THIS AGREEMENT is made effective on the date specified on the signature page below (the “Effective Date”) between the duly licensed franchisee of Boston Pizza Canada Limited Partnership (“BPCLP”) specified on the signature page below (“Franchisee”) and BEVY LABS, INC. (“Bevy”), and is made pursuant to an Order Form and Bevy Labs, Inc. SaaS Agreement made effective October 31, 2022 between Boston Pizza International Inc. (“BPI”) and Bevy (the “Master Agreement”).
WHEREAS:
NOW THEREFORE in consideration of the premises, mutual covenants and agreements contained in this Agreement and other good and valuable consideration (the receipt and sufficiency of which is hereby acknowledged), Franchisee and Bevy covenant and agree as follows:
The parties acknowledge and agree that: (i) this Agreement is being made pursuant to the Master Agreement and that BPI is paying Bevy fees under the Master Agreement in order to permit Franchisee to have access to the Services pursuant to this Agreement; (ii) this Agreement will automatically terminate in the event that the Master Agreement expires or is terminated for any reason; and (iii) neither BPI nor BPCLP will be liable to Bevy for any act or omission of Franchisee, any breach by Franchisee of this Agreement or for any loss or damage suffered by Bevy as a result of Franchisee’s use of the Services.
Subject to the terms and conditions of this Agreement, Bevy will provide Franchisee with access to the Services through the Internet, solely for BPI’s and Franchisee’s internal use. The software underlying the Services will be hosted on a server under the control or direction of Bevy or its hosting provider. The Services are subject to modification from time to time at Bevy’s sole discretion, for any purpose deemed appropriate by Bevy; provided that Bevy will not materially decrease the aggregate features and/or functionalities of the Services during the Term of this Agreement.
Bevy reserves the right to suspend Franchisee’s access to the Services: (i) for scheduled or emergency maintenance, or (ii) in the event Franchisee is in breach of this Agreement, including without limitation, failure to pay any amounts due to Bevy. Bevy will give Franchisee written notice prior to any suspension, unless such suspension is for emergency maintenance.
Subject to the terms and conditions hereof, Bevy will provide reasonable support to Franchisee for the Services.
Franchisee will not, and will not encourage or facilitate any third party to: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Services or any software provided by Bevy, documentation or data output from the Services (provided that reverse engineering is prohibited only to the extent such prohibition is not contrary to applicable law); modify, translate, or create derivative works based on the Services, software provided by Bevy, or any data output from the Services; except as expressly permitted herein, use the Services or software for timesharing or service bureau purposes; use the Services or software other than in accordance with this Agreement and in compliance with all applicable laws and regulations (including but not limited to any privacy laws, and laws and regulations concerning intellectual property, consumer and child protection, obscenity or defamation); except as expressly permitted by the functionalities of the Services, run or use any processes that run or are activated while Franchisee is not logged on to the Services or that “crawl,” “scrape,” or “spider” the Services; or use the Services or software in any manner that (1) is harmful, fraudulent, deceptive, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, or otherwise objectionable (including without limitation, accessing any computer, computer system, network, software, or data without authorization, breaching the security of another user or system, and/or attempting to circumvent any user authentication or security process), (2) impersonates any person or entity, including without limitation any employee or representative of Bevy, or (3) contains a virus, trojan horse, worm, time bomb, unsolicited bulk, commercial, or “spam” message, malware, or other harmful computer code, file, or program (including without limitation, password guessing programs, decoders, password gatherers, keystroke loggers, cracking tools, packet sniffers, and/or encryption circumvention programs).
Franchisee will reasonably cooperate with Bevy in connection with the performance of this Agreement by making available such personnel and information as may be reasonably required, and taking such other actions as Bevy may reasonably request to assist in its provision of the Services. Franchisee will also cooperate with Bevy in establishing a password or other procedures for verifying that only designated employees of Franchisee have access to any administrative functions of the Services. Each Franchisee end-user of the Services (collectively, “Authorized Users”) must (a) be a current employee, consultant, contractor or agent of Franchisee using the Services only on Franchisee’s behalf and for Franchisee’s, BPCLP’s or BPI’s direct benefit, and (b) be bound by confidentiality obligations that are no less protective of the Services than the terms set forth in this Agreement. Franchisee will be directly responsible to Bevy with respect to all actions and/or inactions of its Authorized Users.
Franchisee hereby agrees to defend, indemnify and hold Bevy harmless against any damages, losses, liabilities, settlements and expenses (including without limitation costs and attorneys’ fees), in each case, that are paid or payable to un-Affiliated third parties in connection with any claim or action that alleges any (i) infringement, violation or misappropriation of any intellectual property or proprietary right(s) by any Customer Data (as defined below), including, without limitation, in connection with distribution and/or analysis thereof through the Services, and/or (ii) violation of applicable law(s) and/or regulations by Franchisee in performance of its obligations and/or exercise of its rights pursuant to this Agreement; provided Franchisee is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and sole control over defense and settlement thereof. “Affiliate” means any entity controlling, controlled by, or under common control with a party hereto, where “control” means the ownership of more than 50% of the voting securities in such entity.
Bevy hereby agrees to defend, indemnify and hold Franchisee harmless against any damages, losses, liabilities, settlements and expenses (including without limitation costs and attorneys’ fees), in each case, that are paid or payable to un-Affiliated third parties as a result of any third party claim or action that (i) alleges the infringement, violation or misappropriation of any intellectual property or proprietary right(s) of any third party by the Services (excluding all Customer Data), or (ii) arising from violation of applicable law(s) and/or regulations by Bevy in performance of its obligations and/or exercise of its rights pursuant to this Agreement; provided that Bevy is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and sole control over defense and settlement thereof. The foregoing obligations do not apply with respect to portions or components of the Services provided by Bevy (i) not created by or on behalf of Bevy, (ii) resulting in whole or in part in accordance from BPI’s or Franchisee’s specifications, (iii) that are modified after delivery by Bevy, (iv) combined with other data, products, processes or materials where the alleged infringement arises out of such combination, (v) where Franchisee continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Franchisee’s use of the Services is not strictly in accordance with this Agreement and all related documentation.
Bevy hereby will at all times during the Term (defined below) comply with the Security and Compliance policy attached to this Agreement. To the extent that Bevy processes any payments on behalf of Franchisee, Bevy will comply at all times with the PCI-DSS requirements then in effect.
Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose information relating to the Disclosing Party’s technology or business (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Notwithstanding the foregoing, the Services are Bevy’s Proprietary Information, and the Customer Data provided by Franchisee is Franchisee’s Proprietary Information.
The Receiving Party agrees: (i) except as required to perform its respective obligations and/or exercise its rights pursuant to this Agreement, not to disclose to any third party any such Proprietary Information, (i) to give access to such Proprietary Information solely to those employees and contractors with a need to have access thereto for purposes of this Agreement (and who are bound by written confidentiality obligations as protective of the Disclosing Party’s Proprietary Information as this Agreement), and (iii) to take the same security precautions to protect against unauthorized access to or unauthorized use of such Proprietary Information that such party takes with its own proprietary information, but in no event will a party apply less than reasonable precautions to protect such Proprietary Information. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party, (b) was in its possession or known by it prior to receipt from the Disclosing Party, (c) was or is rightfully disclosed to it without restriction by a third party, or (d) was or is independently developed without use of any Proprietary Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing Proprietary Information pursuant to any judicial or governmental order, provided that the Receiving Party (to the extent legally permissible) gives the Disclosing Party reasonable prior notice of such disclosure to contest such order. Notwithstanding anything to the contrary, Bevy may collect data with respect to, use, and report on, the aggregate response rate and other aggregate measures of the Services’ performance and Franchisee’s use of the Services (including without limitation, Customer Data); provided that Bevy will not identify (or disclose any information or data that could reasonably be used to identify) Franchisee or any individual without Franchisee’s prior written consent.
Both parties will have the right to disclose the existence but not the terms and conditions of this Agreement, unless such disclosure is approved in writing by both Parties prior to such disclosure, or is included in a filing required to be made by a party with a governmental authority (provided such party will use reasonable efforts to obtain confidential treatment or a protective order) or is made on a confidential basis as reasonably necessary to potential investors and/or acquirors.
Except as expressly set forth herein, Bevy alone (and its licensors, where applicable) will retain all intellectual property rights relating to the Services and related software provided by Bevy to Franchisee hereunder. Franchisee will not copy, distribute, reproduce or use any of the foregoing except as expressly permitted under this Agreement. Except as expressly set forth herein, this Agreement is not a sale and does not convey to Franchisee any rights of ownership in or related to the Services or related software, or any intellectual property rights. Notwithstanding anything to the contrary, Franchisee hereby grants Bevy a perpetual, worldwide, transferable, sublicensable, royalty-free, non-exclusive license to use, disclose and otherwise fully exploit any suggestions, enhancement requests, feedback, and/or recommendations provided by or on behalf of Franchisee regarding the Services.
Franchisee and its licensors shall (and Franchisee hereby represents and warrants that they do) have and retain all right, title and interest (including, without limitation, sole ownership of) all content and data provided by or on behalf of Franchisee and/or its Authorized Users (collectively, “Customer Data”) and the intellectual property rights with respect to that Customer Data. If Bevy receives any notice or claim that any Customer Data, or activities hereunder with respect to any Customer Data, may infringe or violate rights of a third party or any applicable law or regulation, Bevy may (but is not required to) suspend activity hereunder with respect to that Customer Data. Franchisee, on behalf of itself and its suppliers and licensors (as applicable) hereby grants Bevy a worldwide, non-transferable, non-sublicensable, nonexclusive license to view, copy, reformat, distribute, display and analyze the Customer Data solely in connection with Bevy’s performance of the Services.
Unless earlier terminated in accordance with this Section 5, this Agreement shall commence on the Effective Date and expire on October 30, 2023 (the “Initial Term”). After the Initial Term, this Agreement will automatically renew for successive renewal terms of twelve (12) months each (collectively with the Initial Term, the “Term”), unless and until either party provides the other with at least thirty (30) days’ written notice of its intention not to renew prior to the end of the then-current Term.
Either party hereto may terminate this Agreement upon thirty (30) calendar days’ prior written notice in the event of any breach of this Agreement by the other party hereto (including, without limitation, by Bevy in the event of any breach by Franchisee of Section 2.2.
Either party may terminate this Agreement, upon written notice, (i) upon the institution by or against the other party of insolvency, receivership or bankruptcy proceedings (provided such proceedings are not dismissed within one hundred twenty (120) days of such institution), (ii) upon the other party's making an assignment for the benefit of creditors, or (iii) upon the other party's dissolution or ceasing to do business without a successor.
Franchisee’s access to the Services, and any licenses granted hereunder to Franchisee, shall terminate upon any termination of this Agreement. Subject to the foregoing, the following Sections will survive any termination of this Agreement: 2.1, 2.3, 2.4, 3 through 5, 7 through 10, and any accrued rights to payment.
Each party represents and warrants to the other party that (a) it has the legal right and power to enter into this Agreement, (b) the performance of its obligations hereunder will not violate or conflict with any agreements, contracts or other arrangements to which it is a party, and (c) the execution of this Agreement and the performance by it of the transactions contemplated hereby have been duly authorized by all necessary corporate action and any other consents required to be obtained by it have been obtained.
EXCEPT AS EXPRESSLY PROVIDED HEREIN, THE SERVICES, DOCUMENTATION, AND ANYTHING ELSE PROVIDED BY BEVY IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED ON AN “AS IS” BASIS. FRANCHISEE ASSUMES ALL RESPONSIBILITIES FOR SELECTION OF THE SERVICES TO ACHIEVE FRANCHISEE’S INTENDED RESULTS, AND FOR THE USE OF, AND RESULTS OBTAINED FROM, THE SERVICES. BEVY HEREBY DISCLAIMS ANY AND ALL ADDITIONAL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. BEVY SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, QUALITY AND FITNESS FOR A PARTICULAR PURPOSE. BEVY DOES NOT WARRANT THAT THE SERVICES, DATA PROVIDED, AND/OR ANYTHING ELSE PROVIDED IN CONNECTION WITH THIS AGREEMENT WILL BE ERROR-FREE OR THAT THE SERVICES WILL WORK WITHOUT INTERRUPTIONS. THE FOREGOING LIMITATIONS WILL APPLY EVEN IF THE ABOVE STATED REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
IN NO EVENT WILL EITHER PARTY HERETO OR THEIR LICENSORS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE SERVICES, OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT, ANY DELAY OR INABILITY TO USE THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, LOSS OF REVENUE OR ANTICIPATED PROFITS OR LOST BUSINESS OR LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.
EXCEPT FOR GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR BREACH OF SECTION 3, OR INDEMNITY FOR THE INFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS, THE TOTAL LIABILITY OF EACH PARTY AND ITS LICENSORS, WITH RESPECT TO THIS AGREEMENT, AND/OR ANY SERVICES PROVIDED, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE OR STRICT LIABILITY), OR OTHERWISE, WILL NOT EXCEED, IN THE AGGREGATE, THE AMOUNT OF FEES PAID TO BEVY UNDER THE MASTER AGREEMENT IN THE TWELVE-MONTH PERIOD ENDING ON THE DATE THAT A CLAIM OR DEMAND IS FIRST ASSERTED (OR, IN THE CASE A CLAIM OR DEMAND IS ASSERTED WITHIN THE FIRST TWELVE (12) MONTHS DURING THE TERM OF THE MASTER AGREEMENT, THE AMOUNT OF FEES THAT WOULD BE PAYABLE DURING THE FIRST TWELVE (12) MONTHS OF THE TERM OF THE MASTER AGREEMENT). WITH RESPECT TO BREACH OF ANY INFORMATION SECURITY OBLIGATIONS, OR SECURITY BREACH, THE FOREGOING CAP IS HEREBY INCREASED BY FOUR TIMES (4x). THE FOREGOING LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
Notwithstanding anything to the contrary, Franchisee may not provide to any person or export or re-export or allow the export or re-export of the Services or any software or anything related thereto or any direct product thereof (collectively “Controlled Subject Matter”), in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. Without limiting the foregoing Franchisee acknowledges and agrees that the Controlled Subject Matter will not be used or transferred or otherwise exported or re-exported to countries as to which the United States maintains an embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders (collectively, “Designated Nationals”). The lists of Embargoed Countries and Designated Nationals are subject to change without notice. Use of the Services is representation and warranty that the user is not located in, under the control of, or a national or resident of an Embargoed Country or Designated National. The Controlled Subject Matter may use or include encryption technology that is subject to licensing requirements under the U.S. Export Administration Regulations. As defined in FAR section 2.101, any software and documentation provided by Bevy are “commercial items” and according to DFAR section 252.227-7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement.
If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable, transferable or sublicensable by either party, except with the other party’s prior written consent; provided that each party may transfer and/or assign this Agreement to a successor in connection with a sale of all or substantially all of its business or assets to which this Agreement relates. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties hereto, and supersedes and cancels all previous written and oral agreements, communications and other understandings between the parties hereto relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed or otherwise agreed to by both parties, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and neither party has any authority of any kind to bind the other in any respect whatsoever. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Neither party shall be liable to the other for any delay or non-performance of its obligations (excluding payment of any Fees) under this Agreement to the extent that such delay or non-performance is due to a Force Majeure Event. “Force Majeure Event” means any cause not within the reasonable control of a party, including, without limitation, any act of God, natural disaster, pandemic, war, terrorism, and/or general infrastructure outages or failures. This Agreement will be governed by the laws of the State of New York, U.S.A. without regard to its conflict of laws provisions.
IN WITNESS WHEREOF, the Parties hereto have entered into this Agreement with effect as of the Effective Date.
Information Security Continuity Policy
Information security is at the heart of the business continuity process within our organization and the overarching approach to our ISMS is a fundamental part of the business continuity consideration itself. The way the ISMS is designed is to make it iterative, dynamic and evolving as the business continues to evolve and grow and that informs the business continuity management process too.
This document outlines important considerations with respect to information security continuity at Bevy.
A base understanding of information security continuity is relevant to all staff. Matters regarding actual implementation are particularly important for ISMS board, management and engineering.
1.1.Planning information security continuity
Risk management is at the core of information security continuity at Bevy. Information, assets, risks and policies/controls created throughout our ISMS are done with the intention of understanding interruptions and their impact on the business. Business continuity is designed based on the probability of occurrence taking into account the confidentiality, integrity and availability of the information and assets on the business' ability to continue performing as expected.
As part of the broader risk assessment, events that can cause interruptions to business processes are identified, along with the probability and impact of such interruptions and their consequences for information security.
Any assessments and related treatment plans are hosted in our cloud-based ISMS, which in turn is certified against numerous information security-related standards, as visible at https://www.isms.online/our-credentials/. This ensures a reasonable level of confidence of our plans being available to members of our staff as needed, though snapshots of plans can also be downloaded for offline access.
1.2.Implementing information security continuity
Again, risk management is a critical aspect of information security management at Bevy and likewise at the very core of business continuity within the organization. Many risks in our register are informed by potential impact on business continuity. As per our documented risk management methodology, the scoring of risks based on potential impact on confidentiality, integrity and availability (CIA) and the risk’s likelihood of occurrence allows clear prioritization. This in turn informs prioritization of individual implementation projects.
It should be noted that information security continuity implementation is greatly aided by the very nature of our organization:
1.3.Verify, review and evaluate information security continuity
Testing and maintaining the business continuity plan to ensure it is consistent with our information security objectives is done on the basis of the following:
In the spirit of learning from the thinking and practices of some of the most forward-thinking software service organizations, we fully intend to implement chaos engineering practices to proactively and routinely test and evaluate the resiliency of our services and processes.
Bevy security will verify compliance with this policy through various methods, including in particular internal and/or external audits.
Comments or questions about this document should be directed to Bevy Security at security@bevylabs.com or Bevy-internal in the #security Slack channel.
Date |
Version |
Author |
Changes |
May 15, 2018 |
1.0 |
Alex Bendig |
Initial version. |
March 21, 2021 |
1.1 |
Constantine Abanda |
Annual Review |
April 21, 2021 |
1.2 |
Constantine Abanda |
Annual Review |
May 23, 2022 |
1.3 |
Constantine Abanda |
Annual Review |
Version 1.3 Bevy Labs - Proprietary