Thank you, your email has been sent! Sorry, there was an error. Please try again later or contact us at support.pathwayport.com

Terms of Service

July 25, 2024

Please review these Pathway terms of service carefully. Once accepted, these Pathway terms of service become a binding legal commitment between you and Pathway. If you do not agree to be bound by this agreement, you should not accept this agreement, create an account, or use Pathway’s services or software.

Notwithstanding anything to the contrary, if you have a separate written agreement with Pathway for your use of the Software, these Pathway Terms of Service will not apply to you, unless that written agreement does not cover a particular Software, in which case, these Pathway Terms of Service apply solely to your use of that particular Software.

These Pathway Terms of Service, in combination with the terms of the sign up process (the “PURCHASE ORDER” or “PO”) on the Platform (as defined below), collectively form the contract (the “AGREEMENT”) and set forth the terms for your use of the Software and Platform (as defined below) and are effective as of the date you accept or otherwise agree to the terms of this Agreement (“EFFECTIVE DATE”). This Agreement is between Iterro Inc. operating as Pathway (“PATHWAY”) and you or the organization on whose behalf you are accepting or otherwise agreeing to the terms of this Agreement (hereinafter, the “CLIENT” or “YOU”/”YOUR”).

Pathway may update the terms of this Agreement from time to time. Pathway will provide you with written notice of any material updates at least thirty (30) days prior to the date the updated version of this Agreement is effective, unless such material updates result from changes in laws, regulations, or requirements from telecommunications providers. The updated version of this Agreement will be available at https://www.pathwayport.com/legal. Notices for material updates to the terms of this Agreement will be given to you. Following such notice, your continued use of the Software and/or Platform on or after the date the updated version of this Agreement is effective and binding, as indicated at the top of this Agreement, constitutes your acceptance of the updated version of this Agreement. The updated version of this Agreement supersedes all prior versions. If you do not agree to the updated version of this Agreement, you must stop using the Software and/or Platform immediately.

If you are the party that agreed to the terms of this Agreement and you reassign its account to a third-party reseller for administration purposes, such account reassignment will not excuse your obligations under this Agreement. Your use of the Software will continue to be subject to this Agreement.

Table of Contents

WHEREAS, Pathway wishes to license the use of certain Automated Client Management System Software, including Office Bot, Marketing Bot, Desk Bot, Mega Bot, Form Builder, Self-Service Kiosk, Self-Service Kiosk widget, DataPort API (collectively or individually the “SOFTWARE”) as being accessed by individual user or the end-user (the “AUTHORIZED USERS”) through the Pathway platform (the “PLATFORM”), including any updates, modifications, revisions, and third party products or services designed to interoperate with the Software.

AND WHEREAS, Client desires to use the Software from Pathway made available through the Platform.

NOW THEREFORE, the parties hereto (the “PARTIES”) agree as follows:

1. Effective Date

This Agreement shall be effective as of the Effective Date and shall remain in effect until otherwise terminated in accordance with the provisions of the Agreement outlined herein.

2. Selected Software and License Grants

  1. Subject to Client’s compliance with the terms, conditions and restrictions as set forth in this Agreement, Pathway grants Client, and its limited number of Authorized Users (as defined in the PO) a limited, non-transferable, and non-exclusive license to use those elements of the Software made available for use by Pathway and as identified in the PO as the selected Software (the “SELECTED SOFTWARE”), solely in machine-readable form, and solely for Client’s business of being an insurance broker, which shall include procuring and/or renewing insurance policies, for the limited use of the Authorized Users.
  2. The Client agrees to ensure that all individuals accessing the Software, are employees or contractors, do so under authorized use by the Client, access such within Client’s premises or on hardware owned/leased by the Client, and will ensure its Authorized Users compliance with the Authorized Users Terms of Use. The Client shall not provide their access code or password to any third parties and any unauthorized access granted by Client or as a result of the Client’s actions are the responsibility of the Client. The Client acknowledges and agrees that only the number of users as disclosed to Pathway shall be permitted to access the Software. Pathway reserves the right to audit the Client for their compliance with the terms of this Agreement.
  3. Upon full payment of Fees, Pathway grants Client ownership of any extracted reports from the Selected Software, which Company may download, copy, distribute, modify and create derivative works of, subject to Pathway retaining ownership of all underlying Intellectual Property Rights in the reports.
  4. Subject to the limited rights expressly granted hereunder, Pathway reserves all rights, title and interest in and to the Platform and the Software, Pathway’s Confidential Information, and any feedback or suggestions Client or its Authorized Users provide regarding the Software or Platform, including all related Intellectual Property Rights. No rights are granted to Client hereunder other than as expressly set forth herein. For the purposes of this Agreement, "INTELLECTUAL PROPERTY RIGHTS" means all patents (including all reissues, divisions, continuations, and extensions thereof) and patent applications, trade names, trademarks, service marks, logos, trade dress, copyrights, trade secrets, mask works, rights in technology, know-how, rights in content (including performance and synchronization rights), unregistered design, or other intellectual property rights that are in each case protected under the laws of any governmental authority, whether or not registered, and all applications, renewals and extensions of the same, but exclusive of any confidential or proprietary information, trade secrets, or intellectual property of Client.
  5. Client acknowledges that the features and functions of the Software may change over time; provided, however, Pathway will not materially decrease the overall functionality of the Software.

3. Restrictions on Use

Except as otherwise expressly permitted under this Agreement, Client is not authorized to: (a) reverse engineer or otherwise attempt to discover the source code of or trade secrets embodied in the Software or any portion thereof; (b) distribute, transfer, sublicense to, or otherwise make available the Software (or any portion thereof) to third parties, including, but not limited to, making the Software available (i) through resellers or other distributors; or (ii) as an application service provider, service bureau, or rental source; (c) create modifications to or derivative works of the Software or the content contained therein; (d) attempt to modify, alter, or circumvent the licence control and protection mechanisms within the Software; (e) use any information or articles including but not limited to, the newsletters outside of the Software, such as use on the Client’s own website; or (f) use or transmit the Software in violation of any applicable law, rule or regulation, including any data privacy laws or anti-spam laws.

Suspension of Services. Pathway may suspend its services to Client immediately upon written notice to Client for cause if Pathway, in good faith, determines: (a) that Client or its Authorized Users materially breach (or Pathway, in good faith, believes that Client or its Authorized Users have materially breached) any provision of this Agreement (including schedules hereto) or PO; (b) there is an unusual and material spike or increase in Client’s use of the Software and that such traffic or use is fraudulent or materially and negatively impacting the operating capability of the Software; (c) that its provision of the Software is prohibited by applicable law or regulation; (d) there is any use of the Software by Client or its Authorized Users that threatens the security, integrity, or availability of the Software; or (e) that information in Client’s account is untrue, inaccurate, or incomplete. In any of these case, Client shall still remain responsible for the Fees.

In this paragraph, "SPAM" includes one or more unsolicited commercial electronic messages to which Canada‘s anti-spam legislation (“CASL”) or similar legislation applies (including the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) (“PECR”) as amended), and derivations of the word "SPAM" have corresponding meanings. Pathway may immediately terminate any account that it determines, in its sole discretion, is transmitting or is otherwise connected with any "SPAM" or other unsolicited bulk email. In addition, if actual damages cannot be reasonably calculated, Client agrees to pay Pathway liquidated damages of five dollars (U.S. $5.00) for each piece of "SPAM" or unsolicited bulk email transmitted from or otherwise connected with Client’s account or its users accounts. Otherwise, Client agrees to pay, and agrees to indemnify and hold Pathway harmless, for Pathway’s actual damages or penalties to the extent such actual damages can be reasonably calculated. Pathway reserves the right to block, reject, or remove what it considers to be "SPAM" or other unsolicited bulk email from the Software and/or Platform and Pathway shall have no liability for blocking any email considered to be “SPAM.”

4. Licenses by Client

  1. Client grants Pathway a limited-term license to copy, access, transmit and display the electronic data and information submitted by or for Client to the Software or collected and processed by or for Client using the Software (“Client’s Data”) for purposes set forth hereunder and otherwise generally for Pathway to provide the services contracted for hereunder. Pathway acquires no right, title or interest from Client under this Agreement in or to Client’s Data.
  2. By using any third party software, feature or widget on Pathway’s website, Client, on its behalf and on behalf of its users, hereby authorizes Pathway to share such Client’s Data, as has been provided by the Client or its user(s) in their use of the third party software, feature or widget, with such third party service provider. Client and/or its users hereby agree to have read and accept the third party’s terms and conditions as they apply to the Client and/or its users’ use of such third party services.
  3. Further, if the Selected Software is to be provided in the brand of the Client, the Client hereby provides its consent for Pathway to use and display the logo, name and other branding particulars of the Client (collectively, “Client Marks”) on all messages, articles, reminders and campaigns provided by the Selected Software. The Client hereby warrants that the Client has all authority and control over the selected branding elements, including the Client’s logo to permit the licensing contemplated herein.
  4. Notwithstanding anything in this Agreement to the contrary, Client authorizes Pathway to use deidentified and non-personal Client’s Data disclosed through Platform or Software usage or other data collection activities for product development purposes.
  5. So long as the Client remains a customer and/or client of Pathway, Client shall be deemed to have granted Pathway a license to use the Client Marks for Pathway’s marketing, research, business development and advertising purposes, including without limitation, in the emails, newsletters, marketing and advertising communications, social media, blog posts, website of Pathway.
  6. Pathway’s use of the Client Marks is a non-exclusive, non-transferable, revocable, limited license to use the Client Marks in accordance with the terms hereof. Any use of the Client Marks will not contain libelous, defamatory, obscene, abusive or otherwise unlawful material or material that infringes the rights of third parties, or material that disparages Client or otherwise impairs the goodwill associated with either Client or the Client Marks. Pathway further acknowledges Client’s exclusive rights in and to the Client Marks and the goodwill pertaining thereto. Pathway acknowledges that it has no right, title, license, or interest, express or implied, in and to the Client Marks, except for the limited license specifically provided in this Agreement. Pathway agrees that it shall not challenge or contest the validity of the Marks or Client’s ownership thereof or the validity of this Agreement, or engage in any act or assistance to any act which may infringe or lead to the infringement of any of the Client Marks. Pathway will use commercially reasonable efforts to comply with all reasonable Client Mark usage guidelines that Client may communicate in writing from time to time. Client reserves the right to audit the use of the Client Marks by Pathway upon reasonable prior written notice and in any reasonable manner, and Pathway agrees to provide Client with copies of any materials or other documents reasonably requested by Client in association with any such audit.

5. Delivery

The Selected Software is delivered electronically, and delivery is deemed effective on the later of the Effective Date or the date that the applicable Fees are paid in full.

6. Pathway’s Obligations

Pathway shall during the Term of this Agreement:

  1. provide Client with timely support for the Selected Software, during regular business hours, at no additional cost to Client;
  2. employ reasonable efforts to ensure the Selected Software is available for use at minimum 99 percent of the time; and
  3. arrange, to the extent possible, for scheduled maintenance outside regular office hours.

Pathway shall comply with the Support Services and Service Levels set forth and made available here.

7. Responsibility for Data

The Client acknowledges that the source data used by Pathway within the Platform, the Office Bot, Marketing Bot, Desk Bot, Mega Bot, Form Builder, Self-Service Kiosk, Self-Service Kiosk widget, DataPort API software relies upon the Client providing access to accurate information in relation to their existing, former and/or potential clients. Pathway shall not independently verify, nor shall Pathway be responsible for the dissemination of inaccurate information through the Software, including without limitation information regarding effective insurance dates or renewal information, which was not accurate at the source, being the Client’s BMS. Client shall at all times be responsible for all information which is sent to the Client’s clients which is derived from the Clients information or the Client’s BMS, and the Client shall be liable, and hereby agrees to indemnify and hold Pathway harmless, for any losses or damages suffered by either the Client or Pathway as a result thereof.

The Client hereby confirms that the Client has obtained any and all consents from any of the Client’s clients or potential clients that would allow for the Client to provide the Client’s clients’ or potential clients’ non-public information to Pathway, which may be required or used in the provision of the services offered by the Selected Software. Pathway shall not be responsible for any obligations in regards to non-public information not otherwise agreed to within this Agreement, the Pathway’s Privacy and Security Policy and their Terms of Use, which are accessible on Pathway’s website, being www.pathwayport.com. By agreeing to this Agreement, the Client confirms that he/she has read and accepts the terms contained within both the Privacy and Security Policy and the Terms of Use. Similarly, Pathway takes no responsibility for any inaccuracies or failures to report any weather-related event within any alerts or updates as contemplated by the StormVision Software. Although Pathway makes every effort to verify the contents of the newsletter and informational articles contained within the Software, Pathway does not provide any warranty or confirmation about the accuracy of the information, nor should the information be considered to be a replacement of insurance, accounting or legal advice.

Pathway shall comply with the Data Security Standards set forth and made available here.

8. Fees

The Client shall be responsible for the fees associated with the Selected Software as outlined within the PO (the “FEES”). If the Client uses any Software not set forth in the applicable PO, the Client will be charged the then applicable rates listed on Pathway’s website.

Fees are invoiced monthly and due in advance, each month of the Term on the day in which the Client first signed up for the Selected Software, via credit card for the Selected Software active for that month. Except as otherwise expressly set forth herein, payment obligations are non-cancelable and once paid, no refund or rebate shall be provided in the event that a Selected Software is cancelled at any time during the Term.

If Client’s account does not have sufficient funds or its credit card declines a charge for the Fees due, Pathway may suspend the provision of its services to all of Client’s accounts until the Fees due are paid in full. Client is prohibited from creating new accounts until the Fees due are paid in full.

All fees are exclusive of any applicable taxes, levies, duties, or other similar exactions imposed by a legal, governmental, or regulatory authority in any applicable jurisdiction, including, without limitation, sales, use, value-added, consumption, communications, or withholding taxes (collectively, “TAXES”). Client will pay all Taxes associated with this Agreement, excluding any taxes based on Pathway’s net income, property, or employees. If Client is required by applicable law to withhold any Taxes from payments owed to Pathway, Client will reduce or eliminate such withheld Taxes upon receipt of the appropriate tax certificate or document provided by Pathway. Client will provide Pathway with proof of payment of any withheld Taxes to the appropriate authority.

9. Confidentiality Obligations

For the purposes of this Agreement, “CONFIDENTIAL INFORMATION” means any information disclosed, in any format, by one party (the “DISCLOSING PARTY”) to the other party (the “RECEIVING PARTY”) relating directly or indirectly to but is not limited to prototypes, trade secrets, intellectual property, information, technical data, research, products, software, services, development, macros, source code, unreleased software, inventions, ideas, processes, designs, drawings, engineering, marketing, markets, Personal Information, business plans, business policies or practices, forecasts or financial information, team process, design process, part supply, pricing, development process and procedures, disclosed by the Disclosing Party to the Receiving Party under this Agreement which at the time of disclosure is designated as confidential (or like designation), is disclosed in circumstances of confidence, or would be understood by the parties, exercising reasonable business judgment, to be confidential. Confidential Information shall include, but not be limited to, all materials marked as confidential information. The Confidential Information shall at all times remain the sole property of the Disclosing Party, and shall include any partial, and derivative information, insofar as the same are and remain Confidential Information of the Disclosing Party not generally known or available to the public, through no actions of the Receiving Party.

For purposes hereof, “PERMITTED PARTIES” means those employees, accountants and legal advisors of the Receiving Party to whom the Confidential Information must be disclosed on a need to know basis.

All disclosures of Confidential Information (whether written or oral) by either party shall (a) remain in confidence until the later of i) three (3) years from the date of disclosure, or ii) the expiry of this Agreement, save and except that any trade secrets or information with respect to the Disclosing Party’s products and/or research and development which shall remain confidential in perpetuity; (b) be disclosed only to Permitted Parties who are bound by obligations of confidentiality in favour of the Receiving Party with terms similar to or stronger than those contained herein; and (c) be reproduced or used by the Receiving Party only to the extent necessary for the offering or use of the Selected Software. The Receiving Party shall protect the Confidential Information with the same degree of care as it normally exercises to protect its own confidential information of similar nature, but at a minimum with a reasonable degree of care to prevent its unauthorized use, dissemination or publication. The Receiving Party pledges and agrees that it shall keep confidential any and all of the Confidential Information and other such matters arising hereto, and shall not disclose to any other person or persons, corporation, agent or consultant with whom it is or may be associated with, any Confidential Information without the express written permission of authorized officer of the Disclosing Party. The Receiving Party agrees to advise the Disclosing Party immediately in the event of an inadvertent or accidental disclosure of the Confidential Information or in the event of an electronic system breach.

All materials, including Confidential Information disclosed by the Disclosing Party under this Agreement shall remain the property of the Disclosing Party. Each party shall, upon the completion of this Agreement or at the request by the Disclosing Party, return all materials received or obtained under this Agreement, including Confidential Information, and all copies and all documents containing any portion of any Confidential Information, including a deletion of all electronic copies, including any back-up copies. Notwithstanding anything to the contrary contained above, the Confidential Information may be disclosed to the extent that such disclosure is necessary to comply with any law, regulation, or order of court, provided that the Receiving Party shall give the Disclosing Party reasonable advance notice of any such proposed disclosure (as legally permissible), and shall use its reasonable best efforts to secure an agreement in writing to be bound by the provisions of this Section 9 from any person obtaining access to the Confidential Information pursuant to this Section 9. The Receiving Party shall advise the Disclosing Party in writing of the manner of such disclosure. Information shall be deemed not to be confidential if such information is or becomes publicly known through no wrongful act of the Receiving Party, or is already known by the Receiving Party as evidenced by competent proof thereof, or is approved for release by the prior written approval of the Disclosing Party, or is rightfully received by the receiving party from a third party without restriction and without breach of this agreement, or is disclosed by the Disclosing Party to a third party without a similar restriction on the rights of such third party, or is independently developed by the receiving party without the use of the Confidential Information.

10. General Obligations

  1. The Parties acknowledge and agree to comply with all applicable legal obligations relating to the privacy, security, integrity, and confidentiality of all data and information used by the Software which enables identification of the retail or individual customer(s) (“Personal Information”). The Parties further agree to collect, use and disclose Personal Information in accordance with all applicable data protection and privacy legislation in force from time to time including without limitation the Data Protection Act 2018 (and regulations made thereunder) (“DPA 2018”), the UK GDPR (as defined in section 3(10) (as supplemented by section 205(4)) of the DPA 2018), and PECR as amended.
  2. Each Party shall, at a minimum, implement and maintain appropriate administrative, technical, and physical safeguards reasonably designed to: (i) ensure against any anticipated threats or hazards to the security or integrity of the Personal Information; and (ii) protect against unauthorized access to or use of the Personal Information.
  3. Each Party may disclose Personal Information, as required, to comply with any law, regulation, or order of court. These provisions shall apply during the Term and after the termination of this Agreement.
  4. At all times, Client shall, and shall cause its users to, comply with their obligations under CASL, PECR or similar anti-spam legislation applicable to them. In the event of a breach thereof, Client agrees to indemnify and hold Pathway harmless from all damages, fines, losses and penalties incurred by Pathway as a result of such breach.

11. Non-Solicitation

Each party agrees that, for a period of eighteen (18) months following ending of this Agreement, it shall not, directly or indirectly, solicit to employ or enter a consulting arrangement with any of the officers, employees, directors or consultants of the other party which whom such party has had contact or were identified to such party in connection with the Software offered hereunder. The term “solicit to employ or enter into a consulting arrangement with” shall not be deemed to include generalized searches by the Client for employees or consultants through media advertisements, employment firms or otherwise, that are not focused on persons employed by or who consult for Pathway.

12. Remedies

Subject to the terms contained within this paragraph, both parties acknowledge that compliance with the provisions of this Agreement is necessary to protect their proprietary interests. Each party further acknowledges that any unauthorized use or disclosure to any person or entity in breach of this Agreement may result in irreparable and continuing damage, and that each party shall be authorized and entitled to seek immediate injunctive relief and any other rights or remedies to which it may be entitled. If either party violates any of the terms contained within this Agreement, it acknowledges that money damages will be an inadequate remedy and that the violated party will be entitled to specific performance or to injunctive relief to prohibit the violating party from continuing to violate this agreement even if no money damages can be proven.

13. Representations and Warranties and Disclaimer

  1. Each party represents and warrants that it has validly accepted or entered into this Agreement and has the legal power to do so.
  2. Client represents and warrants that it has provided and will continue to provide adequate notices, and that it has obtained and will continue to obtain the necessary permissions and consents, to provide Client’s Data to Pathway for processing.
  3. WITHOUT LIMITING PATHWAY’S EXPRESS WARRANTIES AND OBLIGATIONS HEREUNDER, AND EXCEPT AS EXPRESSLY PROVIDED HEREIN, THE SOFTWARE AND SERVICES ARE PROVIDED “AS IS,” AND PATHWAY MAKES NO WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT TO THE FULLEST EXTENT PERMITTED BY LAW. PATHWAY ADDITIONALLY DISCLAIMS ALL WARRANTIES RELATED TO TELECOMMUNICATIONS PROVIDERS’ NETWORKS ARE INHERENTLY INSECURE AND THAT PATHWAY WILL HAVE NO LIABILITY FOR ANY CHANGES TO, INTERCEPTION OF, OR LOSS OF CUSTOMER DATA WHILE IN TRANSIT VIA THE INTERNET OR A TELECOMMUNICATIONS PROVIDER’S NETWORK. BETA OFFERINGS ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITH NO WARRANTIES AND PATHWAY WILL HAVE NO LIABILITY AND NO OBLIGATION TO INDEMNIFY FOR ANY BETA OFFERING WHATSOEVER.

14. Limitation of Liability

  1. Neither party shall be liable for any of the following losses or damages (whether or not foreseen, indirect, foreseeable, known or otherwise): (i) loss of profits (whether actual or anticipated), (ii) loss of revenue, (iii) loss of contracts, (iv) loss of anticipated savings, (v) loss of business, (vi) loss of opportunity, (vii) loss of goodwill, or (viii) any indirect, special, incidental, consequential, cover, lost data, business interruption, or punitive damages, whether an action is in contract or tort and regardless of the theory of liability, even if a party or its affiliates have been advised of the possibility of such damages or if a party’s or its affiliates’ remedy otherwise fails of its essential purpose. The foregoing disclaimer will not apply to the extent prohibited by law.
  2. Pathway’s total aggregate liability arising out of or in connection with the performance or contemplated performance of the services hereunder (including without limitation under all Schedules hereto) (whether for tort (including negligence), breach of contract, breach of statutory duty or otherwise) shall in no event exceed the price paid or payable by Client to Pathway or its affiliates hereunder within the 12 month period immediately before the date of the event giving rise to Client’s claim. The foregoing limitation shall not apply to any breach of Confidentiality.
  3. Nothing contained in the Agreement shall exclude or limit either party’s liability for: (i) fraud or fraudulent misrepresentation; or (ii) any other matter for which it would be prohibited by applicable law to limit or exclude or attempt to limit or exclude liability. In all such cases a party’s liability shall be limited to the greatest extent permitted by applicable law.
  4. Access to the Software delivered via online systems is dependent on third parties, such as internet service providers. Pathway will have no liability to Client for any losses Client suffers resulting directly or indirectly from: (i) failures of performance on the part of Pathway’s internet service provider; (ii) failure of Client’s equipment or those of Client’s candidate(s) or third parties; (iii) reasons related to Pathways provision of scheduled system upgrades or maintenance; (iv) any security breach of Pathway’s system unless such breach is shown to be the result of Pathway’s negligence; or (v) inability to access the Pathway online system in any one country due exclusively to Pathway’s software or hardware for any period not exceeding (a) ten (10) consecutive hours or (b) an aggregate of more than twenty-four (24) hours in any calendar month.

15. Indemnification

  1. Indemnification by Pathway. Pathway will defend Client, its affiliates, and each of their directors, officers, and employees (collectively, “CLIENT INDEMNIFIED PARTIES”) from and against any claim, demand, suit, or proceeding made or brought against a Client Indemnified Party by a third party alleging that Pathway’s provision of the Selected Software infringes or misappropriates such third party’s intellectual property rights (“PATHWAY INDEMNIFIABLE CLAIM”). Pathway will indemnify Client from any fines, penalties, damages, legal and other professional fees, and costs awarded against a Client Indemnified Party or for settlement amounts approved by Pathway for a Pathway Indemnifiable Claim. If Pathway’s provision of the Selected Software has become, or in Pathway’s opinion is likely to become, the subject of any Pathway Indemnifiable Claim for third-party intellectual property rights infringement or misappropriation, Pathway may at its option and expense: (a) procure the right to continue to provide the Selected Software as set forth herein; (b) modify the Selected Software to make them non- infringing; or (c) if the foregoing options are not reasonably practicable, terminate this Agreement, or, if applicable, terminate the Selected Software that is the subject of any Pathway Indemnifiable Claim for third-party intellectual property rights infringement or misappropriation, and refund to the Client any unused pre-paid Fees.
  2. Limitations. Pathway will have no liability or obligation under this Section 15 with respect to any Pathway Indemnifiable Claim arising out of (a) Client’s use of the Software in breach of this Agreement; (b) the combination, operation, or use of the Software with other applications, portions of applications, products, or services where the Software would not by themselves be infringing; or (c) Software for which there is no charge.
  3. Indemnification by Client. Client will defend Pathway, its affiliates, and each of their directors, officers, and employees (collectively, “PATHWAY INDEMNIFIED PARTIES”) from and against any claim, demand, suit, or proceeding made or brought against a Pathway Indemnified Party by a third party alleging or arising out of Client or its Authorized Users’ (i) breach of this Agreement, (ii) provision of the Client’s Data to Pathway, or (iii) use of the Selected Software or the Platform, or arising out of a Client Application, including, without limitation, any claims that a Client Application, or Client or its Authorized Users’ use of a Client Application, infringes or misappropriates such third party’s intellectual property rights (collectively, “CLIENT INDEMNIFIABLE CLAIMS”). Client will indemnify Pathway from any fines, penalties, damages, legal and other professional fees, and costs awarded against a Pathway Indemnified Party or for settlement amounts that Client approves for a Client Indemnifiable Claim. For purposes hereof, “CLIENT APPLICATION” means any software application or service that Client makes available to its Authorized Users that interfaces with the Selected Software or Platform.
  4. Conditions of Indemnification. As a condition of the foregoing indemnification obligations: (a) the indemnified party (“INDEMNIFIED PARTY”) will promptly notify the indemnifying party (“INDEMNIFYING PARTY”) of any Client Indemnifiable Claim or Pathway Indemnifiable Claim (individually or collectively referred to herein as a “CLAIM”) in writing; provided, however, that the failure to give prompt written notice will not relieve Indemnifying Party of its obligations hereunder, except to the extent that Indemnifying Party was actually and materially prejudiced by such failure; (b) Indemnifying Party will have the sole authority to defend or settle a Claim; and (c) Indemnified Party will reasonably cooperate with Indemnifying Party in connection with Indemnifying Party’s activities hereunder, at Indemnifying Party’s expense. Indemnified Party reserves the right, at its own expense, to participate in the defense of a Claim. Notwithstanding anything herein to the contrary, Indemnifying Party will not settle any Claim for which it has an obligation to indemnify under this Section 15 admitting liability or fault on behalf of Indemnified Party, nor create any obligation on behalf of Indemnified Party without Indemnified Party’s prior written consent, which will not be unreasonably withheld, conditioned, or delayed.
  5. Exclusive Remedy. This Section 15 states Indemnifying Party’s sole liability to, and Indemnified Party’s exclusive remedy against, the other party for any third-party claims.

16. Termination

This Agreement will commence on the Effective Date and continue until terminated in accordance with either of the following (“TERM”):

  1. For Convenience. Either party may terminate this Agreement for convenience by providing the other party with at least forty-eight (48) hours prior written notice.
  2. Non-Payment of Fees. Pathway may terminate this Agreement immediately due to the non-payment by the Client of any Fees, or by the breach of any provisions of this Agreement by the Client.
  3. Insolvency. Subject to applicable law, either party may terminate this Agreement immediately by providing written notice in the event of the other party’s liquidation, commencement of dissolution proceedings, or any other proceeding relating to a receivership, failure to continue business, assignment for the benefit of creditors, or becoming the subject of bankruptcy.

Upon Termination for any reason, the Client will cease to have access to any of the information or services offered by the Software. Notwithstanding the termination of this Agreement, terms contained within Sections 2, 3, 4, 7, 9, 10, 11, 14, 15 and 17 shall survive the termination of this Agreement.

17. Miscellaneous

  1. Assignment. Neither party hereto may assign or otherwise transfer this Agreement or any applicable PO, in whole or in part, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld or delayed). Notwithstanding the foregoing, Pathway may assign this Agreement or any applicable PO, in whole or in part, without consent to (a) a successor to all or part of its assets or business or (b) an affiliate. Any attempted assignment, delegation, or transfer by either party in violation hereof will be void. Subject to the foregoing, this Agreement and any applicable PO will be binding on the parties and their respective successors and permitted assigns.
  2. Relationship. Each party is an independent contractor in the performance of each and every part of this Agreement. Nothing in this Agreement is intended to create or will be construed as creating an employer-employee relationship or a partnership, agency, joint venture, or franchise. Each party will be solely responsible for all of its employees and agents and its labor costs and expenses arising in connection therewith and for any and all claims, liabilities, damages, or debts of any type whatsoever that may arise on account of its activities, or those of its employees and agents, in the performance of this Agreement. Neither party has the authority to commit the other party in any way and will not attempt to do so or imply that it has the right to do so.
  3. No Third-Party Beneficiaries. This Agreement does not confer any benefits on any third party (including Client’s Authorized Users or an affiliate) unless it expressly states that it does. A person who is not a party to this Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 or otherwise to enforce any of its provisions.
  4. Notices. Notices to Pathway will be provided via email to support@pathwayport.com. All notices to Client will be provided via email to the relevant contact(s) Client designates in its account.
  5. Governing Law. This Agreement will be governed by and interpreted according to the laws of Ontario and the federal laws of Canada applicable therein, without regard to conflicts of laws and principles. The United Nations Convention on Contracts for the International Sale of Goods will not apply to this Agreement. Any action arising out of this Agreement will be instituted in the courts of the city of Toronto and the parties hereby consent to the non-exclusive jurisdiction of these courts.
  6. Dispute Resolution. In the event of any dispute, claim, or controversy in connection with this Agreement (other than for disputes, claims, or controversies related to the intellectual property of a party) (collectively, “DISPUTES”), each party’s representatives will, in good faith, attempt to resolve a Dispute. If the parties are unable to resolve a Dispute within thirty (30) days or within such other time period as the parties may agree in writing, then the parties may commence binding arbitration under the Ontario Arbitration Act. The parties will share equally the fees and expenses of the arbitrator. The arbitration will be conducted by a sole arbitrator mutually agreed to between the parties or, failing that, by the ADR Institute of Ontario under its then prevailing rules. Judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction. The arbitrator will have the authority to grant specific performance or any other equitable or legal remedy, including provisional remedies. Each party will be responsible for its own incurred expenses arising out of any dispute resolution procedure. Any arbitration proceedings will take place in the English language in the City of Toronto.
  7. Force Majeure. No failure, delay, or default in performance of any obligation of a party will constitute an event of default or breach of this Agreement to the extent that such failure to perform, delay, or default arises out of a cause, existing or future, that is beyond the control and without negligence of such party, including action or inaction of governmental, civil or military authority, fire, strike, lockout, or other labor dispute, flood, terrorist act, war, riot, theft, earthquake, or other natural disaster (collectively, “FORCE MAJEURE EVENTS”). The party affected by a Force Majeure Event will take all reasonable actions to minimize the consequences of any such event.
  8. Waiver. No failure or delay by either party in exercising any right or enforcing any provision under this Agreement will constitute a waiver of that right or provision, or any other provision.
  9. Headings. Titles and headings of sections of this Agreement are for convenience only and will not affect the construction of any provision of this Agreement.
  10. Severability. In the event that any provision of this Agreement is held by a court or other tribunal of competent jurisdiction to be unenforceable, such provision will be limited or eliminated to the minimum extent necessary to render such provision enforceable and, in any event, the remainder of this Agreement will continue in full force and effect.
  11. Entire Agreement. This Agreement (including all exhibits and attachments hereto) will constitute the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior and contemporaneous understandings, proposals, statements, sales materials, presentations, or non-disclosure or other agreements, whether oral or written. No oral or written information or advice given by Pathway, its agents, or its employees will create a warranty or in any way increase the scope of the warranties or obligations in this Agreement.

Data Security

July 25, 2024

This Schedule B (Data Security Standards) (this “SCHEDULE”) is subject to and incorporated by reference to the attached Terms of Service (the “AGREEMENT”). To the extent of any conflict or inconsistency between the provisions in the body of this Agreement and this Schedule, the terms of this Schedule shall prevail. Under this Schedule, “SERVICE PROVIDER” shall refer to Iterro Inc. operating as Pathway and “CUSTOMER” shall refer to Client (as defined in the Agreement).

Customer requires that its suppliers, vendors and other business partners, including Service Provider, comply with these Data Security Standards with respect to any data or other information (collectively, “CUSTOMER DATA”) that Customer or its personnel make available or accessible to Service Provider in the context of Service Provider’s business relationship with Customer. All capitalized terms and phrases used herein but not otherwise defined shall have the same meanings set forth in the Agreement. This Schedule will survive termination of the Agreement for as long as Service Provider has Customer Data in its possession or under its control. Service Provider covenants, at Service Provider’s expense except where otherwise provided, the following:

  1. Definitions.

    1.1 “Customer Data” means (i) all information provided by Customer to Service Provider to enable the provision of access to, and use of, the services under the Agreement ; (ii) all content, data and information processed, recorded and stored for Customer in connection with Customer’s use of the Services; and (iii) Customer specific configurations and rules implemented in the Services. “Customer Data” includes, without limitation, any personally identifiable information or data concerning or relating to Customer’s employees, agents, customers or other individuals that Customer has dealings with, that may be used to uniquely identify or contact such employees, agents, customers or individuals, including commonly understood sub-categories such as Personal Sensitive Information (PSI), Protected Health Information (PHI), Personal Card Data (PCI), Personal Identity Information (PII), and other personal information or personal data as defined under applicable regulatory privacy regulations and regulated and confidential information, and Personal Information as defined under the Agreement.

    1.2 “Good Industry Practice” means the exercise of that degree of skill, diligence, prudence and foresight which would reasonably and ordinarily be expected from a skilled and experienced operator engaged in the same type of undertaking under the same or similar circumstances seeking to meet its obligations to the fullest extent possible.

    1.3 “Personnel” means Services Provider’s employees, contractors, suppliers, subcontractors (other than Excepted Subcontractors, as defined below) and any other persons who have access to Service Provider’s facilities, systems, or Customer Data.

  2. Security Program Requirements. Service Provider shall establish and maintain a comprehensive “Security Program” that has the physical, administrative, and technical safeguards to: (i) ensure the integrity, security and confidentiality of Customer Data; (ii) protect against threats and hazards to the security of Customer Data, and (iii) protect against any loss, misuse, unauthorized, accidental or unlawful access, disclosure, alteration and destruction of Customer Data. All of the foregoing shall be no less rigorous than those maintained by Service Provider for its own data and information of a similar nature; and shall ensure compliance with the provisions of applicable law and regulations and Good Industry Practice. Upon request, Service Provider shall provide Customer appropriate documentation evidencing compliance with these requirements. Such measures will include implementing and maintaining the following which Service Provider will be responsible for ensuring are maintained at all times by it and its Personnel:

    2.1 Server location

    (a) Customer Data shall at all times be hosted by Service Provider on servers that are physically located in the United Kingdom (but may be transmitted through the United States as a result of the physical location of the servers of the Service Provider’s subcontractors), unless otherwise agreed in writing by the parties.

    2.2 Physical Security Measures

    (a) Physical Data. Service Provider shall not keep any Customer Data in physical form unless required

    2.3 Administrative Security Measures

    (a) Background Checks and Training. Prior to allowing Personnel to access Customer Data, Service Provider and its subcontractors, agents, etc. (other than Pathway and AWS, which shall collectively be hereinafter referred to as “EXCEPTED SUBCONTRACTORS”) will use commercially reasonable efforts to conduct background checks and ensure that all individuals have the reasonable skill and experience suitable for employment and placement in a position of trust and trained with respect to Service Provider’s security policy and procedures. Service Provider shall not provide access to Customer Data if any such individual (other than Excepted Subcontractors’): (i) has been convicted of a felony or misdemeanor for fraud, theft, embezzlement, or other similar crimes involving dishonesty or breach of trust (or the equivalent thereof under relevant non-US law); (ii) is on any of the following lists: (a) the U.S. Government Specially Designated National and export denial list, (b) the OFAC List, (c) the BISDP List, (d) the OIG List, (e) the GSA List, or (f) any foreign equivalent; or (iii) for whom there is a significant deviation between the information reported by the individual and results of the background check.

    (b) Architecture, Engineering, Application/Data Landscape Documentation. Service Provider must maintain current, accurate, and complete documentation on overall system, network, and application architecture, data flows and security functionality for applications that process or store Customer Data. Service Provider must employ documented secure programming guidelines, standards, and protocols in the development of applications or systems.

    2.4 Technical Security Measures

    1. Security Event Logs. Security event-related logs must be preserved and be available online for a minimum of two (2) years. This requirement applies to the data sources that are capable of logging data that can be used to enforce accountability, detect a violation of security policy, detect an attempt to exploit vulnerabilities, and/or detect compromises resulting in losses of integrity, confidentiality and availability of Customer Data, environments, services, systems, and applications.

    2. Access and Authorization. Service Provider will employ physical, administrative, and technological access control mechanisms to prevent unauthorized access to Service Provider’s facilities and systems associated with Customer Data, applications, and systems. Service Provider will limit access to Customer Data to Personnel with a need to know the information to perform the Services. Such mechanisms will have the capability of detecting, logging, and reporting access to the system or network or attempts to breach the security of the facility, compartment, system, network, application, and/or data.

      1. Each person must have an individual account that authenticates the individual’s access to Customer Data. Service Provider will not allow sharing of accounts.

      2. Service Provider will utilize two-factor authentication.

      3. Service Provider will maintain a process to review access controls quarterly for all Personnel who have access to Customer Data, applications, or systems, including any system that, via any form of communication interface, can connect to the system on which Customer Data is stored. Service Provider will maintain the same processes of review and validation for any third party hosted systems it uses that contain Customer Data.

      4. Service Provider will promptly revoke a person’s access to Customer Data within twenty-four (24) hours once such person no longer requires access to the system(s) or application(s) or immediately if warranted or requested by Customer.

      5. Service Provider will maintain a password policy that is consistent with recognized industry standards such as NIST Special Publication 800-63B.

    3. Data Transmission and Storage. Service Provider shall not transmit or store Customer Data outside the United Kingdom or the United States, or allow its employees or agents to download, extract, store, or transmit Customer Data through personal computers, personal laptops, or other personal electronic devices , except where such devices may ordinarily be used by them in the performance of their duties or services for the Service Provider.

    4. Change Management. Service Provider will employ an effective documented change management program with respect to the Services. This includes logically or physically separate environments from production for all development and testing. No Customer Data will be transmitted, stored or processed in a non-production environment.

    5. Security Patch Management. Service Provider shall maintain and patch/remediate all systems, devices, firmware, operating systems, applications, and other software that process Customer Data consistent with Good Industry Practices.

    6. Network Security. Service Provider will deploy appropriate firewall, intrusion detection/prevention, and network security technology in the operation of the Service Provider’s systems and facilities consistent with industry best practices. Traffic between Customer and Service Provider will be protected, authenticated, and encrypted.

    7. Malicious Code Protection. All workstations and servers must run anti-virus software, where possible and consistent with industry best practices.

    8. Data Encryption. Service Provider will utilize cryptographically secure protocols in accordance with Good Industry Practice at all times to encrypt Customer Data when in transit, at rest in any application or system, or transported/stored via any physical media (e.g. tapes, disks, etc.). If personal devices (e.g. desktops, laptops, mobile phones, tablets) are used to perform any part of the Services, Service Provider will encrypt all Customer Data on such devices and Service Provider will maintain an appropriate key management process, including, but not limited to, access controls to limit access to private keys, (both synchronous and asynchronous), key revocation processes, and key storage protocols (e.g., private keys must not be stored on the same media as the data they protect).

    9. Disaster Recovery. Service Provider warrants that it has and will maintain a Good Industry Practice disaster recovery plans in place that will allow Service Provider to resume full performance of the Services no more than twenty-four (24) hours after an interruption due to a disaster or other circumstance outside of Service Provider’s control. If Service Provider fails to restore the Services within twenty-four (24) hours after an initial disruption, or if there are more than two interruptions of the Services during any twelve (12)-month period, Customer at its option may declare this Agreement immediately terminated for Cause by giving written notice to Service Provider, and Service Provider shall work with Customer in good faith to transition Customer to an alternative service provider as determined in Customer’s sole discretion and at Service Provider’s expense. Service Provider shall test such recovery plan at least once per year. Service Provider will discuss results of these tests with Customer on request. The Service Provider shall implement Good Industry Practice to securely back up data in respect of the Customer Data and promptly make such backed up data available to Customer on request.

  3. Security Assessments. Service Provider’s Security Program shall provide for regular assessment of the risks to the security of Customer Data and to Customer’s, Service Provider’s, or any third party’s systems, applications, and services that are part of the Services. Service Provider shall promptly correct such deficiencies in accordance with the recommendations of such assessments, and, as applicable, this Schedule and the Agreement.

    3.1 Security Risk Assessment. Customer acknowledges that Service Provider does not currently, but may in the future, perform SOC 1 SSAE 18 Type II.

    3.2 Vulnerability Scans. Service Provider shall perform internal and external host/network vulnerability scans after any material change in the host/network configuration.

    3.3 Application Security Tests & Assessments. Customer acknowledges that Service Provider will perform a security assessment, including a penetration test conducted by a reputable third party consistent with best practices in the information technology field, on applications and systems that process Customer Data within twelve months of the date of this Agreement.

  4. Updates. Service Provider shall review and update its Security Program policies and procedures at least annually and as necessary to comply with changes in federal, state, and local laws and regulations pertaining to the privacy and protection of Customer Data. Service Provider shall ensure its Security Program stays current with industry best practices with respect to new security standards, threats and hazards. If Service Provider determines that it can no longer provide this level of protection, Service Provider will promptly notify Customer of this determination, and Customer shall have the right to terminate the Agreement upon notice to Service Provider without penalty or further liability. Upon request, Service Provider shall provide Customer a copy of the updated policies and procedures along with a report outlining material changes to Service Provider’s systems, applications, and security program. Service Provider shall also provide a document containing key security management details (e.g. key contacts, incident response steps, back-up site information, details of processes to follow etc.) and notify Customer of any relevant updates.
  5. Subcontractors. Service Provider shall conduct appropriate due diligence on any subcontractors (other than Excepted Subcontractors) involved in performing the Services or who have access to Customer Data, applications, or systems to ensure compliance not materially less protective than the standards included in this Agreement. Service Provider shall include and enforce obligations regarding data security in all its contracts with parties (other than Excepted Subcontractors) that have access to or process Customer Data, which obligations are no less protective than the standards included in this Schedule.
  6. Termination Due to Security Breach. Should Customer determine that Service Provider had a material security breach that resulted in unauthorized disclosure of Customer Data or that, in Customer’s reasonable discretion, represents a material security risk, Customer shall have the right, in addition to all other rights and remedies under the Agreement or applicable law, to terminate the Agreement upon written notice to Service Provider.
  7. Security Incident Response and Reporting. A security “Incident” is any event that could negatively impact the security of Customer Data and/or Customer’s network (including any circumstances that would render such access or use reasonably possible and any breach of these Data Security Standards) including any (i) unauthorized, accidental or unlawful loss, access, use, disclosure, modification, or destruction of Customer Data; (ii) act that violates any law or any Customer or Service Provider security policy; (iii) unplanned service disruption that prevents the normal operation of the Services; or (iv) unauthorized access or attempt to access Service Provider’s or Customer’s applications, systems or Customer Data. If Service Provider detects or suspects an Incident, Service Provider shall:

    7.1 Notify Customer’s IT Security Representative by emailing the Client immediately and no later than within one (1) hour after Service Provider becomes aware of a security Incident involving regulated data (PHI, PCI, SOX, etc.) or Customer Data. For any other Incidents, notify Customer’s IT Security within 24 hours. Customer shall retain the right to make and control any regulatory notifications required by an Incident.

    7.2 Immediately perform such Incident response activities as may be reasonably requested by Customer, including, but not limited to: responding and investigating; collecting, analyzing and preserving evidence; and containing, remediating, recovering and mitigating adverse impacts. Service Provider will cooperate with Customer and with law enforcement authorities in investigating any such Incident, at Service Provider’s expense. Service Provider will likewise cooperate with Customer and with law enforcement agencies to notify injured or potentially injured parties in compliance with applicable law, and offer identity theft monitoring services to injured or potentially injured parties at Customer’s election; and such cooperation, including all costs associated with notifications and/or identity theft monitoring services as set forth above, will be at Service Provider’s expense, except to the extent that the Incident was caused by Customer. The remedies and obligations set forth in this subsection are in addition to any others Customer may have.

    7.3 If requested by Customer, prepare and deliver to Customer as soon as reasonably possible and no later than within five (5) business days of the Incident a root cause report that describes in detail (i) the nature and extent of the Incident; (ii) the Customer Data affected and the likely impact upon it; (iii) all supporting evidence, including system, network, and application logs related to the incident; (iv) all investigative, corrective and remedial actions completed, and planned actions and the dates that such actions will be completed; (v) all efforts taken to mitigate the risks of further Incidents; and (vi) an assessment of the security impact to Customer; and provide such further prompt assistance as Customer shall reasonably request in connection with notifications required to regulatory authorities under applicable law. Upon Customer’s request, Service Provider shall provide Customer with immediate and ongoing access to all meetings, reports, copies of all logs and data, and other information that has a nexus to security Incidents impacting Customer.

  8. Designated IT Security Representatives. Service Provider shall provide a designated contact person with responsibility for day-to-day security management to work with Customer’s security organization. This individual shall be at an appropriate level and have the authority to initiate corrective actions on behalf of Service Provider as necessary to respond to and correct any Incident, disclosure or breach involving Customer Data. If software development is involved, Service Provider shall also identify the person who will be responsible for overall security of the application development, management, and update process. The following individuals are Customer’s and Service Provider’s security representatives. All notifications required under this Schedule shall be made to such designated individuals.

Service Level Agreement

July 25, 2024

  1. Definitions
    1. Availability” means the percentage of time that Pathway makes available the Software and Platform to the Client in a fully functional and responsible manner, in accordance with Schedule “B’ and the Agreement.

    2. Downtime” means the percentage of time that the Software and Platform are not made available to the Client for any reason outside of the Client’s control.

    3. Incident” means any event that is not part of the standard operations and that causes or may cause, an interruption to or reduction in the availability of the Software and/or Platform.

    4. Planned Maintenance” is the time, not exceeding 5 hours per month, outside of Business Hours, for which Pathway must provide the Client with at least 48 hours’ written notice or as much notice as reasonably possible where an emergency security patch must be deployed to protect Client Data.

    5. Response Time” means the time elapsed between an Incident being reported (ticket created) and the Incident being acknowledged by Pathway Support Personnel to initiate Support Services.

    6. Workaround” means a strategy, plan or technique used to overcome the causes(s) of an Incident.

  2. Support Services

    Pathway shall provide the Client and its Authorized Users Support Services through its online platform (SLACK) and by email and telephone. The Support Services will be available 24 hours a day, 7 days a week. The Support Services include all new releases, versions, updates, upgrade, corrections, fixes, modifications, customizations and improvements to the Software, Platform and Services made or owned by Pathway. If any Support Services are not performed with reasonable skill, care and diligence, Pathway shall re-perform the Services. Pathway will assign a dedicated Client Success Manager (CSM) to the Client’s account to assist in support including the setup of the Client’s first campaign launch. Pathway will provide a monthly value report so it can show the Client all the benefits that Pathway is providing as part of its Services and Support.

  3. Incident Response and Resolution Time Service Levels
    1. Incident severity levels and Incident response and Resolution or Workaround Delivery time Service Levels are set our in the table below:

    Support Levels

    Severity Level - Severity 1

    Definition

    Any Incident which renders the Software, Platform or Services unusable to the Client. These are Incidents related to the Software, Platform or Services for which there is no alternate solution available.


    Coverage

    24x7 (24 hours per day, 7 days a week)


    Response Time SLA

    2-hour call-back or electronic reply


    Incident Resolution or Workaround Delivery Procedure SLA

    • Pathway will take immediate steps toward resolving the Incident.
    • Pathway will work with the Client to address Severity 1 Incidents until a solution is available or a Workaround is provided no later than 24 hours from notification of Incident.
    • If a Workaround is provided, Pathway will downgrade the severity of the Incident with prior written approval from the Client to get a permanent fix in a reasonable mutually agreed to timeframe.

    Allowable Service Level Failure (per month) for: a) Resolution Time and b) Incident Resolution or Workaround Delivery

    1. 2
    2. 1

    Incident Response Service Level Credits

    2% of annual Fees if Allowable Service Level Failure (per month) is exceeded.


    Incident Resolution or Workaround Delivery Service Level Credits

    5% of annual Fees if Allowable Service Level Failure (per month) is exceeded.

    Severity Level - Severity 2

    Definition

    Any Incident which has a significant impact on business production, however, the Client can continue business operations in a restricted manner. These are Incidents related to the components of the Software, Platform or Services which are being faced or encountered by multiple users at the same time.


    Coverage

    24x7 (24 hours per day, 7 days a week)


    Response Time SLA

    4-hour call-back or electronic reply


    Incident Resolution or Workaround Delivery Procedure SLA

    • Pathway will take immediate steps to address the Incident.
    • Pathway will work with the Client to address Severity 2 Incidents until a solution is available or a Workaround is provided no later than 48 hours from notification of Incident.
    • If a Workaround is provided, Pathway will downgrade the severity of the Incident with prior written approval from the Client to get a permanent fix in a reasonable mutually agreed to timeframe.

    Allowable Service Level Failure (per month) for: a) Resolution Time and b) Incident Resolution or Workaround Delivery

    1. 2
    2. 1

    Incident Response Service Level Credits

    1% of annual Fees if Allowable Service Level Failure (per month) is exceeded.


    Incident Resolution or Workaround Delivery Service Level Credits

    2% of annual Fees if Allowable Service Level Failure (per month) is exceeded.

    Severity Level - Severity 3

    Definition

    Any Incident which is user-specific and does not have a direct impact on business production. The Software, Platform or services are usable and the Incident causes only minor inconvenience.


    Coverage

    24x7 (24 hours per day, 7 days a week)


    Response Time SLA

    48-hour call-back or electronic reply


    Incident Resolution or Workaround Delivery Procedure SLA

    Pathway will research Severity 3 Incidents within 3 Business Days of the first Pathway response. Pathway will provide a plan and timeframe to the Client to address Severity 3 Incidents within 96 hours from notification of Incident.


    Allowable Service Level Failure (per month) for: a) Resolution Time and b) Incident Resolution or Workaround Delivery

    1. 3
    2. 2

    Incident Response Service Level Credits

    .05% of annual Fees if Allowable Service Level Failure (per month) is exceeded.


    Incident Resolution or Workaround Delivery Service Level Credits

    .05% of annual Fees if Allowable Service Level Failure (per month) is exceeded.

    Pathway will respond to any report of an Incident and will provide a plan to resolve the Incident as soon as possible. Pathway will provide a monthly report of all Incidents and achievement of Service Level agreements as well as applicable Service Level Credits.

  4. Escalation Levels

    Each Party’s escalation levels to escalate Incidents that are not resolved with the resolution times specified in Section 3 above are set out in the table below:

  5. Severity - Level 1

    Timeline for Notification if Resolution Service not met

    the Client Notification Contacts

    Pathway Notification Contact

    12 hours

    16 hours

    20 hours

    - -

    Severity - Level 2

    24 hours

    48 hours

    32 hours

    - -
  6. Availability Service Level

    Calculation. Service Level Availability is calculated by subtracting the percentage of Downtime which does not include any Planned Maintenance from 100%.

  7. Availability Service Level Credits
    1. Credit Calculation. Service level Credits are dollar credits calculated against the prorated monthly Fees for the Software, Platform and Service as set out in the table below:

  8. Availability

    Service Level Credit

    Less than 99.9%

    5%

    Less than 99.0%

    10%

    Less than 95.0%

    20%

    1. Set Off or Payment. Pathway will set off the Service Level Credits against the next invoice for the Software, Platform or Services. If the Agreement has been terminated and no set-off can be credited against a future invoice or if the Service Levels exceed amounts payable by the Client, Pathway shall pay the Client any balance of Service Level Credits within 45 days of the end of the month in which the applicable Service Level Credits are calculated.

  9. Reporting

    Pathway shall report any Incident response and/or resolution Service Level failures to the Client and provide monthly reports of Service Level Availability attainment and applicable Service Level Credits.

GDPR

June 22, 2023

Pathway as a ‘Data Controller’

If you are located in the United Kingdom or European Union, the UK or European version of the General Data Protection Regulation (GDPR) provides you (if we process your personal data as a Controller) with the additional rights listed below.

Right of Access. You have the right to know what information we hold about you, including:

  • The specific pieces of personal information we have collected about you;
  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information is collected;
  • The business or commercial purpose for collecting your personal information;
  • The categories of third parties with whom we have shared your personal information;
  • The anticipated period of time for which your personal data will be stored; and
  • The existence of automated decision-making, including profiling.

Right to Correct. If you find out that your personal data is inaccurate or incomplete, you can request that we correct it.

Right to Restrict. You have the right to suspend our processing of your personal data if:

  • The accuracy of the personal data is contested;
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  • We no longer need the personal data for the purposes of processing but is required to keep it for the establishment, exercise, or defense of legal claims; or
  • You have objected to processing pursuant to Article 21(1) of the GDPR, pending the verification of whether the legitimate grounds of the data controller override those of the data subject.

Right to report. You have the right to complain to a supervisory authority if you believe your privacy rights are being violated.

Other Rights. In certain instances, you may have the right to data portability (if our processing is based on consent and automated means), withdraw consent at any time (if processing is based on consent), object to processing (if processing is based on legitimate interests), object to processing of personal data for direct marketing purposes, and erasure of your personal data from our system (“right to be forgotten”) if certain grounds are met.

Response Timing and Format. We aim to respond to a request for access, correction, restriction, or deletion within one month of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.

To make a request under the GDPR, contact us via email at legal@pathwayport.com. Please include your full name and email address along with why you are writing so that we can process your request in a timely manner. We may require you to provide some evidence of your identity.

Pathway as a Data Processor

Most personal data processing that Pathway undertakes is as a Processor on behalf of its customers.

Pathway is committed to meeting its obligations under the GDPR and enters into a Data Processing Agreement with all customers.

UK/ European Representatives

As Pathway processes the personal data of individuals who are in the UK or European Union it has appointed representatives in those areas. If you reside in these areas and have any concerns with how Pathway processes your personal data please contact them through legal@pathwayport.com

Privacy Notice

July 25, 2024

We are Pathway. Pathway is a business name registered by Iterro Inc., which is a Canadian corporation having its principal place of business at 110 Cumberland Street, Suite 351, Toronto, Ontario M5R 3V5, Canada (hereafter, "PATHWAY" or "COMPANY"). We are the owner of our website, www.pathwayport.com (hereafter, "WEBSITE").

Table of Contents

1. General

  1. Pathway takes User privacy seriously and takes reasonable efforts to protect your privacy. We have created this Privacy Policy ("POLICIES") in order to share with you our information collection and use practices. AS IS MORE CLEARLY DEFINED HEREIN, WE WILL NEVER KNOWINGLY SELL OR ASSIGN YOUR PERSONAL INFORMATION WITHOUT YOUR KNOWLEDGE AND OR APPROVAL.
    Please read these Policies carefully before sharing any personally identifiable information described below.
  2. These Policies apply solely to the website located at www.pathwayport.com. Company reserves the right to make changes or modifications to the Pathway website and these Policies. Display of any notice of changes online at the Pathway website shall constitute effective notice under these Policies, and User′s continued use of the website, thereafter, shall constitute User′s acceptance of such changes or modifications.
  3. These Policies work hand-in-hand with our Website Terms of Use and Pathway Terms and Conditions, for which the link can be found on the Home page of our website.
  4. Users can access these Policies by clicking on the "PRIVACY POLICY" link that appears on the Pathway website "HOMEPAGE" and by reading it on their computer monitor, printing it out, downloading it and/or saving it at any time, even after the Policies have been closed. If you do not agree to be bound by these Policies, you may not use the website or the Services provided on or through it.

2. Definitions

The following words used in these Policies shall have the following meanings:

  1. "PERSONAL INFORMATION" shall mean all data and/or information provided by and about User, including e-mail address, name, address or payment information, etc.;
  2. "WEBSITE" shall mean the website on which Pathway provides its Services.
  3. "USER" shall mean all Users/Customers of the Pathway website and its Services.
  4. "SERVICES" shall mean all Services and/or Products provided by and through Pathway and it′s website.
  5. "3RD-PARTIES" shall mean all advertisers, licensors, partners or affiliate vendors that are included on the Pathway website.

3. What Personally Identifiable Information Does Pathway Collect and How Is It Used?

  1. In order to access Pathway Services, you will be asked for certain personally identifiable information such as name, email address, shipping and billing address, payment and other information.
  2. Pathway will not collect personally identifiable information from Users while they use the website, unless they voluntarily provide it to us or authorize us to collect such information. For example, if you purchase a Service Plan, you will be required to provide information to complete the purchasing transaction.
  3. Users may provide other information about themselves, in addition to the mandatory Personal Information ("VOLUNTARY INFORMATION").
  4. Pathway may use or disclose User′s personally identifiable information to:
    1. Operate and manage the web site;
    2. Provide services or products that have been requested;
    3. Respond to legal enquiries or requests;
    4. Service providers acting as processors who provide certain services to Pathway such as data storage and payment services providers
    5. Professional advisers including lawyers, bankers, auditors and insurers who provide professional services to Pathway.
  5. Pathway will never sell User Information to any third party not affiliated with Pathway, without consent, except in connection with the sale or merger of Pathway or the division responsible for such Services provided.
  6. Pathway may also use such information for marketing their Services to you ONLY IF you have not ′opted out′ to receive such marketing information from us.
  7. When you choose to subscribe to a plan, either Emails and or Storage, on the Pathway website, User will be required to provide us with certain personal information, including your name, email address, credit card number, expiration date and billing address (this required information is subject to change from time to time). This information will be used to set account settings and preferences and to contact User in regard to any account changes, system alert messages, Pathway changes to the Terms of Use or Privacy Policy. This information may also be utilized to process User account payments and to contact User for feedback and surveys. By providing us with this information, User consents to this information being collected, used, disclosed and stored by us in accordance with this Policy.
  8. When User uploads or creates an Email distribution list or puts together an Email Campaign, with Pathway, we will have access to the data on your distribution list and the information in your Email Campaign. Pathway will never, under any circumstances, steal your lists, or share your lists with any other party, except as required by law, or regarding contacting, except in response to a complaint or other communication directly from an individual on one of your lists. Only carefully selected, authorized personnel have access to view your Distribution Lists. Pathway does review the content of the Email Campaigns of our Users to verify compliance with our Terms of Use. This benefits our Users who are in compliance with our Terms of Use, because among other things, it reduces SPAM being sent through our servers, helping to ensure high deliverability.
  9. All Users will have access to reports on their Email Campaigns. These reports can determine who has opened or not opened emails, or clicked on links. This, and all other tracking information available to our Users, is also available to us, and we may collect and review that information.
  10. Pathway may, from time to time, send or post surveys or requests for User feedback in order to help us make our website and Services better. Any responses we receive from Users will be used only to evaluate our website and no personally identifiable information from Users will be shared with any non-employees of Pathway.
  11. Pathway may, from time to time, send notices about special offers, promotions or contests. If you sign up to participate in any of these, we will collect your email address. If you are chosen for a promotion or as a winner in a contest, you give Pathway permission to use your name, image and other information about you, for marketing purposes.

4. What Non-Personally Identifiable Information Do We Collect and How Is It Used?

  1. Pathway does collect and track certain non-personally identifiable information, including, but not limited to, IP numbers and browser type, access times, domain names, usage habits and other information which does not specifically identify any individual.
  2. Pathway may use and disclose non-personally-identifiable information for any number of reasons, including but not limited to, working with business partners and improving our website and Services.
  3. Pathway only uses this data in the aggregate, on a collective basis, in summary form, rather than on an individual basis. This data helps us determine the extent to which our Users use certain parts of our website, which, in turn, enables us to make it as appealing as possible. Pathway may also share aggregate data of Users collective use of our website with other companies with which we do business. We do this so they, too, can improve functionality and offer services and materials that our Users may want.
  4. Pathway may also collect Personal Information through the usage of widgets. This data is solely collected in order to enable the end-user to access the Services through other companies’ websites.

5. Does Pathway Offer Forums and Community Feedback Areas?

Pathway encourages communication between our Users. Although we currently do not offer a Community Feedback Area, we may set one up in the future. This will allow Users to interact and share information. This will be especially nice for Users who wish to focus in on specific topics of interest.

6. Do I Need A Username & Password To Access Products On The Pathway Website?

All Pathway User accounts require a Username and Password to log in to the website and utilize our Services. When User is done with using the website, they should "LOG OUT" in order to prevent someone from using their computer to access their account. User must keep their Username and Password secure and not disclose it to a third party.

7. Does Pathway Have A Newsletter?

  1. We send email notifications and information to Users who have opted in. Those notifications may be, but not limited to, our exclusive Newsletter, information on new features, new content, other products and services. These communications are sent to you directly by Pathway.
  2. In order to receive the emailed information you must have subscribed, via our website, or other sources, such as out mailing/client list. It is our intention to always allow you to opt out of any of our lists. When you receive any Newsletter or email and you want to unsubscribe, you can simply follow the "unsubscribe" link at the bottom.

8. Is My Information Private?

  1. The Pathway website may contain links to other third-party websites and the external websites of our advertisers. Each of these websites may have a Privacy Policy that differs from that of Pathway. These Policies do not cover the privacy practices of other websites linked to us.
  2. The only information that may be shared between Pathway and one of our partner websites is that which pertains to information used in the furtherance of tracking an order and providing User with correct information.
  3. Notwithstanding the above policies, we reserve the right to disclose your personal information to other third parties, if we are required to do so by law or believe that such action is necessary:
    1. To comply with legal process such as a search warrant, subpoena or court order;
    2. To protect the Company′s rights and property;
    3. To investigate reports of Users sending material using a false email address or Users sending harassing, threatening, or abusive messages;
    4. To protect Pathway against misuse or unauthorized use of our website and/or Pathway Products. PLEASE CHECK OUR "TERMS OF SERVICE" FOR ADDITIONAL DISCLOSURE REQUIREMENTS AND OTHER LEGAL REQUIREMENTS.

9. What About Data Security?

  1. Among Pathway′s top priorities, is to keep your Personal Information secure. We use 256-bit encryption and Secure Sockets Layer (SSL) technology, which provides the highest level of security currently available for secure transactions. This technology encrypts all of your Personal Information before it is transmitted to us. Encrypted information cannot be read or recorded as it travels over the Internet.
  2. You can tell you are sending information securely by the unbroken key icon or closed lock icon that should appear at the bottom of your Internet browser’s window (depending on what browser you use). These icons will appear when you are placing an order on the Pathway website. In addition, you will see our site address change slightly, from "http:" to "https:", indicating a secure server connection is being used.
  3. Additionally, access to your Personal Information is provided only to our employees and agents who have a need to know such information for the purpose of fulfilling your order and offering our high level of customer service. The computers that store your Personal Information employ the latest in firewall and security technology.
  4. Pathway requires that our advertisers and partners ensure the security of the data that Users provide to them, however, in the event of a breach of their security measures, User agrees that Pathway will not be liable for any loss or damage to you.
  5. Electronic Communications Privacy Act Notice (18USC 2701-2711): Pathway makes no guarantee of confidentiality or privacy of any communication or information transmitted on our website or any website linked to our website. Pathway will not be liable for the privacy of email addresses, registration and identification information, disk space, communications, confidential or trade-secret information, or any other content stored on Pathway equipment, transmitted over networks accessed by the website or otherwise connected with User′s use of the website.

10. May I See the Information You Collect About Me?

Yes! We provide Users with access to Personal Account information (e.g., account number, sales information, etc.), account status, contact information (i.e., name, address, telephone number, etc.) and other information that you may upload to your User Account Profile. User may access the information by logging into their account or by sending an email to Customer Support at support@pathwayport.com. We will respond within 24 hours.

11. Can I Opt-out?

  1. Pathway gives User the option to remove personally identifiable information from our list of active Users.
  2. You may also choose to opt-out of certain communications from Pathway, such as our Newsletter.
  3. All requests for opting-out from email contact should be made by sending an email to our Customer Service Department, at support@pathwayport.com. We will respond within 24 hours.
  4. Pathway is not responsible for removing your personally identifiable information from the lists of any third-party advertiser who has previously been provided your information in accordance with this Policy.

12. Where Is The WebSite Located?

The Pathway website is maintained in the Province of Ontario, Canada. If you are located outside of Canada, by using our website, you authorize the export of personally identifiable information to Canada and its storage and use as specified in these Policies.

In addition, some of our staff, service providers and other partners with whom we work may be based outside, or have part of their operations outside, of Canada so their processing of your personally identifiable information will involve a transfer of data to another jurisdiction. Whenever we transfer your personally identifiable information to another jurisdiction, or work with third parties which would involve such a transfer, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following conditions applies:

(a) that the country in question has been deemed to provide an adequate level of protection for your personally identifiable information; and/or

that appropriate measures are in place in our contractual arrangements with third parties to ensure an adequate level of protection for your personally identifiable information.

13. What Is The Minimum Age To Use The Pathway WebSite?

  1. Use of the Pathway website intended for all ages. However, in order to set up an account and purchase Services, you must be of legal age, which is eighteen (18) years, in Canada. Under no circumstances will Pathway knowingly allow a person under the age of eighteen (18) years to set up a User account, even with a parents′ or legal guardian′s consent, approval or authorization.
  2. If proof comes to the attention of Pathway that a registered User is under the age of eighteen (18) years, and is attempting to purchase, or has purchased Services, Pathway will immediately terminate such account.

14. Will There Be Changes to this Privacy Policy?

  1. As explained at the beginning of these Policies, Pathway reserves the right to amend these Policies at any time, in the event that this becomes necessary after their initial release, or in the event that it becomes necessary with respect to additional or amended services provided by Pathway.
  2. Pathway will not personally notify User of any changes or amendments to these Policies. Users are urged to check these Policies frequently, in order to determine whether any changes have been made. Users understand and agree that continued use of the Pathway website assumes that they have read and accepted these Policies, as may be changed or amended from time to time.

15. Section Titles

The section titles used in these Policies are purely for convenience and carry with them no legal or contractual effect.

16. Complaints

For any complaints, please contact Iterro’s Data Protection Officer via privacy@pathwayport.com.

17. Legal basis for processing Personal Information (EEA visitors only)

If you are a visitor/customer located in the European Economic Area ("EEA"), Iterro inc. is the data controller of your personal information. Iterro’s Data Protection Officer can be contacted at privacy@pathwayport.com.

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

UK Personal Data Processing Agreement (‘PDPA’)

July 25, 2024

Background

  1. The Client and Pathway have entered into an Agreement that will require Pathway to process Personal Data on behalf of the Client.
  2. This PDPA sets out the terms, requirements and conditions on which Pathway will process Personal Data on behalf of the Client.

Agreed Terms

  1. Definitions and interpretation

    The following definitions and rules of interpretation apply in this PDPA.

    1. Definitions:

      Agreement: the agreement for Pathway to provide services to the Client in order to meet the Business Purposes.

      Business Purposes: the services to be provided by Pathway to the Client as described in ANNEX A.

      Controller, Processor, Data Subject, Data Subject Rights, Personal Data, Data Protection Impact Assessments, Personal Data Breach, Processing and Third Country: have the meanings given to them in the Data Protection Legislation.

      Data Protection Legislation:

      a) To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of Personal Data.

      b) To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which the Client or Pathway is subject, which relates to the protection of Personal Data.

      EU GDPR: the General Data Protection Regulation ((EU) 2016/679).

      Regulator: for the UK the Information Commissioner and for any other country within the EU or other country subject to the Data Protection Legislation their data protection authority.

      UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.

    2. This PDPA is subject to the terms of the Agreement and is incorporated into the Agreement.

    3. Annex A forms part of this PDPA and will have effect as if set out in full in the body of this PDPA.

    4. A reference to writing or written includes email.

  2. Personal data types and processing purposes

    The Client and Pathway agree and acknowledge that for the purpose of the Data Protection Legislation:

    1. the Client is the Controller and Pathway is the Processor; and

    2. the Client retains control of the Personal Data and remains responsible for its compliance obligations under the Data Protection Legislation, including but not limited to, providing any required notices and obtaining any required consents, and for the written processing instructions it gives to Pathway.

  3. Pathway’s obligations
    1. Pathway must only process the Personal Data to the extent, and in such a manner, as is necessary for the Business Purposes in accordance with the Client’s written instructions and in accordance with the Data Protection Legislation.

    2. ANNEX A describes the subject matter, duration, nature and purpose of the processing and the Personal Data categories and Data Subject types in respect of which Pathway may process the Personal Data to fulfil the Business Purposes.

    3. Pathway must not process the Personal Data for any other purpose unless required to do so by domestic law. In such a case, Pathway must inform the Client of that legal requirement before processing, unless that law prohibits such notice on important grounds of public interest.

    4. Pathway must comply promptly with any written instructions from the Client requiring Pathway to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing.

    5. Pathway must promptly notify the Client if, in its opinion, the Client’s instructions do not comply with the Data Protection Legislation.

    6. Pathway (and any persons authorised to process it) must maintain the confidentiality of the Personal Data unless the Client or this Agreement specifically authorises the disclosure, or as required by applicable law or a competent court or a Regulator. If applicable law, a court or a Regulator requires Pathway to process or disclose the Personal Data to a third-party, Pathway must, to the extent possible, first inform the Client of such legal or regulatory requirement and give the Client an opportunity to object or challenge the requirement, unless prohibited by law from giving of such notice.

    7. Pathway must reasonably assist the Client with meeting the Client’s compliance obligations under the Data Protection Legislation, taking into account the nature of Pathway’s processing and the information available to Pathway, including in relation to security, notifying the Regulator and where appropriate Data Subjects where there has been a Personal Data Breach and undertaking of Data Protection Impact Assessments including any consulting with the Regulator.

  4. Security
    1. Pathway must at all times implement appropriate technical and organisational measures against accidental, unauthorised or unlawful processing, access, copying, modification, reproduction, display or distribution of the Personal Data, and against accidental or unlawful loss, destruction, alteration, disclosure or damage of Personal Data.

    2. Pathway must implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate:

      (a) the pseudonymisation and/or encryption of personal data;

      (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

      (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and

      (d) a process for regularly testing, assessing and evaluating the effectiveness of the security measures.

    3. Pathway must at all times ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential.

  5. Personal Data Breach
    1. Pathway will without undue delay notify the Client if it becomes aware of any Personal Data Breach.

    2. Where Pathway becomes aware of a Personal Data Breach, it shall also provide the Client with the following information:

      (a) description of the nature of the breach including the categories of in-scope Personal Data and approximate number of both Data Subjects and the Personal Data records concerned;

      (b) the likely consequences; and

      (c) a description of the measures taken or proposed to be taken to address the breach including measures to mitigate its possible adverse effects.

    3. Following any Personal Data Breach, the parties will co-ordinate with each other to investigate the matter. Further, Pathway will reasonably co-operate with the Client in the Client’s handling of the matter.

    4. Pathway will not inform any third-party of any accidental, unauthorised or unlawful processing of all or part of the Personal Data and/or a Personal Data Breach without first obtaining the Client’s written consent, except when required to do so by law.

  6. Cross-border transfers of personal data
    1. Pathway (and any subcontractor) must not transfer or otherwise process the Personal Data outside the UK or the USA without obtaining the Client’s prior written consent.

    2. Where such consent is granted, Pathway may only process, or permit the processing, of the Personal Data outside the UK or the USA under the following conditions:

      (a) Pathway is processing the Personal Data in a third country which is subject to adequacy regulations under the Data Protection Legislation, or,

      (b) Pathway participates in a valid cross-border transfer mechanism under the Data Protection Legislation, so that Pathway (and, where appropriate, the Client) can ensure that appropriate safeguards are in place to ensure an adequate level of protection with respect to the privacy rights of individuals as required by Article 46 of the UK GDPR; or

      (c) the transfer otherwise complies with the Data Protection Legislation.

  7. Subcontractors
    1. Client provides a general authorisation to Pathway to engage where necessary a third party (subcontractor) to process some or all of the Personal Data.

    2. Those subcontractors approved as at the commencement of this Agreement are as set out in ANNEX A.

    3. Where a sub-contractor is to be replaced or added Pathway will notify the Client and provide them with an opportunity to object to the change within 14 working days after Pathway supplies the Client with full details in writing regarding such subcontractor.

    4. Pathway must enter into a written contract with the subcontractor that contains terms substantially the same as those set out in this PDPA, in particular, in relation to requiring the putting into place of appropriate technical and organisational security measures.

  8. Data Subject requests
    1. Pathway must assist the Client by having in place such technical and organisational measures as may be appropriate to enable the Client to comply with requests of Data Subjects made under the Data Protection Legislation, including, but not limited to, subject access rights, the rights to rectify, port and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data.

    2. Pathway must without undue delay notify the Client in writing if it receives any complaint, notice or communication that relates directly or indirectly to the processing of the Personal Data or to either party’s compliance with the Data Protection Legislation or a request from a Data Subject for access to their Personal Data or to exercise any of their other rights under the Data Protection Legislation.

    3. Pathway will give the Client its full co-operation and assistance in responding to any complaint, notice, communication or Data Subject request.

  9. Termination
    1. This Agreement will remain in full force and effect so long as:

      (a) the Agreement remains in effect; or

      (b) Pathway retains any of the Personal Data related to the Agreement in its possession or control.

    2. Any provision of this PDPA that expressly or by implication should come into or continue in force on or after termination of the Agreement in order to protect the Personal Data will remain in full force and effect.

  10. Data return and destruction
    1. Subject to Schedule A on termination of the Agreement for any reason or expiry of its term, Pathway will securely delete or destroy or, if directed in writing by the Client, return and not retain, all or any of the Personal Data related to this PDPA in its possession or control unless domestic law requires storage of the Personal Data.

  11. Records
    1. Pathway will keep detailed, accurate and up-to-date written records regarding any processing of the Personal Data, including but not limited to, the access, control and security of the Personal Data, approved subcontractors, the processing purposes, categories of processing, and a general description of the technical and organisational security measures implemented by it in accordance with this PDPA.

    2. Pathway will ensure that such records are sufficient to enable the Client to verify Pathway’s compliance with its obligations under this PDPA and the Data Protection Legislation and Pathway will provide the Client with copies of such records upon request.

  12. Audit
    1. Pathway will make available all information that the Client reasonably requires to prove its compliance with the Data Protection Legislation.

    2. Pathway will permit the Client and its third-party representatives to audit Pathway’s compliance with its obligations under the Data Protection Legislation, on at least 5 days’ notice, during the term of this PDPA. Pathway will give the Client and its third-party representatives all reasonably necessary assistance during such audits.

ANNEX A

Personal Data processing purposes and details

The automation of the facilitation of communication with clients of the Client.

Duration of Processing:

For the length of the Agreement plus 90 days after which point personal data is erased.

Nature of Processing:

The sending of communications to clients of the Client automatically in response to system milestones or changes in the dataset. Pathway has read-only access to data of clients of the Client. Pathway conducts regular scans of data sets and detects changes - initiated by the Client or client’s of the Client or insurance companies - and based on the nature and timing of said changes, triggers automatic communications.

Business Purposes:

Automation of Client communications to their clients including personalisation by inclusion of Client employee details

Data Subject Types:

1) Clients of Client

2) Employees of Client

Personal Data Categories:

1) Clients of Client - Name; DoB; contact details (email/ phone/ physical address/ secondary locations if applicable); policy information such as limits, term, premium; information regarding vehicle.

2) Employees of Client - Name and contact details

Approved Subcontractors

Name

Address

Contact information

Description of processing

Country in which processing will take place

Amazon Web Services, Inc.

410 Terry
Avenue North
Seattle, WA
98109-5210
United States

https://aws.amazon.com/contact-us/

Data storage, Application hosting, Data Processing. AWS zone eu-west-2

UK

Twilio Inc.

101 Spear Street
Fifth Floor
San Francisco,
CA 94105
United States

https://help.twilio.com/

Support for performance of the Agreement, namely facilitating the transmission of communications

USA

Cookie Policy

January 26, 2024

Table of Contents

1. Collecting and Using Your Personal Data-Cookies

Types of Data Collected
Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Address, State, Province, ZIP/Postal code, City
  • Usage Data
Usage Data

Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device's unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies are beacons, tags, and scripts to collect and track information and improve and analyze Our Service. The technologies We use may include:

  • Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may be unable to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
  • Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. Learn more about cookies: What Are Cookies?

We use both Session and Persistent Cookies for the purposes set out below:

  • Necessary / Essential Cookies
    Type: Session Cookies
    Administered by: Us
    Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
  • Cookies Policy / Notice Acceptance Cookies
    Type: Persistent Cookies
    Administered by: Us
    Purpose: These Cookies identify if users have accepted cookies on the Website.
  • Functionality Cookies
    Type: Persistent Cookies
    Administered by: Us
    Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
  • Tracking and Performance Cookies
    Type: Persistent Cookies
    Administered by: Third-Parties
    Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with your device to access the Website. We may also use these Cookies to test new pages, features or functionality of the Website to see how our users react to them.

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including monitoring the usage of our Service.
  • To manage Your Account: to manage Your registration as a Service user. The Personal Data You provide can give You access to different Service functionalities available to You as a registered user.
  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide You with news, special offers and general information about other goods, services and events we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
  • To manage Your requests: To attend to and manage Your requests to Us.
  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and evaluating and improving our Service, products, services, marketing and your experience.

We may share Your personal information in the following situations:

  • With Payment Merchants: We may share your personal information with payment merchants.. This enables us to monitor and process payments and provide you necessary billing information required on your end.
  • For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • With Your consent: We may disclose Your personal information for any other purpose with Your consent.
Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers outside Your state, province, country or other governmental jurisdiction where the data protection laws may differ from yours.
Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer. The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Disclosure of Your Personal Data
Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability
Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

2. Detailed Information on the Processing of Your Personal Data

The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies.

Analytics

We may use third-party Service providers to monitor and analyze the use of our Service.

  • Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.You can opt out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
Email Marketing

We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may interest You. You may opt out of receiving any or all of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.
We may use Email Marketing Service Providers to manage and send emails to You.

3. GDPR Privacy

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

  • Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
  • Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or any pre-contractual obligations thereof.
  • Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
  • Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
  • Public interests: Processing Personal Data is related to a task carried out in the public interest or in exercising official authority vested in the Company.
  • Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.

In any case, the Company will gladly help clarify the specific legal basis that applies to the processing, particularly whether the provision of Personal Data is a statutory or contractual requirement or a requirement necessary to enter into a contract.

Your Rights under the GDPR

Request access to Your Personal Data. The right to access, update or delete the information We have on You. You can access, update or request the deletion of Your Personal Data directly within Your account settings section whenever possible. If you cannot perform these actions, please contact Us for assistance. This also enables You to receive a copy of the Personal Data We hold about You.

  • Request access to Your Personal Data. The right to access, update or delete the information We have on You. You can access, update or request the deletion of Your Personal Data directly within Your account settings section whenever possible. If you cannot perform these actions, please contact Us for assistance. This also enables You to receive a copy of the Personal Data We hold about You.
  • Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.
  • Object to processing of Your Personal Data. This right exists where we rely on legitimate interest as the legal basis for Our processing. Something about Your particular situation makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object where We are processing Your Personal Data for direct marketing.
  • Request the erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.
  • Request the transfer of Your Personal Data. We will provide to You, or to a third party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information You initially provided consent for Us to use or where We used the information to perform a contract with You.
  • Withdraw Your Consent. You have the right to withdraw Your consent to use your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.
Pop-up Banners
Your Privacy

Pathway uses cookies to enhance your browsing experience and provide personalized content. By clicking "Accept," you consent to the use of cookies. You can manage your preferences or learn more about our cookie policy by clicking "Cookie Settings" or visiting our Privacy Policy page.

We use only first-party cookies to collect information about your browsing habits and provide relevant content. These cookies may track your interactions with our website and other websites you visit. We do not sell or share your personal information with third parties.

Some cookies are necessary for the functioning of our website and cannot be disabled. Other non-essential cookies can be adjusted based on your preferences. Please note that blocking certain types of cookies may impact your experience on our website.

To manage your cookie preferences or withdraw your consent, please click "Cookie Settings" below or visit our Privacy Policy page.

[Confirm My Choices] [Accept Button] [Accept Only Essential Cookies]

Strictly Necessary Cookies

We use strictly necessary cookies to ensure the proper functioning of our website and provide you with a seamless browsing experience. These cookies are essential for the basic operation of our site and enable features such as page navigation, secure login, and access to secure areas.

Strictly necessary cookies do not require your consent as they are crucial for the functioning of the website. By using our website, you automatically consent to the use of these cookies. However, you have the option to disable them through your browser settings, although this may impact the functionality and performance of our website.

These cookies do not collect personally identifiable information and are typically temporary session cookies that are deleted once you close your browser. They do not track your browsing activity beyond our website.

By continuing to use our website, you acknowledge that we may place strictly necessary cookies on your device. If you have any concerns about the usage of cookies or would like more information, please refer to our Cookies Policy.

Performance Cookies

We utilize performance cookies to enhance the performance and functionality of our website, thereby improving your user experience. These cookies help us collect anonymous information about how you interact with our site, such as the pages you visit, the links you click, and any errors you may encounter.

The data gathered through performance cookies is used for statistical analysis and helps us optimize our website, identify areas for improvement, and tailor our content to better serve your needs.

By consenting to the use of performance cookies, you allow us to track and analyze aggregated data related to your browsing behaviour. However, rest assured that all information collected is anonymized and does not personally identify you. We strictly adhere to applicable data protection laws and regulations.

While performance cookies are not strictly necessary for the functioning of our website, they play a crucial role in improving our services. If you prefer to opt out of these cookies, you can adjust your browser settings or utilize the cookie settings available in our cookie consent pop-up.

Please note that disabling performance cookies may impact certain features and functionality of our website. By continuing to use our site and accepting the use of performance cookies, you acknowledge and agree to our privacy practices as outlined in our Privacy Policy.

Targeting Cookies

We utilize targeting cookies to deliver personalized content and advertisements that are tailored to your interests and preferences. These cookies allow us to analyze your browsing behavior on our website and other platforms to provide you with relevant and engaging content.

By consenting to the use of targeting cookies, you enable us to collect information about your interactions with our site, including the pages you visit, the products or services you show interest in, and the links you click. This data helps us create a profile of your preferences and deliver targeted advertisements that may be of interest to you.

Targeting cookies may be placed by us only as we are committed to respecting your privacy and ensuring the protection of your personal information. The data collected through targeting cookies is anonymized and aggregated aiming to reduce the possibility you will be personally identifiable.

You have the option to opt out of targeting cookies by adjusting your browser settings or utilizing the cookie settings available in our cookie consent pop-up.

It's important to remember that targeting cookies are not strictly necessary for the basic functioning of our website. Your consent is required for their usage. By continuing to use our website and accepting the use of targeting cookies, you acknowledge and agree to our privacy practices as outlined in our Privacy Policy.

ISO 27001

February 10, 2023

As part of our continued commitment to meeting and exceeding data security standard practices, we are ISO 27001:2013 certified. We have taken this step to certify our product and services with an ISO 27001:2013 certification as a solid foundation for our Information Security Management System.

Paramount to ISO 27001:2013 is that we adhere to international best practices in every action and process as it relates to data privacy and the security of our information systems, chiefly customer data protection. With ISO 27001:2013 certification, we ensure that our information security systems adhere to international data privacy standards.

What is ISO 27001:2013 Certification?

ISO (International Organization for Standardization) 27001:2013 is a set of information security and privacy best practices regarding the management of customer data that adheres to the highest international data security standards. Importantly, ISO standards are the result of a consensus-driven process by experts from all over the world, pooling vast international experience and knowledge from all business sectors.

Data that falls under the risk management controls set in place by ISO 27001:2013 include financial information, intellectual property, a customer’s or employee’s details, or any personal information entrusted to us.

Our Information Security Management System

In accordance with ISO 27001:2013 standards, we actively:

  • Identify assets at potential risk and require data encryption
  • Ensure ongoing confidentiality, integrity, and availability of information through internal policies and controls
  • Address the importance of business continuity management using a set of controls to protect the availability of information and critical business processes from the effects of major disasters or incidents, ensuring timely resumption
  • Facilitate ongoing independent assessments and audits by accredited certification third parties and our appointed Data Protection Officer (DPO) to ensure that our ISMS is meeting ISO 27001:2013 requirements
  • Maintain a stringent and coherent access control framework, comprising of supporting policies, processes, and advanced technologies

Read more about how we manage data and keep information secure in our Privacy Policy and on our Security and Compliance page.

Our ISO 27001:2013 Certification

Click to View our ISO 27001:2013 Certification. You can go to https://www.alcumus.com/en-gb/certification/customer-area/certificate-checker/

We use cookies to improve your browsing experience.

By clicking "Accept" you agree to the use of cookies as described in our Cookies Policy.