Skip to content.

This Master Services Agreement is entered into as of the date of last signature (the “Effective Date”) by and between NAVEX Global, Inc., a Delaware corporation, having its principal place of business located at 5885 Meadows Road, Suite 500, Lake Oswego, Oregon 97035 (“NAVEX”), and and the entity signing the Order Form into which this MSA is incorporated by reference (“Customer”). In consideration of the mutual covenants and conditions contained in this MSA and intending to be legally bound, the parties agree as follows:

1.0                 Purpose and Scope.

1.1.           Contract Structure.  This Master Services Agreement sets out the general terms and conditions governing the relationship (“MSA”). The Services to be provided, and any Service-specific terms and conditions, will be set forth in a separate document executed by both parties (“Order Form”). Non-recurring Services subject only to one-time fees may be added pursuant to a simplified ordering document (“Change Order”). As used herein “Order Form” includes “Change Order.” “Agreement” is the broader defined term used herein to mean all contractual documents in effect between the parties.

1.2.           Affiliates.  “Affiliate” means an entity controlling, controlled by, or under common control with a party to this MSA. Customer may authorize its Affiliates’ use of the Services provided that (i) the combined use of the Services by Customer and its Affiliates shall not exceed the applicable Subscription Metrics (as defined in Section 2.2); (ii) Customer shall ensure that any such Affiliate’s use of the Services will be in accordance with the applicable terms of the Agreement; and (iii) Customer shall be responsible for all use of the Services by its Affiliate(s).

1.3.           Order of Precedence.  To the extent any terms and conditions of this MSA conflict with the terms and conditions of an Order Form, the terms and conditions of this MSA shall control, unless an Order Form expressly states otherwise.

2.0                 Services.

2.1.           Use Rights.  “SaaS Offering” means NAVEX’s proprietary software-as-a-service offering that NAVEX makes available online via a Uniform Resource Locator (URL), including all related patches, updates, and upgrades thereto. “Services” is the broader defined term used herein to mean all services provided to Customer by NAVEX. During the applicable Services Term (as defined in Section 6.2), NAVEX grants Customer a limited, non-exclusive, non-transferable (except as otherwise provided under the Agreement), worldwide right to access and use the Services in accordance with the applicable Order Form(s).

2.2.           Subscription Metrics.  The extent of the use rights is designated by the quantities set out in the applicable Order Form(s) (“Subscription Metrics”). Customer shall be responsible for ensuring sufficient Subscription Metrics to accommodate one hundred percent (100%) of its usage of the Services. If Customer exceeds the contracted Subscription Metrics, Customer must promptly purchase additional Subscription Metrics to cover such additional usage.

2.3.           Online Access; Hosting Infrastructure.  NAVEX will provide Customer online access to and use of the SaaS Offering in accordance with the applicable Order Form and the user instructions, release notes, manuals, and online help files that describe the operation of the Services in the form generally made available to NAVEX customers, as may be updated from time to time (collectively, the “Documentation”). NAVEX is responsible for the hosting and management of the SaaS Offering, including obtaining and maintaining all computer hardware, software, communications systems, network, and other infrastructure necessary to maintain the SaaS Offering (“Hosting Infrastructure”), either directly or through its designated third-party supplier, cloud services provider, or data center. NAVEX will manage and install within the Hosting Infrastructure all updates and upgrades that NAVEX makes generally available to its customers.

2.4.           Admin Users.  Customer understands and agrees that it is fully responsible for its use of the Services. In addition to its employees, Customer is permitted to authorize non-employees to use the administrative features of the Services on behalf of Customer (each such individual, an “Admin User”). Customer shall be responsible for use of the Services by its Admin Users and shall ensure that use of the Services by any such Admin User will be in accordance with the applicable terms of the Agreement.  

2.5.           Support.  During the applicable Services Term, NAVEX will provide a commercially reasonable level of support for the Services, including, but not limited to, the self-help support resources NAVEX makes generally available to its customers as well as support with regard to Errors (as defined in Section 7.4).

3.0                 Proprietary Rights.

3.1.           Ownership.  Each party shall retain all right, title, and interest in any copyrights, trademarks, patent rights, and other intellectual property or proprietary rights it has acquired or developed prior to or outside the scope of the Agreement. Any data collected, received, or processed by NAVEX through Customer’s use of the Services, including Personal Data (as defined in Section 4.5) but excluding Usage Data (as defined in Section 3.4) (collectively, “Customer Data”), will remain the exclusive property of Customer. NAVEX shall own and retain all right, title, and interest, including copyrights, trademarks, and patent rights in any and all Services provided under the Agreement and any and all derivative works thereof. Neither party will acquire any right, title, or interest in the intellectual property rights of the other party by virtue of its performance under the Agreement. All rights not expressly granted are reserved exclusively by the respective owner; there are no implied rights. 

3.2.           Use of Customer-Provided IP.  If Customer provides intellectual property to NAVEX and directs NAVEX to use such intellectual property in the course of providing the Services (“Customer-Provided IP”), Customer grants NAVEX a limited, non-exclusive, worldwide, non-transferable, royalty-free license to use the Customer-Provided IP in accordance with Customer’s instructions for the sole purpose of delivering the Services to Customer during the Services Term. NAVEX agrees that any use of Customer-Provided IP will inure solely to the benefit of Customer and NAVEX will not at any time acquire any rights in any Customer-Provided IP. NAVEX shall not take any action that jeopardizes any of Customer’s rights in any Customer-Provided IP.  NAVEX may not obscure, alter, or remove any copyright, patent, trademark, service mark, or proprietary rights notices on any Customer-Provided IP.

3.3.           Restrictions.  Customer shall not: (i) resell or sublicense the Services; (ii) reverse engineer or otherwise attempt to discover the source code of the Services; (iii) create any derivative works based upon the Services; (iv) use the Services in a manner not authorized under the Agreement; or (v) take, or direct or authorize any third party to take, any action intended to or that has the effect of disrupting, impairing, disabling or interrupting the Services or NAVEX’s or its subcontractors’ ability to provide the Services.

3.4.           Usage Data.  NAVEX may create, collect, store, use, and modify data generated in connection with Customer’s use of the Services in the following ways: (i) NAVEX may anonymize Customer Data and data derived from users’ interactions with the Services, provided that any such anonymized data will not identify or be used to re-identify Customer or individuals whose data are processed via the Services; (ii) NAVEX may employ features within the Services to better understand Admin User behavior by collecting information such as browser type, pages visited, features used, and operating system version, provided that such information shall not include Personal Data; and (iii) NAVEX may compile, de-identify, and aggregate Customer Data (excluding Personal Data)  for benchmarking, analytics, and reporting. As between the Parties, NAVEX shall own the foregoing data (collectively, “Usage Data”) and may use it to deliver, improve, and develop its products and services and to compile analysis and reporting.

4.0                 Information Security and Data Privacy.

4.1.           General Security Obligation.  NAVEX will implement and maintain commercially reasonable and appropriate technological and organizational measures for the security, confidentiality, integrity, and availability of Customer Data.

4.2.           Additional Agreements.  Customer may supplement the privacy and/or information security provisions of this MSA by executing data protection, privacy, and security agreements available here: https://www.navex.com/en-us/resources/executing-a-data-processing-addendum-and-data-security-addendum-with-navex/. The parties further agree that they will work together in good faith to enter into any additional agreements that may be legally required by either party to ensure compliance with applicable law, particularly with regard to applicable data protection and privacy laws. 

4.3.           Annual Security Reviews.  On an annual basis, NAVEX will engage a recognized, independent third party to conduct an SSAE 18 SOC 2 Type 2 audit and an ISO 27001 audit (or their equivalents or successors) of its information security program and its administrative, technical, and physical safeguards used to deliver the Services. At least annually, NAVEX will have an application and infrastructure PEN test performed by a reputable third party on all web applications and infrastructure. NAVEX will assess criticality and remediate, or implement compensating controls for, any issues identified by NAVEX as requiring remediation in a timely manner based on level of criticality and risk. NAVEX will provide Customer an executive summary of the results of such assessments upon request. 

4.4.           Audit Package.  To facilitate Customer’s risk-based assessment of NAVEX’s information security program, NAVEX will provide the following upon Customer’s request: (i) NAVEX’s ISO 27001 certificate of registration (or its equivalent or successor); (ii) NAVEX’s annual independent SSAE 18 SOC 2 Type 2 report (or its equivalent or successor); (iii) NAVEX’s completed Standardized Information Gathering Questionnaire (or its equivalent or successor); (iv) NAVEX’s annual third-party PEN tests; and (v) any specific policies requested by Customer that NAVEX generally makes available to its customers. 

4.5.           Definition of Personal Data.  “Personal Data” means any information relating to an identified or identifiable natural person as further defined under applicable law, which may include a term similar to Personal Data, but which shall have the same general meaning (for example “personal information”) where such data is submitted to the Services as Customer Data. 

4.6.           Processing of Personal Data.  Customer acknowledges and agrees that NAVEX will collect, process, use, and/or store certain Personal Data in delivering the Services. Each party agrees to comply with its respective obligations under applicable law in relation to its processing of Personal Data. NAVEX (i) has established and shall maintain appropriate technological security measures to protect against unauthorized access to any Personal Data that is stored within the Hosting Infrastructure; (ii) shall not utilize Personal Data for any purpose other than to provide Services; (iii) shall not disclose any Personal Data to any person not authorized by Customer, except as necessary to comply with applicable law; (iv) will act solely on the instructions of Customer in respect of all Personal Data, unless otherwise prohibited by applicable law; and (v) will promptly inform Customer of any Customer Data Incident. “Customer Data Incident” means any actual or reasonably suspected breach of security leading to an accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Customer Data, including Personal Data, while processed by NAVEX or its Sub-processors, of which NAVEX becomes aware. All NAVEX subcontractors with access to Personal Data (“Sub-processors”) will be contractually required to comply with applicable law and will be bound to strict obligations of confidentiality, privacy, and security. Customer expressly consents to NAVEX engaging Sub-processors as disclosed in an applicable Order Form. NAVEX shall be responsible for all acts and omissions by such Sub-Processors.

5.0                 Fees and Payment. 

5.1.           Fees.  Fees are set forth in the applicable Order Form and are based on the applicable Subscription Metrics. Except as otherwise specified herein, fees are not refundable or cancellable. Invoices shall be issued in accordance with the terms of the applicable Order Form, and NAVEX shall send all invoices via email to the Customer email address listed in the applicable Order Form.

5.2.           Payment.  Unless different payment terms are specified in an Order Form, Customer will pay all undisputed fees due within thirty (30) calendar days following the invoice date. Such payments shall be made in the currency specified in the applicable Order Form. Interest accrues on past due balances not under good faith dispute by Customer until paid at the lesser of (i) one and one-half percent (1.5%) per month; and (ii) the highest rate allowed by law. Customer shall reimburse NAVEX for reasonable expenses incurred, including interest, court costs, and reasonable attorneys’ fees, in collecting amounts due to NAVEX hereunder that are not under good faith dispute by Customer.

5.3.           Taxes.  NAVEX is solely responsible for taxes based upon NAVEX’s net income, assets, payroll, property, and employees. Unless otherwise specified in the applicable Order Form, all fees for the Services exclude any direct or indirect taxes, levies, duties, or similar governmental assessments, including without limitation, any sales, use, value-added, withholding, or similar taxes (“Customer Taxes”). Customer is responsible for paying all Customer Taxes associated with Customer’s purchases hereunder directly to the taxing authority. As an exception to the foregoing, and unless Customer provides NAVEX with a valid tax exemption certificate authorized by the appropriate taxing authority, if NAVEX has the legal obligation to pay or collect Customer Taxes for which Customer is responsible under the Agreement, the appropriate amount shall be invoiced to and paid by Customer to NAVEX.

6.0                 Term and Termination. 

6.1.           MSA.  This MSA shall be effective as of the Effective Date and remain in effect until terminated as set forth herein.

6.2.           Services Term.  The initial term for each Service purchased, and any subsequent renewal terms, will be as set forth in the applicable Order Form (“Services Term”). 

6.3.           Suspension of Services for Non-Payment.  If any fees that are not disputed by Customer in good faith are more than thirty (30) calendar days past due, NAVEX will have the right, in addition to all other rights and remedies available to it, to suspend delivery of, or access to, the Services upon the expiration of ten (10) calendar days’ notice.

6.4.           Disputed Fees.  Customer shall set forth in writing and in reasonable detail any amount(s) disputed in good faith and the basis for the dispute. The parties will make reasonable, diligent, good faith efforts to quickly resolve the dispute, and NAVEX shall provide such information as Customer reasonably requests in order to audit or confirm the charges. Neither party shall be required to pay or refund, as applicable, any amounts disputed in good faith until such dispute is fully resolved. Once the dispute is fully resolved, the agreed-upon amounts shall be paid or refunded, as applicable, within ten (10) calendar days following such resolution.

6.5.           Termination.  The Agreement may be terminated (i) by either party if the other party materially breaches the Agreement and does not cure the breach within thirty (30) calendar days after receiving notice thereof from the non-breaching party; (ii) as set forth in Section 7.5 (Infringement Remedies); (iii) as set forth in Section 12.7 (Compliance with Law); (iv) by a party if the other party becomes insolvent (generally unable to pay its debts as they become due) or the subject of a bankruptcy, conservatorship, receivership, or similar proceeding, or makes a general assignment for the benefit of creditors; or (v) by either party at any time that no Order Form is outstanding. Where a party has the right to terminate the Agreement, such party may, at its discretion, either terminate the entire Agreement or instead choose to only terminate an individual Order Form. Order Forms that are not terminated shall continue in full force and effect under the terms of this MSA.

6.6.           Effects of Termination.  Upon any termination, without prejudice to any other rights or remedies that the parties may have, all rights licensed and obligations required hereunder shall immediately cease, except as otherwise provided. NAVEX shall provide Customer a pro-rata refund of pre-paid fees for undelivered Services if the Agreement or an Order Form is terminated: (i) by Customer pursuant to Section 6.5(i) in connection with an uncured material breach; (ii) by NAVEX pursuant to Section 6.5(ii) in connection with an infringement claim; or (iii) by Customer pursuant to Section 6.5(iv) in connection with NAVEX’s insolvency. If NAVEX terminates the Agreement or an Order Form pursuant to Section 6.5(i) in connection with Customer’s uncured material breach, all remaining unpaid fees for the Services Term shall immediately become due and payable. Each party may retain, subject to the protections and restrictions set out in this MSA, copies of Confidential Information required for compliance with applicable law or internal record keeping requirements. Customer Data within the Hosting Infrastructure shall be deleted within forty-five (45) calendar days of expiration or termination of the applicable Services Term. Customer Data stored in backups shall be overwritten in accordance with NAVEX’s backup and retention cycle.

7.0                 Warranties and Disclaimers.

7.1.           NAVEX Warranties.  NAVEX warrants that: (i) the Services, when used in accordance with the current Documentation, will perform in all material respects as specified in such Documentation; (ii) all Services will be performed by qualified personnel in a professional manner, in accordance with industry standards; (iii) NAVEX will comply with all applicable laws; (iv) NAVEX will maintain up-to-date commercially available anti-virus, anti-malware software on all NAVEX systems for the detection and containment of malicious programs and code (endpoint monitoring and protection); (v) to the best of its knowledge, the Services do not infringe or otherwise violate any intellectual property right of any third party; and (vi) no claim, action, or suit for the misappropriation or infringement of any intellectual property rights has been brought, is pending, or threatened against NAVEX.

7.2.           Customer Warranties.  Customer represents and warrants that: (i) Customer’s use of the Services will comply with applicable law; and (ii) Customer-Provided IP will not infringe the intellectual property or other proprietary rights of any third party.

7.3.           Mutual Warranties.  Each party represents and warrants that: (i) the execution, delivery, and performance of this MSA has been and shall be duly authorized by the executing party; (ii) the executing party’s performance of its obligations will not conflict with, result in a breach of, or constitute a default under any other agreement to which that party is bound; and (iii) the executing party is in material compliance with all applicable laws with regard to its obligations under the Agreement.

7.4.           Breach of Services Warranty Remedies. In the event of a breach of Section 7.1(i), NAVEX shall diligently endeavor to remedy any material failures of a Service to conform to its functional specifications that Customer reports to NAVEX and that NAVEX is able to replicate (“Errors”);  provided that NAVEX shall not be obligated to correct Errors resulting from components or content not provided by NAVEX or its licensors. 

7.5.           Infringement Remedies. If the Services infringe, or if NAVEX believes that the Services infringe, on the intellectual property or other proprietary rights of a third party, NAVEX shall, in its reasonable discretion, (i) modify the Services to be non-infringing; (ii) obtain for Customer a license to continue using the affected Services; or (iii) if neither (i) nor (ii) are practical in NAVEX’s reasonable judgment, terminate the affected Services and provide Customer a pro-rata refund of pre-paid fees for undelivered Services. In addition to NAVEX satisfying its indemnification obligations under this MSA, NAVEX’s satisfactory performance of one of the remedies set forth in the preceding sentence shall be Customer’s sole and exclusive remedy for NAVEX’s breach of the infringement warranty or for any damages incurred from early termination of the applicable Order Form due to a third-party infringement claim.

7.6.           Disclaimer of Warranties.  EXCEPT FOR THE WARRANTIES EXPRESSLY SET FORTH HEREIN, ALL SERVICES ARE PROVIDED ON AN “AS IS,” “AS AVAILABLE” BASIS, AND NAVEX DISCLAIMS, TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY WITH RESPECT TO THE SERVICES, DELIVERABLES, MARKS, OR NAVEX’S PERFORMANCE UNDER THE AGREEMENT, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, ACCURACY, FITNESS FOR A PARTICULAR PURPOSE, AND THOSE THAT ARISE FROM ANY COURSE OF DEALING OR COURSE OF PERFORMANCE. NAVEX DOES NOT DIRECT OR CONTROL CUSTOMER’S USE OF THE SERVICES AND NAVEX DOES NOT WARRANT THAT CUSTOMER’S USE OF THE SERVICES WILL SATISFY ANY SPECIFIC LEGAL OR REGULATORY REQUIREMENTS THAT MAY APPLY TO CUSTOMER.

7.7.           Use Disclaimer. NAVEX expressly disclaims any liability as a result of Customer’s use of the Services or Customer’s actions or inactions with respect to any information derived therefrom, except where such liability first arose as a direct result of NAVEX’s (a) breach of thE AGREEMENT; OR (b) negligent act or omission in delivering the Services. NAVEX WILL NOT BE RESPONSIBLE FOR PAYMENT OF ANY FINES ASSESSED AGAINST CUSTOMER BY ANY REGULATORY AUTHORITY FOR CUSTOMER’S FAILURE TO COMPLY WITH STATUTORY OR REGULATORY REQUIREMENTS OF ANY KIND. 

8.0                 Indemnification.

8.1.           Definition of Losses.  “Losses” means any costs and expenses (including reasonable attorneys’ fees and disbursements) or other liability from suits, actions, or proceedings threatened, made, or brought by any third party.

8.2.           Indemnification Protection for Customer.  NAVEX will indemnify and defend Customer and its officers, directors, employees, and agents against Losses to the extent such Losses relate to or arise from (i) Customer Data Incidents; or (ii) a claim that the Services infringe or misappropriate any third-party intellectual property rights. NAVEX’s obligations under Section 8.2(ii) do not apply (a)  if the infringement claim could have been avoided by using an unaltered current version of the Services that NAVEX provided; or (b) to the extent that an infringement claim is based upon any information, design, specification, instruction, software, data, or material not furnished by NAVEX, or any material from a third-party portal or other external source that is accessible to Customer within or from the Services (e.g., a third-party web page accessed via a hyperlink) or a third-party product.   

8.3.           Indemnification Protection for NAVEX.  To the extent permitted by applicable law, Customer will indemnify and defend NAVEX and its officers, directors, employees, and agents against any and all Losses to the extent such Losses relate to or arise from: (i) a claim that Customer-Provided IP infringes or misappropriates any third-party intellectual property rights; or (ii) any Customer Taxes for which Customer is liable. Customer’s obligations under Section 8.3(i) do not apply (a) to the extent that the allegedly infringing Customer-Provided IP, portions or components thereof, or modifications thereto result from any change made by NAVEX or any third party on behalf of NAVEX; or (b) if the infringement claim could have been avoided by using an unaltered current version of the Customer-Provided IP that Customer provided.

8.4.           Indemnification Procedures.  The party seeking indemnification under this Section 8.0 (“Indemnified Party”) shall promptly: (i) provide the other party (“Indemnifying Party”) notice of any Losses; and (ii) tender control of the defense and settlement of any such Losses to the Indemnifying Party (at the Indemnifying Party’s expense and with the Indemnifying Party’s choice of counsel). Failure to give such notice shall not relieve the Indemnifying Party of its obligations hereunder except to the extent that the Indemnifying Party is materially prejudiced by such failure. The Indemnified Party shall cooperate with the Indemnifying Party at the Indemnifying Party’s request and expense in defending or settling such claim. The Indemnifying Party will not settle or compromise any such claim without the Indemnified Party’s prior written consent if the settlement would require admission of fault or payment by the Indemnified Party.

9.0                 Confidential Information. 

9.1.           Definition of Confidential Information.  “Confidential Information” means any information disclosed at any time by either party, its Affiliates, directors, officers, employees, and agents (collectively, “Representatives”), to the other party or its Representatives that pertain to such party’s business, including, without limitation, information concerning technology, marketing, planned functionality, market strategies, finances, employees, planning, product roadmaps, service or product purchases, performance agreements and documentation, performance results, pricing, and other confidential or proprietary information, including information a reasonable person would understand to be confidential or proprietary. Confidential Information of either party will not, however, include any information that: (i) was publicly known and that the disclosing party made generally available in the public domain prior to the time of disclosure; (ii) becomes publicly known and that the disclosing party made generally available after disclosure to the receiving party through no action or inaction of the receiving party; (iii) is already in the possession of the receiving party without a breach of any third party’s obligations of confidentiality at the time of disclosure by the disclosing party, the burden of proof of prior possession being on the party asserting such prior possession; (iv) the receiving party obtains from a third party without a breach of such third party’s confidentiality obligations; or (v) the receiving party independently develops without use of or reference to the disclosing party’s Confidential Information, the burden of proof of independent development being on the party asserting such independent development.

9.2.           Disclosure of Confidential Information.  Each party shall (i) hold all Confidential Information of the other party in confidence and use it only as permitted under the Agreement; (ii) use the same care to prevent unauthorized disclosure of the disclosing party’s Confidential Information as the receiving party uses with respect to its own Confidential Information, which shall not, in any case, be less than the care a reasonable business person would use under similar circumstances; and (iii) only disclose the Confidential Information to its Representatives who have a need to know such information in order to perform their job, have been informed of its confidential nature, and have agreed to and are bound by no less restrictive confidentiality obligations than those in this MSA. Each party shall be liable for their respective Representatives’ breach of this MSA. Confidential Information shall not be disclosed to third parties without the other party’s prior written consent unless required by applicable law. 

9.3.           Injunctive Relief.  Each party acknowledges that a party’s actual or threatened breach of its confidentiality obligations herein would likely cause irreparable harm to the non-breaching party that could not be fully remedied by monetary damages. Each party, therefore, agrees that the non-breaching party may seek such injunctive relief or other equitable relief as may be necessary or appropriate to prevent such actual or threatened breach without the necessity of proving actual damages. Each party waives the requirement to post a bond in the event of such actual or threatened breach.

9.4.           Legal Process.  If either party receives notice of a subpoena, request for production of documents, court order, or requirement of a governmental agency to disclose any information or respond to an official inquiry, the recipient thereof shall, if permitted by law, give prompt notice to the other party so the other party may move for a protective order or other relief. Each party agrees to cooperate with the other party to respond to any notice or inquiry from a third party related to the Agreement. A party shall only disclose the minimum Confidential Information necessary to comply with a court order or applicable law.

10.0              Liability Exclusions and Limitations.

10.1.        General Liability Limitations.  THE LIMITATIONS SET OUT IN SUBSECTIONS (a) AND (b) BELOW SHALL NOT APPLY TO (i) LOSSES ARISING OUT OF CUSTOMER DATA INCIDENTS; (ii) VIOLATIONS OF EITHER PARTY’S INTELLECTUAL PROPERTY RIGHTS; (iii) EITHER PARTY’S INDEMNIFICATION OBLIGATIONS; OR (iv) PAYMENT OF FEES:

(a)        TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER UNDER THE AGREEMENT, WHETHER UNDER THEORY OF CONTRACT, TORT, OR OTHERWISE, FOR ANY INDIRECT, INCIDENTAL, PUNITIVE, CONSEQUENTIAL, OR SPECIAL DAMAGES (INCLUDING ANY DAMAGE TO BUSINESS REPUTATION, LOST PROFITS, OR LOST DATA), WHETHER OR NOT FORESEEABLE, AND WHETHER OR NOT SUCH PARTY IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 

(b)        TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE CUMULATIVE LIABILITY TO THE OTHER IN CONNECTION WITH THE AGREEMENT EXCEED THE AGGREGATE FEES PAYABLE FOR THE ONE (1)-YEAR PERIOD PRIOR TO THE DATE THAT SUCH LIABILITY FIRST ARISES. 

10.2.        Enhanced Liability Limitations: Customer Data Incidents.  NAVEX’S CUMULATIVE LIABILITY UNDER THE AGREEMENT IN CONNECTION WITH ANY LOSSES ARISING OUT OF CUSTOMER DATA INCIDENTS, INCLUDING LIABILITY PURSUANT TO SECTION 8.2(i), SHALL BE LIMITED TO FIVE (5) TIMES THE FEES PAID DURING THE ONE- (1) YEAR PERIOD PRIOR TO THE DATE THAT SUCH LIABILITY FIRST ARISES.

10.3.        Time Limit for Bringing Action.  No claim or action, regardless of form, arising out of the Agreement, other than a claim or action relating to a breach of confidentiality or infringement, may be brought by either party more than two (2) years after the cause of action has arisen.

11.0              Governing Law.  Any dispute between the parties related to the Agreement will be governed by the substantive and procedural rules of Delaware, without regard to conflict of law principles. The parties agree to submit to the exclusive jurisdiction of and venue in the state and federal courts of Multnomah County, Oregon, and each party waives any claims it may have for forum non conveniens.

12.0               General Provisions.

12.1.        Publicity.  Customer may use NAVEX’s name and logo in communications pertaining to Customer’s use of NAVEX’s Services. NAVEX may reference the fact that Customer uses NAVEX’s services by including Customer in NAVEX’s customer lists and by referring to Customer on the NAVEX website. NAVEX may reasonably use Customer’s trademarks (including logos) in the course of the foregoing.

12.2.        Insurance.  NAVEX shall, at its own cost and expense, acquire and continuously maintain the insurance coverages detailed at: https://www.navex.com/en-us/insurance/. NAVEX shall provide Customer with a certificate of insurance evidencing these coverages upon Customer’s request. The coverages detailed at the foregoing website as of the Effective Date represent the minimum coverages that NAVEX must maintain. NAVEX may, from time to time, update the foregoing website to provide for increased coverages.

12.3.        Third-Party Beneficiaries.  Unless otherwise prohibited by applicable law, nothing in the Agreement shall be construed to give any person or entity other than the parties hereto any legal or equitable claim, right, or remedy; rather, the Agreement is intended to be for the sole and exclusive benefit of the parties.

12.4.        Assignment.  The terms of the Agreement shall be binding on the parties and their respective successors. Neither party may assign, transfer, or delegate its rights or obligations under the Agreement without the other party’s prior written consent, except (i) to an Affiliate; or (ii) pursuant to a transfer of all or substantially all of such party’s business and assets, whether by merger, sale of assets, sale of stock, or otherwise. Any attempted assignment, transfer, or delegation in violation of the foregoing shall be null and void.

12.5.        Notice.  Notices under the Agreement will be sent via email unless otherwise agreed in writing by the parties.  Notice to NAVEX shall be sent to: legalnotice@navex.com. Notice to Customer shall be sent to the email address indicated in the most recent Order Form, provided that Customer may update its email address for notice purposes at any time by notifying NAVEX in accordance with the terms of this section.

12.6.        No Agency.  The Agreement shall not be construed to create a joint venture or partnership between the parties. Neither party shall be deemed to be an employee, agent, partner, or legal representative of the other for any purpose, nor shall either party have any right, power, or authority to create any obligation or responsibility on behalf of the other. 

12.7.        Compliance with Law.  Each party shall comply with their respective obligations under applicable law related to the performance of their obligations under the Agreement, including applicable sanctions and export control laws. Customer shall not use the Services to collect, process, store, transfer, or convey any (a) “technical data,” as that term is defined in the International Traffic in Arms Regulations, 22 C.F.R. § 120.10; or (b) “covered defense information" or “controlled technical information” as those terms are defined in DFAR 252.204-7012. Any breach of this Section 12.7 is a material breach of the Agreement for which no cure period shall apply.

12.8.        Force Majeure.  Neither party shall be liable for failure to perform, or the delay in performance of, any of its obligations under the Agreement to the extent that such failure or delay is caused by events beyond its reasonable control, including pandemic, acts of the public enemy or a governmental body in its sovereign or contractual capacity, war, fire, flood, unusually severe weather, outside electrical failure, the limitations or failures of third-party internet service providers and/or telecommunication providers, or acts of terrorism, including cyberattacks. If so affected, the affected party shall use commercially reasonable efforts to avoid or remove such causes of non-performance or delay and shall continue performance hereunder with reasonable dispatch whenever such causes are removed or otherwise resolved. Where NAVEX cannot substantially perform Services for a period of thirty (30) calendar days due to a force majeure event, Customer may terminate the affected Services and NAVEX shall provide Customer a pro-rata refund of pre-paid fees for undelivered Services.

12.9.        Waiver.  No waiver or delay in enforcement of a breach of any provision of the Agreement shall constitute a waiver of any prior, concurrent, or subsequent breach of the same or any other provision hereof, and a waiver shall not be effective unless made in writing and signed by an authorized representative of the waiving party. 

12.10.     Survival.  The terms of the Agreement that by their nature require performance by either party after the termination of the Agreement, including confidentiality obligations, limitations of liability, exclusions of damages, indemnification obligations, governing law, and fees, shall remain enforceable after termination of the Agreement.

12.11.     Severability.  If any provision of the Agreement conflicts with applicable law or if any provision is held to be void or otherwise ineffective or invalid by a court of competent jurisdiction: (i) such provision shall be deemed to be restated to reflect as nearly as possible the original intentions of the parties in accordance with applicable law; and (ii) the remaining terms of the Agreement shall remain in full force and effect.

12.12.     Entire Agreement.  The Agreement constitutes the complete agreement between the parties and supersedes all prior or contemporaneous agreements, proposals, responses to requests for proposals, representations, and warranties, written or oral, concerning the subject matter of the Agreement. The Agreement may only be modified or amended in a writing signed by a duly authorized representative of each party; any other act, usage, or custom shall not be deemed to amend or modify the Agreement.     

12.13.     Section Headings.  The section headings are for reference purposes only and shall not affect the meaning or interpretation of this MSA.

12.14.     Counterparts.  The parties may execute contractual documents in counterparts. An exchange of scanned and emailed executed copies or electronic signatures is acceptable. In the event of such an exchange, the contractual document(s) shall become binding, and any scanned and emailed signed copies or electronic signatures shall constitute admissible evidence of the existence of such contract(s).

v.58 – published July 1, 2026