Cloud Automation Agreement

Last Revised: Feb 26, 2021

This Cloud Automation Agreement (“CAA”) sets forth the terms and conditions upon which Automation Anywhere, Inc., a California corporation with offices at 633 River Oaks Parkway, San Jose,‎ CA‎ 95134 U.S.A.for itself and on behalf of its Affiliates (“AAI”) shall provide, and you (the “Customer”) shall obtain, either directly from AAI (a “Direct Purchase”) or through an AAI Authorized Representative (an “Indirect Purchase”), the use of AAI’s Services.

By agreeing to this CAA, by either (1) clicking a box indicating acceptance, or (2) executing an Order Form that references this CAA, Customer represents that Customer has full power, capacity, and authority to accept the terms herein. If Customer is accepting the terms of this CAA on behalf of an employer or another entity, Customer represents that Customer has full legal authority to bind such employer or such other entity to this CAA. For Customers and Affiliates purchasing or participating in a Free Trial of Services in Australia, the additional terms found at https://www.automationanywhere.com/au/cloud-automation-agreement shall apply to Customer's purchase or Free Trial of Services, and are hereby incorporated into this CAA. To the extent of any inconsistency between those additional terms and the terms of this CAA, the additional terms will prevail.

  1. Definitions.

    "Affiliatemeans any entity not under sanctions or embargo restrictions by the U.S. Government that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies, and operations of such entity, whether through ownership of voting securities, by contract or otherwise.

    "Authorized Representative means a person or entity who has entered into an agreement with AAI authorizing them to distribute or resell AAI Services to Customer.

    "Confidential Informationhas the meaning given to it in Section 4.1.

    "Customer Data means the electronic data or information, including Personal Data, submitted by Customer to the Services or through AAI’s support portal.

    "Documentation means AAI’s installation guides and/or manuals, operating instructions and technical specifications describing how to properly install, configure and use the Services, updated from time to time, and made available via download or during setup of the Services.

    "Free Trialhas the meaning given to it in Section 2.1.1.

    "Order Form means, for a Direct Purchase, an ordering document or online order specifying the Services to be provided hereunder that is entered into between Customer or any of its Affiliates and AAI, including any addenda and supplements thereto.

    "Personal Datahas the meaning given to it in Section 11.1.

    "Purchase Agreementmeans the agreement between Customer and Authorized Representative that describes the AAI Services to be purchased by Customer, however such agreement is titled.

    "Services means AAI’s software-as-a-service applications as described in the Documentation and subscribed to under an Order Form or from an Authorized Representative, or provided to Customer under a Free Trial.
    "Term has the meaning given to it in Section 3.1.1.
  2. Use of Services. This CAA shall govern the use of Services described in an applicable Order Form or Purchase Agreement, and any associated professional services performed by AAI and described in an applicable statement of work, signed by AAI and Customer or any of its Affiliates.
     
    1. Use Rights and Obligations. For any Services provisioned to Customer under an Order Form or through a Purchase Agreement, and subject to Customer’s compliance with the terms and conditions of this CAA including full payment for all purchased Services, AAI grants to Customer a limited, non-exclusive, non-transferable, personal, revocable right to access and use the Services (including any associated downloaded components, such as bot agents, needed to use the Services) in amounts provisioned for Customer by AAI solely for Customer’s internal use in connection with Customer’s ordinary business operations, for the term described in Section 3 below. Customer agrees to operate the Services in compliance with the terms of this CAA and any applicable laws, including but not limited to the Privacy Laws (as defined in Article 11 below). Customer may exercise its access rights under this Section 2.1 through its third-party service providers and Customer’s Affiliates, provided that such Affiliates and third-party service providers must at all times comply with the terms of this CAA, and provided further that Customer shall be responsible for the acts or omissions of such Affiliates and third-party service providers as if Customer had acted or failed to act in accordance with the terms of this CAA.
       
      1. Free Trials/Evaluations. If Customer registers for, and AAI agrees to provide a free trial, proof of concept or any other unpaid evaluation whatsoever labeled (hereinafter, a “Free Trial”), AAI will make the applicable Service(s) available to Customer on a trial basis free of charge for the term described in Section 3.1.3. Customer’s Free Trial shall be subject to the terms of this CAA.
    2. Use Restrictions. Except as otherwise provided in this CAA or as required or permitted by a law that cannot be excluded or by the terms of a third-party license, Customer shall not, and shall not permit any employees, agents, or representatives to: (a) disclose, sell, assign, lease, commercially exploit or market any part of the Services or AAI Confidential Information in any way or manner; (b) copy, modify, enhance, translate, supplement, create derivative works from, or remove any proprietary notices or labels from any part of the Services or AAI Confidential Information; (c) disassemble, decompile, reverse engineer or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any AAI Confidential Information; (d) use the Services to create bots or other automated processes that are designed to violate any applicable laws, regulations or policies, or terms of use imposed by any third parties; or (e) use any Services which have not been provisioned by AAI or an Authorized Representative for Customer’s use under this CAA. Except as expressly permitted in this CAA, Customer shall not cause or permit competitive analysis, benchmarking, or the use, evaluation or viewing of the Services for the purpose of testing, designing, modifying, or otherwise creating any software program, or any portion thereof, that performs functions similar to the functions performed by the Services. Any use of the Services in breach of the foregoing by Customer that reasonably threatens the security, integrity or availability of the Services, may result in AAI’s immediate suspension of the Services, however AAI will use commercially reasonable efforts under the circumstances to provide Customer with notice and an opportunity to remedy such violation or threat prior to any such suspension.
    3. Customer Responsibilities. Customer is responsible for use of the Services by all users to whom it grants its account credentials. Therefore, Customer must:
      • Ensure it grants administrator privileges to qualified personnel.
      • Ensure that its users do not share their passwords.
      • Ensure and maintain security of its systems and the machines that connect to and use the Services, including implementation of critical patches and operating system updates.
       
    4. Ownership; Intellectual Property Protection. Subject to the limited rights expressly granted hereunder, AAI, its Affiliates, and its licensors reserve all of their right, title and interest in and to the Services, including all of their related intellectual property rights. No rights are granted to Customer hereunder other than as expressly set forth herein. The placement of a copyright notice on any part of the Services or AAI Confidential Information will not constitute publication or the permission to publish or otherwise impair the confidential or trade secret nature of the Services or AAI Confidential Information. Customer grants to AAI and its Affiliates a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into its Services any suggestion, enhancement request, recommendation, correction or other feedback provided by Customer relating to the operation of the Services, but only to the extent that any such feedback does not contain Customer Confidential Information. As between AAI and Customer, Customer owns its Customer Data, and AAI makes no claims to ownership thereto.
  3. Term and Termination.
     
    1. Term.
       
      1. Term of CAA. This CAA commences on the date Customer accepts it and continues until all subscriptions and/or free trials hereunder have expired or have been terminated (the “Term”).
      2. Term of Purchased Services. The term of each subscription for purchased Services shall begin on the date AAI makes the Services available to Customer and shall extend for the period as specified in the applicable Order Form or Purchase Agreement. For Direct Purchases, except as otherwise specified in an Order Form, or unless either party gives the other written notice of its intent not to renew at least sixty (60) days before the end of the relevant subscription term, Customer’s payment for a renewed subscription will extend the subscription term for an additional period equal to the expiring subscription term or one year (whichever is shorter). For Direct Purchases, except as expressly provided in the applicable Order Form, renewal of promotional or one-time priced subscriptions will be at AAI’s applicable list price in effect at the time of the applicable renewal.
      3. Term of Free Trials. The term of each Free Trial shall extend until (a) the expiry of the license keys issued, or online access granted in respect of such Free Trial, or (b) the start date of any purchased Service subscriptions ordered by Customer for such Service(s), or (c) termination by AAI in its sole discretion.
    2. Termination. This CAA may be terminated: (a) by a party immediately by written notice upon the occurrence of either of the following events: (i) if the other party ceases to do business; or (ii) if the other party becomes insolvent or seeks protection under any bankruptcy, receivership, trust, deed, creditor's arrangement, or comparable proceeding, or if any such proceeding is instituted against the other party and not dismissed within sixty (60) days (provided that in either case, only the party not experiencing the event(s) may elect to terminate) except that if Customer is purchasing Services in France, this CAA may be terminated if the other party becomes insolvent or seeks protection under bankruptcy proceeding solely in compliance with applicable French bankruptcy legislation; and (b) by the non-breaching party immediately upon written notice if the other party breaches any of its material obligations under this CAA, including failure to timely pay fees, and fails to cure such breach within thirty (30) days following receipt of written notice from the non-breaching party.
    3. Effect of Termination. Upon termination or expiration of this CAA, Customer will cease all use of all Services provided hereunder and return, or destroy upon AAI’s request, all copies of any part of the Services then in Customer’s possession or under Customer’s control. The terms in Sections 2.2, 2.4, 3.3, 4, 5, 9-11, 13-15, and 17-19 will survive any termination or expiration of this CAA.
  4. Confidentiality.
     
    1. Confidential Information. As used herein, “Confidential Information” shall mean (a) as to AAI, any software utilized by AAI in the provision of the Services, and its respective source code; (b) as to Customer, Customer Data; (c) each party’s business or technical information, including but not limited to the Documentation and SOC1 and SOC2 audit reports (in the case of AAI), training materials, any information relating to software plans, designs, costs, prices, finances, marketing plans, business opportunities, personnel, research, development or know-how that is designated by the disclosing party as "confidential" or "proprietary" or the receiving party knows or should reasonably know is confidential or proprietary; and (d) as to each party, the terms, conditions, and pricing of this CAA (but not its existence or parties).
       
    2. Exclusions.Confidential Information shall not include information that: (a) is or becomes known or available to the public, other than through a breach of an obligation hereunder by the receiving party; (b) is lawfully acquired by the receiving party from a third party without breach of a confidentiality restriction; (c) the receiving party can demonstrate by written proof was (i) already in its possession at the time it was disclosed hereunder by the disclosing party or (ii) was independently developed by the receiving party without use of the disclosing party’s Confidential Information; or (d) has been approved for disclosure by the disclosing party.
       
    3. Confidentiality Obligations. The receiving party will hold and maintain the disclosing party’s Confidential Information in confidence, exercising at least the same degree of care as the receiving party customarily exercises to protect its own proprietary information, but in no event with less than reasonable care. The receiving party will not, without the disclosing’s party prior written consent: (a) disclose any portion of the Confidential Information to any person or entity other than its and its Affiliates’ directors, officers, employees, agents or consultants who reasonably need access to the Confidential Information to fulfill the permitted uses described herein and who are bound to protect the Confidential Information on terms substantially similar to those in this CAA; or (b) use Confidential Information except as permitted in this CAA. Notwithstanding the foregoing, the receiving party may produce or disclose Confidential Information as required pursuant to applicable laws, regulations or court order, provided that it first gives the disclosing party notice of the request, if permitted, such that the disclosing party has an opportunity to defend, limit or protect such production or disclosure.
  5. Fees and Payment (for Direct Purchases only).
    1. Subscription Fees. The subscription fee and any other fees due for the Services will be reflected in the Order Form. An Order Form constitutes a legally binding commitment to purchase, and the relevant fees are due and non-refundable (except where expressly set out otherwise in this CAA) even if this CAA expires or is terminated earlier than the expiration of the relevant subscription term reflected in the Order Form. In the event Customer’s Affiliates wish to execute Order Forms directly with AAI, they must execute AAI's standard affiliate agreement directly with AAI, binding themselves to the terms of this CAA. Customer acknowledges that AAI may change its fees for Services at any time, provided that, any such change shall not affect the Customer’s then-current fees until the end of the subscription term set forth in the applicable Order Form.
       
    2. Services Changes. If Customer’s use of the Services exceeds a Services capacity as set forth in the Order Form, then AAI reserves the right to bill for such increased usage at AAI's then-current applicable list prices, if applicable, and Customer agrees to pay the additional fees, plus interest, in the manner provided herein, subject to any additional remedies AAI might have.
       
    3. Payment Terms. Unless otherwise stated on an applicable Order Form, all invoices are payable in US Dollars within thirty (30) days after the receipt of the relevant invoice. All prices are exclusive of all taxes, duties or other government fees of any kind, except for taxes imposed on AAI’s income by the taxing authority in AAI’s home jurisdiction, and Customer shall pay AAI such additional amount as shall cause the net amount of the aggregate payment to AAI, after giving effect to any taxes required to be collected or deducted by AAI, to equal the amount of the payment otherwise due to AAI under this CAA. AAI may impose interest on late payments at the lower of 1.5% per month or the maximum rate allowable by applicable law. Customer shall pay all of AAI’s reasonable fees, costs, and expenses (including reasonable attorney’s fees) if any action including legal action is required to collect outstanding undisputed balances.
       
    4. Suspension of Services. If any fees owed by Customer under this CAA are thirty (30) days or more overdue, AAI may, without limiting its other rights and remedies, suspend the Services following five (5) days’ written notice that it will do so, until such amounts are paid in full. AAI will not suspend the Services if Customer is disputing the applicable fees reasonably and in good faith and is cooperating diligently to resolve the dispute.
  6. Indemnification.
     
    1. Indemnification by AAI: AAI will defend, indemnify and hold Customer harmless from any damages or losses that it may incur by reason of or arising out of any third-party claim that any part of the Services (including any associated downloaded components, such as bot agents, needed to use the Services) infringes any patent or copyright or misappropriates any trade secret. In any action based on a claim of infringement, AAI may, at its sole option and expense: (a) procure for Customer the right to continue using the applicable Services under the terms of this CAA; (b) replace or modify the affected portion of the Services with a replacement or modification that permits the Services to function in substantially equivalent form as with the infringing portion of the Services; or (c) if options (a) and (b) above are not reasonably commercially available or practicable, then AAI may terminate Customer’s rights and AAI’s obligations hereunder with respect to the affected portion of the Services, in which case AAI will refund a pro rata portion of any prepaid fees (through the Authorized Representative in the case of an Indirect Purchase) for such affected portion of the Services equal to the period of time from the date of termination to the end of the then-current subscription term.
       
    2. Indemnification Procedures. AAI’s indemnification obligations under this Article 6 are conditioned upon Customer: (a) promptly notifying AAI in writing of the claim; (b) granting AAI sole control of the defense and settlement of the claim, provided that AAI shall have the right to reject any settlement that requires it to admit wrongdoing or liability; and (c) providing AAI with all assistance (at AAI’s expense), information, and authority reasonably required for the defense and settlement of the claim.
       
    3. Indemnity Exclusions. AAI will have no liability for any claim described in Section 6.1 to the extent that it would not have occurred but for: (a) modifications to the Services made by Customer or a party acting on Customer's behalf (other than modifications made at AAI's written direction); (b) the combination, operation or use of the Services with equipment, devices, software or data not supplied by AAI (including, without limitation, using the Services to automate AAI-selected software or processes); (c) Customer’s failure to use updated or modified forms of the Services provided by AAI; (d) Customer’s use of the Services other than in accordance with this CAA; or (e) compliance by AAI with designs, plans or specifications furnished by or on behalf of Customer.
       
    4. THE PROVISIONS OF THIS ARTICLE 6 SET FORTH AAI’S SOLE AND EXCLUSIVE OBLIGATIONS, AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDIES, WITH RESPECT TO INFRINGEMENT OR MISAPPROPRIATION OF THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS.
  7. Warranty.
    1. Services Warranty. AAI warrants to Customer that during each subscription term the Services will perform in all material respects in accordance with the Documentation. The foregoing warranty does not apply to any Services that have been used in a manner other than as set forth in the Documentation and authorized under this CAA, to the extent such improper use causes the Services to be nonconforming. AAI does not warrant that the Services will operate in the combinations that Customer may select for use, or that the use or availability of the Services will be uninterrupted or error-free, or that all errors in the Services will be corrected. Any claim submitted under this Section 7.1 must be submitted in writing to AAI within thirty (30) days of Customer becoming aware of the warranty issue. AAI’s entire liability for any breach of the foregoing warranty is to repair, replace or find a workaround for any nonconforming portion of the Services so that the affected Services operate as warranted or, if AAI is unable to repair, replace or put in place a workaround, AAI may terminate the subscription for such Services and refund a pro rata portion of any prepaid fees for such affected portion of the Services equal to the period of time from the date of termination to the end of the then-current subscription term. If Customer purchases professional services from AAI under this CAA, AAI warrants to Customer that any such professional services provided hereunder shall be professional, workmanlike and performed in a manner conforming to the generally accepted industry standards and practices for similar services. Customer’s sole and exclusive remedy for any nonconforming professional services under this warranty shall be for AAI to re-perform the nonconforming services or, at AAI's sole election, to refund the applicable services fees, but subject to Customer informing AAI of any such nonconformity within thirty days from the date of performance of the nonconforming service.
       
    2. Malicious Code Warranty. AAI warrants to Customer that: (a) AAI applies industry standard tools to identify and eliminate viruses and other malware prior to delivering the Services; and (b) the Services delivered hereunder shall be free of: (i) functions or routines that are designed to surreptitiously delete or corrupt data in such a manner as to interfere with the normal operation of the Service, (ii) undisclosed “Time Bombs,” time-out or deactivation functions or other means designed to terminate the operation of the Services (other than at the end of a subscription term); (iii) “Back Doors” or other means designed to allow remote access and/or control a Customer’s networks; and (iv) any codes or keys designed to have the effect of disabling or otherwise shutting down all or any portion of the Services or limiting its functionality.
       
    3. OTHER THAN THE EXPRESS WARRANTIES MADE BY AAI HEREIN, THE PARTIES ACKNOWLEDGE THAT THE SERVICES AND PROFESSIONAL SERVICES PROVIDED TO CUSTOMER PURSUANT TO AND FOR THE PURPOSES OF THIS CAA ARE PROVIDED "AS IS," “AS AVAILABLE,” AND WITHOUT ANY WARRANTY WHATSOEVER. AAI DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, OR ACCURACY OR COMPLETENESS OF RESPONSES OR RESULTS. NO AAI AGENT OR EMPLOYEE IS AUTHORIZED TO MAKE ANY MODIFICATIONS, EXTENSIONS, OR ADDITIONS TO THIS WARRANTY. TO THE EXTENT THE LAWS OF CUSTOMER’S JURISDICTION DO NOT PERMIT SUCH DISCLAIMER WITH RESPECT TO THE SERVICES AS PURCHASED HEREUNDER, AAI PROVIDES ONLY THE MINIMUM LAWFUL WARRANTY BEYOND THAT WARRANTY EXPRESSLY MADE ABOVE AND DISCLAIMS ALL WARRANTIES TO THE EXTENT PERMITTED BY APPLICABLE LAW. THE SERVICES ARE NOT DESIGNED OR INTENDED FOR USE WITH, AND SHOULD NOT BE USED IN CONNECTION WITH, HAZARDOUS APPLICATIONS, SUCH AS OPERATION OF NUCLEAR FACILITIES, LIFE SUPPORT, WEAPONS, AIRCRAFT NAVIGATION OR COMMUNICATION, AND/OR PROCESS CONTROL THAT COULD RESULT IN DEATH, INJURY OR ENVIRONMENTAL IMPACT. THE PARTIES ACKNOWLEDGE THAT THE DISCLAIMERS IN THIS SECTION ARE A MATERIAL PART OF THIS CAA, AND AAI WOULD NOT HAVE ENTERED INTO THIS CAA BUT FOR SUCH DISCLAIMERS.
       
    4. The warranties set forth in Section 7.1 above apply to purchased Services and professional services only, and do not apply to Free Trials.
  8. Support and Uptime Availability.
    1. Direct Purchase Services. During the Term and subject to Customer’s compliance with the terms and conditions of this CAA including full payment for the Services (and full payment for support, if applicable), AAI will provide support for purchased Services in accordance with its then-current support policy as more fully described at https://www.automationanywhere.com/technical-support-terms.
    2. Indirect Purchase Services. Support for Customer’s Services will be purchased through (and may be provided by) the respective Authorized Representative under the terms of the applicable Purchase Agreement.
    3. Free Trials.Support is not provided for Free Trials.
    4. Uptime Availability SLA.Throughout the Term of this CAA and subject to Customer’s compliance with the terms and conditions of this CAA including full payment for the Services, AAI will provide the Services in accordance with its then-current uptime availability standards established by the Service Level Agreement (“SLA”) which is available at https://www.automationanywhere.com/uptime-availability-SLA. In the event AAI fails to satisfy the terms of the SLA, in whole or in part, Customer shall have such rights and remedies as are set forth in the SLA.
  9. Audit. Upon reasonable notice and written request, Customer will provide AAI with reports, summaries or other documents reasonably designed to allow AAI to audit Customer’s compliance with the use of the Services under this CAA. AAI will handle all such documents in accordance with the terms of Section 4 herein.
  10. LIMITATION OF LIABILITY.
     
    1. Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND EXCEPT WITH RESPECT TO (A) AAI’S INFRINGEMENT INDEMNIFICATION OBLIGATIONS IN SECTION 6, (B) EITHER PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS SET FORTH IN SECTION 4 (EXCLUDING BREACHES RELATED TO CUSTOMER’S PERSONAL DATA, WHICH ARE ADDRESSED IN SECTION 10.1.2), (C) EITHER PARTY’S WILLFUL MISCONDUCT AND/OR FRAUD, (D) EITHER PARTY’S LIABILITY FOR DEATH, PERSONAL INJURY, OR TANGIBLE PERSONAL PROPERTY DAMAGE, (E) EITHER PARTY’S UNAUTHORIZED USE, DISTRIBUTION, OR DISCLOSURE OF THE OTHER PARTY’S INTELLECTUAL PROPERTY, OR (F) CUSTOMER’S PAYMENT OBLIGATIONS:
       
      1. IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS CAA, WHETHER IN CONTRACT, TORT OR OTHERWISE, EXCEED THE FEES PAID BY CUSTOMER UNDER THIS CAA AND/OR UNDER THE PURCHASE AGREEMENT DURING THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY. FOR FREE TRIALS, NEITHER PARTY’S AGGREGATE LIABILITY SHALL EXCEED ONE HUNDRED DOLLARS ($100.00).
      2. NOTWITHSTANDING SECTION 10.1.1 ABOVE, AAI’S AGGREGATE LIABILITY FOR (A) A BREACH OF THIS CAA RESULTING IN A SUCCESSFUL SECURITY INCIDENT (AS DEFINED IN SECTION 11.8), OR (B) A BREACH OF AAI’S CONFIDENTIALITY OBLIGATIONS UNDER THIS CAA (AS IT RELATES TO CUSTOMER’S PERSONAL DATA ONLY), SHALL NOT EXCEED TWO TIMES (2X) THE FEES PAID BY CUSTOMER UNDER THIS CAA AND/OR THE PURCHASE AGREEMENT DURING THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY.
         
    2. Exclusion of Damages. EXCEPT WITH RESPECT TO: (A) AMOUNTS TO BE PAID BY AAI PURSUANT TO A COURT AWARD OR SETTLEMENT UNDER AAI’S INFRINGEMENT INDEMNIFICATION OBLIGATIONS; (B) EITHER PARTY’S BREACH OF ITS CONFIDENTIALITY OBLIGATIONS SET FORTH IN SECTION 4; (C) EITHER PARTY’S WILLFUL MISCONDUCT AND/OR FRAUD, OR (D) EITHER PARTY’S VIOLATION OF, OR UNAUTHORIZED USE, DISTRIBUTION, OR DISCLOSURE OF, THE OTHER PARTY’S INTELLECTUAL PROPERTY, NEITHER PARTY SHALL BE LIABLE FOR ANY PUNITIVE, SPECIAL, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING ANY COST OF PROCUREMENT OF SUBSTITUTE SERVICES AND LOSS OF USE, DATA, BUSINESS, OR PROFITS), REGARDLESS OF THE THEORY OF LIABILITY OR WHETHER THE LIABLE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND REGARDLESS IF A PARTY’S REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE.
    3. No Limitation of Liability by Law. Because some jurisdictions do not allow liability or damages to be limited to the extent set forth above, some of the above limitations may not apply.
  11. Data Privacy/Data Security.
    1. Privacy Laws. For the purposes of this CAA, “Privacy Laws” means all state, federal, and international laws and regulations, including (without limitation): the California Consumer Protection Act of 2018 (“CCPA”), the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations and the Health Information Technology for Economic and Clinical Health Act (HITECH) and its implementing regulations (collectively, the “HIPAA Rules”); the Personal Information Protection Act of the Republic of Korea (“PIPA”) and the Enforcement Decree of PIPA; the laws and regulations of Australia and its States and Territories with respect to privacy and the protection of personal information, including (without limitation) the Australian Privacy Act 1988 (Cth) (“Australian Privacy Act”) and Australian Privacy Principles under the Australian Privacy Act; and laws and regulations of the European Union, the European Economic Area, their member states and the United Kingdom, related to data privacy, including (without limitation) the EU General Data Protection Regulation (2016/679) (“GDPR”) and any applicable national implementing laws. The terms “Personal Data,” “Special Categories of Personal Data,” “Data Subject(s),” and “Controller” as used in this CAA shall have the meanings given to them in the GDPR, however where the applicable Privacy Laws are the laws of Australia or an Australian State or Territory, the term “Personal Data” also includes anything defined as "personal information" under the Australian Privacy Act or an equivalent term under the applicable Privacy Laws, and the term “Data Subject(s)” also includes an identified or identifiable natural person or individual as defined by or referred to in the applicable Privacy Laws. The term “SCoPD” means “Special Categories of Personal Data” as defined in the GDPR. The terms “Covered Entity” and “Business Associate” as used in this CAA shall have the meaning given to it in the HIPAA Rules. The term “PHI” means “Protected Health Information” as defined in the HIPAA Rules.
       
    2. Roles of the Parties. The parties acknowledge and agree that (i) with respect to Customer’s Personal Data and/or SCoPD processed by AAI for the provision of Services under this CAA, AAI shall be a Processor (or a ‘service provider’ for purposes of CCPA) (and where the applicable Privacy Laws are the laws of Australia or an Australian State or Territory, AAI shall receive and process such Personal Data in its capacity as a service provider to Customer in its provision of the Services) and Customer shall be a Controller (or a ‘business’ for purposes of CCPA), and (ii) with respect to any other Personal Data and/or SCoPD including (without limitation) such data processed for Service Improvement (as defined below in Section 11.4), each party shall be a separate Controller (or a ‘business’ for purposes of CCPA) and each party shall be responsible for its compliance with the applicable Privacy Laws with respect to the Customer’s Personal Data and/or SCoPD.
       
    3. Customer Obligations. Notwithstanding any provision to the contrary herein, with respect to any Personal Data and/or SCoPD, Customer represents and warrants that: (i) the Personal Data and/or SCoPD have been collected in strict compliance with applicable Privacy Laws; (ii) it has properly notified Data Subjects under the applicable Privacy Laws that their Personal Data and/or SCoPD will be transferred to third parties including AAI, and will be processed for the purposes set forth in this CAA (including, without limitation, for Service Improvement); and (iii) Customer has all necessary rights and has procured any consents and authorizations required by law to transfer any Personal Data and/or SCoPD to AAI for the purposes set out in this CAA and such transfer of the Personal Data and/or SCoPD and processing by AAI is and shall be in compliance with the Privacy Laws. To the extent AAI is acting as a Processor under this CAA (a) Customer further represents and warrants that it has a lawful basis for processing (and instructing AAI to process) Personal Data and/or SCoPD as set forth in this CAA, and (b) Customer and AAI acknowledge and agree that the terms set forth in the Data Processing Addendum at https://www.automationanywhere.com/support/DPA.pdf: (i) shall apply with respect to AAI’s processing of Customer’s Personal Data and/or SCoPD on Customer’s behalf, and (ii) are hereby incorporated into this CAA by reference.
       
    4. Customer represents and warrants that it has all necessary rights and permissions to provide to AAI any electronic documents, images and emails uploaded to the Services which may contain PHI, Personal Data, and SCoPD, and Customer agrees that it shall have sole responsibility for the accuracy, quality, integrity, and legality of all such information. Customer further agrees that AAI will retain PHI, Personal Data, and SCoPD for only those periods described in AAI’s Privacy Policy, will routinely destroy such information, and will not be responsible or liable for the deletion, correction, destruction, damage, or loss of any PHI, Personal Data, or SCoPD. Customer agrees that AAI may use information, in an anonymized and aggregated format, obtained from Customer’s use of the Services, such as by tracking click actions, runtime behavior and other metadata derived from Customer’s use of the Services, to analyze, enhance and improve AAI’s service offerings and models (“Service Improvement”) including and as further described in AAI’s Privacy Policy at https://www.automationanywhere.com/privacy.
       
    5. Data Subject Rights. AAI shall inform Customer about any request by a Data Subject to exercise his or her rights pursuant to the Privacy Laws in relation to any Customer PHI, Personal Data, or SCoPD (“Data Subject Request”). Customer shall use its commercially reasonable efforts to assist AAI in responding to a Data Subject Request as directed by AAI including the provision of additional data as required by AAI to identify PHI, Personal Data, or SCoPD processed by AAI relating to the Data Subject.
       
    6. International Transfers. Subject to the terms of this CAA, AAI makes the following transfer mechanisms available to any transfer of Personal Data or SCoPD pursuant to this CAA from the European Union, the European Economic Area, their Member States and the United Kingdom to countries which are not deemed to ensure an adequate level of data protection within the meaning of the Privacy Laws, to the extent such transfers are subject to such Privacy Laws: (i) where AAI is a Controller, the Standard Contractual Clauses for the transfer of Personal Data or SCoPD from the European Economic Area to third countries (controller to controller transfers), approved by the European Commission in Decision 2004/915/EC, dated 27 December 2004, and (ii) where AAI is a Processor, the Standard Contractual Clauses for the transfer of Personal Data or SCoPD from the European Economic Area to third countries (controller to processor transfers), approved by the European Commission in Decision 2010/87/EU, dated 5 February 2010.
       
    7. Business Associate Agreement. If Customer is a Covered Entity or a Business Associate and the Personal Data or SCoPD include PHI, Customer shall not transfer or otherwise disclose to AAI any such PHI prior to the effectiveness of an applicable written Business Associate Agreement (“BAA”), in form and substance, accepted in writing by AAI in its discretion. If Customer is a Covered Entity and the Personal Data or SCoPD include PHI, the BAA available at https://www.automationanywhere.com/support/CoveredEntityBAA.pdf shall apply and is hereby incorporated into this CAA by reference. If Customer is a Business Associate, and the Personal Data or SCoPD include PHI, the BAA available at https://www.automationanywhere.com/support/Sub-ContractorBAA.pdf shall apply and is hereby incorporated into this CAA by reference.
    8. Successful Security Incident/Unauthorized Disclosure. A “Successful Security Incident” means accidental, unauthorized, or unlawful access to, destruction of, loss of, alteration of or disclosure of Customer Data while being processed by AAI. In the event of a Successful Security Incident, AAI shall notify the Customer about the Successful Security Incident without undue delay after becoming aware of it (and within the time frame required by applicable law). Such notification shall detail the following, if known: (i) the nature of the unauthorized use or disclosure; (ii) who made the unauthorized use or received the unauthorized disclosure; (iii) the steps AAI has taken to mitigate any deleterious effect of the unauthorized use or disclosure; (iv) the corrective actions AAI will take to prevent future similar incidents; and (v) all actions taken as may be required by applicable Privacy Laws.
    9. Unsuccessful Security Incident. AAI has no obligation to report or respond to an Unsuccessful Security Incident, and any response or related communication by AAI shall not be construed as an acknowledgement by AAI of any fault or liability. An “Unsuccessful Security Incident”, means an incident that results in no unauthorized access to Customer Data or to any of AAI’s equipment or facilities storing Customer Data, and may include, without limitation, dropped or denied network traffic, denied access attempts to systems and applications, alerts from security devices or services, pings and other broadcast attacks on firewalls or edge servers, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access to Customer Data) or similar incidents.
    10. Security/Technical and Organizational Measures ("TOMs") During the Term of this CAA, AAI shall maintain a formal security program materially in accordance with industry standards that is designed to: (i) ensure the security and integrity of Customer Data; (ii) protect against threats or hazards to the security or integrity of Customer Data; and (iii) prevent unauthorized access to Customer Data. Such security program will conform to the security TOMs identified below, which may be updated from time to time, and which are incorporated herein by reference. In no event during the Term shall AAI materially diminish the protections provided by the controls set forth in AAI’s TOMs. AAI performs regularly scheduled penetration tests (“Pen Tests”) to test the security of the Services. If Customer wishes to conduct its own Pen Tests, Customer must notify AAI at least two (2) weeks in advance via email to disclosure@automationanywhere.com, and include the following information: (x) specific URLs planned to be tested; (y) to/from dates when the testing will occur; and (z) IP addresses of the devices doing the testing. Upon Customer’s request, AAI will provide Customer, subject to the terms of Section 4, with a copy of AAI's then-current Pen Tests results, and SOC1 and SOC2 audit reports or comparable industry-standard successor reports prepared by AAI’s independent third-party auditor. AAI will maintain ISO27001:2013 and ISO22301:2019 and Type 2 SOC 1 and Type 2 SOC 2 certifications throughout the Term.

      AAI’s security TOMs for support can be found at the following links:
      https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/salesforce-security-privacy-and-architecture.pdf and
      https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/salesforce_security_guide.htm.
      AAI’s security TOMs for the Services can be found at the following link: https://www.automationanywhere.com/certification-reports.

  12. Updates. AAI shall have the right, at its option and from time to time, to update the Services (e.g. to provide new features, implement new protocols, maintain compatibility with emerging standards or comply with regulatory requirements); provided, however, that the functionality of the Services will not be materially decreased as a result of such updates. To the extent an update requires additions or modifications to the terms of this CAA, AAI will notify Customer accordingly, but any such amendment(s) shall not materially increase Customer’s liabilities and/or obligations nor shall it materially decrease AAI’s obligations and/or liabilities unless required by applicable law.
  13. Monitoring. AAI may, in compliance with AAI’s Privacy Policy and Privacy Laws, collect, use and retain technical data and use information, such as how the Services are performing, access information, click actions, runtime behavior, settings and user information including (without limitation) IP address, when monitoring Customer’s use of the Services. Although AAI is not obligated to monitor Customer’s use of the Services, Customer hereby authorizes AAI to do so. AAI may prohibit any use of the Services it reasonably believes may be (or is alleged to be) in violation of the terms of this CAA or any applicable laws (including Privacy Laws).
  14. Export Compliance. The parties understand that U.S. and any other relevant, local export laws and regulations (collectively,“Export Laws”) apply to the Services. The parties will comply with all Export Laws. Customer will not export or re-export, either directly or indirectly, the Services or any bots, data, information, or other materials resulting from the Services in violation of these laws, or use any of the foregoing for any purpose prohibited by Export Laws.
  15.  Force Majeure. Each party shall be relieved of its obligations under this CAA, and neither party shall be liable to the other party under this CAA, for any liability, loss, damage, fine, penalty, sanction, cost or expense incurred by a party as a result of any event or condition that directly or indirectly prevents the party from performing an obligation hereunder, is beyond the reasonable control of the party, and could not, by the exercise of due diligence, have been avoided in whole or in part by the party, including, without limitation: any act of God, natural disaster, pandemics, epidemics, war, riot, blockade, insurrection, terrorism, sabotage, denial of service attacks (including, but not limited to, state or nation-sponsored denial of service attacks), virus or hacking attacks for which there is no commercially reasonable, known solution (including, but not limited to, intentional/targeted hacking by or on behalf of nation states), acts of public enemies, civil disturbances or general restraint or arrest of government and people, boycott, strike (including a general strike), lockout, failure in electrical power or telecommunication services, or other similar industrial disturbance.
  16.  U.S. Government. Any software incorporated in the Services and its accompanying Documentation are “commercial computer software” and “commercial computer software documentation,” as such terms are used in 48 C.F.R. 12.212, and may only be provided to or obtained by the United States government (1) for acquisition by or on behalf of civilian agencies, consistent with the policy set forth in 48 C.F.R. 12.212; or (2) for acquisition by or on behalf of units of the Department of Defense, consistent with the policies set forth in 48 C.F.R. 227-7201.1 and 227.7202-3. If a government agency needs additional rights, it must negotiate a mutually acceptable written addendum to this CAA specifically granting those rights.
  17.  Third-Party Software. The AAI software incorporated in the Services contains and is distributed with third-party and open source software that is covered by a different license. AAI’s obligations set forth in this CAA do not extend to any such open source software. Customer agrees that all such open source software shall be and shall remain subject to the terms and conditions under which it is provided. Any such open source software, and the notices, license terms and disclaimers applicable to such open source software shall be identified to Customer by email, website identification or a notice visible within the Services.
  18. General Provisions.
    1. Governing Law. This CAA is governed by the laws of the State of California, without regard to its conflict of laws principles. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act shall not apply to this CAA. The parties submit to exclusive jurisdiction and venue in an appropriate court sitting in Santa Clara County, California, USA.
       
    2. Notices. All notices related to this CAA shall be made in writing in English and shall be effective upon (a) personal delivery, (b) the second business day after mailing (or, if posted internationally, the fifth business day after mailing), and (c) the day of emailing (provided that notices of termination and indemnifiable claims shall also be sent by the processes described in (a) and (b) in addition to email). Notices sent to AAI shall be addressed to: 633 River Oaks Parkway, San Jose,‎ CA‎ 95134 U.S.A., ATTN: General Counsel, and/or emailed to: legalnotices@automationanywhere.com. Notices sent to Customer shall be sent to the Customer address on the applicable Order Form, unless Customer has notified AAI of another address in accordance with this Section. Any notice given in conformance with this Section shall be effective upon actual delivery or refusal of delivery.
       
    3. Assignment. Neither party may assign this CAA or any right or obligation hereunder without the other party’s prior written consent; provided, however that AAI may assign this CAA to a subsidiary or Affiliate or a successor in interest in case of a merger or acquisition of AAI or in case of a transfer of all or substantially all of its assets, or the assets of a major division, to another entity. This CAA will be binding upon and inure to the benefit of the parties hereto and their respective successors and assigns.
       
    4. Third-Party Beneficiaries/Independent Contractors.No person or entity other than the parties hereto will have any right to enforce or seek enforcement of this CAA. There are no third-party beneficiaries to this CAA. Each party will perform its obligations hereunder as an independent contractor and not as an agent or representative of the other party. Nothing in this CAA will be deemed or construed as creating a partnership, joint venture, or any similar relationship between the parties.
       
    5. Entire Agreement/Order of Precedence. This CAA, together with applicable Order Forms, the documents linked hereto and any exhibit(s) (as applicable) referenced herein, constitutes the entire understanding between Customer and AAI with respect to the subject matter hereof. No terms or conditions set forth in any purchase order or other document provided by Customer to AAI shall be part of any agreement between AAI and Customer unless specifically accepted by AAI in writing. In the event of a conflict between the terms of this CAA and the terms of an Order Form (other than payment terms), a document linked hereto or any exhibit(s) (as applicable) referenced herein, the terms of this CAA shall take precedence and control unless the Order Form or other document explicitly references and overrides a provision of this CAA.
       
    6. Modification/Waiver/Severability. No modification of this CAA will be binding, unless in writing and signed by an authorized representative of each party. Any express waiver or failure to exercise promptly any right under this CAA will not create a continuing waiver or any expectation of non-enforcement. If any provision of this CAA shall for any reason be held illegal or unenforceable, such provision shall be deemed severable from the remaining provisions of this CAA and shall in no way affect or impair the validity or enforceability of the remaining provisions of this CAA, unless such omission would frustrate the intent of the parties, in which case this CAA may be reformed to give effect to the other provisions hereof.
  19. South Korean-specific Provisions. For Customers or Affiliates located in the Republic of Korea, the following provisions apply and prevail to the extent of any inconsistency over the remaining Sections of this CAA:
     
    1. General Provisions. Section 18.1 is deleted in its entirety and replaced with the following:
       
    18.1     Governing Law. This CAA is governed by the laws of the State of California, without regard to its conflict of laws principles. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act shall not apply to this CAA. As for any disputes arising out of and/or from the CAA, the parties shall agree on the competent jurisdiction; provided that if the parties cannot reach an agreement on a competent jurisdiction, the parties shall comply with Korean Civil Procedure Law for this limited purpose.

This CAA is effective as of February 26, 2021 and replaces and supersedes the versions effective as of March 27, 2020 and September 27, 2019.

Try
Close

For Businesses

Take Automation 360, the world’s leading intelligent automation platform for a fully supported 30-day free trial

For Students & Developers

Start your RPA journey instantly with FREE access to Community Edition