Standard Terms and Conditions for Software

Printer-friendly versionPDF version


Supplier represents, warrants and covenants that:

1.1. it acknowledges that Customer is relying on its representation of its experience and expert knowledge, and that any substantial misrepresentation may result in damage to Customer;
1.2. it is the lawful licensee or owner of the Services (excluding any Customer Data therein) and has all the necessary rights in the Services to grant the use of the Services to Customer;
1.3. the Services and any other work performed by Supplier hereunder shall not infringe upon any Canadian or foreign copyright, patent, trade secret, or other proprietary right, or misappropriate any trade secret, of any third-party, and that it has neither assigned nor otherwise entered into an agreement by which it purports to assign or transfer any right, title, or interest to any technology or intellectual property right that would conflict with its obligations under this Agreement;
1.4. it shall maintain in-force written agreements with any third-party (including without limitation subcontractors) whose intellectual property is incorporated into the Services or who is necessary for the performance of the Services, if any, for the term of this Agreement;
1.5. it has the expertise to perform the Services in a competent, workmanlike, and professional manner and in accordance with the highest professional standards;
1.6. it will use its best efforts to ensure that no computer viruses, malware, or similar items (collectively, a “Virus”) are introduced into Customer’s computing and network environment by the Services;
1.7. the Services will conform in all material respects to the specifications, functions, descriptions, standards, and criteria set forth in the Agreement and the Documentation.
1.8. the name of the Supplier as set out in the Agreement is the full legal name of the Supplier.


2.1. Supplier shall comply, and shall require its personnel to comply, with all applicable laws, orders, rules and regulations in the jurisdictions in which the Agreement is performed. Without restricting the generality of the foregoing, Supplier, at its sole expense, shall comply with all employment insurance, workers' compensation, income tax, pension plan, occupational health and safety and environmental protection legislation.


3.1. Customer’s data (“Customer Data,” which shall also be known and treated by Supplier as Confidential Information) shall include: (a) Customer’s data collected, used, processed, stored, or generated as the result of the use of the Services; and, (b) personally identifiable information (“PII“) collected, used, processed, stored, or generated as the result of the use of the Services, including, without limitation, any information that identifies an individual, such as a government-issued identification number, date of birth, address, telephone number, biometric data, mother’s maiden name, email address, credit card information, or an individual’s name in combination with any other of the elements listed herein. As between the Customer and the Supplier, Customer Data is and shall remain the sole and exclusive property of Customer and all right, title, and interest in the same is reserved by Customer.
3.2. Supplier is provided a limited access to Customer Data for the sole and exclusive purpose of providing the Services, including access to collect, process, store, generate, and display Customer Data only to the extent necessary in the providing of the Services. Supplier shall: (a) keep and maintain Customer Data in strict confidence, using such degree of care as is appropriate and consistent with its obligations as further described in this Agreement and applicable law to avoid unauthorized access, use, disclosure, or loss; (b) use and disclose Customer Data solely and exclusively for the purpose of providing the Services, such use and disclosure being in accordance with this Agreement and applicable law; and, (c) not use, sell, rent, transfer, distribute, or otherwise disclose or make available Customer Data for Supplier’s own purposes or for the benefit of anyone other than Customer and/or its authorized users without Customer’s prior written consent. 3.3. Supplier shall, within one (1) business day of Customer’s request, provide Customer, without charge and without any conditions or contingencies whatsoever (including but not limited to the payment of any fees due to Supplier), an extract of the Customer Data in the format specified by Customer.
3.4. As a part of the Services, Supplier is responsible for maintaining a backup of Customer Data and for an orderly and timely recovery of such data in the event that the Services may be interrupted. Unless otherwise described in the Agreement, Supplier shall maintain a contemporaneous backup of Customer Data that can be recovered within two (2) hours at any point in time. Additionally, Supplier shall store a backup of Customer Data in an off-site “hardened” facility no less than daily, maintaining the security of Customer Data, the security requirements of which are further described herein. Any backups of Customer Data shall not be considered in calculating storage used by Customer if applicable.
3.5. In the event of any act, error or omission, negligence, misconduct, or breach that compromises or is suspected to compromise the security, confidentiality, or integrity of Customer Data or the physical, technical, administrative, or organizational safeguards put in place by Supplier that relate to the protection of the security, confidentiality, or integrity of Customer Data, Supplier shall, as applicable: (a) notify Customer as soon as practicable but no later than twenty-four (24) hours of becoming aware of such occurrence; (b) cooperate with Customer in investigating the occurrence, including making available all relevant records, logs, files, data reporting, and other materials required to comply with applicable law or as otherwise required by Customer; (c) in the case of Personally Identifiable Information (PII), at Customer’s sole election, (i) notify the affected individuals who comprise the PII as soon as practicable but no later than is required to comply with applicable law, or, in the absence of any legally required notification period, within five (5) calendar days of the occurrence; or, (ii) reimburse Customer for any costs in notifying the affected individuals; (d) in the case of PII, provide third-party credit and identity monitoring services to each of the affected individuals who comprise the PII for the period required to comply with applicable law, or, in the absence of any legally required monitoring services, for no less than twelve (12) months following the date of notification to such individuals; (e) perform or take any other actions required to comply with applicable law as a result of the occurrence; (f) without limiting Customer’s obligations of indemnification as further described in this Agreement, indemnify, defend, and hold harmless Customer for any and all Claims (as defined herein), including reasonable legal fees, costs, and expenses incidental thereto, which may be suffered by, accrued against, charged to, or recoverable from Customer in connection with the occurrence; (g) be responsible for recreating lost Customer Data in the manner and on the schedule set by Customer without charge to Customer; and, (h) provide to Customer a detailed plan within ten (10) calendar days of the occurrence describing the measures Supplier will undertake to prevent a future occurrence. Notification to affected individuals, as described above, shall comply with applicable law, be written in plain language, and contain, at a minimum: name and contact information of Supplier’s representative; a description of the nature of the loss; a list of the types of data involved; the known or approximate date of the loss; how such loss may affect the affected individual; what steps Supplier has taken to protect the affected individual; what steps the affected individual can take to protect himself or herself; contact information for major credit card reporting agencies; and, information regarding the credit and identity monitoring services to be provided by Supplier.


4.1. “Confidential Information” means all non-public, confidential, personal or proprietary information disclosed by the Customer to the Supplier relating directly or indirectly to its activities or affairs (or the activities or affairs of any organization affiliated with it), whether in writing, or communicated orally or electronically, and including all information obtained by the Supplier through visual inspection of the assets of the Customer (including any documents prepared by the Supplier which contain or otherwise reflect or are generated from the information specified above).
4.2. Except as otherwise permitted in this Agreement, any Confidential Information which the Supplier now has or which may come into its possession in the course of this Agreement, will be kept confidential and will not, without the Customer’s prior written consent, be disclosed by the Supplier in any manner whatsoever, in whole or in part, and will not be used for any purpose other than to provide goods and/or services to the Customer and/or its authorized users. The Supplier may reveal or permit access to the Confidential Information only to its directors, employees, agents or subcontractors (together, “Representatives”) who need to know the Confidential Information, who must be advised of the confidential nature of the Confidential Information, who are directed by the Supplier to hold the Confidential Information in confidence and who agree to be bound by and to act in accordance with the terms and conditions of this Agreement.
4.3. The Supplier shall take all necessary precautions or measures to prevent improper access to, or use or disclosure of, the Confidential Information by its Representatives and shall be jointly and severally responsible for any breach of this Agreement by any of its Representatives.
4.4. The Supplier warrants that the Supplier has made no use or disclosure of any Confidential Information prior to the date of this Agreement, except as permitted by this Agreement.
4.5. Upon termination or expiration of this Agreement, the Supplier shall promptly, and in any event, within five (5) business days after such request from the Customer, return or, only at the written direction of the Customer, destroy all copies of the Confidential Information and other material if they contain any Confidential Information, and shall, only at the written direction of the Customer, delete all Confidential Information from all computer systems and databases. Any Confidential Information that is not returned or destroyed by the Supplier remains subject to the confidentiality obligations under this Agreement.


5.1. Without limiting Supplier’s obligation of confidentiality as further described herein, Supplier shall be responsible for establishing and maintaining a data privacy and information security program, including physical, technical, administrative, and organizational safeguards, that is designed to: (a) ensure the security and confidentiality of the Customer Data; (b) protect against any anticipated threats or hazards to the security or integrity of the Customer Data; (c) protect against unauthorized disclosure, access to, or use of the Customer Data; (d) ensure the proper disposal of Customer Data; and, (e) ensure that all employees, agents, and subcontractors of Supplier, if any, comply with all of the foregoing. In no case shall the safeguards of Supplier’s data privacy and information security program be less stringent than the safeguards used by Customer.
5.2. Without limiting any other audit rights of Customer, Customer shall have the right to review Supplier’s data privacy and information security program prior to the commencement of Services and from time to time during the term of this Agreement. During the providing of the Services, on an ongoing basis from time to time and without notice, Customer, at its own expense, shall be entitled to perform, or to have performed, an on-site audit of Supplier’s data privacy and information security program. In lieu of an on-site audit, upon request by Customer, Supplier agrees to complete, within forty-five (45 days) of receipt, an audit questionnaire provided by Customer regarding Supplier’s data privacy and information security program.
5.3. Supplier shall implement any required safeguards as identified by Customer or by any audit of Supplier’s data privacy and information security program.
5.4. Customer reserves the right, at its sole election, to immediately terminate this Agreement without limitation and without liability if Customer reasonably determines that Supplier fails or has failed to meet its obligations under this provision.


6.1. Supplier is informed that the Customer is subject to the Ontario Freedom of Information and Protection of Privacy Act.
6.2. The Customer shall use all reasonable efforts to hold all information marked "Confidential" by the Supplier in strict confidence where required or permitted by law but shall not be liable for any action as contemplated by Section 62(2) of the Act.
6.3. If the Customer’s response to a request under the Act is appealed to the Information and Privacy Commissioner for Ontario, the Supplier shall have the burden of proof in accordance with Section 53 of the Act. The Supplier shall be responsible for all costs related to its confidentially requirements.


7.1. Customer acknowledges that, in the course of performing the Services, Supplier may use software and related processes, instructions, methods, and techniques that have been previously developed by Supplier (collectively, the “Pre-existing Materials,” which shall include the Services) and that the same shall remain the sole and exclusive property of Supplier.
7.2. Except as expressly set forth herein, no license is granted by either party to the other with respect to the Confidential Information or Pre-existing Materials. Nothing in this Agreement shall be construed to grant to either party any ownership or other interest, in the Confidential Information or Pre-existing Materials, except as may be provided under a license specifically applicable to such Confidential Information or Pre-existing Materials.


8.1. Supplier agrees to indemnify, defend, and hold harmless Customer and its governors, senators, faculty, employees, officers, agents, and students (each, an “Indemnitee“) from and against any and all liabilities, damages, losses, expenses, claims, demands, suits, fines, or judgments (each, a “Claim,” and collectively, the “Claims“), including reasonable legal fees, costs, and expenses incidental thereto, which may be suffered by, incurred by, accrued against, charged to, or recoverable from any Indemnitee, by reason of any Claim arising out of or relating to any act, error or omission, negligence, or misconduct of Supplier, its officers, directors, agents, employees, and subcontractors, during the performance of this Agreement, including, without limitation, Claims arising out of or relating to: (a) bodily injury (including death) or damage to tangible personal or real property; (b) any payment required to be paid to subcontractors, if any, of Supplier; (c) any material misrepresentation or breach of any representation or warranty set forth in this Agreement; or, (d) any material breach of any covenant set forth in this Agreement; provided, however, that the foregoing indemnity shall not apply to the extent that the applicable Claim resulted from the acts or omissions of an Indemnitee.
8.2. Supplier agrees to indemnify, defend, and hold harmless Indemnitees from and against any and all Claims, including reasonable legal fees, costs, and expenses incidental thereto, which may be suffered by, incurred by, accrued against, charged to, or recoverable from any Indemnitee, by reason of any Claim arising out of or relating to the Services infringing or misappropriating any Canadian or foreign patent, copyright, trade secret, trademark, or other proprietary right. In the event that Supplier is enjoined from providing the Services and such injunction is not dissolved within thirty (30) calendar days, or in the event that Customer is adjudged, in any final order of a court of competent jurisdiction from which no appeal is taken, to have infringed upon or misappropriated any patent, copyright, trade secret, trademark, or other proprietary right in the access or use of the Services, then Supplier shall, at its expense: (a) obtain for Customer the right to continue using such Services; (b) replace or modify such Services so that they do not infringe upon or misappropriate such proprietary right and is free to be used by Customer; or, (c) in the event that Supplier is unable or determines, in its reasonable judgment, that it is commercially unreasonable to do either of the aforementioned, Supplier shall reimburse to Customer any prepaid fees and the full cost associated with any Transition Services.
8.3. Promptly after receipt by Customer of a threat, notice, or filing of any Claim against an Indemnitee, Customer shall give notice thereof to Supplier, provided that failure to give or delay in giving such notice shall not relieve Supplier of any liability it may have to the Indemnitee except to the extent that Supplier demonstrates that the defense of the Claim is prejudiced thereby. Supplier shall have sole control of the defense and of all negotiations for settlement of a Claim and Customer shall not independently defend or respond to a Claim; provided, however, that: (a) Customer may defend or respond to a Claim, at Supplier’s expense, if Customer’s counsel determines, in its sole discretion, that such defense or response is necessary to preclude a default judgment from being entered against an Indemnitee; and, (b) Customer shall have the right, at its own expense, to monitor Supplier’s defense of a Claim. At Supplier’s request, Customer shall reasonably cooperate with Supplier in defending against or settling a Claim; provided, however, that Supplier shall reimburse Customer for all reasonable out-of-pocket costs incurred by Customer (including, without limitation, reasonable legal fees and expenses) in providing such cooperation.
8.4. For the purposes of this Section and Supplier’s obligations hereunder, non-party Indemnitees are third-party beneficiaries of this Agreement in accordance with its terms. Any action or consent taken by Customer on its own behalf is binding upon the non-party Indemnitees for the purposes of this provision. Other than as provided for in this provision, this Agreement is for the sole benefit of the signatories hereto and their permitted successors and assigns. Nothing, express or implied, in this Agreement is intended to create or be construed to create any rights of enforcement in any persons or entities who are neither signatories to this Agreement nor non-party Indemnitees.


9.1. Supplier shall, at its own expense, procure and maintain in full force and effect during the term of this Agreement, policies of insurance, of the types and in the minimum amounts as follows, with responsible insurance carriers duly qualified in those jurisdictions where the Services are to be performed, covering the operations of Supplier, pursuant to this Agreement: commercial general liability ($5,000,000 per occurrence, $5,000,000 aggregate); excess liability ($5,000,000 per occurrence, $5,000,000 aggregate); workers’ compensation (statutory limits) and employers’ liability ($500,000 per accident); and, (if applicable) professional liability ($5,000,000 per occurrence, $5,000,000 aggregate).
9.2. Customer shall be named as an additional insured in such policies which shall contain standard cross liability clauses. Supplier shall cause the liability it assumed under this Agreement to be specifically insured under the contractual liability section of the liability insurance policies. The liability policy shall be primary without right of contribution from any insurance by Customer. Such policies shall require that Customer be given no less than thirty (30) calendar days prior written notice of any cancellation thereof or material change therein. Customer shall have the right to request an adjustment of the limits of liability for commercial general liability and professional liability insurance as Supplier’s exposure to Customer increases.
9.3. Supplier shall provide Customer with certificates of insurance evidencing all of the above coverage, including all special requirements specifically noted above, and shall provide Customer with certificates of insurance evidencing renewal or substitution of such insurance thirty (30) calendar days prior to the effective date of such renewal or substitution.


10.1. Any change or deviation under this Agreement must be approved prior to implementation in the form of Change Order in accordance with the following process: a) When a requirement of change to any aspect of this Agreement (e.g. Services, Service Levels, Support, Maintenance, Training, Service Fees, etc.) is identified, the requestor shall prepare a Change Request that summarizes the nature and all information of the change including change description, reasons, risks, benefits, costs, impacts and supporting documentation. b) Change Request must be approved and signed by both the Customer and the Supplier to become Change Order.
10.2. Change Order when executed by both parties forms an amendment to this Agreement between the Customs and the Supplier. The terms and conditions of the Agreement apply, unless stated otherwise in the Change Order.


11.1. The Supplier shall be wholly responsible for expenses incurred in the performance of this Agreement unless a provision of this Agreement explicitly provides for reimbursement of expenses.
11.2. When a provision of this Agreement explicitly provides for reimbursement of expenses, the Customer shall reimburse only: 1) the expenses explicitly listed in the relevant provision of this Agreement, 2) expenses that are reasonable, necessary and actually incurred in the performance of this Agreement subject to the following:
a) Travel will only be paid if pre-approved by the Customer in writing. Expenses for travel include transportation and accommodation but do not include meal and incidentals.
b) Hospitality, incidental or food expenses are not allowable expenses under this Agreement. Hospitality is defined as expenses for people who are not engaged in work for the Customer.
c) The expenses will only be paid for when the original itemized receipts are submitted to the Customer along with invoices.


12.1. The Supplier is and shall remain an independent supplier and not an employee of the Customer. This Agreement does not constitute the Parties as partners, joint venturers or agents of each other and no Party may so represent itself in this manner.
12.2. The Supplier shall retain its independent status throughout this Agreement and will use its own discretion in performing the Services.
12.3. Employees of the Supplier are not the Customer's employees and are not eligible for any benefits conferred on employees of the Customer.
12.4. The Supplier shall be responsible for payment of all taxes, charges, and liabilities applicable in connection with the provision of goods and/or services by the Supplier or the Supplier personnel under this Agreement.


13.1. The Parties agree to meet, negotiate, and attempt to resolve, in good faith, amicably, without litigation, any disagreement, question or difference of opinion between the Parties as to the interpretation, application, or administration of this Agreement, , including any Invoice (a “Dispute”).
13.2. If the Parties cannot resolve any such Dispute within fifteen (15) business days, or such a period as the Parties may subsequently agree, then it shall be submitted to their respective senior representatives with authority to bind the party to meet to resolve the Dispute.
13.3. If the Parties are still unable to resolve the dispute through negotiations within fifteen (15) business days, or such a period as the Parties may subsequently agree, the Parties agree to attempt to resolve the Dispute through mediation by submitting the Dispute to a sole mediator selected jointly by the parties. The Parties agree to participate in good faith in the mediation following appointment of the mediator for such a period as the Parties may agree. The cost of the mediator shall be shared equally by the Parties.
13.4. If the dispute is not resolved through mediation, the parties may agree to arbitration regarding the dispute.
13.5. Nothing in this provision shall limit either Party’s recourse at any time to any Court of competent jurisdiction.


14.1. The Supplier who works with the public (students, staff, faculty, visitors or other third parties) on behalf of the Customer must: 1) comply with the Accessibility Standards issued by the government; 2) ensure that training on the requirements of the Accessibility Standards are provided to its employees who provide goods, services or facilities at or on behalf of the Customer and who participate in developing its policies and procedures; 3) keep records of such training; and 4) provide those records when required by the Customer.


15.1. Supplier agrees to declare any actual or potential Conflict of Interest relating to this Agreement. If no Conflict of Interest is declared, Supplier is deemed to have had no Conflict of Interest in activities related to this Agreement or there is no foreseeable Conflict of Interest in performing the contractual obligations in this Agreement. The term “Conflict of Interest” means 1) in relation to the procurement process, the Supplier has an unfair advantage or engages in conduct, directly or indirectly, that may give it an unfair advantage or 2) in relation to the performance of its contractual obligations contemplated in this Agreement, Supplier’s other commitments, relationships or financial interest could, or could be seen to, exercise an improper influence over the objective, unbiased and impartial exercise of its independent judgement, or could, or could be seen to, compromise, impair or be incompatible with the effective performance of its contractual obligations under this Agreement.


16.1. Supplier may not use at any time Customer’s logo or crest, or any mark owned by the Customer, without explicit prior written consent from Customer.
16.2. Supplier may not at any time directly or indirectly communicate with media, social media or any other third parties in relation to this Agreement for the purpose of advertising, marketing or public relations without first obtaining the written permission from Customer.


17.1. This Agreement shall be governed by and construed in accordance with the laws of the Province of Ontario and applicable federal laws of Canada.


18.1. The Supplier may not assign this Agreement, any interest in the Agreement, in whole or in part, or any entitlement to monies under this Agreement without the prior written consent of the Customer.


19.1. This Agreement, and the agreements and other documents required to be delivered pursuant to this Agreement, constitute the entire agreement between the Parties and set out all the covenants, promises, warranties, representations, conditions and agreements between the Parties in connection with the subject matter of this Agreement and supersede all prior agreements, understandings, negotiations and discussions, whether oral or written, pre-contractual or otherwise. There are no covenants, promises, warranties, representations, conditions or other agreements, whether oral or written, pre-contractual or otherwise, express, implied or collateral, whether statutory or otherwise, between the Parties in connection with the subject matter of this Agreement except as specifically set forth in this Agreement and any document required to be delivered pursuant to this Agreement.


20.1. No amendment or modification of this Agreement and, unless otherwise specified, no consent or approval by any Party, is binding unless executed in writing by the Party to be bound.
20.2. No failure or delay by the Customer in exercising any of its rights or remedies or pursuing any remedies available to it in contract, at law or in equity will in any way constitute a waiver or prohibition on the exercise or pursuit of such rights and remedies in the event of a breach.


21.1. If, in any jurisdiction, any provision of this Agreement or its application to any Party or circumstance is restricted, prohibited or unenforceable, the provision is, as to that jurisdiction, ineffective only to the extent of the restriction, prohibition or unenforceability without invalidating the remaining provisions of this Agreement and without affecting the validity or enforceability of such provision in any other jurisdiction, and without affecting its application to other Parties or circumstances.


22.1. Neither party shall be liable for delays or any failure to perform the Services or this Agreement due to causes beyond its reasonable control. Such delays include, but are not limited to, fire, explosion, flood or other natural catastrophe, governmental legislation, acts, orders, or regulation, strikes or labor difficulties, to the extent not occasioned by the fault or negligence of the delayed party. Any such excuse for delay shall last only as long as the event remains beyond the reasonable control of the delayed party. However, the delayed party shall use its best efforts to minimize the delays caused by any such event beyond its reasonable control. Where Supplier fails to use its best efforts to minimize such delays, the delays shall be included in the determination of Service Level achievement. The delayed party must notify the other party promptly upon the occurrence of any such event, or performance by the delayed party will not be considered excused pursuant to this Section, and inform the other party of its plans to resume performance. A force majeure event does not excuse Supplier from providing Services and fulfilling its responsibilities relating to the requirements of backup and recovery of Customer Data. In no event shall any of the following constitute a force majeure event: (a) failure, inadequate performance, or unavailability of Supplier’s subcontractors, if any; or, (b) configuration changes, other changes, viruses, or other errors or omissions introduced, or permitted to be introduced, by Supplier that result in an outage or inability for Customer to access or use the Services. Within thirty (30) calendar days following the Effective Date and on an annual basis thereafter until the termination of this Agreement, Supplier shall provide its then-current business continuity plan (“Business Continuity Plan”) to Customer upon Customer’s request. The Business Continuity Plan shall include: (a) Services and Customer Data backup and recovery procedures; (b) fail-over procedures; and, (c) how Supplier will interact with its business continuity suppliers, if any. Supplier shall test its Business Continuity Plan on an annual basis until the termination of this Agreement and shall provide the test results to Customer upon Customer’s request.


23.1. Any notice, consent or approval required or permitted to be given in connection with this Agreement shall be in writing and shall be sufficiently given if delivered (whether in person, by courier service or other personal method of delivery), or if transmitted by facsimile or e-mail.
23.2. Any Notice delivered or transmitted to a Party shall be deemed to have been given and received on the day it is delivered or transmitted, provided that it is delivered or transmitted on a business day prior to 5:00 p.m. local time in the place of delivery or receipt. If the Notice is delivered or transmitted after 5:00 p.m. local time or if the day is not a business day, then the Notice shall be deemed to have been given and received on the next business day.


24.1. Term 3 (Customer Data), 4 (Confidentiality), 5 (Data Privacy and Information Security), 6 (Freedom of Information), 7 (Proprietary Rights), 8 (Indemnity) and 16 (No Use of Customer Identity without Prior Consent) shall survive the cancellation, expiry or termination of this Agreement.