Print or Save

cPanel & WebHost Manager End User License Agreement


IMPORTANT: THIS SOFTWARE END-USER LICENSE AGREEMENT IS A LEGAL AGREEMENT BETWEEN YOU (EITHER AN INDIVIDUAL OR, IF PURCHASED OR OTHERWISE ACQUIRED BY OR FOR AN ENTITY, AN ENTITY) AND CPANEL. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE. AMONG OTHER PROVISIONS, IT PROVIDES A LICENSE TO USE THE SOFTWARE AND CONTAINS TERMINATION AND WARRANTY INFORMATION AND LIABILITY DISCLAIMERS. BY INSTALLING AND USING THE SOFTWARE, YOU CONFIRM YOUR ACCEPTANCE OF THE SOFTWARE AND YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA. IF YOU DO NOT AGREE TO BE BOUND BY THESE TERMS, THEN DO NOT INSTALL THE SOFTWARE AND RETURN THE SOFTWARE TO YOUR WEBSITE OR PLACE OF PURCHASE FOR A FULL REFUND.

1. Definitions.

1.1 “Activated” has the meaning given in Section 2.5.2.

1.2 “Agreement” means both the EULA and the Pricing and Term Agreement.

1.3 “Applicable Law” means applicable international, federal, state or local laws, statutes, ordinances, regulations or court orders.

1.4 “Beta Version” means any version of the Software released by cPanel for testing as determined by cPanel in its sole discretion, including, without limitation, versions of the Software designated by cPanel as “BETA” or “EDGE”. This does not create any obligation on our part to develop, productize, support, repair, offer for sale, or in any other way continue to provide or develop the Beta Version either to you, or to any other entity.

Products that are classified as “Beta Version” may have limitations associated with their use such as disk utilization restrictions or suspended email functionality. You agree to these limitations and may not bypass or circumvent them. Doing so is a material breach of your agreements with cPanel.

1.5 “cPanel” means cPanel, L.L.C.

1.6 “cPanel Usage Data” means all data collected by cPanel in connection with the use of the Software by You or any Third Party Users, including (a) the licensed or unlicensed status of the Software; (b) the source from which the license for the Software was obtained (i.e., cPanel or a cPanel affiliate); and (c) information about the server upon which the Software is installed (including the Licensed Server) including (i) the public IP address, (ii) the operating system, (iii) the use of any virtualization technologies on such server, and (iv) data utilized to prevent and combat various server attacks by hackers or their hardware, including, but not limited to, assaults such as spam attacks, brute force attacks, dictionary attacks, phishing, pharming, and the like. Additionally, “cPanel Usage Data” may also include information collected by cPanel from time to time concerning which features of the Software are most often used in order to improve and make adjustments to the Software.

1.7 “cPanel Distributor” means a cPanel Partner who has met the requirements to become a cPanel Distributor as determined by cPanel.

1.8 “cPanel Partner” means a cPanel partner who has entered into a valid and existing Partner NOC Agreement with cPanel.

1.9 “EULA" means this End-User License Agreement.

1.10 “Intellectual Property Rights” means trade secret rights, rights in know-how, moral rights, copyrights, patents, trademarks (and the goodwill represented thereby), and similar rights of any type under the laws of any governmental authority, domestic or foreign, including all applications for and registrations of any of the foregoing.

1.11 “Licensed Server” means the single server operating solely from the IP address identified by You in the Pricing and Term Agreement to which the terms and conditions of this Agreement shall apply. A Licensed Server may be a Virtual Private Server. You may update the IP address associated with the Licensed Server from time to time during the Term (a) by visiting http://www.cpanel.net/store/ or such other URL as cPanel may designate from time to time; (b) in the case of cPanel Partners, by using the Manage Interface (as defined in the Partner NOC Agreement); or (c) by such other method as cPanel may elect to provide from time to time during the Term.

1.12 “Manage Interface” means cPanel’s customer service, license management and Incident tracking system or such successor system as cPanel may designate from time to time which is presently available at https://manage2.cpanel.net/ or such other URL as cPanel may designate from time to time. Only cPanel Partners and cPanel Distributors may access and use the Manage Interface. The term “Incident” shall have the meaning given to it in the Technical Support Agreement.

1.13 “Pricing and Term Agreement” means, as applicable, the (a) Pricing and Term Agreement entered into between You and cPanel in connection with the license of the Software which sets forth (among other things) pricing, term and payment provisions of this Agreement; (b) pricing and payment provisions of the cPanel Partner NOC Agreement entered into between You and cPanel; or (c) pricing and payment provisions of any agreement between You and a cPanel Partner (or other third party authorized to grant You the license) pursuant to which You obtained a license to use the Software. The Pricing and Term Agreement is hereby incorporated by reference and made a part of this Agreement as though fully set forth herein.

1.14 “Software” means the cPanel software program(s) supplied by cPanel together with this Agreement, including cPanel & WebHost Manager (but not including cPanel Server Suite) and corresponding documentation, source code, object code, Updates, user interfaces (including, without limitation, any web-based interfaces), printed materials and online or electronic documentation, excluding any third party components.

1.15 “Term” means the term of this Agreement as set forth by the term of the license obtained by You (a) in connection with the Pricing and Term Agreement; (b) in connection with the Partner NOC Agreement; or (c) from a cPanel Partner or other third party authorized to grant You the license.

1.16 “Territory” means the world, except to the extent that use or distribution of the Software in certain countries or regions would cause either party to violate Section 9.15 (Export Controls).

1.17 “Trademarks” means all domestic and international trademarks, service marks, logos, trade names, trade dress, including all goodwill represented by each of the foregoing, whether registered or unregistered, of cPanel including, without limitation, CPANEL (USPTO Registration No. 3058679 and CTM Registration No. 004908299), the cPanel logo (USPTO Registration No. 3290579), WEBHOST MANAGER (USPTO Registration No. 3246206), WHM (USPTO Registration No. 3282420) and ENKOMPASS (USPTO Trademark Application Serial No. 77673202). cPanel may add to the foregoing non-exclusive list of cPanel Trademarks by updating the cPanel Trademark Usage Policy which is located at http://www.cpanel.net/trademarkup.htm (or such other URL as may be designated by cPanel from time to time) and which may be updated by cPanel in its sole discretion from time to time (also referred to as “Exhibit 4” herein).

1.18 “Third Party Users” means authorized end users of the Software on the Licensed Server.

1.19 “Updates” means any bug fixes, patches and other modifications of the Software provided to You by cPanel.

1.20 “Virtual Private Server” means a virtual server operating on a single physical server upon which multiple virtual servers may operate.

1.21 “You” or “Your” means or refers to the individual or entity entering into this Agreement with cPanel, whether or not such terms are capitalized in this Agreement.

1.22 "cPanel Solo" means the Software described as “cPanel Solo” in the cPanel & WHM Pricing and Term Agreement.

1.23 "WordPress Toolkit" means the Software described as “WordPress Toolkit” in the cPanel & WHM Pricing and Term Agreement.

2. License.

2.1 License Grant. During the Term, solely within the Territory and subject to the terms and conditions of this Agreement, cPanel grants You a limited, non-exclusive, license to (a) install and use the Software on the Licensed Server only, and (b) make a single back-up copy of the Software for archival purposes. Except as provided in Sections 2.2 (Sublicensing) and 2.3 (Transfer of License), the foregoing license is non-transferable, non-assignable and non-sublicensable. If the WordPress Toolkit Software licensed pursuant to this Agreement is licensed on a multiple account basis, each Licensed Server may not exceed the fixed limit of WordPress Toolkit accounts purchased by you, if such a limitation applies.

2.2 Sublicensing.

2.2.1 Grant of Sublicense. You may sublicense the right to use (but not the right to install or make a back-up copy) the Software to Third Party Users solely on the Licensed Server; provided that (a) each Third Party User must enter into an agreement with You governing such user’s use of the Software on the Licensed Server (Third Party Agreement); (b) as part of such Third Party Agreement, each Third Party User must agree to the Flow-Through Provisions set forth in Section 2.2.3 as a condition of the Third Party User’s use of the Software; (c) the term of the Third Party Agreement and the scope of the license granted in the Third Party Agreement shall be no greater than the Term of this Agreement and the scope of the limited rights granted in this Section 2.2; and (d) each Third Party User must be eighteen years of age or older.

2.2.2 Grant of Sublicensing Rights to Third Party Users. You may grant to Third Party Users the right to sublicense the use of the Software to third party sublicensees (each such third party sublicensee shall also constitute a “Third Party User” for purpose of this Agreement) solely on the Licensed Server provided that Your sublicense grant is (a) subject to and in accordance with all obligations of this Section 2.2; (b) limited to the Term of this Agreement; and (c) no greater in scope than the limited sublicense right granted in this Section 2.2. For the avoidance of doubt and without limiting the generality of the forgoing, each third party with access to the Software must enter into a Third Party Agreement governing the use of the Software and each Third Party Agreement must condition use of the Software on agreement to the Flow Through Provisions set forth in Section 2.2.3.

2.2.3 Flow-Through Provisions. Each Third Party Agreement must contain:

(a) The Third Party User’s acknowledgement and agreement that the Third Party User may not alter, merge, modify, prepare derivative works based upon, adapt or translate the Software in any manner whatsoever, decompile, reverse engineer, disassemble, or otherwise reduce the Software to any human-readable form, or use the Software to develop any application having the same primary functions as the Software;

(b) The Third Party User’s acknowledgement and agreement that cPanel owns all right, title and interest in and to the cPanel IP Rights substantially similar to Section 3.1 (Ownership);

(c) A notice, substantially similar to the disclaimer set forth in Section 6.3 (Disclaimer), that cPanel disclaims all warranties and representations with respect to the Software;

(d) A limitation of liability substantially similar to that set forth in Section 7 (Limitation of Liability) for the benefit of cPanel;

(e) The Third Party User’s acknowledgement and agreement that it may use the Software only on the Licensed Server and only within the Territory;

(f) The Third Party User’s acknowledgement and agreement that its right to use the Software shall automatically expire without notice upon the expiration or termination of this Agreement for any reason whatsoever;

(g) The Third Party User’s acknowledgement and agreement that cPanel may in its sole discretion terminate, disable or suspend the use of and access to the Software by You or any Third Party User in the event of (i) any breach of this Agreement by You or (ii) any breach by the Third Party User of any provision concerning cPanel or the Software in any Third Party Agreement;

(h) The Third Party User’s acknowledgement and agreement that cPanel is a third party beneficiary of any Third Party Agreement applicable to the Software with the full right to enforce the provisions of the Third Party Agreement as they pertain to cPanel and the Software;

(i) The Third Party User’s acknowledgement and agreement that cPanel’s may in its sole discretion (i) monitor use of the Software; (ii) use the Authentication System; and (iii) collect and use the cPanel Usage Data as set forth in Section 2.5 (Monitoring of Software);

(j) The Third Party User’s waiver of any and all claims (whether under law, equity or any other theory of liability) against cPanel and its affiliates that may arise from a Third Party User’s inability to use the Software in the event (i) of the expiration or termination of this Agreement for any reason whatsoever; or (ii) that cPanel disables or suspends access to the Software as set forth in this Section 2.2;

(k) A notice that the Third Party User may verify the licensed or unlicensed status of the Software and obtain other information about the license applicable to the Licensed Server by using the cPanel License Verification System located at http://verify.cpanel.net/ or such other URL as cPanel may designate from time to time; and

(l) If You grant Third Party Users the right to sublicense the use of the Software to third party sublicensees pursuant to Section 2.2.2, the Third Party User’s acknowledgement and agreement that any grant of sublicensing rights (i) shall be subject to and conditioned upon a Third Party Agreement between the Third Party User and each third party sublicensee governing the use of the Software; (ii) that the Third Party Agreement shall include the Flow-Through Provisions set forth in this Section 2.2.3; (iii) that the sublicensing grant to a third party sublicensee in the Third Party Agreement shall be no greater in scope and no greater in duration than the rights granted to the Third Party User; (iv) that each third party sublicensee must be eighteen years of age or older; and (v) that all sublicensing rights shall be subject to terms and conditions substantially similar to Section 2.2.4 (Sublicensing Restrictions).

2.2.4 Sublicensing Restrictions. The right to sublicense the use of the Software to Third Party Users (and such Third Party User’s right to sublicense the use of the Software to third party sublicensees) is conditioned upon compliance with the terms of this Section 2.2. Upon request from cPanel, You and any authorized sublicensor shall provide cPanel with copies of any Third Party Agreements. Use of or access to the Software on a Licensed Server by Third Party Users who have not agreed to the terms to or complied with this Section 2.2 exceeds the scope of the license grant of this Agreement and constitutes a material breach of this Agreement. cPanel shall also have the right (but not the obligation) to notify any Third Party Users that cPanel will or has terminated, suspended or disabled their use of the Software due to the termination or expiration of this Agreement or a breach of this Agreement. In the event that cPanel notifies Third Party Users pursuant to the preceding sentence, cPanel reserves the right to offer products and services, including, without limitation, the Software, to any Third Party Users affected by such termination or expiration (or to refer such third parties to other cPanel licensees or affiliates). Except as set forth in this Section 2.2, You may not rent, lease or sublicense the Software.

2.2.5 Moving from cPanel Solo to a Standard license (upgrade) is immediate. If you choose to move from cPanel Solo license to a standard license, the license fee you paid the month the move occurs will be prorated for the term of the prior license and prorated for the term of the new license. At the time of the license conversion, you will be required to pay the difference between the lower and higher license fees. If you move to a monthly license the next full charge will be on the first day of the month following the license conversion.

2.2.6 WordPress Toolkit Licenses that are Account Based. An “account” is one cPanel login. If your WordPress Toolkit license is account based, your license of WordPress Toolkit Software is restricted to the number of accounts you have purchased to give access to the WordPress Toolkit Software. For example, if you purchase an increment of 10 WordPress Toolkit accounts, this means that up to 10 accounts have access to the WordPress Toolkit Software. Unless expressly set out in your agreement with cPanel, on the relevant pricing page, or in the Pricing and Term Agreement. You will not receive a credit or refund for any unused account purchases.

2.3 Transfer of License. Subject to Section 9.8 (Assignment), You may transfer or assign this Agreement in its entirety to a third party upon notice to cPanel solely with respect to Monthly Licenses for the Software. One Year Licenses, Two Year Licenses and Three Year Licenses for the Software may not be transferred or assigned under this Section 2.3.

2.4 Restrictions of Use.

2.4.1 Installation of Software Package The Software is licensed as a single product and none of the components in the Software may be separated for installation or use other than on the Licensed Server.

2.4.2 Back-Up Copy. If You make a back-up copy of the Software, such copy must be in machine-readable form and You must reproduce on such copy all Intellectual Property Right notices and any other proprietary legends on the original copy of the Software.

2.4.3 Commercial Use; Evaluation. If Your Pricing and Term Agreement provides for an Educational License, Non-Profit License or Trial Version License, You may not use the Software for any commercial purposes. Additionally, if Your Pricing and Term Agreement provides for a Trial Version License, You may only use the Software to review and evaluate the Software.

2.4.4 No Derivative Works; Reverse Engineering You may not alter, merge, modify, prepare derivative works based upon, adapt or translate the Software in any manner whatsoever. Additionally, You may not decompile, reverse engineer, disassemble, or otherwise reduce the Software to any human-readable form, or use the Software to develop any application having the same primary functions as the Software.

2.5 Monitoring of Software.

2.5.1 Audit by cPanel. You agree that cPanel may audit Your use of the Software for compliance with this Agreement at any time, upon reasonable notice. You agree to cooperate with cPanel and any auditors selected by cPanel to complete the audit, including by providing access to any facilities in which the Software is used or stored, including, without limitation, the facilities which house the Licensed Server and any facilities which cPanel reasonably believes house servers upon which the Software is installed. In the event that such audit reveals any use of the Software by You other than in compliance with the terms of this Agreement, You shall reimburse cPanel for all reasonable expenses related to such audit in addition to any other liabilities You may incur as a result of such noncompliance.

2.5.2 Mandatory Product Activation. If You do not complete the Mandatory Product Activation process within 15 days after You first install the Software, cPanel may in its sole discretion terminate this Agreement or suspend or disable access in whole or in part to the Software.“Mandatory Product Activation” means the process by which You supply to cPanel certain information during the installation or setup process of the Software. After You have completed the Mandatory Product Activation process, cPanel will activate the Software allowing You to use the Software subject to the terms and conditions of this Agreement. After cPanel activates the Software, such Software shall be deemed to be “Activated” for purposes of this Agreement. The Mandatory Product Activation process may require the use of the Internet or a long distance telephone call. You are responsible for any Internet access fees or telephone charges required for the activation or use of the Software.

2.5.3 Authentication System. The Software contains technological measures that, working in conjunction with cPanel computer servers, are designed to prevent unlicensed or illegal use of the Software (collectively, the “Authentication System”). You acknowledge and agree that such Authentication System allows cPanel to (among other things) (a) monitor use of the Software by You and Third Party Users as set forth in Section 2.5.4 (cPanel Usage Data); (b) verify that the Software is only used on the Licensed Server; (c) that you have purchased sufficient accounts for the Software; (d) suspend or disable access to the Software in whole or in part in the event of a breach of this Agreement or in the event of a breach by a Third Party User of cPanel-related provisions of a Third Party Agreement; and (e) terminate use of the Software upon the expiration or termination of this Agreement. You agree not to thwart, interfere with, circumvent or block the operation of any aspect of the Authentication System, including any communications between the Software and cPanel’s computer servers. For the avoidance of doubt, the Software will not operate unless cPanel from time to time verifies the Software using the Authentication System which requires the exchange of information between the Licensed Server and cPanel over the Internet.

2.5.4 cPanel Usage Data. You agree that, without further notice to You or any Third Party User, cPanel may use technological means, including the Authentication System, to (a) monitor use of the Software as may be necessary to monitor for compliance with the terms of this Agreement and the Pricing and Term Agreement; and (b) collect cPanel Usage Data. cPanel reserves the right to copy, access, store, disclose and use cPanel Usage Data indefinitely in its sole discretion; provided, however, that in the event that cPanel collects information concerning which features of the Software are most often used by You or Third Party Users, cPanel will remove personally identifiable information (if any) from such data and copy, access, store, disclose and use such data solely for the purpose of improving the Software.

2.6 Additional Licenses. For the avoidance of doubt, You may not install or use the Software on any other servers or computers other than the Licensed Server. If You wish to install and use the Software on servers other than the Licensed Server, You will need to obtain a separate license for each additional server, including, without limitation, a separate license for each additional Virtual Private Server. Certain Software set out in this Agreement may have restrictions on the number of users as set out on the Pricing and Term Agreement and the relevant pricing page(s). Software subject to such restrictions will also be subject to the limitations, refund and credit policies set out in the Pricing and Term Agreement, the relevant pricing page and/or in your other agreements with cPanel.

2.7 Updates. The Software may automatically download and install updates from time to time from cPanel. These updates are designed to improve, enhance and further develop the Software and may take the form of bug fixes, enhanced functions, new software modules, completely new versions and additional products and services offered through or from the Software. You agree to receive such updates (and permit cPanel to deliver these to You) as a condition to Your use of the Software.

2.8 License Exchange. You agree that this Agreement shall supersede any prior End-User License Agreement between You and cPanel applicable to the Software and that such prior End-User License Agreement is hereby terminated if (a) You previously purchased a license for the Software and are now purchasing a new license for the Software so that You may obtain additional technical support or updates during the Term of this Agreement; or (b) the copy of the Software You licensed with this Agreement is an upgrade to an earlier version of the Software. You may not continue to use the earlier version of the Software or transfer it to another person or entity.

3. Intellectual Property Rights.

3.1 Ownership. cPanel owns all right, title and interest, including all Intellectual Property Rights, in and to, (a) the Software; (b) the Trademarks; (c) cPanel Usage Data; and (d) any and all Submissions (collectively, “cPanel IP Rights”).

3.2 Trademarks; Domain Names. This Agreement does not authorize You to use the Trademarks. If You wish to use the Trademarks, You must obtain a written license to use the Trademarks from cPanel. Without limiting the foregoing, You are required to comply with the cPanel Trademark Usage Policy which is located athttp://www.cpanel.net/trademarkup.htm (or such other URL as may be designated by cPanel from time to time) and which may be updated by cPanel in its sole discretion from time to time. Additionally, You will not (a) assert any Intellectual Property Right in the Trademarks or in any element, derivation, adaptation, variation or name thereof; (b) contest the validity of any of the Trademarks; (c) contest cPanel’s ownership of any of the Trademarks; or (d) in any jurisdiction, adopt, use, register, or apply for registration of, whether as a corporate name, trademark, service mark or other indication of origin, or as a domain name or sub-domain name, any trademarks, or any word, symbol or device, or any combination confusingly similar to, or which incorporates in whole or in part, any of the Trademarks.

3.3 No Implied License or Ownership. Nothing in this Agreement or the performance thereof, or that might otherwise be implied by law, will operate to grant You any right, title or interest, implied or otherwise, in or to the cPanel IP Rights.

3.4 No Contest. You acknowledge and agree that the cPanel IP Rights are and shall remain the sole and exclusive property of cPanel. You agree that You shall never oppose, seek to cancel, or otherwise contest cPanel’s ownership of the cPanel IP Rights or act in any manner that would or might conflict with or compromise cPanel’s ownership of the cPanel IP Rights, or similarly affect the value of the cPanel IP Rights. Whenever requested by cPanel, You shall execute such documents as cPanel may deem necessary or appropriate to confirm, maintain or perfect cPanel’s ownership of the cPanel IP Rights. In the event cPanel is unable, after reasonable effort, to secure Your signature on any document or documents needed to apply for or to confirm, maintain or perfect cPanel’s ownership of the cPanel IP Rights for any other reason whatsoever, You hereby irrevocably designate and appoint cPanel as Your duly authorized attorney-in-fact, to act for and on Your behalf and stead to execute and sign any document or documents and to do all other lawfully permitted acts to confirm, maintain or perfect cPanel’s ownership of the cPanel IP Rights with the same legal force and effect as if executed by You. In the event You become aware that any third party is, or may be, infringing the cPanel IP Rights, You agree to notify cPanel of such fact.

3.5 Proprietary Notices. Third party trademarks, trade names, product names and logos included in the Software may be the trademarks or registered trademarks of their respective owners. You may not remove or alter any trademark, trade names, product names, logo, copyright or other proprietary notices, legends, symbols or labels in the Software.

3.6 Submissions. With respect to any feedback, suggestions or ideas (Submissions) that You submit to cPanel concerning the Software, or any of cPanel’s products or services, You agree that: (a) Your Submissions will automatically become the property of cPanel, without any compensation to You; (b) cPanel may use or redistribute the Submissions for any purpose and in any way; (c) cPanel is not obligated to review any Submissions; and (d) cPanel is not obligated to keep any Submissions confidential.

4. Payments. As a condition of the license granted to You pursuant to this Agreement, You shall pay cPanel the amount(s) set forth in Your Pricing and Term Agreement in accordance with the payment terms contained therein.

5. Term and Termination.

5.1 Term. This Agreement shall be effective on the Effective Date and shall automatically expire at the end of the Term.

5.2 Termination. cPanel may terminate this Agreement (a) in the event of Your breach of this Agreement (or a Third Party User’s breach of a provision of a Third Party Agreement relating to the Software or cPanel) upon 30 days’ notice to You if such breach remains uncured after the expiration of the 30 day notice period; (b) as set forth in Section 2.2 (Sublicensing); or (c) immediately without notice in the event of Your material breach of this Agreement (or a Third Party User’s breach of a material provision of a Third Party Agreement relating to the Software or cPanel). You acknowledge and agree that any breach by You or any Third Party User of the following provisions of the Agreement or any related provisions of a Third Party Agreement shall each constitute a material breach: (i) use of the Software in excess of the license grant in Section 2.1 (License Grant); (ii) any purported or attempted assignment, transfer, sale or other disposition or delegation of the Software in violation of Section 2.3 (Transfer of License) or Section 9.8 (Assignment); (iii) any violation of Section 2.4 (Restrictions of Use) including, without limitation, Section 2.4.4 (No Derivative Works; Reverse Engineering); (iv) any violation of Section 2.5 (Monitoring of Software) including, without limitation, any attempt, whether successful or not, to thwart, interfere with, circumvent or block the operation of any aspect of the Authentication System; (v) any conduct inconsistent with the cPanel IP Rights as set forth in Section 3 (Intellectual Property Rights); (vi) any breach of Section 4 (Payments); and (vii) any breach of Your representations and warranties under Section 6.1 (Mutual Representations). Additionally, a material breach by You of any agreement or contract between You and cPanel, including, without limitation, a breach of cPanel’s Trademark Usage Policy, any applicable EULA, the Technical Support Agreement or the Partner NOC Agreement shall be deemed a material breach of this Agreement and shall give rise to cPanel’s right to terminate as set forth in this Section 5.2. The foregoing list of material breaches is a non-exclusive list.

5.3 Effect of Termination. Upon the expiration or termination of this Agreement for any reason, (a) You must destroy all copies of the Software, including any back-up copy; (b) You must uninstall or delete the Software from the Licensed Server; and (c) cPanel may, without notice and in its sole discretion, terminate, suspend or disable access to the Software by You or any Third Party User.

5.4 Survival. Sections 1 (Definitions), 2.5 (Monitoring of Software), 3 (Intellectual Property Rights), 4 (Payments), 5 (Term and Termination), 6.3 (Disclaimer), 7 (Limitation of Liability), 8 (Indemnification) and 9 (Miscellaneous) shall survive the termination or expiration of this Agreement for any reason.

6. Representations; Warranties; Disclaimer.

6.1 Mutual Representations. Each party hereto represents and warrants to the other party that: (a) such party has the full right, power and authority to enter into this Agreement on behalf of itself and to undertake to perform the acts required of it hereunder; (b) the execution of this Agreement by such party, and the performance by such party of its obligations and duties to the extent set forth hereunder, do not and will not violate any agreement to which it is a party or by which it is otherwise bound; (c) when executed and delivered by such party, this Agreement will constitute the legal, valid and binding obligation of such party, enforceable against such party in accordance with its representations, warranties, terms and conditions; and (d) such party will comply with all Applicable Laws related to the use and installation of the Software and the performance of its obligations under this Agreement.

6.2 Limited Warranty. cPanel represents and warrants that, for a period of 90 days from the date of delivery of the Software, when used with a hardware and software configuration recommended by cPanel, the Software will perform in substantial conformance with the documentation supplied with the Software. The limited warranty in this Section 6.2 shall not apply (a) to any Educational License, Non-Profit License or Trial Version License; (b) if Your version of the Software is a Beta Version; (c) if the Software has been altered in any way by a party other than cPanel; (d) the Software’s third party components; or (e) if any failure or error arises out of use of the Software with anything other than a cPanel recommended hardware and software configuration. Any misuse, accident, abuse, modification or misapplication of the Software will void the limited warranty in this Section 6.2.

6.2(a) Beta Software

The Service and/or documentation provided with the Service are believed to contain defects. Unless otherwise provided, the express purpose of the provisions of this section is to identify these defects. It is Your sole and exclusive obligation to secure Your computing environment to ensure that Your use of the Software and/or documentation does not damage Your business.

On the Effective Date, we grant to You a no charge, non-exclusive, non-transferable, non-sublicensable, license to use the Software solely for Your internal testing and evaluation purposes to determine its suitability and the presence of bugs and other items that may detract from its effectiveness (Beta Test). The Software is licensed, not sold, to You. The Software shall be used only for the purposes of testing and evaluation.

You may use the Software, and any documentation provided with it, for a period of 90 days beginning on the Effective Date (Beta Term). At the conclusion of the Beta Term, You will be required to change Your license type to a different license. We may, but have no obligation to, extend the Beta Term at our discretion. We may terminate this Agreement at any time upon written notice to You even prior to the expiration of the Beta Term. If we choose to terminate a Beta product, we will provide You with 7 days prior written email notice. Following the Beta term, we may, at our discretion, move the Services to a production environment.

Upon the end of a Beta Version, Your ability to use the Software will be suspended. You will have no access to the data associated with the Beta Version.

As consideration for our granting to You a license to use the Beta Version, You agree to notify us of all problems and ideas for enhancements which come to Your attention during your use. While using the Beta Version and, from time-to-time on our request, You will provide us written evaluations, including, but not limited to, surveys of the Beta Version by the date we request (Evaluations). The Evaluations will be provided in the format we choose. Your continued use of the Beta Version is expressly contingent on Your providing the Evaluations to us in a timely and complete manner. As further consideration for granting You the license to use the Beta Version, You may be required to agree to receive marketing and other communications from us and/or our partners. If this is the case, You may choose to refuse to receive such communications by not installing the Beta Version.

You assign all right, title and interest in the Evaluations, including, but not limited to, any and all ideas, inventions, processes, patents, copyrights, trade secrets, mask works, trademarks, moral rights, or any other intellectual property rights contained in the Evaluation, or which may be reasonably extrapolated from the Evaluation. The sole consideration for this assignment is our license of the Beta Version to for Your use, pursuant to this Agreement.

6.3 Disclaimer. EXCEPT AS SET FORTH IN THE LIMITED WARRANTY OF SECTION 6.2, THE SOFTWARE LICENSED HEREUNDER IS PROVIDED "AS IS" AND CPANEL HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, RELATING TO THE SOFTWARE, ITS THIRD PARTY COMPONENTS, AND ANY DATA ACCESSED THEREFROM, OR THE ACCURACY, TIMELINESS, COMPLETENESS, OR ADEQUACY OF THE SOFTWARE, ITS THIRD PARTY COMPONENTS, AND ANY DATA ACCESSED THEREFROM, INCLUDING THE IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CPANEL DOES NOT WARRANT THAT THE SOFTWARE OR ITS THIRD PARTY COMPONENTS ARE ERROR-FREE OR WILL OPERATE WITHOUT INTERRUPTION. IF THE SOFTWARE, ITS THIRD PARTY COMPONENTS, OR ANY DATA ACCESSED THEREFROM IS DEFECTIVE, YOU ASSUME THE SOLE RESPONSIBILITY FOR THE ENTIRE COST OF ALL REPAIR OR INJURY OF ANY KIND, EVEN IF CPANEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DEFECTS OR DAMAGES.

6.3.1 IF APPLICABLE LAW REQUIRES ANY WARRANTIES WITH RESPECT TO THE SOFTWARE, ALL SUCH WARRANTIES ARE LIMITED IN DURATION TO 90 DAYS FROM THE DATE OF DELIVERY.

6.3.2 NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY CPANEL, ITS AFFILIATES, LICENSEES, DEALERS, SUB-LICENSORS, AGENTS OR EMPLOYEES SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF ANY WARRANTY PROVIDED IN SECTION 6.2.

6.3.3 SOME JURISDICTIONS DO NOT ALLOW RESTRICTIONS ON IMPLIED WARRANTIES SO SOME OF THESE LIMITATIONS MAY NOT APPLY TO YOU.

7. Limitation of Liability.

7.1 Lost Profits; Consequential Damages. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CPANEL WILL NOT BE LIABLE FOR ANY LOST PROFITS, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, DAMAGES FOR THE INABILITY TO USE EQUIPMENT OR ACCESS DATA, BUSINESS INTERRUPTION, OR FOR ANY OTHER INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, HOWEVER CAUSED, AND UNDER WHATEVER CAUSE OF ACTION OR THEORY OF LIABILITY BROUGHT (INCLUDING, WITHOUT LIMITATION, UNDER ANY CONTRACT, NEGLIGENCE OR OTHER TORT THEORY OF LIABILITY) EVEN IF CPANEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

7.2 Total Cumulative Liability; Exclusive Remedy. EXCEPT FOR AMOUNTS OWED BY YOU TO CPANEL UNDER SECTION 4, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CPANEL’S AGGREGATE LIABILITY FOR DIRECT DAMAGES, UNDER THIS AGREEMENT (CUMULATIVELY) SHALL BE LIMITED TO THE TOTAL FEES COLLECTED BY CPANEL UNDER THIS AGREEMENT; PROVIDED, HOWEVER, THAT FOR ANY BREACH OF THE LIMITED WARRANTY OF SECTION 6.2 YOUR SOLE AND EXCLUSIVE REMEDY AND CPANEL’S ENTIRE LIABILITY SHALL BE FOR CPANEL, AT CPANEL’S ELECTION AND WITHIN ITS SOLE DISCRETION, TO USE COMMERCIALLY REASONABLE EFFORTS TO (A) SUPPLY YOU WITH A REPLACEMENT COPY OF THE SOFTWARE THAT SUBSTANTIALLY CONFORMS TO THE DOCUMENTATION INCLUDED WITH THE SOFTWARE; OR (B) REFUND TO YOU YOUR LICENSE FEE FOR THE SOFTWARE; PROVIDED THAT YOU REPORT ANY NON-COMPLIANCE WITH THE LIMITED WARRANTY OF SECTION 6.2 IN WRITING TO CPANEL NO MORE THAN 90 DAYS FOLLOWING DELIVERY OF THE SOFTWARE TO YOU.

8. Indemnification. You shall indemnify, defend and hold harmless cPanel and its directors, officers, staff, employees and agents and their respective successors, heirs and assigns and cPanel affiliates (and their directors, officers, staff, employees and agents and their respective successors, heirs and assigns) (collectively, the “cPanel Parties”) from and against any liability, damage, loss or expense (including reasonable attorneys’ fees and expenses of litigation) incurred by or imposed upon the cPanel Parties or any one of them in connection with any claims, suits, actions, demands or judgments (Claims) related directly or indirectly to or arising out of (a) a breach of Your representations, warranties or obligations under this Agreement; (b) in the event that You sublicense the right to use the Software to any Third Party Users pursuant to Section 2.2 (Sublicensing), (i) a breach of a Third Party User’s representations, warranties or obligations under any provisions in a Third Party Agreement relating to cPanel or the Software; and (ii) any Claims based upon or arising from any allegation that a Third Party User was harmed due to any termination, suspension or disabling of such user’s access to the Software by cPanel pursuant to the terms and conditions of this Agreement; provided, however, that in any such case cPanel or its affiliates, as applicable, (x) provide You with prompt notice of any such claim; (y) permit You to assume and control the defense of such action upon Your written notice to cPanel of Your intention to indemnify; and (z) upon Your written request, and at no expense to cPanel or its affiliates, provide to You all available information and assistance reasonably necessary for You to defend such claim. You will not enter into any settlement or compromise of any such claim, which settlement or compromise would result in any liability to the cPanel Parties, without cPanel’s prior written consent, which will not unreasonably be withheld. You will pay any and all costs, damages, and expenses, including, but not limited to, reasonable attorneys’ fees and costs awarded against or otherwise incurred by cPanel or its affiliates in connection with or arising from any such claim.

9. Miscellaneous.

9.1 Force Majeure. No party will be liable for any failure or delay in performance of any of its obligations hereunder if such delay is due to acts of God, fires, flood, storm, explosions, earthquakes, general Internet outages, acts of war or terrorism, riots, insurrection or intervention of any government or authority; provided, however, that any such delay or failure will be remedied by such party as soon as reasonably possible. Upon the occurrence of a force majeure event, the party unable to perform will, if and as soon as possible, provide written notice to the other parties indicating that a force majeure event occurred and detailing how such force majeure event impacts the performance of its obligations.

9.2 Independent Contractors. It is the intention of the parties that cPanel and You are, and will be deemed to be, independent contractors with respect to the subject matter of this Agreement, and nothing contained in this Agreement will be deemed or construed in any manner whatsoever as creating any partnership, joint venture, employment, agency, fiduciary or other similar relationship between cPanel and You.

9.3 Choice of Law; Venue; Jurisdiction. This Agreement will be governed by and interpreted in accordance with the laws of the State of Texas without regard to the conflicts of laws principles thereof. Any dispute or claim arising out of or in connection with the Agreement shall be finally settled and exclusively by the state or federal courts located in Harris County, Texas. For purposes of this Agreement, You and cPanel hereby irrevocably consent to exclusive personal jurisdiction and venue in the federal and state courts in Harris County, Texas. However, to the extent the Data Processing Agreement (DPA) is applicable to a Customer, the jurisdiction and venue provisions of the DPA shall govern the DPA. Those jurisdiction and venue provisions shall be limited only to the DPA, if applicable to a Customer. This paragraph 9.3 shall apply to all other provisions of this Agreement.

9.4 Entire Agreement. This Agreement, together with all Exhibits hereto, represents the entire agreement between the parties with respect to the subject matter hereof and thereof and will supersede all prior agreements and communications of the parties, oral or written.

9.5 Basis of Bargain. Section 6.2 (Limited Warranty), Section 7 (Limitations of Liability) and Section 8 (Indemnification) are fundamental elements of the basis of the agreement between cPanel and You and shall inure to the benefit of cPanel. cPanel would not be able to provide the Software on an economic basis without such limitations.

9.6 Severability. If any provision of this Agreement is held to be invalid, illegal or unenforceable for any reason, such invalidity, illegality or unenforceability will not affect any other provisions of this Agreement, and this Agreement will be construed as if such invalid, illegal or unenforceable provision had never been contained herein.

9.7 Amendment or Modification. This Agreement is subject to change without prior notice from cPanel. You shall be deemed to have accepted any changes or modifications by your continuing use of the Software. Additionally, this Agreement may not be amended, modified, or supplemented by You in any manner, except by an instrument in writing signed and agreed to by cPanel.

9.8 Assignment. This Agreement may not be assigned, transferred, delegated, sold or otherwise disposed of, including, without limitation, by operation of law, other than as expressly set forth in this Section 9.8. This Agreement may be assigned, transferred, delegated, sold or otherwise disposed of in its entirety: (a) by cPanel in its sole discretion; (b) by You with the prior written consent of cPanel; and (c) as set forth in Section 2.3 (Transfer of License). In addition, cPanel may delegate its performance under this Agreement in whole or in part to one or more affiliates, provided that cPanel will remain liable and responsible for any performance or obligation so delegated. A party’s permitted successors or assignees must agree as a condition precedent to any assignment, transfer or delegation to fully perform all applicable terms and conditions of this Agreement. No party may assign this Agreement to any entity that lacks sufficient assets and resources to continue to perform, to contractually required standards, all assigned obligations for the remainder of the Term. This Agreement will be binding upon and will inure to the benefit of a party’s permitted successors and assigns. Any purported assignment, transfer, delegation, sale or other disposition in contravention of this Section 9.8, including, without limitation, by operation of law, is null and void.

9.9 Waiver. Any of the provisions of this Agreement may be waived by the party entitled to the benefit thereof. No party will be deemed, by any act or omission, to have waived any of its rights or remedies hereunder unless such waiver is in writing and signed by the waiving party, and then only to the extent specifically set forth in such writing. A waiver with reference to one event will not be construed as continuing or as a bar to or waiver of any right or remedy as to a subsequent event.

9.10 Remedies Cumulative. Except as expressly set forth herein, no remedy conferred upon the parties by this Agreement is intended to be exclusive of any other remedy, and each and every such remedy will be cumulative and will be in addition to any other remedy given hereunder or now or hereafter existing at law or in equity.

9.11 No Third Party Beneficiaries This Agreement is made for the benefit of the parties only, and this Agreement is not for the benefit of, and was not created for the benefit of, any third parties including, without limitation, any Third Party Users.

9.12 Notices. All notices or questions relating to this Agreement shall be directed to: cPanel, L.L.C., Attn: Legal Department, 2550 North Loop W., Suite 4006, Houston, TX 77092 . Any notice required to be given under this Agreement shall be deemed given by cPanel when sent to You by email, telephone, fax, or mail to the contact information supplied by You to cPanel in the Pricing and Term Agreement. You may update such information from time to time upon written notice to cPanel at the address in this Section 9.12. Any failure by You to provide cPanel with updated contact information will not invalidate the effectiveness of any notice sent by cPanel to the contact information previously supplied by You.

9.13 Notice to U.S. Government Users. The Software and any associated documentation are “Commercial Items,” as that term is defined at 48 C.F.R. 2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation,” as such terms are used in 48 C.F.R. 12.212 or 48 C.F.R. 227.7202, as applicable. Consistent with 48 C.F.R. 12.212 or 48 C.F.R. 227.7202-1 through 227.7202-4, as applicable, the Commercial Computer Software and Commercial Computer Software Documentation are licensed to U.S. Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions herein.

9.14 Third Party Software. The Software contains third party software the use of which requires Your agreement to additional terms and conditions with respect to such third party software. The terms and conditions for such third party software are located in their respective source files at /usr/local/cpanel/src/3rdparty/ arranged by license type.

9.15 Export Controls. The parties agree to comply fully with all Applicable Laws of the United States, or of any foreign government to or from where a party is shipping, to in connection with the import, export or re-export, directly or indirectly, of the Software in connection with this Agreement. You specifically agree that you shall not, directly or indirectly, supply or permit any other party to supply the Software to an individual or organisation in a country or region against which the U.S. government imposes an embargo (presently, Crimea, Cuba, Iran, North Korea and Syria) or an individual or organisation on the U.S. Treasury Department’s List of Specially Designated Nationals and Blocked Persons or other individual who or organisation that is the subject of a U.S. legal measure that provides for sanctions blocking of property or that otherwise generally forbids U.S. citizens to transact with the individual or organisation.

9.16 Time-Limited Claims. Regardless of any Applicable Law to the contrary, You agree that any claim or cause of action arising out of or related to the Software or this Agreement, must be filed within one year after such claim or cause of action arose or be forever barred.

9.17 Data Protection. Where you are a business, company or similar organisation, to the extent that cPanel processes any personal data on your behalf in connection with the Agreement and (a) the personal data relates to individuals located in the EEA; or (b) you are located in the EEA, the parties agree that such personal data will be processed in accordance with the Data Processing Addendum set forth in Schedule 1. For the purposes of this paragraph 9.17, the terms “personal data,” “process” and “EEA” have the meanings given in the Data Processing Addendum.


SCHEDULE 1

DATA PROCESSING ADDENDUM ("DPA")

1. DEFINITONS

1.1 The following capitalized terms used in this DPA shall be defined as follows:

(a) "Controller" has the meaning given in the GDPR.

(b) "Data Protection Laws" means the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (GDPR), any applicable national implementing legislation including, and in each case as amended, replaced or superseded from time to time, and all applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the Processing of your Personal Data.

(c) "EEA" means the European Economic Area, being the Member States of the European Union together with Iceland, Norway, and Liechtenstein and including the UK and Switzerland.

(d) “Privacy Policy” shall mean the Privacy Policy implemented by cPanel and incorporated in the Agreement as amended from time-to-time. The Privacy Policy is currently located at https://cpanel.com/privacy-policy.html.

(e) "Processing" has the meaning given in the GDPR, and "Process" will be interpreted accordingly.

(f) "Processor" has the meaning given in the GDPR.

(g) "Security Incident" means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, any of your Personal Data.

(h) "Special Categories of Data" and "Data Subject" shall have the same meaning as in GDPR.

(i) "Subprocessor" means any Processor engaged by cPanel who agrees to receive from cPanel your Personal Data.

(j) "Supervisory Authority" has the meaning given in the GDPR.

(k) "Technical and Organisational Security Measures" means those measures aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of Processing.

(l) "Transparency Report” shall mean cPanel’s transparency report, as amended, currently located at https://cpanel.com/transparency-report.html

(m) "Your Personal Data" and "personal data" means the "personal data" (as defined in the GDPR) described in Schedule 1 and any other personal data that cPanel processes on behalf of you in connection with the provision of the Software.

2. DATA PROCESSING

2.1 In addition to cPanel’s obligations set out in this DPA, cPanel will comply with the obligations of a Data Importer as set out in the Standard Contractual Clauses set forth in Schedule 4. Any reference to Data Importer shall be deemed to be a reference to cPanel and any reference to Data Exporter or Data Controller shall be deemed to be a reference to Controller and its European Union affiliated companies. Controller hereby covenants and warrants that it has the right and authority to enter into this DPA on behalf of itself and its affiliated companies.

2.2 cPanel will only Process your Personal Data in accordance with your written instructions. The EULA (subject to any changes agreed between the parties) and this DPA shall be your complete and final instructions to cPanel in relation to the Processing of your Personal Data.

2.3 Processing outside the scope of this DPA or the Agreement will require prior written agreement between you and cPanel on additional instructions for Processing.

2.4 Where required by applicable Data Protection Laws, you will ensure that you have obtained/will obtain all necessary consents for the Processing of your Personal Data by cPanel in accordance with the Agreement.

3. TRANSFER OF PERSONAL DATA

3.1 You agree that cPanel may use Subprocessors to fulfil its contractual obligations under the Agreement. Upon written request, cPanel shall provide you with a list of Subprocessors. If you (acting reasonably) object to a new Subprocessor on grounds related to the protection of your Personal Data only, you may request that cPanel move your Personal Data to another Subprocessor and cPanel shall, within a reasonable time following receipt of such request, use reasonable endeavors to ensure that the original Subprocessor does not Process any of your Personal Data. If it is not reasonably possible to use another Subprocessor, and you continue to object for a legitimate reason, either party may terminate the Agreement on thirty days written notice. If you do not object within thirty days of receipt of the notice, you are deemed to have accepted the new Subprocessor.

3.2 Except as set out in paragraph 3.1, cPanel shall not permit, allow or otherwise facilitate Subprocessors to Process your Personal Data without your prior written consent and unless cPanel:

(a) enters into a written agreement with the Subprocessor which imposes substantially similar obligations on the Subprocessor with regard to their Processing of your Personal Data, as are imposed on cPanel under this DPA; and

(b) at all times remains responsible for compliance with its obligations under the DPA and will be liable to you for the acts and omissions of any Subprocessor as if they were cPanel’s acts and omissions.

3.3 You acknowledge that cPanel or its Subprocessors may access your Personal Data outside the EEA.

4. DATA SECURITY, AUDITS AND SECURITY NOTIFICATIONS

4.1 Security Obligations. cPanel will implement and maintain the technical and organizational measures set out in Schedule 3. You acknowledge and agree that these measures ensure a level of security that is appropriate to the risk.

4.2 Security Incident Notification. If cPanel becomes aware of a Security Incident, cPanel will: (a) notify you of the Security Incident without undue delay, (b) investigate the Security Incident and provide you (and any law enforcement or regulatory official) with reasonable assistance as required to investigate the Security Incident.

4.3 Employees and Personnel. cPanel will treat your Personal Data as confidential, and shall ensure that any employees are bound by a duty of confidentiality.

4.4 Audits. cPanel will, upon your reasonable request, at your cost, allow for audits, including inspections, of its compliance with this DPA, conducted by you (or a third party on your behalf and mandated by you) provided: (i) such audits or inspections are not conducted more than once per year (unless requested by a Supervisory Authority); (ii) are conducted only during business hours; and (iii) are conducted in a manner that causes minimal disruption to cPanel’s operations and business.

5. ACCESS REQUESTS AND DATA SUBJECT RIGHTS

5.1 Government Disclosure. cPanel will notify you of any request for the disclosure of your Personal Data by a governmental or regulatory body or law enforcement authority (including any Supervisory Authority) unless otherwise prohibited by law or a legally binding order of such body or agency, and subject to the terms of cPanel’s Transparency Report.

5.2 Data Subject Rights. Where applicable, and taking into account the nature of the Processing, cPanel will use reasonable endeavors to assist you by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising Data Subject rights set out in the GDPR.

6. DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION

6.1 To the extent required under applicable Data Protection Laws, cPanel will provide you with reasonably requested information to enable you to carry out data protection impact assessments or prior consultations with any Supervisory Authority, to the extent that either is solely in relation to Processing of your Personal Data and taking into account the nature of the Processing and information available to cPanel.

7. TERMINATION

7.1 Deletion of data. Unless otherwise required by applicable law, cPanel will, at your election and within 90 days of the date of termination of the Agreement at cPanel’s election:

(a) return a copy of all of your Personal Data Processed by cPanel by secure file transfer to you (and securely delete all other copies of your Personal Data Processed by cPanel); or

(b) securely delete your Personal Data Processed by cPanel.

8. SUPPLEMENTAL MEASURES

8.1 Governmental requests. If cPanel receives a request from a governmental authority for access to any Personal Data Processed by cPanel, cPanel will evaluate challenging such request before transferring such data to the governmental authority.

8.2 Encryption. cPanel encrypts all data at rest and in transit. Data in transit is encrypted using RSA with 2048 bit key length based certificates generated via a public certificate authority. Data at rest is encrypted using LUKS.

9. GOVERNING LAW

9.1 This DPA shall be governed by, and construed in accordance with, the laws of Republic of Ireland.


SCHEDULE 2

DETAILS OF THE PROCESSING OF YOUR PERSONAL DATA

This Schedule 2 includes certain details of the Processing of your Personal Data as required by Article 28(3) of the GDPR.

  1. Data importer: The data importer is: cPanel, a software company licensing and performing technical support.
  2. Data subjects:

    The Personal Data transferred concern the following categories of data subjects:

    1. Controller employees who are prospects, customer’s business partners or contract contacts of cPanel.
    2. Controller employees and cPanel customers who are authorized by cPanel to contact cPanel, or who contact cPanel regardless of authorization.
    3. cPanel customers who license software from cPanel, or through cPanel or Controller.
    4. Customers of the Controller who contact cPanel for customer support.
  3. Categories of data:

    The Personal Data transferred concern the following categories of data:

  4. For category one:

    1. First and last name
    2. Title and position
    3. Contact information (company, email, phone, physical business address)
    4. Professional life data
    5. Personal life data
    6. Business requirements

    For categories two, three and four, Personal Data that is automatically collected:

    1. Host name of the server (treated as Personal Data)
    2. IP address (treated as Personal Data)
    3. Server address / hostname (treated as Personal Data)
    4. Demographic information
    1. Geographic location
    2. Order details
    3. Invoice identification

    For categories two, three and four, Personal Data that will be collected if selected in the Product:

    a) Company ID (treated as Personal Data)

    For categories two, three and four, the following Personal Data may be collected depending on the use:

    a) For technical support

    1. User name, phone number, address, domain name and email address
    2. IP address (treated as Personal Data)

    b) For purchases of third party products

    a. Information necessary to bill for products

    c) When a Controller’s customer contacts cPanel directly (by mail posting on a message board or blogs)

    a. Comments and opinions and any identifying information provided by cPanel customer

  5. Special categories of data (if appropriate)
  6. The Personal Data transferred concern the following special categories of data: none

  7. Processing operations
  8. The Personal Data transferred will be subject to the following basic processing activities:

    1. Company ID may be associated with publicly available information generated through Salesforce. As a result, this information may become Personal Data.
    2. For third party products purchased by cPanel customers

    a. Information necessary to process payment

    1. i. Name
    2. ii. Postal code

SCHEDULE 3

Technical and Organization Security Measures

This Schedule describes the technical and organizational security measures and procedures that the Data Importer shall, as a minimum, maintain to protect the security of personal data created, collected, received, or otherwise obtained. Data Importer will keep documentation of technical and organizational measures identified below to facilitate audits and for the conservation of evidence.

  1. Access Control to Processing Areas

    Data Importer implements suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment where the personal data are processed or used. This is accomplished by:

    • establishing security areas; 24 hours security service provided by property owner;
    • protection and restriction of access paths;
    • securing the data processing equipment;
    • establishing access authorizations for staff and third parties, including the respective documentation;
    • regulations on card-keys;
    • all access to the data center where personal data are hosted is logged, monitored, and tracked; and
    • the data center where personal data are hosted is secured by a security alarm system, and other appropriate security measures.
  2. Access Control to Data Processing Systems

    Data Importer implements suitable measures to prevent its data processing systems from being used by unauthorized persons. This is accomplished by:

    • identification of the terminal and/or the terminal user to the Data Importer systems;
    • automatic time-out of user terminal if left idle, identification and password required to reopen;
    • automatic turn-off of the user ID when several erroneous passwords are entered, log file of events (monitoring of break-in-attempts);
    • issuing and safeguarding of identification codes;
    • dedication of individual terminals and/or terminal users, identification characteristics exclusive to specific functions;
    • staff policies in respect of each staff access rights to personal data (if any), informing staff about their obligations and the consequences of any violations of such obligations, to ensure that staff will only access Personal Data and resources required to perform their job duties and training of staff on applicable privacy duties and liabilities;
    • all access to data content is logged, monitored, and tracked; and
    • use of state of the art encryption technologies.
  3. Access Control to Use Specific Areas of Data Processing Systems

    Data Importer commits that the persons entitled to use its data processing system are only able to access the data within the scope and to the extent covered by its access permission (authorization) and that Personal Data cannot be read, copied or modified or removed without authorization. This shall be accomplished by:

    • staff policies in respect of each staff member's access rights to the Personal Data;
    • allocation of individual terminals and/or terminal user, and identification characteristics exclusive to specific functions;
    • monitoring capability in respect of individuals who delete, add or modify the personal data and at least yearly monitoring and update of authorization profiles;
    • release of Personal Data to only authorized persons;
    • policies controlling the retention of backup copies; and
    • use of state of the art encryption technologies.
  4. Transmission Control

    Data Importer implements suitable measures to prevent the personal data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media. This is accomplished by:

    • use of state-of-the-art firewall and encryption technologies to protect the gateways and pipelines through which the data travels;
    • as far as possible, all data transmissions are logged, monitored and tracked; and
    • monitoring of the completeness and correctness of the transfer of data (end-to-end check).
  5. Input Control

    Data Importer implements suitable measures to ensure that it is possible to check and establish whether and by whom personal data have been input into data processing systems or removed. This is accomplished by:

    • an authorization policy for the input of data into memory, as well as for the reading, alteration and deletion of stored data;
    • authentication of the authorized personnel; individual authentication credentials such as user IDs that, once assigned, cannot be re-assigned to another person (including subsequently);
    • protective measures for the data input into memory, as well as for the reading, alteration and deletion of stored data;
    • utilization of user codes (passwords) of at least eight characters or the system maximum permitted number and modification at first use and thereafter at least every 90 days in case of processing of sensitive data;
    • following a policy according to which all staff of Data Importer who have access to personal data processed for Data Exporters shall reset their passwords at a minimum once in a 180 day period;
    • providing that entries to data processing facilities (the rooms housing the computer hardware and related equipment) are capable of being locked;
    • automatic log-off of user ID's (requirement to re-enter password to use the relevant work station) that have not been used for a substantial period of time;
    • automatic deactivation of user authentication credentials (such as user IDs) in case the person is disqualified from accessing personal data or in case of non-use for a substantial period of time (at least six months), except for those authorized solely for technical management;
    • proof established within Data Importer's organization of the input authorization; and
    • electronic recording of entries.
  6. Job Control

    Data Importer ensures that personal data may only be processed in accordance with written instructions issued by exporter. This is accomplished by:

    • binding policies and procedures for Data Importer's employees.

    Data Importer ensures that if security measures are adopted through external entities it obtains written description of the activities performed that guarantees compliance of the measures adopted with this document. Data Importer further implements suitable measures to monitor its system administrators and to ensure that they act in accordance with instructions received. This is accomplished by:

    • individual appointment of system administrators;
    • adoption of suitable measures to register system administrators' access logs and keep them secure, accurate and unmodified for at least six months;
    • yearly audits of system administrators' activity to assess compliance with assigned tasks, the instructions received by importer and applicable laws; and
    • keeping an updated list with system administrators' identification details (e.g. name, surname, function or organizational area) and tasks assigned and providing it promptly to Data Exporters upon request.
  7. Availability Control

    Data Importer implements suitable measures to ensure that personal data are protected from accidental destruction or loss. This is accomplished by:

    • infrastructure redundancy to ensure data access is restored within seven days and backup performed at least weekly;
    • tape backup is stored off-site and available for restore in case of failure of SAN infrastructure for Database server;
    • only the Data Exporters may authorize the recovery of backups (if any) or the movement of data outside of the location where the physical database is held, and security measures will be adopted to avoid loss or unauthorized access to data, when moved;
    • regular check of all the implemented and herein described security measures at least every six months;
    • backup tapes are only re-used if information previously contained is not intelligible and cannot be re-constructed by any technical means; other removable media is destroyed or made unusable if not used; and
    • any detected security incident is recorded, alongside the followed data recovery procedures, and the identification of the person who carried them out.
  8. Separation of processing for different purposes

    Data Importer implements suitable measures to ensure that data collected for different purposes can be processed separately. This is accomplished by:

    • access to data is separated through application security for the appropriate users;
    • modules within the Data Importer's data base separate which data is used for which purpose, i.e., by functionality and function;
    • at the database level, data is stored in different areas, separated per module or function they support; and
    • interfaces, batch processes and reports are designed for only specific purposes and functions, so data collected for specific purposes is processed separately.
  9. Data Importer system administrators (if any)

    Data importer implements suitable measures to monitor its system administrators and to ensure that they act in accordance with instructions received. This is accomplished by:

    • individual appointment of system administrators;
    • adoption of suitable measures to register system administrators' access logs and keep them secure, accurate and unmodified for at least six months;
    • continuous audits of system administrators' activity to assess compliance with assigned tasks, the instructions received by importer and applicable laws; and
    • keeping an updated list with system administrators' identification details (e.g. name, surname, function or organizational area) and tasks assigned and providing it promptly to data exporter upon request.

SCHEDULE 4

STANDARD CONTRACTUAL CLAUSES

Clause 1: Definitions

For the purposes of the Clauses:

  1. ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
  2. ‘the data exporter’ means the controller who transfers the personal data;
  3. ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
  4. ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
  5. ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
  6. ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2: Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

Clause 3: Third-party beneficiary clause

  1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.
  2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
  3. The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
  4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4: Obligations of the data exporter

The data exporter agrees and warrants:

  1. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
  2. that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
  3. that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
  4. that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
  5. that it will ensure compliance with the security measures;
  6. that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
  7. to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
  8. to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
  9. that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
  10. that it will ensure compliance with Clause 4(a) to (i).

Clause 5: Obligations of the data importer

The data importer agrees and warrants:

  1. to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
  2. that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
  3. that it has implemented the technical and organisational security measures specified in the Appendix before processing the personal data transferred;
  4. that it will promptly notify the data exporter about:
    1. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;
    2. any accidental or unauthorized access; and
    3. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so.
  5. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
  6. at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
  7. to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
  8. that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent);
  9. that the processing services by the sub-processor will be carried out in accordance with Clause 11;
  10. to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter; and
  11. that it will, at its expense, defend, indemnify and hold harmless data exporter against all liability and loss in connection with any loss, unauthorized disclosure, theft, or compromise of personal data, and any other breach of applicable data protection legislation by or from data importer.

Clause 6: Liability

  1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
  2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
  3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7: Mediation and jurisdiction

  1. The data importer agrees that if the data subject invokes against its third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
    1. to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
    2. to refer the dispute to the courts in the Member State in which the data exporter is established.
  2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8: Cooperation with supervisory authorities

  1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
  2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
  3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9: Governing law

The Clauses shall be governed by the law of the Member State in which the data exporter is established, or where the data exporter is established in multiple jurisdictions, governed by the laws of the Republic of Ireland.

Clause 10: Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11: Sub-processing

  1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
  2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
  3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
  4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12: Obligation after the termination of personal data-processing services

  1. The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
  2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

Appendix 1

See Schedule 2

Appendix 2

See Schedule 3


Print or Save

Version: 03-10-2021