Terms and Conditions

MASTER TERMS & CONDITIONS

Last update: March 23, 2022

These Master Terms and Conditions (the “Master Terms”) govern the provision, access and use of the Flinks Technology (as hereinafter defined) as provided by Flinks Technology Inc. (hereinafter “Flinks”) to Flinks’ clients (hereinafter the “Client”), as determined by Client’s applicable Order Form(s) (as hereinafter defined).

(Hereinafter individually a “Party” and collectively the “Parties”)

By accessing and using the Flinks Technology pursuant to any Order Form, Client agrees to be bound by and comply with these Master Terms. Any breach of these Master Terms may result in suspension and/or termination of Client’s access and/or use of the Flinks Technology and/or the End-Customer Data (as hereinafter defined).

1. DEFINITIONS

Account” means a singular account accessed from a Data Source using a Set(s) of Credentials that an End-Customer has provided to Flinks through the Embedded Services.

Affiliate” means, as to any entity, any other entity that, directly or indirectly, controls, is controlled by or is under common control with such entity. For the purposes of this definition, “control” means direct or indirect ownership or control of more than fifty percent (50%) of the voting interests.

Agreement” means, collectively, these Master Terms and any Order Form, Service Schedule, schedule and/or exhibit issued pursuant to the Master Terms. 

Aggregated Data” means Anonymized Data that has been combined with other datasets and which do not allow for the identification of Client, any Internal User nor any End-Customer.

Anonymized Data” means (a) any data that does not identify Client, any Internal User or any End-Customer; and/or (b) any Personal Information that has undergone processes according to generally accepted industry standards which reasonably prevents an individual from being identified directly or indirectly. 

API” means application programming interface.

Applicable Laws” means all applicable requirements, laws, statutes, codes, acts, ordinances, orders, decrees, injunctions, by-laws, rules, regulations, official plans, permits, licenses, authorisations, directions, and agreements, by and/or with all governmental authorities, including any court order, that now or at any time hereafter may be applicable, and as amended or replaced from time to time, including Applicable Privacy Laws.

Applicable Privacy Laws” means all Applicable Laws regarding data protection, personal information and privacy, and all applicable principles, guidelines and codes issued by a competent data protection authority to which any Flinks entity or any Client entity may be subject, including any amendments or successors thereto, by any country, state, or other jurisdiction. 

Audit Report(s)” shall have the meaning ascribed to it in Section 7.2a).

Client Materials” shall have the meaning ascribed to it in Section 9.2.

Client Service(s)” means a customer-facing product, software, application or service that (a) is detailed by the Client during its onboarding process; (b) is owned and operated by the Client; (c) is intended to be provided by the Client to an End-Customer; and (d) may involve the Processing of the Applicable End-Customer Data, including the access, collection and/or extraction of such through Flinks Connect, subject to the End-Customer’s Consent.  

Client System(s)” means Client’s information technology infrastructure, including the computer systems, computer programs, peripherals, terminals, communications equipment and all other related hardware and software and connectivity products owned by, leased by, used by or otherwise under the control of Client that are used by Client to consume the Services, including, but not limited to, the Client Service. Client System does not include the Flinks Technology.

Confidential Information” shall have the meaning ascribed to it in Section 8.1.

Connection Method” means the technological mechanism that may be made available by Flinks to or on behalf of Client to allow End-Customers to authenticate themselves using their Set(s) of Credentials and, ultimately, to connect their Account(s) with the Client Services. 

Connection Method Availability” means stable access by the End-Customer to the Connection Method without substantial degradation of responsiveness.

Consent” means a specific and express consent that is informed, unambiguous and freely given through a clear and affirmative action and for specific purposes by an individual and on their own behalf. Silence, pre-ticked boxes and inactivity shall not constitute Consent.

Data Access Method” means a data distribution channel(s) or method(s) that may be made available by Flinks to or on behalf of Client and through which Applicable End-Customer Data (as hereinafter defined) is transmitted to or on behalf of Client on a read-access basis.

Data Source” means a single repository of information (e.g., an internet site, server or document, as applicable) from which information can be extracted by Flinks.

Disclosing Party” shall have the meaning ascribed to it in Section 8.1.

Documentation” means the specifications, instructions, guidelines, and documents detailing the functionalities of the Services, as provided by Flinks.

Embedded Services” means the component(s) of Services embedded within the Client Services and visible to the End-Customer, including the Connection Method where applicable. 

Emergency Maintenance” means critical system changes that cannot wait for Scheduled Maintenance. These changes could destabilize the system if not addressed expeditiously. 

End-Customer” means a Person residing in the Territory that is a customer of both (i) a Person controlling a Data Source, and (ii) the Client.

End-Customer Agreement” means valid and enforceable terms and conditions governing the access and use of the Client Services by End-Customers.

End-Customer Complaint(s)” means any material complaints, inquiries, issues or disputes by an End-Customer with regard to the Client Services (including the Embedded Services and access of End-Customer Data, the End-Customer Agreement, the Privacy Notice and Consents) that is either lodged directly with the Client or directed to the Client by Flinks or any third party. 

End-Customer Data” means an End-Customer’s Personal Information, as provided by the End-Customer and/or retrieved by Flinks from a Data Source, excluding Set(s) of Credentials.

Error(s)” shall have the meaning ascribed to it in Section 2.6.

Fees” shall have the meaning ascribed to it in Section 13.1.

Flinks Connect” means the technological mechanism made available by Flinks to Client to allow Client to access the Services, view Reports, and view End-Customer Data on an End-Customer by End-Customer basis, as applicable.

Flinks Connect Availability” means stable access by the Client to Flinks Connect without substantial degradation of responsiveness.

Flinks Material” means (a) all materials that Flinks provides to Client for Client’s use of the Services, including without limitation the Documentation; (b) and any and all data and information (i) relating to Flinks or the products and business operations of Flinks or any personnel or providers of Flinks, or (ii) relating to the performance or operations of Flinks’ systems, including the Flinks Technology and the Data Access Method (where appliable); and (c) any deliverables, interfaces, integrations, reports, data outputs, customizations, configurations and other materials created or developed in connection with or pursuant to the Agreement, whether by a Party jointly or alone. 

Flinks Technology” means the underlying technologies, including, without limitation, computer programs, works of authorship, know-how, inventions, processes, data, APIs, data feed format, software development kits, platforms, codes, algorithms and similar technologies, and technical specifications, information and tables, and all improvements, derivative works, updates, fixes and new releases thereof, which are used and made available by Flinks to provide the Services. For the avoidance of doubt, the Flinks Technology includes (i) the Connection Method, and (ii) where Client has been identified as eligible to access End-Customer Data through the “Data Access Method” in accordance with the terms and conditions set forth in the applicable Service Schedule, if any.

Force Majeure Event” shall mean circumstances beyond the reasonable control of a Party which cannot be reasonably foreseen and is not caused by the negligence of this Party, including, but not limited to, an act of God, fire, flood, storm, epidemic, pandemic (excluding COVID-19 and any related consequences), revolution, act of terrorism, electric or network failure, riot or civil commotion (but excluding strikes and industrial disputes of a third party).

Indemnified Party” shall have the meaning ascribed to it in Section 11.1a).

Indemnifying Party” shall have the meaning ascribed to it in Section 11.1a).

Individual Privacy Rights” any of individuals’ privacy rights over their Personal Information under Applicable Privacy Laws, including, but not limited to, the right to access and the right to correct such Personal Information.

Intellectual Property” means any and all intellectual property, including but not limited to works, inventions (whether patentable or not), discoveries, improvements, trade secrets, know-how, scientific formulae, data, information, images, reports, results, analysis, software, models, research and development information, technical information, prototypes, specifications, patterns, drawings, algorithms, products, compositions, processes and protocols, methods, tests, devices, computer programs, trademarks and any and all proprietary rights provided under patent law, copyright law, trademark law, design patents or industrial design law, semiconductor chip or mask work law, or any other statutory provision or civil or common law principle applicable to the protection of intangible proprietary information or rights, including trade secret law, which may provide a right in any of the foregoing as well as any and all applications, registrations or other evidence of a right in any of the foregoing.

Internal User” means Client Personnel accessing Flinks Connect from time to time.  

Licensed Party” shall have the meaning ascribed to it in Section 9.3.

Marks Owner” shall have the meaning ascribed to it in Section 9.3.

Order Form” means an order form issued pursuant to these Master Terms, which i) includes at least one (1) Service Schedule, and ii) has been duly executed between the parties. 

Order Form Effective Date” means the date determined in Client’s applicable Order Form(s).

Permitted Use of End-Customer Data” has the meaning ascribed to it in Section 5.2.

Permitted Use of Services” has the meaning ascribed to it in Section 3.1.

Person” means an individual, corporation, partnership, limited liability company, association, trust, unincorporated organization, or other legal entity or organization, or a government authority.

Personal Information” means any information that would meet the definition of “personal information”, or of a similar nomenclature under Applicable Privacy Laws.

Personnel” means employees, contractors, consultants or any other individuals employed or engaged by the applicable entity.

Personal Information” means any information that would meet the definition of “personal information”, or of a similar nomenclature under Applicable Privacy Laws.

Privacy Notice” means privacy notices, disclosures, and policies that accurately and clearly describe the Processing of Personal Information in connection with a Client Service and the Services, the whole in full compliance with Applicable Privacy Laws. 

Process” means to take any action or perform any operation or set of operations that the Services are capable of taking or performing on any data, information, or other content, including to collect, receive, input, upload, download, record, reproduce, store, organize, compile, combine, log, catalog, cross-reference, manage, maintain, copy, adapt, alter, translate, or make other derivative works or improvements, retrieve, output, consult, use, perform, display, disseminate, transmit, submit, post, transfer, disclose, or otherwise provide or make available, or block, erase, or destroy.  For greater certainty, “Processing” and “Processed” shall have correlative meanings.

Receiving Party” shall have the meaning ascribed to it in Section 8.1.

Renewal Service Term” shall have the meaning ascribed to it in Client’s applicable Order Form(s).

Reports” means the reports generated by the provision of Services by Flinks to Client from time to time.

Scheduled Maintenance” means system/software/ Service maintenance that is scheduled to fix non-critical errors and implement system/software/Service changes. These are primarily scheduled during weekend off hours.

Security Breach” means: (a) any act or omission that compromises or adversely affects the security, confidentiality, integrity and/or availability of any End-Customer Data, Flinks Material or Flinks Technology, including the Data Access Method where applicable to Client, or any Client System; and/or (b) the actual or reasonably suspected theft, loss, or unauthorized disclosure, acquisition, destruction, alteration, processing, access to, or misuse of any Flinks Material or End-Customer Data.

Security Standards” shall have the meaning ascribed to it in Section 7.2a).

Service(s)” shall have the meaning ascribed to it in Section 2.1.

Service Schedule” means a schedule to an Order Form which i) sets forth Services to be provided pursuant to these Master Terms, ii) certain rights and obligations of either party in relation to such Services, and iii) the Fees for such Services.

Set(s) of Credentials” means the username, online ID (or other user ID), passcode, password, challenge question and answer pairs, authentication token, or other identity confirmation information (provided by End-Customers) that are necessary for End-Customers to directly access their Account(s) and End-Customer Data at, through, or from a Data Source.

Severity Levels” shall have the meaning ascribed to it in Schedule A to these Master Terms. 

Term” shall have the meaning ascribed to it in Section 4.1.

Territory” means the territory of the United States of America, as determined in the Client’s Order Form(s), within which the Services may be used and deployed by Client.  

Trademarks” means a Person’s distinctive logos, names, brands, product names, phrase, word or symbol, whether trademarked or not.

2. THE SERVICES

2.1 Service Description

Flinks shall provide Client with the services, as more fully set forth in an Order Form and related Service Schedule(s) pursuant thereto (the “Services”). 

2.2 Service License

Flinks hereby grants to Client, in the Territory, a limited, revocable, non-exclusive, non-sublicensable, non-transferable license to:

  1. integrate and display the Services and the Flinks Technology as necessary for Client to receive and use the Services in accordance with the terms of the Agreement; and
  2. integrate and display the Services and the Flinks Technology as necessary for Client to receive and use the Reports and the Documentation in accordance with the Permitted Use of Services. 

2.3 Hosting

The Parties agree and acknowledge that Client is solely responsible for providing, operating, maintaining and hosting the Client Services and the Client Systems. The Services and the Flinks Technology are hosted by Flinks.

2.4 Testing and Integration

As part of the Services, Flinks provides Client with access to a sandbox environment to configure and test the Services. The end-to-end integration requires Client-side and server-side configurations. Client may also develop a custom integration of the Services within the Client Services. Flinks shall have no liability whatsoever for such testing and integration if not done in accordance with the Documentation. Client agrees and understands that the sandbox must be used for testing and does not constitute a production environment. Prior to going into production, Client shall submit the sandbox integration for review by Flinks’ integration team. Flinks may reject any integration which is not secure, in violation of the Agreement or Applicable Laws, at its sole reasonable discretion, in which case, the Client shall submit a new integration workflow. This approval and refusal authority shall not create any liability for Flinks to find any possible issues, and Flinks’ approval shall not be considered as a warranty that the production environment will not contain any bugs, issues, or vulnerabilities.

2.5 Operation Metrics

Connection Method Availability and Flinks Connect Availability are monitored on a 24/7 basis and assessed on a monthly basis. Flinks commits to deploy its best efforts to ensure 99% Connection Method Availability and Flinks Connect Availability, excluding Scheduled Maintenance, Emergency Maintenance and any Data Source malfunction outside of Flinks’ control.

2.6 Technical Support

In the event that any bugs, defects, delays, hindrances, or other errors (collectively, “Errors”) occur, Client will report the Error to Flinks in accordance with the Severity Levels (to be reasonably determined by Client) as set forth in Schedule A to these Master Terms. Flinks commits to deploy its best efforts to respond to an Error, depending on the Severity Level, within the time frames set forth in such Schedule A, starting from the time Client notifies Flinks of the Error.

2.7 Limitations on License

Notwithstanding anything to the contrary hereunder in any Order Form or related Service Schedule issued pursuant hereto, Client shall not distribute, re-distribute, white label, co-brand, and or sub-brand the Services or Flinks Technology to any third party in any manner, including, without limitation, as an integrated service with any Client Service and/or the Client Systems. Except as provided herein, no license under any patents or other intellectual property rights, express or implied, are granted by Flinks to Client under the Agreement. Any logos shown via the Embedded Services are for display purposes only, and Flinks makes no representations with respect to the use of such logos.

3. USE OF SERVICES

3.1 Permitted Use.

Subject to the terms of the Agreement (including the onboarding process and the suspension and termination provisions herein), Flinks permits Client, and Client agrees, to access and use (and allow, authorize, encourage, aid or attempt the access and use of the Services solely:

  1. in accordance with the Agreement, Applicable Laws, the Documentation and the End-Customer Agreement;
  2. as necessary to develop the Client Services to interoperate with the Services; and
  3. as necessary for lawful, legitimate, and internal Client’s purposes of requesting, collecting, retrieving, and/or accessing the End-Customer Data for Client’s Permitted Use of End-Customer Data (as defined in Section 5.2 to these Master Terms).

(the “Permitted Use of Services”).

4. TERM AND TERMINATION

4.1 Term

The term of these Master Terms shall take effect as at the effective date of an applicable Order Form between the Parties and continue until all applicable Order Forms between the parties have been terminated or have otherwise expired (the “Term”).

4.2 Termination

  1. Either party may terminate the Master Terms or any individual Order Form upon thirty (30) days’ prior written notice to the other party where such other party breaches any of its material obligations hereunder, and such breach is not cured, or is incapable of being cured, within the foregoing thirty (30) day notice period. Notwithstanding the foregoing, where Client is domiciled in the Province of Quebec, the Parties waive application of Art. 2125 and 2126 C.c.Q in relation to the Agreement.
  2. Either party may terminate the Agreement or any individual Order Form forthwith:
    • if there is an inaccuracy or misrepresentation in any representation or warranty of the other party in the Agreement; 
    • if any act of insolvency occurs in respect of the other party, or if such other party ceases or threatens to cease to carry on business generally, or admits its inability to pay or fails to pay its debts generally; or
  3. Notwithstanding anything else to the contrary in the Agreement, Flinks shall have the right to suspend and/or terminate Client’s access and/or use of the Flinks Technology or the End-Customer Data in the case of a violation of these Master Terms by Client.

4.3 Effect of Termination

Upon the expiration or termination of this Master Terms or any Order Form for any reason: (a) Client will immediately pay to Flinks the unpaid amount accrued for the Services provided to Client by Flinks up to and including the expiry or termination date; (b) any outstanding amount shall automatically be due and payable by Client to Flinks as at the date of termination, and all licenses, rights and authorizations granted under the terminated Order Form(s) will cease unless expressly stipulated otherwise; and (c) End-Customer Data will be deleted in the normal course of Flinks operations, provided however that Flinks reserves the right to preserve End-Customer Data if required to resolve a dispute or assert or defend any claim.

5. DATA ACCESS AND USE OF END-CUSTOMER DATA

5.1 Data Sources.

All Data Sources that are generally available to all Flinks clients operating exclusively in the Territory will be available to Client. Flinks will be entitled to remove any Data Source from the Services for any reason in its reasonable discretion. 

5.2 Client Permitted Use of End-Customer Data.

Flinks permits Client, and Client agrees, to access and use (and allow, authorize, encourage, aid or attempt the access and use of) the End-Customer Data solely:

  1. in accordance with the Agreement, Applicable Laws, the Documentation, the applicable End-Customer Agreement(s) and the applicable Privacy Notice(s);
  2. within the scope of the Consent that the Client obtained from the End-Customer(s) to which the End-Customer Data relates prior to Client’s use of the Services in respect of such End-Customer(s); and
  3. as reasonably necessary for lawful, legitimate, and internal purposes of Client to provide such End-Customer with any applicable Client Service(s); 

(the “Permitted Use of End-Customer Data”)

Client further acknowledges and agrees that any use of End-Customer Data that is not a Permitted Use of End-Customer Data is strictly prohibited.

6. PRIVACY AND END-CUSTOMER DATA

6.1 Compliance. 

Each Party will only Process Personal Information in compliance with Applicable Privacy Laws and any agreement between Client and End-Customer. The Parties agree to cooperate to enter into any appropriate agreements relating to new Applicable Privacy Laws as and when they apply, including data processing agreements between the Parties and their applicable Affiliate(s). Client shall cooperate with Flinks with respect to any registrations, filings or responses for applicable governmental organizations, data protection authorities, data protection working groups or commissions, works councils, or other third party obligations and requests related to the Services.

6.2 Client Systems. 

Client will procure, implement and maintain the Client Systems required to access and use the Services. Client will ensure that all Client Systems are compatible and operate optimally with Services (including without limitation the Connection Method, and where applicable, the Data Access Method, including any updates and replacements thereto). Flinks will not be responsible for any integration and compatibility issues, and non-compliance with any Applicable Laws, including fines and related costs and expenses, associated with Client’s use of the Services, or the operation or functionality of the Client Systems. 

6.3 End-Customer Data. 

Although Flinks may hereunder impose upon Client certain conditions and parameters to ensure lawful access and use of its Services and the End-Customer Data, Client acknowledges and agrees that (a) Flinks does not exert any control over, nor does it manage and/or manipulate in any fashion, any End-Customer Data within the Client System, or otherwise within Client’s possession; and (b) consequently, Client shall be solely responsible and liable for all Processing of such End-Customer Data once it has been provided to Client in accordance with the terms of the Agreement.

6.4 End-Customer Agreement.

Client shall be solely responsible for entering into valid and enforceable End-Customer Agreements with End-Customers or prospective End-Customers that comply with all Applicable Laws and that govern the performance and use of the Client Services (including the underlying Services). Client shall not make any representation, warranty, or other statements with respect to End-Customer Data that are contrary or otherwise inconsistent with the Documentation. All End-Customer Agreements shall provide:

  1. that Client is acting independently and that no Flinks entity has any responsibility or liability with respect to the Client Services;
  2. for an acknowledgement by End-Customers that Flinks is not liable for any Processing of the End-Customer Data made by Client or on its behalf (or any unauthorized access, use or disclosure of such End-Customer Data while in the possession or control of Client) or any misleading representation related thereto made by Client;
  3. that the End-Customer Data does not represent an official record of the End-Customer’s Account;
  4. that the End-Customer agrees to bring any claim in relation to any of the foregoing directly against Client and to waive End-Customer’s right to bring a claim related to any of the foregoing against any Flinks entity;
  5. for a grant of all licenses and rights as required for Flinks to perform all applicable End-Customer Data Processing contemplated in Section 6.3; and
  6. for Client’s right to terminate the Client Service at any time. 

Client shall be solely responsible to provide Privacy Notices and other clear and conspicuous disclosures to, and obtain all Consents from End-Customers and prospective End-Customers, that comply with all Applicable Laws and that covers how End-Customer Data is Processed by and on behalf of the Parties in connection with the Client Services (including the underlying Services), including with respect to any derivatives, compilations or combinations of End-Customer Data. Client shall not make any representation, warranty, or other statement or disclosure with respect to End-Customer Data that are contrary or otherwise inconsistent with the Documentation.

6.6 Records. 

Client shall create and maintain records and copies of Consents, Privacy Notices and End-Customer Agreements, the time of acceptance thereof, and the scope and effective date (and, if applicable, expiration/termination dates) thereof. 

6.7 End-Customer Issues and Complaints. 

Client shall be solely responsible for (a) establishing and making available to End-Customers a process for receiving and dealing with all End-Customer Complaints; and (b) managing and resolving any and all End-Customer Complaints. Client shall immediately notify Flinks in writing of any End-Customer Complaints that relate directly or indirectly to End-Customer Data, the Services or the Flinks Technology. Flinks will have the right to (c) request and receive any further information about the End-Customer Complaints or their handling by the Client; and (d) engage with the End-Customer directly regarding any End-Customer Complaints that relate directly or indirectly relate to End-Customer Data, the Services, or the Flinks Technology.  

6.8 Individual Privacy Rights Requests. 

Each Party shall deploy adequate technical and organizational safeguards as reasonably required to assist the other Party in responding to any Individual Privacy Rights request in accordance with Applicable Privacy Laws and in a timely manner. If Flinks receives an Individual Privacy Rights request from an End-Customer in respect to their Personal Information, Flinks will not respond to that Individual Privacy Rights request except upon the documented instruction of the Client, or as required to comply with Applicable Laws, and shall transmit such Individual Privacy Rights request to the Client without undue delay for which Client shall be responsible for response. Flinks shall comply with any reasonable request by Client to assist with Client’s response to such Individual Privacy Rights request.

7. SECURITY

7.1 Reasonable Safeguards. 

Each Party shall deploy appropriate technical and organizational safeguards to ensure the confidentiality, integrity and availability of End-Customer Data, taking into consideration the nature, scope, context, purpose and risks inherent to End-Customer Data. Without limiting the generality of the foregoing, each Party shall (a) encrypt all End-Customer Data at rest with AES 256 bit encryption; (b) use HTTPS 256-bit encryption (TLS 1.2, or such cryptographic protocol equivalent to, or exceeding, the functionality of same) for communication protocols for End-Customer Data in transit; d) enforce access controls on a need-to-know basis and following the principle of least privilege; e) provide its Personnel with information security awareness and training.

7.2 Security and Attestation.

  1. Flinks shall at all times maintain and operate the Flinks Technology in such a way as to enable Flinks to obtain an unqualified ISO 27001 (or any successor information security standards) (the “Security Standards”) and SOC 2 Type II (or any successor authoritative guidance for reporting on service organizations) audit report (each an “Audit Report”, and collectively as “Audit Reports”) from Flinks’ appointed third party auditor. Flinks will be considered to have obtained an unqualified Audit Report if an independent auditor performs an examination in accordance with ISO 27001 (or any successor information security standards) and SOC 2 Type II (or any successor authoritative guidance for reporting on service organizations) and opines that: (i) Flinks’ description of its controls accurately presents, in all material respects, the relevant aspects of Flinks’ controls that have been placed into operation as of a specific date; (ii) the controls are suitably designed to achieve the specified control objectives, and; (iii) the controls that were tested were operated with sufficient effectiveness as to provide reasonable assurance that the control objectives were achieved during the specified period. Flinks shall participate in one (1) SOC 2 Type II (or any successor authoritative guidance for reporting on service organizations) audit each calendar year. The full copy of each resulting Audit Report shall be made available to Client upon reasonable written request for such Audit Report by Client.
  2. Client shall at all times maintain and operate the Client System in such a way as to enable Client to obtain Audit Reports from a a third-party auditor. Client will be considered to have obtained an unqualified Audit Report if an independent auditor performs an examination in accordance with the Security Standards and SOC 2 Type II (or any successor authoritative guidance for reporting on service organizations) and opines that: (i) Client’s description of its controls accurately presents, in all material respects, the relevant aspects of Client’s controls that have been placed into operation as of a specific date; (ii) the controls are suitably designed to achieve the specified control objectives, and; (iii) the controls that were tested were operated with sufficient effectiveness as to provide reasonable assurance that the control objectives were achieved during the specified period. Client shall participate in one (1) SOC 2 Type II (or any successor authoritative guidance for reporting on service organizations) audit each calendar year. The full copy of each resulting Audit Report shall be made available to Flinks upon reasonable written request for such Audit Report by Flinks.  

In the event of a Security Breach of the Services or other material cause for reasonable concern about security as related to the Services, Flinks will use best efforts to inform Client within forty-eight (48) hours of such event being known by Flinks, of the breach or cause for concern. Flinks shall cooperate with Client in the investigation and provide all necessary material related to Client and Client Services to satisfy Client’s investigation and resolution process. Flinks shall provide reasonable access to information reasonably required by Client and will make Personnel available to the extent reasonably necessary to answer questions or otherwise assist Client in determining the impact to the Services and the Client. At conclusion of incident, Flinks shall provide a written summary of the incident to Client.  

7.4 Security Breach of Client System.

In the event of a Security Breach of the Client Systems or other material cause for reasonable concern pertaining to Client’s security protocols in relation to Client’s use of the Services, Client will use best efforts to inform Flinks, within forty-eight (48) hours of such event being known by Client, of the breach or cause for concern. Client shall provide reasonable access to information reasonably required by Flinks and will make Personnel available to the extent reasonably necessary to answer questions or otherwise assist Flinks in determining the impact to the Services. All information exchanged in connection with this activity shall be deemed to be the Confidential Information of the Disclosing Party. In the event of a Security Breach of the Client’s site, or other material cause for reasonable concern about security, reported and confirmed by Client, Flinks reserves the right to suspend the Services upon written notice to Client until Flinks has reasonably determined that the incident does not pose a security or reputational risk to Flinks. Client will not be responsible for any charges or fees during the period of such Services suspension. If Client and Flinks are unable to agree on reinstatement of the Services, Client and Flinks shall have the right to immediately terminate all or part of the Services or the Agreement for convenience without cost or penalty.  

8. CONFIDENTIALITY

8.1 Obligations.

The Receiving Party shall only use the Confidential Information of the Disclosing Party for the purposes set forth in the Agreement and shall protect such Confidential Information with at least the same degree of care and confidentiality, but not less than a reasonable standard of care and confidentiality, which the Receiving Party utilizes for its own Confidential Information, and in compliance with the Agreement. The Receiving Party shall take commercially reasonable steps as necessary to prevent the unauthorized access and disclosure of the Disclosing Party’s Confidential Information, such as enforcing access on a need-to-know basis.“Confidential Information” means any and all information of a party (the “Disclosing Party”) which has or will come into the possession of the other Party (the “Receiving Party”) concerning the business, properties, affairs or finances of the Disclosing Party, including, but not limited to, proprietary information and trade secrets, Personal Information, or anything that would reasonably be understood to require handling as Confidential Information. Confidential Information does not include information that (i) is, or becomes, generally available to the public through no act or failure to act of Receiving Party, (ii) is already known by the Receiving Party at the time of receipt, (iii) was provided to Receiving Party by a third party that Receiving Party could not reasonably have known to be bound by an obligation of confidentiality to Disclosing Party, and (iv) is independently developed by Receiving Party without use of, or reference to, the Confidential Information.

8.2 Permitted Disclosure. 

The Receiving Party shall be authorized to disclose the Confidential Information to its Affiliates, third-party service providers, auditors and consultants as necessary to perform the Services for legal reasons, or as required for reasonable operational efficiency. The Receiving Party shall ensure that all such recipients are under an appropriate confidentiality obligation or undertaking, such as attorney-client privilege. The Receiving Party shall also be allowed to disclose Confidential Information if approved in writing by the Disclosing Party. The Receiving Party shall be authorized to disclose Confidential Information if required by Applicable Laws, or by the administration thereof, including through warrants and subpoenas. In the event such disclosure is required, and if permitted by Applicable Laws, the Receiving Party shall advise the Disclosing Party prior to making such disclosure and give the Disclosing Party a reasonable chance to contest the requested legal disclosure, unless such delay would put the Receiving Party in breach of Applicable Laws. In any case, the Receiving Party shall not disclose more Confidential Information than it is required to do under Applicable Laws, or the administration thereof.

8.3 Termination. 

Upon termination or expiry of the Agreement for any reason, the Receiving Party shall, at the Disclosing Party’s option, (i) return the Confidential Information without undue delay and/or (ii) securely destroy the Confidential Information without undue delay, and in accordance with industry’s best standards. Upon request, the Receiving Party shall confirm in writing that the Confidential Information has been returned and/or deleted. Notwithstanding the foregoing, the Receiving Party is authorized to keep a copy of the Confidential Information as required for business continuity purposes, pursuant to internal retention schedules, and for legal, auditing or financial reasons.

9. INTELLECTUAL PROPERTY

Client understands and agrees that Flinks shall be the exclusive owner of its Intellectual Property, including without limitation the Services, the Flinks Technology, the Flinks Material, and the Aggregated Data, and shall retain all right, title and interests therein and thereto.

9.2 Client Intellectual Property. 

Flinks understands and agrees that Client shall be the exclusive owner of its Intellectual Property, including Client Services, all HTML templates and all other text, data images, design, structure, graphic images, any audio, video and audiovisual material, Trademarks, and other materials provided by Client to Flinks (collectively “Client Materials”), and retains all right, title and interest thereto.

9.3 Trademarks.

Each Party (the “Licensed Party“) agrees that, with respect to its use of the other Party’s (the “Marks Owner“) Trademarks provided or otherwise identified by the Marks Owner for the Licensed Party’s use: (a) as between the Parties, all rights in and to such Trademarks are owned by the Marks Owner, (b) the Licensed Party will do nothing inconsistent with such ownership, (c) all uses of such Trademarks will inure to the sole benefit of and be on behalf of the Marks Owner, (d) it will use the Marks Owner’s Trademarks in accordance with any guidelines for the use of such Trademarks as provided by the Marks Owner from time to time, (e) it will not alter any such Trademarks and will use only exact reproductions thereof as supplied by the Marks Owner, and (f) at the Marks Owner’s reasonable request, all depictions of such Trademarks which the Licensed Party intends to use will be submitted to the Marks Owner for approval of design, color, or other details.

9.4 No Other Rights or Licenses.

Except as specifically provided herein, Client does not grant to Flinks any right or license, express or implied, regarding Client’s Intellectual Property. Except as specifically provided herein, Flinks does not grant to the Client any right or license, express or implied, regarding Flinks’ Intellectual Property.

10. REPRESENTATIONS AND WARRANTIES

10.1 Mutual Representations and Warranties. 

Each Party represents and warrants to the other that: (a) it has the full power and legal authority to enter into these Master Terms and any applicable Order Form and perform its obligations hereunder and the consent of a third party is not necessary for the Agreement to be binding on the Parties (except as set forth in these Master Terms regarding Personal Information); (b) is licensed to operate its business in the manner contemplated herein and (c) each person signing the Master Terms and any applicable Order Form on behalf of an entity is duly authorized to bind such entity.

Flinks represents and warrants that the Services will be performed in a professional manner, in material accordance with industry standards, the Documentation, and all applicable service schedules made between the Parties pursuant hereto. In case of a breach of this Section 10.2, Client’s sole remedy shall be for Flinks to re-perform the Services at no additional cost to Client.

10.3 Client.

In addition to the other representations and warranties made under these Master Terms and any applicable Order Form, Client represents and warrants that: (a) it has obtained and will obtain all necessary third-party permissions, licences and consents (including all End-Customers’ Consents) and made all required acts to allow Flinks to perform the Services, including to access the Client Systems and for Processing of Personal Information made by any of the Parties for the purpose of these Master Terms and any applicable Order Form; (b) Client, including its use of the Services, is and will remain in compliance with Applicable Laws, including Applicable Privacy Laws; (c) the Client Materials do not infringe on any Intellectual Property of any third party; and (d) it has not violated, and will not violate, any Applicable Laws, Documentation or other Flinks policies of which Client has been given prior written notice, including these Master Terms and any applicable Order Form; (e) it will implement reasonable technical security controls such as anti-virus or other endpoint detection and response solutions; (f) it will prevent the introduction or proliferation of any computer virus, worm, Trojan horse, malicious software or any other contaminating or destructive feature into the Flinks Technology and any other systems used in connection with the provision of the Client Services; (g) it will not (i) reverse engineer, disassemble, decompile or otherwise attempt to derive source code from the Flinks Technology, (ii) make the Flinks Technology or the End-Customer Data  available to any third parties other than as expressly permitted in these Master Terms and any applicable Order Form, (iii) modify, adapt, translate or create derivative works based on the Flinks Technology as may be expressly permitted by these Master Terms and any applicable Order Form, (iv) reproduce any portion of the Flinks Technology except as expressly permitted herein, or (v) permit or authorize any party to do any of the foregoing; and (h) it will cause the Client Services and Client Systems to be integrated and compatible with the Services for the purposes of these Master Terms and any applicable Order Form. 

11. INDEMNIFICATION

11.1 Mutual Indemnification.

  1. Each Party (the “Indemnifying Party”) shall defend, indemnify and hold the other Party (the “Indemnified Party”) harmless from and against any and all losses, liabilities, suits, claims, damages, fees, and expenses (including, but not limited to, court costs and reasonable attorneys’ and expert witness fees) of whatever kind or nature which may arise out of or be in any way connected with or is alleged to arise out of or be connected with a breach of the Indemnifying Party’s representations, warranties, obligations, covenants or agreements contained in the Agreement.
  2. The Indemnifying Party, at its own expense, will defend or at its option settle, any claim, suit or proceeding brought against the Indemnified Party by a third party, and will pay any damages, costs and liability (including reasonable legal fees) arising out of or resulting from (a) a claim of infringement of any trade secret or copyright, patent, or Trademark of any third-party to the extent attributable to any services, solutions, information or technology provided by the Indemnifying Party, (b) any use, sale, license, distribution or disclosure of End-Customer Data by the Indemnifying Party in violation of the Agreement, except for any disclosure of End-Customer Data resulting from a Security Breach, provided that Indemnifying Party has adhered to the reasonable safeguards set forth in Section 7 hereto; (c) any material Security Breach resulting in the unauthorised access to, or use, modification, destruction, or a disclosure of, End-Customer Data, to the extent such Security Breach results from the Indemnifying Party’s failure to adhere to the Security Standards; and (d) the Indemnifying Party’s failure to comply with Applicable Laws, rules and regulations; provided that in each case the Indemnified Party provides the Indemnifying Party with, unless prohibited by law: (i) prompt written notice of such claim, (ii) exclusive control over the defense and settlement of such claim, except any settlement that includes any form of admission of fault by the Indemnified Party, which shall be subject to the Indemnified Party’s prior written consent, which may be withheld by the Indemnified Party at its sole discretion, and (iii) proper and full information and assistance to settle or defend any such claim. Notwithstanding the above, the Indemnifying Party assumes no liability for infringement claims that would not have arisen but for the combination of the Indemnifying Party’s services, solutions, information or technology with services, solutions, information or technology not provided by the Indemnifying Party.

11.2 Additional Remedies.

Should any use of the Flinks Technology or the Services be enjoined, or if Flinks reasonably believes that the Flinks Technology or the Services may be subject to an infringement claim, then Flinks may, at its sole option and expense: (a) procure the right to use the Services as provided for in the Agreement, (b) replace the Services with other non-infringing services with equivalent functionality, (c) suitably modify the Services such that they do not infringe, or (d) if Flinks determines that none of the foregoing is commercially feasible, terminate the Agreement.

11.3 Sole Remedy.

THE FOREGOING PROVISIONS OF THIS SECTION STATE THE ENTIRE LIABILITY AND OBLIGATIONS OF THE INDEMNIFYING PARTY, AND THE EXCLUSIVE REMEDY OF THE INDEMNIFIED PARTY, WITH RESPECT TO ANY ACTUAL OR ALLEGED INFRINGEMENT OF ANY THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS UNDER THE AGREEMENT.

12. DISCLAIMER OF WARRANTIES; LIMITATION OF LIABILITY

12.1 Disclaimer of Warranties.

  1. EXCEPT FOR FLINKS’ COMMITMENT TO PROVIDE THE SERVICE(S) IN ACCORDANCE WITH THE SERVICE LEVELS, FLINKS MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, REGARDING THE SERVICES, AND FLINKS SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. FLINKS DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE.
  2. FLINKS IS IN NO WAY RESPONSIBLE, AND SHALL NOT BE LIABLE, FOR THE COLLECTION, PROCESSING, OR MANAGEMENT OF, AND/OR CONTROL OVER, ANY END-CUSTOMER CONSENT OR PRIVACY NOTICE REQUIRED PURSUANT TO APPLICABLE PRIVACY LAWS.
  3. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAWS AND EXCEPT AS SET FORTH IN THE AGREEMENT, FLINKS DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE, NOR DOES FLINKS MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SERVICES. EXCEPT AS PROVIDED IN THE AGREEMENT, THE SERVICES, THE DOCUMENTATION, THE FLINKS TECHNOLOGY AND ANY OTHER COMPONENTS OF THE SERVICES ARE PROVIDED TO CLIENT “AS IS”, “WHERE IS” AND “AS AVAILABLE”. FOR THE AVOIDANCE OF DOUBT, FLINKS AND ITS AFFILIATES SHALL HAVE NO LIABILITY WHATSOEVER FOR CLIENT SYSTEMS. IF ANY THIRD-PARTY CONTENT IS PROVIDED AS PART OF THE SERVICES BY FLINKS, THE SUPPORTED THIRD-PARTY CONTENT IS PROVIDED “AS IS”, “WHERE IS” AND “AS AVAILABLE”. 
  4. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAWS, CLIENT AGREES AND ACKNOWLEDGES THAT FLINKS IS NOT RESPONSIBLE FOR THE INTEGRITY OF END-CUSTOMER DATA AND CLIENT MATERIALS COLLECTED OR USED AS PART OF THE SERVICES OR PURSUANT TO THE AGREEMENT, INCLUDING, WITHOUT LIMITATION, ITS COMPLETENESS, LAWFULNESS, ACCURACY AND VALIDITY. FLINKS AND ITS AFFILIATES SHALL HAVE NO LIABILITY WHATSOEVER FOR THE END-CUSTOMER DATA AND CLIENT MATERIALS THAT ARE PROCESSED THROUGH THE SERVICES, EXCEPT AS SET FORTH IN THE AGREEMENT. FOR THE AVOIDANCE OF DOUBT, FLINKS AND ITS AFFILIATES SHALL HAVE NO RESPONSIBILITY WHATSOEVER (I) IF CLIENT FAILS TO COMPLY WITH APPLICABLE PRIVACY LAWS, INCLUDING TO PROVIDE ALL PRIVACY NOTICES TO, AND OBTAIN ALL CONSENTS FROM, END-CUSTOMERS; (II) IF CLIENT DOES NOT COMPLY WITH THE DOCUMENTATION, INCLUDING, WITHOUT LIMITATION, ANY INSTRUCTIONS REGARDING THE IMPLEMENTATION OF THE FLINKS TECHNOLOGY; (III) IF CLIENT’S USE OF END-CUSTOMER DATA IS NOT COMPLIANT WITH APPLICABLE LAWS, THE AGREEMENT, APPLICABLE PRIVACY NOTICES AND APPLICABLE CONSENTS; AND (IV) FOR ANY MODIFICATION, ALTERATION OR CUSTOM IMPLEMENTATION, WORK OR AGGREGATION WITH THE FLINKS TECHNOLOGY WHICH HAVE NOT BEEN PERFORMED BY FLINKS AS PROFESSIONAL SERVICES OR DULY RECOMMENDED AS PART OF THE DOCUMENTATION. FOR THE AVOIDANCE OF DOUBTS, CLIENT IS SOLELY RESPONSIBLE FOR DETERMINING IF THE NATURE OF THE SERVICES COMPLIES WITH APPLICABLE LAWS RELATING TO THE INTENDED USE OF SAME BY CLIENT.

12.2 No Consequential Damages.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL EITHER PARTY (INCLUDING ITS AFFILIATES, EMPLOYEES, DIRECTORS, SHAREHOLDERS AND AGENTS) BE LIABLE TO THE OTHER PARTY (INCLUDING ITS AFFILIATES, EMPLOYEES, DIRECTORS, SHAREHOLDERS, AND AGENTS OR TO ANY OTHER ENTITY FOR ANY LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF DATA LOSS OF BUSINESS OPPORTUNITY, LOSS OF GOODWILL, COSTS OF COVER, OR OTHER SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, PUNITIVE, OR INDIRECT DAMAGES, HOWSOEVER CAUSED, EVEN IF THE PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SAME, AND WITHOUT REGARD TO THE NATURE OF THE CLAIM, OR UNDERLYING THEORY OR CAUSE OF LIABILITY OR ACTION.

12.3 Limitation of Liability.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EITHER PARTY’S TOTAL LIABILITY TO THE OTHER PARTY UNDER OR ARISING OUT OF THE AGREEMENT WILL BE LIMITED TO THE AGGREGATE AMOUNTS PAID OR DUE AND OWING BY CLIENT TO FLINKS HEREUNDER IN THE TWELVE (12) MONTH PERIOD PRIOR TO THE ORIGINATION OF THE CLAIM ASSERTING LIABILITY. THE FOREGOING LIMITATIONS OF THIS SECTION 12 WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

13. FEES, INVOICING AND PAYMENT

13.1 Fees

Client agrees to pay Flinks fees for the Services as set forth in each applicable Order Form executed between the Parties in accordance with the payment terms set forth in each applicable Service Schedule, along with any taxes which Flinks is required to collect pursuant to Applicable Laws (the “Fees”). Flinks reserves the right to increase any Fee by not more than 5% once annually at the commencement of each Renewal Service Term.

13.2 Invoices

The Fees are invoiced monthly for the Services performed during the previous month. For recurring monthly Services, the Fees are invoiced after the first month of each applicable Term for Services and following each month thereafter. The payment for each invoice is due within thirty (30) days of the invoice date. Invoices shall be provided to Client representative set forth in the applicable Order Form(s). Client shall pay the Fees by electronic fund transfer in accordance with the instructions on the invoice, or by credit card if authorized by Flinks. In case of a payment by credit card, Client hereby authorizes Flinks to collect the Fees on the credit card and represents and warrants being authorized to use this credit card. Except as set forth in the Agreement, the Fees are non-reimbursable.

13.3 Late Payment

If Client fails to make payment when due, Client shall pay Flinks a late payment charge equal to one and one half percent (1.5%) monthly and eighteen percent (18%) annually for any such late Fees, and until such Fees are paid and received in full by Flinks, together with all applicable late payment charges accrued. Client shall also be responsible for any reasonable fees related to the collection of late Fees, including, without limitation, reasonable attorney and accounting fees. If the Fees are not paid within forty-five (45) days of Client’s receipt of Flinks’ invoice, Flinks shall have the right to issue a notice of non-payment to Client. If the Fees are not paid within the subsequent fifteen (15) day period, Flinks may, at its sole discretion, suspend the provision of the Services, until all Fees and late payment charges have been paid in full by Client. Client shall remain responsible for the Fees during the suspension of the Services as if the Services continued to be delivered in accordance with the Agreement. Upon receipt of all outstanding Fees and associated late payment charges, Flinks shall resume provision of the Services within forty-eight (48) hours.

14. MISCELLANEOUS

14.1 Notices.

Notices sent pursuant to the Agreement will be sent to each Party’s representative as identified in any applicable Order Form(s). Notices may be sent by e-mail, in which case, an e-mail will be deemed received on the business day immediately following such email’s send date. Notices may alternatively be sent in writing, and shall be delivered personally or sent by certified, registered or express mail, postage prepaid or overnight courier (provided evidence of receipt can be verified).

14.2 No Third-Party Beneficiaries.

Nothing express or implied in the Agreement is intended to confer, nor will anything herein confer, upon any person other than the Parties hereto and their respective permitted successors and assigns, any rights, remedies, obligations or liabilities whatsoever.

14.3 Publicity.

  • With Client’s prior written consent, which may not be unreasonably withheld, Flinks may i) publish a press release announcing the use by Client of the Services; ii) promote and identify Client as a Flinks customer in print, web, or any other promotional media; and/or iii) publish a case study highlighting the benefits of the Services provided to Client by Flinks. 
  • Client shall not make or publish any representation or statement of any kind, whether public or otherwise, concerning Flinks, Flinks’ Systems, the Services (including any Security Breach), or Client’s use thereof, without the prior written authorization of Flinks.  

14.4 Severability.

If any provision of the Agreement is held by a court of competent jurisdiction to be contrary to law, such provision will be changed and interpreted so as to best accomplish the objectives of the original provision to the fullest extent allowed by law and the remaining provisions of the Agreement will remain in full force and effect. 

14.5 Survival.

All provisions that logically ought to survive termination or expiration of the Agreement will survive the termination or expiration of the Agreement for any reason.

14.6 Waiver and Amendment.

No modification, amendment or waiver of any provision of the Agreement will be effective unless in writing and signed by the Party to be charged. No failure or delay by either Party in exercising any right, power, or remedy under the Agreement will operate as a waiver of any such right, power or remedy.

14.7 Independent Contractors.

The Parties are independent contractors with respect to each other. Each Party is not and will not be deemed to be an employee, agent, partner, joint venturer, franchisee or legal representative of the other for any purpose and will not have any right, power or authority to create any obligation or responsibility on behalf of the other.

14.8 Modification

By executing an Order Form, Client agrees and recognizes that Flinks may, from time to time and in its’ sole discretion, modify these Master Terms without prior notice to Client. Client further agrees and recognizes that the most current version of these Master Terms shall automatically replace and supersede any previous version of such Master Terms the Client may have agreed to in the past.

14.9 Assignment.

Neither Party may assign or delegate the Agreement or any of its rights or duties hereunder, directly, indirectly, by operation of law or otherwise, without the written consent of the other, and any such purported assignment or delegation will be void. Notwithstanding the foregoing, either Party may assign the Agreement in connection with the sale or other transfer of substantially all of the Party’s equity or assets to which the Agreement relates. Subject to the foregoing, the Agreement will be binding upon and inure to the benefit of the Parties and their permitted successors and assigns.

14.10 Force Majeure.

Except with respect to obligations to make payments hereunder, neither Party will be deemed in default hereunder, nor will it hold the other Party responsible for, any cessation, interruption or delay in the performance of its obligations hereunder due to a Force Majeure Event. 

14.11 Export Control.

All Client’s rights and obligations under the Agreement are subject to all Applicable Laws regarding export control, including without limitation, Canadian Government laws and regulations and the Export and Import Permits Act. Client represents and warrants that (a) it is not located in a country where export from Canada is prohibited and (b) to Client’s knowledge, the transaction and exports envisaged under the Agreement comply with Applicable Laws regarding export control

14.12 Counterparts.

The Agreement, and any amendment thereof, may be executed and delivered in any number of counterparts, by facsimile or electronically, each of which, when so executed and delivered, will be deemed an original, and such counterparts together will constitute one and the same instrument.

14.13 Language.

The Parties have agreed that the Agreement, and all relevant schedules, be drafted in English. Les Parties ont convenu que le présent document et toute annexe y attachées soient rédigés dans la langue anglaise.

14.14 Governing Law.

The Agreement is governed by, and will be interpreted and enforced in accordance with, the Laws of the province of Ontario and the federal Laws of Canada applicable therein. 

The Parties agree that the courts of the City of Toronto, Province of Ontario, Canada, will have exclusive jurisdiction for the adjudication of any and all disputes or controversies arising out of or relating directly or indirectly to the Agreement and waive any objections to the assertion or exercise of jurisdiction by such courts, including any objection based on forum non conveniens.

14.15 Entire Agreement; Precedence.

The Agreement and, including all schedules attached to it and hereby incorporated by reference, constitute the final, complete and exclusive agreement between the parties with respect to the subject matter hereof, and supersede any prior or contemporaneous discussions, negotiations or agreements, either written or oral, including, without limitation, any non-disclosure or confidentiality agreement between the parties in effect as at the applicable Order Form Effective Date. In the event of any inconsistency between these terms and conditions, and of any schedule, appendix, order form and/or purchase order between the parties, these terms and conditions will govern.

SERVICE SCHEDULE – CONNECTIVITY

Last update: March 23, 2022

1. DEFINITIONS

Errors” shall have the meaning ascribed to it in Section 3(e).

Unless otherwise defined herein, all capitalized terms carry the definitions ascribed to them in the Master Terms, or Order Form, as applicable.

2. CONNECTIVITY SERVICE

Pursuant to the Flinks Master Terms and Conditions set forth at https://flinks.com/terms-conditions/#mastertermsandconditions, and the applicable Order Form between Flinks and Client, Flinks shall provide Client with the following Service:

  1. The core functions of Connectivity include, without limitation:
    1. The ability to search through a list of supported Data Sources within the Territory designated in any applicable Order Form(s); 
    2. The ability to obtain metadata on the type of authentication required for each Data Source (e.g. questions, multi-factor authentication); 
    3. The aggregation of enriched data from each Data Source, including the End-Customer’s name, account transactions, account number, account transit number, and account institution number; and
  2. Where Client wishes to consume End-Customer Data from Data Sources through Flinks’ “Open Banking” APIs with applicable Data Sources, Client shall comply with the obligations set forth in Schedule A-2 attached hereto.
  3. The above Service do not include any professional, technical, consulting or integration services.

3. SERVICE TERMS

a) Set Up

Flinks shall set up and deploy the Service so that it is operational for Client at no cost or charge to Client.

b) Application

Client shall be solely responsible for (i) providing, operating and maintaining the Application ii) hosting the Application on the Client’s site, and (ii) hosting, operating and maintaining the Integrated Service, all pages on which the Integrated Service is displayed or made available for use by End-Customers, and the Client’s website. 

c) Data Sources

All Data Sources that are generally available to all Flinks clients operating in the Territory will be available to Client. Flinks will be entitled to remove any Data Source from the Services for any reason in its reasonable discretion.

d) Operational Metrics

Connection Method Availability and Flinks Connect Availability are monitored on a 24/7 basis and assessed on a monthly basis. Flinks commits to deploy its best efforts to ensure 99% Connection Method Availability and Flinks Connect Availability, excluding Scheduled Maintenance, Emergency Maintenance and any Data Source malfunction outside of Flinks’ control.

e) Technical Support

In the event that any bugs, defects, delays, hindrances, or other errors (collectively, “Errors”) occur, Client will report to Flinks the Error in accordance with the Severity Levels (to be reasonably determined by Client) as set forth in Exhibit A hereto. Flinks commits to deploy its best efforts to respond to an Error, depending on the Severity Level, within the time frames set forth in Exhibit A entitled “Exhibit A to Service Schedule – Support”, starting from the time Client notifies Flinks of the Error.

EXHIBIT A TO SERVICE SCHEDULE– SUPPORT

1. Technical support times for the Service described in this Service Schedule are as follows during the Term: 

Severity LevelAcknowledgement TimeEngagement Method
Severity Level 1” is an emergency condition which makes the use or continued use of any one or more functions of the Software impossible or significantly impaired. The condition requires an immediate solution that is not already available to Client.Upon reception of report from the Client.If found by Flinks: Flinks shall call or email the Client business lead.
If found by Client: Client shall open a support ticket by emailing [email protected] (Canada) or [email protected] (USA) and shall immediately call or email Flinks’ relationship manager assigned to Client.
Severity Level 2” is, other than any Severity Level 1 problem, any condition which makes the use or continued use of any one or more functions of the Software difficult and which Client cannot reasonably circumvent or avoid on a temporary basis without the expenditure of significant time or effort.< 1 hourIf found by Flinks: Flinks shall email the Client business lead.
If found by Client: Client shall open a support ticket by emailing [email protected] (Canada) or [email protected] (USA) and shall call or email Flinks’ relationship manager assigned to Client.
Severity Level 3” is, other than any Severity Level 1 problem or Severity Level 2 problem, any limited condition which is not critical in that no loss of Client Data occurs and which Client can reasonably circumvent or avoid on a temporary basis without the expenditure of significant time or effort.< 4 hoursIf found by Flinks: Flinks shall update the Status Update website (status.flinks.com).
If found by Client: Client shall open a support ticket by emailing [email protected] (Canada) or [email protected] (USA).
Severity Level 4” is, other than any Severity Level 1 problem, Severity Level 2 problem or Severity Level 3 problem, a minor condition or Documentation error which Client can easily circumvent or avoid. Additional requests for new feature suggestions, which are defined as new functionality in existing Software, are also classified as Severity Level 4.< 1 dayIf found by Flinks: Flinks shall contact Client to schedule an ad hoc meeting or a quarterly business review.
If found by Client: Client shall contact Flinks’ relationship manager assigned to Client.

SCHEDULE A-2 – END-CUSTOMER DATA VIA DATA ACCESS METHOD (USA)

1. DEFINITIONS

Auditors” shall have the meaning ascribed to it in Section 5.2(e) to this Schedule A-2.

“Express Consent” means the electronic communication from a Person to a Party granting permission for a specific action that is maintained in a system log or database that ensures completeness and integrity, and permits verification of the consent upon request of the records. Express Consent must be presented and captured in a clear and conspicuous manner and may not automatically enroll a customer into an agreement without taking an express action. 

“Internal User” means Client Personnel accessing the US Data Access Method from time to time.

Red Flags” shall have the meaning ascribed to it in Section 5.1(c) to this Schedule A-2 or Section 4(a)(iii) of Appendix 2 to this Schedule A-2.     

“US Data Source” means any provider of a Data Source that is made available through the US Data Access Method from time to time. 

2. SERVICE LICENSE – US DATA ACCESS METHOD

2.1 License

Subject to the terms and conditions set forth in this Schedule A-2, Flinks hereby grants to Client a limited, revocable, non-exclusive, non-sublicensable, non-transferable license to use the US Data Access Method and the Flinks Technology as necessary for Client to receive and use End-Customer Data in accordance with this Amendment.

2.2 SLA (Frequency of Access to the US Data Access Method)

The US Data Access Method will respond to a US Data Source API call made by Client within seconds of receiving said API call. Flinks shall abandon (timeout) any such US Data Source API call that takes longer than thirty (30) seconds and retry processing of said US Data Source API call at a later time. 

In order to reasonably preserve US Data Sources’ systems’ integrity and availability, such US Data Sources may limit the number of US Data Source API calls per second or per day. The Parties hereto agree and recognize that US Data Sources may modify these limits or create or modify tiers of access limitations as is reasonably necessary to meet the above goal. Requests exceeding these thresholds will be rejected and must be resubmitted at a later date/time.

3. PRIVACY

  1. Subject to the terms of the Agreement, Flinks will permit Client to use and access the US Data Access Method solely for Client to collect End-Customer Data as authorized by each respective End-Customer in support of the Client providing the Client Services to that End-Customer. 
  2. With respect to consents required to be obtained from End-Customers hereunder, Client must have and maintain such systems and procedures as may be reasonably necessary or otherwise required by Flinks and US Data Sources to actively track, monitor, and document such End-Customer consent and any revocation thereof.
  3. Pursuant to the terms of the Agreement and then only to the extent permitted by that End-Customer’s Express Consent and by Applicable Laws, Flinks may share End-Customer Data with Client as requested by the End-Customer in support of providing Client Services. 
  4. Subject to c) above, Client shall not sell, exploit, commercialize, or otherwise reveal (i) any End-Customer Data, (ii) any information based on or derived from End-Customer Data, including in any de-identified form, Aggregated Data and Anonymized Data, or (iii) any combination or aggregation of End-Customer Data, including in any de-identified form, Aggregated Data and Anonymized Data, with other information or data. 
  5. Client shall, prior to any access or use of the US Data Access Method, include in each respective End-Customer Agreement the minimum terms and conditions governing such End-Customer’s use and access to the Client Services in the form of an End-Customer Agreement that is substantially equivalent to and includes terms at least as protective of Flinks and US Data Sources as those minimum End-Customer terms and conditions attached hereto as Appendix 1 to Schedule A-2 – End- Customer Minimum Terms and Conditions, as amended and supplemented from time to time in accordance with this Agreement.

3.2 End-Customer Agreement

  1. Notwithstanding the foregoing or anything to the contrary herein, the End-Customer Agreement shall: (i) be prominent, written, accurate and easy-to-understand by a reasonable consumer; (ii) accurately set forth what data (including all compilations, aggregations, and combinations of the same) is collected, how collected data will be used, and how collected data will be shared, exchanged, or sold; (iii) provide clear and conspicuous disclosures to all End-Customers and prospective End-Customers, legally sufficient to comply with applicable law regarding the collection, use, and sharing described; (iv) identify or disclose to each End-Customer any and all categories of third parties to whom End-Customer Data may be provided or who may use, receive, store, or process the same; (v) inform End-Customers of their rights with respect to End-Customer Data including, without limitation, the right to terminate access and require deletion; (vi) inform End-Customers that the End-Customer Data does not represent an official record of the End-Customer’s account with any relevant financial institution; (vii) state that Client  is acting independently, and not on behalf of any third party, in providing its application or services; (viii) describe how the End-Customer Data will be protected in the event that Flinks or Client ceases operating as a going concern or otherwise ceases to make available the Client Services to End-Customers, describing how End-Customer Data in Client’s possession or control will be safeguarded, deleted, and purged in such circumstances; (ix) provide US Data Sources the same liability restrictions and limitations and warranty disclaimers to which Flinks and Client are entitled under such End-Customer Agreement, to include but not be limited to: (a) exclusion of all implied warranties, including without limitation for merchantability and fitness for a particular purpose; (b) exclusion of consequential, special, indirect, incidental, punitive, exemplary and tort damages in connection with the Client Services and End-Customer Data made available through the US Data Access Method; and (c) inclusion of a quantifiable limitation of liability for direct and indirect damages in connection with the US Data Access Method as further set forth herein; (vi) release Flinks and US Data Sources of all liability and obligation related to any delays, inaccuracies or incomplete Client Services caused by the failure of Flinks and/or Client and/or its third party providers to properly or timely meet their obligations or requirements; and (viii) be agreed to by End-Customers prior to access to the US Data Access Method or restrict such access until after End-Customers consent to the End-Customer Agreement has expressly occurred.
  2. In accordance with the End-Customer Agreement, Flinks shall grant of a nonexclusive, worldwide, royalty-free license for Flinks and US Data Sources to reproduce, display, adapt, enhance, aggregate, transmit, distribute and otherwise use End-Customer Data as necessary or reasonable to provide the Services and to use the End-Customer Data in anonymized and aggregated form for generating Aggregated Data.
  3. Flinks may amend and supplement Schedule A-2 at any time during the Term by providing written notice to Client. Client shall have sixty (60) days from receipt of such notice to update its End-Customer Agreement to reflect such amendment or supplement, provided that Client must always comply with Applicable Law.

3.3 End-Customer Account Unlinking and Deletion

Client must provide End-Customers the ability to unlink such End-Customer Data from any Client application or service. In the event that any End-Customer unlinks (or requests the unlinking of) its End-Customer Data from any Client application or service, Client will promptly notify Flinks of the same. Upon request by End-Customer, Client shall promptly and permanently delete all End-Customer Data in its possession or control, and promptly notify Flinks of the same.

4. RESTRICTIONS

4.1

When accessing an End-Customer’s online account, Client shall not engage in any other activities beyond accessing the information that an End-Customer has directed Client to access, including but not limited to: altering an End-Customer’s account settings, initiating payments or money movement, accepting terms and conditions on behalf of an End-Customer, or responding to a query intended for an End-Customer.

4.2

Without limiting the foregoing, and regardless of whether the applicable End-Customer has consented, Client or Client’s third-party providers shall not: (1) market, sell, lease, license, or otherwise commercialize any End-Customer Data or any Aggregated Data or derived from End-Customer Data; or (2) use or disclose for marketing purposes any End-Customer Data or other personal or personally-identifiable information received by Client or Client’s third party providers from or through US Data Sources or their APIs. (3) analyze, aggregate, or otherwise use APR, APY, or credit limit data to reverse engineer or otherwise ascertain or derive a US Data Sources’ confidential and/or proprietary commercial information, including credit models, credit algorithms, or other business processes or calculations which are not otherwise available to the public. (4) collect, use, or retain any historical values for APR, APY, or credit limit once an updated value has been received via a US Data Source’s API.

4.3

Client shall not use or disclose any End-Customer Data accessed through the Services, except for the purposes of: (i) providing the End-Customer Data directly to the applicable End-Customer; (ii) storing, processing, and transmitting the End-Customer Data in accordance with the consents granted by the End-Customer; and (iii) complying with applicable law or mandatory requests of a government or regulatory body.

4.4

Client shall not: (i) make the US Data Access Method available to anyone other than authorized Client Personnel and End-Customers; (ii) license, sublicense, sell, resell, rent, lease, transfer, assign (except as permitted by the Agreement), distribute, time share or otherwise commercially exploit or make the US Data Access Method available to any third party, other than to Clients and End-Customers or otherwise contemplated by this Amendment; (iii) attempt to gain unauthorized access to the US Data Access Method or related systems or networks; (iv) access the US Data Access Method with the intent of building a new competitive product or service, or copy any ideas, features, functions or graphics of the US Data Access Method in order to build such new competitive product or service; (v) access or engage in any use of the US Data Access Method in a manner that abuses or materially disrupts Flinks or US Data Sources’ networks, security systems, the US Data Access Method or websites; (vi) interfere with or disrupt the integrity or performance of the US Data Access Method or data contained therein; (vii) modify, copy, display, republish, or create derivative works based on the US Data Access Method or the underlying software; (viii) modify, copy, or create derivative works of the US Data Sources’ materials; (ix) frame, scrape, link to or mirror any content forming part of the US Data Access Method (provided that this shall not limit Flinks or Client’s ability to gather End-Customer Data in accordance with the proper use of the US Data Access Method), other than on Clients’ own intranets or otherwise for its own internal business purposes; (x) reverse engineer, reverse assemble, disassemble, decompile or otherwise attempt to decipher any code used in the US Data Access Method, underlying software, or US Data Sources’ materials; (xi) use the US Data Access Method for fraudulent purposes or otherwise in violation of Applicable Laws; (xii) send Flinks or US Data Sources, or process through the US Data Access Method, any data of an End-Customer, or any third party, that falls under the protections of the Health Insurance Portability and Accountability Act (HIPAA) of 1996; (xiii) use the US Data Access Method to send spam or otherwise duplicative or unsolicited messages in violation of Applicable Laws; (xiv) use the US Data Access Method or End-Customer Data to send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material, including material harmful to children or violative of third-party privacy rights or in any manner that encourages, supports, or promotes illegal activities or unlawful gambling; (xv) upload to the US Data Access Method  or use the US Data Access Method to send or store viruses, worms, time bombs, Trojan horses or other harmful or malicious code, files, scripts, agents or programs; (xvi) conduct any platform or system level testing of the US Data Access Method; (xvii) permit any third party to utilize or access the US Data Access Method except Client and End-Customer access and third parties expressly permitted under this Agreement or for whom Flinks has given Client prior written permission; or (xviii) where the End-Customer Data is provided in a de-identified form, re-identify or attempt to re-identify such End-Customer Data.

4.5

With respect to End-Customer Data made available through the US Data Access Method, Client shall not attempt to use, disclose or process the End-Customer Data to target market products or services to End-Customers that are directly competitive to those offered by any US Data Source, by using such End-Customer’s status as a customer of a US Data Source as criteria.

5. SECURITY

5.1 Data Security

  1. Client will establish and maintain a written information security program that is consistent with the generally accepted industry standards, including SSAE-18 SOC2 Type 2, which include safeguards against the disclosure, destruction, loss, or alteration of End-Customer Data. Client will institute security measures consistent with best practices in the financial services industry.
  2. Each Client’s written information security program will, at a minimum, be designed to: (a) ensure the security, integrity and confidentiality of End-Customer Data; (ii) protect against any anticipated threats or hazards to the security or integrity of End-Customer  Data; (iii) protect against unauthorized access to or use of End-Customer Data that could result in substantial harm or inconvenience to the person or entity to whom the End-Customer Data relates; and (iv) ensure the proper disposal of End-Customer Data.
  3. With regard to End-Customer Data, and to the extent 16 C.F.R. Part 681 (Identity Theft Rules) is applicable to Client, each Client will have policies and procedures to detect patterns, practices, or specific activity that indicates the possible existence of identity theft (“Red Flags”) that may arise in the performance of Client’s obligations under the Agreement and report the Red Flags to Flinks and take appropriate steps to prevent or mitigate identity theft.
  4. Each Client will only transfer (including internal Client transfers that occur beyond the internal firewalls of a Client) End-Customer Data in a secure and confidential manner, including, at a minimum, encrypting the data in accordance with best practices in the financial services industry.
  5. Each Client will use a Flinks approved real-time intrusion detection system on all Client Systems. Each Client will actively monitor the intrusion detection system for activities that correspond to attempts at breaking the security of the Client System. Along with the deployment of such an intrusion detection system, each Client will adopt and follow operational procedures to disable the source of any perceived attack and escalation procedures to notify Flinks and Client security groups for follow-up action.
  6. Each Client will provide real-time security event logging data for all Client Systems that contain, process, transact or in any way make up the control or processing environment of the US Data Source’s data or systems, to a log retention server that Flinks designates and operates.

5.2 Security & Audits 

  1. In addition to Flinks’ other audit rights under the Amendment, Auditors and applicable US Data Sources may, no more than once per calendar year, conduct on-site security reviews and assessments, vulnerability testing, and disaster recovery testing Client Systems used for hosting, storing or processing End-Customer Data, and otherwise audit a Client’s operations for compliance with the security requirements described herein. If vulnerabilities are identified, Client will: (i) promptly document
  2. and, within formally established timelines, implement a mutually agreed upon remediation plan; and (ii) upon Flinks’, applicable US Data Sources’ or Auditors’ request, provide Flinks, such US Data Sources’ or such Auditors with the status of the implementation.Commencing in the year on which Client first accesses the US Data Access Method, once annually, Client will have a certified independent public accounting firm or another independent, certified, industry-recognized third party: (i) conduct a review or assessment and provide a full attestation, review, or report under SOC 2 Type II of all key Client Systems and operational controls used in connection with any End-Customer Data; and (ii) conduct and provide a full report of an independent network and application penetration test. Upon reasonable written request, Client will make available all findings from these attestations, reviews, and tests to Flinks and applicable US Data Sources. Each Client will implement commercially reasonable recommendations set forth in such attestations, reviews, reports and other reasonable recommendations made by Flinks or US Data Sources arising out of their respective analysis of such reviews. Each Client will, upon Flinks’ or such applicable US Data Sources’ reasonable request, provide Flinks and/or such applicable US Data Sources with the status of such implementation.
  3. Client agrees that (i) Flinks and/or applicable US Data Sources may monitor, record and review any access to the US Data Access Method at any time and without notice to Client (ii) Flinks and applicable US Data Sources may, wherever they do business, store and otherwise process business contact information of any Client that has provided such information in connection with this Agreement, for example, name, business telephone, address, email, and user ID for business dealings with Client, and (iii) the personnel and resources of Flinks and US Data Sources are located at sites worldwide and Flinks and such US Data Sources may use such personnel and resources to carry out their rights and obligations under the Agreement. Client consents to the foregoing, and Client will ensure that all Client Personnel are advised of, and have consented to, all such activities. Client, on its own behalf and on behalf of Client Personnel, waives any right or claims of privacy (express or implied) with respect to all such activities.
  4. Client acknowledges that Flinks and US Data Sources intend to cooperate fully with any government authorities, including law enforcement or judicial investigations, regarding any access to the US Data Access Method or any End-Customer Data. This cooperation may include disclosure of the identity of, and the information transmitted or received by, Personnel and Persons accessing the US Data Access Method.
  5. Flinks and applicable US Data Sources, their internal and external auditors, their Personnel and regulators (“Auditors”) have the right, but not the obligation, during the Term, to, no more than once per calendar year, unless requested by Flinks’ or US Data Sources’ regulators, audit, review and inspect books and records and any other documents, including security logs, as well as the facilities and systems of any Client. Other than with respect to audits, reviews or inspections by regulators or US Data Sources or in an emergency, Flinks will provide Client reasonable notice of any audit, review or inspection. Client agrees to reasonably cooperate and assist, without charge, in any audit, review or inspection of such books and records that Flinks or US Data Sources may undertake. In addition to the audit described herein, Client shall cooperate in quarterly contract reviews from Flinks and US Data Sources to confirm compliance with agreed-to terms.

5.3 End-Customer Complaints

Client will notify Flinks within twenty-four (24) hours upon becoming aware of any concerns raised by an End-Customer relating to unauthorized access or unauthorized use of End-Customer Data made available through the US Data Access Method. Client will be responsible for managing any disputes or issues raised by an End-Customer relating to the US Data Access Method. Flinks and US Data Sources will have the right to engage with the End-Customer directly regarding any issues and complaints relating to the unauthorized access of End-Customer Data, and will have the right to terminate access to any End-Customer Data at any time to address an End-Customer issue or complaint; provided, that, Client will remain solely responsible for any unauthorized access or use of End-Customer Data once it is accessed or in the possession of Client.

5.4 Security Breach

In the event of an actual or suspected Security Breach at the premises of Client, Client will notify Flinks promptly. Such notice shall include a detailed description of the Security Breach, and any other information Flinks may reasonably request concerning the Security Breach. Client agrees to promptly, at its own expense, investigate the Security Breach, identify, prevent and mitigate the effects of any such Security Breach, and carry out any remediation necessary, in its reasonable judgment, including providing notification to the affected End-Customers. Following any Security Breach, Client will cooperate reasonably with Flinks in determining its legal obligations with respect to notifying its customers, regulators, US Data Sources and/or law enforcement, if any. The Parties shall provide each other any documentation reasonably necessary to issue such communication(s) and notification(s).

5.5 Suspension of Access

  1. Flinks will have the right to suspend the access of any Client, in whole or in part, to any US Data Access Method and End-Customer Data for the following reason(s): (i) Flinks and/or US Data Source’s good-faith belief that such Client is acting in an unauthorized manner with respect to its access to any US Data Access Method or End-Customer Data; (ii) an End-Customer requests that Flinks and/or US Data Source no longer permit such Client to access its End-Customer Data (such suspension will only be applied to the requesting End-Customer); (iii) Flinks and/or US Data Source’s good-faith belief that there is a material risk to the security or integrity of the US Data Access Method, End-Customer Data, systems or operations of a US Data Source, or Client Systems; or (iv) that suspending access is reasonably necessary to prevent harm to the business or reputation of any of Flinks or a US Data Source and/or End-Customers.
  2. The Parties will work together in good faith to remediate the reason for any suspension, with Flinks having the final authority as to the reasonable duration and extent of any suspension. At any point, upon notice to Client, Flinks will have the right to terminate the Client’s access to the US Data Access Method and End-Customer Data by providing Client notice to address the risk of a Security Breach or where necessary to comply with a requirement of Applicable Laws.
  3. Upon receipt of notice of suspension, the Client will immediately: (a) cease attempting to access the affected End-Customer Data, whether through the US Data Access Method or otherwise; and (b) comply with Flinks’ reasonable requests to assist Flinks in remediating and preventing further harm.

6. CONFIDENTIALITY

6.1 Obligations

  1. Neither Party shall (i) make any use or copies of the Confidential Information of the other except as necessary to perform its obligations under the Agreement, (ii) acquire any right in or assert any lien against the Confidential Information of the other, or (iii) refuse for any reason (including a default or material breach of the Agreement by the other Party) to promptly provide the other Party’s Confidential Information (including all copies thereof) to it if requested in writing to do so.
  2. Client will ensure that Client Personnel comply with these confidentiality provisions, and that all Client Personnel handling such Confidential Information have been appropriately trained in the implementation of the applicable information security policies and procedures. Client is responsible and liable for all acts and omissions of all Client Personnel. Client must regularly audit and review its respective information security policies and procedures to ensure their continued effectiveness and determine whether adjustments are necessary in light of circumstances including changes in technology, customer information systems or threats or hazards to Confidential Information.
  3. Notwithstanding anything to the contrary set forth elsewhere in the Agreement, Flinks will be permitted to (1) identify any Client by name, as a recipient of End-Customer Data, and (2) disclose the existence of the Agreement and the terms and conditions hereof to any independent third party audit firm (engaged by Flinks) that agrees to hold in confidence the Agreement and its terms (subject to customary and reasonable exceptions and except as otherwise expressly set forth herein).

6.2 Exceptions

Any combination of Confidential Information disclosed with information not so classified will not be deemed to be an exclusion of the Parties’ confidentiality obligations as set forth in the Agreement merely because individual portions of such a combination are free of any confidentiality obligation or are separately known in the public domain.

6.3 Control & Oversight

During the term, Client will ensure the following:

  • Adequate governance and risk assessment processes are in place to maintain controls over Confidential Information. A security awareness program must be in place or implemented that communicates security policies to all Client Personnel having access to Confidential Information.
  • Notification to Flinks of changes that may impact the security of Confidential Information, as determined by Client in its sole discretion, acting reasonably. Such changes requiring notification include, by way of example and not limitation, outsourcing of computer networking, data storage, management and processing or other information technology functions or facilities and the implementation of external web-enabled (Internet) access to Confidential Information.
  • Use of strong, industry-standard encryption of Confidential Information transmitted over public networks (e.g., Internet, non-dedicated leased lines) and backup tapes residing at off-site storage facilities.

6.4 Reports

Upon request or on a periodic basis as mutually agreed upon between the Parties, Client will provide Flinks with reports in connection with the utilization of the US Data Access Method and access to End-Customer Data, including the number of End-Customers using specific Client Services, the number of logins to the US Data Access Method, the number of End-Customers notified to authorize any Client to access End-Customer Data through the US Data Access Method, the number of completed migrations to the US Data Access Method and connectivity success rates and errors (collectively the “Access Activity”). Client will submit samples of such reports within 30 days after the Effective Date to Flinks for its approval, and incorporate any input or change request from Flinks within 30 days of receipt of such input or change request. 

7. REPRESENTATIONS & WARRANTIES

7.1 Authorities of Non-Infringement

Each Party represents, warrants and covenants that it has all rights and authority required: (a) to enter into this Agreement, free from all liens, claims, encumbrances, security interests and other restrictions; (b) to provide the information or materials required to be provided to the other Party in accordance with the terms herein; (c) for the other Party to use such information or materials in accordance with the provisions of the Agreement, and that such use will not violate any Applicable Law. 

7.2 Personnel Policies

Each Party maintains and effectively administers comprehensive policies and procedures for qualifying its Personnel who are natural persons, and that those policies and procedures include work authorization verification, background checks, all to the extent permitted by applicable law and any applicable collective bargaining agreement.

7.3 Harmful Code

Each Party will use commercially reasonable efforts to eliminate in any computer systems it uses to exchange software or other data electronically with the other Party or its customers, any computer code designed to damage, disrupt, disable, harm, or otherwise impede in any manner, the orderly operation of any software, data files, firmware, hardware, computer system or network.

7.4 Client Covenants

Client covenants that during the Term:

  • Client will prevent (i) the introduction or proliferation of any computer virus into Flinks’ and/or US Data Source’s systems or any other systems used in connection with the provision of the US Data Access Method, and (ii) damage or loss of any Flinks and/or US Data Source System or End-Customer. Without limiting Client’s other obligations under the Agreement, Client covenants that if there is any damage or loss to Flinks’ and/or US Data Source’s systems, or End-Customer Data caused by a Client or caused or introduced by viruses or a computer virus in or passed through a Client System or other resources provided by a Client, then Client will mitigate (including restoration of such End-Customer Data on a Flinks and/or US Data Source System, and End-Customer Data) the cause and effects of such damage, loss, viruses or Computer Virus (including restoring or recovering any data or results at no charge to Flinks and/or US Data Source within a commercially reasonable time); 
  • Client shall not operate as a “consumer reporting agency” as that term is defined under the Fair Credit Reporting Act (“FCRA”), and that if any Client ever becomes a “consumer reporting agency,” or otherwise subject to FCRA, it will comply with all applicable rules and regulations of FCRA. Client acknowledges that, in connection, with the Agreement Flinks is not a consumer reporting agency nor a furnisher of information to consumer reporting agencies, and no Client will use any US Data Source End-Customer Data furnished under the Agreement to prepare or compile a consumer report. Client agrees that it will notify Flinks, as legally permitted and practicable, of any regulatory investigation initiated by any regulator with jurisdiction involving FCRA. 

8. DISCLAIMER OF WARRANTIES

8.1 DISCLAIMER OF WARRANTIES

  1. CLIENT AGREES (i) THE SERVICES AND PROFESSIONAL SERVICES DO NOT CONSTITUTE THE PROVISION OF LEGAL ADVICE OR SERVICES IN ANY MANNER; (ii) THE SERVICES DO NOT ENSURE CLIENT’S COMPLIANCE WITH ALL APPLICABLE LAWS; AND (iii) CLIENT IS SOLELY RESPONSIBLE FOR ITS COMPLIANCE WITH ALL APPLICABLE LAWS. FLINKS, ON BEHALF OF ITSELF AND US DATA SOURCES, EXPRESSLY DISCLAIMS ANY TYPE OF REPRESENTATION OR WARRANTY REGARDING THE AVAILABILITY OR RESPONSE TIME OF THE SERVICES OR END-CUSTOMER DATA OR THAT ACCESS TO THE SERVICES OR END-CUSTOMER DATA WILL BE UNINTERRUPTED OR ERROR-FREE AND, EXCEPT AS EXPRESSLY PROVIDED FOR HEREIN, EXPRESSLY DISCLAIMS THE ACCURACY, COMPLETENESS AND CURRENCY OF ALL END-CUSTOMER DATA.
  2. UNLESS EXPRESSLY PROVIDED OTHERWISE IN THIS AGREEMENT, NEITHER FLINKS NOR ANY US DATA SOURCE, NOR ANY OF THEIR RESPECTIVE PERSONNEL WILL BE LIABLE TO CLIENT FOR ANY LOSS OR INJURY ARISING OUT OF, OR CAUSED IN WHOLE OR IN PART BY, THE US DATA ACCESS METHOD OR END-CUSTOMER DATA OR THEIR ACTS OR OMISSIONS IN RELATION TO THE US DATA ACCESS METHOD OR END-CUSTOMER DATA. 

9. MISCELLANEOUS

9.1 Data Residency

Client will store and host End-Customer Data from locations within the United States. Any change to the location of the storage or hosting of End-Customer Data to outside of the United States must be approved in advance by Flinks in writing. 

9.2 Precedence

Notwithstanding anything to the contrary in the Agreement, in the event of any inconsistency between the Agreement, any schedule, exhibit, appendix, statement of work thereto and this Amendment (including related appendices hereto), this Amendment (including related appendices hereto) will govern.

SCHEDULE A-2 – APPENDIX 1

END-CUSTOMER AGREEMENT – MINIMUM TERMS AND CONDITIONS

This End-Customer agreement contains the terms and conditions for your use of services that we may provide to you and that involve accessing third party account information (“Services”). Hereinafter “you” “your” means the End-Customer and “us” “we” or “our” refers to Flinks and US Data Sources.  

  1. Provide Accurate Information. You represent and agree that all information you provide to us in connection with the Services is accurate, current, and complete. You agree not to misrepresent your identity or account information. You agree to keep account information secure, up to date and accurate. You represent that you are a legal owner, or an authorized user, of the accounts at third party sites which you include or access through the Services, and that you have the authority to (i) designate us and our service providers as your agent, (ii) use the Services, and (iii) give us and our service providers the passwords, usernames, and all other information you provide. 
  2. Content You Provide. Your use of the Services is your authorization for us or our service providers, as your agent, to access third party sites which you designate in order to retrieve information. You are licensing to us and our service providers any information, data, passwords, usernames, PINS, personally identifiable information or other content you provide through the Services. You authorize us or our service providers to use any information, data, passwords, usernames, PINS, personally identifiable information or other content you provide through the Services or that we or our service providers retrieve on your behalf for purposes of providing the Services, to offer products and services, and for other permissible business purposes. Except as otherwise provided herein, we or our service providers may store, use, change, or display such information or create new content using such information.
  3. Authority to Access Information. Unless and until this End-Customer agreement is terminated, you grant us and our service providers the right to access information at third-party sites on your behalf. Third-party sites shall be entitled to rely on the authorizations granted by you or through your account. For all purposes hereof, you hereby grant us and our service providers the right to access third-party sites to retrieve information, use such information, as described herein, with the full power and authority to do and perform each and every act and thing required and necessary to be done in connection with such activities, as fully to all intents and purposes as you might or could do in person. Upon notice to us, you may (i) revoke our right to access information at third party sites on your behalf, or (ii) subject to Section 7 herein, request deletion of information collected from third party sites. You understand and agree that the Services are not sponsored or endorsed by any third-party site. YOU ACKNOWLEDGE AND AGREE THAT WHEN WE OR OUR SERVICE PROVIDERS ACCESS AND RETRIEVE INFORMATION FROM THIRD-PARTY SITES, WE ARE ACTING AT YOUR REQUEST AND WITH YOUR PERMISSION AND AUTHORIZATION, AND NOT ON BEHALF OF THE THIRD-PARTY SITES. 
  4. Third Party Accounts. With respect to any third-party sites we may enable you to access through the Services or with respect to any non-Financial Institution accounts you include in the Services, you agree to the following:
    1. You are responsible for all fees charged by the third party in connection with any non- Financial Institution accounts and transactions. You agree to comply with the terms and conditions of those accounts and agree that this End-Customer agreement does not amend any of those terms and conditions. If you have a dispute or question about any transaction on a non- Financial Institution account, you agree to direct these to the account provider.
    2. Any links to third party sites that we may provide are for your convenience only, and we and our service providers do not sponsor or endorse those sites. Any third-party services, which you may be able to access through the Services, are services of the listed institutions. Neither we nor our service providers have no responsibility for any transactions and inquiries you initiate at third party sites. The third-party sites you select are solely responsible for their services to you. We nor our service providers are not liable for any damages or costs of any type arising out of or in any way connected with your use of the services of those third parties.
  5. Limitations of Services. When using the Services, you may incur technical or other difficulties. Neither we nor our service providers are responsible for any technical or other difficulties or any resulting damages that you may incur. Any information displayed or provided as part of the Services is for informational purposes only, does not represent an official record of your account, may not reflect your most recent transactions, and should not be relied on for transactional purposes. We and our service providers reserve the right to change, suspend or discontinue any or all of the Services at any time without prior notice.  In the event that Services are discontinued, your information shall be retained in accordance with this Agreement and our privacy policies.
  6. Acceptance of End-Customer Agreement and Changes. Your use of the Services constitutes your acceptance of this End-Customer agreement. This End-Customer agreement is subject to change from time to time. We will notify you of any material change via e-mail or on our website by providing a link to the revised End-Customer agreement. Your continued use will indicate your acceptance of the revised End-Customer agreement. The licenses, user obligations, and authorizations described herein are ongoing.
  7. Aggregated Data.  Anonymous, aggregate information, comprising financial account balances, other financial account data, or other available data that is collected through your use of the Services, may be used by us and our service providers to conduct certain analytical research, performance tracking and benchmarking.  Our service providers may publish summary or aggregate results relating to metrics comprised of research data, from time to time, and distribute or license such anonymous, aggregated research data for any purpose, including but not limited to, helping to improve products and services and assisting in troubleshooting and technical support.  Your personally identifiable information will not be shared with or sold to third parties. 
  8. Ownership. You agree that we and our service providers, as applicable, retain all ownership and proprietary rights in the Services, associated content, technology, mobile applications and websites.
  9. End-Customer Conduct. You agree not to use the Services or the content or information delivered through the Services in any way that would: (a) be fraudulent or involve the sale of counterfeit or stolen items, including but not limited to use of the Services to impersonate another person or entity; (b) violate any law, statute, ordinance or regulation (including without limitation those governing export control, consumer protection, unfair competition, anti-discrimination or false advertising); (c) create liability for us or our service providers or cause us to lose the services of our service providers; (d) access the information and content programmatically by macro or other automated means; or I use the Services in such a manner as to gain unauthorized entry or access to computer systems.
  10. Indemnification. You agree to defend, indemnify and hold us harmless , our third party service providers and their officers, directors, employees and agents from and against any and all third party claims, liabilities, damages, losses or expenses, including settlement amounts and reasonable attorneys’ fees and costs, arising out of or in any way connected with your access to or use of the Services, your violation of these terms or your infringement, or infringement by any other user of your account, of any intellectual property or other right of anyone.
  11. Disclaimer. The Services are not intended to provide legal, tax or financial advice. The Services, or certain portions and/or functionalities thereof, are provided as strictly educational in nature and are provided with the understanding that neither we nor our third-party providers are engaged in rendering accounting, investment, tax, legal, or other professional services. If legal or other professional advice including financial, is required, the services of a competent professional person should be sought. We and our third-party providers specifically disclaim any liability, loss, or risk which is incurred as consequence, directly or indirectly, of the use and application of any of the content on this site. Further, we and our third-party providers are not responsible for any credit, insurance, employment or investment decisions or any damages or other losses resulting from decisions that arise in any way from the use of the Services or any materials or information accessible through it. Past performance does not guarantee future results. We and our third-party providers do not warrant that the Services comply with the requirements of the FINRA or those of any other organization anywhere in the world.
  12. DISCLAIMER OF WARRANTIES. YOU AGREE YOUR USE OF THE SERVICES AND ALL INFORMATION AND CONTENT (INCLUDING THAT OF THIRD PARTIES) IS AT YOUR RISK AND IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WE, AND OUR SERVICE PROVIDERS, DISCLAIM ALL WARRANTIES OF ANY KIND AS TO THE USE OF THE SERVICES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. WE, AND OUR SERVICE PROVIDERS, MAKE NO WARRANTY THAT THE SERVICES (i) WILL MEET YOUR REQUIREMENTS, (ii) WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE, (iii) THE RESULTS THAT MAY BE OBTAINED FROM THE SERVICES WILL BE ACCURATE OR RELIABLE, (iv) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL OBTAINED BY YOU THROUGH THE SERVICES WILL MEET YOUR EXPECTATIONS, OR (v) ANY ERRORS IN THE SERVICES OR TECHNOLOGY WILL BE CORRECTED. ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SERVICES IS DONE AT YOUR OWN DISCRETION AND RISK AND YOU ARE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF SUCH MATERIAL. WE, ON BEHALF OF OURSELVES AND ALL THIRD PARTY DATA PROVIDERS, EXPRESSLY DISCLAIM ANY TYPE OF REPRESENTATION OR WARRANTY REGARDING THE AVAILABILITY OR RESPONSE TIME OF THE SERVICES OR CONTENT OR INFORMATION OBTAINED THROUGH THE SERVICES OR THAT SUCH ACCESS WILL BE UNINTERRUPTED OR ERROR-FREE AND, EXCEPT AS EXPRESSLY PROVIDED FOR HEREIN, EXPRESSLY DISCLAIM THE ACCURACY, COMPLETENESS AND CURRENCY OF ALL INFORMATION COLLECTED ON YOUR BEHALF.  NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM US OR OUR SERVICE PROVIDERS THROUGH OR FROM THE SERVICES WILL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS.
  13. LIMITATION OF LIABILITY. YOU AGREE THAT WE AND OUR THIRD PARTY SERVICE PROVIDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER LOSSES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, RESULTING FROM (i) THE USE OR THE INABILITY TO USE THE SERVICES AT OUR WEBSITE/MOBILE APPLICATION OR OF ANY THIRD PARTY ACCOUNT PROVIDER’S WEBSITE/MOBILE APPLICATION; (ii) THE COST OF GETTING SUBSTITUTE GOODS AND SERVICES, (iii) ANY PRODUCTS, DATA, INFORMATION OR SERVICES PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO, THROUGH OR FROM THE SERVICES, (iv) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSION OR DATA, (v) STATEMENTS OR CONDUCT OF ANYONE ON THE SERVICES, (vi) THE USE, INABILITY TO USE, UNAUTHORIZED USE, PERFORMANCE OR NON-PERFORMANCE OF ANY THIRD PARTY ACCOUNT PROVIDER SITE, EVEN IF THE PROVIDER HAS BEEN ADVISED PREVIOUSLY OF THE POSSIBILITY OF SUCH DAMAGES, OR (vii) ANY OTHER MATTER RELATING TO THE SERVICES.
  14. WAIVER OF JURY TRIAL AND CLASS ACTION.  You agree that, with respect to any dispute with us or our service providers, arising out of or relating to your use of the Services or these terms: (i) YOU ARE GIVING UP YOUR RIGHT TO HAVE A TRIAL BY JURY; and (ii) YOU ARE GIVING UP YOUR RIGHT TO SERVE AS A REPRESENTATIVE, AS A PRIVATE ATTORNEY GENERAL, OR IN ANY OTHER REPRESENTATIVE CAPACITY, OR TO PARTICIPATE AS A MEMBER OF A CLASS OF CLAIMANTS, IN ANY LAWSUIT INVOLVING SUCH DISPUTE.
  15. Export Restrictions.  You acknowledge that the Services and any software underlying such Services are subject to the U.S. Export Administration Regulations (15 CFR, Chapter VII) and that you will comply with these regulations. You will not export or re-export the software or Services, directly or indirectly, to: (1) any countries that are subject to U.S. export restrictions; (2) any end-customer who has been prohibited from participating in U.S. export transactions by any federal agency of the U.S. government; or (3) any end-customer who you know or have reason to know will utilize them in the design, development or production of nuclear, chemical or biological weapons. You further acknowledge that the Services may include technical data subject to export and re-export restrictions imposed by U.S. law.
  16. Other Terms. You may not assign this End-Customer agreement. A determination that any provision of this End-Customer agreement is unenforceable or invalid shall not render any other provision of this End-Customer agreement unenforceable or invalid. 

SERVICE SCHEDULE – ENRICHMENT

Last update: March 23, 2022

1. DEFINITIONS

Errors” shall have the meaning ascribed to it in Section 3(b).

Unless otherwise defined herein, all capitalized terms carry the definitions ascribed to them in the Master Terms, or Order Form, as applicable.

2. ENRICHMENT SERVICE 

Pursuant to the Flinks Master Terms and Conditions set forth at https://flinks.com/terms-conditions/#mastertermsandconditions, and the applicable Order Form between Flinks and Client, Flinks shall provide Client with the following Service:

  1. Enrichment is a data-refining tool that enables Client to obtain additional insight into End-Customer’s financial data. The core functions of Enrichment depend on the Enrichment package purchased by Client in any applicable Order Form(s); and 
  2. The above Services do not include any professional, technical, consulting or integration services.

3. SERVICE TERMS

a) Operational Metrics

Connection Method Availability and Flinks Connect Availability are monitored on a 24/7 basis and assessed on a monthly basis. Flinks commits to deploy its best efforts to ensure 99% Connection Method Availability and Flinks Connect Availability, excluding Scheduled Maintenance, Emergency Maintenance and any Data Source malfunction outside of Flinks’ control.

b) Technical Support

In the event that any bugs, defects, delays, hindrances, or other errors (collectively, “Errors”) occur, Client will report to Flinks the Error in accordance with the Severity Levels (to be reasonably determined by Client) as set forth in Exhibit A hereto. Flinks commits to deploy its best efforts to respond to an Error, depending on the Severity Level, within the time frames set forth in Exhibit A entitled “Exhibit A to Service Schedule – Support”, starting from the time Client notifies Flinks of the Error.

EXHIBIT A TO SERVICE SCHEDULE– SUPPORT

1. Technical support times for the Service described in this Service Schedule are as follows during the Term:

Severity LevelAcknowledgement TimeEngagement Method
Severity Level 1” is an emergency condition which makes the use or continued use of any one or more functions of the Software impossible or significantly impaired. The condition requires an immediate solution that is not already available to Client.Upon reception of report from the Client.If found by Flinks: Flinks shall call or email the Client business lead.
If found by Client: Client shall open a support ticket by emailing [email protected] (Canada) or [email protected] (USA) and shall immediately call or email Flinks’ relationship manager assigned to Client.
Severity Level 2” is, other than any Severity Level 1 problem, any condition which makes the use or continued use of any one or more functions of the Software difficult and which Client cannot reasonably circumvent or avoid on a temporary basis without the expenditure of significant time or effort.< 1 hourIf found by Flinks: Flinks shall email the Client business lead.
If found by Client: Client shall open a support ticket by emailing [email protected] (Canada) or [email protected] (USA) and shall call or email Flinks’ relationship manager assigned to Client.
Severity Level 3” is, other than any Severity Level 1 problem or Severity Level 2 problem, any limited condition which is not critical in that no loss of Client Data occurs and which Client can reasonably circumvent or avoid on a temporary basis without the expenditure of significant time or effort.< 4 hoursIf found by Flinks: Flinks shall update the Status Update website (status.flinks.com).
If found by Client: Client shall open a support ticket by emailing [email protected] (Canada) or [email protected] (USA).
Severity Level 4” is, other than any Severity Level 1 problem, Severity Level 2 problem or Severity Level 3 problem, a minor condition or Documentation error which Client can easily circumvent or avoid. Additional requests for new feature suggestions, which are defined as new functionality in existing Software, are also classified as Severity Level 4.< 1 dayIf found by Flinks: Flinks shall contact Client to schedule an ad hoc meeting or a quarterly business review.
If found by Client: Client shall contact Flinks’ relationship manager assigned to Client.

&nbsp;