Contratto di abbonamento al servizio cloud e termini e condizioni della prova gratuita del servizio cloud

Contratto di abbonamento ai servizi cloud

Il presente Contratto di abbonamento al servizio Couchbase Capella (“Contratto cloud”) è stipulato da e tra Couchbase, Inc. (“Couchbase”) e voi, per conto vostro e come rappresentante autorizzato per conto di un'organizzazione (individualmente e collettivamente, “Cliente”), e stabilisce i termini in base ai quali il Cliente può accedere e utilizzare il Servizio Cloud.

CREANDO UN ACCOUNT PER L'UTILIZZO DEL SERVIZIO CLOUD O UTILIZZANDO IL SERVIZIO CLOUD, IL CLIENTE ACCETTA I TERMINI DEL PRESENTE CONTRATTO. SE L'UTENTE NON È D'ACCORDO CON TUTTI I PRESENTI TERMINI, NON DEVE CREARE UN ACCOUNT E NON DEVE UTILIZZARE IL SERVIZIO CLOUD.

Se l'utente utilizza il Servizio Cloud per conto di un'organizzazione o comunque stipula il presente Contratto per conto di un'organizzazione, dichiara e garantisce di essere autorizzato a stipulare il presente Contratto per conto della relativa organizzazione.

Il presente Accordo è stato aggiornato l'ultima volta il 29 giugno 2020.

1. Definizioni.

I termini in maiuscolo utilizzati nel presente documento hanno le seguenti definizioni:

 "Affiliato”Per "Affiliato" di una parte si intende qualsiasi entità giuridica in cui una parte, direttamente o indirettamente, detiene più del cinquanta per cento (50%) delle azioni o dei diritti di voto dell'entità. Qualsiasi entità giuridica sarà considerata una Affiliata fintanto che tale partecipazione sarà mantenuta.

"Utenti autorizzati” indica qualsiasi utente finale del Servizio Cloud a cui il Cliente, direttamente o indirettamente, ha concesso l'accesso al Servizio Cloud, compresi i dipendenti e i subappaltatori del Cliente che utilizzano il Servizio Cloud per conto del Cliente.

"Beta Servizi” indica qualsiasi versione di prova, alfa, beta, gratuita e di prova del Servizio Cloud.

"Servizio cloud” indica l'offerta di database come servizio di Couchbase che include (i) il Cloud Control Plane, (ii) il Software Couchbase come distribuito nell'ambiente Cloud del Cliente e qualsiasi servizio successivo (inclusi i servizi web), (iii) il Data Plane e (iv) il Supporto come ordinato dal Cliente tramite un Ordine.

"Cluster” si intende qualsiasi implementazione di database gestita da Couchbase.

"Piano di controllo della nuvola” indica il software del Servizio Cloud che gestisce il Piano Dati, compresa l'interfaccia utente del Servizio Cloud.

"Software Couchbase” indica il/i programma/i software di gestione di database di Couchbase fornito/i come parte del Servizio Cloud.

"Ambiente cloud del cliente” indica l'ambiente cloud del Cliente fornito da un fornitore di servizi cloud di terze parti in cui il Servizio Cloud implementa il Piano Dati.

"Couchbase Capella Credit” indica un'unità di capacità di elaborazione di database consumata per utilizzare il Servizio Cloud.

"Contenuto del cliente” indica tutti i contenuti o i dati forniti da o per conto del Cliente o degli Utenti Autorizzati da o attraverso il Servizio Cloud. 

"Piano dati” indica i componenti del Servizio Cloud che sono distribuiti nell'Ambiente Cloud del Cliente per gestire il Software Couchbase.

"DPA” indica l'Addendum al Trattamento dei Dati di Couchbase allegato al presente documento nell'Allegato A.

"Prodotti da consegnare” indica i report e gli altri deliverable che Couchbase può progettare, sviluppare o consegnare al Cliente nel corso della fornitura dei Servizi Professionali.

"Documentazione” indica qualsiasi documentazione tecnica fornita da Couchbase relativa al Servizio Cloud.

"Tasse” indica le somme o i corrispettivi (i) specificati nell'Ordine o SOW applicabile per il Servizio Cloud e/o il Servizio Professionale, (ii) maturati attraverso l'utilizzo da parte del Cliente dei Crediti Couchbase Capella On-Demand, o (iii) qualsiasi altro corrispettivo o onere dovuto a Couchbase ai sensi del presente Contratto.

"Feedback” indica qualsiasi dato, feedback o informazione che il Cliente mette a disposizione di Couchbase o che Couchbase ricava o genera dall'uso del Servizio Cloud o della Documentazione da parte del Cliente.

"Ordine” indica un documento di transazione (ad esempio un preventivo di vendita firmato) che identifica l'abbonamento del Cliente per i Crediti Couchbase Capella prepagati, i Crediti Couchbase Capella On-Demand, e/o il Servizio Professionale, se applicabile, insieme alle Tariffe applicabili e ai termini di abbonamento, se presenti.

"Servizi professionali” indica i servizi di consulenza e i Deliverable come identificati nell'Ordine o SOW applicabile, forniti da Couchbase al Cliente, utilizzando sforzi commercialmente ragionevoli.

"Informazioni sulla registrazione” indica un nome utente, una password e altre credenziali di accesso.

"Accordo sul livello di servizio” indica il documento di disponibilità del servizio Couchbase Capella in vigore all'epoca, disponibile all'indirizzo https://www.couchbase.com/CloudSLA06292020, come aggiornato di volta in volta.

"Supporto” indica i servizi di assistenza tecnica e manutenzione descritti nella politica di assistenza di Couchbase in vigore in quel momento (disponibile all'indirizzo https://www.couchbase.com/support-policy/cloud), come di volta in volta aggiornato.

"SOW” indica una dichiarazione di lavoro che identifica e descrive i Servizi Professionali acquistati dal Cliente e stipulata tra Couchbase e il Cliente. 

"Sito web” significa il sito web di Couchbase all'indirizzo https://www.couchbase.com

Il termine “incluso” significa, a titolo esemplificativo ma non esaustivo, che.

2. Ambito di applicazione.

2.1. I termini del presente Contratto Cloud, di qualsiasi Ordine o SOW di accompagnamento o futuro, se del caso, emesso ai sensi del presente Contratto Cloud, e del DPA, se applicabile (collettivamente indicati nel presente documento come i “Accordo“) disciplinano l'accesso e l'utilizzo da parte del Cliente del Servizio Cloud fornito da Couchbase. Il Cliente può acquistare il Servizio Cloud effettuando un Ordine.

2.2. Il presente Contratto Cloud, unitamente a tutti gli Ordini, agli eventuali SOW e al DPA, se applicabile, contengono gli unici termini e condizioni che regolano il rapporto tra Couchbase e il Cliente. In caso di conflitto tra il presente Contratto Cloud o un Ordine, e/o il DPA, se applicabile, si applicherà il seguente ordine di precedenza (in ordine decrescente): (1) il DPA, (2) un Ordine o un SOW, e (3) il Contratto Cloud, solo per quanto riguarda tale conflitto.

3. Accesso e utilizzo del Servizio Cloud.

3.1. Subordinatamente al rispetto da parte del Cliente dei termini e delle condizioni del Contratto, Couchbase concede al Cliente e ai suoi Utenti Autorizzati un diritto limitato, non esclusivo, revocabile, non trasferibile e non sublicenziabile, non cedibile, di accedere e utilizzare il Servizio Cloud e la Documentazione esclusivamente per il Cliente e le sue Affiliate (se tali Affiliate sono autorizzate in un Ordine), per uso interno se esplicitamente concordato tra le parti in un Ordine. Tale diritto include una licenza limitata, non esclusiva, revocabile, non trasferibile, non sublicenziabile e non cedibile per l'utilizzo del Software Couchbase distribuito nell'Ambiente Cloud del Cliente come parte del Servizio Cloud esclusivamente per l'uso interno del Cliente e dei suoi Affiliati (se tali Affiliati sono autorizzati nell'Ordine), limitatamente all'uso con il Servizio Cloud e subordinatamente al rispetto da parte del Cliente dei termini e delle condizioni del presente Contratto.

3.2. L'utilizzo del Servizio Cloud richiede che il Cliente e/o i suoi Utenti Autorizzati creino ciascuno un account utente, che può richiedere al Cliente e agli Utenti Autorizzati di fornire determinate Informazioni di Registrazione. Il Cliente è e rimarrà responsabile di tutte le attività che avvengono con le Informazioni di Registrazione del Cliente e degli Utenti Autorizzati o come risultato dell'accesso del Cliente o degli Utenti Autorizzati al Servizio Cloud e dovrà notificare immediatamente a Couchbase qualsiasi uso non autorizzato. Il Cliente dovrà garantire che i propri Utenti Autorizzati rispettino tutti i termini e le condizioni del presente Contratto e sarà responsabile nei confronti di Couchbase per qualsiasi violazione del presente Contratto da parte di qualsiasi Utente Autorizzato.

3.3. Il Servizio Cloud concesso in licenza sarà per la release più recente del Servizio Cloud. Il Cliente riconosce che Couchbase, a sua esclusiva discrezione, può apportare miglioramenti, modifiche e aggiornamenti al Servizio Cloud e alla Documentazione in qualsiasi momento.

4. Restrizioni per i clienti.

4.1. Il Cliente non dovrà, non dovrà tentare o permettere a terzi (compresi gli Utenti Autorizzati) di:

(a) accedere o utilizzare il Servizio Cloud e/o la Documentazione in qualsiasi modo, salvo quanto espressamente consentito nel presente Contratto;

(b) copiare o creare opere derivate dal Servizio Cloud e/o dalla Documentazione, o trasferire, vendere, affittare, noleggiare, prestare, distribuire, rivendere, sublicenziare, commercializzare, assegnare, pubblicare, scaricare, divulgare o rendere altrimenti disponibile qualsiasi parte del Servizio Cloud (inclusi i Crediti del Servizio Cloud) e/o della Documentazione a terzi;

(c) aggirare, interferire o mettere in pericolo il funzionamento o la sicurezza del Servizio Cloud e/o della Documentazione, comprese le misure volte a monitorare o impedire l'utilizzo del Servizio Cloud in violazione del presente Contratto;

(d) conduct penetration or performance tests of the Cloud Service;

(e) access or use the Cloud Service to provide services to third parties (such as for time-sharing services, service bureau services or as part of an application services provider or as a service offering primarily designed to offer the functionality of the Cloud Service);

(f) access or use the Cloud Service and/or Documentation for the purposes of benchmarking or competitive analysis of the Cloud Service, or developing, using, providing, or supporting products or services competitive to Couchbase;

(g) alter, modify, adapt, translate, enhance, reverse engineer, disassemble, decompile or prepare any derivative work from or of the Cloud Service or Documentation, or otherwise derive or determine or attempt to derive or determine the source code or other proprietary information or trade secrets from the Cloud Service or Documentation;

(h) rimuovere, cancellare, cancellare, oscurare o alterare in altro modo qualsiasi avviso di proprietà di Couchbase, marchio di fabbrica, garanzia o clausola di esclusione della responsabilità nel Servizio Cloud o nella Documentazione;

(i) accedere o utilizzare il Servizio Cloud o la Documentazione in qualsiasi modo o per qualsiasi scopo che infranga, si appropri indebitamente o violi in altro modo i diritti di proprietà intellettuale o altri diritti di qualsiasi persona o entità, o che violi qualsiasi legge applicabile, compresa la divulgazione o la trasmissione di contenuti o dati contenuti nel Servizio Cloud o nella Documentazione in tale modo o per tale scopo; o

(j) revoke or otherwise limit Couchbase’s access to the Customers Cloud Environment (including any Cluster(s)) or do anything else to limit Couchbase’s ability to monitor Customer’s Cluster(s) or otherwise provide the Cloud Service.

5. Couchbase and Customer Shared Obligations.

5.1. General. The parties acknowledge that (i) the Cloud Service is implemented in a manner that divides the Cloud Service between the Data Plane deployed in the Customer Cloud Environment and the Cloud Control Plane, and that accordingly each party must undertake certain technical and organizational measures in order to protect the Cloud Service and the Customer Content, (ii) Couchbase does not host the Customer Cloud Environment into which the Data Plane is deployed or the systems in which Customer Content may be stored, and (iii) Couchbase is not responsible for any loss, destruction, alteration, or corruption of Customer Content, except to the extent caused by the gross negligence or willful misconduct of Couchbase.

5.2. Customer Responsibilities. Customer acknowledges and agrees that in order to utilize the Cloud Service, Customer is responsible for: (i) at its sole cost and expense ensuring Customer has a Customer Cloud Environment obtained through a third-party cloud services provider, including the provisioning, maintenance or hosting of the Customer Cloud Environment, (ii) protecting the confidentiality and security of all Registration Information used to access the Cloud Service by Customer or any Authorized User; (iii) properly maintaining and securing the Customer Cloud Environment and any other Customer system connected to the Cloud Service (with such steps to include without limitation the regular rotation of access keys and other industry standard steps to preclude unauthorized access); (iv) not interfering with, and, if necessary, taking steps to enable, updates to the Cloud Service to ensure Customer is using the latest version of the Cloud Service; and (v) implementing and maintaining the appropriate configurations of the Cloud Service to enable the backup services and disaster recovery features of the Cloud Service required for purposes of recovering Customer Content.

5.3. Couchbase Responsibilities. Couchbase acknowledges and agrees that, as between the parties and except to the extent caused by the action or intentional or negligent inaction of Customer or Customer’s Authorized Users, including without limitation any customizations or configurations of the Cloud Service by Customer or anything specified to be Customer’s responsibility in Section 5.2 above, Couchbase is primarily responsible for (i) the operation of the Cloud Control Plane (including the user interface of the Cloud Service), and (ii) implementing reasonable technical and organizational measures to protect the security of the foregoing.

6. Customer Content.

6.1. Il Cliente concede a Couchbase un diritto e una licenza limitati, non esclusivi, esenti da royalty e validi in tutto il mondo per l'utilizzo, la visualizzazione, l'hosting, la copia, l'elaborazione e la trasmissione di qualsiasi Contenuto del Cliente per fornire e migliorare il Servizio Cloud in conformità al presente Contratto. Fatta eccezione per qualsiasi Prova Gratuita, i termini del DPA sono qui incorporati per riferimento e si applicano nella misura in cui il Contenuto del Cliente include Dati Personali, come definiti nel DPA.

6.2. L'Acquirente dichiara e garantisce di avere il diritto di fornire il diritto e la licenza di cui sopra e che né il Contenuto dell'Acquirente stesso né il suo utilizzo da parte di Couchbase ai fini del presente Contratto violerà qualsiasi legge applicabile o infrangerà, si approprierà indebitamente o violerà in altro modo qualsiasi diritto di terzi, compresi i diritti di proprietà intellettuale, i diritti alla privacy e altri diritti ai sensi del contratto o della legge.

7. Servizi professionali.

7.1 The parties may agree Couchbase to provide Professional Services to Customer, which shall be set forth in a SOW signed by both parties. Couchbase will render the Professional Services in a professional and workmanlike manner in accordance with the terms and conditions of this Cloud Agreement and the applicable Order or SOW.

8. Livelli di assistenza e di servizio.

8.1 Except for any Beta Service, Couchbase will provide Customer with the level of Support selected by Customer through the Cloud Control Plane and paid for by Customer and will use commercially reasonable efforts to meet or exceed the service levels set forth in the Service Level Agreement. For prepaid Couchbase Capella Credit subscriptions, Support, if purchased by Customer, expires at the earlier of the consumption or expiration of the prepaid Couchbase Capella Credits. For On-Demand Couchbase Capella Credits, Support, if purchased by Customer, expires upon termination of the On-Demand Couchbase Capella Credits in accordance with Section 17.3 below.

9. Beta Services.

9.1 From time to time and at Couchbase’s sole discretion, Couchbase may invite Customer in a separate writing, such as an Order, to participate in certain Beta Services at no additional charge. Customer may elect to participate in such Beta Services trials in its sole discretion, provided that Customer agrees to the restrictions generally applicable to the Cloud Service under this Agreement and any requirements set forth by Couchbase in writing regarding the particular Beta Services. Unless otherwise stated, any Beta Services trial period will expire upon the earlier of one year from the trial start date or the date that a version of the Beta Services becomes generally available without the applicable Beta Services designation. Couchbase may discontinue Beta Services at any time in its sole discretion and is under no obligation to make such Beta Services generally available.

9.2 Notwithstanding anything to the contrary in the Agreement, Customer acknowledges and agrees to the following with respect to any Beta Services it elects to use: 

(a) The rights granted to Customer with respect to the Beta Services are revocable and terminable at any time in Couchbase’s sole and absolute discretion. Couchbase may withdraw or discontinue the Beta Services at any time;

(b) The Beta Services are provided exclusive of any Service Level Agreement, Support and related service levels, warranties, servicing obligations (including any updates, patches, enhancement or fixes described in Documentation or on the Website), or any obligation to provide other services with respect to the Beta Services whatsoever under this Agreement or otherwise. Any references to support, updates, patches, enhancements, fixes or service levels (or similar) in any Documentation or any Couchbase website or marketing materials do not apply to the Beta Services;

(c) Couchbase may make changes to the Beta Services at any time without providing any notice to Customer; and

(d) Couchbase, any of its Affiliates’ or licensors (collectively, the “Parti Couchbase”) non sarà responsabile di alcun danno derivante da o in relazione ai Servizi Beta.

10. Diritti di proprietà.

10.1. Couchbase e i suoi licenziatari mantengono tutti i diritti, titoli e interessi relativi al Servizio Cloud (compreso il Software Couchbase e tutti i miglioramenti, le migliorie o le modifiche ad esso apportate), a tutta la Documentazione e ai Servizi Professionali, compresi tutti i diritti di proprietà intellettuale in essi contenuti, e nulla di quanto contenuto nel presente Contratto potrà essere interpretato come conferimento per implicazione, acquiescenza, preclusione o altro, di qualsiasi licenza o altro diritto al Cliente.

10.2. Except as expressly stated in Section 6, Customer retains all right, title and interest in and to the Customer Content, including all intellectual property rights therein.

10.3. Couchbase may use any Feedback and Customer hereby grants Couchbase a royalty-free, fully paid-up, non-exclusive, transferable, sublicensable, perpetual, irrevocable license to use, copy, modify, make derivative works of, distribute, perform and display any Feedback for any purpose, including to improve and develop the Cloud Service and the Documentation.

10.4. If Customer is the United States Government or any contractor thereof, all licenses granted hereunder are subject to the following: (a) for acquisition by or on behalf of civil agencies, as necessary to obtain protection as “commercial computer software” and related documentation in accordance with the terms of this Agreement and as specified in Subpart 12.1212 of the Federal Acquisition Regulation (FAR), 48 C.F.R.12.1212, and its successors; and (b) for acquisition by or on behalf of the Department of Defense (DOD) and any agencies or units thereof, as necessary to obtain protection as “commercial computer software” and related documentation in accordance with the terms of this Agreement and as specified in Subparts 227.7202-1 and 227.7202-3 of the DOD FAR Supplement, 48 C.F.R.227.7202-1 and 227.7202-3, and its successors, Manufacturer is Couchbase, Inc.

11. Tasse, Payment Terms and Taxes.

11.1. Tasse. Customer may subscribe to the Cloud Service via an Order and shall pay Couchbase the Fees in accordance with this Section 11.

11.2. Couchbase Capella Credits and On-Demand Couchbase Capella Credit Fees.

(a) Tasso di utilizzo. The Couchbase Capella Credits shall be consumed, and the On-Demand Couchbase Capella Credits shall be accrued, respectively, according to the then-current consumption rates set forth in the Cloud Control Plane. Couchbase shall monitor and provide daily reporting on Customer’s consumption of Couchbase Capella Credits or On-Demand Couchbase Capella Credits, as applicable, to Customer via the Cloud Control Plane. Couchbase may increase the consumption rate by giving Customer at least thirty (30) days’ prior notice via any reasonable means, such as email notice, or a notice published on the Cloud Control Plane or the Website.

(b) Couchbase Capella Credits. Except as explicitly stated otherwise in an Order, Fees for Couchbase Capella Credits purchased are non-cancelable and payable in advance on an annual upfront basis in accordance with Section 11.3. Any unused Couchbase Capella Credits purchased shall expire on the expiration date set forth in the applicable Order and shall be forfeited by Customer.

(c) Crediti Couchbase On-Demand Capella. Where Customer (i) subscribes to use the Cloud Service on a pay-as-you-go basis without purchasing Couchbase Capella Credits, or (ii) continues to use a Cluster (or Clusters) in the Cloud Service for which Customer’s prepaid Couchbase Capella Credits designated for such Cluster(s) have all been consumed or have expired, Customer will be deemed to be consuming Couchbase Capella Credits on a pay-as-you-go basis (“Crediti Couchbase On-Demand Capella”). Fees for On-Demand Couchbase Capella Credits shall automatically accrue and are payable monthly in arrears, in accordance with Section 11.3. Couchbase may increase the Fees payable for On-Demand Couchbase Capella Credit by giving Customers using the On-Demand Couchbase Capella Credits at the time of notice, at least thirty (30) days’ prior notice via any reasonable means, such as email, or a notice published on the Cloud Control Plane or the Website.

11.3. Termini di pagamento. Unless otherwise stated in the applicable Order or SOW, all payments of Fees under this Agreement shall be in USD and paid using one of the payment methods supported by Couchbase.  Couchbase may issue invoices to Customers via email or in the form accessible via the Cloud Control Plane. Unless otherwise stated in the applicable Order or SOW, Customer shall pay for all invoices issued by Couchbase to Customer under this Agreement within thirty (30) days of the date of the invoice, even if such invoice does not provide a Customer purchase order number.  For invoiced amounts, late payments may, in Couchbase’s discretion, bear interest at the lesser of one and one half percent (1½%) per month or the maximum rate allowed by applicable law, and Customer shall reimburse Couchbase for all reasonable costs and expenses incurred (including reasonable attorneys’ fees) in collecting any overdue amounts. All amounts paid and payable by Customer under this Agreement, are non-refundable, and shall be paid to Couchbase without setoff or counterclaim, and without any deduction or withholding.

11.4. Tasse. Tutti i Corrispettivi dovuti dal Cliente sono al netto delle imposte e tasse applicabili (quali, a titolo esemplificativo e non esaustivo, IVA, Service Tax, GST, imposte di consumo, imposte sulle vendite e sulle transazioni e imposte sugli incassi lordi (collettivamente, i “Imposte sulle transazioni”). Se applicabile, Couchbase può addebitare e il Cliente dovrà pagare tutte le Tasse sulle Transazioni che Couchbase è legalmente obbligata o autorizzata a riscuotere dal Cliente. Il Cliente fornirà a Couchbase le informazioni ragionevolmente richieste per determinare se Couchbase è obbligata a riscuotere le Tasse sulle Transazioni dal Cliente. Couchbase non riscuoterà e il Cliente non pagherà alcuna Imposta sulle Transazioni per la quale il Cliente fornisca un certificato di esenzione debitamente compilato o un certificato di autorizzazione al pagamento diretto per il quale Couchbase possa rivendicare un'esenzione disponibile da tali imposte sulle transazioni. Tutti i pagamenti effettuati dall'Acquirente a Couchbase ai sensi del presente Contratto saranno effettuati senza alcuna deduzione o ritenuta, come eventualmente richiesto dalla legge. Se tali deduzioni o ritenute (incluse, a titolo esemplificativo ma non esaustivo, le ritenute transfrontaliere) sono richieste su qualsiasi pagamento, il Cliente pagherà gli importi aggiuntivi necessari affinché l'importo netto ricevuto da Couchbase sia pari all'importo dovuto e pagabile ai sensi del presente Contratto. Couchbase fornirà all'Utente i moduli fiscali ragionevolmente richiesti al fine di ridurre o eliminare l'importo di qualsiasi ritenuta o deduzione fiscale in relazione ai pagamenti effettuati ai sensi del presente Contratto.

12. Records and Audits.

12.1. Registri e ispezioni. L'Acquirente: (a) manterrà libri e registri completi e accurati di tutte le attività dell'Acquirente ai sensi del presente Contratto, per consentire a Couchbase di verificare la conformità dell'Acquirente al presente Contratto; e (b) fornirà a Couchbase tali libri e registri entro dieci (10) giorni dalla richiesta di Couchbase, affinché Couchbase possa ispezionarli per verificare la conformità dell'Acquirente al presente Contratto.

12.2. Audit. Upon at least thirty (30) days prior written notice, but no more than once in any twelve (12) month period, Couchbase may audit Customers use of Cloud Service to verify whether Customer is in compliance with the terms of this Agreement. Any such audit will be conducted during regular business hours and may be conducted remotely or at Customers’ facility and will not unreasonably interfere with Customers’ business activities. Customer shall provide Couchbase with access to the relevant records and facilities.  Couchbase retains the right to audit the Customer for one (1) year after termination of this Agreement.

12.3. Revisori di terze parti. Any inspections or audits under Section 12.1 (Records and Inspections) or 12.2 (Audits) may be conducted by Couchbase or an independent certified public accountant reasonably acceptable to both parties.

13. Confidentiality.

13.1. Il Cliente e Couchbase manterranno la riservatezza delle Informazioni Riservate dell'altra parte. “Informazioni riservate” indica qualsiasi informazione proprietaria divulgata da una parte (“Parte divulgante”) all'altra parte (“Parte ricevente”) durante o prima della stipula del presente Contratto che la Parte ricevente dovrebbe sapere essere riservata o proprietaria in base alla natura delle informazioni e alle circostanze che circondano la divulgazione, comprese le informazioni tecniche e commerciali non pubbliche (compresi i prezzi). Le informazioni riservate non comprendono le informazioni che (a) sono o diventano generalmente note al pubblico senza alcuna colpa o violazione del presente Contratto da parte della Parte ricevente; (b) sono legittimamente conosciute dalla Parte ricevente al momento della divulgazione senza un obbligo di riservatezza nei confronti della Parte divulgatrice; (c) sono sviluppate in modo indipendente dalla Parte ricevente senza l'uso delle informazioni riservate della Parte divulgatrice; o (d) la Parte ricevente ottiene legittimamente da una terza parte senza restrizioni sull'uso o sulla divulgazione.

13.2. La Parte ricevente di qualsiasi Informazione Riservata della Parte divulgatrice si impegna a non utilizzare tali Informazioni Riservate per alcuno scopo se non quello necessario ad adempiere ai propri obblighi e ad esercitare i propri diritti ai sensi del presente Accordo. La Parte ricevente proteggerà la segretezza e impedirà la divulgazione e l'uso non autorizzato delle Informazioni riservate della Parte divulgante usando lo stesso grado di cura che adotta per proteggere le proprie informazioni riservate e in nessun caso userà meno di una ragionevole cura.

13.3. Alla cessazione del presente Accordo, la Parte ricevente, a discrezione della Parte divulgatrice, restituirà o distruggerà prontamente (e fornirà una certificazione scritta di tale distruzione) le Informazioni riservate della Parte divulgatrice. Una parte può divulgare le Informazioni riservate dell'altra parte nella misura richiesta dalla legge o dai regolamenti.

14. ESCLUSIONE DI GARANZIA.

14.1. THE CLOUD SERVICE (INCLUDING THE COUCHBASE SOFTWARE), DOCUMENTATION AND ANY PROFESSIONAL SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE”, WITH ALL FAULTS AND WITHOUT WARRANTY OF ANY KIND, AND COUCHBASE PARTIES DO NOT REPRESENT OR WARRANT THAT THE CLOUD SERVICE, DOCUMENTATION OR PROFESSIONAL SERVICES PROVIDED WILL MEET CUSTOMER’S REQUIREMENTS, THAT THE OPERATION OF THE CLOUD SERVICE OR DOCUMENTATION WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, ACCURATE, COMPLETE OR FREE OF HARMFUL CODE, THAT DEFECTS WILL BE CORRECTED,OR THAT ANY  INFORMATION OR ADVICE GIVEN BY THE COUCHBASE PARTIES WILL CREATE ANY WARRANTY. THE COUCHBASE PARTIES (A) DO NOT CONTROL THE TRANSFER OF DATA OVER COMMUNICATIONS FACILITIES, INCLUDING THE INTERNET, AND THE CLOUD SERVICE MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES, (B) ARE NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS, AND (C) ARE NOT RESPONSIBLE FOR ANY ISSUES RELATED TO THE PERFORMANCE, OPERATION OR SECURITY OF THE CLOUD SERVICE THAT ARISE FROM CUSTOMER OR THIRD-PARTY CONTENT (AS DEFINED HEREIN).. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE COUCHBASE PARTIES HEREBY DISCLAIM ALL WARRANTIES, EITHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, QUIET ENJOYMENT, AVAILABILITY, NON-INFRINGEMENT, AND TITLE, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING, USAGE OR TRADE.

14.2. IL CLIENTE RICONOSCE E ACCETTA CHE IL SERVIZIO CLOUD È DESTINATO A ESSERE UTILIZZATO SOLO CON IL SOFTWARE COUCHBASE DISTRIBUITO NELL'AMBIENTE CLOUD DEL CLIENTE E NON CON QUALSIASI ALTRO SOFTWARE O AMBIENTE.

15. Indennizzo.

15.1. Indennizzo di Couchbase. Couchbase indennizzerà e difenderà il Cliente da e contro qualsiasi danno definitivamente riconosciuto al Cliente in relazione a qualsiasi reclamo da parte di terzi secondo cui i componenti non open source del Servizio Cloud, della Documentazione o dei Servizi Professionali violano o si appropriano indebitamente dei diritti di proprietà intellettuale di tali terzi; a condizione che: (a) il Cliente notifichi tempestivamente a Couchbase la richiesta di risarcimento; (b) il Cliente fornisca a Couchbase tutte le informazioni necessarie in merito alla richiesta di risarcimento e collabori ragionevolmente con Couchbase; (c) il Cliente consenta a Couchbase il controllo esclusivo della difesa e di tutte le relative trattative di transazione; (d) il Cliente non ammetta colpe o responsabilità in relazione al presente Contratto, alle azioni del Cliente o a quelle di Couchbase; e (e) il Cliente accetti che qualsiasi risarcimento danni non includa le Commissioni dovute a Couchbase. 

15.2. Esecuzione di un'ingiunzione. Senza limitare quanto sopra, e nonostante qualsiasi cosa contraria nel presente Contratto, se l'uso del Servizio Cloud, della Documentazione o dei Servizi Professionali è vietato, o Couchbase determina che tale uso può essere vietato, Couchbase, a sua esclusiva discrezione e a sue spese, (i) procurerà al Cliente il diritto di continuare ad usare il Servizio Cloud o la Documentazione o i Servizi Professionali interessati; (ii) sostituirà o modificherà il Servizio Cloud, la Documentazione o i Servizi Professionali interessati che violano in modo che non violino; o (iii) se una delle due opzioni (i) o (ii) non è commercialmente fattibile secondo il ragionevole parere di Couchbase, a seconda dei casi, cesserà il Servizio Cloud e i Servizi Professionali interessati e in caso di tale cessazione rimborserà al Cliente un importo pro-rata delle Commissioni per la parte interessata del Servizio Cloud o dei Servizi Professionali.

15.3. Indennizzo del cliente. Customer shall indemnify and defend the Couchbase Parties from and against any claims, proceedings, liabilities, costs or damages arising out of or in connection with any third-party claim related to or arising from (i) allegations that Customer Content or its use with the Cloud Service infringes or misappropriates such party’s intellectual property rights or violates any applicable law; (ii) any use, or inability to use, by any third party that receives or obtains access to or relies on the Cloud Service or any component thereof from or through (directly or indirectly) the Customer or any Authorized User, and (iii) Customer’s or any Authorized User’s use, or inability to use, the Cloud Service.  Couchbase will: (a) promptly notify Customer of the relevant claim; (b) give Customer all necessary information regarding the claim and reasonably cooperate with Customer; (c) allow Customer exclusive control of the defense and all related settlement negotiations, provided that Couchbase may participate in the defense and related settlement negotiations with counsel of its own choosing; and (d) not admit fault or liability on behalf of Customer.

15.4. Esclusioni dall'indennizzo. Couchbase will not be liable for any claim to the extent it arises from: (i) Customer’s failure to use the Cloud Service in accordance with this Agreement; (ii)  the  Cloud Service being modified by Customer or a third party;  (iii)  the use, operation or combination of the  Cloud Service with software, services, technology, content, data, equipment or materials not provided by  Couchbase (“Contenuto del cliente o di terzi”),  if the claim would have been avoided by using it without such  Customer or Third-Party Content; or (iv) Customer continuation of the allegedly infringing activity after being notified of the alleged infringement claim.

15.5. I termini della presente Sezione 15 costituiscono l'intera responsabilità di Couchbase e l'unico ed esclusivo rimedio dell'Utente rispetto a qualsiasi rivendicazione di terzi di violazione o appropriazione indebita di diritti di proprietà intellettuale.

16. LIMITAZIONE DI RESPONSABILITÀ. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL: (A) THE COUCHBASE PARTIES BE LIABLE TO CUSTOMER OR TO ANY THIRD PARTY FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, LOSS OF GOODWILL, BUSINESS INTERRUPTION OR ANY OTHER DAMAGES OR LOSSES, ARISING OUT OF OR RELATED TO THIS AGREEMENT, CUSTOMER’S USE OF OR INABILITY TO USE THE CLOUD SERVICE, DOCUMENTATION, OR THE PROFESSIONAL SERVICES; AND (B) COUCHBASE’S AGGREGATE LIABILITY TO CUSTOMER FOR ALL LOSSES, CLAIMS AND DAMAGES EXCEED THE TOTAL AMOUNT OF FEES PAID OR PAYABLE BY CUSTOMER FOR THE CLOUD SERVICE UNDER THIS AGREEMENT IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT FIRST GIVING RISE TO THE LIABILITY. All limitations and exclusions of liability in this Agreement will apply even if the above stated remedies fail of their essential purpose and regardless of the form or source of claim or loss, whether the claim or loss was foreseeable, and whether the Couchbase Parties have been advised of the possibility of the claim or loss.

17. Termine e cessazione.

17.1. Termine. Se non diversamente indicato in un Ordine, il presente Contratto è efficace a partire dalla data di accettazione del Contratto da parte del Cliente e rimarrà in vigore fino a quando non sarà risolto in conformità al presente Contratto.

17.2. Terminazione. Fatti salvi i diritti di Couchbase ai sensi della Sezione 17.4 di seguito, ciascuna parte può risolvere un Ordine, un SOW o il presente Contratto Cloud se l'altra parte viola materialmente i propri obblighi ai sensi del presente Contratto e, laddove tale violazione sia sanabile, tale violazione rimane non sanata per trenta (30) giorni dopo la notifica scritta della violazione. L'obbligo del Cliente di effettuare il pagamento di qualsiasi corrispettivo insoluto e non pagato sopravviverà alla risoluzione di un Ordine, di un SOW o del presente Contratto. Il presente Contratto si risolverà automaticamente senza preavviso al Cliente dopo 90 giorni dalla scadenza dell'ultimo Ordine o SOW in vigore.

17.3. Cessazione dei crediti Couchbase On-Demand di Capella. Notwithstanding the above, Customer may terminate On-Demand Couchbase Capella Credits, or where On-Demand Couchbase Capella Credit is part of an Order for prepaid Couchbase Capella Credits, then solely the On-Demand Couchbase Capella Credits portion of an Order, at any time for convenience by decommissioning all live Clusters from the Data Plane and discontinuing consumption of the On-Demand Couchbase Capella Credits and use of the Cloud Service. Such termination shall take effect on the same day the foregoing conditions are satisfied (“Data di risoluzione su richiesta”). Customer shall remain liable for any On-Demand Couchbase Capella Credit Fees incurred up to and including the On-Demand Termination Date and will be charged and invoiced for such Fees in accordance with Section 11.2(c). If the On-Demand Termination Date is to also be served by Customer as notice of Termination of an Order, or this Agreement, then such termination shall be subject to Section 17.5.

17.4. Sospensione del servizio cloud. Nonostante qualsiasi disposizione contraria contenuta nel presente Contratto, Couchbase può sospendere o terminare qualsiasi abbonamento al Servizio Cloud e cancellare qualsiasi Contenuto del Cliente relativo a tale account che possa essere memorizzato all'interno del Servizio Cloud immediatamente (i) senza preavviso se Couchbase determina ragionevolmente che il Cliente o qualsiasi Utente Autorizzato del Servizio Cloud minacci la sicurezza, l'integrità o la disponibilità del Servizio Cloud, o (ii) su preavviso scritto se il Cliente non rispetta la Sezione 11, o in caso di circostanze descritte nella Sezione 15.2. Se Couchbase sospende il diritto del Cliente di accedere o utilizzare una parte o la totalità del Servizio Cloud, il Cliente rimane responsabile per tutte le Commissioni e gli addebiti sostenuti dal Cliente fino alla sospensione e durante la stessa e non avrà diritto ad alcun credito o rimborso. Couchbase si adopererà in modo commercialmente ragionevole per ripristinare tempestivamente l'accesso del Cliente al Servizio Cloud a seguito della risoluzione della causa della sospensione.

17.5. Effetto della cessazione. Upon termination or expiration of all active Orders (including termination under Section 17.3), SOWs or this Agreement, Customer shall (i) discontinue the use of a Cluster (or Clusters) and cease to use the Cloud Service (ii) delete the Customer account information including all Authorized User accounts associated with Customer in the Cloud Control Plane  (iii) uninstall the Cloud Service in accordance with the termination instructions in the Cloud Control Plane, and (iv)  promptly return or destroy (and provide written certification of such destruction) the Documentation and Deliverables and all copies and portions thereof, in all forms and types of media. If and to the extent Couchbase has any Customer Data (as defined in the DPA) in its possession after Customer completes the foregoing steps, then Couchbase shall delete any Personal Data (as defined in the DPA) in Couchbase’s possession within 90 days after the Termination Date. The following Sections will survive termination or expiration of this Agreement: 4, 6.2, ‎9.2(d) and 10 to18 (inclusive).

18. General.

18.1. Conformità alle esportazioni. The Cloud Service, Software, and derivatives thereof may be subject to export laws and regulations of the United States and other jurisdictions. Couchbase and Customer each represent that it is not named on any U.S. government denied-party list. Customer shall comply with all applicable international and domestic export and economic sanctions laws or regulations that apply to Customer, the Cloud Service and any related technology or services. In furtherance of this obligation, Customer shall ensure that: (a) Customer’s Authorized Users do not use the Cloud Service or Professional Services in violation of any export restriction or embargo issued by the United States; and (b) it does not provide access to the Cloud Service or Professional Services to (i) persons on the U.S. Department of Commerce’s Denied Persons List or Entity List, or the U.S. Treasury Department’s list of Specially Designated Nationals, (ii) military end-users or for military end-use, or (iii) parties engaged in activities directly or indirectly related to the proliferation of weapons of mass destruction. This provision shall survive termination of the agreement.

18.2. Forza maggiore. Neither party will be liable for any delay or failure in performance (except for any payment obligations by Customer) due to causes beyond its reasonable control.

18.3. Publicity. Customer agrees that Couchbase may include the Customer’s name and logo in client lists that Couchbase may publish for promotional purposes from time to time and grants Couchbase a limited license to its trademark solely for this purpose, provided that Couchbase complies with Customer’s branding guidelines.

18.4. Assegnazione. Customer may not assign this Agreement, in whole or in part, by operation of law or otherwise, without Couchbase’s prior written consent. Any attempt to assign this Agreement without such consent will be null and of no effect. Subject to the previous sentence, this Agreement will bind and inure to the benefit of each party’s successors and permitted assigns.

18.5. Severability and Waiver. If for any reason a court of competent jurisdiction finds any provision of this Agreement invalid or unenforceable, that provision of this Agreement will be enforced to the maximum extent permissible and the other provisions of this Agreement will remain in full force and effect. The failure by either party to enforce any provision of this Agreement will not constitute a waiver of future enforcement of that or any other provision. All waivers must be in writing and signed by both parties.

18.6. Notices. Any notice or communication provided by Couchbase under this Agreement may be provided by posting a notice on the Couchbase website, or by mail or email to the relevant address associated with Customer’s Cloud Service account. Any notice or communication provided by Customer under this Agreement shall be provided to Couchbase by certified mail, return receipt requested, to Couchbase Inc, Attn: Legal Dept, 3250 Olcott Street, Santa Clara, CA 95054, United States.

18.7. Governing Law and Venue. This Agreement is governed by the laws of the State of California, U.S.A., excluding its conflicts of law rules. The parties expressly agree that the UN Convention for the International Sale of Goods will not apply. Any legal action or proceeding arising under this Agreement will be brought exclusively in the federal or state courts located in Santa Clara County, California and the parties hereby irrevocably consent to the personal jurisdiction and venue there. 

18.8. Entire Agreement and Amendments. This Agreement constitutes the entire agreement and supersedes all prior or contemporaneous oral or written agreements regarding its subject matter, including any agreement on confidentiality previously executed by the parties and any agreement that governs the licensing of any Couchbase software to Customer that is now being licensed under this Agreement.  Furthermore, no additional or conflicting terms stated on any other document will have any force or effect and are hereby rejected unless expressly agreed upon by the parties’ duly authorized representatives in writing. Except as otherwise set forth in this Agreement or any Order, we may modify this Cloud Agreement (including the Support terms and Service Level Agreement) at any time by posting a revised version on the Website or by otherwise notifying you in accordance with Section 18.6 and by continuing to use the Cloud Service after the effective date of any such modifications to this Agreement, Customer agrees to be bound by this Agreement, as modified. The date Couchbase last modified this Agreement is set forth at the beginning of this Agreement. Notwithstanding the foregoing, any Orders placed under this version of the Agreement may only be modified by a mutually signed amendment by the parties.

18.9. No Prejudice. Except as expressly stated in this Agreement, the exercise by either party of any of its remedies under this Agreement will be without prejudice to its other remedies under this Agreement or otherwise.

18.10. Relationship of the Parties. The parties to this Agreement are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise, or agency between the parties. Neither party will have the power to bind the other party or incur obligations on the other party’s behalf without the other party’s prior written consent.

18.11. Future Functionalities. Customer has not relied on the availability of any future version of the Cloud Service or any future product in making its decision to enter into this Agreement.

EXHIBIT A

Couchbase Customer Data Processing Addendum

This Data Processing Addendum (the “DPA”) forms part of the Cloud Service Subscription Agreement (“Nuvola Accordo“) between Couchbase, Inc. (“Couchbase”) and the party identified as the “Customer” in the Cloud Agreement (“Cliente”) (each a “Partito" and together, the “Parti").

This DPA describes the commitments of the Parties concerning the processing of Personal Data in connection with Customer’s use of the Cloud Service. If there is any conflict between the terms of the Cloud Agreement and the terms of this DPA, the terms of this DPA shall prevail to the extent of such conflict. Any capitalized term not defined in this DPA will have the meaning given it in the Cloud Agreement.

The parties agree as follows:

1. Definizioni. I seguenti termini in maiuscolo, quando utilizzati nel presente DPA, avranno il significato corrispondente fornito di seguito:

"Leggi sulla protezione dei dati applicabili” means all worldwide privacy and data protection laws, regulations, rules, ordinances and other decrees applicable to the Personal Data, including (but not limited to): (i) European Data Protection Laws; and (ii) all laws and regulations of the United States, including the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 et seq ("CCPA"); come eventualmente modificato, sostituito o sostituito.

“Dati del cliente" indica qualsiasi Dato Personale trattato da Couchbase per conto del Cliente in qualità di fornitore di servizi o di incaricato del trattamento (a seconda dei casi) in relazione al Servizio Cloud, come più in particolare descritto nell'Allegato A della presente DPA.

"SEE” means the Member States of the European Union, plus Iceland, Liechtenstein, Norway and the United Kingdom until the European Union law ceases to apply.

"Leggi europee sulla protezione dei dati” means: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR”); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (“e-Privacy Directive”); (iii) any applicable national implementations of (i) and (ii); (iv) the Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance; and (v) in respect of the United Kingdom, the Data Protection Act 2018 and any applicable national legislation that replaces or converts in domestic law the GDPR, e-Privacy Directive or any other law relating to data and privacy as a consequence of the UK leaving the European Union; in each case as may be amended, superseded or replaced.

“Clausole modello” means the standard contractual clauses for processors as approved by the European Commission pursuant to its decision C(2010)593 of 5 February 2010 and sometimes referred to as Standard Contractual Clauses.

"Dati personali" indica qualsiasi informazione che si riferisce a una persona fisica identificata o identificabile e che è protetta come "dati personali", "informazioni personali" o "informazioni di identificazione personale" ai sensi delle Leggi sulla protezione dei dati applicabili.

"Privacy Shield” means collectively the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework self-certification program operated by the U.S. Department of Commerce and approved by the European Commission pursuant to Decision C(2016)4176 of 12 July 2016 and by the Swiss Federal Council on January 11, 2017, respectively.

"Privacy Shield Principles” means the Privacy Shield Framework Principles contained in Annex II to the European Commission Decision C(2016)4176 dated July 12, 2016; as may be amended from time to time.

"Incidente di sicurezza” means any breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Data transmitted, stored or otherwise processed by Couchbase and/or its Sub-processors in connection with the provision of the Cloud Service. “Security Incident” shall not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.

“Sottoprocessore” means any processor engaged by Couchbase or its Affiliates to assist in fulfilling its obligations with respect to providing the Cloud Service pursuant to the Cloud Agreement or this DPA. Sub-processors may include third parties or Couchbase Affiliates but shall exclude any Couchbase employee, contractor or consultant.

I termini "controllore", "processore" e "processing" hanno il significato loro attribuito nel GDPR, e "processo", "processi" e "elaborato" devono essere interpretati di conseguenza; e i termini "attività commerciale", "fornitore di servizi" e "vendere" hanno il significato loro attribuito nel CCPA.

2. Role and Scope of Processing

2.1 Ambito di applicazione. This DPA applies to the extent that Couchbase processes as a processor or service provider (as applicable) any Customer Data protected by Applicable Data Protection Laws.

2.2 Role of the Parties. The parties acknowledge and agree that Customer is a business or the controller (as applicable) with respect to the processing of Customer Data, and Couchbase shall process Customer Data only as a processor or service provider (as applicable) on behalf of Customer, as further described in Annex A of this DPA. Any processing by either party of Customer Data under or in connection with the Agreement shall be performed in accordance with Applicable Data Protection Laws. 

2.3 Couchbase processing of personal data. Couchbase agrees that it shall process Customer Data only for the purposes described in the DPA and in accordance with Customer’s documented lawful instructions. The parties agree that the Agreement (including this DPA) sets out the Customer’s complete and final instructions to Couchbase in relation to the processing of Customer Data and processing outside the scope of these instructions (if any) shall require prior written agreement between Customer and Couchbase. Without prejudice to Section 2.4 (Customer responsibilities), Couchbase shall notify Customer in writing, unless prohibited from doing so under Applicable Data Protection Laws, if it becomes aware or believes that any data processing instructions from Customer violates Applicable Data Protection Laws.

2.4 Customer responsibilities. Customer is responsible for the lawfulness of Customer Data processing under or in connection with the Cloud Agreement. Customer represents and warrants that (i) it has provided, and will continue to provide all notice and obtained, and will continue to obtain, all consents, permissions and rights necessary under Applicable Data Protection Laws for Couchbase to lawfully process Customer Data for the purposes contemplated by the Agreement (including this DPA); (ii) it has complied with all Applicable Data Protection Laws as a controller and/or business of Customer Data for the collection and provision to Couchbase and its Sub-processors of such Customer Data; and (iii) it shall ensure its processing instructions comply with applicable laws (including Applicable Data Protection Laws) and that the processing of Customer Data by Couchbase in accordance with Customer’s instructions will not cause Couchbase to be in breach of Applicable Data Protection Laws.

2.5 Aggregate data. Nonostante quanto precede o qualsiasi altra cosa contraria contenuta nel Contratto (incluso il presente DPA), l'Utente riconosce che Couchbase e le sue Affiliate hanno il diritto di raccogliere e creare informazioni anonime, aggregate e/o de-identificate (come definito dalle Leggi applicabili in materia di protezione dei dati) per le proprie attività legittime.

3. Sub-processing

3.1 Authorized Sub-processors. Customer acknowledges and agrees that Couchbase may engage Sub-processors to process Customer Data on Customer’s behalf. The Sub-processors currently engaged by Couchbase and authorized by Customer are available at https://info.couchbase.com/cloud-subprocessors.html. Couchbase shall notify Customer if it changes its Sub-processors at least fifteen 10 days prior to any such changes if Customer opts-in to receive notifications via email by subscribing on the Sub-processors page.

4. Security and Audits

4.1 Misure di sicurezza. Both Parties should implement and maintain technical and organizational security measures designed to protect Customer Data from Security Incidents in accordance with Section 7 of the Cloud Agreement. (“Misure di sicurezza“). Couchbase’s Security Measures will include, at a minimum, those measures described in Annex B of this DPA.  Couchbase shall ensure that any person who is authorized by Couchbase to process Customer Data shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).

4.2 Updates to Security Measures. Customer acknowledges that the Security Measures are subject to technical progress and development and that Couchbase may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Cloud Service subscribed to  by the Customer.

4.3 Customer Security Responsibilities. Notwithstanding the above, Customer agrees that except as provided by this DPA, Customer shall implement and maintain appropriate technical and organizational Security Measures designed to protect Personal Data from Security Incidents and to preserve the security and confidentiality of Customer Data while in its dominion and control. Customer is responsible for (i) protecting the security of all Customer credentials used to access the Cloud Service; (ii) securing the Customer Cloud Environment and any Customer System (with such steps to include without limitation the regular rotation of access keys and other industry standard steps to preclude unauthorized access); and (iii) implementing and maintaining the appropriate configurations of the Cloud Service to enable the backup services and disaster recovery features of the Cloud Service required for purposes of recovering Customer Content.

4.4 Security Incident Response. Upon becoming aware of a Security Incident, Couchbase shall notify Customer without undue delay and shall: (i) provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer; and (ii) promptly take steps, deemed necessary and reasonable by Couchbase, to contain, investigate, and remediate any Security Incident, to the extent that the remediation is within Couchbase’s reasonable control.  Couchbase’s notification of or response to a Security Incident under this Section 4.4 shall not be construed as an acknowledgment by Couchbase of any fault or liability with respect to the Security Incident. The obligations set forth herein shall not apply to Security Incidents to the extent they are caused by Customer or its Authorized Users.

4.5 Audit di sicurezza. Couchbase shall provide written responses (on a confidential basis) to all reasonable requests for information made by Customer related to its processing of Customer Data, including responses to information security and audit questionnaires that are necessary to confirm Couchbase’s compliance with this DPA, provided that Customer shall not exercise this right more than once in any 12 month rolling period.  Notwithstanding the foregoing, Customer may also exercise such audit right in the event Customer is expressly requested or required to provide this information to a data protection authority, or Couchbase has experienced a Security Incident, or on another reasonably similar basis.

5. Trasferimenti internazionali

5.1 Processing locations. Customer acknowledges and agrees that Couchbase may transfer and process Customer Data to and in the United States and anywhere else in the world where Couchbase, its Affiliates or its Sub-processors maintain data processing operations.  Couchbase shall at all times ensure such transfers are made in compliance with the requirements of Applicable Data Protection Laws and this DPA.

6. Deletion of Customer Data

6.1 Upon termination or expiry of the Cloud Agreement, on Customer’s request Couchbase shall delete  all Customer Data (including copies) in its possession or control in accordance with Section 17.5 of the Cloud Agreement, save that this requirement shall not apply to the extent Couchbase is required by applicable law to retain some or all of the Customer Data.

7. Rights of Individuals and Cooperation

7.1 Data Subject Requests. To the extent that Customer is unable to independently access the relevant Customer Data within the Cloud Service, Couchbase shall, taking into account the nature of the processing, provide reasonable cooperation to assist Customer to respond to any requests from individuals or applicable data protection authorities relating to the processing of Customer Data under the Cloud Agreement.  In the event that any such request is made to Couchbase directly, Couchbase shall not respond to such communication directly without Customer’s prior authorization, unless legally compelled to do so. If Couchbase is required to respond to such a request, Couchbase shall promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.

7.2 Subpoenas and Court Orders.  If a law enforcement agency sends Couchbase a demand for Customer Data (for example, through a subpoena or court order), Couchbase shall give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless Couchbase is legally prohibited from doing so.

8. Jurisdiction Specific Terms

8.1 Europe. To the extent the Customer Data is subject to European Data Protection Laws, the following terms shall apply in addition to the terms in the remainder of this DPA:

(a) Sub-processor Obligations. Couchbase shall: (i) enter into a written agreement with each Sub-processor imposing data protection terms that require the Sub-processor to protect personal data to the standard required by applicable European Data Protection Law and this DPA; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause Couchbase to breach any of its obligations under this DPA.

(b) Objections to Sub-processors. Customer may object in writing to Couchbase’s appointment of a new Sub-processor on reasonable grounds relating to data protection (e.g. if making Customer Data available to the Sub-processor may violate European Data Protection Law or weaken the protections for such Customer Data) by notifying Couchbase promptly in writing within five (5) calendar days of receipt of Couchbase notice in accordance with Section 3.1 above.  Such notice shall explain the reasonable grounds for the objection and the parties shall discuss such concerns in good faith with a view to achieving commercially reasonable resolution.  If no such resolution can be reached, Couchbase will, at its sole discretion, either not appoint Sub-processor, or permit Customer to suspend or terminate the affected portion of the Cloud Service in accordance with the termination provisions in the Cloud Agreement without liability to either party (but without prejudice to any fees incurred by Customer prior to suspension or termination).

(c) Privacy Shield. To the extent that Couchbase processes (or causes to be processed) any personal data protected by European Data Protection Laws in a third country not recognized as providing adequate protection for personal data (as described in European Data Protection Laws), such personal data shall be deemed to have adequate protection (within the meaning of European Data Protection Law) by virtue of Couchbase having self-certified its compliance with the Privacy Shield Framework. Couchbase agrees to process Customer Data in compliance with the Privacy Shield Principles and to inform Customer if it makes a determination that it can no longer protect Customer Data in accordance with the Privacy Shield Principles.

(d) Clausole modello. To the extent the transfer mechanism identified in sub-section (c) above does not apply to the transfer and/or is invalidated, Couchbase agrees to abide by and process such Customer Data in in compliance with the Model Clauses, which are incorporated in full by reference and form an integral part of this DPA.

(e) For the purposes of the descriptions in the Model Clauses: (i) Couchbase agrees that it is a “data importer” and Customer is the “data exporter” (notwithstanding that Customer may itself be an entity located outside the EEA); (ii) Annex A and Annex B of this DPA shall replace Appendix 1 and Appendix 2 of the Model Clauses; and (ii) Annex C shall form Appendix 3 of the Model Clauses. It is not the intention of either party, nor the effect of this DPA, to contradict or restrict any of the provisions set forth in the Model Clauses. Accordingly, if and to the extent the Model Clauses conflict with any provision of this DPA, the Model Clauses shall prevail to the extent of such conflict.

(f) Meccanismo di trasferimento alternativo. Se e nella misura in cui Couchbase adotta una soluzione alternativa di esportazione dei dati per il trasferimento dei Dati del Cliente come prescritto dalle leggi europee sulla protezione dei dati applicabili ("Meccanismo di trasferimento alternativo"), si applicherà invece il Meccanismo di Trasferimento Alternativo (ma solo nella misura in cui tale Meccanismo di Trasferimento Alternativo si applica al trasferimento).

(g) Data Protection Impact Assessment. To the extent Couchbase is required under applicable European Data Protection Law, Couchbase shall provide reasonably requested information regarding Couchbase processing of personal data under the Cloud Agreement to enable the Customer to carry out data protection impact assessments or prior consultations with supervisory authorities as required by law.

8.2 California. To the extent the Customer Data is subject to the CCPA, the parties agrees that Customer is a business and that it appoints Couchbase as its service provider to process Customer Data as permitted under the Cloud Agreement (including this DPA) and the CCPA, or for purposes otherwise agreed in writing (the “Scopi consentiti“). Customer and Couchbase agree that: (a) Couchbase shall not retain, use or disclose personal information for any purpose other than the Permitted Purposes; (b) Customer Data was not sold to Couchbase and Couchbase shall not “sell” personal information (as defined by the CCPA); (c) Couchbase shall not retain, use or disclose personal information outside of the direct business relationship between Customer and Couchbase; and (d) Couchbase may de-identify or aggregate personal information in the course of providing the Cloud Service. Couchbase certifies that it understands the restrictions set out in this Section 8.2 and will comply with them.

9. Miscellaneous

9.1 Except for the changes made by this DPA, the Cloud Agreement remains unchanged and in full force and effect.

9.2 This DPA may be executed in counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument.

9.3 If any provision or part-provision of this DPA is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of the DPA.

9.4 This DPA shall be governed by and construed in accordance with the governing law and jurisdiction provisions in the Cloud Agreement, unless required otherwise by European Data Protection Laws.

Allegato A

Descrizione dell'elaborazione dei dati

This Annex A forms part of the DPA and describes the processing that the processor will perform on behalf of the controller.

Durata

The duration of the data processing under this DPA is until the termination of the Cloud Agreement in accordance with its terms plus the period from the expiry of the Cloud Agreement until deletion of personal data by Couchbase in accordance with the terms of the Cloud Agreement.

Categorie di dati

I dati personali da trattare riguardano le seguenti categorie di dati (specificare):

●  Personal Data in Customer Content: Personal Data included in content or data provided by or on behalf of Customer or Authorized Users by or through the Cloud Service, including any Personal Data provided in order to receive Support.

Categorie particolari di dati (se del caso)

The parties do not intend for any special category data to be processed under the Cloud Agreement.

Soggetti interessati

I dati personali da trattare riguardano le seguenti categorie di soggetti (specificare):

● Data subjects include individuals about whom data is provided to Couchbase via the Cloud Service by or at the direction of Customer, including Authorized Users.

Operazioni di lavorazione

I dati personali saranno oggetto delle seguenti attività di trattamento di base (specificare):

●  processing to provide the Cloud Service in accordance with the Cloud Agreement;

●  processing to perform any steps necessary for the performance of the Cloud Agreement;

●  processing initiated by Customer in its use of the Cloud Service; and

●  processing to comply with other reasonable instructions provided by Customer (e.g. via email or support tickets) that are consistent with the terms of this Cloud Agreement.

Allegato B

Misure di sicurezza

This Annex describes Couchbase’s Security Measures in providing the Cloud Service. Customer acknowledges that the Cloud Service operates pursuant to a shared responsibility model, which requires, among other things, that Customer take certain steps such as protecting the security of Customer Content (which remains stored within Customer’s environment under Customer’s control). If and to the extent Couchbase processes Customer Data on behalf of Customer in connection with the Cloud Service, Couchbase shall implement and maintain the following Security Measures:

1. Physical Access Controls: The Cloud Service runs on AWS. The physical security and information security standards for AWS’s data centers are detailed at  https://aws.amazon.com/security/.

2. System Access Controls: Couchbase shall take reasonable measures to prevent unauthorized use of the systems used for processing Customer Data. These controls shall vary based on the nature of the processing undertaken and may include, among other controls, strong authentication, documented authorization processes, documented change management processes and/or, logging of access on several levels.

3. Data Access Controls: Couchbase shall take reasonable measures to provide that any Customer Data in Couchbase’s control in the Cloud Control Plane is accessible and manageable only by properly authorized staff. Direct database query access to the Data Plane is restricted and application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to the Customer Data to which they have access privileges; and, that Customer Data cannot be read, copied, modified or removed without authorization in the course of processing.

4. Transmission Controls: Couchbase shall take reasonable measures to ensure that Customer Data cannot be read, copied, modified or removed without authorization during electronic transmission or transport. Couchbase uses industry standard firewall and encryption technologies to protect data in transit and at rest.

5. Input Controls: Couchbase shall take reasonable measures to provide that it is possible to check and establish whether and by whom Customer Data has been entered into data processing systems, modified or removed; and, any transfer of Customer Data to a third-party service provider is made via a secure transmission.

6. Data Protection: Couchbase shall take reasonable measures to ensure that Customer Data is protected against accidental destruction or loss.

7. Logical Separation: Customer Data in Couchbase’s control is logically segregated on systems managed by the Couchbase to prevent unauthorized access.

Allegato C

This Appendix forms part of the Model Clauses. All defined terms used in this Appendix 3 shall have the meaning given to it in the Model Clauses unless otherwise defined in this Appendix. 

Appendix 3 to the Model Clauses

This Appendix sets out the parties’ interpretation of their respective obligations under specific clauses identified below.  Where a party complies with the interpretations set out in this Appendix, that party shall be deemed by the other party to have complied with its commitments under the Clauses.

For the purposes of this Appendix, “DPA” means the Data Processing Addendum in place between data importer and data exporter and to which these Clauses are incorporated and “Contratto cloud” shall have the meaning given to it in the DPA.

Clause 4(h) and 8: Disclosure of these Clauses

1. Data exporter agrees that these Clauses constitute data importer’s Confidential Information as that term is defined in the Cloud Agreement and may not be disclosed by data exporter to any third party without data importer’s prior written consent unless permitted pursuant to the Cloud Agreement. This shall not prevent disclosure of these Clauses to a data subject pursuant to Clause 4(h) or a supervisory authority pursuant to Clause 8.

Clause 5(a): Suspension of data transfers and termination:

1. The parties acknowledge that data importer may process the personal data only on behalf of the data exporter and in compliance with its instructions as provided by the data exporter and the Clauses.

2. The parties acknowledge that if data importer cannot provide such compliance for whatever reason, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract.

3. If the data exporter intends to suspend the transfer of personal data and/or terminate these Clauses, it shall endeavour to provide notice to the data importer and provide data importer with a reasonable period of time to cure the non-compliance (“Periodo di cura").

4. If after the Cure Period the data importer has not or cannot cure the non-compliance then the data exporter may suspend or terminate the transfer of personal data immediately. The data exporter shall not be required to provide such notice in instance where it considers there is a material risk of harm to data subjects or their personal data.

Clause 5(f): Audit:

1. Data exporter acknowledges and agrees that it exercises its audit right under Clause 5(f) by instructing data importer to comply with the audit measures described in Section 4 (Security and Audits) of the DPA.

Clause 5(j): Disclosure of sub-processor agreements

1. The parties acknowledge the obligation of the data importer to send promptly a copy of any onward sub-processor agreement it concludes under the Clauses to the data exporter.

2. The parties further acknowledge that, pursuant to sub-processor confidentiality restrictions, data importer may be restricted from disclosing onward sub-processor agreements to data exporter. Notwithstanding this, data importer shall use reasonable efforts to require any sub-processor it appoints to permit it to disclose the sub-processor agreement to data exporter.

3. Even where data importer cannot disclose a sub-processor agreement to data exporter, the parties agree that, upon the request of data exporter, data importer shall (on a confidential basis) provide all information it reasonably in connection with such sub-processing agreement to data exporter.

Clause 6: Liability

1. Any claims brought under the Clauses shall be subject to the terms and conditions, including but not limited to, the exclusions and limitations set forth in the Cloud Agreement. In no event shall any party limit its liability with respect to any data subject rights under these Clauses.

Clause 11:  Onward sub-processing

1. The parties acknowledge that, pursuant to FAQ II.1 in Article 29 Working Party Paper WP 176 entitled “FAQs in order to address some issues raised by the entry into force of the EU Commission Decision 2010/87/EU of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC” the data exporter may provide a general consent to onward sub-processing by the data importer.

2. Accordingly, data exporter provides a general consent to data importer, pursuant to Clause 11 of these Clauses, to engage onward sub-processors. Such consent is conditional on data importer’s compliance with the requirements set out in Section 8.1 of the DPA.