Effective Date: May 10, 2023
InVista has developed talent assessment solutions (“Role Specific Solutions” or "Solutions") and has the right to license the Role Specific Solutions to others; Customer desires to access InVista's Role Specific Solutions via InVista's online digital platform, Connect2Vista. In consideration of the mutual covenants and promises expressed herein and other good and valuable considerations, it is agreed as follows:
InVista hereby grants Customer, subject to the terms of this Agreement, a license to access certain Specific Solutions on the Connect2Vista platform.
The term for Customer's access to the InVista Solutions shall begin on the Effective Date and shall continue so long as InVista receives the applicable fees for use of the Solutions. Fees charged during the Term shall be at InVista's then-current rates, unless otherwise mutually agreed to in writing.
Either party may terminate this Agreement, effective 30 days after the terminating party gives the other party written notice of termination. In addition, Customer will pay InVista any outstanding fees owed to InVista within 60 days of termination. Failure to cease all use of the Solutions and Connect2Vista platform after termination shall constitute copyright infringement.
InVista is the owner of all right, title and interest in the Role Specific Solutions and the Connect2Vista platform. Customer shall acquire no right or interest in the Solutions or the Connect2Vista platform, by virtue of this Agreement or by virtue of use of the Solutions and/or platform, except the right to use the Solutions and the platform in accordance with the provisions of this Agreement. All uses of the Solutions and the Connect2Vista platform by Customer shall inure to the benefit of InVista.
Customer agrees to indemnify InVista and hold InVista harmless against any claim or demand or against any recovery in any suit (including taxes of any kind, reasonable attorney's fees, litigation costs, and other related expenses) that may be:
Customer shall not assign this Agreement or any license, power, privilege, right, or immunity, or delegate any duty, responsibility, or obligation hereunder, without the prior written consent of InVista. Any assignment by InVista of its rights shall be made subject to this Agreement.
This Agreement shall be construed according to the laws of the State of Florida of the United States of America. Venue for any legal action relative to this Agreement shall be in the appropriate state court in Hillsborough County, Florida, or in the United States District Court for the Middle District of Florida, Tampa division. Customer agrees that, in any action relating to this Agreement, the Circuit Court in Hillsborough County, Florida or the United States District Court for the Middle District of Florida, Tampa Division, has personal jurisdiction over Customer, and that Customer waives any argument it may otherwise have against the exercise of those courts' personal jurisdiction over Customer.
If any provision of this Agreement shall, to any extent, be invalid and unenforceable such provision shall be deemed not to be part of this Agreement, and the parties agree to remain bound by all remaining provisions.
Customer acknowledges that irreparable damage would result from unauthorized use of the Solutions and/or Connect2Vista platform and further agrees that InVista would have no adequate remedy at law to redress such a breach. Therefore, Customer agrees that, in the event of such a breach, specific performance and/or injunctive relief, without the necessity of a bond, shall be awarded by a Court of competent jurisdiction.
This instrument embodies the whole Agreement of the parties. There are no promises, terms, conditions, or obligations for the Role Specific Solutions licensed hereunder other than those contained herein; and this Agreement shall supersede all previous communications, representations, or agreements, either written or verbal, between the parties hereto, with the exception of any prior agreements that have not previously been terminated by written consent of both parties or by one party if the terms of the agreement allow. This Agreement may be changed only by an agreement in writing signed by both parties.
Any notice required or permitted to be given under this Agreement shall be sufficient if in writing and if sent by certified or registered mail postage prepaid to the addresses first herein above written or to such addresses as either party may from time to time amend in writing. No letter, telegram, or communication passing between the parties hereto covering any matter during this contract, or periods thereafter, shall be deemed a part of this Agreement unless it is distinctly stated in such letter, telegram, or communication that it is to constitute a part of this Agreement and is to be attached as a right to this Agreement and is signed by both parties hereto.
Subject to the limitations on assignments as provided in Section 6, this Agreement shall be binding on the successors and assigns of the parties hereto.
1.1The following Data Processing Addendum (“DPA”) applies to all transfers of Personal Information (defined below) by and between Psychological Assessment Resources, Inc., PARiConnect, PAR InVista, and/or the Self-Directed Search (collectively, “PAR,” “we,” “us,” or “our”) and any entities that provide the Personal Information of their patients, clients, students, or customers to PAR for PAR's provision of services (these entities are herein referred to as “Customer”). This DPA is effectively incorporated into the agreement (“Agreement”) entered into between PAR and Customer (each a “Party” and collectively the “Parties”). This DPA is effective as of the date of the Agreement. In the event of a conflict between any provisions of the Agreement and the provisions of this DPA, the provisions of this DPA shall govern and control.
1.2PAR acknowledges that Customer and/or the data it discloses to PAR may be subject to consumer privacy laws and regulations, as well as common law restrictions and/or obligations (the “Consumer Privacy Laws”). Consumer Privacy Laws may include, but it is not limited to, laws, and associated regulations or guidance, such as pursuant to the Health Insurance Portability and Accountability Act, General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), U.K. General Data Protection Regulation, California Consumer Privacy Act (the “CCPA”) and California Privacy Rights Act (“CPRA”), as codified in California Civil Code sections 1798.100, et seq. (collectively, “CCPA/CPRA”), and other similar foreign or domestic, federal, state, or local privacy statutes, regulations, rules, or guidance, laws currently in effect or that may come into effect during the term of the Agreement, all as applicable and as may be amended from time to time.
2.1Based on Customer's relationship with PAR, PAR is considered a “service provider,” “contractor,” or “processor” (collectively, “Processor”) under the Consumer Privacy Laws. As a Processor, PAR may process and/or receive “personal information” or “personal data,” as such terms are defined in applicable Consumer Privacy Laws, from, or on behalf of, Customer (such personal information or personal data is herein referred to as “Personal Information”).
2.2The term “security incident” means (i) any act or omission that compromises either the security, confidentiality, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by PAR that relate to the protection of the security, confidentiality, or integrity of Personal Information, or (ii) receipt of a complaint in relation to the privacy and data security practices of PAR or a breach or alleged breach of this DPA. Without limiting the foregoing, a compromise shall include any unauthorized access to or disclosure or acquisition of Personal Information.
2.3The term “Model Clauses” means the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
2.4The term “U.K. Addendum” means the template U.K. Information Commissioner's Office Addendum to the Model Clauses for international data transfers, issued under Section 119A of the U.K. Data Protection Act 2018, and including both tables and mandatory clauses.
3.1PAR will comply with Customer's instructions regarding the processing of Personal Information, including but not limited to instructions regarding amending, transferring, or deleting Personal Information.
3.2PAR shall not “sell” or “share” Personal Information it collects pursuant to the Agreement, as those terms are defined by applicable Consumer Privacy Laws.
3.3Customer is providing PAR access to Personal Information for the limited and specific purposes provided in the Agreement, as described in section 5 herein, and/or as otherwise expressly permitted by Consumer Privacy Laws. PAR shall not retain, use, or disclose Personal Information for any purpose(s) other than those specified in section 5 herein or otherwise permitted by the Consumer Privacy Laws. Such purposes are incorporated by reference herein.
3.4PAR shall not retain, use, or disclose Personal Information that it collects pursuant to the Agreement for any “commercial purpose,” as defined by applicable Consumer Privacy Laws, other than the business purposes specified in section 5 herein, including in the servicing of any entity other than Customer.
3.5PAR shall not retain, use, or disclose Personal Information it collects pursuant to the Agreement outside of the direct business relationship between PAR and Customer.
3.6PAR shall not combine or update Personal Information with any other information, except to perform a business purpose defined in Consumer Privacy Laws, such as regulations adopted pursuant to Cal. Civ. Code § 1798.185(a)(10), except as provided by Consumer Privacy Laws.
3.7PAR shall comply with all applicable laws and obligations regarding the use and protection of Personal Information, including all Consumer Privacy Laws, as applicable. PAR certifies that it understands these restrictions, including pursuant to the CCPA/CPRA, and shall comply with them.
3.8PAR shall provide the same level of privacy protection as required by Customer, and shall assist the Customer in meeting the Customer's obligations in relation to the Personal Information. These privacy protections and obligations include, but are not limited to:
3.9PAR shall ensure that each person processing Personal Information is subject to a duty of confidentiality with respect to such Personal Information. The termination or expiration of this DPA shall not discharge PAR from its confidentiality obligations pursuant to the Agreement and this paragraph. PAR shall process Personal Information until the date of expiration or termination of the Agreement, unless instructed otherwise by Customer, or until such data is returned, de-identified, or destroyed on instruction of Customer.
3.10If PAR engages any other person or entity to assist it in processing Personal Information for purposes of providing the services enumerated in the Agreement, PAR shall:
3.11To the extent PAR processes or receives any deidentified personal information, as defined by applicable Consumer Privacy Laws, from, or on behalf of, Customer (“Deidentified Information”), PAR shall comply with all Consumer Privacy Laws concerning the Deidentified Information, including maintaining the information as deidentified personal information. PAR shall take reasonable measures to ensure the Deidentified Information cannot be associated with a consumer or household, publicly commit to maintain and use the Deidentified Information in deidentified form, not attempt to reidentify the information unless solely for the purpose of determining whether the data is deidentified, and contractually obligate any recipient of the Deidentified Information to comply with this DPA and all Consumer Privacy Laws regarding the processing of such Deidentified Information.
3.12Unless PAR is otherwise required by law, or if Customer sooner requests PAR return Personal Information to Customer instead, PAR will delete and destroy Personal Information and all copies of the same once the Personal Information is no longer needed to complete the transaction or services requested.
3.13Upon the reasonable request of Customer, PAR shall make available to Customer all information in its possession, custody, or control that is necessary to demonstrate PAR's compliance with all Consumer Privacy Laws and the requirements of this DPA or to enable Customer to conduct and document any required data protection assessments.
3.14PAR shall notify Customer if PAR determines it can no longer meet its Consumer Privacy Laws obligations.
3.15To the extent PAR processes any Personal Information from the European Economic Area (“EEA”) or United Kingdom (“U.K.”), Customer as “data exporter” and PAR as “data importer” hereby enter into the Model Clauses and U.K. Addendum. If required by law or by any agency or regulatory body with jurisdiction, the Parties agree to re-execute the Model Clauses and U.K. Addendum (including Annexes hereto) as a document separate from this DPA. For purposes of the Model Clauses and U.K. Addendum, the Parties hereby agree that:
4.1PAR grants Customer the right to take, and PAR shall allow and contribute to, appropriate and reasonable steps to monitor PAR and ensure PAR's use of Personal Information is consistent with all applicable privacy rights and obligations, whether statutory, regulatory, based in common law, contractual, or otherwise. These steps may include, but are not limited to, ongoing manual reviews, automated scans, regular assessments, audits, or other policy review or technical and operational testing at least once every 12 months. As an alternative to a Customer-requested review, assessment, audit, or testing, PAR may arrange for a qualified and independent assessor, using an appropriate and accepted control standard or framework and assessment procedure, to conduct such review, scan, assessment, audit, or other policy review and testing of PAR's policies and technical and organizational measures to satisfy its obligations under this DPA. PAR shall provide a report of all such reviews, scans, assessments, audits, or tests to Customer upon request.
4.2PAR grants Customer the right, upon notice, to take reasonable and appropriate steps to stop, mitigate, and remediate any and all unauthorized use of Personal Information.
4.3Customer is responsible for providing any required privacy notice to data subjects and securing any required consent for PAR's processing of Personal Information in accordance with Customer's instructions.
4.4Customer agrees that PAR may aggregate data and use such data for analytical purposes. In those instances, PAR will ensure that the data is effectively anonymized prior to such use and that no individual is reasonably identifiable from the data once anonymized and aggregated.
4.5PAR shall enable Customer to comply with any consumer privacy request made pursuant to Consumer Privacy Laws.
4.6The parties will work and communicate with each other in good faith to comply with Consumer Privacy Laws.
4.8Limitation of Liability.
EXCEPT WITH RESPECT TO EACH PARTY'S OBLIGATIONS AS TO CONFIDENTIALITY AND INDEMNIFICATION, OR LOSSES ARISING FROM A PARTY'S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT:
Any disputes arising from or in connection with this DPA shall be brought as set forth in the Agreement.
Data Exporter is: Customer.
Address: See Agreement.
Contact person's name, position, and contact details:
Activities relevant to the data transferred under these Clauses:
Data Exporter is a professional seeking PAR's assistance evaluating an individual for purposes of Data Exporter advising the data subject.
Data Exporter is the Controller.
Data Importer is: PAR.
Address: 16204 N Florida Ave, Lutz, FL 33549.
Travis White, PhD, President and Chief Operating Officer
Data Importer processes the data provided to assist Data Exporter in providing professional services to the data subject.
Data Importer is the Processor.
The competent supervisory authority for purposes of the Model Clauses is the Irish Supervisory Authority. The competent supervisory authority for purposes of the U.K. Addendum is the U.K. Information Commissioner's Office.
Description of the technical and organizational measures implemented by the data importer(s)
PAR employs and applies a variety of information technology tools, strategies, devices, and methodologies to protect both PAR Customer data and patient/client data and item responses that are captured and stored on PARiConnect. Below is information pertaining to these various IT controls.
Full legal name: See Agreement
Trading name (if different): N/A
Main address (if a company registered address):
Official registration number (if any) (company number or similar identifier):
See Agreement (if applicable)
Full Name (optional): See Agreement
Job Title: See Agreement
Contact details including email:
Addendum EU SCCs
☐The version of the Approved EU SCCs which this Addendum is appended to, detailed below, including the Appendix Information:
Reference (if any):
Other identifier (if any):
☒the Approved EU SCCs, including the Appendix Information and with only the following modules, clauses or optional provisions of the Approved EU SCCs brought into effect for the purposes of this Addendum:
“Appendix Information” means the information which must be provided for the selected modules as set out in the Appendix of the Approved EU SCCs (other than the Parties), and which for this Addendum is set out in:
Annex 1A: List of Parties: See Annex I
Annex 1B: Description of Transfer: See Annex I
Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data
Annex III: List of Sub processors (Modules 2 and 3 only)
Ending this Addendum when the Approved Addendum changes
Which Parties may end this Addendum as set out in Section 19: