SERVICE SCHEDULE AND STANDARD TERMS 
Microsoft 365 Data Protect (BaaS)
1.	SERVICES OVERVIEW
1.1	The Microsoft 365 Data Protect Service (hereinafter referred to in this Schedule as “BaaS”) set out in this Schedule and provided by the Supplier consists of three parts:
1.1.1	a secure cloud service (“Datto Cloud”) that uses cloud computing technology whereby resources are replicated to different Datto sites to ensure continuous backup in the event that one or more Datto sites are unavailable. The Datto Cloud provides secure storage of the Customer’s data;
1.1.2	backup of the Customer’s Microsoft Office 365 environment to the Datto Cloud; and
1.1.3	the Supplier’s Service Centre providing the Customer’s IT team with 2nd and 3rd line support and assistance with data restores and configuration of the Datto Cloud service.
2.	SERVICES IN SCOPE
2.1	For the service implementation and transition of the BaaS the Supplier will:
2.1.1	initiate the creation of the Customer’s Datto configuration to allow for the backup of supported and purchased components;
2.1.2	configure the Datto Cloud service to connect to and discover the Customer’s Microsoft Office 365 environment;
2.1.3	turn on the backup service for the user list provided by the Customer;
2.1.4	enable auto-adding of new users to the backup service if the Customer has selected to backup ‘ALL’ users; and
2.1.5	make reasonable endeavours to arrange onboarding so that it will be possible to avoid consultancy costs.
2.2	For the ongoing support of the BaaS set out in this Schedule the Supplier will provide:
2.2.1	remote English-speaking Service Centre to the Customer’s IT team with 2nd and 3rd line providing assistance for any point-in-time restore operations required (subject to the Supplier’s reasonable use policy);
2.2.2	remote monitoring once per week of the status of the BaaS highlighting to the Customer any errors detected;
2.2.3	assistance to the Customer where possible or reasonable to fix errors in backups. This may require the Supplier to provide consultancy services to rectify and will be treated on a case by case basis. It should further be noted that the Supplier reserve the right to charge for such consultancy work;
2.2.4	remote adds, moves, changes as required for the BaaS based on reasonable use assumptions*.; and
2.2.5	escalation of issues to Datto as required.
*Reasonable use assumption is based on a maximum of 10 remote adds, moves, changes per calendar month. Additional managed service schedules may be required for higher use cases or customers.
3.	SERVICES NOT IN SCOPE
3.1	Data integrity and data management.
3.1.1	Data integrity guarantee of data availability and data management.
3.1.2	Management or responsibility of Customer data stored in the Datto Cloud.
3.2	Disaster recovery planning, implementation or testing and operation of any disaster recovery plans.
4.	SUPPORT HOURS
4.1	The hours of support will be:
4.1.1	Remote logging of calls by the Customer’s IT team (telephone and the Supplier’s client portal) – 08:00 to 18:00 Monday to Friday (excluding UK bank Holidays).
4.1.2	Service requests (remote adds, moves, changes) (telephone and the Supplier’s client portal) – 08:00 to 18:00 Monday to Friday (excluding UK bank Holidays).
5.	FORMAT/METHOD OF DELIVERY
5.1	The BaaS is supported remotely.
5.2	The Supplier will deliver the services set out in Clause 1 (SERVICES) and Clause 2 (SERVICES IN SCOPE) using the Supplier’s Service Centre based in Watford, Hertfordshire, UK.
6.	TERM
6.1	The BaaS as set out in the Clause 1 (SERVICES) and Clause 2 (SERVICES IN SCOPE) will run for a minimum of three (3) calendar months from initiation of the service.
6.2	Cancellation requires one (1) calendar month notice.
7.	BAAS DATA RETENTION
7.1	Data retention for the BaaS will be configured by the Supplier as follows:
7.1.1	two (2) daily backups; and
7.1.2	backup data will be available as long as required by the Customer (“Infinite Retention”).
8.	CUSTOMER OBLIGATIONS
8.1	For the for the services set out in Clause 1 (SERVICES) and Clause 2 (SERVICES IN SCOPE) the Customer will:
8.1.1	provide an up-to-date list of user and services required to be backed up;
8.1.2	inform the Supplier of required changes and removals;
8.1.3	provide required access and credentials for the service to run;
8.1.4	test and validate the service meets the requirements of the Customer; and
8.1.5	have an effective and operating existing disaster recovery plan tested by the Customer to its satisfaction.
9.	SERVICE LEVELS
9.1	The service levels for the services set out in Clause 1 (SERVICES) and Clause 2 (SERVICES IN SCOPE) are set out in the table below.
Priority	the Supplier Incident Response Service Target	Measure	Scope
Moves, Adds, Changes	24 hours	95%	Business Hours
Restore assistance	24 hours	95%	Business Hours
Service Request Response	24 hours	95%	Business Hours

10.	COMMERCIALS
The following costs will be associated to the BAAS
Service	Cost type	Min term
Datto BAAS license	Subscription License
Per User Per Month basis	3 months
Setup Fee	One off cost	NA


Subscribing users can happen in 2 ways and costs will be affected depending on the method taken;
Manual Adding Users
Users can be named by the customer and added to the service specifically.
Automatically Adding Users
The service can auto-enable new users to the backups. This can be used if you are enabling all users for backups.
Adding users will increase the licensed quantity and therefore costs from that point forward. If using the auto-enable feature this will increase the license count and costs automatically.
 
FLOWDOWN OF DATTO SAAS PROTECTION TERMS OF USE TO CAE Technology Services LTD’s Customers

These SaaS Protection Terms of Use (“Terms of Use” or “Terms”) describe the terms under which CAE Technology Services Ltd (“CAE” or “we or “us”)”) via Datto, Inc. or one of its direct or indirect subsidiaries (“Datto”) provides access to and use of SaaS Protection products (referred to in these Terms of Use as the “Product” or “Products”). Capitalized terms not defined elsewhere in these Terms will have the meanings set forth in the last section. The parties acknowledge that certain activities as set out below will be performed by Datto and accordingly, ‘we’ or ‘us’ or ‘our’ will be construed accordingly as applicable to the specific circumstances. 
If You accept these Terms of Use You represent and warrant that You have the full authority to agree to these Terms of Use with respect to access, use and support of the Product and Backed up Data. 
1.	ORDERS
1.	These Terms of Use are incorporated into each Order for the Product. Unless otherwise specified, Customer will receive the current standard Product features and functionality (such as number and frequency of backups or retention schedule) for the standard Subscription Term described in the current Policies for the Product, for the number of Users and/or data allotment specified in an Order.
2.	FREE TRIAL
1.	If the Product is being used during a free trial, these Terms of Use (except for payment obligations) will apply for the purpose and term of such authorized evaluation or trial period only. We reserve the right to terminate any such evaluation use of the Product at any time in our sole discretion. ANY BACKEDUP DATA SAVED DURING A FREE TRIAL WILL BE PERMANENTLY DELETED FOLLOWING THE TRIAL PERIOD UNLESS A PAID ORDER IS PLACED FOR THE SAME PRODUCT. CUSTOMER MAY EXPORT BACKEDUP DATA PRIOR TO THE END OF THE TRIAL.
2.	NOTWITHSTANDING ANY OTHER PROVISION OF THESE TERMS OF USE, ALL PRODUCT FOR A FREE TRIAL USE IS PROVIDED "AS-IS" AND "AS-AVAILABLE," WITHOUT WARRANTIES OF ANY KIND. You hereby waive all claims, now known or later discovered, against us arising out of use of any Product for a Free Trial.
3.	USE OF PRODUCTS
1.	Subject to these Terms of Use and receipt by us of all fees applicable to the Product, we hereby grant a limited, revocable, non-sublicensable, non-exclusive right to access and use the Product during the Subscription Term for the number of Users and /or the applicable data storage allotment set forth in an Order. Customer may use the Product solely for internal business purposes and not for further resale or distribution.
2.	Each Product is licensed, not sold. The Product contains material that is protected by copyright, patent and trade secret law of jurisdictions throughout the world, and by international treaty provisions. Except for the limited rights granted in these Terms of Use, we and our licensors retain all right, title, interest and Intellectual Property Rights in the Product.
3.	We reserve the right at any time to make Enhancements to, replace, modify, discontinue or add to the Products, including revisions to Specifications, features and functionality. We will use reasonable commercial efforts to provide You notice of any material changes.
4.	We may designate enhancements to a Product or a new Product as "Beta Product" that we may make available at no charge. Such Beta Product will not be ready for use in a production environment and its operation may be unpredictable and lead to erroneous results. You are under no obligation to use a Beta Product. If You choose to use a Beta Product, You agree the Beta Product (i) is experimental and has not been fully tested; (ii) may not meet Your requirements; (iii) use or operation may not be uninterrupted or error free and is for purposes of evaluating and testing the product and providing feedback to us. You agree to report promptly to us any errors or other deficiencies in the Beta Product and will hold all information relating to use and performance of the Beta Product in strict confidence and not disclose such information to any unauthorized third parties. Use of any Beta Product is otherwise subject to these Terms of Use. NOTWITHSTANDING ANY OTHER PROVISION OF THESE TERMS OF USE, ALL BETA PRODUCT IS PROVIDED "AS-IS" AND "AS-AVAILABLE," WITHOUT WARRANTIES OF ANY KIND. You hereby waive all claims, now known or later discovered, that You may have against us and our suppliers and licensors arising out of use of any Beta Product.
5.	Additional Data Processing Terms. A Product may be configured to designate the geographic region where Backed up Data associated with the Product is stored. The European Data Processing Addendum is incorporated into these Terms of Use if a Product is configured to store Backed up Data in the European Economic Area.
4.	RESTRICTIONS ON PRODUCT ACCESS AND USE
1.	You may not nor may You permit, facilitate or authorize any third party to: (i) use any Product other than as permitted under these Terms of Use; (ii) remove or destroy any copyright or other proprietary markings for a Product or its Specifications; (iii) access or use any Product in any manner that could damage, disable, or overburden such Product, any networks or security systems; (iv) reverse engineer, decompile, disassemble, or otherwise attempt to extract source code from any Product, except to the extent this restriction is expressly prohibited by Applicable Law; (v) copy, modify or create derivative works of any Product; (vi) alter any disabling mechanism which may reside in a Product; (vii) assign, sublicense, rent, timeshare, loan, pledge, lease, or otherwise transfer the Products, or directly or indirectly permit any unauthorized party to use or copy the Product; (viii) conduct or disclose the results of any form of benchmarking of a Product; (ix) extract any software for use in other applications; or (x) access a Product to (1) build a competitive product or service; (2) copy any, or build a product using, ideas, features or graphics sourced from the Product.
2.	Use of the Products and Backed up Data must at all times be in compliance with all Applicable Laws. The Products and Backed up Data may not (i) be used to send any unsolicited commercial email or invitation in violation of Applicable Law; (ii) be used to process or disclose any unencrypted personally identifiable data (such as payment card numbers or social security numbers) in violation of any Applicable Law; (iii) be deceptive, fraudulent, harmful, abusive, harassing, threatening, indecent, obscene, racially, ethnically, or otherwise objectionable, hateful, tortious, libellous, defamatory, slanderous, or otherwise in violation of Applicable Law; (iv) infringe or misappropriate any Intellectual Property Rights or other rights of any third party; (v) be used to transmit any viruses or similar malicious software that may damage the operation of any computer, network, system or the Products; or (vii) violate the terms of use of the Backed up Site or any other agreement.
3.	If we reasonably believe any Product use or Backed up Data: (i) violates any of the restrictions in the foregoing sections; (ii) may disrupt or threaten the operation or security of any computer, network, system or the Products; or (iii) may otherwise subject us to liability, we reserve the right to refuse or disable access to the Product or Backed up Data. We may also take such action pursuant to the Digital Millennium Copyright Act and/or as required to comply with Applicable Law. We will use reasonable efforts to contact an Administrator prior to taking such action. However, we may restrict access to any Product or Backed up Data without prior notice as necessary to comply with Applicable Law or to protect against damage or security threats. If we take any such action without prior notice, we will later provide notice to an Administrator, unless prohibited by Applicable Law.
5.	BACKEDUP DATA
1.	Customer represents and warrants it has all rights (including from Backed up Sites and Users) as necessary to permit access, copying and use of Backed up Data with the Product. Customer is responsible for the accuracy, quality and legality of the Backed-up Data, and the means by which Customer acquired rights to the Backed-up Data for use with the Product. For purposes of this Agreement, Backed up Data is the property of Customer, not any User, and we are under no obligation to inform Users that Customer controls such information with us.
2.	Customer, for itself and its Users, authorizes us to access and interact with the Backed up Site to retrieve Backed up Data and grants us a limited, royalty-free, non-exclusive, assignable license to use, copy, reformat, display, disclose and distribute the Backed up Data solely for providing the Product as described in these Terms of Use, including as authorized by an Administrator for support, and as described in our Privacy Policy.
3.	Customer retains all its right, title and interest in and to the Backed-up Data, and we neither own nor acquire rights in the Backed-up Data other than the rights expressly granted under this Agreement.
4.	We will use physical, technical and administrative safeguards, consistent with commercially reasonable industry practices, designed to secure the confidentiality, integrity and availability of Backed up Data under our control against accidental or unauthorized loss, access or disclosure. We use the same safeguards for all Backed up Data, regardless of its nature or contents. We are a processor and not a controller of all Backed up Data.
5.	Customer must maintain authorization and access to the Backed-up Sites so that we are regularly able to access Backed up Data for purposes of providing the Product. Customer agrees and acknowledges that Backed up Data may not be available or restorable a) if Customer changes such access authority or otherwise restricts our access to such Backed up Site; b) due to unavailability of the Backed up Site; c) with respect to modifications to the Backed up Data that are not captured in the backup frequency or retention schedule for the Product.
6.	Unless otherwise agreed to in writing in a separate Business Associate Agreement, you agree that Backed up Data will not contain Protected Health Information and Your use of a Product will not otherwise make us a Business Associate of Customer or any Administrator. You must request that we enter into a valid Business Associate Agreement with the appropriate party and ensure such agreement is in place prior to the transfer of any Backed-up Data that requires a Business Associate Agreement. The terms “Protected Health Information” “Business Associate” and “Business Associate Agreement” will have the same meanings as set forth in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), and such regulations as may be further amended from time to time (collectively, the HIPAA Standards).
6.	USE OF OTHER INFORMATION
1.	If You provide us with comments or other feedback regarding the Products or our business (collectively “Feedback”), directly or through any third party, You do so without any expectation of compensation and hereby grant us a worldwide, irrevocable, perpetual, royalty-free right and license to use the Feedback to improve the Products and for any other purpose. Feedback is strictly voluntary, and we are not required to hold it in confidence.
2.	Notwithstanding anything else in these Terms of Use or otherwise, we may evaluate, and process use of Products and Backed up Data in an aggregate and anonymous manner and compile related statistical and performance information (“Aggregate Data”). We may use and share such Aggregate Data to improve the Products, develop new products, analyse usage and generally for any purpose related to our business. We retain all Intellectual Property Rights in Aggregate Data. For clarity, Aggregate Data does not include personally identifiable information or information that can identify any individual Customer or natural person.
3.	Operational data concerning use of the Products (“Log Data”), that servers automatically record relating to the access and use of the Products, IP address, authentication tokens, machine identification, access logs, and settings are used by us / Datto to provide the Products and operate our / Datto’s business and you agree that we / Datto may use such Log Data for such purposes.
7.	YOUR RESPONSIBILITY FOR ACCESS TO YOUR PRODUCT ACCOUNT
1.	You are responsible for the security of all Your access credentials to the Product, including any action You permit any person or entity to take related to the Product and Backed up Data using your access credentials. You are responsible for the proper configuration and maintenance of safeguards as they relate to access to and use of the Product and Backed up Data, including but not limited to individual Administrator and User permissions, local Device access, network connectivity and internet connectivity.
2.	You agree to notify us as soon as practicable of any unauthorized use of any access credentials, password or account or any other known or suspected breach of security.
8.	SUPPORT
1.	We will provide reasonable support for the Products in accordance with our current support Policies. An Administrator authorized by Customer is responsible for providing first level support for each Product. By requesting support services, Customer authorizes us to access the Product and/or the Backed-up Data for the purpose of providing the requested Product support. We may rely on the instructions and authorizations given to us by any Administrator with access to a Product, and we will have no obligation to inform any other Administrator of the Product of the same.
9.	UPDATES AND TESTING
1.	You agree that we may, and You hereby authorize us, from time to time, to interact remotely with any deployed Product in order to test, troubleshoot, or update such Product. During maintenance windows the Product may not be accessible; we will make reasonable efforts to notify You of such maintenance windows.
10.	CONFIDENTIAL INFORMATION
1.	Both You and we agree to employ reasonable safeguards to (i) maintain the confidentiality of each other’s Confidential Information using the same care to prevent disclosure as each of us employs to avoid disclosure of our own information of a similar nature, but in no event less than a reasonable standard of care; (ii) limit access to Confidential Information to those persons or entities involved in providing or supporting the Products or otherwise in complying with these Terms of Use, its affiliates, its financial or legal advisors, all of whom have a legal duty to protect the Confidential Information.
2.	Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the disclosing party, (ii) was known to the receiving party prior to its disclosure by the disclosing Party without breach of any obligation owed to the disclosing party, (iii) is received from a third party without breach of any obligation owed to the disclosing party, (iv) was independently developed by the receiving party; (v) is approved for release or disclosure by the disclosing party without restriction; or (vi) is Feedback, Aggregate Data, Log Data or Backed up Data.
3.	Notwithstanding the foregoing, each party may disclose Confidential Information to the limited extent required in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with Applicable Law, provided that the party required to make any such disclosure, where permitted by Applicable Law in the reasonable judgment of that party’s counsel, will first have given written notice to the other party in order to allow the disclosing party to seek, at its sole cost and expense, a protective order or other remedy to limit such disclosure.
4.	Each party acknowledges that any breach of any provision of this Section on Treatment of Confidential Information by the receiving party may cause immediate and irreparable injury to the disclosing party, and in the event of such breach, the injured party will be entitled to seek and obtain injunctive relief to the extent provided by a court of applicable jurisdiction, without bond or other security, and to any and all other remedies available at law or in equity.
11.	WARRANTIES AND DISCLAIMERS
1.	Each of us represents and warrants that it has validly entered into this Agreement; has the legal power to do so; and by entering into this Agreement it is not in violation of any previous agreement or obligation between it and any third party.
2.	During an applicable Subscription Term, we will provide the Product using a commercially reasonable level of skill and care in material accordance with the applicable Specifications. Your exclusive remedy in the event that we do not do so is to terminate this Agreement or any Order for cause as specified in section 17b.
EXCEPT FOR THE LIMITED WARRANTIES HEREIN, THE PRODUCTS ARE PROVIDED AS IS AND WITH ALL FAULTS. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WE DISCLAIM ALL OTHER PROMISES, REPRESENTATIONS AND WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SYSTEM INTEGRATION, DATA SECURITY, OR WARRANTIES ARISING OUT OF ANY COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE.
WE MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT ANY PRODUCT’S COMPLIANCE WITH LAWS AND REGULATIONS SPECIFICALLY APPLICABLE TO ANY CUSTOMER OR INDUSTRY AND DISCLAIM ALL LIABILITY ASSOCIATED THEREWITH.
WE ARE NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM RISKS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS.
WE DISCLAIM ANY DUTIES OF A BAILEE, AND YOU HEREBY WAIVE ALL RIGHTS AND REMEDIES OF A BAILOR (ARISING UNDER COMMON LAW OR STATUTE), RELATED TO OR ARISING OUT OF ANY POSSESSION, STORAGE, OR TRANSMISSION OF DATA BY US. YOU ACKNOWLEDGE THAT NO PASSWORD-PROTECTED SYSTEM OF DATA STORAGE CAN BE MADE ENTIRELY IMPENETRABLE AND AGREE THAT THE PRODUCTS AND BACKEDUP DATA ARE NOT GUARANTEED AGAINST ALL SECURITY THREATS OR OTHER VULNERABILITIES.
NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY US OR ANY RESELLER, ADMINISTRATOR OR OTHER PARTY WILL CREATE ANY ADDITIONAL WARRANTIES, ABROGATE THE DISCLAIMERS SET FORTH ABOVE OR IN ANY WAY INCREASE THE SCOPE OF OUR OBLIGATIONS HEREUNDER.
12.	INDEMNIFICATION
1.	We agree to defend You from third party claims that a Product in the form supplied to You under these Terms of Use infringes or misappropriates a third party’s patent, copyright or trademark rights and we will indemnify and hold You harmless from all damages, costs, and similar liabilities ordered by a court or agreed upon by us in settlement in connection with any such claim. Our indemnification obligations will not apply to (i) claims of infringement to the extent based on Your combination of the Product with other products, services software, data or marks if the infringement could have been avoided by the use of such Product not in such combination; (ii) any modifications to the Product not made by us; (iii) any damages incurred as a result of Your failure to use any update to the Product we provide; or (iv) use of a Product in a manner that does not conform to its Specifications (these exceptions (i) through (iv) collectively will be referred to as "IP Exclusions"). If we determine that a Product is or may become subject to an infringement claim, we may, at our option: (1) procure for You the right to continue to use the Product; or (2) replace or modify the Product so it becomes non-infringing. If we determine that neither of these options is commercially practicable, we may terminate Your use of the Product and will issue a refund of the fees paid (not including usage fees for services already provided) to acquire the initial use of the allegedly infringing Product less applicable reasonable depreciation. This Section represents Your sole and exclusive remedy and our sole and exclusive liability for any infringement claims based on the Products.
2.	You agree to defend us, our suppliers and affiliates, and the officers, directors, employees and representatives of each of them (each an “Indemnified Party"), from all damages and costs incurred as a result of a third party claim and You will indemnify and hold any and all “Indemnified Parties harmless from all damages, costs, and similar liabilities ordered by a court or agreed upon by You in settlement in connection with any such claim, to the extent the claim arises out of Your breach of these Terms of Use, including Your failure to comply with Applicable Law.
3.	Any indemnification obligations set forth in this Agreement will be subject to the following conditions: (a) the party seeking indemnification will notify the indemnifying party in writing promptly upon learning of any claim for which indemnification is sought; (b) the indemnifying party will have control of the defence or settlement; and (c) the indemnified Party will reasonably cooperate with the defence, at the indemnifying Party's expense.
13.	EXPORT CONTROL AND GOVERNMENT USES
1.	You represent and warrant that Your use of the Products and the Backed-up Data will comply with all export laws, restrictions, national security controls, and regulations of the United States or other applicable authority. You will not export or re-export or allow the export or re-export of the Products (or Backed up Data through use of the Products) in violation of any such export laws, restrictions, controls or regulations.
2.	If Products are to be used in the performance of a government contract or subcontract, no government requirements or regulations will be binding upon us unless specifically agreed to by us in writing. If Customer is a U.S. Government entity or person, the Product is being provided as a "Commercial Item" as that term is defined in the U.S. Code of Federal Regulations (see 48 C.F.R. § 2.101), and the rights granted in the Product to such Content Owners are the same as the rights granted to all others under these Terms of Use.
14.	TERM AND TERMINATION
1.	Term. A Subscription Term will commence on the date specified in the Order and will continue for the initial term specified in the Order. If no Subscription Term is specified, the standard Subscription Term described in our current Policies will apply. Unless otherwise specified, each Subscription Term will automatically renew for a Subscription Term of equal length unless either party provides written notice of its desire to terminate as specified in our current Policies. These Terms of Use will continue until all Subscription Terms have expired or been terminated.
2.	Termination for Breach. Either party may terminate this Agreement or an individual Order for cause upon 30 days’ notice of a material breach of any of its duties, obligations or responsibilities under this Agreement, provided that the breaching party has failed to cure such breach (or provide an acceptable plan for curing such breach) within the thirty (30) day notice period.
3.	Access to Backed up Sites. If a Backed up Site amends its API guidelines in such a way that materially affects our ability to access the Backed up Site to provide the Product in accordance with the Specifications, and if we are unable to perform substantially the same functionality, either party may terminate the applicable Order by providing to the other thirty (30) days’ written notice. We will refund any unused prepaid fees for the remainder of the applicable Subscription Term as your sole and exclusive remedy.
4.	Effect of Termination. Upon any termination of a Subscription Term, Customer will immediately discontinue all use of the Product. For up to sixty (60) days after the effective date of termination, we will, upon written request allow Customer to export or download a copy of its Backed-up Data as provided in the Specifications. After such period, we have no obligation to maintain or provide any Backed-up Data and may thereafter delete or destroy all copies of the Backed-up Data, unless legally prohibited.
5.	We reserve the right at any time to modify these Terms of Use and updated Terms of Use will be communicated to you. We will make reasonable efforts to notify You of material changes and Your continued use of any Product after an update will indicate Your acceptance of any updated Terms of Use. If You do not agree to any updated Terms of Use, You must terminate Your use of the Product immediately. If You provide written notice of any such termination, we will provide a refund of any pre-paid but unused fees applicable to the Product. We may also modify and update Policies, Specifications, and other support materials. All such changes are effective immediately upon being communicated to You and You should promptly review such communications so that You will be apprised of any changes.
15.	MISCELLANEOUS
1.	Construction. The section headings in these Terms of Use are for convenience only and will not be deemed to be substantive; any rule of construction that ambiguities are to be resolved against the drafting party will not be applied in the interpretation of these Terms of Use.
2.	Independent Contractors. Nothing contained herein will be construed or implied to create an agency, partnership or employer and employee relationship between the Parties.
3.	Enforceability. If any provisions herein are deemed invalid, illegal, or unenforceable, the validity, legality and enforcement of the remaining provisions will not be affected or impaired.
4.	Electronic Communications. You consent to receive communications from us in electronic form and agree that this Agreement and all notices, disclosures, and other communications that we provide to You electronically satisfy any legal requirement as if in writing.
5.	Assignment. You may not assign this Agreement (including with respect to any individual Product or Backed up Data), without our express written consent. Any assignment or transfer in violation of the foregoing will be null and void. We reserve the right to assign this Agreement to any (i) affiliate; or (ii) any entity in connection with the sale, combination, or transfer of all or substantially all of the assets or capital stock or from any other corporate form of reorganization by or of us. Subject to all of the terms and conditions hereof, this Agreement is binding upon the parties, their permitted successors and assigns.
6.	Force Majeure. Any delay in or failure of performance of either of us will not constitute a default under these Terms of Use or give rise to any claim for damages to the extent such delay or failure of performance is caused by a force majeure event, including acts of god, fire, flood, explosion, war, strikes, loss of any necessary power or communications sources or connections, failures in or affecting the Internet or associated intranets, any computer virus or other malicious code released by a third party, the terrorist, illegal or malicious acts of a third party, changes or modifications in international, national, or industry standards or protocols, and the existence of or changes in laws prohibiting or imposing criminal penalties or civil liability for performance hereunder; provided that, any such delay does not extend beyond 30 calendar days.
7.	No Waiver. The failure to enforce or the waiver by either of us of one default or breach by the other will not be considered to be a waiver of any subsequent default or breach.
16.	DEFINITIONS
1.	“Administrator” means one or more persons or entities authorized by Customer to manage or use the Product on Customer’s behalf, including access to and control of Backed up Data. A Product may have multiple Administrators and we expressly may rely on the authorization and instructions of any Product Administrator, until we receive written instructions to the contrary.
2.	“Agreement” means an Order for a Product together with and subject to these Terms of Use.
3.	"Applicable Law" means any applicable law, rule, regulation, directive, code, order or other requirement in any jurisdiction contemplated by these Terms of Use.
4.	“Backed up Data” means the data and content that Customer designates for copying, backup and use with a Product.
5.	“Backed up Site” means a third-party application or service with which the Product interacts, upon Customer’s authorization, to obtain copies of the Backed-up Data.
6.	“Confidential Information” means all operational written or oral information, disclosed by either party to the other that has been identified by the disclosing party as confidential or that by the nature of the circumstances surrounding disclosure ought reasonably to be treated as confidential, but not including Feedback, Aggregate Data, Log Data or Backed up Data.
7.	“Customer” is the entity that owns the Backed-up Site account. References to “Customer” shall in the applicable context also refer to any Administrator acting on Customer’s behalf.
8.	“Device” means any hardware-based component of a Product offering.
9.	"Enhancement" means any upgrade, update or modification to a Product. All Enhancements will be subject to these Terms of Use.
10.	"Intellectual Property Rights" means all intellectual property rights, however arising and in whatever media, whether or not registered, including patents, copyrights, trademarks, service marks, trade names, design rights, database rights, domain names, trade secrets or other proprietary rights and any applications for the protection or registration of such rights and all renewals and extensions thereof throughout the world.
11.	“Online Portal” means a web-based application or interface that contains information related to the Product, including the ability to order, pay for, manage, monitor, support and/or use the Product.
12.	“Order” means an order for a Product that specifies such things as the Backed-up Site, data storage allotment and/or number of Users. An Order may be created at the time of Product setup, by separate written or electronic document or by an Administrator or reseller on behalf of Customer.
13.	"Product" means any SaaS Protection product provided through the use of Software, web-based Services, or Devices, including all Enhancements to Products, all subject to these Terms of Use.
14.	"Policies" means the terms and conditions applicable to order, configure, access, use, and support of the Products. Policies are published on an Online Portal.
15.	"Specifications" means any Policies, documentation, user manuals or other materials relating to the Products. Specifications as may be published on an Online Portal.
16.	“Subscription Term” means the initial and any renewal term during which Customer agrees to subscribe to a Product, as specified in an Order and these Terms of Use and Policies.
17.	“Terms of Use” means these terms and conditions, as amended from time to time, that together with an Order form a binding agreement between the Parties regarding use of the Product.
18.	“User” means an individual affiliated with Customer who Customer authorizes to use or have use of the Product. For purposes of this Agreement, the Customer will be the owner of the Backed-up Data and Customer is responsible for the acts and omissions of its Users.
19.	“You” means, in the applicable context, the person or entity agreeing to these Terms of Use, either a Customer or an authorized Administrator acting on behalf of a Customer.
EUROPEAN DATA PROCESSING ADDENDUM
This European Data Processing Addendum ("DPA") amends the applicable Product Terms of Use for a Datto Product only to the extent the Product is used to Process Personal Data covered under the GDPR.
Definitions
Capitalized words are defined in this section or when first used throughout this DPA or the applicable Product Terms of Use.
"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity, where "control" refers to the power to direct or cause the direction of the subject entity, whether through ownership of voting securities, by contract or otherwise.
"Controller", "Data Subject", "Processor", Processing" will have the meaning set forth in Article 4 of the GDPR.
"Data Subject Request" means a request made by or on behalf of a Data Subject to exercise a right for access to, rectification, objection, erasure or other applicable right recognized by the GDPR of that Data Subject’s Personal Data.
"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC and, from the date the United Kingdom may no longer be a member of the European Union, the corresponding data privacy and protection legislation of the United Kingdom.
"Personal Data" means information relating to an identified or identifiable natural person (Data Subject) covered under the GDPR that is directly or indirectly submitted, stored or Processed via use of the Product by Customer, its Affiliates, clients or end users.
"Product" means a Product and all related services provided by Datto that Processes Personal Data covered by this DPA.
"Subprocessor" means a third party that, by reason of its role in performing services on behalf of Datto with respect to Datto’s provision of a Product, may have logical access to Personal Data covered by this DPA.
Effectiveness
This DPA will be effective from the later of the date on which Customer clicks to accept the Product Terms of Use and this DPA or Datto and Customer otherwise agree to this DPA.
In the event of a conflict between this DPA and the Product Terms of Use concerning the subject matter hereof, the terms of this DPA will govern.
Duration of Processing/Term of DPA
This DPA and Datto’s Processing of Personal Data will terminate automatically upon termination of the Product Terms of Use and of any post termination period during which Datto makes Personal Data available for export by Customer, until its final deletion.
Controller/Processor Roles
For purposes of this DPA, the parties agree that Datto is a Processor of Personal Data. This DPA does not apply where Datto is a Controller of Personal Data.
Customer may act either as a Controller or Processor, as applicable, of Personal Data. If Customer is not the Controller of Personal Data, Customer represents and warrants to Datto and CAE that Customer has the right and authority to appoint Datto as a Processor and provide instructions to Datto or CAE (as applicable), and such actions have been authorized by the appropriate Controller of the Personal Data.
Customer has sole responsibility for the quality, ongoing accuracy, legality and scope of Personal Data and the means by which Customer acquired Personal Data. Customer represents and warrants that it has sufficient rights and all third party consents as may be necessary and appropriate for the use of the Personal Data with the Product and that its submission of Personal Data to Datto will comply with the GDPR and all applicable laws.
Processing of Personal Data
Datto will Process the Personal Data only on the instructions of Customer, including through Customer’s use and configuration of the features within the Product. Customer instructs Datto to Process the Customer Personal Data (a) to provide the applicable Product and related technical and administrative support consistent with the Product Terms of Use and this DPA; (b) as further instructed via Customer’s use of the Product; and (c) to comply with other reasonable instructions provided by Customer (via email or support tickets) that are consistent with the nature and scope of the Product.
Datto or CAE (if applicable) will inform Customer if, in its opinion, an instruction violates the terms of the GDPR.
Subject Matter and Nature of Processing
The subject matter and scope of Processing is Datto’s provision of the Product, including related technical and administrative support (through management portals or otherwise) that is the subject of the Product Terms of Use. Datto will Process Personal Data that is provided directly or indirectly by Customer, its clients or end users to Datto for the purpose of providing the Product that is the subject of the Product Terms of Use.
Data Subject Requests
If Datto receives a Data Subject Request related to the Product, to the extent it is able to do so, and it is legally permitted, Datto will notify Customer and/or direct the Data Subject to make the request directly to Customer.
Customer is responsible for responding to any Data Subject Requests. Taking into account the nature of the Processing, Datto will provide Customer with commercially reasonable assistance in responding to a Data Subject Request, to the extent legally permitted, if such Data Subject Request is reasonably possible consistent with the functionality of the Product and is required under applicable law. To the extent legally permitted, Customer will be responsible for any costs arising from Datto’s assistance.
Duty of Confidentiality
Datto ensures that its personnel engaged in the processing Personal Data have committed to maintain the confidentiality of Personal Data by requiring such personnel to execute written confidentiality agreements.
Data Deletion
Within a reasonable amount of time following expiration or termination of the applicable Product Terms of Use plus any post termination period during which Customer has the ability to export Personal Data, Datto will delete Personal Data. Customer hereby instructs Datto to delete all Personal Data after such period. It is Customer’s responsibility to export any Personal Data prior to its deletion.
Personal Data Breach
If Datto becomes aware of and confirms a breach of Datto’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data covered by the GDPR in Datto’s custody or control, Datto will, without undue delay, notify Customer and exercise best efforts to mitigate the effects and to minimize any damage resulting from such a security incident.
Customer agrees that an unsuccessful security incident will not be subject to this section. An unsuccessful security incident includes but is not limited to things such as attempts at unauthorized access to Personal Data or to any of Datto’s equipment or facilities storing Personal Data, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond IP addresses or headers).
Datto’s obligation to report or respond to a security incident will not be construed as an acknowledgement of any fault or liability of Datto with respect to the security incident. Datto will have no obligation to respond to any incidents caused by Customer or anyone acting with Customer’s authorization.
Subprocessing
Customer acknowledges and agrees that Datto Affiliates may be retained as Subprocessors and that Datto and its Affiliates respectively may engage third party Subprocessors as needed to provide a Product. Customer hereby consents to the use of Subprocessors as described in this section.
A current list of Subprocessors for the Product will be available at www.datto.com/subprocessors. Datto will provide prior notification of a new Subprocessor, depending on the Product, by either updating the list of Subprocessors at www.datto.com/subprocessors, providing notice in the applicable Product management portal, and/or offering an email subscription notification option, before authorizing such new Subprocessor to have access to Customer’s Personal Data in connection with the provision of the applicable Product.
Customer may reasonably object to Datto’s use of a new Subprocessor by notifying Datto promptly in writing, explaining the reasonable grounds for objection, within ten (10) business days following Datto’s notice described above. Datto will use commercially reasonable efforts to make available to Customer a change to Customer’s configuration or use of the Product to avoid use of the objected to new Subprocessor. If Datto is unable to make available such change within a reasonable period of time, not to exceed thirty (30) days, either party as its sole remedy may terminate the applicable Product Terms of Use with respect only to those services which cannot be provided by Datto without the use of the objected-to new Subprocessor. In such case, Datto will refund any prepaid fees covering the remainder of the term applicable to such Product.
Datto will use only Subprocessors that have executed written contracts with Datto containing obligations that are substantially similar to those of Datto under this DPA. Datto will be liable for the acts and omissions of its Subprocessors to the same extent Datto would be liable if performing the services of each Subprocessor directly under the terms of this DPA.
A Product or Product management portal may provide links or integrations or an API which may be used to facilitate integrations to or from third party products or services ("Third Party Applications"). If Customer elects to integrate with, enable, access or use an API to interact with such Third Party Applications it does so at its own risk and Datto has no responsibility or liability for any Personal Data processed by or through such Third Party Applications. Customer expressly acknowledges and agrees that all enabled Third Party Applications are expressly authorized by Customer and Datto is not a co-processor, subprocessor or controller with respect to any Personal Data processed by or on behalf of Customer through a Third Party Application.
Audit
Datto will cooperate with any Customer audit to verify Datto’s compliance with its obligations under this DPA by making available, subject to non-disclosure obligations, third party audit reports, where available, descriptions of security controls and other information reasonably requested by Customer regarding Datto’s security practices and policies.
Taking into account the nature of the Processing and the information available to Datto, Datto will provide, at Customer’s cost if legally allowed, commercially reasonable cooperation and assistance to Customer regarding Customer’s compliance obligations described in Articles 32-36 of the GDPR.
Limitation of Liability
To the maximum extent allowed by applicable law, the total combined liability for both Datto and Customer and any of their Affiliates arising out of or related to this DPA is subject to the exclusions and limitations of liability set forth in the applicable Product Terms of Use. Any regulatory penalties imposed on either party resulting from this DPA will count toward such liability cap.
Security
Datto maintains commercially reasonable technical and organizational measures to protect against accidental or unlawful access, destruction, loss or alteration of Personal Data under its control. Datto may modify such measures, provided that any changes will not result in a material degradation of the security measures.
A Product or Product management portal may make available certain Customer controlled security features, which may include multi-factor authentication, administrative access controls and local encryption. Datto makes available best practices for Customer to adopt to help protect against accidental or unlawful access, destruction, loss or alteration of Personal Data. Customer is responsible for securing Personal Data under its control, including but not limited to properly configuring and using available Customer controlled security features.
Transfers of Personal Data
Certain Products allow Customer the ability to use a data centre located in the European Economic Area ("EEA") or the United Kingdom for Processing of Personal Data. For all such Products, Customer is responsible for using an appropriate data centre location in the EEA or the UK. Certain data related to technical and administrative support for a Product or its management portal ("Metadata") may be hosted in the U.S. even if Customer uses a data centre located in the EEA or the UK.
Datto, Inc. and its U.S. subsidiaries self-certify to and comply with the EU-U.S. and Swiss-U.S. Privacy Shield as a transfer mechanism regarding the transfer of Personal Data from the European Union, the EEA, Switzerland and the United Kingdom to the U.S. Transfers of Metadata and Personal Data to the U.S. are validated through Datto’s EU-U.S. and Swiss-U.S. Privacy Shield certification.
The foregoing will not apply if Datto adopts an alternative GDPR recognized compliance standard for the lawful transfer of Personal Data outside the EEA, Switzerland or the United Kingdom.
Governing Law
If Customer is a resident of the United Kingdom, this DPA is governed by the law of England and Wales and is subject to the exclusive jurisdiction of the courts of England and Wales.
If Customer is a resident of the EEA or Switzerland, this DPA is governed by the law of the Netherlands and is subject to the exclusive jurisdiction of the Netherlands.
Notices
Notice to Datto under this DPA should be sent to Datto, Inc., 101 Merritt 7, 7th floor, Norwalk, CT 06851 Attn: Legal Department.
If Customer is not the primary administrator for a Product (for example, a client who purchases a Product from a managed service provider) Customer acknowledges and agrees that Datto will communicate all notices related to this DPA via email or through the Product management portal with the party that is the primary administrator for the Product.
Customer acknowledges and agrees that it is responsible for receiving and promptly relaying all notices related to this DPA received via email or through the Product management portal to the appropriate parties, including those notices required by applicable law.
It is Customer’s responsibility to maintain current, accurate contact information within the applicable administrative portal for the Product for purposes of facilitating all notices.
General
The terms of this DPA are confidential information of Datto covered by the confidentiality provisions of the applicable Product Terms of Use. Customer agrees not to disclose the terms of this DPA.
Datto or CAE (as applicable) reserves the right to modify this DPA, including if different GDPR recognized compliance standards become available, or as needed to maintain compliance with the GDPR or other applicable law.

SAAS PROTECTION POLICIES
Standard Retention Policy
This standard retention policy applies to currently available Service Plans for SaaS Protection 2.0 Products only. Earlier versions of the Product and/or Service Plans may have different retention features.
Retention determines how and/or for how long data backups for a SaaS Protection Service Subscription are retained in the Datto Cloud. After an initial full backup, all subsequent backups are "snapshots" of a particular point in time and capture only changes made since the previous backup. Following the full backup, backup snapshots are retained in accordance with the pre-set schedule for the particular SaaS Protection Service Plan described below and will be retained for each active Service Subscription for which payment is current. If a Service Subscription terminates, Datto reserves the right to delete, after 60 days, the backed up data in the Datto Cloud associated with your Service Subscription. It is your responsibility, on or before this period, at your expense, to export a copy of the data if you would like a copy of the backed up data in the Datto Cloud associated with your Service Subscription for a SaaS Protection Product.
1.	1-Year Cloud Retention- With the 1-Year Cloud Retention (also known as 1 Year Time Based Retention) service plan backup snapshots are maintained for one year on a rolling basis, with the oldest backup snapshots deleted first after one year. Automatic consolidation of backup snapshots is applied on a rolling basis as shown below.
2.	Infinite Cloud Retention- With the Infinite Cloud Retention service plan backup snapshots are retained for an indefinite period of time for as long as the Infinite Cloud Retention Service Plan Service Subscription is current. Automatic consolidation of backup snapshots is applied on a rolling basis as shown below.
We use the following schedule for consolidating backup snapshots stored in the Datto cloud.

Pruning of Incremental Backups	Takes Place After:
Intra-dailies	30 days
Dailies	90 days
Weeklies	365 days*

* For the Infinite Cloud Retention Service Plan only, weeklies will be consolidated on a rolling basis into monthly backup snapshots after a year.



 

This Schedule and terms have been signed on behalf of the Parties:

CAE Technology Services Limited	
	<<CUSTOMER>>
By:				By:	
					
Position:				Position:	

Printed Name:				
Printed Name:	

Date:				
Date: