is a backup Service that leverages the Veeam Backup for Microsoft Office 365 software to enable backups of Client’s Microsoft 365 Objects in the Otava Cloud (“Otava Cloud Backup for Microsoft 365” or “OCB for Microsoft 365”, which will be deemed a “Service.” ). Under the OCB for Microsoft 365 Service, Otava manages the backup and retention for those certain Microsoft 365 Objects that Client stores in the Microsoft 365 or Office 365 cloud environment. Unless otherwise provided in an applicable Sales Order, such backups are performed one time per day. Notwithstanding the foregoing, Client understands that if Client’s Microsoft 365 or Office 365 cloud environment is multi-geo configured, then a failover will result in a full backup on the next backup job run, which may result in (a) Client consuming more data and thereby incurring additional fees; and (b)Otava missing the recovery point objective, if any, set forth in the Sales Order, and Otava will not have any liability for any such missed recovery point objective under such circumstances. Further, the duration of the retention will be for the period specified in the Sales Order (for the OCB for Microsoft 365 Service). Client may, upon written request made through a Service ticket through the Portal, modify the number of backups as well as the duration of the retention period, provided that Client understands that (i) each repository on a VBO may only have one retention policy; (ii) a VBO may have multiple repositories; and (iii) any such change or resulting configuration change (e.g., creation of two repositories) may result in Client being charged additional fees. Client will, at its sole cost and expense, provide Otava with access credentials to the Client Microsoft account that stores the relevant Microsoft 365 Objects (the “Otava Designated Credentials”), with such access credentials to be unique to Otava and with all necessary rights to permit Otava to perform the OCB for Microsoft 365 Services. Client will either exempt the Otava Designated Credentials from Client’s password reset policy or otherwise coordinate any such password reset with Otava as required by Otava to permit Otava to timely perform the OCB for Microsoft 365 Services. As between the Parties, Client is solely responsible for managing and performing the restores of the Microsoft 365 Objects backed up under the OCB for Microsoft 365 service and testing such restore functionality. To manage, perform, and test such restores, Client must use the restore software made available by and downloadable from Veeam (e.g., Veeam Explorers) (“Veeam M365 Restore Software”) and connect the Veeam M365 Restore Software to the applicable Microsoft 365 Objects repository in the Otava Cloud. Client restores may be made into Client’s Microsoft 365 or Office 365 environment, into a Client server, or such other location as permitted by the Veeam M365 Restore Software. Assisted Recovery is not available for the OCB for Microsoft 365 Service and the OCB for Microsoft 365 Service is not available for Client’s on-premise environment.
4.1 License Terms.
4.1.1 License. Client agrees and understands that the Otava Cloud Backup Service relies on certain Veeam Software. Except as otherwise set forth in these Product Terms, Client will use the Otava provided service provider license for all Otava Cloud Backup Powered by Veeam deployments, which is based on the Veeam Backup and Replication Enterprise Edition license (“Veeam Enterprise License”). Other than the Veeam M365 Restore Software, Client does not require any separate Veeam Software license for the OCB for Microsoft 365 Service, which license for the applicable Veeam Software is bundled into the OCB for Microsoft 365 Service. Client understands that Client’s use of Otava Cloud Backup and Veeam M365 Restore Software requires Client to accept the Veeam end user license agreement (“Veeam EULA”), which may be made available to Client at https://www.veeam.com/eula.html. Otava does not control, endorse, or accept responsibility for the Veeam Software, the Veeam M365 Restore Software, or the Veeam EULA. Client will comply with the terms and conditions of the Veeam EULA, as may be amended by Veeam from time to time.
4.1.2. Restrictions. Client agrees that Client will not (a) exceed the scope of the uses permitted by the applicable Veeam EULA; (b) decompile, decrypt, disassemble, reverse engineer, or otherwise attempt to obtain or perceive the source code from which any component of the Veeam Software, the Veeam M365 Restore Software, or the Otava Cloud Backup Service is compiled or interpreted; (c) modify, translate, or create derivative works of the Veeam Software, the Veeam M365 Restore Software, or the Otava Cloud Backup Service or any portion thereof or otherwise obstruct any copyright, trademark, trade secret, government restricted rights, or other proprietary or confidentiality notices or legends that are placed or embedded in the Veeam Software, the Veeam M365 Restore Software, or the Otava Cloud Backup Service; (d) unless expressly authorized by Otava in writing, access or use the Veeam Software, the Veeam M365 Restore Software, or the Otava Cloud Backup Service for purposes of monitoring its availability, performance, or functionality, or for any other benchmarking purpose, including authorizing or undertaking a penetration test, vulnerability scan, social engineering test, or any other similar activity against such items, Otava, any Otava affiliate, or any of Otava’s personnel; (e) interfere with or attempt to interfere with the proper functioning of the Veeam Software, the Veeam M365 Restore Software, the Otava Cloud Backup Service, Otava, any Otava affiliate, or any of Otava’s personnel, including subverting or attempting to subvert embedded security controls; (f) use the Veeam Software, the Veeam M365 Restore Software, or any part of the Otava Cloud Backup Service in violation of any applicable laws or regulations; (g)make available the Veeam Software, Veeam M365 Restore Software, or Client’s license file on any type of public sharing website or forums; or (e) authorize, assist, or cause any third party, including any of Client’s affiliates or Client’s employees’, agents’, contractors’, subcontractors’, or other users to do any of the foregoing. Client agrees and understands that the restrictions in this Section 4.1.2 apply to any component of the Veeam Software, the Veeam M365 Restore Software, or the Otava Cloud Backup Service that is relevant to the restriction.
4.1.3. Management and Data Reporting. Client understands that certain Veeam Software includes remote management options that give Client the ability to allow Otava support temporary, direct access to Client’s local Veeam backup and recovery (“VBR”) server deployment to, among other things, troubleshoot backup and replication problems into the Otava Cloud and assist in fail-over operations into the Otava Cloud. In addition, Client agrees and understands that, as applicable in light of the Otava Cloud Backup Service purchased, Otava will remotely install the service provider licenses in Client’s environment as may be required by the Veeam Software, the Veeam Enterprise License, or certain of Veeam’s service provider program terms that apply to Otava (“Veeam Program Terms”). As applicable in light of the Otava Cloud Backup Service purchased by Client, Client (a) understands that once the licenses are installed, connectivity must be maintained for recording and reporting the total number of protected VMs; and (b) Client hereby permits Otava to collect, process, and report such information and such other demographic, logs, and usage information to Veeam as Veeam may require from time to time or as otherwise necessary for Otava to (i) comply with the terms of the Veeam Enterprise License or the Veeam Program Terms; or (ii) provide support to Client or to coordinate with Veeam to provide support to Client. Further, as applicable, when a license is distributed, Client understands that the “update this license automatically” feature must be ticked on the “License Information” dialog box menu options and Client will ensure that such option is selected as required. In addition, with respect to the Otava Cloud Backup Powered by Veeam, Client understands that (i) an administrative account with local admin rights must be (1) configured on the VBR server and given to Otava, and (2) added to the “Users and Roles” feature of Veeam backup and replication with a “Backup Administrator” role; and (ii) the Veeam license(s) attributed to Client’s Otava Cloud Backup Powered by Veeam deployment(s) must be updated annually and such updates are done via remote connection. Otava is responsible for remote distribution of the yearly license renewal and Client will provide Otava with all assistance necessary for Otava to perform such distribution, including, without limitation, making remote access available. Client’s failure to provide such assistance or otherwise interfering with Otava’s license renewal or distribution activities will be a material breach of these Product Terms.
4.2. Data Seeding
4.2.1. Over-the-Wire. Client may perform data seeding for the Otava Cloud Backup Powered by Veeam over‑the‑wire. If Client chooses to perform data seeding over-the‑wire, Client understands that: (a) seeding should be done as a staggered approach especially with very large datasets; (b) the initial full backup can take a considerable amount of time; (c) throughput can vary based on various factors, including, without limitation, Client’s Internet service provider, bandwidth, size of the VM, speed of the backup proxy, and speed of the local backup repository (i.e., underlying storage); and (d) WAN acceleration may help reduce the overall time of over‑the‑wire seeding.
4.2.2. Mailing a Device. Client may perform data seeding for the Otava Cloud Backup Powered by Veeam by mailing a device to Otava. If Client chooses to perform data seeding by mailing a device, Client will advise Otava in writing and Otava will provide additional instructions. As between the Parties, Client is responsible for the device until such device is delivered to the Otava data center identified in the instructions and is physically accepted by the Otava employee named in the instructions. Additionally, Client will ensure that such device is encrypted using a FIPS 140-2 validated module and under no circumstances will the package containing the device include the decryption key or instructions to retrieve the decryption key that could be used by an unauthorized third party to retrieve the decryption key.
4.3. Client Infrastructure
4.3.1. Generally. Client understands that Client is responsible for providing and maintaining Client’s own information technology infrastructure (including, without limitation, data systems, VMs, network connectivity, power, Microsoft 365 or Office 365 licenses, and the hardware and, as applicable in light of the Otava Cloud Backup Service purchased, backup or restore software) necessary to access the Otava Cloud Backup, including, as applicable in light of the Otava Cloud Backup Service purchased, installation, configuration, and management of Client-side components of the Veeam Software, the Veeam M365 Restore Software, and the VBR server to, among other things, permit Client to access its backup repository. Further, Client agrees and understands that Client remains solely responsible for (a) understanding Client’s legal and contractual obligations and ensuring that the Otava Cloud Backup Services meet Client’s needs; and (b) determining the scope and type of Otava Cloud Backup Services Client is required to purchase from Otava to meet Client’s operational and compliance requirements (including, without limitation, any need for high availability or retention duration) and evaluating and understanding the limitations of the Otava Cloud Backup Services.
4.4. Client Users. Client acknowledges and agrees that, as between Client and Otava, (a) Client will be responsible for all acts and omissions of Client’s users; and (b) Client will obtain and maintain any required user consents and send any required notices, each as necessary to permit Otava to provide the Otava Cloud Backup Services, including any Assisted Recovery or other technical support. Client will cause its users to comply with the applicable provisions of the Agreement and the Veeam EULA and understands that a breach of the Veeam EULA by Client or its users will be a material breach of these Product Terms. Client agrees and understands that Client, and not Otava, is responsible for managing whether Client’s users are authorized to access or use the Otava Cloud Backup, the Veeam Software, and the Veeam M365 Restore Software and Otava will have no obligations relating thereto. Client understands that Client is responsible for paying for (i) all Veeam licenses and Veeam Software usage attributed or allocated to Client; (ii) Veeam M365 Restore Software license fees, if any; and (iii) all Microsoft license fees and expenses related to Client’s Microsoft 365 Objects that are charged by Microsoft or another third party such as Client’s designated Microsoft reseller.
4.5. Interoperability. The Otava Cloud Backup Service may contain features designed to interoperate with the Veeam Software, Veeam M365 Restore Software, and other third-party products and services (e.g., Microsoft 365 Objects) (collectively, the “Third‑Party Products”, with the vendor or licensor of such Third‑Party Products, as the “Third-Party Provider”). Client understands that Otava did not create or design such Third-Party Products and, accordingly, Client agrees that Otava will not be liable for any defects, flaws, inefficiencies, malfunctions, or programming errors in any such Third‑Party Products, including, without limitation, any bugs with any Microsoft 365 or Office 365 applications or the Microsoft 365 or Office 365 cloud environment that cause an outage or other issue between Microsoft 365 or Office 365 and Veeam Software or Veeam M365 Restore Software. If the Third-Party Provider ceases to make the Third‑Party Products or components thereof available for interoperation with the Otava Cloud Backup Service on reasonable terms, as determined by Otava in its sole discretion, Otava may cease providing those Otava Cloud Backup features without entitling Client to any refund, credit, or other compensation. In addition, Client agrees and acknowledges that the Third‑Party Provider may change or amend its guidelines or the features and functionality of such Third‑Party Products at any time, and Otava will not be liable for any such changes or any issues arising therefrom or as a result thereof. Further, Client understands that the full functionality of the applicable Otava Cloud Backup Services is dependent on the availability and performance of the Veeam Software, the Microsoft cloud environment, or certain components of each of the foregoing, that the Otava Cloud Backup Services could be adversely impacted during a period in which the Veeam Software, Microsoft cloud environment, or the components of any of the foregoing are down or otherwise affected, and that Otava will not be liable for any such occurrence or adverse impact. The Otava Cloud Backup Service may be subject to limitations, delays, and other problems inherent in the use of the Internet and electronic communications and Otava is not responsible for (a) any delays, delivery failures, or other damages resulting from such problems or that result from or are caused by Third-Party Products or from equipment, software, or other infrastructure that is outside the direct control of Otava; or (b) any other interruption or unavailability caused by factors outside of the commercially reasonable control of Otava.
In addition to fees set forth in the Sales Order, Otava may charge Client additional fees for: (a) storage consumption, including, without limitation for backup and performance storage for replication as well as, with respect to the OCB for Microsoft 365 service, for multi-geo configured tenants; (b) managed VM recovery into the Otava Cloud when Client purchased the Otava Cloud Connect Repository Service or the OCB Self-Managed Service; (c) managed VM recovery into an Otava Cloud data center location other than the Otava Cloud data center location identified in the Sales Order; (d) managed Hyper-V recovery with conversion of a restored virtual hard disk (VHD) to VM disk (VMDK) into the Otava Cloud; (e) encrypted backups, including Veeam encrypted backups; (f) secured deletion; (g) technical support for Client’s on-premise information technology environment, including for troubleshooting the functionality of Client’s on-premise to cloud network connectivity; (h) technical support to the extent the relevant issue was caused by Client or Client’s on premise information technology environment; and (i) any other services that Otava provides (including, without limitation, additional bandwidth, services at other Otava data centers, third-party software licenses, and so forth) and that are not expressly identified as a line item in the Sales Order or as a line item in another Addendum in effect between the Parties. Unless otherwise set forth in the Sales Order, (i) all such additional fees will be charged to Client at Otava’s then current rates for the relevant services and in the subscription manner generally charged (e.g., per license, based on consumption); (ii) except as otherwise set forth in Section 3.3 (Otava Cloud Backup Otava-Managed), any Assisted Recovery Services provided by Otava will be provided on a time and materials basis at Otava’s then current standard technical support rates; and (iii) any technical support services provided by Otava will be provided on a time and materials basis at Otava’s then current standard technical support rates, provided that Otava will provide Client with written notice prior to undertaking work that will result in any such fees.
6.1. Termination Notwithstanding anything to the contrary in these Product Terms or any other term in the Agreement, Client’s and its users’ use of the Otava Cloud Backup Services and the Veeam Software will terminate on the earlier of the expiration or termination of (a) these Product Terms; (b) an applicable agreement between Otava and Veeam, in which case Otava will provide prompt notice to Client as applicable; or (c) the Veeam EULA.
6.2. Obligations Upon Termination. In the event these Product Terms expire or are terminated for any reason, in addition to each Party’s obligations under other parts of the Agreement, Client agrees and understands that unless otherwise expressly provided by Veeam, Client’s right, if any, to use the Veeam Software will automatically expire and Client will, accordingly, cease all use of the Veeam Software.
7.1. Trademarks and No Affiliation Veeam® and Veeam Cloud Connect® are trademarks of Veeam Software AG Corporation (“Veeam”). Office 365® and Microsoft 365TM are trademarks of Microsoft Corporation (“Microsoft”). Otava is not affiliated with or sponsored by Veeam or Microsoft and the Otava Cloud Backup Services are not authorized, approved, or co-branded by Veeam or Microsoft. Nothing in these Product Terms grant Client the right to use any of Veeam’s or Microsoft’s marks. All other trademarks are the property of their respective owners.
7.2. Additional Terms for Older MSAs. Additional Terms for Older MSAs set forth as Exhibit A and incorporated by reference supplement and are made part of these Product Terms only if the Parties entered into a Master Agreement on or before July 1, 2022 or the version of the Master Agreement in effect between the Parties as of the Product Terms’ Effective Date is a Master Agreement prior to version 2022-2.0.
7.3. Survival. The provisions of Sections 1 (General), Section 4.1.2 (Restrictions), 4.1.3 (Management and Data Reporting), 4.1.4 (Auditing), 4.4(Client Users), 5 (Other Fees), 6.2 (Obligations Upon Termination), and 7 (General Terms) will survive the termination or expiration of these Product Terms.
2.1. “Addenda” means collectively all executed Sales Orders and all applicable addenda or service specific terms linked to or refenced in the Agreement, a Sales Order, or subsequently agreed to by the Parties (each an “Addendum”).
2.2.“Administrator Data” means the information provided to Otava or otherwise received by Otava during sign up, purchase, or administration of the Services for Client. Administrator Data does not include Client Data, Feedback, or Usage Data.
2.3.“Authorized Contact” has the meaning attributed to such term in the MSA, and if not defined, then has the meaning set forth in Section 3.1 (Contacts).
2.4. “Billing Start Date” has the meaning attributed to such term in the MSA, and if not defined, then means the earlier of (a) the date Otava makes the applicable Service(s) available to Client for Client’s use, or (b) 30 days after executing a Sales Order.
2.6. “Client Personnel” has the meaning attributed to such term in the MSA, and if not defined, then means, collectively and individually, employees, agents, contractors, subcontractors, service providers, and Authorized Contacts. Client Personnel does not include Otava.
2.7. “Limitations” means the number of hosts, license types, memory, number of licenses, number of users, purpose, storage, or other usage limits, if any, set forth in an applicable Sales Order.
2.8. “Minimum Commitment” has the meaning attributed to such term in the MSA, and if not defined, then means Client’s commitment to pay a minimum charge for the Services, regardless of actual usage or other factors.
2.9. “Portal” means the certain web based portal that Otava may make available to Client to access and manage the Services, including adding user roles, purchasing additional Services, and submitting service tickets.
2.10. “Support Portal” means https://support.otava.com, or such other url for support issues as Otava may provide.
2.11. “Third Party EULA” has the meaning attributed to such term in the MSA, and if not defined, then has the meaning set forth in Section 4.3 (Third Party Products). Third Party EULA includes the Trend Micro EULA.
2.12. “Third Party Product” has the meaning attributed to such term in the MSA, and if not defined, then means any infrastructure, hardware, or software, where such infrastructure, hardware, or software is owned or licensed by a Third Party Vendor, such as Microsoft Corporation or Trend Micro Incorporated
2.13. “Third-Party Vendor” means a third-party product or service provider that is not identified as a Party to the MSA.
3.1. Contacts. Client will use the Portal to designate, change, and otherwise manage various access roles for Client and the Client Personnel (each an “Authorized Contact”) in connection with the Services. Client agrees that Otava will be permitted to act and rely on the direction and instructions of the Authorized Contact, unless and until Client revokes the relevant individual’s access role. If Client wishes to add or remove an Authorized Contact, or modify an Authorized Contact’s information or authority, Client must do so through the Portal.
3.2. Cooperation. Client understands and acknowledges that Otava cannot perform the Services without the assistance and cooperation of Client Personnel. Accordingly, Client will: (a) cooperate, in good faith, with Otava with respect to activities necessary or reasonably appropriate for Otava to provide Services including, without limitation, cooperating with Otava to schedule maintenance required for major system upgrades as applicable; (b) devote such time as needed to timely review any information provided and timely respond to and advise Otava with respect to activities as they relate to the Agreement, including, without limitation, as applicable in light of the actual Services, timely authorizing operating system upgrades; (c) provide to Otava, at no charge, reasonable access to the Client Personnel to reasonably assist Otava with respect to the activities as they relate to the Services; and (d) reasonably facilitate and hereby authorize the communication between Otava and Client Personnel, as necessary or reasonably appropriate for Otava to deliver the Services. Client understands that for Otava to meet certain audit obligations, maintain compliance certifications, or address software and systems obsolescence, Otava must perform certain patching, updates, and upgrades to systems and technologies managed by Otava, some of which may be included in or otherwise impact Client’s Services. Accordingly, notwithstanding anything to the contrary in this Section 3.2 or any other term in the Agreement, Otava reserves the right to perform any and all patching, updates, and upgrades to the systems and technologies managed by Otava, as determined by Otava in its sole discretion and without further approval from or liability to Client, provided that Otava will provide Client with prompt (as reasonable under the circumstances) written notice (which notice may be provided by email, a service ticket, or by posting in the Portal) of such patches, updates, and upgrades.
3.3. Access to Client Systems. Client agrees and understands that to perform the Services, Client may need to make available to Otava access to Client’s information technology resources, data systems, virtual machines, third-party software and hardware, and related resources from the Client-side environment (collectively, the “Client Systems”). As between Client and Otava, Client will, at its expense, take the necessary steps (including, without limitation, obtaining all authorizations, consents, licenses, and sublicenses) to make available to Otava the Client Systems that Otava may require or reasonably request to provide the Services. As between Client and Otava, Client is solely responsible for the Client Systems’ costs and for obtaining, installing, configuring, and maintaining appropriate equipment and ancillary services needed to connect to, access, and otherwise use the Services, including, without limitation, communication lines, network connectivity, hardware, software licenses, web browsers, and power.
3.4. Configuration, Management, and Monitoring. Otava may provide Client with certain deployment, management, and support Services as described in one or more Sales Orders, provided, however, Client agrees and understands that Client remains solely responsible for (a) understanding Client’s legal and contractual obligations and ensuring that the Services meet Client’s needs; (b) evaluating and understanding the limitations of the Services; (c) determining the scope and type of Services Client must purchase from Otava to meet Client’s operational and compliance requirements, including, without limitation, need for high availability, auditing obligations under applicable privacy and security laws, and retention duration; (d) properly configuring, managing, and monitoring the Client-side components of the Services, including, for example, periodically testing backups if Client’s Services include backup services; € properly configuring, managing, updating, and upgrading the applications and related services hosted by Client in the Services environment (including, without limitation, as applicable, using the then-current or supported versions of the programming languages for applications, patching, using genuine and licensed software, and upgrading as needed before end of life is reached for the relevant Client-side system component), and properly administering the Client-side environment to ensure that Client’s compliance objectives are achieved and legal obligations are met; (f) timely reviewing and assessing any alerts, logs files, and reports in accordance with Client’s policies and otherwise properly monitoring the Services and the activities of the Client Personnel and other end users on the Services; and (g) training the Client Personnel on the scope of Otava’s Services and Client’s obligations. Client understands that Client is solely responsible for all actions and activities taken or not taken, as the case may be, under access credentials assigned to Client and the Client Personnel in connection with the Services. Further, Client agrees and understands that Client, and not Otava, is responsible for managing whether the Client Personnel are authorized to access or use the Services and Otava will have no obligations relating thereto.
3.5. Consents and Authorizations. As between the Parties, Client is solely responsible for and will, at Client’s own expense: (a) to the extent required by applicable law, notify applicable end users that their personally identifiable information is accessed, collected, stored, transmitted through, or otherwise used by Otava; (b) respond to and otherwise manage consumer requests, if any, related to the Client Data as required by applicable law; and (c) obtain all third party consents and authorizations with respect to the Client Data as may be necessary or reasonably appropriate for Otava to perform the Services in accordance with the Agreement and to ensure that Otava can comply with all applicable laws in providing the Services. Otava will, at Client’s expense, (i) reasonably assist Client, as needed, to cooperate with and respond to requests from auditors, insurance carriers, regulators, consumers, customers, and others to provide information related to Otava’s processing of the Client Data and use of the Services; and (ii) assist with, respond to, or otherwise support legal holds (such as those that Otava receives from a third party because Otava stores the Client Data), discovery requests, ediscovery, affidavits, subpoenas, and other litigation or legal proceeding support services related to the Administrator Data, Client Data, or the Services (this Section 3.5 (i) and (ii), collectively as the “Compliance Support Services”); provided that the Parties agree that, Otava may, in its reasonable discretion and to the extent legally permissible, decline to provide the Compliance Support Services or otherwise limit the scope of such Compliance Support Services. Otava will charge and Client will pay for the Compliance Support Services at Otava’s and, if applicable, Otava’s vendors’ (including, without limitation, attorneys and digital forensics vendors), then current time and materials rates, provided that Otava will provide Client with written notice in advance of charging such fees. Otava may, at its sole discretion, require a deposit or other advance payment before providing the Compliance Support Services.
4.1. Administrator Data. As between Client and Otava, Client owns the right, title, and interest in and to the Administrator Data, except for the limited rights granted in the MSA and subject to applicable third party licensor rights in the Administrator Data. Client hereby grants Otava a fully paid, limited, nonexclusive, royalty-free right and license (a) during the Services Term and for the duration of any transition period, to access, adapt, aggregate, copy, disclose, display, distribute, modify, process, publish, reformat, store, and use the Administrator Data for the purpose of administering and performing the Services and to otherwise fulfill Otava’s obligations under the MSA; and (b) on a perpetual basis, to access, adapt, aggregate, copy, display, modify, process, reformat, store, use, and create derivative works of Administrator Data, metrics, statistics, and other analytics and to aggregate, copy, disclose, distribute, publish, and use such information for Otava’s internal business purposes, legal compliance, and record keeping, including, without limitation, developing anonymized benchmarks and metrics, provided that Otava will use commercially reasonable efforts to ensure that use of Administrator Data does not individually identify Client or any Client employees.
4.2. Client Data. As between Client and Otava, Client owns the right, title, and interest in and to the Client Data, except for the limited rights granted in the Agreement. Client hereby grants Otava a fully paid, limited, nonexclusive, royalty-free right and license during the term of the Agreement and for the duration of any transition period, to copy, display, host, process, store, and transmit the Client Data for the purpose of delivering the Services, including, without limitation, Client’s and Client Personnel’s access and use of the Third Party Products, and to fulfill Otava’s obligations under the Agreement.
4.3. Third-Party Products. Otava may make certain Third-Party Products available to Client in connection with or to use directly with the Services (e.g., Microsoft Server licenses) or use of the Services may require a license to and use of Third-Party Products (e.g., Veeam backup software). Client agrees and understands that Client’s access to use of the Third Party Products is subject to the terms and conditions of an end user license agreement, cloud services agreement, or such other document issued by the applicable Third-Party Vendor (“Third-Party EULA”). Otava does not (a) endorse the Third-Party Products; or (b) control or accept responsibility for the Third Party Products, except to the extent Otava is designated as being either “Responsible” or “Accountable” in an applicable RACI Matrix for the Otava Security Services. Any and all agreements, services, and transactions between Client and such Third-Party Vendor in connection with the Third-Party Products, including but not limited to such Third-Party Vendor’s privacy policies, service level terms, data use terms, and any other terms, conditions, representations, and warranties associated with such agreements, services, or transactions, are solely between Client and such Third-Party Vendor. Client understands that Otava did not design the Third Party Products and, accordingly, Client agrees that Otava will not be liable for any defects, flaws, inefficiencies, malfunctions, or programming errors in any of the Third Party Products. To the extent available to Otava and within Otava’s control, Client will have the right to review the Third-Party EULA for any Third-Party Products upon Client’s request and prior to executing the applicable Sales Order. If the Agreement or an applicable Sales Order is terminated for any reason, Otava will have no responsibility or liability to Client for the cost of any such Third-Party Products. Unless otherwise provided in the Third-Party EULA, the rights granted to Client in the Third Party EULA are solely for Client’s use in connection with the Services and will terminate on the earlier of expiration or termination of (i) the Agreement; (ii) an applicable agreement between Otava and the licensor of the Third Party Products, as applicable; or (iii) the Third-Party EULA. Without limiting the generality of the immediately preceding sentence, Otava may, in its sole discretion and with 30 days’ advance written notice to Client (which notice may be provided by email, a service ticket, or by posting in the Portal), modify or discontinue the availability of any Third-Party Products provided with the Services if the licensor or Third-Party Vendor changes its terms with Otava. By using the Third Party Products, Client grants Otava permission to allow the licensors of such Third-Party Products to access and use the Administrator Data and Client Data as required or reasonably appropriate for the purpose of delivering the Third Party Products to or for Client and the Client Personnel, as applicable, in connection with the Services, and to otherwise enable use of the features and functions of such Third-Party Products. Without limiting Section 3.5 (Consents and Authorizations), Client will, at its own expense, obtain all consents and permissions from its employees and other relevant end users as necessary and appropriate to grant the rights granted in this Section 4.3.
4.4. Otava Proprietary Rights. Client acknowledges and agrees that Client is engaging Otava due to Otava’s expertise, know how, knowledge, materials, special skills, and each of its component parts (including, without limitation, algorithms, analytics, audio visual works, charts, compilations, coherence and methods of operation of systems, conceptions, configurations, data, data center, data center architecture, database structuring techniques, databases, designs, developments, diagrams, formatting, forms, general skills, graphs, ideas, inventions, know how, libraries (code or otherwise), lists, logic, ‘look and feel’, materials, methodologies, metrics, models, network architecture, policies, Portal, procedures, records, reports, schematics, software and its object and source code, system designs, technical documentation, techniques, templates, text, tools, user interfaces, and utilities, and other works of authorship, or any part thereof and any arrangement, coordination, combination, and selection thereof, and any improvement thereto and modifications thereof), and proprietary information, and all intellectual property rights therein (collectively, the “Otava Materials”) that Otava developed or acquired prior to the Agreement or during the Agreement but in connection with performing services for another client. As between Client and Otava, Otava will retain and Client acknowledges that Otava hereby retains all interest, right, and title in and to the Otava Materials and nothing contained in the Agreement will be construed as the relinquishment on the part of Otava of any of Otava’s ownership interest in the Otava Materials. Further, for the avoidance of doubt, Otava may develop certain improvements and modifications to the Otava Materials and other general skills as a result of working with Client. Otava will retain all interest, right, and title of every nature in and to such improvements, modifications, and general skills throughout the universe, whether such rights are now known or hereafter devised, with the right to use the improvements, modifications, and any applicable general skills in perpetuity in any manner Otava desires, in its sole discretion, without any payment to Client or any obligation of accounting.
4.5. Trademarks and Copyrights. Client acknowledges and agrees that all content on the Third-Party Products and the Otava Materials as well as certain content on the Administrator Data (including with respect to each of the Third Party Products, Otava Materials, and Administrator Data, as applicable and without limitation, audio, graphics, graphs, images, sounds, text, user interfaces, and visual interfaces as well as, without limitation, the arrangement, coordination, design, expression, ‘look and feel’, structure, and selection thereof) is the exclusive property of and owned by Otava, the Third Party Products vendors, the Administrator Data vendors, or its and their licensors and are protected by copyright, trademark, and other intellectual property rights and unfair competition laws. Client will not and will not permit any of the Client Personnel to modify, obscure, or delete (including through selectively copying or printing material) any copyright, trademark, trade secret, government restricted rights, or other proprietary or confidentiality notices or legends that are placed or embedded in the Third Party Products, Otava Materials, or Administrator Data. Nothing on or in the Third Party Products, Otava Materials, or Administrator Data will be construed as granting, by implication, estoppel, or otherwise, any license or right to use any logo, service mark, or trademark displayed thereon or therein, without the owner’s prior written permission, except as otherwise described in these Product Terms or, with respect to the Third-Party Products, in a license between Client and such Third-Party Products vendor (including any Third Party EULA).
4.6. Usage Data and Operational Information Client agrees and understands that certain of the systems and software used to deliver the Services or the Third-Party Products or otherwise used in connection with the Services or the Third-Party Products may, from time to time, collect and automatically report back information related to usage of the Services, the Third Party Products, and related information technology systems (“Usage Data”). Usage Data may include IP addresses, but does not include Client Data. Such Usage Data may be reported to Otava as well as the relevant information technology or software system Third-Party Vendor. Usage Data may be used by Otava and the relevant information technology and software system vendors for any legally permitted purposes, including, without limitation, helping diagnose and resolve technical and performance issues with Otava’s and such vendor’s systems, improving the Services, validating license keys, monitoring for compliance with Limitations (e.g., amount of RAM on server, number of virtual machines, and the like), and developing metrics and analytic algorithms. Client agrees and understands that Otava uses all data collected in connection with its business and operations for the operation and management of its business including, without limitation, (a) creation of operational statistics; (b) creation and inclusion in financial reporting of aggregate statistics regarding services performed; (c) creation and inclusion in marketing materials of aggregate statistics highlighting the Services; and (d) advancing and improving existing products and services, creating new and enhanced products and services, and development and publication of market and industry intelligence and expertise; all of which and any improvements thereto and whether in tangible or intangible form, will be and remain the intellectual property of Otava and Otava will own all intellectual property rights therein.
4.7. Feedback. Client agrees that submission of any corrections to content or documents, ideas, product or service improvements or modifications, or suggestions (collectively, the “Feedback”) to Otava through its feedback form, meetings, suggestion form, or similar means, is at Client’s own risk and that Otava has no obligations (including, without limitation, obligations of use) with respect to such Feedback. Client hereby grants to Otava a fully paid, irrevocable, royalty-free, perpetual, sub licensable, transferable, worldwide, and nonexclusive right and license to adapt, copy, disclose, display, distribute, modify, perform, reformat, use, create derivative works of, and otherwise exploit any and all Feedback for any legally permitted purposes.
4.8. Restrictions. Otava and its suppliers retain all interest, rights, and title in and to the Portal and Otava Materials (collectively, the “Licensed Materials”) and all rights to the Licensed Materials not expressly granted to Client in the Agreement are reserved. The Third Party Vendors retain all interest, right, and title in and to their respective Third Party Products. Any unauthorized use of the Licensed Materials, the Third Party Products, or any component thereof is a material breach of the Agreement. Client will not: (a) copy or reproduce the Licensed Materials or the Third Party Products in whole or in part, access or use the Licensed Materials in any way other than as expressly permitted in the Agreement, or, if applicable, access or use the Third Party Products in any way other than as expressly permitted in the Agreement or the Third Party EULA; (b) modify, translate, or create derivative works of the Licensed Materials or Third Party Products or any portion thereof; (c) decompile, decrypt, disassemble, reverse engineer, or otherwise attempt to obtain or perceive the source code from which any component of any software made available to Client hereunder (including, without limitation, the Portal and the Third Party Products) is compiled or interpreted, and Client hereby acknowledges that nothing in the Agreement will be construed to grant Client any right to obtain or use such source code; (d) assign (except together with Client’s business if so permitted by the assignment clause in the MSA), distribute, grant a security interest in, lease, loan, rent, sell, share, sublicense, timeshare, use for service bureau purposes, or otherwise transfer (except together with Client’s business if so permitted by the assignment clause in the MSA) the Licensed Materials or Third Party Products; (e) divert, export, re-export, or transfer any part of the Licensed Materials, Services, or Third Party Products to any country, individual, company, or other entity that is embargoed by the U.S., in violation of any U.S. export law or governmental regulation, or otherwise identified on a list of debarred, prohibited, sanctioned, or denied parties; (f) unless expressly authorized by Otava or an applicable Third Party Vendor in writing, authorize or undertake a penetration test, vulnerability scan, social engineering test, or any other similar activity against the Services, Otava, any of Otava’s Third-Party Vendors, or any of Otava’s employees, agents, or subcontractors; (g) interfere with or attempt to interfere with the proper functioning of the Services, Third-Party Products, Otava, any of Otava’s Third-Party Vendors, or any Otava agent, contractor, or subcontractor, including subverting or attempting to subvert embedded security controls, the reporting mechanisms for reporting and monitoring Limitations, or the mechanisms to validate license keys; or (h) authorize, assist, or cause any third party, including any of the Client Personnel, to do any of the foregoing. Client agrees and understands that the restrictions in this Section 4.8 apply to (i) any component of the Licensed Materials that is relevant to the restriction; and (ii) to the Third Party Products to the extent such restriction is relevant, unless expressly permitted by the Third-Party EULA or some other arrangement between Client and the owner of such Third Party Product.
4.9. Audits. Otava may audit Client’s use of the Services and may permit relevant Third‑Party Vendors to audit Client’s use of the Third Party Products and the related Services in connection with Client’s use of such Third Party Products. Client will and, as applicable, will ensure that the Client Personnel, reasonably cooperate with all such auditing activities, including, without limitation, permitting access to and copying of relevant records. Such audit will be conducted during Client’s regular business hours, will not unreasonably interfere with Client’s business activities, and may be conducted at Client’s offices or electronically. Otava reserves the right to require the installation of auditing software to enable automated billing and consumption verification on the Services or any part thereof.
4.10. Suspension for Security. Otava will have the right, in addition to its other rights or remedies, to suspend Client’s and the Client Personnel’s access to the Licensed Materials, Services, and the Third Party Products, without liability to Client, if (a) Otava determines, in its reasonable discretion, that such suspension is necessary or reasonably appropriate to protect the security or integrity of the Licensed Materials, Services, or the Third Party Products or the security of other Otava clients; or (b) Otava does not receive the Usage Data as required, or Client otherwise interferes with the reporting mechanisms for reporting and monitoring Limitations or the mechanisms to validate license keys for the Third Party Products and other software. Such access may remain suspended until Otava reasonably determines that the threat has passed or that Client has taken the appropriate steps, as reasonably determined by Otava, to remedy the identified threat or interference, as applicable. Further, Otava may, without liability to Client, suspend the access credentials of the Client Personnel who violate the Agreement and may terminate the access credentials of Client Personnel who repeatedly violate the Agreement, provided that Otava will provide Client with prompt written notice (which notice may be provided by email, a service ticket, or by posting in the Portal) if Otava suspends or terminates the access credentials.
Notwithstanding anything to the contrary in the MSA, Otava may amend or modify these Product Terms by providing at least 45 days advance written notice to Client of such amendments or modifications. Notice of any such amendments or modifications to these Product Terms will be provided by email to the Authorized Contact, Otava’s primary business contact for Client, service ticket, mail, or by posting in the Portal. If Client determines, in Client’s reasonable discretion, that the proposed change to these Product Terms materially impacts Client in an adverse manner, Client will provide written notice (which notice to be provided by service ticket through the Portal) to Otava (with attention to Contract Manager) with a brief explanation of the adverse impact within 15 days (“Amendment Objection Notice”). If no Amendment Objection Notice is received from Client within such 15-day period, then changes to these Product Terms will become effective without further action by either Party upon expiration of such 45-day period. Upon Otava’s receipt of an Amendment Objection Notice, the Parties will negotiate, in good faith, an appropriate Product Terms accommodation and will document any agreed upon accommodation in a writing that will be signed by an authorized representative of each Party. If the Parties cannot agree upon a mutually acceptable accommodation within 30 days of Otava’s receipt of the Amendment Objection Notice and Otava does not withdraw the Product Terms amendment or modification as against Client, then a Party may, upon 30 days advance written notice to the other Party, terminate the Otava Security Services component impacted by the amendment or modification and Otava will waive any recurring monthly fees remaining under the then current Addendum Services Term for the terminated Otava Security Services component. For the avoidance of doubt, the modified Product Terms will not go into effect for Client during the notice and discussion periods contemplated in this Section 6. The provisions of 3.5 (Consents and Authorizations, limited to Compliance Support Services), 4.3 (Third‑Party Products), 4.4 (Otava Proprietary Rights), 4.6 (Usage Data and Operational Information), 4.7 (Feedback), and 6 (General Terms) will survive the termination of these Product Terms until any obligations arising prior to such termination have been satisfied in accordance with the applicable terms.