SaaS Terms of Service

HID Global Software-as-a-Service
Terms of Service

THESE TERMS OF SERVICE (“TERMS OF SERVICE”) ARE THE TERMS AND CONDITIONS ON WHICH YOU, AN END CUSTOMER, AND INDIVIDUAL END USERS, MAKE USE OF THE HID SOFTWARE-AS-A-SERVICE OFFERINGS (EACH A “SERVICE”). FOR CLARITY, THESE TERMS OF SERVICE DO NOT GOVERN THE SALE OR USE OF PROFESSIONAL SERVICES.

PLEASE READ THESE TERMS OF SERVICE CAREFULLY BEFORE YOU ACCESS THE SERVICE. BY ACCESSING THE SERVICE, YOU AGREE TO THESE TERMS OF SERVICE AND YOU REPRESENT AND WARRANT YOUR FULL AUTHORITY TO ENTER INTO THESE TERMS OF SERVICE ON BEHALF OF THE END CUSTOMER. IF YOU DO NOT AGREE WITH THESE TERMS OF SERVICE, YOU MUST NOT USE THE SERVICE.

IF YOU ARE A CHANNEL PARTNER OR OTHER THIRD-PARTY SERVICE PROVIDER ACTING AS AN ACCOUNT ADMINISTRATOR OR OTHERWISE SETTING UP THE END CUSTOMER ACCOUNT OR PROVISIONING THE SERVICE DIRECTLY TO END CUSTOMER, YOU AGREE TO BIND END CUSTOMER TO TERMS SUBSTANTIALLY SIMILAR TO THOSE SET FORTH HEREIN.

1. DEFINED TERMS

“Affiliate” or “Affiliates” means entities which are controlled by a party, which controls a party or which is under common control with a party, where "control" means the direct or indirect ownership of at least fifty percent (50%) of the shares or interests entitled to vote for the directors thereof or the equivalent, so long as such control exists.

“API” or “APIs” means application programming interfaces provided by HID as part of the Service.

“Channel Partner” means an entity that HID has authorized as a “reseller” of the Service.

“Customer Application” means an application developed or used by End Customer that utilizes APIs and/or the Service. “Customer Application” does not include the Service and is separately provided by either End Customer or a third-party integrator that sells compatible software-as-a-service and/or on-premise offerings.

“Customer Materials” means End Customer’s information, Customer Application, End Customer Data, Personal Data, including Personal Data from end users, software, document and any other materials used or submitted by End Customer or its end users in connection with the Service.

“Data Processing Terms” means the terms located at: https://www.hidglobal.com/legal/saas-data-processing-terms. If HID processes any Personal Data as a result of providing the Service, HID shall do so in accordance with the applicable Data Processing Terms. The Data Processing Terms may be modified by HID from time to time in accordance with its terms.

“Documentation” means the guides and manuals for use with the Service, which are customarily supplied by HID to its customers.

“Intellectual Property Rights” means worldwide common law and statutory rights associated with (a) patents and patent applications; (b) works of authorship, including mask work rights, copyrights, copyright applications, copyright registrations and “moral” rights; (c) the protection of trade and industrial secrets and confidential information; (d) all rights to registered and common law trademarks, trade names, trade dress, and service marks; (e) other proprietary rights relating to intangible intellectual property (including but not limited to designs, design rights, source codes, proprietary material, know-how, ideas, concepts, methods, techniques, rights in databases and all other intellectual property rights and rights of a similar character whether registered or capable of registration); (f) analogous rights to those set forth above; and (g) divisions, continuations, renewals, reissuances and extensions of the foregoing (as applicable) now existing or hereafter filed, issued or acquired.

“Personal Data” has the meaning set forth in the Data Processing Terms.

“You,” “Your” or “End Customer” means the company, person or organization (and their authorized end users) that has been granted access to the Service.

“HID” means HID Global Corporation.

“Service” means a software-as-a-service offering hosted by HID in either a dedicated or multi-tenant platform.

2. ACCESS TO THE SERVICE, APIs, AND DOCUMENTATION

2.1 You are hereby granted access to use the Service solely for internal operations and in accordance with these Terms of Service. Provided, however, your access to the Service is limited to the subscription term and other details set forth in the order submitted to and accepted by HID. For certain Services, orders may be placed directly by End Customer through the Service. If End Customer has purchased the Service through a Channel Partner, any End Customer order(s) submitted through the Service, including the relevant subscription term and other details, must be approved and validated by the Channel Partner prior to End Customer’s account activation.

2.2 HID or HID’s suppliers may, at any time, without notice or liability, limit the availability of the Service in order to perform maintenance activities or technical support.

2.3 If applicable, HID grants you a limited, non-exclusive, non-transferable, non-sublicenseable license to access APIs only as necessary to use the Service. Notwithstanding, your right to use APIs is limited to activity permitted under these Terms of Service. Notwithstanding, API access and use by End Customer or third-party integrators for the purpose of developing Customer Applications may be subject to additional requirements, including but not limited to, separate approval by HID. Notwithstanding, in the event the Service will be used by End Customer as part of a larger solution including third party products and/or services, End Customer shall have the limited right to sublicense its rights with respect to APIs to such third party, solely for the purpose of creating interconnectivity and/or interoperability with the Service. End Customer is responsible for such third party’s compliance with these Terms of Service.

2.4 You shall access and use the Service in accordance with the Documentation. HID grants to End Customer a limited, non-exclusive, non-transferable, non-sublicenseable (except to authorized end users) right to use the Documentation delivered by HID for use with the Service and to copy the Documentation solely for internal use, provided that all titles, trademarks, trade names, copyright, restricted rights and other proprietary notices are retained.

2.5 If applicable, End Customer is solely responsible for the development, implementation, operation, support, maintenance and security of any Customer Application.

2.6 Additional terms applicable to certain services are included herein as an Attachment.

3. ACCEPTABLE USE AND COMPLIANCE WITH LAW

3.1 You shall not and shall not permit any end users or third party to access, store, distribute or transmit any spam, viruses, worms, Trojan horses, corrupted files, or other items of a destructive or disruptive nature. You shall not, and shall not permit end users or any third party to access, store, distribute or transmit any data or any material during the course of use of the Service that is unlawful, illegal, harmful, threatening, defamatory, obscene, abusive or infringing of any rights or in any way not in compliance with applicable laws. HID may immediately, without liability to you, suspend or otherwise disable the Service to the extent necessary to disable access to any data or material that breaches the provisions of this Section.

3.2 You shall not, and shall not permit end users or any third party to: (a) modify or create any derivative work of the Service, APIs, or Documentation, or any portion thereof; (b) decompile, reverse engineer or otherwise attempt to derive the underlying ideas, algorithms, structure or organization from the Service or APIs; (c) sell, license, sublicense, lease, rent, or otherwise transfer rights to the Service or APIs to any third party; (d) create Internet "links" to the Service or "frame" or "mirror" any part of the Service, including any content contained in the Service, on any other server or device; (e) engage in, promote, or encourage illegal activity; (f) disable, interfere with or circumvent any aspect of the Service or APIs; or (g) disclose or publish the results of any performance, functional, security evaluation or pen testing, or other evaluation or benchmarking of the Service to any third party without written consent from HID.

3.3 Unless otherwise agreed, you shall not, and shall not permit any end user or third party to incorporate other services, software or products with Service.

3.4 You shall maintain the confidentiality and security of all credentials, including but not limited to, passwords, usernames and other identification. You shall use all reasonable efforts to prevent any unauthorized access to, or use of, the Service and, in the event of any such unauthorized access or use, you will promptly notify HID in writing.

3.5 The Service, any accompanying software and/or hardware, and other technology HID makes available (“HID Offerings”) may be subject to export laws and regulations of the United States and other jurisdictions. You agree to comply with all applicable export laws and regulations. You shall not permit end users to access or use any HID Offerings or Customer Materials in an embargoed country that would prohibit such access or in violation of any export law or regulation. Proscribed countries are subject to change without notice, and you must comply with the list as it exists in fact. You certify that neither End Customer nor any end users are on the U.S. Department of Commerce's Denied Persons List or affiliated lists or on the U.S. Department of Treasury's Specially Designated Nationals List or any such comparable lists by the government of the United Kingdom.

3.6 Each party shall comply with all applicable laws, ordinances, rules and regulations, and shall obtain any and all permits, licenses, authorization, and/or certificates that may be required in any jurisdiction or any regulatory or administrative agency in connection with the sale, use and/or operations of HID Offerings. Without limiting the generality of the foregoing, you shall comply with all laws and regulations on data privacy, international communications, and the exportation of technical or Personal Data.

3.7 End Customer agrees to defend, indemnify and hold harmless HID from and against all liabilities, fines, penalties, costs and expenses, including reasonable attorney’s fees, related to or arising from: (a) breach of Section 3; or (b) alterations or modifications to the Service, or any software made available pursuant to Section 5, not made by HID; or (ii) combination or use of the Service, or any software made available pursuant to Section 5, with products, services, or materials not provided by HID.

4. CUSTOMER MATERIALS

4.1 You grant HID the right to host, use, process, display and transmit Customer Materials to provide the Services pursuant to and in accordance with these Terms of Service.

4.2 End Customer hereby warrants that it (a) owns or has otherwise obtained all rights and permissions related to any Customer Materials; and (b) Customer Materials do not violate the privacy rights, publicity rights, trademark rights, copyrights, contract rights or any other rights of any person or entity. Additionally, if required, End Customer warrants that it will provide all appropriate notices to data subjects and has obtained all appropriate consents to transfer Personal Data to HID and allow its processing as necessary to provide the Service in accordance with the Data Processing Terms. End Customer agrees to defend, indemnify and hold harmless HID from and against all liabilities, fines, penalties, costs and expenses, including reasonable attorney’s fees, related to or arising from breach of this Section.

4.3 End Customer has sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of Customer Materials. Customer acknowledges and agrees that HID does not exercise any control over any of Customer Materials that End Customer or its end users use in connection with the Service. Furthermore, except as otherwise agreed, you acknowledge and agree that HID will have no liability or responsibility for any Customer Materials, including, but not limited to, liability for any data loss.

4.4 The following terms apply to Enterprise Indoor Location and Condition Monitoring solutions that includes both hardware (BLE Beacons and Gateways) and Bluzone™ Enterprise Software provided as a software-as-a-service solution: End Customer acknowledges that HID is not required to retain any usage, location or sensor data beyond thirty (30) days after collection.

5. SOFTWARE

Software made available for download with, from, or through the Service, if any, is licensed subject to the terms of the applicable End User License Agreement (“EULA”) located at: https://www.hidglobal.com/sales-policy/on-premise-software-eula or provided at the time of download or a separate license agreement by and between the Parties. You shall maintain any third-party software copyright notices and comply with any license terms embedded on third party software received in connection with Service.

6. CHANGES TO THE SERVICE

HID reserves the right to update, upgrade, modify, change, improve, and/or redesign any product or service at any time (“Product Changes”). HID will not make any Product Changes that materially impact the functionality of the Service during the then-current subscription term. HID further reserves the right to discontinue any product or service upon six (6) months advance notice to End Customer. Any and all subsequent updates, upgrades, revisions and changes to the Service or any software component thereof shall be governed by these Terms of Service, as may be amended by HID from time to time. You will promptly install all updates to any software made available pursuant to Section 5, as HID makes them available, and if you provide access to the Service on behalf of other end users, you shall require them to install all such updates also.

7. SERVICE LEVEL AGREEMENT

Service Level Agreements, if any, are separately communicated to you by HID or Channel Partner, as applicable. For clarity, any credits owed pursuant to any Service Level Agreements will only be provided to the party that pays HID for the Service. Any applicable Service Level Agreements shall not apply to Trial Services, as defined herein.

8. SUPPORT

Support included with the Service or purchased separately will be provided in accordance with the applicable terms located at: https://www.hidglobal.com/support as may be amended from time to time.

9. AUTORENEWAL

Upon expiration of the initial subscription term, your access to the Service will automatically renew for the same term as initially ordered unless you, Channel Partner, or HID, as applicable, gives notice of non-renewal at least thirty (30) days in advance of the renewal date. You agree to pay the fee applicable to any such renewal. These terms will continue to govern purchase of the Service for any subsequent subscription term.

10. PROPRIETARY RIGHTS AND RESTRICTED RIGHTS

You acknowledge and agree that HID and/or its licensors own all Intellectual Property Rights in the Service. Except as expressly stated herein, you are not granted any Intellectual Property Rights or any other rights or licenses with respect to the Service, APIs and Documentation.

Services are provided with "Restricted Rights." Use, duplication or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of the Commercial Computer Software-Restricted Rights at 48 CFR 52.227-19, as applicable (and the successor clauses to any of the foregoing). The contractor/manufacturer is HID Global Corporation. Subject to any applicable regulations set out in the FAR or DFARS (and any superseding regulations), Services are provided with the commercial license rights and restrictions described elsewhere in these Terms of Service. For Department of Defense agencies, the restrictions set forth in the "Technical Data - Commercial items" clause at DFARS 252.227-7015 (Nov 1995) shall also apply.

11. NO LIABILITY

11.1 EXCEPT AS OTHERWISE AGREED, THE SERVICE IS PROVIDED TO YOU ON AN “AS IS” BASIS. HID GIVES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE SERVICE, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF SATISFACTORY QUALITY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. HID MAKES NO WARRANTY REGARDING THE QUALITY OF ANY SERVICES OR PRODUCTS PURCHASED OR ACCESSIBLE BY END CUSTOMER. HID MAKES NO WARRANTY THAT THE SERVICES AND PRODUCTS WILL MEET END CUSTOMER REQUIREMENTS OR WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE. HID MAKES NO WARRANTY REGARDING THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICE. HID MAKES NO REPRESENTATION THAT ANY DEFECTS, ITS SERVICES OR PRODUCTS WILL BE CORRECTED. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY A CHANNEL PARTNER, HID, OR AN HID AUTHORIZED REPRESENTATIVE SHALL CREATE A WARRANTY.

11.2 EXCEPT AS OTHERWISE AGREED, HID WILL NOT BE RESPONSIBLE FOR ANY INTERRUPTIONS, DELAYS, FAILURES OR NON-AVAILABILITY AFFECTING THE SERVICE OR THE PERFORMANCE OF ANY PRODUCTS OR SERVICES WHICH ARE CAUSED BY YOU OR ANY THIRD PARTIES, OR ANY ERRORS OR BUGS IN SOFTWARE, HARDWARE, OR THE INTERNET.

11.3 Except as otherwise agreed, HID shall not be liable to you whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise, for any loss or damage (whether direct, indirect, consequential, etc. including without limitation, loss profits, data loss, business interruption, or any other economic or reputational loss ) arising in connection with your use or failure to use the Service. Notwithstanding, nothing in these Terms of Service excludes HID’s liability for: (a) death or personal injury caused by HID’s negligence; or (b) fraud or fraudulent misrepresentation.

11.4 If End Customer purchases the Services from a Channel Partner, End Customer acknowledges that HID is not a party to and is not bound by any of the terms and conditions or representations or warranties set forth in any agreement between End Customer and such Channel Partner.

12. FEEDBACK

You may from time to time provide suggestions, comments or other feedback to HID with respect to any product, material, software or information provided by HID (hereinafter "Feedback"). You agree that all Feedback is and shall be entirely voluntary and shall not, absent separate agreement, create any confidentiality obligation for HID. However, HID shall not disclose the source of any feedback without the providing party’s consent. HID shall be free to disclose and use such Feedback as it sees fit, entirely without obligation of any kind.

13. SUSPENSION OR TERMINATION OF ACCESS

13.1 Should your account be terminated or if you cease use of the Service, you must immediately contact HID or Channel Partner to disable your access. Any amounts prepaid for the Service are non-refundable.

13.2 HID may terminate your access to the Service with immediate effect and disable your access if: (a) you or any of your end users breach these Terms of Service; or (b) you or any of your end users infringe HID’s or any of its licensor’s Intellectual Property Rights or make any unauthorized use of the Service.

13.3 HID may temporarily suspend your access to the Service (to be restored as soon as commercially practicable) if HID reasonably believes it necessary to maintain the security, quality or integrity of the Service or to prevent misuse.

13.4 HID may suspend or terminate access to all or any part of the Service if: (a) HID determines in its reasonable discretion the Service does or may infringe on a third party’s Intellectual Property Rights; or (b) any third party suppliers, service providers or licensors that assist HID in providing the Service cease providing services to HID for any reason or for no reason.

13.5 If you purchase the Service through a Channel Partner, HID may suspend or terminate your access to the Service upon request by Channel Partner or due to non-payment or insolvency by Channel Partner.

13.6 Upon written request by End Customer, made within 30 days after the effective date of termination of the Service, HID will make Customer Materials available to End Customer for export or download as provided in the Documentation. After such 30-day period, HID will have no obligation to maintain or provide any Customer Materials. Thereafter, unless legally prohibited, HID will delete or destroy all copies of Customer Materials in HID systems or otherwise in HID’s possession or control, as provided in the Documentation and/or the Data Processing Terms, as applicable. For clarity, this Section does not apply to Trial Services.

14. FORCE MAJEURE

Neither party shall be liable for failure to fulfill its obligations under these Terms of Service or for delays in delivery due to causes beyond its reasonable control, including but not limited to act of God, acts or omissions of the other party, man-made or natural disasters, material shortages, strikes, service outages failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections and power failures. The time for performance of any such obligation shall be extended for the time period lost by reason of the delay.

15. TRIAL

15.1 If you are accessing the Service on trial basis, HID or Channel Partner will make the Service available at no charge (“Trial Services”) for a period of up to 30 days (“Trial Services Period”), unless otherwise set forth in a Service-specific Attachment hereto or agreed in writing by HID. Trial Services are intended for evaluation purposes only and not for production. These Terms of Service shall apply to your use of Trial Services.

15.2 During or upon expiry of the Trial Services Period, End Customer may purchase a subscription to the Service through HID or Channel Partner. Upon purchase of a subscription, these Terms of Service will continue to apply to your use of the Service.

15.3 If you do not purchase a subscription to the Service at the end of the Trial Services Period: (a) all rights to access or use the Service will end; and (b) HID will delete all Customer Materials within 30 days of expiry of the Trial Services Period. For clarity, HID has no obligation to retain Customer Materials following termination of the Trial Services Period.

15.4 HID may discontinue Trial Services at any time in HID’s sole discretion. HID will have no liability for any harm or damage arising out of or in connection with a Trial Service. For Trial Services, service level commitments do not apply, and support is provided on an as-available basis and is not guaranteed. During any Trial Services Period, HID will make commercially reasonable attempts to contact users in the event of service disruptions or planned maintenance. In HID’s sole discretion, the Test Services may be subject to limitations, including, but not limited to, (i) number of services; (ii) number of users and groups; (iii) disk and service storage space limitations; and/or (iv) rate limits or throttling on calls to HID APIs.

16. WAIVER

No forbearance or delay by either party in enforcing its rights shall prejudice or restrict the rights of that party, and no waiver of any such rights or of any breach of any contractual terms shall be deemed to be a waiver of any other right or of any later breach.

17. SEVERABILITY

If any provision of these Terms of Service is judged to be illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions shall not be prejudiced.

18. AMENDMENTS

HID may amend these Terms of Service at any time. HID will post a copy of the amended Terms of Service on the web page, platform or portal where the Service is accessed. Your continued use of the Service after amendment will be considered as your acceptance of the amended Terms of Service.

19. ASSIGNMENT

You may not assign or purport to assign these Terms of Service or any of its obligations thereunder without HID’s prior written consent.

20. THIRD PARTY RIGHTS

These Terms of Service do not confer any rights on any third party.

21. ENHANCEMENT DATA

HID may collect and use usage history and statistics based on your or your end users’ use of Service (collectively, “Enhancement Data”) for HID’s internal analytical purposes related to its provision of the Service, including to improve and enhance the Service. HID may make information derived from its analysis of Enhancement Data publicly available, provided that the publicized information does not include any Enhancement Data that has not been aggregated and anonymized. For the purposes of these Terms of Service, aggregated and anonymized Enhancement Data means Enhancement Data that (a) has been aggregated with other data, and (b) does not contain information that identifies you, End Customer, or any end users. For the sake of clarity, aggregated and anonymized data is not considered confidential information.

22. PUBLICITY

HID may publicly disclose that you are a user of the Service. Additionally, you agree to participate in press announcements, case studies, trade shows, or other marketing reasonably requested by HID. During your use of the Service and for a period thereafter, you grant HID the right, free of charge, to use your name and/or logo, worldwide, to identify you as a customer on HID’s website and/or in other marketing or advertising materials. Any logo use shall be subject to HID’s compliance with any written guidelines that you may deliver to HID regarding the use of your name and logo.

23. CONSENT FOR CONTRACT AND ACCESS TO SERVICE INSTANCE

HID may contact you directly to communicate on matters related to the Service. HID may access any Service instance as necessary to support the Service. Provided, however, unless otherwise set forth in a Service-specific Attachment hereto, HID’s support personnel will not access any Personal Data contained within the Service without End Customer’s approval.

24. ENTIRE AGREEMENT

Unless agreed otherwise in signed writing by HID, these Terms of Service contain the whole agreement between the parties relating to the subject matter hereof and supersedes all prior agreements, arrangements and understandings between the parties relating to that subject matter.

25. GOVERNING LAW AND DISPUTE RESOLUTION

These Terms of Service shall be construed and interpreted in accordance with the laws of the State of Texas. Any action, suit or proceeding relating to these Terms of Service may be brought in the appropriate court located in Travis County, Texas and you hereby consent to such jurisdiction. The parties hereby irrevocably waive any and all rights to trial by jury in any legal proceedings arising out of or related to these Terms of Service or the transactions contemplated hereby. The provisions of the United Nations Convention on Contracts for the International Sale of Goods will not apply to these Terms of Service or any order issued hereunder.


Attachment 1 - Additional Terms for HID Origo™ Platform and Related Services

The following terms will apply to the HID Origo™ Platform and related services, in addition to those set forth in the Terms of Service. All capitalized terms not defined herein will have the meaning ascribed in the Terms of Service. In the event of a conflict between this Attachment and the Terms of Service, this Attachment governs.

1. Prior to enabling any end user to use the HID Mobile Access or HID Reader Manager application, each end user will be required to enter into a License and end user Agreement with HID. End Customer is responsible for end users’ compliance with the terms and conditions of the Terms of Service, including this Attachment, and the License and end user Agreement. Alternatively, if end users use a mobile application developed by End Customer or a third party (collectively, a “Third Party Application”) in connection with the Service, end users will be required to enter into the end user license agreement governing the use of the Third Party Application. If end users use a Third-Party Application, End Customer hereby grants HID the right to use such application in providing the Service. End Customer represents and warrants that End Customer has all necessary rights to authorize the use the Third-Party Application as set forth herein.

2. In order to register a mobile device for use with the Service, an “Invitation Code” must be requested from the Service. It is End Customer’s responsibility to ensure any Invitation Code(s) issued by the Service are delivered securely to the intended recipient’s mobile device. It is the responsibility of the account administrator to: (i) issue and revoke Mobile IDs and/or Reader Manager keys via the Service; (ii) create and manage end user accounts; and (iii) ensuring end users are informed of the applicable privacy terms and the processing of their data. To issue and revoke Mobile IDs, End Customer via the account administrator or authorized designee, will be required to upload and maintain Customer Materials in accordance with Section 4.

3. From time to time, HID support personnel may log in to End Customer’s account without prior approval in order to provide, maintain or improve the Service. HID may also access End Customer’s access, use, reproduce, modify, edit, and reformat Customer Materials from time to time as HID deems necessary, solely to provide the Service. End Customer hereby acknowledges and consents to such activities. HID reserves the right to establish a maximum amount of memory or other computer storage and a maximum amount of Customer Materials that may be uploaded or transmitted on or through the Service. End Customer may only submit Customer Materials in the formats that HID supports.

4. The account administrator sets the security for the account and determines the end users that may use the Service. The account administrator must complete the registration process by providing HID with current, complete and accurate information including, without limitation, the Personal Data types identified in the applicable Data Processing Specifications.

5. For the purposes of Section 15 of the Terms of Service, Customer Materials shall include Mobile IDs and the Trial Services Period shall be ninety (90) days.

6. Unless otherwise permitted by HID in writing, End Customer may only use the HID Origo™ Platform and the Service to manage Mobile IDs for End Customer’s internal business purposes. End Customer may not use the HID Origo™ Portal or the Service to manage Mobile IDs belonging to a third party, or to provide a managed service for a third party that is unconnected with End Customer’s internal business purposes.

7. End Customer shall implement and enforce policies for end users to secure devices and to timely report compromising incidents such as loss, jailbreak or theft of their devices to the account administrator. Upon notice by an end user that a device has been compromised, the End Customer must immediately revoke the end user’s Mobile ID through the Service and must also disable the credential in End Customer’s access control system. Please note, that a Mobile ID cannot be revoked via the Service if the device is switched off, out of network or in flight mode; therefore, End Customer must disable the credential in End Customer’s access control system in order to maintain building security. If a Mobile ID is revoked through the Service, or if an end user switches devices, a new Mobile ID must be assigned. Mobile IDs cannot be re-used for multiple devices and/or end users and end users may not use Mobile IDs in excess of the number or permitted devices pursuant to End Customer’s purchase. Additionally, End Customer agrees to register each separate individual end user as a distinct user record in the HID Origo™ Portal. In the event an End Customer’s use of a Service exceeds the terms of End Customer’s purchase, HID reserves the right to charge End Customer for any such excess usage. Mobile IDs are not backed up by any third-party application store associated with the end user’s device operating system or any other backup facility. Therefore, if a device is corrupted and restored to factory settings, a new Mobile ID must be assigned to the device.

8. For clarity, if End Customer purchases the Service through a Channel Partner, all Support requests should be placed with the Channel Partner.

9. End Customer represents and warrants that it will not use the HID Origo™ Platform or any related services to access, store, distribute or transmit: (i) personal information collected from students, as defined under Family Educational Rights and Privacy Act (FERPA); (ii) education records, as defined under FERPA; or (iii) Personal Data of data subjects under the age of 13. Additionally, the Service and the HID mobile application are not intended for use by children under 13 and HID does not knowingly collect any Personal Data from children under the age of 13.


Attachment 2 - Additional Terms for HID WorkforceID Digital Credential Manager

The following terms will apply to the HID WorkforceID Digital Credential Manager, in addition to those set forth in the Terms of Service. All capitalized terms not defined herein will have the meaning ascribed in the Terms of Service. In the event of a conflict between this Attachment and the Terms of Service, this Attachment governs.

1. Additional Definitions

"Authentication Devices" means smart cards, smart USB keys and mobile devices used in connection with the Services.

"Publicly Trusted Certificate Authority" means an entity authorized to issue, suspend, or revoke TrustID Digital Certificates. These digital certificates are subject to the TrustID Certificate Policy and TrustID Certificate Practices Statement available at https://secure.identrust.com/certificates/policy/ts/index.htm, hereby incorporated herein. WorkforceID Digital Credential Manager configured with a Publicly Trusted Certificate Authority enables issuance of authentication, digital signature and encryption digital certificates.

"Private Dedicated Certificate Authority means the certificate-based Public Key Infrastructure based on a unique issuing certificate authority where End Customer is acting as the authorized Registration Authority. The private root certificate authority and related issuing certificate authorities are operated on End Customer’s behalf and at End Customer’s direction by HID. The dedicated certificate authority shall be chained to HID’s customer shared privatSupport Servicese root CA and is not chained to a pre-distributed public root certificate. WorkforceID Digital Credential Manager configured with a Private Dedicated Certificate Authority enables issuance of authentication digital certificates.

"Certificate Repository": An online system maintained by HID for storing and retrieving Digital Certificates and other information relevant to Digital Certificates, including information relating to Digital Certificate validity or revocation.

"Digital Certificates" means the digital certificates issued by the Publicly Trusted Certificate Authority or Private Dedicated Certificate Authority, based on your subscription. These Digital Certificates (i) identify the entity issuing it; (ii) name or identify a certificate holder (the end user); (iii) contain the public key of the certificate holder; (iv) identify the certificate's validity period; and (v) is digitally signed by the issuing entity. A Digital Certificate includes not only its actual content but also all documents expressly referenced or incorporated in it.

"Digital Signature/Digitally Sign": The transformation of an electronic record by one person, using a Private Key and Public Key Cryptography, so that another person having the transformed record and the corresponding Public Key can accurately determine (i) whether the transformation was created using the Private Key that corresponds to the Public Key, and (ii) whether the record has been altered since the transformation was made. The Digital Signature does not involve a handwritten signature.

"Key Pair": Two mathematically related keys (a Private Key and its corresponding Public Key), having the properties that (i) one key can be used to encrypt a message (i.e., create a Digital Signature) that can only be decrypted using the other key (i.e., verify the Digital Signature), and (ii) even knowing one key (e.g., the Public Key), it is computationally infeasible to discover the other key (e.g., the Private Key).

"Private Key": The key of a Key Pair kept secret by its holder and used to create Digital Signatures and to decrypt messages or files that were encrypted with the corresponding Public Key.

"Public Key": The key of a Key Pair publicly disclosed by the holder of the corresponding Private Key and used by the recipient to validate Digital Signatures created with the corresponding Private Key and to encrypt messages or files to be decrypted with the corresponding Private Key.

"Public Key Cryptography": A type of cryptography (a process of creating and deciphering communications to keep them secure) that uses a Key Pair to securely encrypt and decrypt messages. One key encrypts a message, and the other key decrypts the message. One key is kept secret (Private Key), and one is made available to others (Public Key). These keys are, in essence, large mathematically related numbers that form a unique pair. Either key may be used to encrypt a message, but only the other corresponding key may be used to decrypt the message.

2. The HID WorkforceID Digital Credential Manager provides the issuance and management of Digital Certificates onto Authentication Devices. During the issuance process of a Digital Certificate configured for authentication or digital signature, the end user will generate on their device, a Key Pair (Public and Private Keys) and the corresponding Public Key will be submitted to HID, incorporated into the Digital Certificate, and stored by HID in its Certificate Repository. During the issuance process of a Digital Certificate configured for encryption, the HID will generate a Key Pair (Public and Private Keys) and the corresponding Public Key will be submitted to HID, incorporated into the Digital Certificate, and stored by HID in its Certificate Repository. The Private Key will also be escrowed in encrypted form by HID in its Certificate Repository, available for recovery onto the end user's Authentication Devices.

3. As part of the Services ordering process, HID will provide End Customer with an Onboarding Form entitled "WorkforceID Digital Credential Manager Onboarding Form" that End Customer must sign. HID shall have the right to verify the information End Customer provides in the WorkforceID Digital Credential Manager Onboarding Form. If HID is unable to verify End Customer and its Account Administrator and relationship to its satisfaction, HID has the right to require additional information from the End Customer. In the event the additional information does not provide HID the appropriate verification of End Customer, HID will not process End Customer's order for the Services and this Agreement shall not go into effect. HID shall incur no liability or responsibility for any such cancellation.

4. For Publicly Trusted Certificate Authority, End Customer shall ensure that the Account Administrator and other End Customer directory administrators use PKI-based two-factor authentication to access their network and servers from which the Services will access end user information. End Customer shall also ensure that such network and servers are maintained at the current security patch level.

5. For Publicly Trusted Certificate Authority, Before Account Administrator allows users to use the Services, the Account Administrator shall verify the end user's identity by checking each end user's government-issued photo ID and other government-issued documents identifying the individual. Each Account Administrator shall also verify that end user is currently employed or otherwise authorized to work for the End Customer. End Customer is solely responsible and liable for verifying the identities of end users and their authorized affiliation with End Customer. End Customer is obligated by this Agreement to retain and archive this end user Verification data through the Term of the Agreement with HID, and up to ten years and six months from the date of issuance of the Digital Certificate.

6. For Publicly Trusted Certificate Authority, End Customer shall comply with the following obligations in managing the Digital Certificates:

  1. Use of Digital Certificates. The purpose of an end user's Digital Certificate is to identify each respective end user and the fact that each such end user is employed or otherwise affiliated with End Customer - End Customer acknowledges and agrees and shall ensure that end users shall only use Digital Certificates to establish an end user's identity with third-parties, sign and file documents electronically, obtain access to certificate-enabled online sources of information, and make secure and/or encrypted communications. End Customer acknowledges and agrees and shall ensure that end users may not use their Digital Certificate for (i) any application requiring fail-safe performance, such as the operation of nuclear power facilities, air traffic control systems, aircraft navigation systems, weapons control systems, or any other system whose failure could lead to injury, death or environmental damage; (ii) transactions where applicable law prohibits its use; or (iii) fraud or any other illegal scheme or unauthorized purpose.
  2. Digital Certificate Acceptance: End Customers shall ensure that when end users retrieve Digital Certificates on their device issued by the Services, they shall immediately notify HID of any errors, defects or problems with their Digital Certificates. End Customers shall ensure that end users agree that they will have accepted their respective Digital Certificate: (i) when end users use their Digital Certificate or the corresponding Private Key after downloading the Digital Certificate, or (ii) if end user fails to notify HID of any errors, defects or problems with their Digital Certificate within a reasonable time after downloading it. End Customer shall ensure that end users (i) accept the Digital Certificate contents and the responsibilities identified in this Agreement, and (ii) represent, warrant and agree that all information in their Digital Certificate identifies each respective end user.
  3. End Customer Representations and Warranties:
    1. By accepting a Digital Certificate, End Customer: (i) accepts its contents and the responsibilities identified in this Agreement, and (ii) represents and warrants to HID and to all who reasonably rely on the information contained in the Digital Certificate that: (a) end user rightfully holds the Private Key corresponding to the Public Key listed in the Certificate; (b) all representations made and information submitted to HID in the application process were current, complete, true and not misleading, (c) End Customer has obtained all facts material to confirming end user's identity and to establishing the reliability of the Digital Certificate, (d) all information in the Digital Certificate that identifies end user is current, complete, true and not misleading, (e) End Customer is not aware of any fact material to the reliability of the information in the Digital Certificate that has not been previously communicated to HID, and (f) end user has kept their Private Key secret.
    2. End Customer and end users are responsible for protecting their Private Keys. End Customer represents, warrants, on behalf of itself and end users that, in regard to Digital Certificates: (i) End Customer and end users have kept and will keep Private Keys private, stored in an Authentication Device managed by the Services, protected by a PIN code, that is also kept private, and (ii) end user and End Customer will take reasonable security measures to prevent unauthorized access to, or disclosure, loss, modification, compromise, or use of, Private Key and the Authentication Device on which Private Keys are stored. If end user or End Customer ever suspect or discover that the security of their Private Key has been or is in danger of being compromised in any way, End Customer must immediately notify HID, and request that such Digital Certificate be revoked. If such Private Key has been compromised, End Customer should notify anyone using the associated Digital Certificate for encrypted messages that such encrypted messages are no longer secure.
  4. Once issued by the Services, a Digital Certificate will be valid for three years from date of issuance. If the Agreement Term ends prior to the Digital Certificate expiration, the Digital Certificate will be revoked. At the expiration of a Digital Certificate, the end user may renew its Digital Certificate in accordance with the Services renewal procedures, unless (a) their Certificate has been revoked or (b) End Customer has notified HID to cancel this Agreement.
  5. If any of end user's information included in a Digital Certificate changes (such as username, UPN, email address), End Customer shall have end users update their Digital Certificate using the Services.
  6. End Customer understands and acknowledges that the Digital Certificates issued to the end users using the Services will expire after their stated period of validity, and that prior to expiration the end user may request to receive renewal Digital Certificates to replace his or her expiring Digital Certificates. End Customer hereby authorizes the end user to apply for and receive, and authorizes HID to issue, successive renewal Digital Certificates, during the Term of this Agreement.
  7. End Customer must immediately request, using the Services or by notifying End Customer's help desk, that the Digital Certificate be revoked if: (i) End Customer discovers or suspects that the Private Key corresponding to the Digital Certificate has been or is in danger of being lost, disclosed, compromised or subjected to unauthorized use in any way, or (ii) any information in the Digital Certificate is no longer accurate, current, or complete or becomes misleading, including if the end user is no longer affiliated with End Customer.
  8. HID may suspend end users' Digital Certificates when any party makes a claim against HID that their Digital Certificate is invalid or has been compromised. HID will promptly investigate any such claim, and either revoke such Digital Certificate or restore it to valid status, as HID reasonably deems appropriate. If end user, or someone else with authority, request/s that their Digital Certificate be revoked, HID will revoke their Digital Certificate and update the Certificate Repository as soon as practical after it has adequately confirmed that the person making the revocation request is authorized to do so. If the request is signed using end user's Private Key, the request will be accepted as valid. HID may also revoke an end user's Digital Certificate without advance notice if HID determines, in its sole discretion, that: (i) the Digital Certificate was not properly issued or was obtained by fraud; (ii) the security of the Private Key corresponding to the Digital Certificate has or may have been lost or otherwise compromised; (iii) the Digital Certificate has become unreliable; (iv) material information in the application or Digital Certificate has changed or has become false or misleading (e.g., they are no longer affiliated with End Customer); (v) an end user or End Customer have violated any applicable agreement or obligation; (vi) end user, End Customer or the Channel Partner requests revocation; (vii) a governmental authority has lawfully ordered HID to revoke their Digital Certificate; (viii) this Agreement terminates; or (ix) there are other reasonable grounds for revocation.
  9. End Customer shall ensure that end users must immediately cease using their Digital Certificates in the following circumstances: (i) when end user or End Customer suspects or discovers that the Private Key corresponding to their Digital Certificate has been or may be compromised or subjected to unauthorized use in any way; (ii) when any information in their Digital Certificate (other than their e-mail address) is no longer accurate, current, or complete or becomes misleading; (iii) upon the revocation or expiration of the Digital Certificate; or (iv) upon termination of this Agreement.


Attachment 3 - Additional Terms for HydrantID Managed PKI and Trusted
Digital Certificate Services

The following terms will apply to the HydrantID Managed PKI and Trusted Digital Certificate Services, in addition to those set forth in the Terms of Service. All capitalized terms not defined herein will have the meaning ascribed in the Terms of Service. In the event of a conflict between this Attachment and the Terms of Service, this Attachment governs.

1. Additional Definitions

“Authorized Public Certificate Authority Provider” means the entity, or entities, who have partnered with HID to issue public trusted digital certificates to HID customers. For clarity, the Authorized Public Certificate Authority Provider may be either a third-party provider or an HID affiliated entity. Public trusted digital certificates, such as trusted Secure Socket Layer (SSL)/Transport Layer Security (TLS) certificates, are technically chained to a publicly trusted root meeting the necessary industry criteria, guidelines and rules for distribution to major browsers and operating systems to enable the use of publicly trusted SSL and/or end user Certificates.

“Certificate” or “Digital Certificate” means a digital identifier that, at least, states a name or identifies the issuing CA, identifies the Certificate Holder or Domain Name, contains the public key relating to the Certificate Holder or Domain Name or the device with which that Certificate Holder is associated, identifies the Certificate’s Operational Period, contains a Certificate serial number, and contains a digital signature of the issuing CA.

“Certificate Application” means a request to a CA for the issuance of a Certificate.

“Certification Authority” or “CA” means an entity authorized to issue, suspend, or revoke Certificates. For purposes of this Attachment, the term CA shall mean HID or Authorized Public Certificate Authority Provider with respect to the HydrantID PKI.. With respect to HydrantID Private Root PKI CA or Dedicate Issuing CA PKI services, the term CA shall mean End Customer.

“Certificate Holder or Subscriber” means either the Individual to whom an end user Certificate is issued, or the Individual responsible for requesting, installing and maintaining the trusted system for which an SSL Certificate has been issued.

“Dedicated Issuing Certificate Authority” means the certificate-based Public Key Infrastructure based on a unique and customer branded issuing certificate authority where Client is acting as the authorized Registration Authority. The private root certificate authority and related issuing certificate authorities are operated on Clients behalf and at Clients direction by HID. The dedicated issuing certificate authority shall be chained to HID’s customer shared private root CA and is not chained to a pre-distributed public root certificate.

“EV Certificate” means an Extended Validation SSL Certificate that complies with the CA/B Forum’s Extended Validation Guidelines.

“HydrantID Certificate Administration Console and Technology” means the web-based Certificate administration application or certificate management automation connectors or API(s) operated by HID, Channel Partners and/or its authorized affiliates for the purposes of utilizing the HydrantID PKI, Dedicated Issuing Certificate Authority and Private Root Certificate Authority services.

“HydrantID PKI” means the Certificate-based Public Key Infrastructure where HID, through Authorized Public Certificate Authority Provider, provides public trusted digital certificates chained to a publicly trusted root. Public trusted digital certificates, such as Secure Socket Layer (SSL)/Transport Layer Security (TLS) certificates, are technically chained to a publicly trusted root meeting the necessary industry criteria, guidelines and rules for distribution to major browsers and operating systems to enable the use of publicly trusted SSL and/or end user Certificates.

“Private Root Certificate Authority” means the certificate-based Public Key Infrastructure based on a unique Client private root certificate authority where Client is the acting as the authorized Certificate Authority. The private root certificate authority and related issuing certificate authorities are operated on Clients behalf and at Clients direction by HID. End Customer acknowledges that HID maintains custody of offline private root keys for HID’s private root PKI service. These private root keys are stored on hardware maintained by HID using third-party infrastructure. Upon termination of the Service, End Customer may request the transfer of private root keys stored by HID, subject to a commercially reasonable fee.

“Registration Authority” means the entity authorized by the Certificate Authority to issue, suspend, or revoke Digital Certificates for the Dedicated Issuing Certificate Authority Service.

“SSL Certificate” means a HydrantID PKI Trusted SSL Certificate chained to a publicly trusted root certificate provided by HID’s Authorized Public Certificate Authority used to support SSL sessions between a web browser (or another client) and a web server that uses encryption.

1. During the term of the then-current subscription, HID hereby grants to End Customer a terminable, non-exclusive and non-transferable license to use the HydrantID Certificate Administration Console and Technology for the following managed PKI related services: HydrantID PKI for SSL and end user Certificates; Dedicated Issuing Certificate Authority Service; Private Root Certificate Authority Services or other related HID Offerings as may be licensed by End Customer pursuant to the End Customer’s relevant paid-up subscription order. This license grant is restricted to utilizing the HydrantID PKI Certificate services only for the purposes of securing End Customer-owned domain names, computer systems and servers, and domain names, computer systems and servers under End Customer’s direct administrative control and for the End Customer’s sole business use.

2. Approval of all Certificate requests and subsequent issuance through the HydrantID Certificate Administration Console and Technology Service will be at the sole discretion of the relevant Certificate Authority. HydrantID PKI Certificate services may not be used to secure any other entity’s or organization’s computer systems directly, indirectly, or as part of a service offering provided by End Customer. With respect to publicly trusted SSL certificates issued from the HydrantID PKI, End Customer may request and issue Certificates for internet domain names that have been approved by HID through Authorized Public Certificate Authority Provider. Domain name approval will be at HID’s sole discretion and determination. End Customer may not issue HID publicly trusted SSL Certificates issued from the HydrantID PKI to internal host names or IP addresses. The number of certificates the End Customer may issue and utilize from the HydrantID PKI; Private Root Certificate Authority; or Dedicated Issuing Certificate Authority and associated OCSP certificate validation requests is in the order submitted to and accepted by HID. If the volume of certificates is designated as “Unlimited” in the order submitted to and accepted by HID, then End Customer may issue unlimited certificates as long as the volume of certificate request and issuance is within HID’s technical, operational and support capabilities in place at the time of this agreement and as may be apportioned to End Customer at any given time, including network, computer systems, and personnel. HID’s technical and operational capabilities shall be determined solely by HID.

3. Additional HID Obligations

HID’s obligations hereunder shall be conditional upon the satisfactory completion by End Customer of all Certificate Application requirements to the satisfaction of HID in its sole discretion.

  1. HydrantID PKI Issuing CA Obligations. HID and Authorized Public Certificate Authority Provider shall operate the HydrantID PKI in accordance with standard industry practices. HID, shall be responsible for issuance or revocation of a Certificate upon the electronic instruction of the End Customer following HID’s authentication, validation and approval of the data entered into the HydrantID Certificate Administration Console and Technology Service. Upon HID’s approval of a Certificate Application, HID shall (i) be entitled to rely upon the correctness of the information in each such approved Certificate Application; and (ii) issue a Certificate to the Certificate Applicant submitting such Certificate Application. HID shall publish and make accessible details of the public keys of Certificates issued, and shall maintain, publish and make available a listing of Certificates revoked.
  2. HydrantID Private Root Certificate Authority and Dedicated Issuing Certificate Authority Obligations. HID shall issue, manage, revoke, and/or renew Certificates in accordance with the instructions provided by End Customer administrator(s). Upon a valid Certificate Application, HID shall (i) be entitled to rely upon the correctness of the information in each such approved Certificate Application; and (ii) issue a Certificate to the Certificate Applicant submitting such Certificate Application. HID shall publish and make accessible details of the public keys of Certificates issued, and shall maintain, publish and make available a listing of Certificates revoked.
  3. Notwithstanding anything to contrary in the Terms of Service, HID has the right to modify or discontinue the provision of HydrantID PKI SSL Certificates, without notice, if such action is required by either: (i) the Authorized Public Certificate Authority Provider; or (ii) any industry regulatory authority governing the issuance of such Certificate. Such action on the part of HID may require immediate revocation of existing Certificates.
  4. Right to Revoke HydrantID PKI SSL Certificates. HID reserves the right to revoke a Certificate at any time without notice if: (i) HID discovers that the information within the Certificate is no longer valid; (ii) End Customer or its end user violates or fails to perform its obligations under the Terms of Service and this Attachment; (iii) End Customer is added to a government prohibited person or entity list or is operating from a prohibited destination under the laws of the United States; (iv) the Certificate was used outside of its intended purpose or used enable criminal activities such as phishing attacks, fraud, or the distribution of malware.; or (v) HID determines in its sole discretion that the continued use of the Certificate may compromise the security or integrity of the HID PKI. HID also reserves the right to revoke a Certificate at any time without notice if: (i) the Authorized Public Certificate Authority Provider revokes the Certificate; or (ii) HID is otherwise required to revoke the Certificate pursuant to applicable law or at the direction of any industry regulatory authority governing the issuance of such Certificate.

4. Additional End Customer Obligations and Warranties

  1. HydrantID PKI and Extended Validation Certificates. An Extended Validation (EV) Certificate serves as a form of digital identity for End Customer. The loss or misuse of this identity can result in harm to End Customer. By accepting the Terms of Service, you acknowledge you have the authority to obtain the digital equivalent of a company stamp, seal, or (where applicable) officer's signature to establish the authenticity of the company’s website, and that End Customer is responsible for all uses of its EV Certificate(s). By accepting the Terms of Service on behalf of End Customer, you represent that you (i) are expressly authorized to approve EV Certificate requests on End Customer’s behalf, and (ii) has confirmed Applicant’s right to use the domain(s) to be included in EV Certificates.
  2. Application and Issuance. Account administrators shall: (1) Provide all information required to ensure that approval of Certificate Applications will not result in the erroneous issuance of any Certificate, and that no Certificate information provided to HID infringes the Intellectual Property Rights of any third party and will not be used for any unlawful purpose; (2) With respect to HydrantID Private Root Certificate Authority and Dedicated Issuing Certificate Authority services, End Customer shall only approve certificate requests after appropriate vetting has been performed when End Customer is acting as the Certificate Authority and / or Registration Authority.
  3. Certificate Revocation. If an any end user organizational names change, any information in the Certificate is or becomes, incorrect or inaccurate, if the Certificate is no longer needed, or if the corresponding Private Key may have been compromised, then an account administrator shall promptly request revocation of all Certificates affected by such change and End Customer shall promptly cease using a Certificate and its associated Private Key. For end user Digital Certificates, revocation should be requested if the Certificate Holder’s name or organization details are changed and no longer valid.
  4. Certificate Usage Restrictions. End Customer shall not use a Certificate to perform private or public key operations in connection with any individuals, domain name(s) other than the one(s) permitted under these terms. In addition, a Certificate is intended to only be installed on servers that are accessible at the subjectAltName(s) listed in the Certificate. A Certificate may not be used with control equipment in hazardous circumstances or for uses requiring fail-safe performance such as the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control systems, or weapons control systems, where failure could lead directly to death, personal injury, or severe environmental damage.
  5. End Customer represents, warrants and covenants to HID that: (a) the information and documentation submitted to HID is true, complete and accurate; (b) the information to be listed in the Certificate is current, accurate and complete; (c) with respect to certificates issued from the HydrantID PKI, End Customer will inform HID if the information delivered to HID changes or is no longer true; (d) the Certificate information that End Customer provided has not been and will not be used for any unlawful purpose; (e) End Customer has been (since the time of its creation) and will remain the only person(s) possessing the private key(s), or any challenge phrase, PIN, software, or hardware mechanism protecting the private key(s), and no unauthorized person has had or will have access to such materials or information and will take all reasonable measures to maintain control of, keep confidential, and properly protect at all times the Private Key(s) that corresponds to the Public Key(s) to be included in the requested Certificate(s) (and any associated activation data or device, e.g., password or token); (f) End Customer will use the Certificate exclusively for authorized and lawful purposes consistent with these terms and install SSL Certificates issued from the HydrantID PKI only on servers that are accessible at the subjectAltName(s) listed in the Certificate; (g) End Customer will use each HydrantID PKI Certificate as an end user and not as a Certification Authority to issue Certificates, certification revocation lists, or otherwise; (h) each digital signature created using the private key is the End Customer’s digital signature, and the Certificate has been accepted and is operational (not expired or revoked) at the time the digital signature is created; (i) End Customer will not monitor, interfere with, or reverse engineer the technical implementation of the HID Offerings, except with the prior written approval from HID, and shall not otherwise intentionally compromise the security of the HID Offerings. (j) End Customer will review and verify the Certificate contents for accuracy; (k) End Customer shall promptly cease all use of the Private Key corresponding to the Public Key included in the Certificate upon revocation of that Certificate for reasons of key compromise; (l) End Customer shall promptly respond to HID’s instructions concerning key compromise or Certificate misuse.

5. Upon expiration or termination of the underlying agreement between HID and the purchaser, Certificates issued shall be automatically revoked unless agreed otherwise by HID. Notwithstanding termination, End Customer will continue to observe and perform its other duties hereunder, including without limitation its obligations with respect to Certificate revocations.

6. The following language applies only when End Customer and/or its end users obtain Extended Validation Certificates (“EV Certificates”).

  1. Section 11.3 of the Terms of Service is hereby replaced with the following, UNLESS HID is reselling EV Certificates provided by a third-party service provider that is not an HID affiliated entity:

    EXCEPT AS OTHERWISE AGREED, IN NO EVENT SHALL HID, ITS AFFILIATES OR THIRD-PARTY SERVICE PROVIDERS OR THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES OR AGENTS BE LIABLE TO END CUSTOMER FOR ANY INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE USE OF THE SERVICE PROVIDED HEREUNDER (INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS, BUSINESS, LOSS OF DATA OR DATA BREACH, GOODWILL, ANTICIPATED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS OPPORTUNITY AND THE LIKE), EVEN IF HID OR ITS AUTHORIZED REPRESENTATIVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL HID’S AGGREGATE LIABILITY FOR DAMAGES UNDER THESE TERMS OF SERVICE EXCEED $2,000 USD PER CERTIFICATE. The foregoing limitations and exclusions apply to the extent permitted by applicable law in End Customer’s jurisdiction. If applicable law limits the application of the provisions of this Section, HID’s liability will be limited to the maximum extent permissible.

  2. HID and End Customer are entering into a legally valid and enforceable Terms of Service that create extensive obligations on End Customer. An EV Certificate serves as a form of digital identity for End Customer and/or its end users. The loss or misuse of this identity can result in great harm to the End Customer and/or its end users. By accepting these Terms of Service, you acknowledge that you have the authority to obtain the digital equivalent of a company stamp, seal, or (where applicable) officer's signature to establish the authenticity of the company’s website, and that End Customer is responsible for all uses of its EV Certificate. By accepting these terms on behalf of End Customer, you represent that you: (i) are acting as an authorized representative of End Customer, (ii) are expressly authorized by End Customer to enter into these Terms of Service and approve EV Certificate requests on End Customer's behalf, and (iii) have confirmed End Customer’s right to use the domain(s) to be included in EV Certificates.


Attachment 4 - Additional Terms for Event Management Platform

The following terms will apply to the Event Management Platform, in addition to those set forth in the Terms of Service. All capitalized terms not defined herein will have the meaning ascribed in the Terms of Service. In the event of a conflict between this Attachment and the Terms of Service, this Attachment governs.

1. Prior to enabling any end user to use the MobiBadge application, each end user may be required to enter into a License and end user agreement. End Customer is responsible for end users’ compliance with the terms and conditions of the Terms of Service, including this Attachment, and the License and end user agreement. Alternatively, if end users use a mobile application developed by End Customer or a third party (collectively, a “Third Party Application”) in connection with the Service, end users will be required to enter into the end user license agreement governing the use of the Third Party Application. If end users use a Third-Party Application, End Customer hereby grants HID the right to use such application in providing the Service. End Customer represents and warrants that End Customer has all necessary rights to authorize the use the Third-Party Application as set forth herein.

2. From time to time, HID support personnel may log in to End Customer’s account without prior approval in order to provide, maintain or improve the Service. HID may also access End Customer’s access, use, reproduce, modify, edit, and reformat Customer Materials from time to time as HID deems necessary, solely to provide the Service. End Customer hereby acknowledges and consents to such activities. HID reserves the right to establish a maximum amount of memory or other computer storage and a maximum amount of Customer Materials that may be uploaded or transmitted on or through the Service. End Customer may only submit Customer Materials in the formats that HID supports.

3. End Customer is also responsible for End Customer’s employees contractors, and/or other agents’ use of the verifier application in compliance with the terms and conditions of the Terms of Service, including this Attachment.

4. The account administrator sets the security for the account and determines the parties that may use the Service. The account administrator must complete the registration process by providing HID with current, complete and accurate information including, without limitation, the Personal Data types identified in the applicable Data Processing Specifications.

5. With respect to Sections 2.2 and 6 of the Terms of Service, if required by End Customer in writing, HID will not (i) make Product Changes or (ii) limit the availability of the Service in order to perform maintenance activities or technical support, during the mutually agreed event time period(s), unless authorized by the End Customer.

6. For the purposes of Section 15 of the Terms of Service, the demo (e.g. staging environment) version of the Service may not include all or more functionality than what is available with the production level Service. Unless otherwise agreed by HID in writing, the Trial Services Period shall be ninety (90) days.

7. End Customer should implement and enforce policies for end users to secure devices and to timely report compromising incidents such as loss, jailbreak or theft of their devices to the account administrator. Upon notice by an end user that a device has been compromised, the End Customer should immediately revoke the end user’s access to Service. Please note, that a mobile credential (e.g. ticket) cannot be revoked via the Service if the device is switched off, out of network or in flight mode; therefore, End Customer should disable the credential in End Customer’s access control system in order to maintain security. In the event an End Customer’s use of a Service exceeds the terms of End Customer’s purchase, HID reserves the right to charge End Customer for any such excess usage. If a device is corrupted and restored to factory settings, a new Mobile credential (e.g. ticket) must be assigned to the device.

8. To the extent the Event Management Platform is used to collect and process Personal Data regarding children under the age of 13, End Customer represents and warrants that it has obtained all necessary consents (including any express parental consent) required by applicable laws for the collection and processing of such Personal Data.