This agreement (the "Agreement") sets forth the terms that Resideo Technologies, Inc. (“Resideo” or “we”) requires all developers (“you” or “Company”) to accept and implement in order to license the Resideo application programming interfaces (“APIs”) and use the corresponding Services. By clicking to “Accept,” you acknowledge and agree that you’ve read, understand, and agree to this Agreement and all terms and conditions included herein or incorporated by reference on behalf of yourself and any entity you represent.
Resideo has developed the APIs found here: developer.honeywellhome.com (for Resideo thermostat APIs; for other APIs, please contact HoneywellAPISupport@honeywellhome.com) that allow third parties to access and communicate via the API to (i) Resideo servers that collect and communicate Content to and from Resideo devices or (ii) directly to Resideo devices, depending on the device (together with the API, the “Services”). "Content" means any content provided through the Services (whether created by Resideo or its third party licensors), and may include, but is not limited to, thermostat, monitoring, and weather data. “Company Content” means any content provided through the Software by Company or its third party licensors (whether created by Company or its third party licensors), and may include additional features, functionality, services to End Users, or data from other non-Resideo devices, including those that utilize other non-Resideo devices in part to deliver such features, functionality, or services.
Company wants to develop software applications that: (1) communicate with the Resideo API to access the Services in order to market and offer web and mobile applications that display or utilize Content in conjunction with the display or use of Company Content to End Users with Resideo devices or, (2) in the alternative, provide a software or system, such as energy efficiency software applications, that works with the ResideoAPI and utilizes Resideo web and mobile applications to display, manage and optimize Content to End Users; such software is referred to herein as the “Software.” “End Users” mean the individual human end users who use the Software, either directly via a web or mobile application or indirectly in the case of backend software.
SECTION 1: GENERAL LICENSE TERMS
a. License from Resideo to Company. Subject to the terms and conditions of this Agreement and the Acceptable Use Policy found here: developer.honeywellhome.com, and in consideration of Company’s agreement to the terms of this Agreement, Resideo grants to Company a non-exclusive, non-transferable (without the right to sublicense), terminable, limited license (i) to use the API and to use the Services for commercial and non-commercial purposes with Company’s Software and (ii) to access, use, perform and display the Content in or through the Software. Specific terms and conditions applicable to the demand response APIs are set forth in a separate document available to select developers upon request – please contact HoneywellAPISupport@honeywellhome.com for more details. API calls are limited to 250 calls per hour unless otherwise agreed to by Resideo. If Company desires to exceed this call limit, please contact HoneywellAPISupport@honeywellhome.com with such request (include information on expected call volumes, business proposal, and other relevant information). Each HTTP request counts as one API call for the purposes of calculating usage limits, this does not include calls made to the third party service bus to obtain device event status information. Exceeding the total API calls may, in Resideo’s sole discretion, result in API suspension or account deactivation.
b. License from Company to Resideo. By submitting queries, commands, and Company Content to Resideo, Company grants to Resideo a perpetual, irrevocable, worldwide, sublicensable, non-exclusive, royalty-free license to reproduce, adapt, modify, translate and distribute the queries, commands, and Company Content for the purpose of providing the Services to Company and improving Resideo products and services.
c. Fees. The APIs are licensed free of charge unless otherwise noted. Basic support service is provided free of charge - this includes up to 5 web inquiries per month; responses will be managed based on availability. If Company desires premium support services, please contact HoneywellAPISupport@honeywellhome.com for details.
d. Modifications. Resideo may make upgrades and commercially reasonable changes to the Services, including introducing new versions, extensions, or changes to the API, from time to time, provided Resideo will endeavor to provide no less than thirty (30) days’ prior notice of such change or less time in the event such change is required by law or in the event of emergency, security risk, or substantial burden to Resideo. In such event, Company must promptly update its Software with the most recent APIs to ensure continued service. “Beta” or “experimental” services may be discontinued or made backwards incompatible at any time.
If a modification is unacceptable to Company, Company’s recourse is to terminate use of the Services; in no event will Resideo be liable for any costs or damages caused by the changes to the Services beyond refunding any pre-paid Fees.
Company acknowledges and agrees that Resideo shall have the right to distribute software updates, patches, and modifications directly to End Users from time to time in order to, among other things, update software, enable new services, add features, respond to a security threat, and implement a software patch. Company agrees to cooperate and assist Resideo in the event of such occurrence.
e. Company IDs. In order to access the Content and Services, Company needs to obtain a Company ID from Resideo; a “Company ID” means an alphanumeric API console key that is uniquely associated with Company’s Resideoaccount. Company IDs are required, must be used according to the API documentation, and will be forwarded to Company electronically.
f. Disclaimer. The accuracy, reliability and fitness for purpose of the Services are not guaranteed. Company should monitor its use of the Services on a regular basis to ensure its proper performance. Company waives any and all claims it may have against Resideo arising out of the performance or nonperformance of the Services. Company expressly agrees that Company’s use of these Services is at Company’s sole risk. SERVICES ARE PROVIDED AS IS AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, RESIDEO, ITS LICENSORS, AND THEIR SUPPLIERS DO NOT MAKE ANY OTHER WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR USE AND NON-INFRINGEMENT. RESIDEO, ITS LICENSORS, AND THEIR SUPPLIERS, DO NOT WARRANT THAT THE OPERATION OF THE API, SOFTWARE, OR SERVICES WILL BE ERROR-FREE OR UNINTERRUPTED. THE SERVICES ARE NOT DESIGNED, MANUFACTURED, OR INTENDED FOR HIGH RISK ACTIVITIES.
g. Third Party Components. Any third party component embedded, included or provided by Resideo for use with the Services may only be used in conjunction with the Services, and this use is subject to this Agreement and the API documentation. To the extent Services include components covered by open source licenses requiring the provision of corresponding source code for those components, Resideo hereby offers the provision of that source code consistent with those licenses.
SECTION 2: TERM AND TERMINATION
a. Term. This Agreement begins on the date Company accepts these terms (the “Effective Date”) and expires on the date either party provides notice of such termination to the other party (the “Term”). Continued use of the Services will be deemed a renewal of this Agreement. Company may terminate its participation in the Agreement by ceasing use of the Services and by removing the Resideo API code from Company’s Software, and providing written notice of such termination to Resideo. Resideo may terminate this Agreement for any reason or no reason, effective immediately.
b. Survival. The restrictions and obligations in this Agreement that are intended to survive the termination or cancellation of this Agreement, will survive the termination or cancellation of this Agreement, and will continue to bind Company, Company’s successors and heirs.
SECTION 3: OWNERSHIP AND PUBLICITY
a. Generally. Except as expressly set forth herein, this Agreement does not grant either party any ownership rights, implied or otherwise, to the other's content or any of the other party's Intellectual Property Rights. Intellectual Property Rights in and to the content accessed through the Services are the property of the applicable content owner and may be protected by applicable laws. Resideo will own and retain all right, title and interest in and to the Intellectual Property Rights in the Services, subject only to the limited license expressly set forth in Section 1 hereof. Company will own and retain all right, title and interest in and to the Intellectual Property Rights in the Company Content. Company does not acquire any other rights, express or implied, in the Services. In the event Company suggests an improvement or change to the Services and Resideo makes such improvement or change, that improvement or change belongs to Resideo and Company has no claims thereto. ALL RIGHTS NOT EXPRESSLY GRANTED HEREUNDER ARE RESERVED TO RESIDEO. "Intellectual Property Rights" means current and future worldwide rights under patent law, copyright law, trade secret law, trademark law, moral rights law, and other similar rights.
b. Brand Features. If Company wants to display Resideo Brand Features or use the Resideo name in connection with its use of the Services or Software or in any promotions, marketing, advertising, literature, or press release, such use must be in strict compliance with the Brand and Marketing Guidelines found here: developer.honeywellhome.com. In connection with such permitted uses, Resideo grants Company a limited, revocable, non-exclusive, royalty-free license to the Resideo Brand Features for such limited purpose and use. "Brand Features" means the trade names, trademarks, service marks, and logos of each party, as secured by that party from time to time. Branding inquiries can be directed here: API-Marketing@honeywellhome.com Company agrees that Resideo may include Company’s name or Brand Features, whether online or in offline promotional materials, marketing, advertising, literature and press releases. In connection with any such use, Company grants ResideoResideo a limited, non-exclusive, royalty-free license to Company Brand Feature for such purpose and use.
SECTION 4: CONFIDENTIALITY
Company agrees that it will: (i) protect and keep confidential Resideo's Confidential Information with the same standard of care it uses to protect its own Confidential Information, but in no event less than reasonable care; (ii) not disclose the Confidential Information to any party, except to Affiliates, employees and agents who need to know it and who have agreed to keep it confidential; and (iii) use the Confidential Information for any purpose other than to exercise rights and fulfill obligations under this Agreement. Company is responsible for any actions of its Affiliates, employees and agents in violation of this Section. "Confidential Information" means information disclosed by Resideo that is marked as confidential or would normally be considered confidential under the circumstances, including but not limited to, all trade secrets, know-how, inventions, techniques, processes, algorithms, software programs, hardware, schematics, and software source documents relating to the Services, and other information provided by Resideo, whether disclosed orally or in writing. "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with that party. Confidential Information does not include information that: (i) Company already knew prior to disclosure from Resideo; (ii) becomes public through no fault of Company; (iii) was independently developed by Company without reference to the Confidential Information; or (iv) was rightfully given to Company by another party. Company may disclose the Resideo's Confidential Information when required by law, but only after it, if legally permissible: (i) uses commercially reasonable efforts to notify Resideo in a timely manner; and (ii) gives Resideo the chance to challenge the disclosure.
SECTION 5: COMPANY OBLIGATIONS
a. Third Party Apps. Company must obtain Resideo’s prior written approval in the event Company intends to sublicense or manage the Software for a third party not party to this Agreement; Company understands and agrees that it is responsible to Resideo to ensure that any such third party use is in strict compliance with the terms of this Agreement and Company agrees to be fully responsible and indemnify Resideo for such third party use.
b. Software Compatibility. Company must present the Software and any updates and new versions of the Software to Resideo for review at least ten (10) business days prior to any release of Software or a Software update. Resideo may, in its sole discretion, review the technical features of the Software to ensure the Software is compatible and functions well with the Services and may, in the event Resideo deems necessary, require certain modifications to the Software, which Company agrees to promptly implement in order to continue to license the API and Services hereunder. In no event will Resideo be liable for the functionality or compatibility of the Software, regardless of whether Resideo reviews and approves the Software for use with the Services – Company is solely responsible to ensure the functionality and compatibility of the Software.
i. Background. End Users will set up a customer account with Resideo where they must agree to Resideo’s standard Connected Home privacy statement and end user license agreement, as well as provide their account set-up information to Resideo; thereafter, if desired by the End User, the End User may request to use the Software and in such event, depending on the nature of the Software, will either be directed to Company’s on-boarding site or utilize Resideo’s web and mobile application with the Software operating a backend function (e.g., demand response or weather optimization).
d. End-User License Agreement and other Legal Agreements. Company agrees that it will have an End User License Agreement or other similar legal agreements with End Users for the license and use of the Software that utilizes the API and Services (“EULA”). Company agrees such EULA will include warranty and liability provisions that protect Resideo as a licensor in the same manner and to the same extent as Company. Company agrees that the EULA will require End Users to comply with applicable laws.
e. End User Support. Company agrees to provide all customer support to End Users relating to its Software, products, and services. In connection therewith, Company agrees to prominently display its email address or other contact information in its Software so that its End Users may contact Company with any questions or issues. Company agrees to timely respond to such inquiries. In the event Resideo receives an excessive amount of customer care calls related to the Software, as determined in Resideo’s reasonable judgment, it may charge Company a reasonable fee for such calls and support.
f. Compliance with Laws. Company agrees that it will not use the Software, Services, Content, or Company Content in any manner or for any purpose that violates any right of any person, including but not limited to Intellectual Property Rights, rights of privacy, or rights to personality or to engage in activities that would violate any fiduciary relationship, any applicable local, state, national, or international law, or any regulations having the force of law.
g. Security Requirements. Company agrees that it will use commercially reasonable efforts to protect End User personal, device, or other data collected by the Software. In all events, Company will implement industry-standard security measures that, at a minimum: eliminate coding vulnerabilities in its application development by following a secure software development lifecycle including testing for code vulnerabilities; maintain secure logical access procedures; maintain currency of software security patches for its own software and that of the development environment; and include reasonable security measures to maintain a secure computing environment and as otherwise required by applicable laws. In the event of a security incident, Company agrees to promptly notify Resideo by emailing CIRT@Resideo.com and providing all relevant information to Resideo. Company agrees that it is solely responsible for all costs incurred by it or Resideo as a result of a security incident. Company agrees that Resideo will, with reasonable notice and during normal business hours, have access to inspect Company’s security and privacy processes and procedures either through its own employees or through an authorized representative selected by Resideo to confirm Company’s compliance with reasonable, industry-standard security processes, policies, and procedures. Such right will survive the expiration of the Term by 2 years. Company will also furnish such other information as may be reasonably requested by Resideo in auditing the aforementioned records.
h. Monitoring and Investigation. Resideo reserves the right and Company hereby consents to the reasonable monitoring by Resideo of Company for compliance with this Agreement, including, without limitation, Resideo accessing and using the Software and underlying infrastructure and support and monitoring API usage. In the event Resideo determines, in its reasonable discretion, that Company is in violation of this Agreement, Resideo may suspend or terminate access to the APIs and terminate this Agreement.
SECTION 6: LIABILITY
a. Limitation of Liability. NEITHER RESIDEO, NOR ITS LICENSORS, AFFILIATES, AGENTS, OR SUPPLIERS, WILL BE LIABLE UNDER THIS AGREEMENT TO COMPANY FOR LOST REVENUES OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, EVEN IF RESIDEO KNEW OR SHOULD HAVE KNOWN THAT THESE DAMAGES WERE POSSIBLE AND EVEN IF DIRECT DAMAGES DO NOT SATISFY A REMEDY. RESIDEO, ITS LICENSORS, AFFILIATES, AGENTS AND SUPPLIERS WILL NOT BE HELD LIABLE UNDER THIS AGREEMENT FOR MORE THAN THE AMOUNT PAID BY COMPANY TO RESIDEO DURING THE TWELVE MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY OR $500, WHICHEVER IS GREATER.
SECTION 7: MISCELLANEOUS
a. Notices. Notice will be deemed given when verified by written receipt if sent by personal courier, overnight courier, or mail. Resideo’s notices should be addressed to: Resideo Technologies Inc., 1985 Douglas Drive North, Golden Valley, MN 55422. Attention: General Counsel, Environmental and Energy Solutions. Notices to Company will be posted on the following website: developer.honeywellhome.com
b. Assignment. Company may not assign or transfer any part of this Agreement without the written consent of Resideo, except to an Affiliate but only if: (i) the assignee agrees in writing to be bound by the terms of this Agreement; and (ii) the assigning party remains liable for obligations incurred under the Agreement prior to the assignment. Any other attempt to transfer or assign is void.
c. Change of Control. Upon a change of Control of a party to a competitor of the other party (for example, through a stock purchase or sale, merger, or other form of corporate transaction): (i) the party experiencing the change of Control will provide written notice to the other party within thirty days after the change of Control; (ii) the other party may immediately terminate this Agreement any time between the change of Control and thirty days after it receives the written notice in subsection (i); and (iii) in no event may the party experiencing the change in Control share any Confidential Information of the other party with the third party. "Control" means control over greater than fifty percent of the voting rights or equity interests of a party.
d. Force Majeure. Resideo will not be liable for inadequate performance to the extent caused by a condition (for example, natural disaster, act of war or terrorism, riot, labor condition, governmental action, supplier failure, and Internet disturbance) that was beyond Resideo's reasonable control.
e. Government Purposes. The Services were developed solely at private expense and is commercial computer software and related documentation within the meaning of the applicable U.S. civilian and military Federal acquisition regulations and any supplements thereto. If the user of the Services is an agency, department, employee, or other entity of the United States Government, under FAR 12.212 and DFARS 227.7202, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Services, including technical data or manuals, is governed by the terms and conditions contained in this Agreement, which is Resideo’s standard commercial license agreement.
f. International Use. Given the global nature of the Internet, Company agrees to comply with all local rules including, without limitation, rules about the Internet, data, e-mail, privacy, copyright, and trademark infringement. Additionally, Company agrees to comply with all applicable laws regarding the transmission of technical data exported from the country in which Company resides. Addendums may be added to address specific laws or requirements in countries outside of the United States. Company represents, warrants, and covenants that all of its European operations will be subject to the Company’s European Privacy and Security Commitments set forth in the attached Addendum.
g. Language. It is the express wish of the parties that this Agreement and any related documents be drawn up in the English language. Les parties confirment qu'il est de leur volonté expresse et réciproque que cette convention et tout document qui s'y rattache soient rédigés en anglais.
h. No Agency. The parties are independent contractors, and this Agreement does not create an agency, partnership or joint venture and Company agrees that it will not publicize the use of the Services in any manner that suggests otherwise.
i. No Waiver. Failure to enforce any provision of this Agreement will not constitute a waiver.
j. Severability. If any provision of this Agreement is found unenforceable, it and any related provisions will be interpreted to best accomplish the unenforceable provision's essential purpose.
k. No Third-Party Beneficiaries. There are no third-party beneficiaries to this Agreement.
l. Equitable Relief. Nothing in this Agreement will limit either party's ability to seek equitable relief.
m. Governing Law. This Agreement is governed by New York law, excluding that state’s choice of law rules.
n. Amendments. Any amendments to this Agreement must be in writing and expressly state that is amending this Agreement.
o. Changes to Agreement. Resideo reserves the right to make changes to this Agreement from time to time. Resideo will use commercially reasonable efforts to provide at least three (3) months notice of any material changes to this Agreement. When these changes are made, Resideo will make a new copy of this Agreement available at developer.honeywellhome.com (or such successor URLs that Resideo may designate from time to time). Company is responsible for regularly reviewing this Agreement and notices posted on the Resideo website. Company’s continued access and use of the Services will be deemed Company’s conclusive acceptance of the modified agreement. If a modification is unacceptable to Company, Company may terminate this Agreement by ceasing use of the Services.
p. Entire Agreement. This Agreement is the parties' entire agreement relating to its subject and supersedes any prior or contemporaneous agreements on that subject. The terms located at a URL and referenced in this Agreement are hereby incorporated by this reference. Before using the Services, Company should read each of the documents comprising the Agreement. If there is any contradiction between the terms of this Agreement, and other documents relating to these Services (including, but not limited to the API documentation), then this Agreement will take precedence.
ACCEPTABLE USE POLICY
Company agrees to the following restricted uses or other prohibitions (terms not otherwise defined herein will have the meaning defined in the Terms of Service):
• Company will not hide or mask from Resideo the identity of the Software, including by failing to follow the identification conventions listed in the API documentation;
• Company will not create Software that functions substantially the same as the API or Services and offer it for use by third parties;
• Company will not attempt to reverse engineer the Services or any component or attempt to create a substitute or similar service through use of or access to the Services;
• Company will not create derivative works of or attempt to derive the source code of any Software provided as part of the API(s) or any part thereof;
• Company will not use the Services for High Risk Activities. "High Risk Activities" means uses like the operation of emergency services, nuclear facilities, air traffic control or life support systems, where the use or failure of the Services could lead to death, personal injury, or environmental damage;
• Company will not use the Services to harm Resideo or third parties, such harm including, but not being limited to, disrupting Resideo business and customers, intentionally or negligently overloading Resideo's network or conducting Denial of Services attacks, finding or exploiting vulnerabilities in Resideo's security;
• Company will not, except as necessary to establish a commercial relationship as contemplated under the Terms of Service, or as otherwise mutually agreed, disclose to any third party any information about the Service's performance, service levels, content, specifications, bugs (if any), pricing, its code, or the Terms of Service or disparage Resideo or the Service in any way;
• Company will not copy any portion of the Services code, appearance or documentation, except to the extent necessary to perform integration with Resideo devices and services;
• Company will not use the Services for any demand response program unless pursuant to the license of demand response APIs from Resideo;
• Company will not disable, hack, disrupt, damage, or interfere with the Services;
• Company will not allow the Software to contain any obscene, pornographic, offensive, or defamatory content or materials of any kind, or other content or materials that may be objectionable;
• Company will not collect, aggregate, re-syndicate, retain, log or store Content beyond 10 trailing days from the date when the Content is received (select developers may be permitted to store historical data for a fee, contact HoneywellAPISupport@honeywellhome.com for details);
• Company will not use End User data to evaluate End Users or their property individually or in the aggregate for insurance or other financial products and services.
• Company will not allow the Software to perform any function or link to any content or use any robot, spider, site search or other retrieval application or device to scrape, collect, disseminate or use information about users for any unauthorized purpose;
• Company will not develop, use, or offer:
• Software that causes Resideo servers or network to crash;
• Software that consistently generates excessive API traffic;
• Software that does not integrate authentication with oAuth 2.0 implementation;
• A Web browser redirect-based implementation that download code in any way or form;
• Software that sends “Push Notifications” without first obtaining End User consent;
• Software that jeopardizes network security by sending sensitive device and user confidential information using Push Notifications ;
• Software that encourages End Users to use Resideo devices in a way that may cause damage to the devices or their systems;
• Software that rapidly drains the Resideo device's battery or generates excessive traffic;
• Software that may result in physical harm to the Resideo devices;
• Software that does not provide a mechanism for End User to unsubscribe users and devices;
• Software that does not implement an error handling workflow which gives the End User guidance on what the issue is.
A violation of any of the foregoing may result in immediate termination of the Terms of Service.
ADDENDUM TO THE RESIDEO CONNECTED HOME API TERMS OF SERVICE
COMPANY’S EUROPEAN PRIVACY AND SECURITY COMMITMENTS
This Addendum is intended to supplement the Resideo Connected Home API Terms of Service (the “Agreement”) between Resideo and Company in order to incorporate Company’s European privacy and security commitments related to the Personal Data (as defined herein). For purposes of this Addendum and to the extent necessary to comply with applicable laws, Resideo Control Systems Ltd., a U.K. entity and subsidiary of Resideo International Inc., is joined herein as “Resideo.”
Except as specified in this Addendum, all terms of the Agreement remain unchanged. Capitalized terms used in this Addendum and not otherwise defined have the meanings given to them in the Agreement. In the event of any conflict between the terms of this Addendum and the Agreement, this Addendum will prevail.
1. Definitions and Interpretation
1.1 In this Addendum, the following terms shall have the following definitions:
“Agreed Purposes” means the process of establishing an account for the End User with the Company.
“Controller Purposes” means the function of setting up End User accounts to utilize the Software purposes set forth in Appendix 1 to this Addendum. This Addendum shall also set out the types of Personal Data which will be Processed under this Addendum.
“Data Controller” means, in general, the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which Personal Data are, or are to be, processed (in this Agreement in Part A, this shall mean Resideo).
“Data Protection Laws” means any law or regulation relating to privacy and data protection which applies to a party to this Agreement, including any amendments or replacements for such laws.
“Personal Data” means any information relating to an identified or identifiable living person or persons processed in the course of the implementation of this Agreement.
“Processing Activities” means the collection, use, transfer, storage, recording, deletion, combination, or other use of, or performance of operations (both by computer and manually) on, Personal Data.
“Processor” means, in general, the natural or legal persons who process Personal Data on behalf of a Data Controller (in this Agreement, the Company).
“Sub-Processor” means a natural or legal person engaged by Processor (including any Affiliate) to assist it in carrying out Processing Activities in fulfilment of Processor’s obligations under this Agreement.
1.2 In this Addendum, references to clauses and appendices are, unless otherwise stated, references to clauses of and appendices to, this Addendum and any term which is not defined in this Addendum shall have the meaning given elsewhere in the Agreement.
1.3 In this Addendum:
1.3.1 the obligations in Part A will apply to the Company where the End User will utilise Resideo’s web and mobile application with the Software operating as a backend function. In this capacity, the Company shall act as a Processor;
1.3.2 the obligations in Part B will apply to the Company where the End User is directed to the Company’s onboarding site to use the Software with the Company directly. In this capacity, the Company shall act as a Data Controller; and
1.3.3 the obligations in Part C will apply to any Processing Activities carried out by the Company under this Agreement.
2. Processing of Personal Data
2.1 Following Instructions of the Data Controller. Processor shall carry out Processing Activities on the Personal Data in accordance with the instructions of the Data Controller as set forth in this Agreement and as communicated in writing via letter, email, facsimile, or other electronic means capable of visual display and retention from time to time.
2.2 Processing Solely for Controller Purposes. Processor shall carry out Processing Activities on the Personal Data solely for the Controller Purposes and in the manner specified by the Data Controller for the Term of this Agreement. Processor shall not carry out Processing Activities on Personal Data for any other purpose or in any other manner, nor shall Processor carry out Processing Activities on more Personal Data than are necessary to fulfil the Controller Purposes.
2.3 Disclosure to Third Parties. Processor shall not disclose or transfer Personal Data to any third party other than a Sub-Processor pursuant to Part 3 of this Addendum without the prior permission in writing or via telephone, email, or other electronic means of the Data Controller.
2.4 Processing or Disclosure Required by Applicable Law. Where Processor is required to carry out Processing Activities on Personal Data by any applicable law, regulation, or governmental authority, it shall do so notwithstanding the requirements of Clauses 2.1, 2.2, 2.3, and the confidentiality provisions set forth in the Agreement. In such cases, Processor shall notify the Data Controller in writing via letter, email, or facsimile prior to complying with any such requirement, unless the applicable law, regulation, or governmental authority prohibits the providing of such notice, and shall comply with all reasonable directions of the Data Controller with respect to such Processing Activities.
2.5 Right of Access and Rectification. Processor shall notify the Data Controller within three (3) business days of any communication received from any individual relating to that individual’s rights to access, modify, correct, erase or block Personal Data relating to him or her and shall comply with all instructions of the Data Controller in responding to such communications. In addition, Processor shall provide any and all assistance required by the Data Controller to respond, within the time period established by the Data Protection Law, to any communication received by either the Data Controller or Processor from any individual relating to that individual’s rights to access, modify, correct, erase or block Personal Data relating to him or her.
2.6 Assistance with other legal requests. Processor shall notify the Data Controller promptly in writing, and in any event within three (3) business days of any inquiry, communication, request, notice or complaint received from any governmental, regulatory or supervisory authority, including (without limitation)any data protection authorities relating to the Software or the Services and will provide all reasonable assistance to the Data Controller to enable it to respond to such inquiries, communications, requests, notices or complaints and to meet applicable statutory or regulatory deadlines.
3.1 Engaging Sub-Processors. Subject to Clauses 3.2 and 3.3, Processor may engage a Sub-Processor to assist it in fulfilling its obligations under this Agreement. Upon request, Processor will provide Data Controller a list of all Sub-Processors.
3.2 Written Agreement. Processor will enter into a written agreement with any Sub-Processor, which imposes obligations on the Sub-Processor with regard to the carrying out of Processing Activities on the Personal Data that are no less onerous than the obligations imposed upon Processor under this Agreement. Processor shall remain liable to the Data Controller in respect of any and all acts or omissions of any Sub-Processor which it uses in connection with this Agreement.
3.3 Sub-Processor Located in Non-Adequate Country. Where the Sub-Processor is located neither in the EEA nor in another country determined by the European Commission to offer adequate data protection, Processor shall ensure that such transfers meet the requirements of the applicable Data Protection Laws (i.e., all transfers will be subject to the European Union model clauses for the transfer of data as adopted by the European Union commission).
4. Disposal of Personal Data in Event of Termination
In the event of the termination of this Agreement, Processor shall, within fifteen (15) days of any request by the Data Controller, send to the Data Controller all Personal Data held by Processor, together with all copies in any media of such data or destroy the same, unless Processor is required, by any applicable law, regulation or governmental authority, to retain such data or a part thereof.
5. Applicable Law
In the event of any dispute involving Personal Data arising from the performance of Processor’s obligations under this Addendum, then such dispute shall be governed by the laws of country in which the Data Controller is established. Any other disputes shall be governed by Section 8 (m) of the main Agreement.
6. Disclosure of Personal Data
The Company agrees that it may use the Personal Data for the Agreed Purposes. The Company agrees that it shall not use the Personal Data in such a way as to cause Resideo to breach any of its obligations under applicable Data Protection Law.
The Company shall ensure that it has the necessary rights to share any Personal Data provided to Resideo under this Agreement and warrants that such Personal Data is accurate to the best of the Company’s knowledge and can be lawfully processed in the manner intended by Resideo and as anticipated by this Agreement.
7. Compliance with Data Protection Laws
The Company warrants and represents that in respect of all Personal Data which it Processes in connection with this Agreement that at all times, it shall comply with all applicable Data Protection Laws, including obtaining any necessary consents where required in order to Process the Personal Data.
8. Notification of Security Breaches
The Company shall notify Resideo in via email at CIRT@Resideo.com within three (3) business days of any actual or suspected accidental, unauthorized, or unlawful Processing of the Personal Data including without limitation destruction, loss, damage, theft, alteration, corruption or accidental, unauthorized, or unlawful disclosure of, or access to Personal Data (“Personal Data Breach”). The Company shall also provide Resideo with a detailed description of the Personal Data Breach (including, without limitation, the facts surrounding it), the type of data that was the subject of the Personal Data Breach and the identity of each affected person as soon as such information can be collected or otherwise becomes available, as well as any other information Resideo may reasonably request relating to the Personal Data Breach.
In the event of a Personal Data Breach, Resideo may (at its sole discretion) require the Company, at the Company’s cost and without prejudice to Resideo’s right to seek any other legal remedy under the Agreement:
i. to take action immediately to investigate any Personal Data Breach and to identify, prevent and make reasonable efforts to mitigate the effects of any such Personal Data Breach; and
ii. to carry out any recovery or other action necessary to remedy the Personal Data Breach.
The Company may not release or publish any filing, communication, notice, press release, or report concerning any Personal Data Breach in respect of the Personal Data (“Notices”) without Resideo’s prior written approval.
Appendix 1 to Addendum
1. Processing operations:
Company will use the data to on-board End Users to use the Software and for such further purposes described in its privacy statement applicable to the Software.
2. Description of data subjects
End Users of the Software (as defined in the Agreement).
3. Types of data (categories)
Resideo will provide the following data to Company in order to assist with on-boarding of End Users:
- Demographic info for the account (name, address, phone, email)
- All locations in the account (address for each), and where each device is installed
- Information to identify which devices will be managed by the Software
Company may have access to other data of End Users, as such End Users may provide directly to Company.