EX1A-6 MAT CTRCT 14 filename14.htm RSE Portfolio. Dalmore Tools Licensing Agreement (06371116-2).DOCX

TOOLS LICENSE AGREEMENT

 

This Tools License Agreement is made and entered into as of May 3, 2022 (“Effective Date”), between Rally Holdings LLC ( “Rally”) and Dalmore Group, LLC (“Dalmore”). This Agreement sets forth the terms pursuant to which Dalmore will be permitted to use certain of Rally’s proprietary hosted software tools to perform services for Rally (“Services”) pursuant to the Secondary Market Transactions Engagement Letter entered into as of May 3, 2022 between Rally and its affiliate RSE Portfolio, LLC, and Dalmore (the “Services Agreement”).

The parties agree as follows:

 

1.DEFINITIONS 

1.1Authorized User” means Dalmore’s employees and contractors who are required to use the Tools in order to perform the Services and who have signed a non-use and nondisclosure agreement that is no less protective of the Confidential Information than the terms of this Agreement.  

1.2Confidential Information” means any information disclosed to Dalmore by or on behalf of Rally, directly or indirectly, in writing, orally, or by inspection of tangible or intangible objects (including documents and the Tools) under this Agreement, the Services Agreement, or any other agreement between Rally and Dalmore. “Confidential Information” includes the Tools and all Data, and other information provided to Rally by third parties. “Confidential Information” will not, however, include any information that Dalmore can demonstrate by competent evidence: (a) was publicly known and made generally available in the public domain prior to the time of disclosure to Dalmore by Rally; (b) became publicly known and made generally available after disclosure to Dalmore by Rally through no action or inaction of Dalmore; (c) was or is independently developed by Dalmore, as established by documentary evidence, without the use of Confidential Information; (d) was in the possession of Dalmore, without confidentiality restrictions, at the time of disclosure by Rally; or (e) is obtained by Dalmore from a third party, provided that such third party is not and was not prohibited from disclosing such Confidential Information to Dalmore by a legal, fiduciary, or contractual obligation to Rally. 

1.3Data” means all data accessible by Dalmore via the Tools or otherwise accessed, collected, obtained, used, disclosed, or otherwise processed by Dalmore via the Tools, including but not limited to, trade and investor data. 

1.4Scope Limitations” means the limitations on Dalmore’s use of the Tools specified in Exhibit A. 

1.5Tools” means Rally’s proprietary hosted software tools identified in Exhibit A. 

2.USE OF THE TOOLS 

2.1Use of the Tools. Rally will create accounts for use of the Tools for the Authorized Users identified by Dalmore. Subject to the terms and conditions of this Agreement, Rally grants to Dalmore a limited, non-exclusive, non-transferable, non-sublicensable right during the term of this Agreement to use the Tools solely by its Authorized Users in order to perform the Services in accordance with the Services Agreement. Dalmore’s right to use the Tools is subject to the Scope Limitations and contingent upon Dalmore’s compliance with the Scope Limitations. 

2.2Technical Support. Rally will use reasonable efforts to provide Dalmore with technical support relating to the Tools by email and phone during Rally’s regular business hours. 

2.3Use Restrictions. Except as otherwise explicitly provided in this Agreement or as may be expressly permitted by applicable law, Dalmore will not, and will not permit or authorize third parties to:  rent, lease, or otherwise permit third parties to access or use any of the Tools;  reverse engineer, disassemble, or decompile any Tool; (c) use any Tool to provide services to any third party; (d) use any Tool for any benchmarking activity or in connection with the development of any competitive product; nor (e) circumvent or disable any security or other technological features or measures of the Tools. 

2.4Compliance with Laws. Dalmore will use the Tools in compliance with all applicable laws and regulations, including all applicable privacy laws. 

2.5Protection against Unauthorized Use. Dalmore will use commercially reasonable efforts to prevent any unauthorized use of the Tools and immediately notify Rally in writing of any unauthorized use that comes to Dalmore’s attention. If there is unauthorized use by anyone who obtained access to the Tools directly or indirectly through Dalmore, Dalmore will take all commercially reasonably steps necessary to terminate the unauthorized use. Dalmore will cooperate and assist with any actions taken by Rally to prevent or terminate unauthorized use of the Tools. 

2.6Reservation of Rights. Rally grants to Dalmore a limited right to use the Tools and Documentation under this Agreement. Dalmore will not have any rights to the Tools except as expressly granted in this Agreement or otherwise in writing by Rally. Rally reserves to itself all rights to the Tools not expressly granted to Dalmore in accordance with this Agreement. 



2.7Feedback. If Dalmore provides any feedback to Rally concerning the functionality and performance of the Tools (including identifying potential errors and improvements), Dalmore hereby assigns to Rally all right, title, and interest in and to the feedback, and Rally is free to use the feedback without payment or restriction. 

3.CONFIDENTIALITY; DATA PROTECTION 

3.1Non-use and Nondisclosure. Dalmore will not use or otherwise process any Confidential Information for any purpose except to perform Services in accordance with the Services Agreement. Dalmore will not disclose any Confidential Information to third parties or to employees of Dalmore, except to Authorized Users or, subject to this Section 3.1, as required by applicable law, rule or regulation, legal process or by any judicial, regulatory or governmental order or request or as otherwise requested by any governmental agency, regulatory authority (including, any self-regulatory organization). Dalmore may disclose Confidential Information under the preceding sentence solely to the extent required by law, rule or regulation if Dalmore, to the extent practicable and legally permitted, gives Rally prompt written notice of the requirement prior to the disclosure, and assistance in obtaining an order protecting the Confidential Information from public disclosure. Notwithstanding the foregoing, the parties acknowledge and agree that Dalmore shall be permitted to comply with general regulatory requests not focused on the subject matter of this Agreement, the Services Agreement, or the relationship of Dalmore and Rally under those agreements from a governmental or regulatory authority (e.g., FTC, DOJ, SEC, FINRA) having the authority to regulate or oversee any aspect of Dalmore’s business if Dalmore makes reasonable efforts to limit disclosure of Confidential Information, and provides prompt written notice to Rally following such disclosure, including reasonable details regarding the recipient’s request and the Confidential Information disclosed. 

3.2Maintenance of Confidentiality. Dalmore will use a commercially reasonable degree of care to protect the secrecy of and avoid disclosure and unauthorized use of the Confidential Information. Without limiting the foregoing, Dalmore will use the same degree of care that Dalmore takes to protect its own most highly confidential information. Dalmore may make a reasonable number of copies of Confidential Information solely to the extent necessary for performing the Services or otherwise for compliance with Dalmore’s legal obligations with respect to the Services. Dalmore will not otherwise make any copy of any Confidential Information unless approved in writing by Rally. Dalmore will reproduce Rally’s proprietary rights notices on all approved copies of Rally’s Confidential Information. Dalmore will promptly notify Rally in the event of any unauthorized use or disclosure of the Confidential Information. 

3.3Data Protection. Dalmore will comply with the requirements of the Data Protection Agreement attached as Exhibit B.  

4.TERM AND TERMINATION 

4.1Term. This Agreement will commence upon the Effective Date and will continue for the term of the Services Agreement unless this Agreement is terminated earlier in accordance with the terms of this Agreement. 

4.2Suspension and Termination. Rally may suspend access of any or all Authorized Users to the Tools without notice to Dalmore at any time, and may terminate this Agreement for any reason upon written notice to Dalmore.  

4.3Transition Services. Upon termination of this Agreement for any reason, at Rally’s request, Dalmore will provide reasonable transition services to assist Rally in moving the Services to another provider or in bringing the Services in house at Rally. To the extent the termination is not as a result of an uncured breach of the Agreement by Dalmore, Rally will reimburse Dalmore for its direct, out-of-pocket costs incurred to perform the transition services, provided such costs were incurred with Rally’s prior written approval. Dalmore will cooperate with Rally in the development of a transition plan and will use commercially reasonable efforts to assist Rally and any other service provider to Rally in the transition. 

4.4Post-Termination Obligations. If this Agreement is terminated for any reason, any and all liabilities accrued prior to the effective date of the termination will survive, and Sections 3, 4.3, 4.4, 5.2, and 6 through 9 also survive termination of this Agreement.  

 

5.WARRANTIES AND DISCLAIMER 

5.1Mutual Warranties. Each party represents and warrants to the other that:  this Agreement has been duly executed and delivered and constitutes a valid and binding agreement enforceable against such party in accordance with its terms; and no authorization or approval from any third party is required in connection with such party’s execution, delivery, or performance of this Agreement. 

5.2Disclaimer. EXCEPT FOR THE EXPRESS REPRESENTATIONS AND WARRANTIES STATED IN THIS SECTION 5, RALLY MAKES NO ADDITIONAL REPRESENTATION OR WARRANTY OF ANY KIND WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, AS TO ANY MATTER WHATSOEVER. RALLY EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY, ACCURACY, TITLE, AND NON-INFRINGEMENT. RALLY DOES NOT WARRANT AGAINST INTERFERENCE WITH THE ENJOYMENT OF THE TOOLS. RALLY DOES NOT WARRANT  


2 


THAT THE TOOLS ARE ERROR-FREE OR THAT OPERATION OF THE TOOLS WILL BE SECURE OR UNINTERRUPTED. RALLY DOES NOT WARRANT THAT ANY INFORMATION PROVIDED THROUGH THE TOOLS IS ACCURATE OR COMPLETE OR THAT ANY INFORMATION PROVIDED THROUGH THE TOOLS WILL ALWAYS BE AVAILABLE. RALLY EXERCISES NO CONTROL OVER AND EXPRESSLY DISCLAIMS ANY LIABILITY ARISING OUT OF OR BASED UPON THE RESULTS OF DALMORE’S USE OF THE TOOLS.

6.INTELLECTUAL PROPERTY INFRINGEMENT 

6.1Defense of Infringement Claims. Rally will, at its expense, either defend Dalmore from or settle any claim, proceeding, or suit (“Claim”) brought by a third party against Dalmore alleging that Dalmore’s use of the Tools infringes or misappropriates any U.S. patent or copyright right during the term of this Agreement. Dalmore will:  give Rally prompt written notice of the Claim; grant Rally full and complete control over the defense and settlement of the Claim; provide assistance in connection with the defense and settlement of the Claim as Rally may reasonably request; and comply with any settlement or court order made in connection with the Claim. Dalmore will not defend or settle any Claim without Rally’s prior written consent. Dalmore will have the right to participate in the defense of the Claim at its own expense and with counsel of its own choosing, but Rally will have sole control over the defense and settlement of the Claim. 

6.2Indemnification of Infringement Claims. Rally will indemnify Dalmore from and pay:  all damages, costs, and attorneys’ fees finally awarded against Dalmore in any Claim under Section 6.1;  all out-of-pocket costs (including reasonable attorneys’ fees) reasonably incurred by Dalmore in connection with the defense of a Claim under Section 6.1 (other than attorneys’ fees and costs incurred without Rally’s consent after Rally has accepted defense of the Claim); and all amounts that Rally agrees to pay to any third party to settle any Claim under Section 6.1. 

6.3Exclusions from Obligations. Rally will have no obligation under this Section 6 for any infringement or misappropriation to the extent that it arises out of or is based upon:  use of the Tools in combination with other products or tools if such infringement or misappropriation would not have arisen but for such combination;  use of the Tools by Dalmore for purposes not intended or outside the scope of the license granted to Dalmore;  Dalmore’s failure to use the Tools in accordance with instructions provided by Rally, if the infringement or misappropriation would not have occurred but for such failure; or  any modification of the Tools not made or authorized in writing by Rally where such infringement or misappropriation would not have occurred absent such modification. 

6.4Limited Remedy. This Section 6 states Rally’s sole and exclusive liability, and Dalmore’s sole and exclusive remedy, for the actual or alleged infringement or misappropriation of any third-party intellectual property right by the Tools. 

7.DALMORE INDEMNIFICATION 

7.1Defense. Dalmore will defend Rally from any actual or threatened third party Claim arising out of or based upon Dalmore’s use of the Tools or Dalmore's breach of any of the provisions of this Agreement, including the DPA. Rally will:  give Dalmore prompt written notice of the Claim; grant Dalmore full and complete control over the defense and settlement of the Claim; provide assistance in connection with the defense and settlement of the Claim as Dalmore may reasonably request; and comply with any settlement or court order made in connection with the Claim. Rally will not defend or settle any Claim without Dalmore’s prior written consent. Rally will have the right to participate in the defense of the Claim at its own expense and with counsel of its own choosing, but Dalmore will have sole control over the defense and settlement of the Claim. 

7.2Indemnification. Dalmore will indemnify Rally from and pay:  all damages, costs, and attorneys’ fees finally awarded against Rally in any Claim under Section 7.1;  all out-of-pocket costs (including reasonable attorneys’ fees) reasonably incurred by Rally in connection with the defense of a Claim under Section 7.1 (other than attorneys’ fees and costs incurred without Dalmore’s consent after Dalmore has accepted defense of the Claim); and, all amounts that Dalmore agrees to pay to any third party to settle any Claim under Section 7.1. 

8.LIMITATIONS OF LIABILITY 

8.1Disclaimer of Indirect Damages. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS AGREEMENT, TO THE GREATEST EXTENT ALLOWED BY APPLICABLE LAW, RALLY WILL NOT, UNDER ANY CIRCUMSTANCES, BE LIABLE TO DALMORE FOR CONSEQUENTIAL, INCIDENTAL, SPECIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO LOST PROFITS OR LOSS OF BUSINESS, EVEN IF RALLY IS APPRISED OF THE LIKELIHOOD OF SUCH DAMAGES OCCURRING. 

8.2Cap on Liability. TO THE GREATEST EXTENT ALLOWED BY APPLICABLE LAW, UNDER NO CIRCUMSTANCES WILL RALLY’S TOTAL LIABILITY OF ALL KINDS ARISING OUT OF OR RELATED TO THIS AGREEMENT (INCLUDING BUT NOT LIMITED TO WARRANTY CLAIMS), REGARDLESS OF THE FORUM AND REGARDLESS OF WHETHER ANY ACTION OR CLAIM IS BASED ON CONTRACT, TORT, OR OTHERWISE,  


2 


EXCEED THE COMMISSION PAID TO DALMORE UNDER THE SERVICES AGREEMENT IN THE 3 MONTH PERIOD PRIOR TO THE CAUSE OF ACTION.

8.3Independent Allocations of Risk. EACH PROVISION OF THIS AGREEMENT THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS TO ALLOCATE THE RISKS OF THIS AGREEMENT BETWEEN THE PARTIES. THIS ALLOCATION IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE AND INDEPENDENT OF ALL OTHER PROVISIONS OF THIS AGREEMENT. THE LIMITATIONS IN THIS SECTION 8 WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY IN THIS AGREEMENT. 

9.GENERAL 

9.1Relationship. Rally will be and act as an independent contractor (and not as the agent or representative of Dalmore) in the performance of this Agreement. 

9.2Assignability. Neither party may assign its right, duties, and obligations under this Agreement without the other party’s prior written consent, which consent will not be unreasonably withheld or delayed, except that a party may assign this Agreement without the other party’s consent to a successor (including a successor by way of merger, acquisition, sale of assets, or operation of law) if the successor agrees to assume and fulfill all of the assigning party’s obligations under this Agreement. 

9.3Subcontractors. Rally may utilize a subcontractor or other third party to perform its duties under this Agreement so long as Rally remains responsible for all of its obligations under this Agreement. 

9.4Notices. Any notice required or permitted to be given under this Agreement will be effective if it is in writing and sent by email to: (a) [etan@dalmorefg.com for Dalmore; and (b) george@rallyrd.com for Rally. Either party may change its email address for receipt of notice by notice to the other party in accordance with this Section. Notices are deemed given upon transmission.  

9.5Force Majeure. Neither party will be liable for or be considered to be in breach of or default under this Agreement on account of, any delay or failure to perform as required by this Agreement as a result of any cause or condition beyond its reasonable control, such as acts of God, restrictions, prohibitions, priorities or allocations imposed or actions taken by a governmental authority (whether valid or invalid), embargoes, fires, floods, epidemic and pandemics (including COVID-19) or other outbreak of disease, earthquakes, explosion, natural disasters, riots, wars, sabotage, court injunction or order, or any labor shortage related to any of the foregoing, so long as that party uses all commercially reasonable efforts to avoid or remove the causes of non-performance.  

9.6Governing Law. This Agreement will be interpreted, construed, and enforced in all respects in accordance with the local laws of the State of New York, U.S.A., without reference to its choice of law rules. Each party hereby irrevocably consents to the exclusive jurisdiction and venue of the federal, state, and local courts in New York County, New York in connection with any action arising out of or in connection with this Agreement.  

9.7     Equitable Remedies. Dalmore acknowledges that any breach of this Agreement would cause irreparable harm to Rally, and agrees that Rally will be entitled to injunctive or other equitable relief to prevent or redress any actual or threatened breach of this Agreement, in any court having jurisdiction, without proof of harm or posting of bond.  

 

9.8Waiver. The waiver by either party of any breach of any provision of this Agreement does not waive any other breach. The failure of any party to insist on strict performance of any covenant or obligation in accordance with this Agreement will not be a waiver of such party’s right to demand strict compliance in the future, nor will the same be construed as a novation of this Agreement. 

9.9Severability. If any part of this Agreement is found to be illegal, unenforceable, or invalid, the remaining portions of this Agreement will remain in full force and effect. If any material limitation or restriction on the use of the Tools under this Agreement is found to be illegal, unenforceable, or invalid, Dalmore’s right to use the Tools will immediately terminate. 

9.10Counterparts. This Agreement may be executed in any number of identical counterparts, notwithstanding that the parties have not signed the same counterpart, with the same effect as if the parties had signed the same document. All counterparts will be construed as and constitute the same agreement. This Agreement may also be executed and delivered electronically and such execution and delivery will have the same force and effect of an original document with original signatures. 

9.11Entire Agreement. This Agreement, including all exhibits, and the applicable portions of the Services Agreement, is the final and complete expression of the agreement between these parties regarding Dalmore’s use of the Tools. This Agreement supersedes, and the terms of this Agreement govern, all previous oral and written  


2 


communications regarding these matters, all of which are merged into this Agreement, except that this Agreement does not supersede any prior nondisclosure or comparable agreement between the parties executed prior to this Agreement being executed, nor does it affect the validity of any agreements between the parties relating to Services. No employee, agent, or other representative of Rally has any authority to bind Rally with respect to any statement, representation, warranty, or other expression unless the same is specifically set forth in this Agreement. No usage of trade or other regular practice or method of dealing between the parties will be used to modify, interpret, supplement, or alter the terms of this Agreement. This Agreement may be changed only by a written agreement signed by an authorized agent of the party against whom enforcement is sought.

 

 

Signed by each party’s authorized representative,

 

Rally Holdings LLC

 

By: RSE Markets, Inc., its sole member

 

Dalmore Group, LLC

Name: George Leimer

Name: Etan Butler

Title: Chief Executive Officer

Title: Chairman

Signature: /s/ George Leimer

Signature: /s/ Etan Butler

Date: May 3, 2022

Date: May 3, 2022

Address: 250 Lafayette Street, 2nd Floor

New York, NY 10012

Address: 525 Green Place
Woodmere, NY 11598

 

 


2 


EXHIBIT A

TOOLS AND SCOPE LIMITATIONS

1.Tools. “Tools” means Rally’s hosted software tools for performing: (a) banking services via Dwolla; (b) custodian and executing broker-dealer services via DriveWealth; and (c) ATS matching services via North Capital. 

2.Scope Limitations: Dalmore may use the Tools only to: (a) perform KYC / AML securities and fund checks before allowing a user on Rally’s investor-facing platform to place an order for the purchase or sale of securities; (b) access investor information for qualifying individuals to trade based on their answers to suitability questions, to the extent necessary for the Services; (c) communicate trade settlement information to DriveWealth; and (d) communicate trades to PPX ATS (North Capital). 



 

EXHIBIT B

DATA PROTECTION AGREEMENT

 

This Data Processing Addendum (“DPA”) dated May 3, 2022 forms part of the Tools License Agreement dated May 3, 2022 (“Agreement”) between Rally Holdings, LLC (“Rally”) and Dalmore Group, LLC (“Dalmore”) (each a “Party” collectively, the “Parties”).

Pursuant to the Agreement, Dalmore will provide certain services to Rally that may involve Dalmore (or a Subcontractor) Processing (as defined below) Data on behalf of Rally (the “Services”).  This Agreement applies to such Processing of Data by or on behalf of Dalmore.   

1.Definitions  

1.1In this DPA, capitalized terms will have the meanings set forth below.  Capitalized terms not otherwise defined in this DPA will have the meanings given to them in the Agreement. 

1.2Data Protection Laws” means the applicable laws, rules, and regulations of any relevant jurisdiction governing privacy, data protection, security, or the Processing of Data.  

1.3Data Subject” means the individual to whom Rally Personal Data relates. 

1.4Rally Personal Data” means the Data that constitutes “personal data,” “personal information,” “personally identifiable information,” or any similar concept under Data Protection Laws. 

1.5Process,” “Processing,” or “Processed” means any operation or set of operations performed on Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, access, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

1.6Security Incident means: (i) a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of or access to, Data transmitted, stored or otherwise Processed or (ii) any breach of this Addendum, Data Protection Laws, or of Section 3 of the Agreement. 

1.7Subcontractor means any entity (including any third party or any Dalmore Affiliate) engaged by Dalmore to Process Data.  

1.8Dalmore Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Dalmore, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise. 

2.Processing of Data 

2.1Dalmore will (and will ensure that its Subcontractors will) Process Data solely on behalf of and subject to the written instructions of Rally, unless such instructions conflict with applicable law to which Dalmore is subject, in which case Dalmore will provide prior notice of that legal requirement to Rally to the extent permitted by applicable laws.  Rally will determine the purpose and means of Dalmore’s Processing of Data.  The Agreement and any amendments thereto will constitute Rally’s written instructions pursuant to this Section 2.1. 

2.2Dalmore represents and warrants that it will not (i) sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, any Data to any third party for monetary or other valuable consideration; (ii) retain, use, or disclose, any Data for any purpose other than for the specific purpose of performing the Services; and (iii) retain, use, or disclose Data outside of the business relationship between the Parties. 

2.3Dalmore represents and warrants that it will implement appropriate industry standard information security measures to ensure the confidentiality, integrity, and availability of Data and any systems used by or on behalf of Dalmore to Process Data.  Such measures will include, but not be limited to, those listed in Annex 1 to this DPA.  Dalmore also represents and warrants that it will maintain a comprehensive written information security program that complies with Data Protection laws, including not limited to, the Gramm-Leach-Bliley Act. 

2.4At the request of Rally, Dalmore will provide documentation regarding the security measures it has implemented and maintains pursuant to this Section 2 and Annex 1 and will allow Rally to audit and test such measures.  Rally will give Dalmore reasonable notice of any such audit or inspection and will take (and ensure that each of its mandated auditors takes) reasonable measures to avoid causing (or, if it cannot avoid, to minimize) any damage, injury or disruption to Dalmore’s premises, equipment, personnel and business while its personnel are on those premises in the course of such an audit or inspection.  Except as otherwise required by applicable law or a  



regulator or other relevant governmental entity, any audit or inspection will be conducted within normal business hours no more than once in any calendar year and as requested by Rally in response to a Security Incident.

2.5Neither Dalmore nor any individual or entity acting on its behalf may Process Data from outside the United States without the prior written consent of Rally. 

3.Reasonable Assistance 

3.1If Dalmore or a Subcontractor receives a request, inquiry, or complaint directly from any Data Subject or any regulator or other governmental entity regarding Rally Personal Data, Dalmore will forward such request or assertion to Rally without undue delay and in any case within three (3) business days. 

4.Reliability and Confidentiality 

4.1Dalmore will take steps to ensure the reliability of any employee, personnel, agent, contractor, or any Subcontractor who may have access to Data.  At a minimum, Dalmore will limit access to Data only to those individuals who need to know or otherwise Process such Data to perform the Services.  

4.2Without prejudice to any existing contractual arrangements between the Parties, Dalmore will ensure that its employees, personnel, agents, contractors, or Subcontractors are subject to obligations of confidentiality applicable to Data no less protective of Data than those to which Dalmore itself is subject. 

5.Subcontractors 

5.1Unless otherwise set forth in the Agreement, Dalmore will not engage or use any Subcontractors to Process Data without providing Rally with prior written notice of Dalmore’s intent to use such Subcontractors.  Rally consents to Dalmore’s continued use of those Subcontractors set out in Annex 1, subject to Dalmore meeting the obligations set out in this Section 5.  Upon Rally’s written request, Dalmore will provide Rally with a list of current Subcontractors and descriptions of their Processing activities.  

5.2Prior to any Processing of Rally Personal Data by its Subcontractors, Dalmore will execute agreements with each Subcontractor that impose privacy, data protection, and data security obligations on each Subcontractor that are at least as protective of Data as those to which Dalmore is subject.  In particular, Dalmore will ensure its Subcontractors are subject to comprehensive contractual obligations to implement appropriate industry standard information security measures to ensure the protection of Data and in such a manner that the Processing of Data by such Subcontractors will meet applicable legal requirements.  Dalmore will be fully responsible and liable to Rally for any acts or omissions of Subcontractors as if they were Dalmore’s own. 

6.Security Incidents 

6.1Dalmore will notify Rally as set forth in Section 6.4 promptly upon becoming aware of a Security Incident and will provide Rally with sufficient information to allow Rally to meet any obligations to report a Security Incident under the Data Protection Laws.  Such notification by Dalmore will, at a minimum, describe:   

(a)the nature of the Security Incident, the categories and numbers of Data Subjects concerned, the date(s) on which Dalmore believes the Security Incident occurred, the date on which Damore became aware of the Security Incident, and separate descriptions of the categories and numbers of Data and Rally Personal Data records concerned; 

(b)the likely consequences of the Security Incident; and 

(c)the measures taken or proposed to be taken to address the Security Incident. 

6.2Dalmore will fully cooperate with Rally and take such reasonable steps as are directed by Rally to assist in the investigation, mitigation, and remediation of each Security Incident, sufficient to enable Rally to (i) perform a thorough investigation into the Security Incident; (ii) formulate an appropriate response; and (iii) take suitable further steps in respect of the Security Incident to meet any requirement under the Data Protection Laws.  

6.3Dalmore will not inform any third party of a Security Incident without first obtaining Rally’s prior written consent, unless notification is required by applicable law, rule or regulation to which Dalmore is subject, in which case Dalmore will, to the extent practicable and legally permitted, inform Rally of that requirement, provide a copy of the proposed notification and consider any comments made by Rally before notifying any third party of the Security Incident. 

6.4Any notifications to Rally made pursuant to this Section 6 will be addressed to George@rallyrd.com. 

Deletion and Return of Personal Data  

7.1To the extent applicable, withing sixty (60) days of the termination of the Agreement, or at any earlier date required by Rally, Dalmore will, in accordance with Rally’s instructions, either securely return to Rally or, on  



Rally’s request, securely destroy all Data in Dalmore’s possession.  Dalmore may retain Rally Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws.  Upon request by Rally, Dalmore will provide written certification to Rally that it and each Subcontractor has fully complied with this Section 7.1.

8.Miscellaneous 

8.1The Parties hereby agree to submit to the choice of jurisdiction stipulated in the Agreement with respect to any disputes or claims arising under this DPA, including disputes regarding its existence, validity or termination.   

8.2Any changes to this DPA will be made in writing regardless of any provisions to the contrary in the Agreement.   

8.3Conflicts or inconsistencies with respect to data privacy and data security will be resolved as follows: in any conflict between the terms of the Agreement and this DPA, this DPA will control to the extent of such conflict.  

8.4This DPA represents the entire understanding between the Parties in relation to its subject matter and supersedes all agreements and representations made by the Parties, whether oral or written.  Should any provision of this DPA be deemed invalid or unenforceable, then the remainder of this DPA will remain valid and in force.  The invalid or unenforceable provision will be either (i) amended as necessary to ensure its validity and enforceability, while preserving the Parties' intentions as closely as possible or, (if this is not possible), (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein. 

8.5If any variation is required to this DPA as a result of a change in applicable Data Protection Laws, then either Party may provide written notice to the other Party of that change in law.  The Parties will discuss and negotiate in good faith any necessary variations to this DPA to address such changes.  



 

ANNEX 1 TO THE DPA

INFORMATION SECURITY MEASURES

 

As applicable to its processing of Data, Dalmore will:

1.Ensure that the Data can be accessed only by authorized personnel to perform the Services for Rally. 

2.Take all reasonable measures to prevent unauthorized access to Data through the use of, as applicable, appropriate physical and logical (passwords) entry controls, securing areas where the Processing of Data occurs, and implementing procedures for monitoring the use of data processing facilities. 

3.Use secure passwords, network intrusion detection technology, encryption and authentication technology, secure logon procedures, and virus protection. 

4.Account for all the risks that are presented by its Processing of Data, such as from accidental or unlawful destruction, loss, or alteration, unauthorized or unlawful storage, processing, access or disclosure of Data. 

5.Ensure the encryption of Data, where appropriate. 

6.Ensure the ongoing confidentiality, integrity, availability and resilience of systems and services used by or on behalf of Dalmore to Process Data. 

7.Implement and maintain mechanisms to restore the availability and access to Data in a timely manner in the event of a physical or technical incident. 

8.Implement processes and written policies for regularly testing, assessing, and evaluating the effectiveness of information security measures for ensuring the security of the Processing of Data. 

9.Monitor compliance with its compliance with the terms of this DPA and Data Protection laws on an ongoing basis. 

10.Designate a security officer or other person responsible for overseeing Dalmore’s security program. 

11.Implement measures to identify, assess, and remediate vulnerabilities in systems used by Dalmore to provide Process Data. 

12.Ensure all employees and contractors receive training sufficient to ensure Dalmore’s ongoing capabilities to carry out the security measures established in its policy or required by this DPA. 

In the event that a system or process is unable to meet the criteria above, define compensating controls that can be used to protect Data; provided, however, such compensating controls must be explicitly set forth in this Annex 1 (which may be amended), meet the intent and rigor of the original requirement, provide a similar level of defense, and sufficiently offset the risk against which the original requirement was designed to defend.

 

Dalmore Subcontractors: