Midaxo Customer Terms of Service

The Midaxo Customer Terms of Service is a contract that details the terms and conditions that will apply to the services provided under this contract and Service Orders placed thereunder.

The Midaxo Service Order Form is the approved form for documenting the services being provided. It contains all the details about the order, including the subscription term, products and services and fees. Execution of the Midaxo Service Order Form and/or use of the Subscription Service or receiving Professional Services constitutes agreement to the terms of the services detailed in this document. 

Midaxo may update these terms at its discretion and customers may “opt-in” to receive notification of these updates.  Customers with an active Midaxo subscription can “opt-in” to receive notice of updated Terms of Service.  

  1. General Information
    1. For the purposes of these terms the parties are identified as follows:
      1. Midaxo, hereafter referred to as the “Provider”.
      2. Customer, hereafter referred to as the “Subscriber”.
    1. The terms and conditions in this document apply to the Provider’s Service. 
    1. The execution of the initial Service Order Form by the Parties fully constitutes agreement to the terms of the services detailed in this document, including the any appendices and is effective from the Subscription Start Date.
    1. During the validity of the Agreement, the Parties may agree on additional Service Order Forms to modify the Subscriber’s Subscription.  
  2. Definitions
    1. “Admin User” means the Subscriber’s main operator of the Service as may be amended from time to time upon written notice by the Subscriber to the Provider, including email.
    1. “Agreement” or “Customer Terms of Service” means the General Terms and all materials referred to or linked to in this document, unless otherwise stated.  
    1. “Affiliate” means any entity which directly or indirectly controls, is controlled by, or is under common control with a party to this Agreement. For purposes of this definition, control means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
    1. “Confidential Information” means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential, including, but not limited to, information relating to the business, prospective business, technical processes, computer software, intellectual property rights or finances of either of the Parties. or a reasonable person would consider confidential.
    1. “Initial Term” means the first term, in full calendar months, of the Subscriber’s Subscription and use of the Service as noted in the Service Order Form.
    1. “Provider Content” means the Provider’s templates, playbooks, reports, configurations, documents, materials, and workflows included in the Service or shared with the Subscriber during the sales process or during the validity of this Agreement.
    1. “Service” means the Provider’s secure, web-based platform and products as detailed in Appendix B (Scope of Service) and as updated from time to time. 
    1. “Service Order Form” means an online or printable form that is executed by the Subscriber and Provider in detailing the products, services, and term of the subscription.
    1. “Subscription” means the Subscriber’s Service scope and terms as defined in the applicable Service Order Form(s).
    1. “Subscription Fee” means the total fees payable for the Subscription by the Subscriber to the Provider as defined in the applicable Service Order Form(s).
    1. “Subscription Anniversary Date” means the first day of the Initial Term and the subsequent annual renewal terms, as detailed in the Service Order Form.
    1. “Subscription Start Date” means the date when the Subscriber actually begins to use the Service as noted on the Service Order Form. 
    1. “User” means a Subscriber’s personnel, contractors, agents, or a person identified and invited by the Subscriber to use the Service.  Each User requires a valid Subscription.
  3. Service provision
    1. Subject to the Subscriber’s payment of fees for the Service as set out on the Service Order and during the term of the Agreement, the Provider: 
      1. Grants to the Subscriber a non-exclusive and non-transferable right (except in connection with a transfer or assignment permitted under Section 17) to use the Service and Provider Content.
      2. Grants to the Subscriber a non-exclusive and non-transferable right (except in connection with a transfer or assignment permitted under Section 17) to use any third-party products or software that are included in the Service.
    2. After expiration of this Agreement, the Subscriber has a right to use the Provider Content included in the Service for its internal use only. The Subscriber does not have a right to license, sublicense, sell, resell, transfer, assign, distribute, or otherwise commercially exploit or make available to any third party such content in any way.
    3. The Subscriber must ensure that all access, use and receipt by its Users is subject to and in compliance with this Agreement. 
    4. The Subscriber shall not:
      1. License, sublicense, sell, resell, transfer, assign, distribute, or otherwise commercially exploit the Service.
      2. Make derivative works based on the Service.
      3. Reverse engineer or access the Service in order to: (i) build a competitive product or service, (ii) build a product using similar ideas, features, functions, or graphics of the Service, or (iii) copy any ideas, features, functions, or graphics of the Service.
    5. The Subscriber shall not knowingly do any of the following in connection with its use of the Service:
      1. Send or store infringing, obscene, or otherwise unlawful material.
      2. Send or store material containing software viruses or other harmful computer code.
      3. Interfere with or disrupt the integrity or performance of the Service or the data contained therein.
      4. Attempt to gain unauthorized access to the Service or its related systems or networks.
    6. The Provider shall comply with and provide the Service in accordance with (i) the terms of the Service Level Agreement set out in Appendix A of this document, and (ii) all applicable laws, rules, and regulations. 
  4. Service fees and payment terms
    1. The Subscription Fees for the Service are defined in the Service Order Form.
    2. All Subscription Fees and other fees indicated in the Service Order Form are exclusive of any sales tax, value added tax (VAT), goods and services tax (GST) or other taxes and duties that may be applicable. When obliged under applicable tax legislation to add any of the aforementioned taxes or duties to its fees, the Provider shall do so by computing the applicable tax and including it on the invoice for the Subscription Fees and other fees.
    3. The Provider has the right to access the Subscriber’s account to monitor the Subscriber’s seat count and usage by the seat type. The Provider has the right to invoice the Subscriber’s seat count and usage by the seat type that exceeds the subscribed seat count and type.  
    4. All invoices by the Provider will be rendered in the currency defined in the Service Order Form and will be payable in full by the Subscriber together with any sales tax or value added tax (if applicable) within thirty (30) days of receipt (unless otherwise noted on the Service Order). When the Subscriber’s payment for the Service is thirty (30) days late, the Provider reserves the right to suspend the Service by giving a notice to the Subscriber. Notwithstanding the Provider’s right to suspend the Service, the Provider is entitled to charge one (1.0%) percent per month interest on all overdue Subscription Fees. 
    5. Fee Adjustments at Renewal. Upon renewal, the Provider may increase subscription fees up to our then-current list price, up to a maximum of 10% increase. If the Provider intends to increase the price, the Subscriber will be notified at least thirty (30) days in advance of renewal and the increased fees will apply at the start of the next renewal term. If subscriber does not agree to this increase, either party can choose to terminate the subscription at the end of the then-current term by providing the notice required in the ‘Notice of Non-Renewal’ section below.
  5. Misuses of the Service
    1. The Subscriber, its Admin User, and Users shall not use the Service contrary to this Agreement, the law, orders of any authorities or good practices, nor for purposes that are in contradiction with any of the aforementioned. 
    2. The Subscriber shall use the Service in a way which, to the best of its knowledge, ensures that the use does not interfere with the functioning of the Service.
    3. The Subscriber is liable for any data or material stored to the Service by the Subscriber and/or created using the Service or delivered through the Service to third parties. The Provider is not responsible for any claims and/or disputes related to such material or any possible damage or costs they may cause to the Subscriber or a third party.
  6. Interruption to the Service
    1. The Provider may, upon reasonable written notice to the Subscriber, interrupt the Service in whole or in part to install updates, new features, bug fixes, and other improvements. The Provider uses its commercial best effort to minimize such interruptions and their potential inconvenience to the Subscriber.  
    2. The Service may be subject to limitations, delays, and other problems inherent to the use of internet and electronic communications. The Provider is not responsible to the Subscriber or third party for any such delays, delivery failures, loss of the Subscriber’s data or other damages, losses, or costs resulting from such interruptions.
  7. Changes to the Service 
    1. The Provider may at any time change any working methods used in the production of the Service, any devices, telecommunication links, applications or other parts of the Service or systems related to the Service, and may further change the subcontractors it uses, if such changes in the Provider’s sole discretion are necessary and at no time degrade or materially alter the Service provided.
  8. Data protection and data security
    1. The Provider shall process the Subscriber data in the Service only on behalf and at the request and direction of the Subscriber. Notwithstanding the foregoing, the Provider shall take commercially reasonable efforts to protect all data stored in the Service against any unauthorized disclosure or access. Provider represents and warrants that its collection, access, use, storage, disposal, disclosure, and other processing of Subscriber Data does and will comply with all applicable laws, as detailed in the Data Processing Agreement attached as Appendix C.
    2. The Subscriber hereby agrees to the terms of the Data Processing Agreement set forth in Appendix C. 
    3. The Provider processes information that may be considered as identification data according to applicable law. Such identification data refers to data that can be associated with an individual User that is processed in communication networks for the purposes of transmitting, distributing, or providing messages. The Provider records identification data only as it relates to the use of the Service and data security in relation thereto. The Provider does not disclose User’s personal data or identification data of the Service to third parties.
    4. The Provider may use cookies in the technical implementation of the Service. With the help of cookies, the Provider can improve the usability of the Service and offer individualized information and services to the users of the Service.  The cookies do not contain the Subscriber’s Confidential Information, and do not collect any personally identifiable information.
    5. The Provider is not responsible for destruction, disappearance, change or delay in delivery of any content or data transferred through the Service.
    6. The Subscriber recognizes and accepts that the Service is supplied in the form of a so-called cloud service, provided by the Provider’s technology partners. At the Subscriber’s request, the Provider stores and processes the Subscriber’s data, including its Users’ personal data, either in the USA or the EU/EEA.  
  9. Confidentiality
    1. Each Party may use the Confidential Information of a disclosing Party only for the purposes of this Agreement and must keep confidential all Confidential Information of each disclosing Party except to the extent the recipient of any Confidential Information is required by law to disclose the Confidential Information, in which case the recipient shall provide prompt notice of such legally compelled disclosure.
    2. Either Party may disclose Confidential Information to those of its employees, advisers, and consultants who have a need to know the same for the purposes of this Agreement. The Subscriber is permitted to share Confidential Information of the Provider to any of the Subscriber’s affiliated companies and any of their employees, advisers, and consultants.
    3. The obligations of confidentiality under this Agreement do not extend to information that:
      1. Was rightfully in the possession of the receiving Party before the execution of this Agreement or is subsequently received from a third party.
      2. Is, or after the day this Agreement is signed, becomes public knowledge (otherwise than as a result of a breach of this Agreement).
      3. Is or was independently developed by the receiving Party without reference to the Confidential Information of the disclosing Party.
      4. Is required by law to be disclosed or by order of statute, regulation, securities commissions, courts, regulators, or other authorities or bodies.
    4. Notwithstanding the provisions of this Section, solely with the Subscriber’s prior written consent, including email, which may be revoked at the Subscriber’s sole discretion, the Provider is entitled to include the Subscriber on its reference list and include the Subscriber’s logo on the Provider’s website. The Provider is also entitled to send by email to all Users material related to using the Service.  
    5. The expiration of the Agreement shall have no effect on the validity of the confidentiality obligations.
    6. In the event of a breach of these Confidentiality obligations, the breaching Party will notify the non-breaching Party within seventy-two (72) hours of becoming aware of any such breach.
  10. Intellectual property rights
    1. All intellectual property rights relating to the Service, Provider’s Content, methods, software, material, and processes, as well as to any work in relation to the performance of the Service and to any material arising from such work, belong to the Provider, its cooperation partners, or any of their subcontractors. No such rights are transferred on the basis of this Agreement to the Subscriber, the Users, the Admin Users, or any other party.
    2. The Subscriber may not delete, amend, or cover any signs of copyright, trademark, or other intellectual property rights, nor in any other way change the Service or any documentation relating to the Service.
    3. The Subscriber hereby agrees that any intellectual property rights in the development of ideas and findings or know-how (whether presented orally or in written form by the Subscriber or the Provider) pertaining to the Service (“Feedback”) and any materials on which such Feedback is imprinted on belongs absolutely and vests in the Provider and that the Subscriber will not be entitled to any additional compensation in relation to Feedback.
    4. All intellectual property rights relating to any content, reports, configuration, notes, materials, business processes, documents, or other information which the Subscriber uploads or adds to the Service and to any material and ideas arising from such work, belong to the Subscriber. The Provider agrees that all information which the Subscriber uploads on the system shall remain the sole and exclusive property of the Subscriber and that nothing contained herein shall be considered as granting the Provider any proprietary rights in such information.
  11. Liability for infringements of third-party intellectual property rights
    1. The Provider is responsible for ensuring the Service does not infringe on a third-party’s intellectual property rights. The Provider shall, at its own expense, defend the Subscriber against any alleged infringement of any patent, trademark, or copyright related to the Service. The Provider, at its sole discretion, may replace or modify the Service or may obtain a license for the Subscriber for continued use of the Service or a functional equivalent.
    2. If none of the aforementioned alternative actions are deemed commercially reasonable by the Provider, the Subscriber shall agree to cease use of the Service and the Provider shall refund the Subscriber for any Subscription Fee which had been paid in advance on a pro rata basis from the date of termination.
  12. Indemnification
    1. Subscriber will indemnify, defend, and hold Provider and our Affiliates harmless, at Subscriber’s expense, against any third-party claim, suit, action, or proceeding (each, an “Action”) brought against Provider by any third party not affiliated with Provider or its Affiliates to the extent that such Action is based upon or arises out of:
      1. unauthorized or illegal use of the Subscription Service by Subscriber or its Affiliates, 
      2. Subscriber or its Affiliates, noncompliance with or breach of this Agreement, 
      3. Subscriber or its Affiliates, use of Third-Party Products, or 
      4. the unauthorized use of the Subscription Service by any other person using the Subscriber’s User information. 
    2. Provider will notify Subscriber in writing within thirty (30) days of becoming aware of any such claim; give Subscriber sole control of the defense or settlement of such a claim; and provide Subscriber (at Subscriber’s expense) with any and all information and assistance reasonably requested to handle the defense or settlement of the claim. Subscriber will not accept any settlement that (i) imposes an obligation on the Provider; (ii) requires Provider to make an admission; or (iii) imposes liability not covered by these indemnifications or places restrictions on Provider without prior written consent. 
      The above limitations shall not apply in the event of:
      1. Willful misconduct or fraudulence.
      2. Gross negligence.
      3. Any breach of either Party’s Confidentiality obligations as described in Section 9.
      4. Any breach of Sections 9 or 10 (intellectual property rights).
    3. The Provider is under no circumstances responsible for, and shall have no liability to compensate costs, expenses, or damages caused by the following:
      1. Any conditions for the use of the Service that fall under the responsibility of the Subscriber.
      2. Content and data that the Subscriber or Users has stored in or through the use of the Service, including the usability and correctness of such content and data.
      3. Unauthorized use of the Service or software or for any attempt at unauthorized use.
      4. Malfunctions, capacity problems or interruptions in the telecommunication network, interruption, or termination of the Service, which is not attributable to the Provider.
  14. Validity and termination of the Agreement
    1. Term. This Agreement is valid from the Subscription Start Date until terminated in writing.
    2. Renewal. The initial subscription term will be specified on the Service Order Form, and, unless otherwise specified on the Service Order Form, after the Initial Term, the subscription will automatically renew for one year (“Renewal Term”).
    3. Notice of Non-Renewal.  Unless otherwise noted in the Service Order, the Subscriber must provide written notice of non-renewal at least thirty (30) days prior to the expiration of the Initial Term or the then-current renewal term.
    4. Termination. 
      The Subscriber may terminate the Agreement and Subscription in writing with immediate effect, if:
      1. The Service materially deviates from what has been agreed, provided that the Provider does not within a fifteen (15) day period after the Subscriber’s written notice thereof remedy the Service so that it corresponds to the agreed Service.
      2. The Provider is in material breach of the Agreement and does not remedy the breach within twenty-eight (28) days after the Subscriber’s notice thereof.
      3. The Provider is bankrupt, in liquidation or otherwise insolvent.
      4. For breach of any of the warranties in clauses 16.1 and 16.2.
      • The Provider may terminate the Agreement and Subscription with immediate effect either in whole or in part, if:
      1. The Subscriber is in material breach of the Agreement.
      2. The Subscriber has not paid a due invoice within thirty (30) days of the due date. 
      3. The Subscriber is bankrupt, in liquidation or otherwise insolvent.
    5. Refund or Payment Upon Termination. If the Subscriber terminates the Agreement and Subscription in accordance with Section 15.4, the Provider shall refund the Subscriber for any Subscription Fee which had been paid in advance on a pro rata basis from the date of termination. The Provider’s termination of the Agreement and Subscription in accordance with Section 15.4 does not affect the Subscriber’s obligation to pay the Subscription Fees.
    6. Subscription Expiration. Prior to the termination or expiry of this Agreement, at the Subscriber’s request, the Provider shall assist the Subscriber in exporting or otherwise extracting the Subscriber’s data and analysis, reports, or other manipulation thereof stored with the Service. Once the Subscription has expired, the Provider will remove the Subscriber data stored using the Service within 30 days. The Provider shall not be liable for any loss of data or information stored or processed in the Service after the Subscription has expired. 
  15. Warranty
    1. The Provider represents and warrants that (i) the Service is free from material defects in materials and workmanship and substantially conforms to the Scope of Service described in Appendix B; (ii) the Service and any other information or materials provided to Subscriber under the Agreement are free of any malicious code; (iii) the Provider has acquired and shall maintain in effect at all times during the term of the Agreement any licenses and/or permits and/or mandated insurances necessary for providing the Service and it shall at all times comply with all applicable laws and regulations; (iv) Provider shall perform its obligations under the Agreement in a professional and workmanlike manner, using personnel of appropriate skill, training, and experience; and (v) the Service and any other information or materials provided to Subscriber under the Agreement do not and will not infringe the intellectual property, proprietary, or other rights of any third party or applicable law.
    2. During the term of an applicable Service Order Form, the Provider, at its sole option and expense may make reasonable efforts to correct material defects in the Service that are identified and documented by the Subscriber, and confirmed by the Provider, or may replace the defective Service. The Provider’s obligation hereunder is to replace or make reasonable efforts to take corrective action with regards to such defect. This warranty shall not apply if the Service have been (i) altered, modified, or enhanced without the prior written consent of the Provider; (ii) subjected to misuse, negligence, computer, or electrical malfunction; or (iii) used, adjusted, installed, or operated other than in accordance with any applicable documentation, or as authorized in writing by the Provider.
  16. Miscellaneous
    1. Notices. The Provider shall send invoices and other notices to the invoicing address provided by the Subscriber in the Service Order Form. The Subscriber shall send notices to the Provider at the address noted on the Service Order Form or by sending an email to finance@midaxo.com.  Such notice shall be deemed received on the day of sending if transmitted on a business day or on the first business following transmission if sent on a non-business day.
    2. Dispute. If there is a dispute about this Agreement, the Service, or any non-contractual disputes arising out of this Agreement or Service, the Parties shall make every effort to settle the dispute within thirty (30) days. If the Parties are unable to resolve the dispute, this Agreement and all matters relating to this Agreement will be governed by and construed in accordance with the laws in force as follows: 

      Midaxo, Inc – the laws of the State of Delaware.
      Midaxo, BV – the laws of the Netherlands.
      Midaxo, OY – the laws of Finland.
    3. Amendments to the terms of Agreement 
      Provider may modify any part or all of the Agreement by posting a revised version.  The revised version will become effective and binding the next business day after it is posted. Provider will provide you notice of this revision by email or in-app notification, if Subscriber as “opted-in” for this notification.  Requests to “opt-in” for notification may be sent to support@midaxo.com
    4. Force majeure. The Parties shall be exempted from the obligation to perform and from liability for damages if the Service cannot be supplied or the obligations of the Agreement cannot be complied with due to a force majeure. Force majeure shall mean any circumstance that reasonably has not been anticipated and the effects of which cannot reasonably be overcome or avoided. Such a circumstance may include but are not limited to a national state of emergency, an industrial dispute, a fire, a thunderstorm, a storm, a natural catastrophe, an order of the authorities, cable or other such damage caused by a third party, flood and water damage, overloading in the electrical network, the interruption of the supply of energy or other essential raw material or any other to the effects that are comparable and beyond the Provider’s reasonable control. Force majeure encountered by a subcontractor of the Provider, or a licensor of a service used as part of the Service shall also be considered as a ground for exemption from liability for the Provider.
    5. Severability. Should any provision of this Agreement be deemed or found to be invalid or unenforceable for any reason, such provision shall be severed from the Agreement and the validity or enforceability of the remainder of the Agreement shall not be affected.
    6. Waiver. Failure or neglect by either Party at any time to enforce any of the provisions of the Agreement shall not be construed as, neither shall it be deemed to be, a waiver of the respective rights of that party nor in any way affect the validity of the whole or any part of the Agreement nor prejudice that party’s rights to subsequent action.
    7. Third-party rights. Nothing contained in this Agreement shall confer or purport to confer on any third party any benefit or right to enforce any term of the Agreement.
    8. Insurance. The Provider shall maintain, for the entire term of this Agreement comprehensive commercial general liability policies affording protection of not less than the following for the legal entity as noted on the Service Order.
      1. Midaxo, Inc. – Commercial General Liability USD 1,000,000 per occurrence / USD 2,000,000 aggregate and Professional/Cyber USD 5,000,000 per occurrence / aggregate.
      2. Midaxo, BV – Commercial General Liability EUR 2,000,000 per occurrence / EUR 4,000,000 aggregate and Professional/Cyber EUR 1,500,000 per occurrence / aggregate.
      3. Midaxo, BV – Commercial General Liability EUR 2,000,000 per occurrence / EUR 4,000,000 aggregate and Professional/Cyber EUR 1,500,000 per occurrence / aggregate
  17. Transfer of the Agreement
    1. Neither Party may transfer the Agreement or any of its obligations or rights under the Agreement to a third party without the consent of the non-assigning party, such consent not to be unreasonably withheld or delayed; provided, however, that either Party shall be permitted to assign this Agreement to the acquirer of all or substantially all of the asset or equity of such Party, whether via sale or merger, without the consent of the other Party. The use of the Service by any affiliated companies of the Subscriber is not considered a transfer of the Agreement.
  18. Entire agreement 
    1. This Agreement represents the entire understanding between the parties in relation to the provision of the Service and replaces all prior communications, agreements, representations, warranties, undertakings, and agreements of whatsoever nature whether oral or written between the parties.
  19. Attachments and order of priority
    1. This Agreement with its appendices sets forth the entire agreement and understanding between the Parties relating to the subject matter contained herein and merges all prior discussions between them. In case of any discrepancies between the Agreement documents, they shall prevail in the following order:
      1. Service Order Form that executes this Agreement
      2. This Agreement

Appendix A – Service Level Agreement 


The Provider shall ensure that the Subscriber can access the Service (including without limitation the Amazon platform) continuously, twenty-four (24) hours a day at a rate of 99.5% to 100% (“SaaS Services Uptime Metric”). The SaaS Service Uptime Metric does not apply to performance issues caused by the following:

  • Scheduled maintenance breaks, provided that the Provider uses commercially reasonable efforts to schedule them on weekends or between 2:00 am and 6:00 am Eastern Time on business days.
  • Overall Internet congestion, slowdown, or unavailability
  • Unavailability of generic Internet services (e.g. DNS servers) due to virus or hacker attacks or the Provider’s preventive measure to protect from damage
  • Force majeure events as described in the terms of the Agreement.
  • Actions or inactions of the Subscriber (unless undertaken at the explicit direction of the Provider) or third parties beyond the control of the Provider.
  • A failure of the Subscriber’s equipment or third-party computer hardware, software, or network infrastructure not within the Provider’s sole control
  • Other scheduled maintenance breaks with an advance notice
  • In addition to the scheduled maintenance breaks, larger upgrades and patches may sometimes require additional downtime. In those cases, the Provider will schedule the downtime in advance.

Should the Provider fail to meet the SaaS Services Uptime Metric, the Provider will compensate the Subscriber with a refund as follows:

SaaS Services UptimeCompensation
Between 99.5% – 100%
Between 99.0% – 99.4%5% discount for that month’s subscription fee
Between 99 % – 95%25% discount for that month’s subscription fee
Between 95% – 90%50% discount for that month’s subscription fee
Below 90%100% discount for that month’s subscription fee

Response time

The Provider agrees to the issue response times as follows:

SeverityDescriptionStandard response time
1Critical business impact/service down: Business critical functionality is not working, or the service is unavailable, resulting in a critical impact on the Subscriber’s operations.Within 2 hours during business hours Monday-FridayNext business day outside of business hours
2Significant business impact: A key feature or function is severely restricted in its use. The Subscriber is in jeopardy of missing business deadlines.Within 4 hours during business hours Monday-FridayNext business day outside of business hours
3Minor business impact: A minor issue with the service or with functionality that does not have a critical impact on operations.Next business day
4Minimal business impact: An inquiry or non- technical request.Next business day

For the purposes of this Service Level Agreement, business hours shall mean normal business hours in the location of the Subscriber. 

Appendix B – Scope of Service

Midaxo provides a cloud-based platform for companies to systematize and run their M&A and Corporate Development management processes. Users manage deals end-to-end in a single, unified platform instead of stitching together a CRM, VDR, reporting tool, spreadsheet, and task tracker.  The Midaxo platform systemizes the process from Deal Sourcing through Due Diligence to Post-Merger Integration in a highly secure platform for all types of corporate development dealmaking.  Midaxo supports corporate activities and provides processes to “Find, “Evaluate” and “Deliver”.

The Subscription as detailed in the Services Order Form includes:

  • Use of the Midaxo Platform for the product and number of user seats subscribed.
  • Ongoing platform improvements and enhancements for the platform and additional modules purchased in the attached order form.
  • Number of independent processes included on the order form (e.g., M&A, restructuring, divestment, partnerships).
  • Ongoing general online support that includes technical support/help desk.

Midaxo offers the following products:

  • Pipeline+
    Focus: Pipeline Management, efficient deal sourcing, target tracking, and deal flow reporting.
  • Deal+ 
    Focus: Process Management, systematized deal evaluation, due diligence, and first 100 days of post-merger integration.
  • Enterprise+
    Focus: Strategic Technology, Partnership World-class, technology-enabled M&A capabilities.

Optional Services and Products 

  • In addition to the functions and services included with the Midaxo Platform as detailed in the Midaxo Services Order, subscribers may purchase additional services and products with fees to be quoted and detailed on a Service Order Form.

Appendix C – Midaxo Data Processing Agreement

The Midaxo Data Processing Agreement reflects the parties’ agreement with respect to the Processing of Personal Data by Midaxo on behalf of the Subscriber in connection with the Midaxo Subscription detailed in Midaxo Customer Terms of Service (also referred to in this DPA as the “Terms of Service”). 

This DPA is effective upon Execution of the Midaxo Service Order Form and/or use of the Subscription Service or receiving Professional Services.  

Midaxo may update these terms at its discretion and customers may “opt-in” to receive notification of these updates.  Customers with an active Midaxo subscription can “opt-in” to receive notice of updated Terms of Service. The term of this DPA will follow the term of the Services Order. Terms not otherwise defined in this DPA will have the meaning as set forth in the Terms of Service.

    1. This Data Processing Agreement (“DPA”) sets out the terms and conditions for the Processing of Personal Data by Provider on behalf of Subscriber under the Terms of Service. This DPA is an essential and inseparable part of the Terms of Service. 
    2. Provider acts as a Processor and the Subscriber acts as a Controller of Personal Data. 
    • “California Personal Information” means Personal Data that is subject to the protection of the CCPA.
    • “CCPA” means California Civil Code Sec. 1798.100 et seq. (also known as the California Consumer Privacy Act of 2018).
    • “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
    • “Data Protection Laws” means all applicable worldwide legislation relating to data protection and privacy which applies to the respective party in the role of Processing Personal Data in question under the Agreement, including without limitation European Data Protection Laws (EU Directive 95/46/EC EU and Directive 2002/58/EC, the GDPR and any amendments thereto. (For the sake of clarity, the GDPR shall be applied as of May 25, 2018.), the CCPA and in each case as amended, repealed, consolidated, or replaced from time to time.
    • Data Subject means a natural person whose Personal Data is Processed by Provider under the Terms of Service and this DPA.
    • “European Data Protection Laws (GDPR)” means data protection laws applicable in Europe, including: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; and (iii) applicable national implementations of (i) and (ii); or (iii) GDPR as it forms parts of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 (“UK GDPR”); and (iv) Swiss Federal Data Protection Act on 19 June 1992 and its Ordinance (“Swiss DPA”); in each case, as may be amended, superseded or replaced.  
    • “Permitted Affiliates” means any of Subscriber Affiliates that (i) are permitted to use the Subscription Services pursuant to the Terms of Service, but have not signed their own separate agreement with Midaxo and are not a “Customer” as defined under the Terms of Service, (ii) qualify as a Controller of Personal Data Processed by us, and (iii) are subject to European Data Protection Laws.
    • Personal Data means any information relating to an identified or identifiable natural person, and which Provider is Processing under the Terms of Service or otherwise, and of which Subscriber is a Data Controller.
    • Personal Data Breach means a breach of security leading to destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed, which is adverse to this DPA or Data Protection Regulation or otherwise unlawful.
    • Processing means any operation, or set of operations, performed by Provider on Personal Data, by any means, such as collecting, organizing, storing, amending, retrieving, using, disclosing, transmitting, combining, blocking, erasing, or destructing Personal Data.
    • Security Breach means any act or omission that compromises either the security, confidentiality, or integrity of Subscriber Data or the physical, technical, or administrative safeguards put in place by Provider that relate to the protection of the security, confidentiality, or integrity of Subscriber Data.
    • Standard Contractual Clauses means the contractual clauses issued by the European Commission’s Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (available as of June 2021 and set out at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj), (the “EU SCCs”), and any amendments thereto.
    • “Sub-Processor” means any Processor engaged by Midaxo or its Affiliates to assist in fulfilling Provider obligations with respect to the provision of the Subscription Services under the Terms of Service.  Sub-Processors may include third parties or our Affiliates but will exclude any Midaxo employee or consultant.
    1. Compliance with Laws. Within the scope of the Terms of Service and in its use of the services, Subscriber will be responsible for complying with all requirements that apply to it under applicable Data Protection Laws with respect to its Processing of Personal Data and the Instructions it issues to us.
      1. In particular but without prejudice to the generality of the foregoing, Subscriber acknowledges and agrees that it will be solely responsible for: (i) the accuracy, quality, and legality of Customer Data and the means by which Personal Data was acquired; (ii) complying with all necessary transparency and lawfulness requirements under applicable Data Protection Laws for the collection and use of the Personal Data, including obtaining any necessary consents and authorizations (particularly for use by Customer for marketing purposes); (iii) ensuring you have the right to transfer, or provide access to, the Personal Data to us for Processing in accordance with the terms of the Agreement (including this DPA); (iv) ensuring that your Instructions to us regarding the Processing of Personal Data comply with applicable laws, including Data Protection Laws; and (v) complying with all laws (including Data Protection Laws) applicable to any emails or other content created, sent or managed through the Subscription Services, including those relating to obtaining consents (where required) to send emails, the content of the emails and its email deployment practices. You will inform us without undue delay if you are not able to comply with your responsibilities under this ‘Compliance with Laws’ section or applicable Data Protection Laws.
    2. Controller Instructions. The parties agree that the Terms of Service (including this DPA), together with the Subscriber’s use of the Subscription Service in accordance with the Agreement, constitutes the complete Instructions to Provider in relation to the Processing of Personal Data, so long as Subscriber may provide additional instructions during the subscription term that are consistent with the Terms of Service, the nature and lawful use of the Subscription Service.
    3. Security. The Subscriber is responsible for independently determining whether the data security provided in the Subscription Service adequately meets its obligations under applicable Data Protection Laws. The Subscriber is also responsible for its secure use of the Subscription Service, including protecting the security of Personal Data in transit to and from the Subscription Service (including to securely backup or encrypt any such Personal Data).
    General principles applicable to the Processing of Personal Data. Provider shall: 
    1. Process Personal Data in compliance with Data Protection Regulation and good data processing practice. 
    2. The Provider shall only process Personal Data for the purposes described in this DPA or as otherwise agreed within the scope of Subscriber’s lawful Instructions, except where and to the extent otherwise required by applicable law.  The Provider is not responsible for compliance with any Data Protection Laws applicable to the Subscriber or your industry that are not generally applicable to us.
      1. The Provider shall process the Subscriber Data only on behalf, and at the request and direction, of the Subscriber. unless prescribed otherwise by a provision of Data Protection Regulation applicable to Provider. In such case, Provider shall inform the Subscriber of such requirement without undue delay before beginning the Processing of Personal Data in accordance with the instructions, unless informing of such requirement is prohibited in Data Protection Regulation. In case Provider considers that instructions of Subscriber are in breach of Data Protection Regulation, Provider shall inform Subscriber without undue delay. 
    3. Provider shall, and shall require each of its subcontractors and other third parties that receive, access, or process Subscriber Data to: (i) maintain appropriate administrative, physical, and technical safeguards that comply with all applicable laws to protect the security, confidentiality, and integrity of Subscriber Data against the unintended or unauthorized destruction, loss, alteration, or access of Subscriber Data (the “Safeguards”); (ii) not use, retain, or disclose Subscriber Data without the express written consent of Subscriber, except to the extent necessary to provide the Services to Subscriber, and not take any action that could constitute a sale of Subscriber Data under applicable law, rule, or regulation; (iii) implement and comply with a comprehensive written information security program; and (iv) provide reasonable assistance and cooperation to Subscriber in responding to rights requests from consumers under applicable laws, rules, and regulations (“Requests”), including without limitation, by notifying Subscriber of such Request no later than seventy-two (72) hours after receipt. 
    4. At a minimum and as applicable, the Safeguards shall include: (A) limiting access to Subscriber Data to Representatives unless otherwise agreed in writing by Subscriber; (B) securing business facilities, data center, paper files, servers, back-up systems and computing equipment, (C) implementing network, device application, database and platform security; (D) securing information transmission, storage and disposal; (E) implementing authentication and access controls within media, applications, operating systems and equipment; (F) encrypting Subscriber Data (using industry best technology) while in transit or in storage; (G) strictly segregating Subscriber Data from information of Provider or its other customers so that Subscriber Data is not commingled with any other types of information; (H) implementing appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background check consistent with applicable law; and (I) providing appropriate privacy and information security training to Provider’s employees. 
    5. Ensure that Provider’s staff with access to Personal Data have committed themselves to appropriate confidentiality. 
    6. Carry out the measures prescribed in section 5.2 of this DPA. 
    7. Follow the conditions concerning the use of subcontractors as prescribed in section7 of this DPA. 
    8. Taking into account the information available to Provider, provide reasonable assistance to Subscriber in responding to requests for exercising the rights of Data Subjects where Subscriber does not have the needed information. Provider is entitled to charge Subscriber for additional costs and expenses that were reasonably incurred as a result of complying with this clause.
    9. Taking into account the information available to Provider, provide reasonable assistance to Subscriber in ensuring compliance with its obligations set out in Data Protection Regulation, relating to data security, Personal Data Breaches further defined in section 6 of this DPA, data protection impact assessments, and prior consulting obligations. Provider is entitled to charge Subscriber for additional costs and expenses that were reasonably incurred as a result of complying with this clause.
    10. At the choice of Subscriber, delete or return Personal Data to Subscriber as prescribed in section 11.2 of this DPA. 
    11. Make available to Subscriber all information necessary to demonstrate compliance with obligations set out in this DPA and in Data Protection Regulation. The Subscriber is obliged to keep all such information confidential. Provider is entitled to charge Subscriber for additional costs and expenses that were reasonably incurred as a result of complying with this clause; and 
    12. Allow Subscriber to perform audits as prescribed in section 9 of this DPA. 
    13. Data security.  The provider shall implement technical and organizational measures to ensure an appropriate level of security to protect Personal Data against unauthorized access and loss, destruction, damage, alteration, or disclosure, or against other unlawful Processing. 
      1. Provider shall use best efforts, including the use of commercially available virus detection software and regular patches and penetration testing, to ensure that the Service and any other information and material provided to Subscriber pursuant to this Agreement is free of any viruses, worms, Trojan horses, backdoors, or other malicious computer code, harmful or deleterious program, and any time bombs, logic bombs, time locks, drop dead devices, or similar malicious code (collectively, “Malicious Code”). 
    14. Notify Subscriber if it becomes unable to comply with the CCPA.
    1. In the event of a Security Breach. Provider shall notify Subscriber of all Personal Data Breaches without undue delay, but no later than three (3) business days after Provider has become aware of the Breach. The Data Breach notification shall contain the following:
      1. Description of the nature of the Personal Data Breach, including the categories and approximate number of Data Subjects concerned and the categories and approximate number of data records concerned.
      2. Name and contact details of the contact person of Provider handling the Personal Data Breach.
      3. Description of likely consequences and/or realized consequences of the Personal Data Breach.
      4. Description of the measures Provider has taken to address the Personal Data Breach and to mitigate its adverse effects.  
    2. If it is not possible to provide the information listed at the same time, the information may be provided in phases. 
    3. The Provider shall document Subscriber Data Breaches and disclose the documentation to Subscriber upon Subscriber request.  
    4. After the Provider has become aware of the Personal Data Breach, Provider shall ensure security of Personal Data and take appropriate measures to ensure protection of Personal Data in cooperation with Subscriber.
    1. Subscriber acknowledges and agree that Provider may access and Process Personal Data on a global basis as necessary to provide the Subscription Service in accordance with the Terms of Service, and in particular that Personal Data may be transferred to and Processed by Midaxo in the United States and to other jurisdictions where Midaxo or its Affiliates and Sub-Processors have operations.  Wherever Personal Data is transferred outside its country of origin, each party will ensure such transfers are made in compliance with the requirements of Data Protection Laws. 
    1. Provider is entitled to use sub-processors to Process Personal Data and may engage sub-processors as needed.  Types of services that may be provided by sub-processors include hosting and infrastructure services, integrations, and product support.  Subscriber may request a list of sub-processors by contacting dpasupport@midaxo.com.
    2. Provider is entitled to reduce the number of sub-processors without separate notice. 
    3. Provider shall notify Subscriber about any addition of a sub-processor if the Subscriber “opts-in” for this notification. Subscriber may deny the use of the new sub-processor only if Subscriber has well-grounded doubts about the ability of the sub-processor to comply with Data Protection Regulation. 
    4. Provider shall take appropriate measures to ensure that the used sub-processor comply with the obligations specified in this DPA, including security and confidentiality requirements. Provider is responsible for the performance of its subcontractors as it is responsible for the performance of its own obligations. 
    1. The Parties agree that when Subscriber requests an audit, Subscriber shall appoint a third party who is not in direct competition with Provider, and such third party shall audit Provider’s compliance with obligations set out in this DPA in order for Subscriber to ensure that Provider has fulfilled the obligations set out in this DPA. Subscriber shall ensure that such third party complies with the confidentiality obligations set out in the Terms of Service with regard to Provider’s confidential information received in connection with the audit. Subscriber has the right to request an audit prescribed in this section 8.1 once in every twelve (12) months. Subscriber shall bear the costs and expenses incurred by Provider and Subscriber in connection with the audit. Subscriber shall bear the fees and expenses of the third party. Alternatively, Provider is entitled to provide on request an Information Security Certificate of a reputable third party, such as KPMG, to fulfil Provider’s audit obligation. In this case, Provider bears the cost of the third-party certification.  
    2. Provider shall assist Subscriber and the third party in conducting the audit with reasonable measures. 
    3. If the audit reveals shortcomings, Provider shall correct such shortcomings without delay or at the latest within thirty (30) days of a written notice from Subscriber, unless the Parties agree otherwise. Any material shortcomings that pose an obvious threat to data security shall be rectified without undue delay. 
    Limitation of Liability noted in the Midaxo Customer Terms of Services will also apply to this DPA. 
    1. This DPA becomes effective on the subscription start date and continues to be in effect until termination or expiration of the Service Order, provided no separate assignments for Processing of Personal Data have been concluded by and between the Parties.  
    2. Provider shall Process Personal Data only during the term of this DPA. Upon termination or expiry of this DPA, or upon Subscriber’s written request, Provider shall either destroy or return, either to Subscriber or to a third party designated by Subscriber in writing, Personal Data Processed, unless otherwise required by Data Protection Regulation or other applicable legislation.