HID® Software-as-a-Service Terms of Service

(Version March 2024)

THESE TERMS OF SERVICE (“TERMS OF SERVICE”) ARE THE TERMS AND CONDITIONS ON WHICH YOU, AN END CUSTOMER, AND INDIVIDUAL END USERS, MAKE USE OF THE HID SOFTWARE-AS-A-SERVICE OFFERINGS (EACH A “SERVICE”). FOR CLARITY, THESE TERMS OF SERVICE DO NOT GOVERN THE SALE OR USE OF PROFESSIONAL SERVICES.

PLEASE READ THESE TERMS OF SERVICE CAREFULLY BEFORE YOU ACCESS THE SERVICE. BY ACCESSING THE SERVICE, YOU AGREE TO THESE TERMS OF SERVICE AND YOU REPRESENT AND WARRANT YOUR FULL AUTHORITY TO ENTER INTO THESE TERMS OF SERVICE ON BEHALF OF THE END CUSTOMER. IF YOU DO NOT AGREE WITH THESE TERMS OF SERVICE, YOU MUST NOT USE THE SERVICE.

IF YOU ARE A CHANNEL PARTNER OR OTHER THIRD-PARTY SERVICE PROVIDER ACTING AS AN ACCOUNT ADMINISTRATOR OR OTHERWISE SETTING UP THE END CUSTOMER ACCOUNT OR PROVISIONING THE SERVICE DIRECTLY TO END CUSTOMER, YOU AGREE TO BIND END CUSTOMER TO TERMS SUBSTANTIALLY SIMILAR TO THOSE SET FORTH HEREIN.

1. DEFINED TERMS

“Affiliate” or “Affiliates” means entities which are controlled by a party, which controls a party or which is under common control with a party, where "control" means the direct or indirect ownership of at least fifty percent (50%) of the shares or interests entitled to vote for the directors thereof or the equivalent, so long as such control exists.

“API” or “APIs” means application programming interfaces provided by HID as part of the Service.

“Channel Partner” means an entity that HID has authorized as a “reseller” of the Service.

“Customer Application” means an application developed or used by End Customer that utilizes APIs and/or the Service. “Customer Application” does not include the Service and is separately provided by either End Customer or a third-party integrator that sells compatible software-as-a-service and/or on-premise offerings.

“Customer Materials” means End Customer’s information, Customer Application, End Customer Data, Personal Data, including Personal Data from end users, software, document and any other materials used or submitted by End Customer or its end users in connection with the Service.

“Data Processing Terms” means the terms located at: https://www.hidglobal.com/legal/saas-data-processing-terms. If HID processes any Personal Data as a result of providing the Service, HID shall do so in accordance with the applicable Data Processing Terms. The Data Processing Terms may be modified by HID from time to time in accordance with its terms.

“Documentation” means the guides and manuals for use with the Service, which are customarily supplied by HID to its customers.

“Intellectual Property Rights” means worldwide common law and statutory rights associated with (a) patents and patent applications; (b) works of authorship, including mask work rights, copyrights, copyright applications, copyright registrations and “moral” rights; (c) the protection of trade and industrial secrets and confidential information; (d) all rights to registered and common law trademarks, trade names, trade dress, and service marks; (e) other proprietary rights relating to intangible intellectual property (including but not limited to designs, design rights, source codes, proprietary material, know-how, ideas, concepts, methods, techniques, rights in databases and all other intellectual property rights and rights of a similar character whether registered or capable of registration); (f) analogous rights to those set forth above; and (g) divisions, continuations, renewals, reissuances and extensions of the foregoing (as applicable) now existing or hereafter filed, issued or acquired.

“Personal Data” has the meaning set forth in the Data Processing Terms.

“You,” “Your” or “End Customer” means the company, person or organization (and their authorized end users) that has been granted access to the Service.

“HID” means HID Global Corporation.

“Service” means a software-as-a-service offering hosted by HID in either a dedicated or multi-tenant platform.

2. ACCESS TO THE SERVICE, APIs, AND DOCUMENTATION

2.1 You are hereby granted access to use the Service solely for internal operations and in accordance with these Terms of Service. Provided, however, your access to the Service is limited to the subscription term and other details set forth in the order submitted to and accepted by HID. For certain Services, orders may be placed directly by End Customer through the Service. If End Customer has purchased the Service through a Channel Partner, any End Customer order(s) submitted through the Service, including the relevant subscription term and other details, must be approved and validated by the Channel Partner prior to End Customer’s account activation.

2.2 HID or HID’s suppliers may, at any time, without notice or liability, limit the availability of the Service in order to perform maintenance activities or technical support.

2.3 If applicable, HID grants you a limited, non-exclusive, non-transferable, non-sublicenseable license to access APIs only as necessary to use the Service. Notwithstanding, your right to use APIs is limited to activity permitted under these Terms of Service. Notwithstanding, API access and use by End Customer or third-party integrators for the purpose of developing Customer Applications may be subject to additional requirements, including but not limited to, separate approval by HID. Notwithstanding, in the event the Service will be used by End Customer as part of a larger solution including third party products and/or services, End Customer shall have the limited right to sublicense its rights with respect to APIs to such third party, solely for the purpose of creating interconnectivity and/or interoperability with the Service. End Customer is responsible for such third party’s compliance with these Terms of Service.

2.4 You shall access and use the Service in accordance with the Documentation. HID grants to End Customer a limited, non-exclusive, non-transferable, non-sublicenseable (except to authorized end users) right to use the Documentation delivered by HID for use with the Service and to copy the Documentation solely for internal use, provided that all titles, trademarks, trade names, copyright, restricted rights and other proprietary notices are retained.

2.5 If applicable, End Customer is solely responsible for the development, implementation, operation, support, maintenance and security of any Customer Application.

2.6 Additional terms applicable to certain services are included herein as an Attachment.

3. ACCEPTABLE USE AND COMPLIANCE WITH LAW

3.1 You shall not and shall not permit any end users or third party to access, store, distribute or transmit any spam, viruses, worms, Trojan horses, corrupted files, or other items of a destructive or disruptive nature. You shall not, and shall not permit end users or any third party to access, store, distribute or transmit any data or any material during the course of use of the Service that is unlawful, illegal, harmful, threatening, defamatory, obscene, abusive or infringing of any rights or in any way not in compliance with applicable laws. HID may immediately, without liability to you, suspend or otherwise disable the Service to the extent necessary to disable access to any data or material that breaches the provisions of this Section.

3.2 You shall not, and shall not permit end users or any third party to: (a) modify or create any derivative work of the Service, APIs, or Documentation, or any portion thereof; (b) decompile, reverse engineer or otherwise attempt to derive the underlying ideas, algorithms, structure or organization from the Service or APIs; (c) sell, license, sublicense, lease, rent, or otherwise transfer rights to the Service or APIs to any third party; (d) create Internet "links" to the Service or "frame" or "mirror" any part of the Service, including any content contained in the Service, on any other server or device; (e) engage in, promote, or encourage illegal activity; (f) disable, interfere with or circumvent any aspect of the Service or APIs; or (g) disclose or publish the results of any performance, functional, security evaluation or pen testing, or other evaluation or benchmarking of the Service to any third party without written consent from HID.

3.3 Unless otherwise agreed, you shall not, and shall not permit any end user or third party to incorporate other services, software or products with Service.

3.4 You shall maintain the confidentiality and security of all credentials, including but not limited to, passwords, usernames and other identification. You shall use all reasonable efforts to prevent any unauthorized access to, or use of, the Service and, in the event of any such unauthorized access or use, you will promptly notify HID in writing.

3.5 The Service, any accompanying software and/or hardware, and other technology HID makes available (“HID Offerings”) may be subject to export laws and regulations of the United States and other jurisdictions. You agree to comply with all applicable export laws and regulations. You shall not permit end users to access or use any HID Offerings or Customer Materials in an embargoed country that would prohibit such access or in violation of any export law or regulation. Proscribed countries are subject to change without notice, and you must comply with the list as it exists in fact. You certify that neither End Customer nor any end users are on the U.S. Department of Commerce's Denied Persons List or affiliated lists or on the U.S. Department of Treasury's Specially Designated Nationals List or any such comparable lists by the government of the United Kingdom.

3.6 Each party shall comply with all applicable laws, ordinances, rules and regulations, and shall obtain any and all permits, licenses, authorization, and/or certificates that may be required in any jurisdiction or any regulatory or administrative agency in connection with the sale, use and/or operations of HID Offerings. Without limiting the generality of the foregoing, you shall comply with all laws and regulations on data privacy, international communications, and the exportation of technical or Personal Data.

3.7 End Customer agrees to defend, indemnify and hold harmless HID from and against all liabilities, fines, penalties, costs and expenses, including reasonable attorney’s fees, related to or arising from: (a) breach of Section 3; or (b) alterations or modifications to the Service, or any software made available pursuant to Section 5, not made by HID; or (ii) combination or use of the Service, or any software made available pursuant to Section 5, with products, services, or materials not provided by HID.

4. CUSTOMER MATERIALS

4.1 You grant HID the right to host, use, process, display and transmit Customer Materials to provide the Services pursuant to and in accordance with these Terms of Service.

4.2 End Customer hereby warrants that it (a) owns or has otherwise obtained all rights and permissions related to any Customer Materials; and (b) Customer Materials do not violate the privacy rights, publicity rights, trademark rights, copyrights, contract rights or any other rights of any person or entity. Additionally, if required, End Customer warrants that it will provide all appropriate notices to data subjects and has obtained all appropriate consents to transfer Personal Data to HID and allow its processing as necessary to provide the Service in accordance with the Data Processing Terms. End Customer agrees to defend, indemnify and hold harmless HID from and against all liabilities, fines, penalties, costs and expenses, including reasonable attorney’s fees, related to or arising from breach of this Section.

4.3 End Customer has sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of Customer Materials. Customer acknowledges and agrees that HID does not exercise any control over any of Customer Materials that End Customer or its end users use in connection with the Service. Furthermore, except as otherwise agreed, you acknowledge and agree that HID will have no liability or responsibility for any Customer Materials, including, but not limited to, liability for any data loss.

4.4 The following terms apply to Enterprise Indoor Location and Condition Monitoring solutions that includes both hardware (BLE Beacons and Gateways) and Bluzone™ Enterprise Software provided as a software-as-a-service solution: End Customer acknowledges that HID is not required to retain any usage, location or sensor data beyond thirty (30) days after collection.

5. SOFTWARE

Software made available for download with, from, or through the Service, if any, is licensed subject to the terms of the applicable End User License Agreement (“EULA”) located at: https://www.hidglobal.com/sales-policy/on-premise-software-eula or provided at the time of download or a separate license agreement by and between the Parties. You shall maintain any third-party software copyright notices and comply with any license terms embedded on third party software received in connection with Service.

6. CHANGES TO THE SERVICE

HID reserves the right to update, upgrade, modify, change, improve, and/or redesign any product or service at any time (“Product Changes”). HID will not make any Product Changes that materially impact the functionality of the Service during the then-current subscription term. HID further reserves the right to discontinue any product or service upon six (6) months advance notice to End Customer. Any and all subsequent updates, upgrades, revisions and changes to the Service or any software component thereof shall be governed by these Terms of Service, as may be amended by HID from time to time. You will promptly install all updates to any software made available pursuant to Section 5, as HID makes them available, and if you provide access to the Service on behalf of other end users, you shall require them to install all such updates also.

7. SERVICE LEVEL AGREEMENT

Service Level Agreements, if any, are separately communicated to you by HID or Channel Partner, as applicable. For clarity, any credits owed pursuant to any Service Level Agreements will only be provided to the party that pays HID for the Service. Any applicable Service Level Agreements shall not apply to Trial Services, as defined herein.

8. SUPPORT

Support included with the Service or purchased separately will be provided in accordance with the applicable terms located at: https://www.hidglobal.com/support as may be amended from time to time.

9. PROPRIETARY RIGHTS AND RESTRICTED RIGHTS

You acknowledge and agree that HID and/or its licensors own all Intellectual Property Rights in the Service. Except as expressly stated herein, you are not granted any Intellectual Property Rights or any other rights or licenses with respect to the Service, APIs and Documentation.

Services are provided with "Restricted Rights." Use, duplication or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of the Commercial Computer Software-Restricted Rights at 48 CFR 52.227-19, as applicable (and the successor clauses to any of the foregoing). The contractor/manufacturer is HID Global Corporation. Subject to any applicable regulations set out in the FAR or DFARS (and any superseding regulations), Services are provided with the commercial license rights and restrictions described elsewhere in these Terms of Service. For Department of Defense agencies, the restrictions set forth in the "Technical Data - Commercial items" clause at DFARS 252.227-7015 (Nov 1995) shall also apply.

10. NO LIABILITY

10.1 EXCEPT AS OTHERWISE AGREED, THE SERVICE IS PROVIDED TO YOU ON AN “AS IS” BASIS. HID GIVES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE SERVICE, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF SATISFACTORY QUALITY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. HID MAKES NO WARRANTY REGARDING THE QUALITY OF ANY SERVICES OR PRODUCTS PURCHASED OR ACCESSIBLE BY END CUSTOMER. HID MAKES NO WARRANTY THAT THE SERVICES AND PRODUCTS WILL MEET END CUSTOMER REQUIREMENTS OR WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE. HID MAKES NO WARRANTY REGARDING THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICE. HID MAKES NO REPRESENTATION THAT ANY DEFECTS, ITS SERVICES OR PRODUCTS WILL BE CORRECTED. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY A CHANNEL PARTNER, HID, OR AN HID AUTHORIZED REPRESENTATIVE SHALL CREATE A WARRANTY.

10.2 EXCEPT AS OTHERWISE AGREED, HID WILL NOT BE RESPONSIBLE FOR ANY INTERRUPTIONS, DELAYS, FAILURES OR NON-AVAILABILITY AFFECTING THE SERVICE OR THE PERFORMANCE OF ANY PRODUCTS OR SERVICES WHICH ARE CAUSED BY YOU OR ANY THIRD PARTIES, OR ANY ERRORS OR BUGS IN SOFTWARE, HARDWARE, OR THE INTERNET.

10.3 Except as otherwise agreed, HID shall not be liable to you whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise, for any loss or damage (whether direct, indirect, consequential, etc. including without limitation, loss profits, data loss, business interruption, or any other economic or reputational loss ) arising in connection with your use or failure to use the Service. Notwithstanding, nothing in these Terms of Service excludes HID’s liability for: (a) death or personal injury caused by HID’s negligence; or (b) fraud or fraudulent misrepresentation.

10.4 If End Customer purchases the Services from a Channel Partner, End Customer acknowledges that HID is not a party to and is not bound by any of the terms and conditions or representations or warranties set forth in any agreement between End Customer and such Channel Partner.

11. FEEDBACK

You may from time to time provide suggestions, comments or other feedback to HID with respect to any product, material, software or information provided by HID (hereinafter "Feedback"). You agree that all Feedback is and shall be entirely voluntary and shall not, absent separate agreement, create any confidentiality obligation for HID. However, HID shall not disclose the source of any feedback without the providing party’s consent. HID shall be free to disclose and use such Feedback as it sees fit, entirely without obligation of any kind.

12. SUSPENSION OR TERMINATION OF ACCESS

12.1 Should your account be terminated or if you cease use of the Service, you must immediately contact HID or Channel Partner to disable your access. Any amounts prepaid for the Service are non-refundable.

12.2 HID may terminate your access to the Service with immediate effect and disable your access if: (a) you or any of your end users breach these Terms of Service; or (b) you or any of your end users infringe HID’s or any of its licensor’s Intellectual Property Rights or make any unauthorized use of the Service.

12.3 HID may temporarily suspend your access to the Service (to be restored as soon as commercially practicable) if HID reasonably believes it necessary to maintain the security, quality or integrity of the Service or to prevent misuse.

12.4 HID may suspend or terminate access to all or any part of the Service if: (a) HID determines in its reasonable discretion the Service does or may infringe on a third party’s Intellectual Property Rights; or (b) any third party suppliers, service providers or licensors that assist HID in providing the Service cease providing services to HID for any reason or for no reason.

12.5 If you purchase the Service through a Channel Partner, HID may suspend or terminate your access to the Service upon request by Channel Partner or due to non-payment or insolvency by Channel Partner.

12.6 Upon written request by End Customer, made within 30 days after the effective date of termination of the Service, HID will make Customer Materials available to End Customer for export or download as provided in the Documentation. After such 30-day period, HID will have no obligation to maintain or provide any Customer Materials. Thereafter, unless legally prohibited, HID will delete or destroy all copies of Customer Materials in HID systems or otherwise in HID’s possession or control, as provided in the Documentation and/or the Data Processing Terms, as applicable. For clarity, this Section does not apply to Trial Services.

13. FORCE MAJEURE

Neither party shall be liable for failure to fulfill its obligations under these Terms of Service or for delays in delivery due to causes beyond its reasonable control, including but not limited to act of God, acts or omissions of the other party, man-made or natural disasters, material shortages, strikes, service outages failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections and power failures. The time for performance of any such obligation shall be extended for the time period lost by reason of the delay.

14. TRIAL

14.1 If you are accessing the Service on trial basis, HID or Channel Partner will make the Service available at no charge (“Trial Services”) for a period of up to 30 days (“Trial Services Period”), unless otherwise set forth in a Service-specific Attachment hereto or agreed in writing by HID. Trial Services are intended for evaluation purposes only and not for production. These Terms of Service shall apply to your use of Trial Services.

14.2 During or upon expiry of the Trial Services Period, End Customer may purchase a subscription to the Service through HID or Channel Partner. Upon purchase of a subscription, these Terms of Service will continue to apply to your use of the Service.

14.3 If you do not purchase a subscription to the Service at the end of the Trial Services Period: (a) all rights to access or use the Service will end; and (b) HID will delete all Customer Materials within 30 days of expiry of the Trial Services Period. For clarity, HID has no obligation to retain Customer Materials following termination of the Trial Services Period.

14.4 HID may discontinue Trial Services at any time in HID’s sole discretion. HID will have no liability for any harm or damage arising out of or in connection with a Trial Service. For Trial Services, service level commitments do not apply, and support is provided on an as-available basis and is not guaranteed. During any Trial Services Period, HID will make commercially reasonable attempts to contact users in the event of service disruptions or planned maintenance. In HID’s sole discretion, the Test Services may be subject to limitations, including, but not limited to, (i) number of services; (ii) number of users and groups; (iii) disk and service storage space limitations; and/or (iv) rate limits or throttling on calls to HID APIs.

15. WAIVER

No forbearance or delay by either party in enforcing its rights shall prejudice or restrict the rights of that party, and no waiver of any such rights or of any breach of any contractual terms shall be deemed to be a waiver of any other right or of any later breach.

16. SEVERABILITY

If any provision of these Terms of Service is judged to be illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions shall not be prejudiced.

17. AMENDMENTS

HID may amend these Terms of Service at any time. HID will post a copy of the amended Terms of Service on the web page, platform or portal where the Service is accessed. Your continued use of the Service after amendment will be considered as your acceptance of the amended Terms of Service.

18. ASSIGNMENT

You may not assign or purport to assign these Terms of Service or any of its obligations thereunder without HID’s prior written consent.

19. THIRD PARTY RIGHTS

These Terms of Service do not confer any rights on any third party.

20. ENHANCEMENT DATA

HID may collect and use usage history and statistics based on your or your end users’ use of Service (collectively, “Enhancement Data”) for HID’s internal analytical purposes related to its provision of the Service, including to improve and enhance the Service. HID may make information derived from its analysis of Enhancement Data publicly available, provided that the publicized information does not include any Enhancement Data that has not been aggregated and anonymized. For the purposes of these Terms of Service, aggregated and anonymized Enhancement Data means Enhancement Data that (a) has been aggregated with other data, and (b) does not contain information that identifies you, End Customer, or any end users. For the sake of clarity, aggregated and anonymized data is not considered confidential information.

21. PUBLICITY

HID may publicly disclose that you are a user of the Service. Additionally, you agree to participate in press announcements, case studies, trade shows, or other marketing reasonably requested by HID. During your use of the Service and for a period thereafter, you grant HID the right, free of charge, to use your name and/or logo, worldwide, to identify you as a customer on HID’s website and/or in other marketing or advertising materials. Any logo use shall be subject to HID’s compliance with any written guidelines that you may deliver to HID regarding the use of your name and logo.

22. CONSENT FOR CONTRACT AND ACCESS TO SERVICE INSTANCE

HID may contact you directly to communicate on matters related to the Service. HID may access any Service instance as necessary to support the Service. Provided, however, unless otherwise set forth in a Service-specific Attachment hereto, HID’s support personnel will not access any Personal Data contained within the Service without End Customer’s approval.

23. CONFIDENTIALITY

HID and End Customer acknowledge that each party may have access to certain of the other party’s confidential and proprietary information in connection with the performance of the Agreement (the “Confidential Information”). Each party will take all reasonable precautions necessary to safeguard the confidentiality of the other party’s Confidential Information, including those taken by such party to protect its own Confidential Information of a similar nature. Each party will use the other party’s Confidential Information solely to fulfill the purposes of the Agreement. Neither party will have any confidentiality obligation with respect to any portion of the other party’s information that (i) it independently develops without reference to the Confidential Information, (ii) it lawfully obtains from a third party under no obligation of confidentiality, or (iii) becomes available to the public other than as a result of its act or omission. Because of the unique nature of the Confidential Information, each party agrees that the disclosing party may suffer irreparable harm in the event the recipient fails to comply with its confidentiality obligations under the Agreement, and that monetary damages may be inadequate to compensate the disclosing party for such breach. Accordingly, the recipient agrees that the disclosing party will, in addition to any other remedies available to it at law or in equity, be entitled to seek injunctive relief to enforce such confidentiality obligations.

24. ENTIRE AGREEMENT

Unless agreed otherwise in signed writing by HID, these Terms of Service contain the whole agreement between the parties relating to the subject matter hereof and supersedes all prior agreements, arrangements and understandings between the parties relating to that subject matter.

25. GOVERNING LAW AND DISPUTE RESOLUTION

These Terms of Service shall be construed and interpreted in accordance with the laws of the State of Texas. Any action, suit or proceeding relating to these Terms of Service may be brought in the appropriate court located in Tarrant County, Texas and you hereby consent to such jurisdiction. The parties hereby irrevocably waive any and all rights to trial by jury in any legal proceedings arising out of or related to these Terms of Service or the transactions contemplated hereby. The provisions of the United Nations Convention on Contracts for the International Sale of Goods will not apply to these Terms of Service or any order issued hereunder.

 

Attachment 1 - Additional Terms for HID Origo™ Platform and Related Services

The following terms will apply to the HID Origo™ Platform and related services, in addition to those set forth in the Terms of Service. All capitalized terms not defined herein will have the meaning ascribed in the Terms of Service. In the event of a conflict between this Attachment and the Terms of Service, this Attachment governs.

1. Prior to enabling any end user to use the HID Mobile Access or HID Reader Manager application, each end user will be required to enter into a License and end user Agreement with HID. End Customer is responsible for end users’ compliance with the terms and conditions of the Terms of Service, including this Attachment, and the License and end user Agreement. Alternatively, if end users use a mobile application developed by End Customer or a third party (collectively, a “Third Party Application”) in connection with the Service, end users will be required to enter into the end user license agreement governing the use of the Third Party Application. If end users use a Third-Party Application, End Customer hereby grants HID the right to use such application in providing the Service. End Customer represents and warrants that End Customer has all necessary rights to authorize the use the Third-Party Application as set forth herein.

2. In order to register a mobile device for use with the Service, an “Invitation Code” must be requested from the Service. It is End Customer’s responsibility to ensure any Invitation Code(s) issued by the Service are delivered securely to the intended recipient’s mobile device. It is the responsibility of the account administrator to: (i) issue and revoke Mobile IDs and/or Reader Manager keys via the Service; (ii) create and manage end user accounts; and (iii) ensuring end users are informed of the applicable privacy terms and the processing of their data. To issue and revoke Mobile IDs, End Customer via the account administrator or authorized designee, will be required to upload and maintain Customer Materials in accordance with Section 4.

3. From time to time, HID support personnel may log in to End Customer’s account without prior approval in order to provide, maintain or improve the Service. HID may also access End Customer’s access, use, reproduce, modify, edit, and reformat Customer Materials from time to time as HID deems necessary, solely to provide the Service. End Customer hereby acknowledges and consents to such activities. HID reserves the right to establish a maximum amount of memory or other computer storage and a maximum amount of Customer Materials that may be uploaded or transmitted on or through the Service. End Customer may only submit Customer Materials in the formats that HID supports.

4. The account administrator sets the security for the account and determines the end users that may use the Service. The account administrator must complete the registration process by providing HID with current, complete and accurate information including, without limitation, the Personal Data types identified in the applicable Data Processing Specifications.

5. For the purposes of Section 14 of the Terms of Service, Customer Materials shall include Mobile IDs and the Trial Services Period shall be ninety (90) days.

6. Unless otherwise permitted by HID in writing, End Customer may only use the HID Origo™ Platform and the Service to manage Mobile IDs for End Customer’s internal business purposes. End Customer may not use the HID Origo™ Portal or the Service to manage Mobile IDs belonging to a third party, or to provide a managed service for a third party that is unconnected with End Customer’s internal business purposes.

7. End Customer shall implement and enforce policies for end users to secure devices and to timely report compromising incidents such as loss, jailbreak or theft of their devices to the account administrator. Upon notice by an end user that a device has been compromised, the End Customer must immediately revoke the end user’s Mobile ID through the Service and must also disable the credential in End Customer’s access control system. Please note, that a Mobile ID cannot be revoked via the Service if the device is switched off, out of network or in flight mode; therefore, End Customer must disable the credential in End Customer’s access control system in order to maintain building security. If a Mobile ID is revoked through the Service, or if an end user switches devices, a new Mobile ID must be assigned. Mobile IDs cannot be re-used for multiple devices and/or end users and end users may not use Mobile IDs in excess of the number or permitted devices pursuant to End Customer’s purchase. Additionally, End Customer agrees to register each separate individual end user as a distinct user record in the HID Origo™ Portal. In the event an End Customer’s use of a Service exceeds the terms of End Customer’s purchase, HID reserves the right to charge End Customer for any such excess usage. Mobile IDs are not backed up by any third-party application store associated with the end user’s device operating system or any other backup facility. Therefore, if a device is corrupted and restored to factory settings, a new Mobile ID must be assigned to the device.

8. For clarity, if End Customer purchases the Service through a Channel Partner, all Support requests should be placed with the Channel Partner.

9. End Customer represents and warrants that it will not use the HID Origo™ Platform or any related services to access, store, distribute or transmit: (i) personal information collected from students, as defined under Family Educational Rights and Privacy Act (FERPA); (ii) education records, as defined under FERPA; or (iii) Personal Data of data subjects under the age of 13. Additionally, the Service and the HID mobile application are not intended for use by children under 13 and HID does not knowingly collect any Personal Data from children under the age of 13.

 

Exhibit 1 — Additional Product-Specific Terms for Apple Access Technology within HID Origo™ Platform and Related Services

Additional terms apply if You use the Service with Apple Pay Technology and/or Apple Access Technology (e.g., enable users to add access credentials to Apple Wallet). These additional terms are located at https://www.hidglobal.com/legal/additional-product-specific-terms-apple-access-technology, as may be amended from time to time by HID without notice.

Exhibit 2 — Additional Product-Specific Terms for Google Payments Technology within HID Origo™ Platform and Related Services

Additional terms apply if You use the Service with Google Payments Technology. These additional terms are located at https://www.hidglobal.com/legal/additional-product-specific-terms-google-payments, as may be amended from time to time by HID without notice.

Attachment 2 — Additional Terms for HydrantID Managed PKI and Trusted Digital Certificate Services

The following terms will apply to the HydrantID Managed PKI and Trusted Digital Certificate Services, in addition to those set forth in the Terms of Service. All capitalized terms not defined herein will have the meaning ascribed in the Terms of Service. In the event of a conflict between this Attachment and the Terms of Service, this Attachment governs.

1. Additional Definitions

“Authorized Public Certificate Authority Provider” means the entity, or entities, who have partnered with HID to issue public trusted digital certificates to HID customers. For clarity, the Authorized Public Certificate Authority Provider may be either a third-party provider or an HID affiliated entity. Public trusted digital certificates, such as trusted Secure Socket Layer (SSL)/Transport Layer Security (TLS) certificates, are technically chained to a publicly trusted root meeting the necessary industry criteria, guidelines and rules for distribution to major browsers and operating systems to enable the use of publicly trusted SSL and/or end user Certificates.

“Certificate” or “Digital Certificate” means a digital identifier that, at least, states a name or identifies the issuing CA, identifies the Certificate Holder or Domain Name, contains the public key relating to the Certificate Holder or Domain Name or the device with which that Certificate Holder is associated, identifies the Certificate’s Operational Period, contains a Certificate serial number, and contains a digital signature of the issuing CA.

“Certificate Application” means a request to a CA for the issuance of a Certificate.

“Certification Authority” or “CA” means an entity authorized to issue, suspend, or revoke Certificates. For purposes of this Attachment, the term CA shall mean HID or Authorized Public Certificate Authority Provider with respect to the HydrantID PKI.. With respect to HydrantID Private Root PKI CA or Dedicate Issuing CA PKI services, the term CA shall mean End Customer.

“Certificate Holder or Subscriber” means either the Individual to whom an end user Certificate is issued, or the Individual responsible for requesting, installing and maintaining the trusted system for which an SSL Certificate has been issued.

“Dedicated Issuing Certificate Authority” means the certificate-based Public Key Infrastructure based on a unique and customer branded issuing certificate authority where Client is acting as the authorized Registration Authority. The private root certificate authority and related issuing certificate authorities are operated on Clients behalf and at Clients direction by HID. The dedicated issuing certificate authority shall be chained to HID’s customer shared private root CA and is not chained to a pre-distributed public root certificate.

“EV Certificate” means an Extended Validation SSL Certificate that complies with the CA/B Forum’s Extended Validation Guidelines.

“HydrantID Certificate Administration Console and Technology” means the web-based Certificate administration application or certificate management automation connectors or API(s) operated by HID, Channel Partners and/or its authorized affiliates for the purposes of utilizing the HydrantID PKI, Dedicated Issuing Certificate Authority and Private Root Certificate Authority services.

“HydrantID PKI” means the Certificate-based Public Key Infrastructure where HID, through Authorized Public Certificate Authority Provider, provides public trusted digital certificates chained to a publicly trusted root. Public trusted digital certificates, such as Secure Socket Layer (SSL)/Transport Layer Security (TLS) certificates, are technically chained to a publicly trusted root meeting the necessary industry criteria, guidelines and rules for distribution to major browsers and operating systems to enable the use of publicly trusted SSL and/or end user Certificates.

“Private Root Certificate Authority” means the certificate-based Public Key Infrastructure based on a unique Client private root certificate authority where Client is the acting as the authorized Certificate Authority. The private root certificate authority and related issuing certificate authorities are operated on Clients behalf and at Clients direction by HID. End Customer acknowledges that HID maintains custody of offline private root keys for HID’s private root PKI service. These private root keys are stored on hardware maintained by HID using third-party infrastructure. Upon termination of the Service, End Customer may request the transfer of private root keys stored by HID, subject to a commercially reasonable fee.

“Registration Authority” means the entity authorized by the Certificate Authority to issue, suspend, or revoke Digital Certificates for the Dedicated Issuing Certificate Authority Service.

“SSL Certificate” means a HydrantID PKI Trusted SSL Certificate chained to a publicly trusted root certificate provided by HID’s Authorized Public Certificate Authority used to support SSL sessions between a web browser (or another client) and a web server that uses encryption.

1. During the term of the then-current subscription, HID hereby grants to End Customer a terminable, non-exclusive and non-transferable license to use the HydrantID Certificate Administration Console and Technology for the following managed PKI related services: HydrantID PKI for SSL and end user Certificates; Dedicated Issuing Certificate Authority Service; Private Root Certificate Authority Services or other related HID Offerings as may be licensed by End Customer pursuant to the End Customer’s relevant paid-up subscription order. This license grant is restricted to utilizing the HydrantID PKI Certificate services only for the purposes of securing End Customer-owned domain names, computer systems and servers, and domain names, computer systems and servers under End Customer’s direct administrative control and for the End Customer’s sole business use.

2. Approval of all Certificate requests and subsequent issuance through the HydrantID Certificate Administration Console and Technology Service will be at the sole discretion of the relevant Certificate Authority. HydrantID PKI Certificate services may not be used to secure any other entity’s or organization’s computer systems directly, indirectly, or as part of a service offering provided by End Customer. With respect to publicly trusted SSL certificates issued from the HydrantID PKI, End Customer may request and issue Certificates for internet domain names that have been approved by HID through Authorized Public Certificate Authority Provider. Domain name approval will be at HID’s sole discretion and determination. End Customer may not issue HID publicly trusted SSL Certificates issued from the HydrantID PKI to internal host names or IP addresses. The number of certificates the End Customer may issue and utilize from the HydrantID PKI; Private Root Certificate Authority; or Dedicated Issuing Certificate Authority and associated OCSP certificate validation requests is in the order submitted to and accepted by HID. If the volume of certificates is designated as “Unlimited” in the order submitted to and accepted by HID, then End Customer may issue unlimited certificates as long as the volume of certificate request and issuance is within HID’s technical, operational and support capabilities in place at the time of this agreement and as may be apportioned to End Customer at any given time, including network, computer systems, and personnel. HID’s technical and operational capabilities shall be determined solely by HID.

3. Additional HID Obligations

HID’s obligations hereunder shall be conditional upon the satisfactory completion by End Customer of all Certificate Application requirements to the satisfaction of HID in its sole discretion.

  1. HydrantID PKI Issuing CA Obligations. HID and Authorized Public Certificate Authority Provider shall operate the HydrantID PKI in accordance with standard industry practices. HID, shall be responsible for issuance or revocation of a Certificate upon the electronic instruction of the End Customer following HID’s authentication, validation and approval of the data entered into the HydrantID Certificate Administration Console and Technology Service. Upon HID’s approval of a Certificate Application, HID shall (i) be entitled to rely upon the correctness of the information in each such approved Certificate Application; and (ii) issue a Certificate to the Certificate Applicant submitting such Certificate Application. HID shall publish and make accessible details of the public keys of Certificates issued, and shall maintain, publish and make available a listing of Certificates revoked.
  2. HydrantID Private Root Certificate Authority and Dedicated Issuing Certificate Authority Obligations. HID shall issue, manage, revoke, and/or renew Certificates in accordance with the instructions provided by End Customer administrator(s). Upon a valid Certificate Application, HID shall (i) be entitled to rely upon the correctness of the information in each such approved Certificate Application; and (ii) issue a Certificate to the Certificate Applicant submitting such Certificate Application. HID shall publish and make accessible details of the public keys of Certificates issued, and shall maintain, publish and make available a listing of Certificates revoked.
  3. Notwithstanding anything to contrary in the Terms of Service, HID has the right to modify or discontinue the provision of HydrantID PKI SSL Certificates, without notice, if such action is required by either: (i) the Authorized Public Certificate Authority Provider; or (ii) any industry regulatory authority governing the issuance of such Certificate. Such action on the part of HID may require immediate revocation of existing Certificates.
  4. >Right to Revoke HydrantID PKI SSL Certificates. HID reserves the right to revoke a Certificate at any time without notice if: (i) HID discovers that the information within the Certificate is no longer valid; (ii) End Customer or its end user violates or fails to perform its obligations under the Terms of Service and this Attachment; (iii) End Customer is added to a government prohibited person or entity list or is operating from a prohibited destination under the laws of the United States; (iv) the Certificate was used outside of its intended purpose or used enable criminal activities such as phishing attacks, fraud, or the distribution of malware.; or (v) HID determines in its sole discretion that the continued use of the Certificate may compromise the security or integrity of the HID PKI. HID also reserves the right to revoke a Certificate at any time without notice if: (i) the Authorized Public Certificate Authority Provider revokes the Certificate; or (ii) HID is otherwise required to revoke the Certificate pursuant to applicable law or at the direction of any industry regulatory authority governing the issuance of such Certificate.

4. Additional End Customer Obligations and Warranties

  1. HydrantID PKI and Extended Validation Certificates. An Extended Validation (EV) Certificate serves as a form of digital identity for End Customer. The loss or misuse of this identity can result in harm to End Customer. By accepting the Terms of Service, you acknowledge you have the authority to obtain the digital equivalent of a company stamp, seal, or (where applicable) officer's signature to establish the authenticity of the company’s website, and that End Customer is responsible for all uses of its EV Certificate(s). By accepting the Terms of Service on behalf of End Customer, you represent that you (i) are expressly authorized to approve EV Certificate requests on End Customer’s behalf, and (ii) has confirmed Applicant’s right to use the domain(s) to be included in EV Certificates.
  2. Application and Issuance. Account administrators shall: (1) Provide all information required to ensure that approval of Certificate Applications will not result in the erroneous issuance of any Certificate, and that no Certificate information provided to HID infringes the Intellectual Property Rights of any third party and will not be used for any unlawful purpose; (2) With respect to HydrantID Private Root Certificate Authority and Dedicated Issuing Certificate Authority services, End Customer shall only approve certificate requests after appropriate vetting has been performed when End Customer is acting as the Certificate Authority and / or Registration Authority.
  3. Certificate Revocation. If an any end user organizational names change, any information in the Certificate is or becomes, incorrect or inaccurate, if the Certificate is no longer needed, or if the corresponding Private Key may have been compromised, then an account administrator shall promptly request revocation of all Certificates affected by such change and End Customer shall promptly cease using a Certificate and its associated Private Key. For end user Digital Certificates, revocation should be requested if the Certificate Holder’s name or organization details are changed and no longer valid.
  4. Certificate Usage Restrictions. End Customer shall not use a Certificate to perform private or public key operations in connection with any individuals, domain name(s) other than the one(s) permitted under these terms. In addition, a Certificate is intended to only be installed on servers that are accessible at the subjectAltName(s) listed in the Certificate. A Certificate may not be used with control equipment in hazardous circumstances or for uses requiring fail-safe performance such as the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control systems, or weapons control systems, where failure could lead directly to death, personal injury, or severe environmental damage.<
  5. End Customer represents, warrants and covenants to HID that: (a) the information and documentation submitted to HID is true, complete and accurate; (b) the information to be listed in the Certificate is current, accurate and complete; (c) with respect to certificates issued from the HydrantID PKI, End Customer will inform HID if the information delivered to HID changes or is no longer true; (d) the Certificate information that End Customer provided has not been and will not be used for any unlawful purpose; (e) End Customer has been (since the time of its creation) and will remain the only person(s) possessing the private key(s), or any challenge phrase, PIN, software, or hardware mechanism protecting the private key(s), and no unauthorized person has had or will have access to such materials or information and will take all reasonable measures to maintain control of, keep confidential, and properly protect at all times the Private Key(s) that corresponds to the Public Key(s) to be included in the requested Certificate(s) (and any associated activation data or device, e.g., password or token); (f) End Customer will use the Certificate exclusively for authorized and lawful purposes consistent with these terms and install SSL Certificates issued from the HydrantID PKI only on servers that are accessible at the subjectAltName(s) listed in the Certificate; (g) End Customer will use each HydrantID PKI Certificate as an end user and not as a Certification Authority to issue Certificates, certification revocation lists, or otherwise; (h) each digital signature created using the private key is the End Customer’s digital signature, and the Certificate has been accepted and is operational (not expired or revoked) at the time the digital signature is created; (i) End Customer will not monitor, interfere with, or reverse engineer the technical implementation of the HID Offerings, except with the prior written approval from HID, and shall not otherwise intentionally compromise the security of the HID Offerings. (j) End Customer will review and verify the Certificate contents for accuracy; (k) End Customer shall promptly cease all use of the Private Key corresponding to the Public Key included in the Certificate upon revocation of that Certificate for reasons of key compromise; (l) End Customer shall promptly respond to HID’s instructions concerning key compromise or Certificate misuse.

5. Upon expiration or termination of the underlying agreement between HID and the purchaser, Certificates issued shall be automatically revoked unless agreed otherwise by HID. Notwithstanding termination, End Customer will continue to observe and perform its other duties hereunder, including without limitation its obligations with respect to Certificate revocations.

6. The following language applies only when End Customer and/or its end users obtain Extended Validation Certificates (“EV Certificates”).

  1. Section 10.3 of the Terms of Service is hereby replaced with the following, UNLESS HID is reselling EV Certificates provided by a third-party service provider that is not an HID affiliated entity:

    EXCEPT AS OTHERWISE AGREED, IN NO EVENT SHALL HID, ITS AFFILIATES OR THIRD-PARTY SERVICE PROVIDERS OR THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES OR AGENTS BE LIABLE TO END CUSTOMER FOR ANY INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE USE OF THE SERVICE PROVIDED HEREUNDER (INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS, BUSINESS, LOSS OF DATA OR DATA BREACH, GOODWILL, ANTICIPATED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS OPPORTUNITY AND THE LIKE), EVEN IF HID OR ITS AUTHORIZED REPRESENTATIVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL HID’S AGGREGATE LIABILITY FOR DAMAGES UNDER THESE TERMS OF SERVICE EXCEED $2,000 USD PER CERTIFICATE. The foregoing limitations and exclusions apply to the extent permitted by applicable law in End Customer’s jurisdiction. If applicable law limits the application of the provisions of this Section, HID’s liability will be limited to the maximum extent permissible.

  2. HID and End Customer are entering into a legally valid and enforceable Terms of Service that create extensive obligations on End Customer. An EV Certificate serves as a form of digital identity for End Customer and/or its end users. The loss or misuse of this identity can result in great harm to the End Customer and/or its end users. By accepting these Terms of Service, you acknowledge that you have the authority to obtain the digital equivalent of a company stamp, seal, or (where applicable) officer's signature to establish the authenticity of the company’s website, and that End Customer is responsible for all uses of its EV Certificate. By accepting these terms on behalf of End Customer, you represent that you: (i) are acting as an authorized representative of End Customer, (ii) are expressly authorized by End Customer to enter into these Terms of Service and approve EV Certificate requests on End Customer's behalf, and (iii) have confirmed End Customer’s right to use the domain(s) to be included in EV Certificates.

 

Attachment 3 — Additional Terms for Event Management Platform

The following terms will apply to the Event Management Platform, in addition to those set forth in the Terms of Service. All capitalized terms not defined herein will have the meaning ascribed in the Terms of Service. In the event of a conflict between this Attachment and the Terms of Service, this Attachment governs.

1. Prior to enabling any end user to use the MobiBadge application, each end user may be required to enter into a License and end user agreement. End Customer is responsible for end users’ compliance with the terms and conditions of the Terms of Service, including this Attachment, and the License and end user agreement. Alternatively, if end users use a mobile application developed by End Customer or a third party (collectively, a “Third Party Application”) in connection with the Service, end users will be required to enter into the end user license agreement governing the use of the Third Party Application. If end users use a Third-Party Application, End Customer hereby grants HID the right to use such application in providing the Service. End Customer represents and warrants that End Customer has all necessary rights to authorize the use the Third-Party Application as set forth herein.

2. From time to time, HID support personnel may log in to End Customer’s account without prior approval in order to provide, maintain or improve the Service. HID may also access End Customer’s access, use, reproduce, modify, edit, and reformat Customer Materials from time to time as HID deems necessary, solely to provide the Service. End Customer hereby acknowledges and consents to such activities. HID reserves the right to establish a maximum amount of memory or other computer storage and a maximum amount of Customer Materials that may be uploaded or transmitted on or through the Service. End Customer may only submit Customer Materials in the formats that HID supports.

3. End Customer is also responsible for End Customer’s employees contractors, and/or other agents’ use of the verifier application in compliance with the terms and conditions of the Terms of Service, including this Attachment.

4. The account administrator sets the security for the account and determines the parties that may use the Service. The account administrator must complete the registration process by providing HID with current, complete and accurate information including, without limitation, the Personal Data types identified in the applicable Data Processing Specifications.

5. With respect to Sections 2.2 and 6 of the Terms of Service, if required by End Customer in writing, HID will not (i) make Product Changes or (ii) limit the availability of the Service in order to perform maintenance activities or technical support, during the mutually agreed event time period(s), unless authorized by the End Customer.

6. For the purposes of Section 14 of the Terms of Service, the demo (e.g. staging environment) version of the Service may not include all or more functionality than what is available with the production level Service. Unless otherwise agreed by HID in writing, the Trial Services Period shall be ninety (90) days.

7. End Customer should implement and enforce policies for end users to secure devices and to timely report compromising incidents such as loss, jailbreak or theft of their devices to the account administrator. Upon notice by an end user that a device has been compromised, the End Customer should immediately revoke the end user’s access to Service. Please note, that a mobile credential (e.g. ticket) cannot be revoked via the Service if the device is switched off, out of network or in flight mode; therefore, End Customer should disable the credential in End Customer’s access control system in order to maintain security. In the event an End Customer’s use of a Service exceeds the terms of End Customer’s purchase, HID reserves the right to charge End Customer for any such excess usage. If a device is corrupted and restored to factory settings, a new Mobile credential (e.g. ticket) must be assigned to the device.

8. To the extent the Event Management Platform is used to collect and process Personal Data regarding children under the age of 13, End Customer represents and warrants that it has obtained all necessary consents (including any express parental consent) required by applicable laws for the collection and processing of such Personal Data.