Loading...
HomeMy WebLinkAboutCD Online Permit Guide SoftwareCamino CAMINO INC. SOFTWARE SERVICES AGREEMENT Organization Contact Billing Contact (If Different) Customer Name: City of San Rafael, CA Contact Name: Don Jeppson Address: 1400 5th Ave San Rafael, CA 94901 Effective Date: August 1, 2019 Scope of Agreement: Camino will host an online Permit Guide application with the following features: • An online portal where residents and contractors can create an account and view all projects they are working on through the system. • An intelligent Guide that will ask applications a series of questions about their project and inform them whether they need a permit. • If a permit is required for a project, the Guide will generate a customized checklist of steps for the applicant to follow, complete with detailed instructions. • The Guide will flag whether a project falls within geographic zones (like flood or fire zone) and trigger any related rules. • The City will be able to track all submissions into the Guide. • The City will be able to configure and manage the Guide through an entirely self-service admin panel. Fees: The City of San Rafael agrees to pay Camino $15,000 per year for the scope outlined above. Welcome to Camino! Thanks for using our software. This Software Agreement ("Agreement") is entered between Camino, Inc., with its principal place of business at 122 2nd Ave, Suite 200, San Mateo, CA 94401 ("Camino"}, and you, the entity identified above ("Customer"}, as of the Effective Date. This Agreement includes and incorporates the Camino Terms and Conditions attached as Appendix A and the Customer's Terms and Conditions attached as Appendix B. By signing this Agreement, Customer acknowledges that it has reviewed, and agrees to be legally bound by, the Camino Terms and Conditions. MS Signature: Printed Name: Jim chutz Title: 'V City Manager Date: , /,I 4 -5 -sq -7 Camino Nate Levine CSO 8/2/19 pg. 1 Camino Appendix A Camino Terms and Conditions 1. SOFTWARE SERVICES 1.1 Subject to the terms and conditions of these Camino Terms and Conditions (the "Agreement"), Camino will use commercially reasonable efforts to perform the software services (the "Software Services") identified in the applicable Software Agreement entered into by Camino and Customer ("Software Agreement"). 1.2 Customer understands that Camino's performance depends on Customer timely providing Camino with relevant data, feedback and configuration assistance. Any dates or time periods relevant to Camino's Performance will be extended appropriately and equitably to reflect any delays caused by Customer's failure to timely deliver any such materials. Camino shall not be liable for any delays in performance under this Agreement resulting from Customer's failure to meet these obligations. 2. RESTRICTIONS AND RESPONSIBILITIES 2.1 This is a contract for access to the Software Services and Customer agrees not to, directly or indirectly: reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Software Services, documentation or data related to the Software Services, except to the extent such a restriction is limited by applicable law; modify, translate, or create derivative works based on the Software Services; or copy, rent, lease, distribute, assign, sell, or otherwise commercially exploit, transfer, or encumber rights to the Software Services; or remove any proprietary notices. 2.2 Customer will use the Software Services only in compliance with all applicable laws and regulations (including, but not limited to, any export restrictions). 2.3 Customer shall be responsible for obtaining and maintaining any equipment and other services needed to connect to, access or otherwise use the Software Services and Customer shall also be responsible for (a) ensuring that such equipment is compatible with the Software Services, (b) maintaining the security of such equipment, user accounts, passwords and files, and (c) for all uses of Customer user accounts with or without Customer's knowledge or consent. 3. OWNERSHIP. Camino retains all right, title, and interest in the Software Services and all intellectual property rights (including all past, present, and future rights associated with works of authorship, including exclusive exploitation rights, copyrights, and moral rights, trademark and trade name rights and similar rights, trade secret rights, patent rights, and any other proprietary rights in intellectual property of every kind and nature) therein. 3.1 Camino warrants that Camino is the owner of the Software Services and has the right to license it to third parties. Camino will defend, at its expense, any action brought against Customer based on a claim that the Software Services infringe upon a United States patent, copyright, trade secret, or other proprietary right of a third party. Camino agrees to indemnify Customer and hold Customer harmless against damages and costs, including attorney's fees, finally awarded against Customer in such actions. CAMINO'S COMBINED LIABILITY UNDER THIS SECTION AND UNDER SECTION 9 SHALL NOT EXCEED $25,000. 4. CONFIDENTIALITY. Each party (the "Receiving Party") agrees not to disclose (except as permitted herein) any Confidential Information of the other party (the "Disclosing Party") without the Disclosing Party's prior written consent. "Confidential Information" means all confidential business, technical, and financial information of the disclosing party that is marked as "Confidential" or an equivalent designation or that should reasonably be understood to be confidential given the nature of the information and/or the circumstances surrounding the disclosure (including the terms of the pg. 2 Camino applicable Software Agreement). Camino's Confidential Information includes, without limitation, the software underlying the Software Services and all documentation relating to the Software Services. "Confidential Information" does not include "Public Data," which is data that the Customer has previously released or would be required to release according to applicable federal, state, or local public records laws. The Receiving Party agrees: (i) to use and disclose the Confidential Information only in connection with this Agreement; and (ii) to protect such Confidential Information using the measures that Receiving Party employs with respect to its own Confidential Information of a similar nature, but in no event with less than reasonable care. Notwithstanding the foregoing, Confidential Information does not include information that: (i) has become publicly known through no breach by the receiving party; (ii) was rightfully received by the receiving party from a third party without restriction on use or disclosure; or (iii) is independently developed by the Receiving Party without access to such Confidential Information. Notwithstanding the above, the Receiving Party may disclose Confidential Information to the extent required by law or court order, provided that prior written notice of such required disclosure and an opportunity to oppose or limit disclosure is given to the Disclosing Party. 5. PAYMENT OF FEES. The fees for the Software Services ("Fees") are set forth in the applicable Software Agreement. Customer shall pay all Fees within thirty (30) days after the date of Camino's invoice (which Camino typically sends 45 days after the Effective Date). 6. TERM & TERMINATION 6.1 Subject to compliance with all terms and conditions, the first term of this Agreement shall be from the Effective Date and shall continue for a period of twelve (12) months. The Customer will have the option to renew this agreement for a subsequent term. The customer will be billed on an annual basis for each twelve (12) month term, and either party may terminate this Agreement at the end of the applicable term, without penalty, with thirty (30) days prior written notice. If either party materially breaches any term of this Agreement and fails to cure such breach within thirty (30) days after notice by the non -breaching party (ten (10) days in the case of non-payment), the non -breaching party may terminate this Agreement immediately upon notice. - 6.2 Upon termination, Customer will pay in full for all Software Services performed up to and including the effective date of termination. Upon any termination of this Agreement: (a) all Software Services provided to Customer hereunder shall immediately terminate; and (b) each party shall return to the other party or, at the other party's option, destroy all Confidential Information of the other party in its possession. 6.3 All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability. 7. WARRANTY AND DISCLAIMER 7.1 Camino represents and warrants that: (i) it has all right and authority necessary to enter into and perform this Agreement; and (ii) the Software Services shall be performed in a professional and workmanlike manner in accordance with generally prevailing industry standards. 7.2 Customer represents and warrants that (i) it has all right and authority necessary to enter into and perform this Agreement; (ii) it owns all right, title, and interest in and to all data provided to Camino for use in and in connection with this Agreement, or possesses the necessary authorization thereto; and (iii) Camino's use of such materials in connection with the Software Services" will not violate the rights of any third party. 7.3 CAM INO DOES NOT WARRANT THAT THE SOFTWARE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAYBE OBTAINED FROM USE OF THE SOFTWARE SERVICES. EXCEPT ASSET FORTH IN THIS SECTION 8, THE SOFTWARE SERVICES ARE PROVIDED "AS IS" AND CAM INO DISCLAIMS ALL pg. 3 Camino WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON -INFRINGEMENT. 8. LIMITATION OF LIABILITY. NEITHER PARTY, NOR ITS SUPPLIERS, OFFICERS, AFFILIATES, REPRESENTATIVES, CONTRACTORS AND EMPLOYEES, SHALL BE RESPONSIBLE OR LIABLE WITH RESPECTTO ANY SUBJECT MATTER OF THIS AGREEMENT OR RELATED TERMS AND CONDITIONS UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY, OR OTHER THEORY: (A) FOR ERROR OR INTERRUPTION OF USE OR FOR LOSS OR INACCURACY OF DATA OR COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES OR LOSS OF BUSINESS; (B) FOR ANY INDIRECT, EXEMPLARY, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES; OR (C) FOR ANY MATTER BEYOND SUCH PARTY'S REASONABLE CONTROL, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. IN NO EVENT SHALL EITHER PARTY'S AGGREGATE, CUMULATIVE LIABILITY FOR ANY CLAIMS ARISING OUT OF OR IN ANY WAY RELATED TO THIS AGREEMENT EXCEED $25,000. 9. MISCELLANEOUS. Capitalized terms not otherwise defined in these Terms and Conditions have the meaning set forth in the applicable Software Agreement. Neither party shall be held responsible or liable for any losses arising out of any delay or failure in performance of any part of this Agreement, other than payment obligations, due to any act of god, act of governmental authority, or due to war, riot, labor difficulty, failure of performance by any third -party service, utilities, or equipment provider, or any other cause beyond the reasonable control of the party delayed or prevented from performing. Camino shall have the right to use and display Customer's logos and trade names for marketing and promotional purposes in connection with Camino's website and marketing materials, subject to Customer's trademark usage guidelines (as provided to Camino). If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable or transferable by either party without the other party's prior written consent, provided however that either party may assign this Agreement to a successor to all or substantially all of its business or assets. This Agreement (including the Software Agreement) is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications, and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties. No agency, partnership, joint venture, or employment is created as a result of this Agreement and neither party has any authority of any kind to bind the other party in any respect. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys' fees. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. This Agreement shall be governed by the laws of the State of California without regard to its conflict of laws provisions. Jurisdiction of any litigation arising from the Agreement will be in Santa Clara County, California. 10. INSURANCE. Camino shall maintain for the duration of this Agreement the following insurance: 10.1 Commercial General Liability including coverage for premises, products -and completed operations, independent contractors/vendors, personal injury and contractual obligations with combined single limits of coverage of at least $1,000,000 per occurrence. 10.2 Automobile Liability, including owned, non -owned and hired vehicles, with at least the following limits of liability: (1) Primary Bodily Injury with limits of at least $500,000 per person, $1,000,000 per occurrence; and (2) Primary Property Damage of at least $250,000 per occurrence; or (3) Combined single limits of $1,000,000 per occurrence. 10.3 Workers Compensation on a state -approved policy form providing statutory benefits as required by law with employer's liability limits no less than $1,000,000 per accident or disease. pg. 4 Camino Appendix B City of San Rafael Additional Terms Definitions "Hosted" as a description of the services provided shall be defined as a software delivery method where Camino owns and/or oversees the infrastructure, hardware, software and administrative tasks and makes the system available to Customer over the Internet. "Non -Public Data" shall be defined as information that has not been lawfully made available to the general public from federal, state, or local government records. "Personally Identifiable Information" shall be defined as information containing an individual's first name (or first initial) and last name, in combination with any one or more of the following data elements: a. Social Security number; b. Driver's license number or California identification card number; c. Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account; d. Medical information, consisting of any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; and/or e. Health insurance information, consisting of an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records; f. A user name or email address, in combination with a password or security question and answer that would permit access to an online account. Personally identifiable information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. "PCI Data" shall be defined as Cardholder Data (including, without limitation, primary account number, cardholder naive, expiration date, and service code) and Sensitive Authentication Data (including without limitation full magnetic stripe data or the equivalent on a chip, CAV2/CVC2/CW2/CID, PINS/PIN block), as such terms are defined by the PCI Security Standards Council. "Data Breach" shall be defined as an incident in which Protected Information has potentially been viewed, stolen or used by an individual unauthorized to do so. "Security Incident" shall be defined' as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices which may lead to a Data Breach. Data Protection, possibly Protection of personal privacy and data shall be an integral part of Camino's section 4.1 if included as business activities to ensure there is no inappropriate or unauthorized use of art of Appendix A. Customer information at any time. To this end, Camino shall safeguard the pg. 5 Camino pg. 6 confidentiality, integrity and availability of Protected Information and comply with the following conditions: a. Camino shall implement and maintain appropriate administrative, technical and organizational security measures to safeguard against unauthorized access, disclosure or theft of Protected Information. Such security measures shall be in accordance with recognized industry practice and not less stringent than the measures Camino applies to its own Personally Identifiable Information and Non -Public Data of similar kind. b. Customer will own and retain all right, title and interest to all data obtained by Camino in the performance of this Agreement. Camino shall not access Customer accounts or data, except (1) in the course of data center operations, (2) in response to service or technical issues, (3) as required by the express terms of this Agreement, or (4) at Customer's written request. c. Camino shall ensure hard drive encryption consistent with validated cryptography standards as referenced in FIPS 140-2, Security Requirements for Cryptographic Modules for all Personally Identifiable Information. Personally Identifiable Information shall be encrypted at rest and in transit with controlled access. Unless otherwise stipulated, Camino is responsible for encryption of the Personally Identifiable Information. Any stipulation of responsibilities will identify specific roles and responsibilities and shall be included in a service level agreement (SLA), or otherwise made a part of this Agreement. e. At no time shall any data or processes — that either belong to or are intended for the use of Customer or its officers, agents or employees — be copied, disclosed or retained by Camino or any party related to Camino for subsequent use in any transaction that does not include Customer. f. Camino shall not use any information collected in connection with the service issued from this Agreement for any purpose other than fulfilling the service. g. At any time, Customer may request a full export of its data. Camino will provide an export electronically within 72 hours of the request. Data Location, possibly Camino shall provide its services to Customer and its end users solely from section 4.2 if included as data centers in the U.S. Storage of Customer data at rest shall be located solely part of Appendix A. in data centers in the U.S. Camino shall not allow its personnel or contractors to store Customer data on portable devices, including personal computers, except for devices that are used and kept only at its U.S. data centers. Camino shall permit its personnel and contractors to access Customer data remotely only as required to provide technical support. Camino will provide technical user support from 8am-6 m M -F. Security Incident or Data Camino shall notify Customer of any Security Incident or Data Breach. Breach Notification, a. Security Incident Response: Both parties acknowledge that Camino may possibly section 4.3 if need to communicate with outside parties regarding a Security Incident, which included as part of may include contacting law enforcement, fielding media inquiries and seeking Appendix A. external expertise as mutually agreed upon, defined by law or contained iri this Agreement. b. Security Incident Reporting Requirements: Camino shall report any Security Incident involving the Software Service, including a potential Data Breach, to Customer within two (2) business days of Camino becoming aware of such Security Incident. c. Data Breach Reporting Requirements: If Camino has actual knowledge of a confirmed Data Breach, or reasqnabl_y believes that there has been a Data pg. 6 Camino pg. 7 Breach, that affects the security of Customer data, Camino shall promptly notify Customer in writing within 48 hours or sooner, unless shorter time is required by applicable law. Data Breach This section only applies when a Data Breach occurs with respect to Responsibilities, possibly Personally Identifiable Information within Camino's possession or control. section 4.4 if included as a. Following notification as specified above, Camino shall (1) take part of Appendix A. commercially reasonable measures to address the Data Breach in a timely manner, (2) cooperate with Customer as reasonably requested by Customer to investigate and resolve the Data Breach, (3) promptly implement necessary remedial measures, if necessary, and (4) document responsive actions taken related to the Data Breach, including any post -incident review of events and actions taken to make changes in business practices in providing the services, if necessary. c. Unless otherwise stipulated, if a Data Breach is a direct result of Camino's breach of its obligation to encrypt Personally Identifiable Information or otherwise prevent its release, Camino shall bear the costs associated with (1) the investigation and resolution of the Data Breach; (2) notifications to individuals, regulators or others required by state law; (3) a credit monitoring service required by state (or federal) law; (4) a website or a toll-free number and call center for affected individuals required by state law — all not to exceed the average per record per person cost calculated for data breaches in the United States (currently $201 per record/ person) in the most recent Cost of Data Breach Study: Global Analysis published by the Ponemon Institute34 at the time of the data breach; and (5) complete all corrective actions as reasonably determined by Camino based on root cause; all [(l) through (5)] subject to this Agreement's limitation of liability or insurance coverage, whichever is greater. Notification of Legal Camino shall contact Customer upon receipt of any electronic discovery, Requests, possibly section litigation holds, discovery searches and expert testimonies related to 4.5 if included as part of Customer's data under this Agreement, or which in any way might reasonably Appendix A. require access to Customer's data. Camino shall not respond to subpoenas, service of process and other legal requests related to Customer without first notifying Customer, unless prohibited by law from providing such notice. Data Handling in the a. In the event of a termination of the Agreement, Camino shall implement an Event of Termination or orderly return of Customer data in a CSV or another mutually agreeable Suspension, possibly format at a time agreed to by the parties and the subsequent secure disposal of section 6.4 if included as Customer data. part of Appendix A. b. During any period of service suspension, Camino shall not take any action to intentionally erase any Customer data. c. In the event of termination of any services or agreement in entirety, Camino shall not take any action to intentionally erase any Customer data for a period of- - 10 days after the effective date of termination, if the termination is in accordance with the contract period. - 30 days after the effective date of termination, if the termination is for convenience. - 60 days after the effective date of termination, if the termination is for cause. After such period, Camino shall have no obligation to maintain or provide any Customer data and shall thereafter, unless legally prohibited, delete all Customer data in its systems or otherwise in its possession or under its control. pg. 7 Camino Pg. 8 d. Customer shall be entitled to any post -termination assistance generally made available with respect to the services, unless a unique data retrieval arrangement has been established as part of an SLA. e. Camino shall securely dispose of all requested data in all of its forms, such as disk, CD/DVD, backup tape and paper, when requested by Customer. Data shall be permanently deleted and shall not be recoverable, according to NIST - approved methods. Certificates of destruction shall be provided to Customer. PCI Compliance and Data a. Camino warrants that, during the term of this Agreement, (1) all system Center Audits, possibly components, people, processes, and the cardholder data environment that are section 4.6 if included as used in Camino's collection, transmittal, or other processing of PCI Data on part of Appendix A. behalf of Customer are and shall remain compliant with the applicable provisions of PCI DSS; and (2) Camino's payment application, is and shall remain compliant with PA -DSS. b. On an annual basis or upon Customer's request, Camino shall provide Customer with an Attestation of Compliance or Attestation of Validation confirming such compliance. Accessibility Standards, Camino shall comply with and adhere to Accessibility Standards of Section possibly section 2.4 if 508 Amendment to the Rehabilitation Act of 1973. included as part of Appendix A. Cybersecurity Insurance, During the term of this Agreement, Camino shall maintain, at no expense to possibly section 10.4 if Customer, a cyber/data breach liability insurance policy in the minimum included as part of amount of one million dollars ($1,000,000) per occurrence/two million dollars Appendix A. ($2,000,000) aggregate. Pg. 8 RAf WITH CONTRACT ROUTING FORM INSTRUCTIONS: Use this cover sheet to circulate all contracts for review and approval in the order shown below. TO BE COMPLETED BY INITIATING DEPARTMENT PROJECT MANAGER: Contracting Department: Community Development Project Manager: Don Jeppson, CBO Extension: 3357 Contractor Name: Camino Inc Contractor's Contact: Nate Levine Contact's Email: nate@camino.ai ❑ FPPC: Check if Contractor/Consultant must file Form 700 DESCRIPTION Step RESPONSIBLE V COMPLETED REVIEWER DEPARTMENT a. Email PINS Introductory Notice to Contractor DATE Check/Initial 1 Project Manager 7/10/2019 7/10/2019 1 b. Email contract (in Word) and attachments to City I Attorney c/o Laraine.Gittens@cityofsanrafael.org , ® LG 2 City Attorney a. Review, revise, and comment on draft agreement 7/15/2019 and return to Project Manager 7/15/2019 ® LG b. Confirm insurance requirements, create Job on (N/A) PINS, send PINS insurance notice to contractor Approval of final agreement form to send to Click or tap ❑ 3 Department Director contractor to enter a date. 4 Project Manager Forward three (3) originals of final agreement to Click here to ❑ contractor for their signature r -t.— ° date 5 Project Manager When necessary, contractor -signed agreement ® N/A agendized for City Council approval * *City Council approval required for Professional Services Agreements and purchases of goods and services that exceed Or $75,000; and for Public Works Contracts that exceed $175,000 Click here to Date of City Council approval enter a date. PRINT CONTINUE ROUTING PROCESS WITH HARD COPY 6 Project Manager Forward signed original agreements to City City Attorney Attorney with printed copy of this routing form 7 Review and approve hard copy of signed agreement Review and approve insurance in PINS, and bonds 8 City Attorney j d D Dt13 /p 44`ft (for Public Works Contracts) ` 7 9 City Manager/ Mayor Agreement executed by City Council authorized G l cf _ j C� official 10 City Clerk Attest signatures, retains original agreement and forwards copies to Project Manager