Loading...
HomeMy WebLinkAboutED Camino Software Services 2018Customer Name: Contact Name: Address: Telephone: Email: CAMINO INC. SOFTWARE SERVICES AGREEMENT Organization Contact City of San Rafael, CA Danielle O'Leary 1125 B St San Rafael, CA 94901 Billing Contact (If Different) Effective Date: May 30, 2018 Scope of Agreement: • Camino will provide the City of San Rafael with a hosted version of its Permit Guide product for use as an Online Cannabis Licensing System. The system will include: o An online portal (available 24/7) where public users can create an account, fill out a series of customizable fields, and submit an application for a Cannabis License with the City. o The ability to accept fee payment by credit card when submitting the Application. o The ability for the applicant to upload and attach relevant documents to their submission. o A management panel where City users can view and print submissions and related content. • Camino will assist with all implementation and configuration required leading to the target launch date of June Pt, 2018. Fees: The City of San Rafael agrees to pay Camino $25,000 per year for the scope outlined above. In addition, the City agrees that there will be a 3% fee subtracted from each payment. This fee will be passed on to Camino's payment processor. Welcome to Camino! Thanks for using our software. This Software Agreement ("Agreement") is entered between Camino, Inc., with its principal place of business at 134 Carroll Street, #102, Sunnyvale, CA 94086 ("Camino"}, and you, the entity identified above ("Customer"}, as of the Effective Date. This Agreement includes and incorporates the Camino Terms and Conditions attached as Appendix A and the Customer's Terms and Conditions attached as Appendix B. By signing this Agreement, Customer acknowledges that it has reviewed, and agrees to be legally bound by, the Camino Terms and Conditions. Signature: Printed Name: Title: City Manager Date: pg. 1 RIGINA ~ Camino Appendix A Camino Terms and Conditions 1. SOFTWARE SERVICES 1.1 Subject to the terms and conditions of these Camino Terms and Conditions (the "Agreement"), Camino will use commercially reasonable efforts to perform the software services (the "Software Services") identified in the applicable Software Agreement entered into by Camino and Customer ("Software Agreement"). 1.2 Customer understands that Camino's performance depends on Customer timely providing Camino with relevant data, feedback and configuration assistance. Any dates or time periods relevant to Camino's Performance will be extended appropriately and equitably to reflect any delays caused by Customer's failure to timely deliver any such materials. Camino shall not be liable for any delays in performance under this Agreement resulting from Customer's failure to meet these obligations. 2. RESTRICTIONS AND RESPONSIBILITIES 2.1 This is a contract for access to the Software Services and Customer agrees not to, directly or indirectly: reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Software Services, documentation or data related to the Software Services, except to the extent such a restriction is limited by applicable law; modify, translate, or create derivative works based on the Software Services; or copy, rent, lease, distribute, assign, sell, or otherwise commercially exploit, transfer, or encumber rights to the Software Services; or remove any proprietary notices. 2.2 Customer will use the Software Services only in compliance with all applicable laws and regulations (including, but not limited to, any export restrictions). 2.3 Customer shall be responsible for obtaining and maintaining any equipment and other services needed to connect to, access or otherwise use the Software Services and Customer shall also be responsible for (a) ensuring that such equipment is compatible with the Software Services, (b) maintaining the security of such equipment, user accounts, passwords and files, and (c) for all uses of Customer user accounts with or without Customer's knowledge or consent. 3. OWNERSHIP. Camino retains all right, title, and interest in the Software Services and all intellectual property rights (including all past, present, and future rights associated with works of authorship, including exclusive exploitation rights, copyrights, and moral rights, trademark and trade name rights and similar rights, trade secret rights, patent rights, and any other proprietary rights in intellectual property of every kind and nature) therein. 3.1 Camino warrants that Camino is the owner of the Software Services and has the right to license it to third parties. Camino will defend, at its expense, any action brought against Customer based on a claim that the Software Services infringe upon a United States patent, copyright, trade secret, or other proprietary right of a third party. Camino agrees to indemnify Customer and hold Customer harmless against damages and costs, including attorney's fees, finally awarded against Customer in such actions. CAMINO'S COMBINED LlABILIlY UNDER THIS SECTION AND UNDER SECTION 9 SHALL NOT EXCEED $25,000. 4. CONFIDENTIALIlY. Each party (the "Receiving Party") agrees not to disclose (except as permitted herein) any Confidentiallnformatfon of the other party (the "Disclosing Party") without the Disclosing Party's prior written consent. "Confidential Information" means all confidential business, technical, and financial information ofthe disclosing party that is marked as "Confidential" or an equivalent designation or that should reasonably be understood to be confidential given the nature of the information and/or the circumstances surrounding the disclosure (including the terms of the pg.2 ~ Camino . . applicable Software Agreement). Camino's Confidential Information includes, without limitation, the software underlying the Software Services and all documentation relating to the Software Services. "Confidential Information" does not include "Public Data," which is data that the Customer has previously released or would be required to release according to applicable federal, state, or local public records laws. The Receiving Party agrees: (i) to use and disclose the Confidential Information only in connection with this Agreement; and (ii) to protect such Confidential Information using the measures that Receiving Party employs with respect to its own Confidential Information of a similar nature, but in no event with less than reasonable care. Notwithstanding the foregoing, Confidential Information does not include information that: (i) has become publicly known through no breach by the receiving party; (ii) was rightfully received by the receiving party from a third party without restriction on use or disclosure; or (iii) is independently developed by the Receiving Party without access to such Confidential Information. Notwithstanding the above, the Receiving Party may disclose Confidential Information to the extent required by law or court order, provided that prior written notice of such required disclosure and an opportunity to oppose or limit disclosure is given to the Disclosing Party. 5. PAYMENT OF FEES. The fees for the Software Services ("Fees") are set forth in the applicable Software Agreement. Customer shall pay all Fees within thirty (30) days after the date of Camino's invoice (which Camino typically sends 45 days after the Effective Date). 6. TERM & TERMINATION 6.1 Subject to compliance with all terms and conditions, the first term ofthis Agreement shall be from the Effective Date and shall continue for a period of twelve (12) months. The Customer will have the option to renew this agreement for a subsequent term. The customer will be billed on an annual basis for each twelve (12) month term, and either party may terminate this Agreement at the end of the applicable term, without penalty, with thirty (30) days prior written notice. If either party materially breaches any term ofthis Agreement and fails to cure such breach within thirty (30) days after notice by the non-breaching party (ten (10) days in the case of non-payment), the non -breaching party may terminate this Agreement immediately upon notice. - 6.2 Upon termination, Customer will pay in full for all Software Services performed up to and including the effective date of termination. Upon any termination of this Agreement: (a) all Software Services provided to Customer hereunder shall immediately terminate; and (b) each party shall return to the other party or, at the other party's option, destroy all Confidential Information of the other party in its possession. 6.3 All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability. 7. WARRANTY AND DISCLAIMER 7.1 Camino represents and warrants that: (i) it has all right and authority necessary to enter into and perform this Agreement; and (ii) the Software Services shall be performed in a professional and workmanlike manner in accordance with generally prevailing industry standards. 7.2 Customer represents and warrants that (i) it has all right and authority necessary to enter into and perform this Agreement; (ii) it owns all right, title, and interest in and to all data provided to Camino for use in and in connection with this Agreement, or possesses the necessary authorization thereto; and (iii) Camino's use of such materials in connection with the Software Services" will not violate the rights of any third party. 7.3 CAMINO DOES NOT WARRANT THAT THE SOFTWARE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SOFTWARE SERVICES. EXCEPT AS SET FORTH IN THIS SECTION 8, THE SOFTWARE SERVICES ARE PROVIDED "AS IS" AND CAMINO DISCLAIMS ALL pg.3 -:P Camino WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. 8. LIMITATION OF LIABILITY. NEITHER PARTY, NOR ITS SUPPLIERS, OFFICERS, AFFILIATES, REPRESENTATIVES, CONTRACTORS AND EMPLOYEES, SHALL BE RESPONSIBLE OR LIABLE WITH RESPECT TO ANY SUBJECT MATTER OF THIS AGREEMENT OR RELATED TERMS AND CONDITIONS UNDER ANY CONTRACT, NEGLIGENCE, STRICT LIABILITY, OR OTHER THEORY: {A} FOR ERROR OR INTERRUPTION OF USE OR FOR LOSS OR INACCURACY OF DATA OR COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES OR LOSS OF BUSINESS; {B} FOR ANY INDIRECT, EXEMPLARY, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES; OR (C) FOR ANY MATTER BEYOND SUCH PARTY'S REASONABLE CONTROL, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. IN NO EVENT SHALL EITHER PARTY'S AGGREGATE, CUMULATIVE LIABILITY FOR ANY CLAIMS ARISING OUT OF OR IN ANY WAY RELATED TO THIS AGREEMENT EXCEED $25,000. 9. MISCELLANEOUS. Capitalized terms not otherwise defined in these Terms and Conditions have the meaning set forth in the applicable Software Agreement. Neither party shall be held responsible or liable for any losses arising out of any delay or failure in performance of any part of this Agreement, other than payment obligations, due to any act of god, act of governmental authority, or due to war, riot, labor difficulty, failure of performance by any third-party service, utilities, or equipment provider, or any other cause beyond the reasonable control of the party delayed or prevented from performing. Camino shall have the right to use and display Customer's logos and trade names for marketing and promotional purposes in connection with Camino's website and marketing materials, subject to Customer's trademark usage guidelines {as provided to Camino}. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable or transferable by either party without the other party's prior written consent, provided however that either party may assign this Agreement to a successor to all or substantially all of its business or assets. This Agreement {including the Software Agreement} is the complete and exclusive statement ofthe mutual understanding ofthe parties and supersedes and cancels all previous written and oral agreements, communications, and other understandings relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed by both parties. No agency, partnership, joint venture, or employment is created as a result of this Agreement and neither party has any authority of any kind to bind the other party in any respect. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys' fees. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested. This Agreement shall be governed by the laws of the State of California without regard to its conflict of laws provisions. Jurisdiction of any litigation arising from the Agreement will be in Santa Clara County, California. 10. INSURANCE. Camino shall maintain for the duration of this Agreement the following insurance: 10.1 Commercial General Liability including coverage for premises, products -and completed operations, independent contractors/vendors, personal injury and contractual obligations with combined single limits of coverage of at least $1,000,000 per occurrence. 10.2 Automobile Liability, including owned, non-owned and hired vehicles, with at least the following limits of liability: {1} Primary Bodily Injury with limits of at least $500,000 per person, $1,000,000 per occurrence; and {2} Primary Property Damage of at least $250,000 per occurrence; or {3} Combined single limits of $1,000,000 per occurrence. 10.3 Workers Compensation on a state-approved policy form providing statutory benefits as required by law with employer's liability limits no less than $1,000,000 per accident or disease. pg.4 Camino Appendix B City of San Rafael Additional Terms Notes -Section Recommending Wording Definitions "Hosted" as a description of the services provided shall be defined as a software delivery method where Camino owns and/or oversees the infrastructure, hardware, software and administrative tasks and makes the system available to Customer over the Internet. "Non-Public Data" shall be defined as information that has not been lawfully made available to the general public from federal, state, or local government records. "Personally Identifiable Information" shall be defined as information containing an individual's first name (or first initial) and last nanle, in combination with anyone or more of the following data elements: a. Social Security number; b. Driver's license number or California identification card number; c. Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account; d. Medical information, consisting of any infornlation regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; and/or e. Health insurance information, consisting of an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records; f. A user name or email address, in combination with a password or security question and answer that would permit access to an online account. Personally Identifiable Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. "PCI Data" shall be defined as Cardholder Data (including, without limitation, primary account number, cardholder name, expiration date, and service code) and Sensitive Authentication Data (including without limitation full magnetic stripe data or the equivalent on a chip, CAV2/CVC2/CW2/CID, PINs/PIN block), as such terms are defined by the PCI Security Standards Council. "Data Breach" shall be defined as an incident in which Personally Identifiable Information has potentially been viewed, stolen or used by an individual unauthorized to do so. "Security Incident" shall be defined as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices which may lead to a Data Breach. pg.S Camino Data Protection, possibly section 4.1 if included as part of Appendix A. Data Location, possibly section 4.2 if included as part of Appendix A. Security Incident or Data Breach Notification, possibly section 4.3 if included as part of Appendix A. Protection of personal privacy and data shall be an integral part of Camino's business activities to ensure there is no inappropriate or unauthorized use of Customer information at any time. To this end, Camino shall safeguard the confidentiality, integrity and availability of Personally Identifiable Information and comply with the following conditions: a. Camino shall implement and maintain appropriate administrative, teclmical and organizational security measures to safeguard against unauthorized access, disclosure or theft of Personally Identifiable Information. Such security measures shall be in accordance with recognized industry practice and not less stringent than the measures Camino applies to its own Personally Identifiable Information and Non-Public Data of similar kind. b. Customer will own and retain all right, title and interest to all data obtained by Camino in the performance of this Agreement. Camino shall not access Customer accounts or data, except (1) in the course of data center operations, (2) in response to service or technical issues, (3) as required by the express terms of this Agreement, or (4) at Customer's written request. c. Camino shall ensure hard drive encryption consistent with validated cryptography standards as referenced in FIPS 140-2, Security Requirements for Cryptographic Modules for all Personally Identifiable Information. Personally Identifiable Information shall be encrypted at rest and in transit with controlled access. Unless otherwise stipulated, Camino is responsible for encryption of the Personally Identifiable Information. Any stipulation of responsibilities will identify specific roles and responsibilities and shall be included in a service level agreement (SLA), or otherwise made a part of this Agreement. e. At no time shall any data or processes -that either belong to or are intended for the use of Customer or its officers, agents or employees -be copied, disclosed or retained by Camino or any party related to Camino for subsequent use in any transaction that does not include Customer. f. Camino shall not use any information collected in cOlmection with the service issued from this Agreement for any purpose other than fulfilling the serVIce. g. At any time, Customer may request a full export of its data. Camino will provide an export electronically within 72 hours of the request. Camino shall provide its services to Customer and its end users solely from data centers in the U.S. Storage of Customer data at rest shall be located solely in data centers in the U.S. Camino shall not allow its personnel or contractors to store Customer data on portable devices, including personal computers, except for devices that are used and kept only at its U.S. data centers. Camino shall permit its personnel and contractors to access Customer data remotely only as required to provide technical support. Camino will provide technical user support from 8am-6pm M-F. Camino shall notify Customer of any Security Incident or Data Breach. a. Security Incident Response: Both parties acknowledge that Camino may need to communicate with outside parties regarding a Security Incident, which may include contacting law enforcement, fielding media inquiries and seeking external expertise as mutually agreed upon, defined by law or contained in this Agreement. b. Security Incident Reporting Requirements: Camino shall report any Security Incident involving the Software Service, including a potential Data Breach, to pg.6 (:amino Data Breach Responsibilities, possibly section 4.4 if included as part of Appendix A. Notification of Legal Requests, possibly section 4.5 if included as part of Appendix A. Data Handling in the Event of Termination or Suspension, possibly section 6.4 if included as part of Appendix A. Customer within two (2) business days of Camino becoming aware of such Security Incident. c. Data Breach Reporting Requirements: If Camino has actual knowledge of a confirmed Data Breach, or reasonably believes that there has been a Data Breach, that affects the security of Customer data, Camino shall promptly notify Customer in writing within 48 hours or sooner, unless shorter time is required by applicable law. This section only applies when a Data Breach occurs with respect to Personally Identifiable Information within Camino's possession or control. a. Following notification as specified above, Camino shall (1) take commercially reasonable measures to address the Data Breach in a timely manner, (2) cooperate with Customer as reasonably requested by Customer to investigate and resolve the Data Breach, (3) promptly implement necessary remedial measures, if necessary, and (4) document responsive actions taken related to the Data Breach, including any post-incident review of events and actions taken to make changes in business practices in providing the services, if necessary. c. Unless otherwise stipulated, if a Data Breach is a direct result of Camino's breach of its obligation to encrypt Personally Identifiable Information or otherwise prevent its release, Camino shall bear the costs associated with (1) the investigation and resolution of the Data Breach; (2) notifications to individuals, regulators or others required by state law; (3) a credit monitoring service required by state (or federal) law; (4) a website or a toll-free number and call center for affected individuals required by state law -all not to exceed the average per record per person cost calculated for data breaches in the United States (currently $201 per record! person) in the most recent Cost of Data Breach Study: Global Analysis published by the Ponemon Institute34 at the time of the data breach; and (5) complete all corrective actions as reasonably determined by Camino based on root cause; all [(1) through (5)] subject to this Agreement's limitation of liability or insurance coverage, whichever is greater. Camino shall contact Customer upon receipt of any electronic discovery, litigation holds, discovery searches and expert testimonies related to Customer's data under this Agreement, or which in any way might reasonably require access to Customer's data. Camino shall not respond to subpoenas, service of process and other legal requests related to Customer without first notifying Customer, unless prohibited by law from providing such notice. a. In the event of a termination of the Agreement, Can1ino shall implement an orderly return of Customer data in a CSV or another mutually agreeable fOfll1at at a time agreed to by the parties and the subsequent secure disposal of Customer data. b. During any period of service suspension, Camino shall not take any action to intentionally erase any Customer data. c. In the event of tefll1ination of any services or agreement in entirety, Camino shall not take any action to intentionally erase any Customer data for a period of: -10 days after the effective date of termination, if the termination is in accordance with the contract period. pg. 7 ~ Camino PCI Compliance and Data Center Audits, possibly section 4.6 if included as part of Appendix A. Accessibility Standards, possibly section 2.4 if included as part of AppendixA. Cybersecurity Insurance, possibly section 10.4 if included as part of AppendixA. -30 days after the effective date of termination, if the termination is for convemence. -60 days after the effective date of termination, if the termination is for cause. After such period, Camino shall have no obligation to maintain or provide any Customer data and shall thereafter, unless legally prohibited, delete all Customer data in its systems or otherwise in its possession or under its control. d. Customer shall be entitled to any post-termination assistance generally made available with respect to the services, unless a unique data retrieval arrangement has been established as part of an SLA. e. Camino shall securely dispose of all requested data in all of its forms, such as disk, CD/DVD, backup tape and paper, when requested by Customer. Data shall be permanently deleted and shall not be recoverable, according to NIST- approved methods. Certificates of destruction shall be provided to Customer. a. Camino warrants that, during the term of this Agreement, (1) all system components, people, processes, and the cardholder data environment that are used in Camino's collection, transmittal, or other processing of PC I Data on behalf of Customer are and shall remain compliant with the applicable provisions of PC I DSS; and (2) Camino's payment application, is and shall remain compliant with P A-DSS. b. On an annual basis or upon Customer's request, Camino shall provide Customer with an Attestation of Compliance or Attestation of Validation confirming such compliance. Camino shall comply with and adhere to Accessibility Standards of Section 508 Amendment to the Rehabilitation Act of 1973. During the term of this Agreement, Camino shall maintain, at no expense to Customer, a cyber/data breach liability insurance policy in the minimum amount of one million dollars ($1,000,000) per occurrence/two million dollars ($2,000,000) aggregate. pg.8 CONTRACT ROUTING FORM INSTRUCTIONS: Use this cover sheet to circulate all contracts for review and approval in the order shown below. TO BE COMPLETED BY INITIATING DEPARTMENT PROJECT MANAGER: Contracting Department: Economic Development Project Manager: Danielle O'Leary Extension: 3460 Contractor Name: Camino, Inc. Contractor's Contact: Nate Levine Contact's Email: nate@oncamino.com D FPPC: Check if Contractor/Consultant must file Form 700 Step RESPONSIBLE DESCRIPTION DEPARTMENT 1 Project Manager a. Email PINS Introductory Notice to Contractor b. Email contract (in Word) & attachments to City Atty c/o Laraine.Gittens@cityofsanrafael.org 2 City Attorney a. Review, revise, and comment on draft agreement and return to Project Manager b. Confirm insurance requirements, create Job on PINS, send PINS insurance notice to contractor 3 Project Manager Forward three (3) originals of final agreement to contractor for their signature 4 Project Manager When necessary, * contractor-signed agreement agendized for Council approval *PSA > $20,000; or Purchase> $35,000; or Public Works Contract> $125,000 Date of Council approval PRINT CONTINUE ROUTING PROCESS WITH HARD COPY 5 Project Manager Forward signed original agreements to City Attorney with printed copy of this routing form 6 City Attorney Review and approve hard copy of signed agreement 7 City Attorney Review and approve insurance in PINS, and bonds (for Public Works Contracts) lJ / ~ 8 City Manager / Mayor Agreement executed by Council author'ized official 9 City Clerk Attest signatures, retains original agreement and forwards copies to Project Manager COMPLETED DATE Click here to enter a date. 5/17/18 6/4/2018 Click here to enter a date. Click here to enter a date. D N/A Or Click here to enter a date 6/13/18 ~ I J3/ 19" Ie 11 -:) ler hv I ~-!t --\J \I\ REVIEWER Check/Initial D IZl IZl LG D -- D D kJ!- U2r ~ ~