Print or Save

cPanel & WebHost Manager End User License Agreement


IMPORTANT: THIS SOFTWARE END-USER LICENSE AGREEMENT IS A LEGAL AGREEMENT BETWEEN YOU (EITHER AN INDIVIDUAL OR, IF PURCHASED OR OTHERWISE ACQUIRED BY OR FOR AN ENTITY, AN ENTITY) AND CPANEL. READ IT CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AND USING THE SOFTWARE. AMONG OTHER PROVISIONS, IT PROVIDES A LICENSE TO USE THE SOFTWARE AND CONTAINS TERMINATION AND WARRANTY INFORMATION AND LIABILITY DISCLAIMERS. BY INSTALLING AND USING THE SOFTWARE, YOU CONFIRM YOUR ACCEPTANCE OF THE SOFTWARE AND YOU AGREE TO BE BOUND BY THE TERMS OF THIS EULA. IF YOU DO NOT AGREE TO BE BOUND BY THESE TERMS, THEN DO NOT INSTALL THE SOFTWARE AND RETURN THE SOFTWARE TO YOUR WEBSITE OR PLACE OF PURCHASE FOR A FULL REFUND.

1. Definitions.

1.1 “Activated” has the meaning given in Section 2.5.2.

1.2 “Agreement” means both the EULA and the Pricing and Term Agreement.

1.3 “Applicable Law” means applicable international, federal, state or local laws, statutes, ordinances, regulations or court orders.

1.4 “Beta Version” means any version of the Software released by cPanel for testing as determined by cPanel in its sole discretion, including, without limitation, versions of the Software designated by cPanel as “BETA” or “EDGE”. This does not create any obligation on our part to develop, productize, support, repair, offer for sale, or in any other way continue to provide or develop the Beta Version either to you, or to any other entity. Products that are classified as “Beta Version” may have limitations associated with their use such as disk utilization restrictions or suspended email functionality. You agree to these limitations and may not bypass or circumvent them. Doing so is a material breach of your agreements with cPanel.

1.5 “cPanel” means cPanel, L.L.C.

1.6 “cPanel Usage Data” means all data collected by cPanel in connection with the use of the Software by You or any Third Party Users, including (a) the licensed or unlicensed status of the Software; (b) the source from which the license for the Software was obtained (i.e., cPanel or a cPanel affiliate); and (c) information about the server upon which the Software is installed (including the Licensed Server) including (i) the public IP address, (ii) the operating system, (iii) the use of any virtualization technologies on such server, and (iv) data utilized to prevent and combat various server attacks by hackers or their hardware, including, but not limited to, assaults such as spam attacks, brute force attacks, dictionary attacks, phishing, pharming, and the like. Additionally, “cPanel Usage Data” may also include information collected by cPanel from time to time concerning which features of the Software are most often used in order to improve and make adjustments to the Software.

1.7 “cPanel Distributor” means a cPanel Partner who has met the requirements to become a cPanel Distributor as determined by cPanel.

1.8 “cPanel Partner” means a cPanel partner who has entered into a valid and existing Partner NOC Agreement with cPanel.

1.9 “EULA" means this End-User License Agreement.

1.10 “Intellectual Property Rights” means trade secret rights, rights in know-how, moral rights, copyrights, patents, trademarks (and the goodwill represented thereby), and similar rights of any type under the laws of any governmental authority, domestic or foreign, including all applications for and registrations of any of the foregoing.

1.11 “Licensed Server” means the single server operating solely from the IP address identified by You in the Pricing and Term Agreement to which the terms and conditions of this Agreement shall apply. A Licensed Server may be a Virtual Private Server. You may update the IP address associated with the Licensed Server from time to time during the Term (a) by visiting http://www.cpanel.net/store/ or such other URL as cPanel may designate from time to time; (b) in the case of cPanel Partners, by using the Manage Interface (as defined in the Partner NOC Agreement); or (c) by such other method as cPanel may elect to provide from time to time during the Term.

1.12 “Manage Interface” means cPanel’s customer service, license management and Incident tracking system or such successor system as cPanel may designate from time to time which is presently available at https://manage2.cpanel.net/ or such other URL as cPanel may designate from time to time. Only cPanel Partners and cPanel Distributors may access and use the Manage Interface. The term “Incident” shall have the meaning given to it in the Technical Support Agreement.

1.13 “Pricing and Term Agreement” means, as applicable, the (a) Pricing and Term Agreement entered into between You and cPanel in connection with the license of the Software which sets forth (among other things) pricing, term and payment provisions of this Agreement; (b) pricing and payment provisions of the cPanel Partner NOC Agreement entered into between You and cPanel; or (c) pricing and payment provisions of any agreement between You and a cPanel Partner (or other third party authorized to grant You the license) pursuant to which You obtained a license to use the Software. The Pricing and Term Agreement is hereby incorporated by reference and made a part of this Agreement as though fully set forth herein.

1.14 “Software” means the cPanel software program(s) supplied by cPanel together with this Agreement, including cPanel & WebHost Manager (but not including cPanel Server Suite) and corresponding documentation, source code, object code, Updates, user interfaces (including, without limitation, any web-based interfaces), printed materials and online or electronic documentation, excluding any third party components.

1.15 “Term” means the term of this Agreement as set forth by the term of the license obtained by You (a) in connection with the Pricing and Term Agreement; (b) in connection with the Partner NOC Agreement; or (c) from a cPanel Partner or other third party authorized to grant You the license.

1.16 “Territory” means the world, except to the extent that use or distribution of the Software in certain countries or regions would cause either party to violate Section 9.15 (Export Controls).

1.17 “Trademarks” means all domestic and international trademarks, service marks, logos, trade names, trade dress, including all goodwill represented by each of the foregoing, whether registered or unregistered, of cPanel including, without limitation, CPANEL (USPTO Registration No. 3058679 and CTM Registration No. 004908299), the cPanel logo (USPTO Registration No. 3290579), WEBHOST MANAGER (USPTO Registration No. 3246206), WHM (USPTO Registration No. 3282420) and ENKOMPASS (USPTO Trademark Application Serial No. 77673202). cPanel may add to the foregoing non-exclusive list of cPanel Trademarks by updating the cPanel Trademark Usage Policy which is located at http://www.cpanel.net/trademarkup.htm (or such other URL as may be designated by cPanel from time to time) and which may be updated by cPanel in its sole discretion from time to time (also referred to as “Exhibit 4” herein).

1.18 “Third Party Users” means authorized end users of the Software on the Licensed Server.

1.19 “Updates” means any bug fixes, patches and other modifications of the Software provided to You by cPanel.

1.20 “Virtual Private Server” means a virtual server operating on a single physical server upon which multiple virtual servers may operate.

1.21 “You” or “Your” means or refers to the individual or entity entering into this Agreement with cPanel, whether or not such terms are capitalized in this Agreement.

1.22 "cPanel Solo" means the Software that allows management of a single cPanel account from the WHM interface.

1.23 "WordPress Toolkit" means the Software provided by, or through, cPanel used to manage WordPress websites.

2. License.

2.1 License Grant. During the Term, solely within the Territory and subject to the terms and conditions of this Agreement, cPanel grants You a limited, non-exclusive, license to (a) install and use the Software on the Licensed Server only, and (b) make a single back-up copy of the Software for archival purposes. Except as provided in Sections 2.2 (Sublicensing) and 2.3 (Transfer of License), the foregoing license is non-transferable, non-assignable and non-sublicensable.

2.2 Sublicensing.

2.2.1 Grant of Sublicense. You may sublicense the right to use (but not the right to install or make a back-up copy) the Software to Third Party Users solely on the Licensed Server; provided that (a) each Third Party User must enter into an agreement with You governing such user’s use of the Software on the Licensed Server (Third Party Agreement); (b) as part of such Third Party Agreement, each Third Party User must agree to the Flow-Through Provisions set forth in Section 2.2.3 as a condition of the Third Party User’s use of the Software; (c) the term of the Third Party Agreement and the scope of the license granted in the Third Party Agreement shall be no greater than the Term of this Agreement and the scope of the limited rights granted in this Section 2.2; and (d) each Third Party User must be eighteen years of age or older.

2.2.2 Grant of Sublicensing Rights to Third Party Users. You may grant to Third Party Users the right to sublicense the use of the Software to third party sublicensees (each such third party sublicensee shall also constitute a “Third Party User” for purpose of this Agreement) solely on the Licensed Server provided that Your sublicense grant is (a) subject to and in accordance with all obligations of this Section 2.2; (b) limited to the Term of this Agreement; and (c) no greater in scope than the limited sublicense right granted in this Section 2.2. For the avoidance of doubt and without limiting the generality of the forgoing, each third party with access to the Software must enter into a Third Party Agreement governing the use of the Software and each Third Party Agreement must condition use of the Software on agreement to the Flow-Through Provisions set forth in Section 2.2.3.

2.2.3 Flow-Through Provisions. Each Third Party Agreement must contain:

(a) The Third Party User’s acknowledgement and agreement that the Third Party User may not alter, merge, modify, prepare derivative works based upon, adapt or translate the Software in any manner whatsoever, decompile, reverse engineer, disassemble, or otherwise reduce the Software to any human-readable form, or use the Software to develop any application having the same primary functions as the Software;

(b) The Third Party User’s acknowledgement and agreement that cPanel owns all right, title and interest in and to the cPanel IP Rights substantially similar to Section 3.1 (Ownership);

(c) A notice, substantially similar to the disclaimer set forth in Section 6.3 (Disclaimer), that cPanel disclaims all warranties and representations with respect to the Software;

(d) A limitation of liability substantially similar to that set forth in Section 7 (Limitation of Liability) for the benefit of cPanel;

(e) The Third Party User’s acknowledgement and agreement that it may use the Software only on the Licensed Server and only within the Territory;

(f) The Third Party User’s acknowledgement and agreement that its right to use the Software shall automatically expire without notice upon the expiration or termination of this Agreement for any reason whatsoever;

(g) The Third Party User’s acknowledgement and agreement that cPanel may in its sole discretion terminate, disable or suspend the use of and access to the Software by You or any Third Party User in the event of (i) any breach of this Agreement by You, or (ii) any breach by the Third Party User of any provision concerning cPanel or the Software in any Third Party Agreement;

(h) The Third Party User’s acknowledgement and agreement that cPanel is a third party beneficiary of any Third Party Agreement applicable to the Software with the full right to enforce the provisions of the Third Party Agreement as they pertain to cPanel and the Software;

(i) The Third Party User’s acknowledgement and agreement that cPanel’s may in its sole discretion (i) monitor use of the Software; (ii) use the Authentication System; and (iii) collect and use the cPanel Usage Data as set forth in Section 2.5 (Monitoring of Software);

(j) The Third Party User’s waiver of any and all claims (whether under law, equity or any other theory of liability) against cPanel and its affiliates that may arise from a Third Party User’s inability to use the Software in the event (i) of the expiration or termination of this Agreement for any reason whatsoever; or (ii) that cPanel disables or suspends access to the Software as set forth in this Section 2.2;

(k) A notice that the Third Party User may verify the licensed or unlicensed status of the Software and obtain other information about the license applicable to the Licensed Server by using the cPanel License Verification System located at http://verify.cpanel.net/ or such other URL as cPanel may designate from time to time; and

(l) If You grant Third Party Users the right to sublicense the use of the Software to third party sublicensees pursuant to Section 2.2.2, the Third Party User’s acknowledgement and agreement that any grant of sublicensing rights (i) shall be subject to and conditioned upon a Third Party Agreement between the Third Party User and each third party sublicensee governing the use of the Software; (ii) that the Third Party Agreement shall include the Flow-Through Provisions set forth in this Section 2.2.3; (iii) that the sublicensing grant to a third party sublicensee in the Third Party Agreement shall be no greater in scope and no greater in duration than the rights granted to the Third Party User; (iv) that each third party sublicensee must be eighteen years of age or older; and (v) that all sublicensing rights shall be subject to terms and conditions substantially similar to Section 2.2.4 (Sublicensing Restrictions).

2.2.4 Sublicensing Restrictions. The right to sublicense the use of the Software to Third Party Users (and such Third Party User’s right to sublicense the use of the Software to third party sublicensees) is conditioned upon compliance with the terms of this Section 2.2. Upon request from cPanel, You and any authorized sublicensor shall provide cPanel with copies of any Third Party Agreements. Use of or access to the Software on a Licensed Server by Third Party Users who have not agreed to the terms to or complied with this Section 2.2 exceeds the scope of the license grant of this Agreement and constitutes a material breach of this Agreement. cPanel shall also have the right (but not the obligation) to notify any Third Party Users that cPanel will or has terminated, suspended or disabled their use of the Software due to the termination or expiration of this Agreement or a breach of this Agreement. In the event that cPanel notifies Third Party Users pursuant to the preceding sentence, cPanel reserves the right to offer products and services, including, without limitation, the Software, to any Third Party Users affected by such termination or expiration (or to refer such third parties to other cPanel licensees or affiliates). Except as set forth in this Section 2.2, You may not rent, lease or sublicense the Software.

2.2.5 Moving from cPanel Solo to a Standard license (upgrade) is immediate. If you choose to move from cPanel Solo license to a standard license, the license fee you paid the month the move occurs will be prorated for the term of the prior license and prorated for the term of the new license. At the time of the license conversion, you will be required to pay the difference between the lower and higher license fees. If you move to a monthly license, the next full charge will be on the first day of the month following the license conversion.

2.3 Transfer of License. Subject to Section 9.8 (Assignment), You may transfer or assign this Agreement in its entirety to a third party upon notice to cPanel solely with respect to Monthly Licenses for the Software. One Year Licenses, Two Year Licenses and Three Year Licenses for the Software may not be transferred or assigned under this Section 2.3.

2.4 Restrictions of Use.

2.4.1 Installation of Software Package The Software is licensed as a single product and none of the components in the Software may be separated for installation or use other than on the Licensed Server.

2.4.2 Back-Up Copy. If You make a back-up copy of the Software, such copy must be in machine-readable form and You must reproduce on such copy all Intellectual Property Right notices and any other proprietary legends on the original copy of the Software.

2.4.3 Commercial Use; Evaluation. If Your Pricing and Term Agreement provides for an Educational License, Non-Profit License or Trial Version License, You may not use the Software for any commercial purposes. Additionally, if Your Pricing and Term Agreement provides for a Trial Version License, You may only use the Software to review and evaluate the Software.

2.4.4 No Derivative Works; Reverse Engineering You may not alter, merge, modify, prepare derivative works based upon, adapt or translate the Software in any manner whatsoever. Additionally, You may not decompile, reverse engineer, disassemble, or otherwise reduce the Software to any human-readable form, or use the Software to develop any application having the same primary functions as the Software.

2.5 Monitoring of Software.

2.5.1 Audit by cPanel. You agree that cPanel may audit Your use of the Software for compliance with this Agreement at any time, upon reasonable notice. You agree to cooperate with cPanel and any auditors selected by cPanel to complete the audit, including by providing access to any facilities in which the Software is used or stored, including, without limitation, the facilities which house the Licensed Server and any facilities which cPanel reasonably believes house servers upon which the Software is installed. In the event that such audit reveals any use of the Software by You other than in compliance with the terms of this Agreement, You shall reimburse cPanel for all reasonable expenses related to such audit in addition to any other liabilities You may incur as a result of such noncompliance.

2.5.2 Mandatory Product Activation. If You do not complete the Mandatory Product Activation process within 15 days after You first install the Software, cPanel may in its sole discretion terminate this Agreement or suspend or disable access in whole or in part to the Software. “Mandatory Product Activation” means the process by which You supply to cPanel certain information during the installation or setup process of the Software. After You have completed the Mandatory Product Activation process, cPanel will activate the Software allowing You to use the Software subject to the terms and conditions of this Agreement. After cPanel activates the Software, such Software shall be deemed to be “Activated” for purposes of this Agreement. The Mandatory Product Activation process may require the use of the Internet or a long distance telephone call. You are responsible for any Internet access fees or telephone charges required for the activation or use of the Software.

2.5.3 Authentication System. The Software contains technological measures that, working in conjunction with cPanel computer servers, are designed to prevent unlicensed or illegal use of the Software (collectively, the “Authentication System”). You acknowledge and agree that such Authentication System allows cPanel to (among other things): (a) monitor use of the Software by You and Third Party Users as set forth in Section 2.5.4 (cPanel Usage Data); (b) verify that the Software is only used on the Licensed Server; (c) that you have purchased sufficient accounts for the Software; (d) suspend or disable access to the Software in whole or in part in the event of a breach of this Agreement or in the event of a breach by a Third Party User of cPanel-related provisions of a Third Party Agreement; and (e) terminate use of the Software upon the expiration or termination of this Agreement. You agree not to thwart, interfere with, circumvent or block the operation of any aspect of the Authentication System, including any communications between the Software and cPanel’s computer servers. For the avoidance of doubt, the Software will not operate unless cPanel from time to time verifies the Software using the Authentication System which requires the exchange of information between the Licensed Server and cPanel over the Internet.

2.5.4 cPanel Usage Data. You agree that, without further notice to You or any Third Party User, cPanel may use technological means, including the Authentication System, to: (a) monitor use of the Software as may be necessary to monitor for compliance with the terms of this Agreement and the Pricing and Term Agreement; and (b) collect cPanel Usage Data. cPanel reserves the right to copy, access, store, disclose and use cPanel Usage Data indefinitely in its sole discretion; provided, however, that in the event that cPanel collects information concerning which features of the Software are most often used by You or Third Party Users, cPanel will remove personally identifiable information (if any) from such data and copy, access, store, disclose and use such data solely for the purpose of improving the Software.

2.6 Additional Licenses. For the avoidance of doubt, You may not install or use the Software on any other servers or computers other than the Licensed Server. If You wish to install and use the Software on servers other than the Licensed Server, You will need to obtain a separate license for each additional server, including, without limitation, a separate license for each additional Virtual Private Server. Certain Software set out in this Agreement may have restrictions on the number of users as set out on the Pricing and Term Agreement and the relevant pricing page(s). Software subject to such restrictions will also be subject to the limitations, refund and credit policies set out in the Pricing and Term Agreement, the relevant pricing page and/or in your other agreements with cPanel.

2.7 Updates. The Software may automatically download and install updates from time to time from cPanel. These updates are designed to improve, enhance and further develop the Software and may take the form of bug fixes, enhanced functions, new software modules, completely new versions and additional products and services offered through or from the Software. You agree to receive such updates (and permit cPanel to deliver these to You) as a condition to Your use of the Software.

2.8 License Exchange. You agree that this Agreement shall supersede any prior End-User License Agreement between You and cPanel applicable to the Software and that such prior End-User License Agreement is hereby terminated if (a) You previously purchased a license for the Software and are now purchasing a new license for the Software so that You may obtain additional technical support or updates during the Term of this Agreement; or (b) the copy of the Software You licensed with this Agreement is an upgrade to an earlier version of the Software. You may not continue to use the earlier version of the Software or transfer it to another person or entity.

3. Intellectual Property Rights.

3.1 Ownership. cPanel owns all right, title and interest, including all Intellectual Property Rights, in and to, (a) the Software; (b) the Trademarks; (c) cPanel Usage Data; and (d) any and all Submissions (collectively, “cPanel IP Rights”).

3.2 Trademarks; Domain Names. This Agreement does not authorize You to use the Trademarks. If You wish to use the Trademarks, You must obtain a written license to use the Trademarks from cPanel. Without limiting the foregoing, You are required to comply with the cPanel Trademark Usage Policy which is located at http://www.cpanel.net/trademarkup.htm (or such other URL as may be designated by cPanel from time to time) and which may be updated by cPanel in its sole discretion from time to time. Additionally, You will not (a) assert any Intellectual Property Right in the Trademarks or in any element, derivation, adaptation, variation or name thereof; (b) contest the validity of any of the Trademarks; (c) contest cPanel’s ownership of any of the Trademarks; or (d) in any jurisdiction, adopt, use, register, or apply for registration of, whether as a corporate name, trademark, service mark or other indication of origin, or as a domain name or sub-domain name, any trademarks, or any word, symbol or device, or any combination confusingly similar to, or which incorporates in whole or in part, any of the Trademarks.

3.3 No Implied License or Ownership. Nothing in this Agreement or the performance thereof, or that might otherwise be implied by law, will operate to grant You any right, title or interest, implied or otherwise, in or to the cPanel IP Rights.

3.4 No Contest. You acknowledge and agree that the cPanel IP Rights are and shall remain the sole and exclusive property of cPanel. You agree that You shall never oppose, seek to cancel, or otherwise contest cPanel’s ownership of the cPanel IP Rights or act in any manner that would or might conflict with or compromise cPanel’s ownership of the cPanel IP Rights, or similarly affect the value of the cPanel IP Rights. Whenever requested by cPanel, You shall execute such documents as cPanel may deem necessary or appropriate to confirm, maintain or perfect cPanel’s ownership of the cPanel IP Rights. In the event cPanel is unable, after reasonable effort, to secure Your signature on any document or documents needed to apply for or to confirm, maintain or perfect cPanel’s ownership of the cPanel IP Rights for any other reason whatsoever, You hereby irrevocably designate and appoint cPanel as Your duly authorized attorney-in-fact, to act for and on Your behalf and stead to execute and sign any document or documents and to do all other lawfully permitted acts to confirm, maintain or perfect cPanel’s ownership of the cPanel IP Rights with the same legal force and effect as if executed by You. In the event You become aware that any third party is, or may be, infringing the cPanel IP Rights, You agree to notify cPanel of such fact.

3.5 Proprietary Notices. Third party trademarks, trade names, product names and logos included in the Software may be the trademarks or registered trademarks of their respective owners. You may not remove or alter any trademark, trade names, product names, logo, copyright or other proprietary notices, legends, symbols or labels in the Software.

3.6 Submissions. With respect to any feedback, suggestions or ideas (Submissions) that You submit to cPanel concerning the Software, or any of cPanel’s products or services, You agree that: (a) Your Submissions will automatically become the property of cPanel, without any compensation to You; (b) cPanel may use or redistribute the Submissions for any purpose and in any way; (c) cPanel is not obligated to review any Submissions; and (d) cPanel is not obligated to keep any Submissions confidential.

4. Payments. As a condition of the license granted to You pursuant to this Agreement, You shall pay cPanel the amount(s) set forth in Your Pricing and Term Agreement in accordance with the payment terms contained therein.

5. Term and Termination.

5.1 Term. This Agreement shall be effective on the Effective Date and shall automatically expire at the end of the Term.

5.2 Termination. cPanel may terminate this Agreement (a) in the event of Your breach of this Agreement (or a Third Party User’s breach of a provision of a Third Party Agreement relating to the Software or cPanel) upon 30 days’ notice to You if such breach remains uncured after the expiration of the 30 day notice period; (b) as set forth in Section 2.2 (Sublicensing); or (c) immediately without notice in the event of Your material breach of this Agreement (or a Third Party User’s breach of a material provision of a Third Party Agreement relating to the Software or cPanel). You acknowledge and agree that any breach by You or any Third Party User of the following provisions of the Agreement or any related provisions of a Third Party Agreement shall each constitute a material breach: (i) use of the Software in excess of the license grant in Section 2.1 (License Grant); (ii) any purported or attempted assignment, transfer, sale or other disposition or delegation of the Software in violation of Section 2.3 (Transfer of License) or Section 9.8 (Assignment); (iii) any violation of Section 2.4 (Restrictions of Use) including, without limitation, Section 2.4.4 (No Derivative Works; Reverse Engineering); (iv) any violation of Section 2.5 (Monitoring of Software) including, without limitation, any attempt, whether successful or not, to thwart, interfere with, circumvent or block the operation of any aspect of the Authentication System; (v) any conduct inconsistent with the cPanel IP Rights as set forth in Section 3 (Intellectual Property Rights); (vi) any breach of Section 4 (Payments); and (vii) any breach of Your representations and warranties under Section 6.1 (Mutual Representations). Additionally, a material breach by You of any agreement or contract between You and cPanel, including, without limitation, a breach of cPanel’s Trademark Usage Policy, any applicable EULA, the Technical Support Agreement or the Partner NOC Agreement shall be deemed a material breach of this Agreement and shall give rise to cPanel’s right to terminate as set forth in this Section 5.2. The foregoing list of material breaches is a non-exclusive list.

5.3 Effect of Termination. Upon the expiration or termination of this Agreement for any reason, (a) You must destroy all copies of the Software, including any back-up copy; (b) You must uninstall or delete the Software from the Licensed Server; and (c) cPanel may, without notice and in its sole discretion, terminate, suspend or disable access to the Software by You or any Third Party User.

5.4 Survival. Sections 1 (Definitions), 2.5 (Monitoring of Software), 3 (Intellectual Property Rights), 4 (Payments), 5 (Term and Termination), 6.3 (Disclaimer), 7 (Limitation of Liability), 8 (Indemnification) and 9 (Miscellaneous) shall survive the termination or expiration of this Agreement for any reason.

6. Representations; Warranties; Disclaimer.

6.1 Mutual Representations. Each party hereto represents and warrants to the other party that: (a) such party has the full right, power and authority to enter into this Agreement on behalf of itself and to undertake to perform the acts required of it hereunder; (b) the execution of this Agreement by such party, and the performance by such party of its obligations and duties to the extent set forth hereunder, do not and will not violate any agreement to which it is a party or by which it is otherwise bound; (c) when executed and delivered by such party, this Agreement will constitute the legal, valid and binding obligation of such party, enforceable against such party in accordance with its representations, warranties, terms and conditions; and (d) such party will comply with all Applicable Laws related to the use and installation of the Software and the performance of its obligations under this Agreement.

6.2 Limited Warranty. cPanel represents and warrants that, for a period of 90 days from the date of delivery of the Software, when used with a hardware and software configuration recommended by cPanel, the Software will perform in substantial conformance with the documentation supplied with the Software. The limited warranty in this Section 6.2 shall not apply (a) to any Educational License, Non-Profit License or Trial Version License; (b) if Your version of the Software is a Beta Version; (c) if the Software has been altered in any way by a party other than cPanel; (d) the Software’s third party components; or (e) if any failure or error arises out of use of the Software with anything other than a cPanel recommended hardware and software configuration. Any misuse, accident, abuse, modification or misapplication of the Software will void the limited warranty in this Section 6.2.

6.2.1 Beta Software.

The Service and/or documentation provided with the Service are believed to contain defects. Unless otherwise provided, the express purpose of the provisions of this section is to identify these defects. It is Your sole and exclusive obligation to secure Your computing environment to ensure that Your use of the Software and/or documentation does not damage Your business.

On the Effective Date, we grant to You a no charge, non-exclusive, non-transferable, non- sublicensable, license to use the Software solely for Your internal testing and evaluation purposes to determine its suitability and the presence of bugs and other items that may detract from its effectiveness (Beta Test). The Software is licensed, not sold, to You. The Software shall be used only for the purposes of testing and evaluation.

You may use the Software, and any documentation provided with it, for a period of 90 days beginning on the Effective Date (Beta Term). At the conclusion of the Beta Term, You will be required to change Your license type to a different license. We may, but have no obligation to, extend the Beta Term at our discretion. We may terminate this Agreement at any time upon written notice to You even prior to the expiration of the Beta Term. If we choose to terminate a Beta product, we will provide You with 7 days prior written email notice. Following the Beta term, we may, at our discretion, move the Services to a production environment.

Upon the end of a Beta Version, Your ability to use the Software will be suspended. You will have no access to the data associated with the Beta Version.

As consideration for our granting to You a license to use the Beta Version, You agree to notify us of all problems and ideas for enhancements which come to Your attention during your use. While using the Beta Version and, from time-to-time on our request, You will provide us written evaluations, including, but not limited to, surveys of the Beta Version by the date we request (Evaluations). The Evaluations will be provided in the format we choose. Your continued use of the Beta Version is expressly contingent on Your providing the Evaluations to us in a timely and complete manner. As further consideration for granting You the license to use the Beta Version, You may be required to agree to receive marketing and other communications from us and/or our partners. If this is the case, You may choose to refuse to receive such communications by not installing the Beta Version.

You assign all right, title and interest in the Evaluations, including, but not limited to, any and all ideas, inventions, processes, patents, copyrights, trade secrets, mask works, trademarks, moral rights, or any other intellectual property rights contained in the Evaluation, or which may be reasonably extrapolated from the Evaluation. The sole consideration for this assignment is our license of the Beta Version to for Your use, pursuant to this Agreement.

6.3 Disclaimer. EXCEPT AS SET FORTH IN THE LIMITED WARRANTY OF SECTION 6.2, THE SOFTWARE LICENSED HEREUNDER IS PROVIDED "AS IS" AND CPANEL HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, RELATING TO THE SOFTWARE, ITS THIRD PARTY COMPONENTS, AND ANY DATA ACCESSED THEREFROM, OR THE ACCURACY, TIMELINESS, COMPLETENESS, OR ADEQUACY OF THE SOFTWARE, ITS THIRD PARTY COMPONENTS, AND ANY DATA ACCESSED THEREFROM, INCLUDING THE IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. CPANEL DOES NOT WARRANT THAT THE SOFTWARE OR ITS THIRD PARTY COMPONENTS ARE ERROR-FREE OR WILL OPERATE WITHOUT INTERRUPTION. IF THE SOFTWARE, ITS THIRD PARTY COMPONENTS, OR ANY DATA ACCESSED THEREFROM IS DEFECTIVE, YOU ASSUME THE SOLE RESPONSIBILITY FOR THE ENTIRE COST OF ALL REPAIR OR INJURY OF ANY KIND, EVEN IF CPANEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DEFECTS OR DAMAGES.

6.3.1 IF APPLICABLE LAW REQUIRES ANY WARRANTIES WITH RESPECT TO THE SOFTWARE, ALL SUCH WARRANTIES ARE LIMITED IN DURATION TO 90 DAYS FROM THE DATE OF DELIVERY.

6.3.2 NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY CPANEL, ITS AFFILIATES, LICENSEES, DEALERS, SUB-LICENSORS, AGENTS OR EMPLOYEES SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF ANY WARRANTY PROVIDED IN SECTION 6.2.

6.3.3 SOME JURISDICTIONS DO NOT ALLOW RESTRICTIONS ON IMPLIED WARRANTIES SO SOME OF THESE LIMITATIONS MAY NOT APPLY TO YOU.

7. Limitation of Liability.

7.1 Lost Profits; Consequential Damages. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CPANEL WILL NOT BE LIABLE FOR ANY LOST PROFITS, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, DAMAGES FOR THE INABILITY TO USE EQUIPMENT OR ACCESS DATA, BUSINESS INTERRUPTION, OR FOR ANY OTHER INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, HOWEVER CAUSED, AND UNDER WHATEVER CAUSE OF ACTION OR THEORY OF LIABILITY BROUGHT (INCLUDING, WITHOUT LIMITATION, UNDER ANY CONTRACT, NEGLIGENCE OR OTHER TORT THEORY OF LIABILITY) EVEN IF CPANEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

7.2 Total Cumulative Liability; Exclusive Remedy. EXCEPT FOR AMOUNTS OWED BY YOU TO CPANEL UNDER SECTION 4, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CPANEL’S AGGREGATE LIABILITY FOR DIRECT DAMAGES, UNDER THIS AGREEMENT (CUMULATIVELY) SHALL BE LIMITED TO THE TOTAL FEES COLLECTED BY CPANEL UNDER THIS AGREEMENT; PROVIDED, HOWEVER, THAT FOR ANY BREACH OF THE LIMITED WARRANTY OF SECTION 6.2, YOUR SOLE AND EXCLUSIVE REMEDY AND CPANEL’S ENTIRE LIABILITY SHALL BE FOR CPANEL, AT CPANEL’S ELECTION AND WITHIN ITS SOLE DISCRETION, TO USE COMMERCIALLY REASONABLE EFFORTS TO (A) SUPPLY YOU WITH A REPLACEMENT COPY OF THE SOFTWARE THAT SUBSTANTIALLY CONFORMS TO THE DOCUMENTATION INCLUDED WITH THE SOFTWARE; OR (B) REFUND TO YOU YOUR LICENSE FEE FOR THE SOFTWARE; PROVIDED THAT YOU REPORT ANY NON-COMPLIANCE WITH THE LIMITED WARRANTY OF SECTION 6.2 IN WRITING TO CPANEL NO MORE THAN 90 DAYS FOLLOWING DELIVERY OF THE SOFTWARE TO YOU.

8. Indemnification. You shall indemnify, defend and hold harmless cPanel and its directors, officers, staff, employees and agents and their respective successors, heirs and assigns and cPanel affiliates (and their directors, officers, staff, employees and agents and their respective successors, heirs and assigns) (collectively, the “cPanel Parties”) from and against any liability, damage, loss or expense (including reasonable attorneys’ fees and expenses of litigation) incurred by or imposed upon the cPanel Parties or any one of them in connection with any claims, suits, actions, demands or judgments (Claims) related directly or indirectly to or arising out of (a) a breach of Your representations, warranties or obligations under this Agreement; (b) in the event that You sublicense the right to use the Software to any Third Party Users pursuant to Section 2.2 (Sublicensing), (i) a breach of a Third Party User’s representations, warranties or obligations under any provisions in a Third Party Agreement relating to cPanel or the Software; and (ii) any Claims based upon or arising from any allegation that a Third Party User was harmed due to any termination, suspension or disabling of such user’s access to the Software by cPanel pursuant to the terms and conditions of this Agreement; provided, however, that in any such case cPanel or its affiliates, as applicable, (x) provide You with prompt notice of any such claim; (y) permit You to assume and control the defense of such action upon Your written notice to cPanel of Your intention to indemnify; and (z) upon Your written request, and at no expense to cPanel or its affiliates, provide to You all available information and assistance reasonably necessary for You to defend such claim. You will not enter into any settlement or compromise of any such claim, which settlement or compromise would result in any liability to the cPanel Parties, without cPanel’s prior written consent, which will not unreasonably be withheld. You will pay any and all costs, damages, and expenses, including, but not limited to, reasonable attorneys’ fees and costs awarded against or otherwise incurred by cPanel or its affiliates in connection with or arising from any such claim.

9. Miscellaneous.

9.1 Force Majeure. No party will be liable for any failure or delay in performance of any of its obligations hereunder if such delay is due to acts of God, fires, flood, storm, explosions, earthquakes, general Internet outages, acts of war or terrorism, riots, insurrection or intervention of any government or authority; provided, however, that any such delay or failure will be remedied by such party as soon as reasonably possible. Upon the occurrence of a force majeure event, the party unable to perform will, if and as soon as possible, provide written notice to the other parties indicating that a force majeure event occurred and detailing how such force majeure event impacts the performance of its obligations.

9.2 Independent Contractors. It is the intention of the parties that cPanel and You are, and will be deemed to be, independent contractors with respect to the subject matter of this Agreement, and nothing contained in this Agreement will be deemed or construed in any manner whatsoever as creating any partnership, joint venture, employment, agency, fiduciary or other similar relationship between cPanel and You.

9.3 Choice of Law; Venue; Jurisdiction. This Agreement will be governed by and interpreted in accordance with the laws of the State of Texas without regard to the conflicts of laws principles thereof. Any dispute or claim arising out of or in connection with the Agreement shall be finally settled and exclusively by the state or federal courts located in Harris County, Texas. For purposes of this Agreement, You and cPanel hereby irrevocably consent to exclusive personal jurisdiction and venue in the federal and state courts in Harris County, Texas. However, to the extent the Data Processing Agreement (DPA) is applicable to a Customer, the jurisdiction and venue provisions of the DPA shall govern the DPA. Those jurisdiction and venue provisions shall be limited only to the DPA, if applicable to a Customer. This Section 9.3 shall apply to all other provisions of this Agreement.

9.4 Entire Agreement. This Agreement, together with all Exhibits hereto, represents the entire agreement between the parties with respect to the subject matter hereof and thereof and will supersede all prior agreements and communications of the parties, oral or written.

9.5 Basis of Bargain. Section 6.2 (Limited Warranty), Section 7 (Limitations of Liability) and Section 8 (Indemnification) are fundamental elements of the basis of the agreement between cPanel and You and shall inure to the benefit of cPanel. cPanel would not be able to provide the Software on an economic basis without such limitations.

9.6 Severability. If any provision of this Agreement is held to be invalid, illegal or unenforceable for any reason, such invalidity, illegality or unenforceability will not affect any other provisions of this Agreement, and this Agreement will be construed as if such invalid, illegal or unenforceable provision had never been contained herein.

9.7 Amendment or Modification. This Agreement is subject to change without prior notice from cPanel. You shall be deemed to have accepted any changes or modifications by your continuing use of the Software. Additionally, this Agreement may not be amended, modified, or supplemented by You in any manner, except by an instrument in writing signed and agreed to by cPanel.

9.8 Assignment. This Agreement may not be assigned, transferred, delegated, sold or otherwise disposed of, including, without limitation, by operation of law, other than as expressly set forth in this Section 9.8. This Agreement may be assigned, transferred, delegated, sold or otherwise disposed of in its entirety: (a) by cPanel in its sole discretion; (b) by You with the prior written consent of cPanel; and (c) as set forth in Section 2.3 (Transfer of License). In addition, cPanel may delegate its performance under this Agreement in whole or in part to one or more affiliates, provided that cPanel will remain liable and responsible for any performance or obligation so delegated. A party’s permitted successors or assignees must agree as a condition precedent to any assignment, transfer or delegation to fully perform all applicable terms and conditions of this Agreement. No party may assign this Agreement to any entity that lacks sufficient assets and resources to continue to perform, to contractually required standards, all assigned obligations for the remainder of the Term. This Agreement will be binding upon and will inure to the benefit of a party’s permitted successors and assigns. Any purported assignment, transfer, delegation, sale or other disposition in contravention of this Section 9.8, including, without limitation, by operation of law, is null and void.

9.9 Waiver. Any of the provisions of this Agreement may be waived by the party entitled to the benefit thereof. No party will be deemed, by any act or omission, to have waived any of its rights or remedies hereunder unless such waiver is in writing and signed by the waiving party, and then only to the extent specifically set forth in such writing. A waiver with reference to one event will not be construed as continuing or as a bar to or waiver of any right or remedy as to a subsequent event.

9.10 Remedies Cumulative. Except as expressly set forth herein, no remedy conferred upon the parties by this Agreement is intended to be exclusive of any other remedy, and each and every such remedy will be cumulative and will be in addition to any other remedy given hereunder or now or hereafter existing at law or in equity.

9.11 No Third Party Beneficiaries. This Agreement is made for the benefit of the parties only, and this Agreement is not for the benefit of, and was not created for the benefit of, any third parties including, without limitation, any Third Party Users.

9.12 Notices. All notices or questions relating to this Agreement shall be directed to: cPanel, L.L.C., Attn: Legal Department, 2550 North Loop W., Suite 4006, Houston, TX 77092 . Any notice required to be given under this Agreement shall be deemed given by cPanel when sent to You by email, telephone, fax, or mail to the contact information supplied by You to cPanel in the Pricing and Term Agreement. You may update such information from time to time upon written notice to cPanel at the address in this Section 9.12. Any failure by You to provide cPanel with updated contact information will not invalidate the effectiveness of any notice sent by cPanel to the contact information previously supplied by You.

9.13 Notice to U.S. Government Users. The Software and any associated documentation are “Commercial Items,” as that term is defined at 48 C.F.R. 2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation,” as such terms are used in 48 C.F.R. 12.212 or 48 C.F.R. 227.7202, as applicable. Consistent with 48 C.F.R. 12.212 or 48 C.F.R. 227.7202-1 through 227.7202-4, as applicable, the Commercial Computer Software and Commercial Computer Software Documentation are licensed to U.S. Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions herein.

9.14 Third Party Software. The Software contains third party software the use of which requires Your agreement to additional terms and conditions with respect to such third party software. The terms and conditions for such third party software are located in their respective source files at /usr/local/cpanel/src/3rdparty/ arranged by license type.

9.15 Export Controls. The parties agree to comply fully with all Applicable Laws of the United States, or of any foreign government to or from where a party is shipping, to in connection with the import, export or re-export, directly or indirectly, of the Software in connection with this Agreement. You specifically agree that you shall not, directly or indirectly, supply or permit any other party to supply the Software to an individual or organisation in a country or region against which the U.S. government imposes an embargo (presently, Crimea, Cuba, Iran, North Korea and Syria) or an individual or organisation on the U.S. Treasury Department’s List of Specially Designated Nationals and Blocked Persons or other individual who or organisation that is the subject of a U.S. legal measure that provides for sanctions blocking of property or that otherwise generally forbids U.S. citizens to transact with the individual or organisation.

9.16 Time-Limited Claims. Regardless of any Applicable Law to the contrary, You agree that any claim or cause of action arising out of or related to the Software or this Agreement, must be filed within one year after such claim or cause of action arose or be forever barred.

9.17 Data Protection. Where you are a business, company or similar organisation, to the extent that cPanel processes any personal data on your behalf in connection with the Agreement and (a) the personal data relates to individuals located in the EEA; or (b) you are located in the EEA, the parties agree that such personal data will be processed in accordance with the Data Processing Addendum set forth in Schedule 1. For the purposes of this Section 9.17, the terms “personal data,” “process” and “EEA” have the meanings given in the Data Processing Addendum.


SCHEDULE 1

DATA PROCESSING ADDENDUM ("DPA")

1. DEFINITONS

1.1 The following capitalized terms used in this DPA shall be defined as follows:

(a) "Controller" has the meaning given in the GDPR.

(b) "Data Protection Laws" means the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (GDPR), any applicable national implementing legislation including, and in each case as amended, replaced or superseded from time to time, and all applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the Processing of your Personal Data.

(c) "EEA" means the European Economic Area, being the Member States of the European Union together with Iceland, Norway, and Liechtenstein and including the UK and Switzerland.

(d) “Privacy Policy” shall mean the Privacy Policy implemented by cPanel and incorporated in the Agreement as amended from time-to-time. The Privacy Policy is currently located at https://cpanel.com/privacy-policy.html.

(e) "Processing" has the meaning given in the GDPR, and "Process" will be interpreted accordingly.

(f) "Processor" has the meaning given in the GDPR.

(g) "Security Incident" means any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, any of your Personal Data.

(h) "Special Categories of Data" and "Data Subject" shall have the same meaning as in the GDPR.

(i) "Subprocessor" means any Processor engaged by cPanel who agrees to receive from cPanel your Personal Data.

(j) "Supervisory Authority" has the meaning given in the GDPR.

(k) "Technical and Organisational Security Measures" means those measures aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of Processing.

(l) "Transparency Report” shall mean cPanel’s transparency report, as amended, currently located at https://cpanel.com/transparency-report.html.

(m) "Your Personal Data" and "personal data" means the "personal data" (as defined in the GDPR) described in Schedule 1 and any other personal data that cPanel processes on behalf of you in connection with the provision of the Software.

2. DATA PROCESSING

2.1 In addition to cPanel’s obligations set out in this DPA, cPanel will comply with the obligations of a Data Importer as set out in the Standard Contractual Clauses set forth in Schedule 4. Any reference to Data Importer shall be deemed to be a reference to cPanel and any reference to Data Exporter or Data Controller shall be deemed to be a reference to Controller and its European Union affiliated companies. Controller hereby covenants and warrants that it has the right and authority to enter into this DPA on behalf of itself and its affiliated companies.

2.2 cPanel will only Process your Personal Data in accordance with your written instructions. The EULA (subject to any changes agreed between the parties) and this DPA shall be your complete and final instructions to cPanel in relation to the Processing of your Personal Data.

2.3 Processing outside the scope of this DPA or the Agreement will require prior written agreement between you and cPanel on additional instructions for Processing.

2.4 Where required by applicable Data Protection Laws, you will ensure that you have obtained/will obtain all necessary consents for the Processing of your Personal Data by cPanel in accordance with the Agreement.

3. TRANSFER OF PERSONAL DATA

3.1 You agree that cPanel may use Subprocessors to fulfil its contractual obligations under the Agreement. Upon written request, cPanel shall provide you with a list of Subprocessors. If you (acting reasonably) object to a new Subprocessor on grounds related to the protection of your Personal Data only, you may request that cPanel move your Personal Data to another Subprocessor and cPanel shall, within a reasonable time following receipt of such request, use reasonable endeavors to ensure that the original Subprocessor does not Process any of your Personal Data. If it is not reasonably possible to use another Subprocessor, and you continue to object for a legitimate reason, either party may terminate the Agreement on thirty days written notice. If you do not object within thirty days of receipt of the notice, you are deemed to have accepted the new Subprocessor.

3.2 Except as set out in paragraph 3.1, cPanel shall not permit, allow or otherwise facilitate Subprocessors to Process your Personal Data without your prior written consent and unless cPanel:

(a) enters into a written agreement with the Subprocessor which imposes substantially similar obligations on the Subprocessor with regard to their Processing of your Personal Data, as are imposed on cPanel under this DPA; and

(b) at all times remains responsible for compliance with its obligations under the DPA and will be liable to you for the acts and omissions of any Subprocessor as if they were cPanel’s acts and omissions.

3.3 You acknowledge that cPanel or its Subprocessors may access your Personal Data outside the EEA.

4. DATA SECURITY, AUDITS AND SECURITY NOTIFICATIONS

4.1 Security Obligations. cPanel will implement and maintain the technical and organizational measures set out in Schedule 3. You acknowledge and agree that these measures ensure a level of security that is appropriate to the risk.

4.2 Security Incident Notification. If cPanel becomes aware of a Security Incident, cPanel will: (a) notify you of the Security Incident without undue delay, (b) investigate the Security Incident and provide you (and any law enforcement or regulatory official) with reasonable assistance as required to investigate the Security Incident.

4.3 Employees and Personnel. cPanel will treat your Personal Data as confidential, and shall ensure that any employees are bound by a duty of confidentiality.

4.4 Audits. cPanel will, upon your reasonable request, at your cost, allow for audits, including inspections, of its compliance with this DPA, conducted by you (or a third party on your behalf and mandated by you) provided: (i) such audits or inspections are not conducted more than once per year (unless requested by a Supervisory Authority); (ii) are conducted only during business hours; and (iii) are conducted in a manner that causes minimal disruption to cPanel’s operations and business.

5. ACCESS REQUESTS AND DATA SUBJECT RIGHTS

5.1 Government Disclosure. cPanel will notify you of any request for the disclosure of your Personal Data by a governmental or regulatory body or law enforcement authority (including any Supervisory Authority) unless otherwise prohibited by law or a legally binding order of such body or agency, and subject to the terms of cPanel’s Transparency Report.

5.2 Data Subject Rights. Where applicable, and taking into account the nature of the Processing, cPanel will use reasonable endeavors to assist you by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising Data Subject rights set out in the GDPR.

6. DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION

6.1 To the extent required under applicable Data Protection Laws, cPanel will provide you with reasonably requested information to enable you to carry out data protection impact assessments or prior consultations with any Supervisory Authority, to the extent that either is solely in relation to Processing of your Personal Data and taking into account the nature of the Processing and information available to cPanel.

7. TERMINATION

7.1 Deletion of data. Unless otherwise required by applicable law, cPanel will, at your election and within 90 days of the date of termination of the Agreement at cPanel’s election:

(a) return a copy of all of your Personal Data Processed by cPanel by secure file transfer to you (and securely delete all other copies of your Personal Data Processed by cPanel); or

(b) securely delete your Personal Data Processed by cPanel.

8. SUPPLEMENTAL MEASURES

8.1 Governmental requests. If cPanel receives a request from a governmental authority for access to any Personal Data Processed by cPanel, cPanel will evaluate challenging such request before transferring such data to the governmental authority.

8.2 Encryption. cPanel encrypts all data at rest and in transit. Data in transit is encrypted using RSA with 2048 bit key length based certificates generated via a public certificate authority. Data at rest is encrypted using LUKS.

9. GOVERNING LAW

9.1 This DPA shall be governed by, and construed in accordance with, the laws of Republic of Ireland.


SCHEDULE 2

DETAILS OF THE PROCESSING OF YOUR PERSONAL DATA

This Schedule 2 includes certain details of the Processing of your Personal Data as required by Article 28(3) of the GDPR.

  1. Data importer

    The data importer is: cPanel, a software company licensing and performing technical support.

  2. Data subjects

    The Personal Data transferred concern the following categories of data subjects:

    1. Controller employees who are prospects, customer’s business partners or contract contacts of cPanel.
    2. Controller employees and cPanel customers who are authorized by cPanel to contact cPanel, or who contact cPanel regardless of authorization.
    3. cPanel customers who license software from cPanel, or through cPanel or Controller.
    4. Customers of the Controller who contact cPanel for customer support.
  3. Categories of data

    The Personal Data transferred concern the following categories of data:

  4. For category one:

    1. First and last name
    2. Title and position
    3. Contact information (company, email, phone, physical business address)
    4. Professional life data
    5. Personal life data
    6. Business requirements

    For categories two, three and four, Personal Data that is automatically collected:

    1. Host name of the server (treated as Personal Data)
    2. IP address (treated as Personal Data)
    3. Server address / hostname (treated as Personal Data)
    4. Demographic information
    1. Geographic location
    2. Order details
    3. Invoice identification

    For categories two, three and four, Personal Data that will be collected if selected in the Product:

    a) Company ID (treated as Personal Data)

    For categories two, three and four, the following Personal Data may be collected depending on the use:

    a) For technical support

    1. User name, phone number, address, domain name and email address
    2. IP address (treated as Personal Data)

    b) For purchases of third party products

    a. Information necessary to bill for products

    c) When a Controller’s customer contacts cPanel directly (by mail posting on a message board or blogs)

    a. Comments and opinions and any identifying information provided by cPanel customer

  5. Special categories of data (if appropriate)
  6. The Personal Data transferred concern the following special categories of data: none

  7. Processing operations
  8. The Personal Data transferred will be subject to the following basic processing activities:

    1. Company ID may be associated with publicly available information generated through Salesforce. As a result, this information may become Personal Data.
    2. For third party products purchased by cPanel customers

    (a) Information necessary to process payment

    1. Name
    2. Postal code

SCHEDULE 3

Technical and Organization Security Measures

This Schedule describes the technical and organizational security measures and procedures that the Data Importer shall, as a minimum, maintain to protect the security of personal data created, collected, received, or otherwise obtained. Data Importer will keep documentation of technical and organizational measures identified below to facilitate audits and for the conservation of evidence.

  1. Access Control to Processing Areas

    Data Importer implements suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment where the personal data are processed or used. This is accomplished by:

    • establishing security areas; 24 hours security service provided by property owner;
    • protection and restriction of access paths;
    • securing the data processing equipment;
    • establishing access authorizations for staff and third parties, including the respective documentation;
    • regulations on card-keys;
    • all access to the data center where personal data are hosted is logged, monitored, and tracked; and
    • the data center where personal data are hosted is secured by a security alarm system, and other appropriate security measures.
  2. Access Control to Data Processing Systems

    Data Importer implements suitable measures to prevent its data processing systems from being used by unauthorized persons. This is accomplished by:

    • identification of the terminal and/or the terminal user to the Data Importer systems;
    • automatic time-out of user terminal if left idle, identification and password required to reopen;
    • automatic turn-off of the user ID when several erroneous passwords are entered, log file of events (monitoring of break-in-attempts);
    • issuing and safeguarding of identification codes;
    • dedication of individual terminals and/or terminal users, identification characteristics exclusive to specific functions;
    • staff policies in respect of each staff access rights to personal data (if any), informing staff about their obligations and the consequences of any violations of such obligations, to ensure that staff will only access Personal Data and resources required to perform their job duties and training of staff on applicable privacy duties and liabilities;
    • all access to data content is logged, monitored, and tracked; and
    • use of state of the art encryption technologies.
  3. Access Control to Use Specific Areas of Data Processing Systems

    Data Importer commits that the persons entitled to use its data processing system are only able to access the data within the scope and to the extent covered by its access permission (authorization) and that Personal Data cannot be read, copied or modified or removed without authorization. This shall be accomplished by:

    • staff policies in respect of each staff member's access rights to the Personal Data;
    • allocation of individual terminals and/or terminal user, and identification characteristics exclusive to specific functions;
    • monitoring capability in respect of individuals who delete, add or modify the personal data and at least yearly monitoring and update of authorization profiles;
    • release of Personal Data to only authorized persons;
    • policies controlling the retention of backup copies; and
    • use of state of the art encryption technologies.
  4. Transmission Control

    Data Importer implements suitable measures to prevent the personal data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media. This is accomplished by:

    • use of state-of-the-art firewall and encryption technologies to protect the gateways and pipelines through which the data travels;
    • as far as possible, all data transmissions are logged, monitored and tracked; and
    • monitoring of the completeness and correctness of the transfer of data (end-to-end check).
  5. Input Control

    Data Importer implements suitable measures to ensure that it is possible to check and establish whether and by whom personal data have been input into data processing systems or removed. This is accomplished by:

    • an authorization policy for the input of data into memory, as well as for the reading, alteration and deletion of stored data;
    • authentication of the authorized personnel; individual authentication credentials such as user IDs that, once assigned, cannot be re-assigned to another person (including subsequently);
    • protective measures for the data input into memory, as well as for the reading, alteration and deletion of stored data;
    • utilization of user codes (passwords) of at least eight characters or the system maximum permitted number and modification at first use and thereafter at least every 90 days in case of processing of sensitive data;
    • following a policy according to which all staff of Data Importer who have access to personal data processed for Data Exporters shall reset their passwords at a minimum once in a 180 day period;
    • providing that entries to data processing facilities (the rooms housing the computer hardware and related equipment) are capable of being locked;
    • automatic log-off of user ID's (requirement to re-enter password to use the relevant work station) that have not been used for a substantial period of time;
    • automatic deactivation of user authentication credentials (such as user IDs) in case the person is disqualified from accessing personal data or in case of non-use for a substantial period of time (at least six months), except for those authorized solely for technical management;
    • proof established within Data Importer's organization of the input authorization; and
    • electronic recording of entries.
  6. Job Control

    Data Importer ensures that personal data may only be processed in accordance with written instructions issued by exporter. This is accomplished by:

    • binding policies and procedures for Data Importer's employees.

    Data Importer ensures that if security measures are adopted through external entities it obtains written description of the activities performed that guarantees compliance of the measures adopted with this document. Data Importer further implements suitable measures to monitor its system administrators and to ensure that they act in accordance with instructions received. This is accomplished by:

    • individual appointment of system administrators;
    • adoption of suitable measures to register system administrators' access logs and keep them secure, accurate and unmodified for at least six months;
    • yearly audits of system administrators' activity to assess compliance with assigned tasks, the instructions received by importer and applicable laws; and
    • keeping an updated list with system administrators' identification details (e.g. name, surname, function or organizational area) and tasks assigned and providing it promptly to Data Exporters upon request.
  7. Availability Control

    Data Importer implements suitable measures to ensure that personal data are protected from accidental destruction or loss. This is accomplished by:

    • infrastructure redundancy to ensure data access is restored within seven days and backup performed at least weekly;
    • tape backup is stored off-site and available for restore in case of failure of SAN infrastructure for Database server;
    • only the Data Exporters may authorize the recovery of backups (if any) or the movement of data outside of the location where the physical database is held, and security measures will be adopted to avoid loss or unauthorized access to data, when moved;
    • regular check of all the implemented and herein described security measures at least every six months;
    • backup tapes are only re-used if information previously contained is not intelligible and cannot be re-constructed by any technical means; other removable media is destroyed or made unusable if not used; and
    • any detected security incident is recorded, alongside the followed data recovery procedures, and the identification of the person who carried them out.
  8. Separation of processing for different purposes

    Data Importer implements suitable measures to ensure that data collected for different purposes can be processed separately. This is accomplished by:

    • access to data is separated through application security for the appropriate users;
    • modules within the Data Importer's data base separate which data is used for which purpose, i.e., by functionality and function;
    • at the database level, data is stored in different areas, separated per module or function they support; and
    • interfaces, batch processes and reports are designed for only specific purposes and functions, so data collected for specific purposes is processed separately.
  9. Data Importer system administrators (if any)

    Data importer implements suitable measures to monitor its system administrators and to ensure that they act in accordance with instructions received. This is accomplished by:

    • individual appointment of system administrators;
    • adoption of suitable measures to register system administrators' access logs and keep them secure, accurate and unmodified for at least six months;
    • continuous audits of system administrators' activity to assess compliance with assigned tasks, the instructions received by importer and applicable laws; and
    • keeping an updated list with system administrators' identification details (e.g., name, surname, function or organizational area) and tasks assigned and providing it promptly to data exporter upon request.

SCHEDULE 4

Standard Contractual Clauses

SECTION I - STANDARD CONTRACTUAL CLAUSES

  1. Purpose and Scope.
    1. The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.
    2. The Parties:
      1. the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter “entity/ies”) transferring the personal data, as listed in Annex I.A (hereinafter each “data exporter”), and
      2. the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A (hereinafter each “data importer”) have agreed to these standard contractual clauses (hereinafter: “Clauses”).
    3. These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
    4. The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.
  2. Effect and invariability of the Clauses.
    1. These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects.
    2. These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679.
  3. Third-party beneficiaries.
    1. Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions:
      1. Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
      2. Clause 8.1(b), 8.9(a), (c), (d) and (e);
      3. Clause 9(a), (c), (d) and (e);
      4. Clause 12(a), (d) and (f);
      5. Clause 13;
      6. Clause 15.1(c), (d) and (e);
      7. Clause 16(e);
      8. Clause 18(a) and (b).
    2. Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
  4. Interpretation.
    1. Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation.
    2. These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
    3. These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679.
  5. Hierarchy. In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.
  6. Description of the transfer(s). The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B.
  7. Docking clause.
    1. An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
    2. Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A.
    3. The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party.

SECTION II – OBLIGATIONS OF THE PARTIES

  1. Data protection safeguards. The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.
  2. 8.1 Instructions.

    1. The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract.
    2. The data importer shall immediately inform the data exporter if it is unable to follow those instructions.

    8.2 Purpose limitation. The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B, unless on further instructions from the data exporter.

    8.3 Transparency. On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex II and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679.

    8.4. Accuracy. If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data.

    8.5. Duration of processing and erasure or return of data. Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a).

    8.6 Security of processing.

    1. The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter “personal data breach”). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security.
    2. The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
    3. In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.
    4. The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer.

    8.7 Sensitive data. Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter “sensitive data”), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.

    8.8 Onward transfers. The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter “onward transfer”) if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if:

    1. the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer;
    2. the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU) 2016/679 with respect to the processing in question;
    3. the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or
    4. the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person.

    Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation.

    8.9 Documentation and Compliance.

    1. The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses.
    2. The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter.
    3. The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer.
    4. The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice.
    5. The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request.
  3. Use of sub-processors.
    1. The data importer has the data exporter’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least thirty days in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object.
    2. Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third- party beneficiary rights for data subjects. The Parties agree that, by complying with this Clause, the data importer fulfils its obligations under Clause 8.8. The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses.
    3. The data importer shall provide, at the data exporter’s request, a copy of such a sub-processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy.
    4. The data importer shall remain fully responsible to the data exporter for the performance of the sub- processor’s obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub-processor to fulfil its obligations under that contract.
    5. The data importer shall agree a third-party beneficiary clause with the sub-processor whereby - in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent - the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.
  4. Data subject rights.
    1. The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorised to do so by the data exporter.
    2. The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects’ requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required.
    3. In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the data exporter.
  5. Redress.
    1. The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject.

      The data importer agrees that data subjects may also lodge a complaint with an independent dispute resolution body at no cost to the data subject. It shall inform the data subjects, in the manner set out in paragraph (a), of such redress mechanism and that they are not required to use it, or follow a particular sequence in seeking redress.

    2. In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them.
    3. Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to:
      1. lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13;
      2. refer the dispute to the competent courts within the meaning of Clause 18.
    4. The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
    5. The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
    6. The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws.
  6. Liability.
    1. Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses.
    2. The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses.
    3. Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data exporter or the data importer (or its subprocessor) causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, as applicable.
    4. The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub-processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer’s responsibility for the damage.
    5. Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties.
    6. The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.
    7. The data importer may not invoke the conduct of a sub-processor to avoid its own liability.
  7. Supervision.
    1. The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority.
    2. The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken.

SECTION III – LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES

  1. Local laws and practices affecting compliance with the Clauses.

    1. The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses.
    2. The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements:
      1. the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred;
      2. the laws and practices of the third country of destination - including those requiring the disclosure of data to public authorities or authorising access by such authorities - relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards;
      3. any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination.
    3. The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses.
    4. The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request. The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a).
    5. Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g., technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.
  2. Obligations of the data importer in case of access by public authorities.

    15.1 Notification.

    1. The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary, with the help of the data exporter) if it:

      1. receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or
      2. becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer.
    2. If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter.
    3. Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.).
    4. The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request.
    5. Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.

    15.2 Review of legality and data minimisation.

    1. The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e).
    2. The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.
    3. The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request.

SECTION IV – FINAL PROVISIONS

  1. Non-compliance with the Clauses and termination.
    1. The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason.
    2. In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f).
    3. The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where:

      1. the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension;
      2. the data importer is in substantial or persistent breach of these Clauses; or
      3. thedataimporterfailstocomplywithabindingdecisionofacompetentcourtorsupervisoryauthority regarding its obligations under these Clauses.

      In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise.

    4. Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law.
    5. Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679.
  2. Governing law. These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of Republic of Ireland.

  3. Choice of forum and jurisdiction.
    1. Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
    2. The Parties agree that those shall be the courts of Republic of Ireland.
    3. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence.
    4. The Parties agree to submit themselves to the jurisdiction of such courts.

APPENDIX

ANNEX I

  1. LIST OF PARTIES

    Data exporter(s): cPanel Distributor; cPanel Partner; or an authorized licensee of software authored by cPanel, LLC (cPanel). The data exporter acts as the controller of Personal Information as the term “Personal Information” is defined in cPanel’s Privacy Policy. The Personal Information is provided to cPanel for the purposes set out in the Privacy Policy. cPanel’s Privacy Policy is located here.

    Data importer(s): cPanel is located at the address set out on the “contact us” page at cpanel.net. cPanel is the processor of Personal Information identified in the Privacy Policy. The Personal Information is processed by cPanel as set out in the Privacy Policy. cPanel’s Privacy Policy is located here.

  2. DESCRIPTION OF TRANSFER

    1. The categories of data subjects whose personal data is transferred to cPanel is set out in paragraph 3 of the Privacy Policy.
    2. The categories of personal data transferred by cPanel is set out in Schedules 1 and 2 of the Privacy Policy.
    3. No sensitive data is transferred to cPanel.
    4. Data is transferred to cPanel on a continuous basis.
    5. cPanel processes Personal Information as set out in the second columns of Schedules 1 and 2 of the Privacy Policy.
    6. The purposes for which the data is transferred to cPanel are set out in Schedules 1 and 2 of the Privacy Policy
    7. Data transferred to cPanel and shared with third parties, including Subprocessors, is set out in the sixth column of Schedules 1 and 2 of the Privacy Policy.
    8. The period for which the Personal Information will be retained is set out in the fifth column of Schedules 1 and 2 of the Privacy Policy.
  3. COMPETENT SUPERVISORY AUTHORITY

    The supervisory authority shall be the competent supervisory authority that has supervision over the cPanel Distributor, cPanel Partner, or the authorized licensee of software authored by cPanel, LLC.

ANNEX II - TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

The technical and organisational measures used by cPanel to protect the Personal Information are set out in Paragraph 6 of the Privacy Policy. cPanel’s Privacy Policy is located here.

ANNEX III – LIST OF SUB-PROCESSORS

The controller has authorised the use of the sub-processors set out in column 6 of Schedules 1 and 2 of the Privacy Policy. The Privacy Policy is located here.

Appendix 1

See Schedule 2

Appendix 2

See Schedule 3


Print or Save

Version: 10-11-2021