Terms & Conditions of Purchase | Logitech

ΜΕΤΑΒΑΣΗ ΣΤΟ ΚΥΡΙΟ ΠΕΡΙΕΧΟΜΕΝΟ
Pangea temporary hotfixes here

TERMS & CONDITIONS OF PURCHASE

Effective November 1, 2022.

A. Introduction

By clicking to accept these Terms & Conditions of Purchase (“Terms”) in Logitech systems, or by executing a Statement of Work or other document (“SOW”) that incorporates or references these Terms, you (“Contractor,” “Vendor”, “Supplier” or “you”) agree that these Terms shall apply to your provision of goods, services (“Services”) and/or deliverables (“Deliverables”) to Logitech Europe S.A. or any of its worldwide affiliates (“Logitech”), pursuant to each Purchase Order (“PO”) delivered by Logitech to you, and/or each SOW mutually executed by you and Logitech, unless Logitech expressly agrees that a separate agreement applies. These Terms, together with each PO and SOW, form the “Agreement,” effective from the earliest of i) the date of your acceptance of these Terms in Logitech systems, or ii) the effective date of the SOW (“Effective Date”). “Affiliates” means any entity which directly or indirectly controls, is controlled by, or is under common control with another entity, where “control” means ownership of at least fifty percent (50%) of the outstanding shares or securities (representing the right to vote for the election of directors or other managing authority). Logitech reserves the right to modify these Terms from time to time. The updated Terms will apply to POs issued, and SOWs or other ordering documents that are executed, after the effective date of the updated Terms.

The Terms apply in the absence of an executed agreement between you and Logitech.

B. General Terms

  1. 1. ENGAGEMENT OF SERVICES.
    1. 1.1 Services, Deliverables.

      Subject to these Terms, Contractor will render the Services and provide the Deliverables as requested by Logitech on a project by project basis. Each new project will be described in a PO delivered by Logitech and/or in a SOW agreed to by both parties. The deadline(s) to deliver the Services and Deliverables will be defined in each PO or, if applicable, each SOW.

    2. 1.2 Purchase Order, Statement of Work.

      Each PO delivered by Logitech will become effective according to the terms of the PO and be subject to these Terms. Each SOW will become effective and subject to these Terms once agreed and signed by both parties. If a SOW is signed by both parties, Contractor agrees that it will not commence work under any SOW prior to receiving a PO issued by Logitech (or its Affiliates).

    3. 1.3 Term.

      The Agreement will commence on the Effective Date and will continue unless terminated pursuant to Section 4 below.

  2. 2. COMPENSATION.
    1. 2.1 Compensation.

      Logitech will pay Contractor a fee according to the schedule of payments set forth in the applicable PO or SOW. Contractor will use its commercially reasonable efforts to implement procedures to reduce costs and expenses without adversely impacting its performance. The rates and fees set forth in a PO or SOW will not be increased for the term of such PO or SOW without Logitech's prior written approval. Contractor warrants that the Compensation due to Contractor under each PO and SOW will not exceed the lowest compensation due to Contractor for similar services and work of like quality performed for similarly situated customers.

    2. 2.2 Reimbursement of Approved Expenses.

      Contractor will be liable for all expenses incurred in the performance of the Services except those specifically set out in a SOW or PO or otherwise authorized by Logitech in writing and in advance and documented for reimbursement by Logitech. Contractor will provide receipts and other supporting documentation to Logitech for such expenses. Any reimbursable expenses for business travel by Contractor will be subject to Logitech's travel guidelines.

    3. 2.3 Payment Term.

      Logitech agrees to pay Contractor on undisputed amounts invoiced pursuant to the payment terms set forth on the applicable PO, which shall be a maximum of net 60 days from receipt of invoice if Contractor’s registered business address (as reflected in the SOW or PO) is in the European Union, Australia, New Zealand; net 75 days from receipt of invoice if Contractor is located elsewhere; or such shorter payment terms mandated by applicable law. Each invoice must contain a complete description of the work performed and/or Deliverables provided and reference the applicable Logitech PO. If the fees are based on a time and materials basis, the invoice must also include an itemization of the hours worked.

    4. 2.4 Taxes, Labor and other Legal Obligations.

      Unless otherwise provided in a SOW or PO, the fees payable by Logitech to Contractor for the Services and Deliverables under the Agreement do not include taxes, and Logitech will pay sales, use, service and value-added taxes assessed on the provision of the Services and Deliverables. Contractor will pay taxes assessed on Contractor's income, and bear full responsibility for complying with all applicable tax, contractual, labor and social security obligations in relation to employees, agents or representatives hired or retained by the Contractor in connection with the performance of the Services and delivery of the Deliverables. Contractor will be responsible for the calculation, reporting, deposit and payment of any such taxes and other obligations in full on a timely basis and prior to the imposition of any interest or penalties. Logitech will not reimburse Contractor nor have any liability for any penalties or interest which may be imposed due to a failure by Contractor to timely file returns or deposit or pay the due taxes or other obligations.

  3. 3. RELATIONSHIP OF PARTIES AND ADDITIONAL OBLIGATIONS.
    1. 3.1 Nature of Relationship.

      Contractor and Logitech are independent contractors and nothing in the Agreement creates a partnership, joint venture, or employer-employee relationship. Contractor is not the agent of Logitech and is not authorized to make any representation or commitment on behalf of Logitech unless specifically requested or authorized to do so in writing by Logitech. Contractor agrees to accept exclusive liability for complying with all applicable state and federal laws governing independent contractors, including obligations such as payment of taxes, social security, workers' compensation, disability, and other contributions based on fees paid to Contractor, its agents, or employees, under the Agreement. Contractor hereby agrees to indemnify and defend Logitech against any and all such taxes or contributions, including without limitation, penalties and interest.

    2. 3.2 Warranties.
      Contractor represents and warrants to Logitech that:
      1. a. Contractor has all requisite rights and authority to enter into this Agreement, and the performance of its obligations hereunder will not conflict with any of its agreements with or obligations to any third party.
      2. b. Contractor will establish and maintain its status as an independent contractor by participating in Logitech's independent contractor evaluation and scoring process from time to time as specified by Logitech.
      3. c. Contractor will perform all Services in a professional and workmanlike manner, in accordance with the best practices of Contractor's industry, and the Services and Deliverables will conform to the applicable specification, PO and/or SOW.
      4. d. The Deliverables will not violate any patent, copyright, trademark, trade secret or other intellectual property right of any third party, or any privacy right of any third party.
      5. e. Contractor is the sole and exclusive owner of, or has the right to enter into the Agreement on behalf of the owner of, any Services or Deliverablesand any derivative works thereof prepared by or for Contractor pursuant to the Agreement.
      6. f. Contractor represents and warrants that, in performing its obligations under this Agreement, it complies with all applicable laws, orders and regulations of any governmental authority with jurisdiction over its activities in connection with the Agreement, including but not limited to, laws, orders and regulations pertaining to imports, exports, environmental laws, and any applicable laws against bribery and corruption, including, but not limited to, the United States Foreign Corrupt Practices Act, Swiss Laws and the UK Bribery Act. Contractor will furnish to Logitech any information required to enable Logitech to comply with applicable laws, orders and regulations related to this Agreement.
      7. g. In addition to, and without limiting the foregoing, Contractor represents and warrants that it, and each of its owners, directors, employees and every other person working on its behalf, has not and will not, in connection with the transactions contemplated by the Agreement or in connection with any other business transaction involving Logitech or Logitech's products, make, offer or promise to make any payment or transfer anything of value, directly or indirectly: (a) to any governmental official or employee (including employees of government-owned and government-controlled corporations and public international organization); (b) to any political party, official of a political party or candidate; (c) to any intermediary for payment to any of the foregoing; or (d) to any other person or entity if such payment or transfer would violate the laws of the country in which it is made or the laws of the United States. It is the intent of the parties that no payments or transfers of value will be made which have the purpose or effect of public or commercial bribery, acceptance of or acquiescence in extortion, kickbacks or other unlawful or improper means of obtaining business. Contractor warrants that it is not owned, in whole or in part, by any government or governmental agency or instrumentality.
      8. h. Contractor shall not discriminate against any person on the basis of race, religion, color, age, sex, national origin, marital status, disability, veteran status or any other protected class in the country(ies) in which Contractor operates, either (a) specifically in connection with any matters related to the Agreement and the performance of Services, and (b) generally (whether or not related to the Agreement or the performance of Services) in the areas of employment, or contracting and subcontracting with suppliers and subcontractors.
    3. 3.3 Logitech Code of Conduct.

      Contractor shall comply with the principles of the Logitech Code of Conduct, available on Logitech’s Investor Relations website (ir.logitech.com), under the heading “Governance Documents,” or via the following direct URL: https://s1.q4cdn.com/104539020/files/doc_downloads/corporate_responsibility/Logitech-Code-of-Conduct.pdf.

    4. 3.4 Insurance.

      Contractor will, at Contractor's expense, maintain insurance policies that cover Contractor's activities under the Agreement and the activities of Contractor's employees, agents and representatives, including, but not limited to, workers compensation insurance and commercial general liability, bodily injury liability, property damage liability, errors and omissions liability and media liability. Contractor's insurance will be primary to any insurance maintained by Logitech. Insurance carried by Logitech will be excess only, and will be noncontributory to insurance carried by Contractor. Upon the request of Logitech, Contractor will provide Logitech with a certificate of insurance evidencing such coverage. In addition, Contractor will provide Logitech thirty (30) days advance written notice of any cancellation or reduction in coverage or limits.

    5. 3.5 Conflict of Interest.

      Contractor agrees during the term of the Agreement not to accept work or enter into a contract or accept an obligation inconsistent or incompatible with Contractor's obligations under the Agreement or the scope of the Services. Contractor further agrees not to disclose to Logitech, bring onto Logitech's premises, or induce Logitech to use any confidential information that belongs to anyone other than Logitech or Contractor.

    6. 3.6 Indemnification.

      Contractor agrees to defend, indemnify and hold harmless Logitech, its Affiliates and their respective officers, directors, employees and agents from any and all losses, liabilities or damages that the indemnified parties may incur or suffer and that arise, result from or are related to any breach or failure by Contractor to perform its obligations under the Agreement.

    7. 3.7 Confidentiality.
      1. a. "Confidential Information" means all information relating to the Agreement, specifications and information relating to any SOW or PO, and other business and technical information disclosed by Logitech and/or its Affiliates. Confidential Information does not include information that: (1) was rightfully known to Contractor at the time of disclosure without an obligation of confidentiality, (2) is lawfully obtained by Contractor from a third party without restriction on use or disclosure, (3) is or becomes generally known to the public through no fault or breach of the Agreement, or (4) is developed independently by Contractor without use of the Confidential Information.
      2. b. Contractor will not use the Confidential Information except as necessary under the Agreement, and will not disclose any portion of the Confidential Information to any other person or entity. Contractor will use all reasonable steps to protect the Confidential Information from unauthorized use or disclosure, including but not limited to all steps Contractor uses to protect its own proprietary, confidential and trade secret information.
      3. c. The Confidential Information remains the property of Logitech and/or its Affiliates, and no license or other rights in the Confidential Information is granted hereby, except those granted expressly herein. The Confidential Information is provided "AS IS" and without any warranty, express, implied or otherwise, regarding its accuracy or performance.
      4. d. Contractor further agrees that, in the event it determines that any portion of the Confidential Information is not confidential for the reasons set forth above, it will give Logitech at least ten (10) days' notice before disclosing such portion to any third party.
      5. e. The obligations of confidentiality set forth in this Section will remain in force for three (3) years from the termination of the Agreement.
    8. 3.8 Injunctive Relief.

      Contractor acknowledges that disclosure of any Confidential Information will give rise to irreparable injury to Logitech and/or its Affiliates, which may be inadequately compensable in damages. Accordingly, Logitech and/or its Affiliates may seek injunctive relief against the breach or threatened breach of the foregoing undertakings, in addition to any other legal remedies which may be available.

    9. 3.9 Logitech Property.

      In the event that Logitech furnishes any of the following items to Contractor in connection with the Agreement, such items shall be referred to herein as "Logitech Property" (regardless of whether such items constitute the Confidential Information of Logitech): any equipment, tools, software, access to information technology systems, or documents or other materials relating to the products of Logitech, its business or customers or suppliers (which may include, without limitation, drawings, blueprints, manuals, letters, notes, notebooks, reports, sketches, formulae, memoranda, records, files, computer programs, machine listings, data, employee lists, part numbers, costs, profits, market, sales, customer lists and the like). All Logitech Property is and remains Logitech's sole and exclusive property. All Logitech Property must be kept free of liens and encumbrances. Contractor will use the Logitech Property solely to perform its obligations under the Agreement. All Logitech Property is made available "as is" and with no warranties whatsoever, express or implied. Contractor agrees to deliver promptly to Logitech all Logitech Property and all copies of Logitech Property in Contractor's possession at any time upon Logitech's request. Upon termination of the Agreement for any reason, Contractor agrees to deliver promptly to Logitech, or, at Logitech's option, destroy and provide an officer's certification of such destruction, all tangible items of Logitech Property, together with any other of Logitech's Property then in Contractor's possession, except as Logitech may, by prior written permission, allow Contractor to retain.

    10. 3.10  Records and Audit.

      Contractor will maintain complete and accurate accounting records in accordance with sound accounting practices to substantiate Contractor's fees. Contractor will preserve such records for a minimum two (2) years after completion of the Services or the Deliverables or any longer retention period mandated by the laws applicable to Contractor. Logitech may audit such records, either through its own representatives or through an accounting firm selected by Logitech, at its own expense, to verify Contractor's fees. Any audit of Contractor's records will be conducted during business hours and in a manner so as not to unreasonably interfere with Contractor's normal business operations. If an audit should disclose an overcharge by Contractor, Contractor will pay to Logitech the amount of the overcharge as well as the costs and expenses of any firm conducting the audit within ten (10) days from notice thereof.

    11. 3.11  Data Processing and Security.

      To the extent, if any, that Contractor has access to Logitech data, systems or confidential information, Contractor shall be subject to the additional terms set forth in the Logitech Data Processing Agreement and the Logitech Security Terms below.

    12. 3.12  Ownership.

      Logitech is the owner of all intellectual property rights to all Deliverables provided hereunder. Contractor agrees to assign and hereby assigns all rights it has or may acquire in the Deliverables produced and provided pursuant to the Agreement, including all intellectual property moral or publicity rights therein. Contractor understands that such work product is a "work for hire" and will be the exclusive property of Logitech. Contractor agrees to disclose promptly in writing to Logitech, or any person designated by Logitech, every computer program, trade secret, invention, discovery, improvement, copyrightable material, process, manufacturing technique, formula or know-how, whether or not patentable, copyrightable or otherwise protectable, which is conceived, made, reduced to practice, or learned by Contractor in the course of any work performed for Logitech under this Agreement. Contractor will assist and cooperate with Logitech and take such further acts reasonably requested by Logitech to enable Logitech to acquire and perfect its ownership rights in the work produced under the Agreement.

    13. 3.13  Intellectual Property Rights.

      Contractor acknowledges that the intellectual property rights of Logitech and/or its Affiliates, including but not limited to patent, trademark, trade names, copyright and trade secret rights, remain exclusively owned by Logitech and/or its Affiliates. Contractor is hereby granted a non-exclusive, non-assignable, and limited license to use those trademarks, logos, trade names, and service marks provided by Logitech to Contractor ("Marks") solely during the term of the applicable PO or SOW for the sole purpose of performing Services under the Agreement. All goodwill generated by such use of the Marks will inure exclusively to the benefit of Logitech and its Affiliates. Contractor's use of the Marks will comply with Logitech’s trademark guidelines at https://www.logitech.com/tos/trademark-guidelines.html or otherwise provided or updated by Logitech from time to time.

    14. 3.14  Contractor Employees on Temporary Assignment to Logitech.

      If the Services involve any Contractor employee or personnel on temporary assignment or engagement at Logitech (“Contractor Employee”), then, without limiting the generality of the other obligations under the Agreement, Contractor expressly agrees that:

      (1) Contractor shall be responsible for the payment and/or filing of applicable payroll withholding taxes of each such Contractor Employee;

      (2) Contractor is responsible for the terms of temporary assignment or engagement for each Contractor Employee at Logitech; provided, however, that Contractor and Logitech review candidates to ensure the best qualified fit; furthermore Contractor will obtain from each Contractor Employee it assigns at Logitech

      1. (i) assurance and agreement that employment is with Contractor, not Logitech;
      2. (ii) that Logitech may change the end date of their assignment without prior notice;
      3. (iii) that Contractor Employee does not have seniority over other permanent or temporary workers, nor guarantee of being called back to help Logitech in the future;
      4. (iv) that Contractor Employee must comply with all Logitech policies and failure to do can result in immediate termination of the assignment or engagement with Logitech;
      5. (v) that Contractor Employee is not eligible for any Logitech benefits, including but not limited to health plan, retirement plan, paid time off, severance; and

      (3) Contractor’s obligations to indemnify Logitech and the other indemnified parties expressly include any action brought by any Contractor Employee and/or any assessment brought by any governing body in connection with payroll withholding taxes of Contractor Employee; and any other liability arising out of the lawful termination of the engagement of the Contractor Employee (by way of redundancy or otherwise by Contractor following early termination or non-renewal of the SOW relating to such Contractor Employee).

  4. 4. TERMINATION.
    1. 4.1 Termination by Logitech.

      Logitech may terminate these Terms or a specific SOW or cancel a specific PO under the Agreement for convenience at any time with five (5) days prior written notice to Contractor.

    2. 4.2 Termination by Contractor.

      Contractor may only terminate these Terms for convenience when no SOW or PO is in effect and the Contractor provides Logitech with at least one hundred and twenty (120) days prior written notice.

    3. 4.3 Termination for Breach.

      Either party may terminate these Terms or a specific SOW or PO if the other party is in material breach of the Agreement, SOW or PO and the breaching party fails to cure such material breach within thirty (30) days of receiving notice thereof from the non-breaching party. In the case of material breach by Contractor, Logitech will not be obligated to make any payments to Contractor.

    4. 4.4 Effect of Termination.

      Except as provided in this Section 4, upon termination of a specific SOW or PO, Logitech will pay to Contractor costs for any work performed and accepted by Logitech up to the effective date of termination on a time and materials basis or according to the milestone schedule as reasonably determined by Logitech. Any invoices for such costs must be received by Logitech within ninety (90) days after the date of termination. Contractor will promptly return to Logitech all advance payments, if any, received by Contractor reduced by Contractor's fees due on the date of termination and reasonable and supportable costs incurred by Contractor up to the notice date of termination. Contractor will deliver to Logitech all work in process, in whole or in part, including all versions and portions thereof, and will confirm in writing the assignment to Logitech of ownership in the Deliverables.

    5. 4.5 No Liability.

      Neither party will be liable to the other for damages of any sort solely as a result of terminating the Agreement or a specific SOW or PO in accordance with these Terms. Termination of the Agreement will be without prejudice to any other right or remedy of either party.

  5. 5. LIMITATION OF LIABILITY.

    IN NO EVENT WILL LOGITECH BE LIABLE FOR LOST PROFITS, OR ANY SPECIAL, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, ARISING IN ANY WAY IN CONNECTION WITH THIS AGREEMENT. THIS LIMITATION WILL APPLY EVEN IF LOGITECH HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. EACH PARTY ACKNOWLEDGES AND AGREES THAT THE LIMITATIONS OF LIABILITY CONTAINED IN THIS SECTION REFLECT THE ALLOCATION OF RISK SET FORTH IN THIS AGREEMENT AND THAT NEITHER PARTY WOULD ENTER INTO THIS AGREEMENT WITHOUT THIS LIMITATION OF LIABILITY.

  6. 6. ENTIRE AGREEMENT; PRECEDENCE.

    Unless there is another signed or clickwrap agreement between Logitech and Contractor on the same subject matter, these Terms, together with all agreed upon SOWs, and POs represent the entire agreement between the parties and replace and supersede all previous or contemporaneous oral or written agreements, understandings or arrangements between the parties with respect to its subject matter. In case of any conflict between these Terms and any SOW or any PO, or any attachments thereto, these Terms will prevail. In case of any conflict between any SOW and any PO to which the SOW relates, or any attachments to any such PO, the terms of the SOW will prevail (except as otherwise expressly set forth therein).

  7. 7. AMENDMENT.

    This Agreement may not be modified or amended except in writing executed by an authorized representative of each party.

  8. 8. CHOICE OF LAW AND VENUE.

    This Agreement will be exclusively governed by the laws of, and disputes will be subject to the exclusive jurisdiction of

    (i) the state of California, USA and the courts of Santa Clara County and the Northern District of California, where the registered address of the Logitech entity the Contractor is contracting with is in the Americas; or otherwise
    (ii) the country and the competent courts of the registered address of the Logitech entity Contractor is contracting with (in either case without reference to conflicts of law principles).

    Alternatively at Logitech’s entire discretion, the dispute may be subject to the jurisdiction of the competent courts of the registered address of the Contractor. The United Nations Convention on Contracts for the International Sale of Goods will not apply. Each party waives all defenses of lack of personal jurisdiction and forum non conveniens.

  9. 9. ASSIGNMENT.

    As Logitech has specifically contracted for Contractor's services, Contractor may not sub-contract, assign or delegate its obligations under the Agreement either in whole or in part, without the prior written consent of Logitech. Any attempted assignment in violation of the provisions of this Section will be void.

  10. 10. NO WAIVER.

    No delay or failure to act in the event of a breach of the Agreement will be deemed a waiver of that or any subsequent breach of any provision of the Agreement. Any remedies at law or equity not specifically disclaimed or modified by the Agreement remain available to both parties.

  11. 11. INDEPENDENT EFFORTS.

    Provided there is no infringement of the other party's intellectual property rights, nothing in the Agreement will impair either party's right to develop, manufacture, purchase, use or market, directly or indirectly, alone or with others, products or services competitive with those offered by the other.

  12. 12. NO PUBLICITY.

    Contractor will not use or reproduce the trademark, trade name, trade dress or logo of Logitech, or refer to Logitech as a client of Contractor, without Logitech's prior written consent.

  13. 13. FORCE MAJEURE.

    Nonperformance by either party will be excused to the extent that performance is rendered impossible by any reason wholly beyond the control and not caused by the negligence of the non-performing party; provided that any such nonperformance will be cause for termination of the Agreement by the other party if the nonperformance continues for more than thirty (30) days.

  14. 14. NOTICES.

    All notices must be in writing and delivered to the parties at the address mentioned on the most recent SOW or PO or at their registered address. For Logitech, a copy must also be sent by email to legalnotices@logitech.com.

  15. 15. SURVIVAL.

    Sections 3.1 (Nature of Relationship), 3.5 (Conflict of Interest), 3.6 (Indemnification), 3.7 (Confidentiality), 3.8 (Injunctive Relief), 3.9 (Logitech Property), 3.10 (Records and Audit), 3.11 (Data Processing and Security), 4.3 (Termination for Breach), 4.4 (Effect of Termination), 4.5 (No Liability), 5 (Limitation of Liability), 8 (Choice of Law and Venue), 10 (No Waiver), 11 (Independent Efforts), 12 (No Publicity), and 14 through 18 will survive the termination of this Agreement.

  16. 16. SEVERABILITY.

    In the event any provisions of the Agreement will for any reason be held to be invalid, illegal, or unenforceable, the remaining provisions of the Agreement will be unimpaired and the invalid, illegal or unenforceable provision will be replaced by a provision which, being valid, legal and enforceable comes close to the intention of the parties underlying the invalid, illegal, or unenforceable provisions.

  17. 17. BINDING EFFECT; SUCCESSORS.

    The provisions of the Agreement will be binding upon and inure solely to the benefit of the parties and their respective successors and permitted assignees.

  18. 18. EXECUTION; COUNTERPARTS.

    The Agreement, including any amendment, waiver or modification hereto, may be executed by original, facsimile or electronic signature in counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument. Delivery of an executed counterpart of a signature page by fax, e-mail or other electronic delivery or signature method will be as effective as physical delivery of a manually executed counterpart of the Agreement.

C. Data Privacy and Security Terms

This section includes Logitech’s Data Processing Agreement and Security Terms.

C.1 Logitech Data Processing Agreements

Logitech and its affiliates and subsidiaries (collectively “Logitech”) requires that service providers, contractors, suppliers, distributors and other business partners and their employees (collectively “You”) comply with the requirements set forth in this Data Protection Agreement (“DPA”) with respect to any information (“Logitech Data”) that Logitech or its employees, representatives, customers, distributors, or other business partners make available to You in the context of Your business relationship with Logitech or a Logitech customer. This DPA is attached to, and incorporated by reference into, the agreements for services (“Agreements”) by and between the Logitech entity named therein and You.

  1. 1. Use and Transfer Limitations. You must not access, collect, store, retain, transfer, use or otherwise process in any manner any Logitech Data, except: (a) in the interest and on behalf of Logitech; (b) as directed by authorized personnel of Logitech in writing; and (c) in accordance with applicable law. Without limiting the generality of the foregoing, You may not make Logitech Data accessible to any subcontractors or relocate Logitech Data to new locations, except as set forth in written Agreements with, or written instructions from Logitech. You must return or delete any Logitech Data at the end of Your relationship with Logitech and, at any time, at Logitech's request. You must impose contractual obligations on all employees, contractors and onward recipients that are at least as protective of Logitech Data as this DPA.
  2. 2. Comply with Approved Policies. You must keep Logitech Data secure from unauthorized access and other data processing by using Your best efforts and state-of-the art organizational and technical safeguards. You must comply with Logitech’s Security Terms, unless Logitech has expressly approved Your own information security policy in writing as an alternative (in which case You have to comply with the approved version of Your own policy, refrain from making any changes that reduce the level of security provided thereunder, and provide thirty (30) days prior written notice to Logitech of any significant changes to Your own information security policy). If You conduct SSAE 16, SOC or similar or successor audits, You must comply with Your SSAE 16, SOC or similar or successor standards and provide Logitech with thirty (30) prior days' notice of any changes.
  3. 3. Cooperate with Compliance Obligations. At Logitech’s reasonable request, You must: (a) execute a business associate agreement under the U.S. Health Insurance Portability and Accountability Act of 1996 and related regulations, as amended (“HIPAA”) as well as similar agreements as required under other jurisdictions' laws, (b) contractually agree to comply with laws and industry standards designed to protect Logitech Data, including, without limitation, the Standard Contractual Clauses approved by the European Commission for data transfers to processors, Payment Card Industry Standards (“PCI”), as well as similar and other frameworks, if and to the extent such frameworks apply to any Logitech Data that You come into contact with; or (c) allow Logitech to terminate certain or all contracts with You, subject to (i) a proportionate refund of any prepaid fees, (ii) transition or migration assistance as reasonably required, and (iii) without applying any early termination charges or other extra charges.
  4. 4. Submit to Audits. You must provide information on Your compliance program and submit to reasonable data security and privacy compliance audits by Logitech or, at Logitech’s request, by an independent third party, or customers of Logitech, to verify compliance with this DPA, applicable law, and any other applicable contractual undertakings.
  5. 5. Notify Breaches. If You become aware of unauthorized access to Logitech Data, or of any security breach that is reportable under the EU General Data Protection Regulation (GDPR) or laws applicable to You or Logitech, You must immediately notify Logitech, consult and cooperate with investigations and potentially required notices, and provide any information reasonably requested by Logitech. You must also indemnify Logitech from any resulting damages and costs, including, without limitation, identity protection assistance and services procured for data subjects and reasonable attorneys and technical consultant fees for Logitech’s handling of the incident.
  6. 6. Subprocessors. You shall impose substantially similar but no less protective data protection obligations, as set out in this DPA, on any approved Subprocessor prior to the Subprocessor initiating any processing of Logitech Data. You shall provide a list of Your current Subprocessors, either as part of this DPA or Logitech shall expressly subscribe to receive notifications to your list of Subprocessors. You shall inform Logitech in writing of any intended changes to such list through the addition or replacement of Sub-processors at least thirty (30) days in advance. If Logitech legitimately objects to the addition of a Subprocessor and You cannot accommodate Logitech’s objection, Logitech will notify You. Logitech may terminate the affected Services as set out in the Agreement, otherwise the parties shall cooperate to find a feasible solution in accordance with the dispute resolution process.
  7. 7. No Information Selling or Sharing for Advertising. You acknowledge and confirm that You do not receive any Logitech Data as consideration for any services or other items that You provide to Logitech. You shall not have, derive or exercise any rights or benefits regarding Logitech Data. You must not sell or share any Logitech Data, as the terms “sell” and “share” are defined in the California Consumer Privacy Act of 2018, as amended, including by the California Privacy Rights Act of 2020 (“CCPA”) or under any other laws. You must not collect, retain, use, or disclose any Logitech Data (a) for targeted or crosscontext behavioral advertising, (b) but for the business purposes specified in a written contract with Logitech, or (c) outside the direct business relationship with Logitech. You must not combine Logitech Data with other data if and to the extent this would be inconsistent with limitations on service providers under the CCPA or other laws. You certify that You understand the rules, requirements and definitions of the CCPA, and all restrictions in the DPA. You agree to refrain from taking any action that would cause any transfers of Logitech Data to or from You to qualify under the CCPA or other laws as “sharing” for advertising purposes or as “selling” personal information.
  8. 8. EEA/UK/CH Personal Data: With respect to any Logitech Data that is subject to the GDPR and/or the UK GDPR and/or the Swiss Federal Data Protection Act as "personal data," You accept the Schedule for the Standard Contractual Clauses, which incorporates (i) the Standard Contractual Clauses 2021 promulgated by Commission implementing decision (EU) 2021/914 of 4 June 2021 (EU SCCs) and adaptations required under the Swiss Federal Data Protection Act, with the applicable Module(s), and you will provide completed Annexes, a list of Subprocessors and, if required, the parties will agree to a transfer impact assessment (as per Clause 14) without undue delay; (ii) the UK International Data Transfer Addendum to the Standard Contractual Clauses version B1.0 in force 21 March 2022 (UK SCCs) with tables completed; and (iii) the EU SCCs with the adaptations required under the Swiss Federal Data Protection Act (Swiss SCCs).
  9. 9. Integration. This DPA applies in addition to, not in lieu of, any other terms and conditions agreed with Logitech, except as specifically and expressly agreed in writing with explicit reference to this DPA. This DPA shall not create any rights for anyone other than Logitech.
    Version 7 last updated September 2022

C.2 Logitech Controller Data Protection Agreement

Version 6 - Last updated July 2023

This Controller Data Protection Agreement (“Controller DPA”) between Logitech and its affiliates and subsidiaries (collectively “Logitech”) and the business partner (“You”) shall apply to the processing of personal data in the framework of the agreements for services (“Agreements”) when both parties are independent Controllers. This Controller DPA is attached to, and incorporated by reference into, the Agreements by and between the Logitech entity named therein and You.

  1. 1. Independent Controllers. Each party shall be processing personal data as a Controller within the meaning of Article 4(7) of the EU General Data Protection Regulation (“GDPR”) and any equivalent provision in data protection and privacy laws applicable to You or Logitech (“Data Privacy Laws”). Each party shall document the purposes and means, which shall be solely determined by such party.
  2. 2. No Joint Controllership Intended. The parties are not entering a relationship of joint controllership regarding personal data processed under the Agreements. The requirements for joint control pursuant to Article 26 of the GDPR and any Data Privacy Laws are not met. The parties agree that no provision of the Agreements or this Controller DPA shall be interpreted or construed as indicating any intent to establish a relationship of joint controllership between the parties. To the extent that You are processing personal data on behalf of Logitech as a Processor under Article 4(8) of the GDPR and any Data Privacy Laws, the parties agree to cooperate to execute the appropriate Data Processing Agreement.
  3. 3. Compliance with Laws. You and Logitech will each act as independent Controllers and fulfill all Controller obligations independently. Each party is responsible for taking appropriate technical and organizational measures to protect the personal data processed as a Controller by the respective party.
  4. 4. Cooperate with Compliance Obligations. To the extent required by the GDPR and any Data Privacy Laws, the parties agree to support each other in complying with their respective obligations. The parties agree to take all commercial and legal steps to protect personal data against undue disclosure.
  5. 5. EEA/UK/CH Personal Data. With respect to any Logitech Data that is subject to the GDPR and/or the UK GDPR and/or the Swiss Federal Data Protection Act as "personal data," You accept the Schedule for the Standard Contractual Clauses 2021, which incorporates (i) the Standard Contractual Clauses promulgated by Commission implementing decision (EU) 2021/914 of 4 June 2021 (EU SCCs) with the applicable Module(s), you will provide completed Annexes and, if required, the parties will agree to a transfer impact assessment (as per Clause 14) without undue delay; (ii) the UK International Data Transfer Addendum to the Standard Contractual Clauses version B1.0 in force 21 March 2022 (UK SCCs) with tables completed; and (iii) the EU SCCs with the adaptations required under the Swiss Federal Data Protection Act (Swiss SCCs). If Logitech and/or You believe that these measures are not sufficient to satisfy applicable data privacy laws, the parties shall work together to implement any additional and/or alternative appropriate international data transfer measures.
  6. 6. Integration. This Controller DPA applies in addition to, not in lieu of, any other terms and conditions agreed with Logitech except as specifically and expressly agreed in writing with explicit reference to this Controller DPA. This Controller DPA shall not create any rights for anyone other than the referred parties.

C.3 Logitech Security Terms

Logitech Europe SA. and all of its subsidiaries and affiliates (collectively “Logitech”) require all of its vendors, service providers and other business partners (“You” or “Vendor”) to maintain a comprehensive written information security program (“Information Security Program”) that includes technical, physical and organizational measures to ensure the confidentiality, security, integrity, and availability of information provided by Logitech, Logitech’s affiliates, and its and their employees, representatives, contractors, customers and Vendors (collectively, “Logitech Data”) and to protect against unauthorized access, use, disclosure, alteration or destruction of Logitech Data. This Information Security Program is attached to, and incorporated by reference into, the agreements for services (“Agreements”) by and between the Logitech entity named therein and You. In particular, the Information Security Program shall include, but not be limited to, the following measures where appropriate or necessary to ensure the protection of Logitech Data:

  • Access Controls – Policies, procedures, and physical and technical controls:

    (i) to limit physical access to your information systems and the facility or facilities in which they are housed to properly authorized persons;
    (ii) to ensure that all members of your workforce who require access to Logitech Data have appropriately controlled access, and to prevent those workforce members and others who should not have access from obtaining access;
    (iii) to authenticate and permit access only to authorized individuals and to prevent members of your workforce from providing Logitech Data or information relating thereto to unauthorized individuals; and
    (iv) to encrypt and decrypt Logitech Data where required.

  • Security Awareness and Training – A security awareness and training program for all members of your workforce (including management) on a regular basis, which includes training on how to implement and comply with your Information Security Program.

  • Security Incident Procedures – Policies and procedures to detect, respond to, and otherwise address security incidents, including procedures to monitor systems and to detect actual and attempted attacks on or intrusions into Logitech Data or information systems relating thereto, and procedures to identify and respond to suspected or known security incidents, mitigate harmful effects of security incidents, and document security incidents and their outcomes. If You become aware of any circumstance that may trigger either Party’s obligations under Security Breach Laws, You shall immediately provide written notice to Logitech via soc@logitech.com and shall fully cooperate with Logitech to enable Logitech to carry out its obligations under Security Breach Laws.

  • Contingency Planning – Policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages Logitech Data or systems that contain Logitech Data, including a data backup plan and a disaster recovery plan and immediately providing a written notice to Logitech via soc@logitech.com.

  • Device and Media Controls – Policies and procedures on hardware and electronic media that contain Logitech Data into and out of your facilities, and the movement of these items within your facilities, including policies and procedures to address the final disposal of Logitech Data, and/or the hardware or electronic media on which it is stored, and procedures for removal of Logitech Data from electronic media before the media are made available for re-use. You shall ensure that no Logitech Data is downloaded or otherwise stored on laptops or other portable devices unless they are subject to all of the protections required herein. Such protective measures shall include, but not be limited to, all devices accessing Logitech data shall be encrypted and use up-to-date anti-malware detection prevention software.

  • Audit controls – Hardware, software, services, platforms and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic information, including appropriate logs and reports concerning these security requirements and compliance therewith.

  • Policies and Procedures – Policies and procedures to ensure the confidentiality, integrity, and availability of Logitech Data and protect it from accidental, unauthorized or improper disclosure, use, alteration or destruction.

  • Storage and Transmission Security – Technical security measures to guard against unauthorized access to Logitech Data that is being transmitted over an electronic communications network, including a mechanism to encrypt Logitech Data in electronic form while in transit and in storage on networks or systems to which unauthorized individuals may have access.

  • Assigned Security Responsibility – You shall designate a security official responsible for the development, implementation, and maintenance of your Information Security Program.

  • Physical Storage Media – Policies and procedures to ensure that prior to any storage media containing Logitech Data being assigned, allocated or reallocated to another user, or prior to such storage media being permanently removed from a facility, you will securely delete in accordance with Section 2.3 (e.). such Logitech Data from both a physical and logical perspective, such that the media contains no residual data, or if necessary physically destroy such storage media. You shall maintain an auditable program implementing the disposal and destruction requirements set forth in this Section for all storage media containing Logitech Data.

  • Testing – You shall regularly test the key controls, systems and procedures of Your Information Security Program to ensure that they are properly implemented and effective in addressing the threats and risks identified. Tests should be conducted or reviewed by independent third parties or staff independent of those that develop or maintain the security programs.

  • Keep the Program Up-To-Date – You shall monitor, evaluate, and adjust, as appropriate, the Information Security Program in light of any relevant changes in technology or industry security standards, the sensitivity of the Logitech Data, internal or external threats to you or the Logitech Data, and your own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to information systems.

More specifically, Vendor’s Information Security Program shall meet or exceed the following requirements:

  1. 1. SCOPE; DEFINITIONS

    1. 1.1 Security Policy. Vendor will comply in all respects with Logitech’s information security requirements set forth in these Logitech Information Security Requirements for Vendors (the “Security Policy”). The Security Policy applies to Vendor’s performance under any agreement between Vendor and Logitech (the “Agreement”) and all access, collection, use, storage, transmission, disclosure, destruction or deletion of, and security incidents regarding Logitech Information (as defined below). This Security Policy does not limit other obligations of Vendor, including under the Agreement or with respect to any laws that apply to Vendor, Vendor’s performance under the Agreement, the Logitech Information or the Permitted Purpose (as defined below). To the extent this Security Policy directly conflicts with the Agreement, Vendor will promptly notify Logitech of the conflict and will comply with the requirement that is more restrictive and more protective of Logitech Information (which may be designated by Logitech).

    2. 1.2 Definitions.

      (a) “Affiliate” means, with respect to a particular person, any entity that directly or indirectly controls, is controlled by, or is under common control with such person.

      (b) “Aggregate” means to combine or store Logitech Information with any data or information of Vendor or any third party.

      (c) “Anonymize” means to use, collect, store, transmit or transform any data or information (including Logitech Information) in a manner or form that does not identify, permit identification of, and is not otherwise attributable to any user, device identifier, source, product, service, context, brand, or Logitech or its Affiliates.

      (d) “Logitech Information” means, individually and collectively: (a) all Logitech Confidential Information (as defined in the Agreement or in the non-disclosure agreement between the parties); (b) all other data, records, files, content or information, in any form or format, acquired, accessed, collected, received, stored or maintained by Vendor or its Affiliates from or on behalf of Logitech or its Affiliates, or otherwise in connection with the Agreement, the services provided under the Agreement, or the parties’ performance of or exercise of rights under or in connection with the Agreement; and (c) derived from (a) or (b), even if Anonymized.

    3. 1.3 Permitted Purpose. Except as expressly authorized under the Agreement, Vendor may access, collect, use, store, and transmit only the Logitech Information expressly authorized under the Agreement and solely for the purpose of providing the services under the Agreement, consistent with the licenses (if any) granted under the Agreement (the “Permitted Purpose”). Except as expressly authorized under the Agreement, Vendor will not access, collect, use, store or transmit any Logitech Information and will not Aggregate Logitech Information, even if Anonymized. Except with Logitech’s prior express written consent, Vendor will not (A) transfer, rent, barter, trade, sell, rent, loan, lease or otherwise distribute or make available to any third party any Logitech Information or (B) Aggregate Logitech Information with any other information or data, even if Anonymized.
       
  2. 2. SECURITY POLICY

    1. 2.1. Basic Security Requirements. Vendor will, consistent with current best industry standards and such other requirements specified by Logitech based on the classification and sensitivity of Logitech Information, maintain physical, administrative and technical safeguards and other security measures (A) to maintain the security and confidentiality of Logitech Information accessed, collected, used, stored or transmitted by Vendor, and (B) to protect that information from known or reasonably anticipated threats or hazards to its security and integrity, accidental loss, alteration, disclosure and all other unlawful forms of processing. Without limitation, Vendor will comply with the following requirements:

      (a) Firewall. Vendor will install and maintain a working network firewall to protect data accessible via the Internet and will keep all Logitech Information protected by the firewall at all times.

      (b) Updates. Vendor will keep its systems and software up-to-date with the latest upgrades, updates, bug fixes, new versions and other modifications necessary to ensure security of the Logitech Information.

      (c) Anti-malware. Vendor will at all times use anti-malware software and will keep the anti-malware software up to date. Vendor will mitigate threats from all viruses, spyware, and other malicious code that are or should reasonably have been detected.

      (d) Encryption. Vendor will encrypt data at rest and data sent across open networks in accordance with industry best practices.

      (e) Testing. Vendor will regularly test its security systems and processes to ensure they meet the requirements of this Security Policy.

      (f) Access Controls. Vendor will secure Logitech Information, including by complying with the following requirements:

      1. (i) Vendor will assign a unique ID to each person with computer access to Logitech Information.
      2. (ii) Vendor will restrict access to Logitech Information to only those people with a “need-to-know” for a Permitted Purpose.
      3. (iii) Vendor will regularly review the list of people and services with access to Logitech Information, and remove accounts (or advise Logitech to remove accounts) that no longer require access. This review must be performed at least once every 90 days.
      4. (iv) Vendor will not use manufacturer-supplied defaults for system passwords and other security parameters on any operating systems, software or other systems. Vendor will mandate and ensure the use of system-enforced “strong passwords” in accordance with the best practices (described below) on all systems hosting, storing, processing, or that have or control access to, Logitech Information and will require that all passwords and access credentials are kept confidential and not shared among personnel. Passwords must meet the following criteria: contain at least 12 characters; not match previous passwords, the user’s login, or common name; must be changed whenever an account compromise is suspected or assumed; and are regularly replaced after no more than 90 days.
      5. (v) Vendor will maintain and enforce “account lockout” by disabling accounts with access to Logitech Information when an account exceeds more than 10 consecutive incorrect password attempts.
      6. (vi) Except where expressly authorized by Logitech in writing, Vendor will isolate Logitech Information at all times (including in storage, processing or transmission), from Vendor’s and any third-party information.
      7. (vii) If additional physical access controls are requested in writing by Logitech, Vendor will implement and use those secure physical access control measures.
      8. (viii) Vendor will provide to Logitech on an annual basis or more frequently upon Logitech’s request, (1) log data about all use (both authorized and unauthorized) of Logitech’s accounts or credentials provided to Vendor for use on behalf of Logitech (e.g., social medial account credentials), and (2) detailed log data about any impersonation of, or attempt to impersonate, Logitech personnel or Vendor personnel with access to Logitech Information.
      9. (ix) Vendor will regularly review access logs for signs of malicious behavior or unauthorized access.

      (g) Vendor Policy. Vendor will maintain and enforce an information and network security policy for employees, subcontractors, agents, and Vendors that meets the standards set out in this policy, including methods to detect and log policy violations. Upon request by Logitech, Vendor will provide Logitech with information on violations of Vendor’s information and network security policy, even if it does not constitute a Security Incident.

      (h) Subcontract. Vendor will not subcontract or delegate any of its obligations under this Security Policy to any subcontractors without Logitech’s prior written consent. Notwithstanding the existence or terms of any subcontract or delegation, Vendor will remain responsible for the full performance of its obligations under this Security Policy. The terms and conditions of this Security Policy will be binding upon Vendor’s subcontractors and personnel. Vendor (a) will ensure that Vendor’s subcontractors and personnel comply with this Security Policy, and (b) will be responsible for all acts, omissions, negligence and misconduct of its subcontractors and personnel, including (as applicable) violation of any law, rule or regulation.

      (i) Remote Access. Vendor will ensure that any access from outside protected corporate or production environments to systems holding Logitech Information or Vendor’s corporate or development workstation networks requires multi-factor authentication (e.g., requires at least two separate factors for identifying users).

      (j) Vendor personnel. Logitech may condition access to Logitech Information by Vendor personnel on Vendor personnel’s execution and delivery to Logitech of individual nondisclosure agreements, the form of which is specified by Logitech. If required by Logitech, Logitech requests that Vendor’s personnel execute the individual nondisclosure agreement. Vendor will obtain and deliver to Logitech signed individual nondisclosure agreements from Vendor personnel that will have access to the Logitech Information (prior to granting access or providing information to the Vendor personnel). Vendor will also (a) provide that list of Vendor personnel who have accessed or received the Logitech Information to Logitech upon request within an agreed upon timeframe, and (b) notify Logitech no later than 24 hours after any specific individual Vendor personnel authorized to access Logitech Information in accordance with this Section: (y) no longer needs access to Logitech Information or (z) no longer qualifies as Vendor personnel (e.g., the personnel leaves Vendor’s employment).

    2. 2.2. Access to Logitech Extranet and Vendor Portals. Logitech may grant Vendor access to Logitech Information via web portals or other non-public websites or extranet services on Logitech’s or a third party’s website or system (each, an “Extranet”) for the Permitted Purpose. If Logitech permits Vendor to access any Logitech Information using an Extranet, Vendor must comply with the following requirements:

      (a) Permitted Purpose. Vendor and its personnel will access the Extranet and access, collect, use, view, retrieve, download or store Logitech Information from the Extranet solely for the Permitted Purpose.

      (b) Accounts. Vendor will ensure that Vendor personnel use only the Extranet account(s) designated for each individual by Logitech and will require Vendor personnel to keep their access credentials confidential.

      (c) Systems. Vendor will access the Extranet only through computing or processing systems or applications running operating systems managed by Vendor and that include: (i) system network firewalls in accordance with Section 2.1(A) (Firewall); (ii) centralized patch management in compliance with Section 2.1(B) (Updates); (iii) operating system appropriate anti-malware software in accordance with Section 2.1(C) (Anti-malware); and (iv) for portable devices, full disk encryption.

      (d) Restrictions. Except if approved in advance in writing by Logitech, Vendor will not download, mirror or permanently store any Logitech Information from any Extranet on any medium, including any machines, devices or servers.

      (e) Account Termination. Vendor will terminate the account of each of Vendor’s personnel and notify Logitech no later than 24 hours after any specific Vendor personnel who has been authorized to access any Extranet (a) no longer needs access to Logitech Information, (b) no longer qualifies as Vendor personnel (e.g., the personnel leaves Vendor’s employment), or (c) no longer accesses Logitech information for 30 days or more.

      (f) Third Party Systems.

      1. (i) Vendor will give Logitech prior notice and obtain Logitech’s prior written approval before it uses any third-party system that stores or may otherwise have access to Logitech Information, unless (a) the data is encrypted in accordance with this Security Policy, and (b) the third-party system will not have access to the decryption key or unencrypted “plain text” versions of the data. Logitech reserves the right to require an Logitech security review (in accordance with Section 2.5 below) of the third-party system before giving approval.
      2. (ii) If Vendor uses any third-party systems that store or otherwise may access unencrypted Logitech Information, Vendor must perform a security review of the third-party systems and their security controls and will provide Logitech periodic reporting about the third-party system’s security controls in the format requested by Logitech (e.g., SAS 70, SSAE 16 or a successor report), or other recognized industry-standard report approved by Logitech.
    3.  

    4. 2.3. Data Retention and Destruction.

      (a) Retention. Vendor will retain Logitech Information only for the purpose of, and as long as is necessary for, the Permitted Purpose.

      (b) Return or Deletion. Vendor will promptly (but within no more than 10 days after Logitech’s request) return to Logitech and permanently and securely delete all Logitech Information upon and in accordance with Logitech’s notice requiring return and/or deletion. Also, Vendor will permanently and securely delete all live (online or network accessible) instances of the Logitech Information within 90 days after the earlier of completion of the Permitted Purpose or termination or expiration of the Agreement, unless legally required to retain. If requested by Logitech, Vendor will certify in writing that all Logitech Information has been destroyed.

      (c) Archival Copies. If Vendor is required by Law to retain archival copies of Logitech Information for tax or similar regulatory purposes, this archived Logitech Information must be stored in one of the following ways: as a “cold” or offline (i.e., not available for immediate or interactive use) backup stored in a physically secure facility; or encrypted, where the system hosting or storing the encrypted file(s) does not have access to a copy of the key(s) used for encryption.

      (d) Recovery. If Vendor performs a “recovery” (i.e., reverting to a backup) for the purpose of disaster recovery, Vendor will have and maintain a process that ensures that all Logitech Information that is required to be deleted pursuant to the Agreement or this Security Policy will be re-deleted or overwritten from the recovered data in accordance with this Section 2.3 within 24 hours after recovery occurs. If Vendor performs a recovery for any purpose, no Logitech Information may be recovered to any third-party system or network without Logitech’s prior written approval. Logitech reserves the right to require an Logitech security review (in accordance with Section 2.5 below) of the third-party system or network before permitting recovery of any Logitech Information to any third-party system or network.

      (e) Deletion Standards. All Logitech Information deleted by Vendor will be deleted in accordance with the NIST Special Publication 800-88 Revision 1, Guidelines for Media Sanitation December 18, 2014 (available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.Logitech), or such other standards Logitech may require based on the classification and sensitivity of the Logitech Information.

    5. 2.4. Forensic Destruction. Before disposing in any manner of any hardware, software, or any other media that contains, or has at any time contained, Logitech Information, Vendor will perform a complete forensic destruction of the hardware, software or other media so that none of the Logitech Information can be recovered or retrieved in any form. Vendor will perform forensic destruction in accordance with the standards Logitech may require based on the classification and sensitivity of the Logitech Information. Vendor shall provide certificate of destruction upon request from Logitech.

      (a) Vendor will not sell, resell, donate, refurbish, or otherwise transfer (including any sale or transfer of any such hardware, software, or other media, any disposal in connection with any liquidation of Vendor’s business, or any other disposal) any hardware, software or other media that contains Logitech Information that has not been forensically destroyed by Vendor.

    6. 2.5. Security Review.

      (a) Risk Assessment Questionnaire. Logitech requires all vendor to undergo a Vendor Risk Assessment, to be triggered by providing updated responses to Logitech’s risk assessment questionnaire, at the least on an annual basis, but may be more frequent based on the assessed risk of the vendor.

      (b) Certification. Upon Logitech’s written request, Vendor will certify in writing to Logitech that it is in compliance with this Agreement.

      (c) Other Reviews. Logitech reserves the right to periodically review the security of systems that Vendor uses to process Logitech Information. Vendor will reasonably cooperate and provide Logitech with all required information within a reasonable time frame but no more than 20 calendar days from the date of Logitech’s request.

      (d) Remediation. If any security review identifies any noted deficiencies, Vendor will, at its sole cost and expense, take all actions necessary to address those deficiencies within an agreed upon timeframe.

    7. 2.6. Security Breach.

      (a) Vendor will inform Logitech via soc@logitech.com without undue delay (no longer than 24 hours) of Security Breach as defined by applicable law(s) (i) containing Logitech Information, or (ii) managed by Vendor with controls substantially similar to those protecting Logitech Information (each, a “Security Breach”). Vendor will remedy each Security Breach in a timely manner and provide Logitech written details regarding Vendor’s internal investigation regarding each Security Incident. Vendor agrees not to notify any regulatory authority, nor any customer, on behalf of Logitech unless Logitech specifically requests in writing that Vendor do so and Logitech reserves the right to review and approve the form and content of any notification before it is provided to any party. Vendor will reasonably cooperate and work together with Logitech to formulate and execute a plan to rectify all confirmed Security Incidents.

      (b) Vendor will inform Logitech without undue delay (no longer than 24 hours) when Logitech Information is being sought in response to legal process or by applicable law.

Version 4 last updated February 2022

D. Supplemental Terms

These Supplemental Terms apply in addition to the General Terms.

D.1 Social Media Endorsement Terms

If you endorse or make social media posts promoting a Logitech brand, product or event for consideration or if you have a material connection to Logitech, the following applies:

It is legally mandatory, and Logitech's corporate policy, that brands and influencers follow the stricter of the US FTC endorsement guidelines (see the FTC website (www.FTC.gov) for the latest version), or local applicable advertising requirements. You must always clearly disclose your working relationship (or other material connection) with Logitech in each social post or blog. A "material connection" includes any connection between someone acting as an influencer and a brand that could potentially affect the credibility consumers give to that influencer's statements. This may include where the influencer receives benefits or incentives such as monetary compensation, loaner or free products/services, in-kind gifts, or special access privileges. Some examples include: (a) If available to you as an influencer, leveraging Instagram's paid partnership tool to tag "Paid partnership with Logitech" (or the applicable brand), (b) Sponsorship hashtags such as #ad or #sponsored; (c) Clear language such as "I partnered with Logitech" (or the applicable brand). All opinions you express about Logitech, the Logitech brand and/or our products and services shall be your own.

DISCLAIMER: Any recommendations and options for disclosures provided by Logitech (or our failure to do so) shall not be construed as responsibility for your failure to comply with endorsement guidelines.You are also responsible for obtaining all third party clearances and permissions with respect to any content you post.

D.2 Second Tier Diversity Procurement Terms

  1. (a) Equal Employment Opportunity.

    As a vendor, supplier or contractor of Logitech, you agree not to discriminate against any person on the basis of race, religion, color, age, sex, national origin, marital status, disability, veteran status or any other protected class in matters related to this Agreement or in any area of employment or subcontracting.

  2. (b) Logitech Supplier Diversity Program Participation.

    You acknowledge that Logitech implements and administers a Supplier Diversity Program (“SDP”) to offer diverse business enterprises (“DBE”) maximum practical opportunity to participate in Logitech’s Procurement goals and strategies. If you are a vendor, supplier or contractor with which Logitech spends US$1.5m or above under this Agreement, or spends on an annual basis a total of US$1.5 million or above under this and any other agreements between you and Logitech, then you become a SDP participant and are expected to comply with the SDP obligations specified in paragraphs (b), (c), (d) and (e) herein.

    In the United States, DBEs refer to for-profit businesses located within the US or its territories, which are 51% owned, controlled and operated by one or more members of these groups.

  • Ethnic minorities: Asian-Pacific, Asian-Indian, Black, Hispanic, Native American
  • LGBTQ+
  • Women
  • Veterans
  • Service Disabled Veterans
  • Persons with disabilities.

    Outside the United States, DBEs refer to businesses owned by ethnic minorities and/or indigenous people defined by each region or country based on their respective laws and regulations. Businesses must be 51% owned, controlled, and operated by such individuals. In the case of a publicly owned business, at least 51% of the stock must be owned by one or more such individuals. Other groups of DBE include people with disabilities and women.

  1. (c) During the performance of this Agreement, your DBE spend target for this Agreement is 10% of the contract value, and you agree to supply to Logitech tier-two spend data (as specified in paragraphs (d) and (e) below) via quarterly performance reports regarding your economic expenditures with DBEs with which you conduct business relating to this Agreement.

     

  2. (d) Performance Reports. SDP participants shall provide Logitech performance reports (“Performance Reports”) on a calendar quarter basis. Performance Reports shall include, but are not limited to (i) progress of the products and/or services procured from DBE, (ii) DBE tier-two spend data, (iii) reasons for necessary substitutions of a DBE vendor by a non-DBE vendor, and (iv) prospective DBE spend. Logitech will prescribe the form to be completed for such Performance Reports. Your compliance with this Logitech’s Supplier Diversity Program accounts for a component of your performance scorecard.

     

  3. (e) Spend Data Reporting. Logitech is collecting detailed tier-two spend data that includes supplier names, classifications and ethnic backgrounds. Tier-two data shall include direct and indirect spend. Direct spend includes your purchases from a DBE for Logitech’s benefit, such that the goods or services purchased are used exclusively for Logitech’s benefit. Indirect spend includes your other purchases from DBE for goods or services needed to sustain your own business operations.

     

E. Superseded / Archived Versions

The following terms are not included in this updated version of the Terms and are replaced by the General Terms:

  • MANPOWER SERVICES TERMS & CONDITIONS
  • EXCLUSIVE ATHLETE PROMOTION TERMS & CONDITIONS
  • INFLUENCER TERMS
  • MARKETING CONTENT LICENSE ONLY TERMS