The URL can be used to link to this page

CONTRACT 7304 Vender AgreementBSC0 L .............. 10 Estes Street P.O. Box 682 (978) 356-6500 Ipswich, MA 01938 (800) 653-2726 USA Fax: (978) 356-5640 www.cbsco.com information@cpnet.com Purchasing Customer EL SEGUNDO PUBLIC LIBRARY 111 W MARIPOSA ST EL SEGUNDO, CA, 90245-2201 USA Contact: Cao Nguyen Le 310-524-2355 cnlc@elscgundo.org Product Order Form Billing Address CITY OF EL SEGUNDO FINANCE AP 350 MAIN STREET EL SEGUNDO, CA, 90245-3895 USA Your invoice will be sent to: Accounts Payable accountspayablc@clscgundo,org Agreement No. 7304 CustID: s8383149 OrderID: WSR945955 Date: 03/25/2025 Page] of 2 / BiblioGraph Package (AKA - Linked LIbrary Service) 3-year order with annual billing $18,984.00 BiblioGraph 07/01/2025 06/30/2028 36 BiblioGraph Novelist Enrichment 07/01/2025 06/30/2028 36 Package Yearl $6,142.00 Package Year 2 $6,326.00 Package Year 3 $6,516.00 Database Package: 3-year order with annual billing Primary Search Reference eBook Subscription Primary Search: HOST Points of View Reference Source Novelist Select NoveList Plus NoveList K-8 Plus Middle Search Reference eBook Subscription Middle Search Plus: HOST MasterFlLE Complete Reference eBook Subscription MasterFlLE Complete MAS Reference eBook Subscription MAS FullTEXT Ultra School Edition $22,203.00 07/01/2025 06/30/2028 36 07/01/2025 06/30/2028 36 07/01/2025 06/30/2028 36 07/01/2025 06/30/2028 36 07/01/2025 06/30/2028 36 07/01/2025 06/30/2028 36 07/01/2025 06/30/2028 36 07/01/2025 06/30/2028 36 07/01/2025 06/30/2028 36 07/01/2025 06/30/2028 07/01/2025 06/30/2028 07/01/2025 06/30/2028 36 36 36 Package Year 1 $7,183.00 Package Year 2 $7,399.00 Package Year 3 $7,621.00 Y.1 Total Yew 2 Total Year 3 Total S13,325.00 S13,725.00 S14,137.00 Total: $41,187.00 The above excludes all applicable tax Currency: US Dollar Price represented is the cash discounted price for payments received by check or electronic payment. If paying by a method other than check or electronic payment, please inquire for non cash discounted pricing. Payment due upon receipt of invoice. Interest of 1 percent per month charged for payment received later than 30 days after invoice date. eBooks and eAudiobooks ordered are non -returnable and non-refundable. Terms and Conditions Customer agrees to terms and conditions of the appropriate license agreement for usage of purchased access or subscription to electronic databases, econtent and services. If ordering ebooks or audiobooks, customer also agrees to the terms and conditions of the Library eContent Agreement. We do not knowingly collect personal information from a child under the age of 13. Consistent with COPPA, the Customer is responsible for obtaining all required consents and authorizations for anyone under the age of 13 to use our Products and collect personal information. Authorized Signature: Date: Print Name: Title: V 0 Es'tc"' Std'ccl' P.O. Box 682 Ipswich, MA 01938 USA www.ebsco.com Agreement No. 7304 Cust383149 Product Order Form rderID: s8945955 OrderID: WSR945955 Date: 03/25/2025 (978)356-6500 (800)653-2726 Fax: (978) 356-5640 information@cpnct.com Please sign, scan and email this form to: LAUREN WEYBURN at lweyburn@ebsco.com Thank you for your business! If unable to scan, please fax to: 978 356-5640 Page 2 of 2 LAST UPDATED: July 2024 EBSCOLICENSE 5 N Standard By using the services available at this site or by making the services available to Authorized Users, the Authorized Users and the Licensee agree to comply with the following terms and conditions (the "Agreement"). For purposes of this Agreement, "EBSCO" is EBSCO Publishing, Inc.; the "Licensee" is the entity or institution that makes available databases and services offered by EBSCO; the "Sites" are the Internet websites offered or operated by Licensee from which Authorized Users can obtain access to EBSCO's Databases and Services; and the "Authorized User(s)" are employees, students, registered patrons, walk-in patrons, or other persons affiliated with Licensee or otherwise permitted to use Licensee's facilities and authorized by Licensee to access Databases or Services. "Authorized User(s)" do not include alumni of the Licensee. "Services" shall mean EBSCOhost, EBSCO Discovery Service, EBSCO eBooks, Flipster and related products to which Licensee has purchased access or a subscription. "Services" shall also include eBooks to which a Licensee has purchased access or a subscription and periodicals to which Licensee has purchased a subscription. "Databases" shall mean the products made available by EBSCO. EBSCO disclaims any liability for the accuracy, completeness or functionality of any material contained herein, referred to, or linked to. Publication of the servicing information in this content does not imply approval of the manufacturers of the products covered. EBSCO assumes no responsibility for errors or omissions nor any liability for damages from use of the information contained herein. Persons engaging in the procedures included herein do so entirely at their own risk. I. LICENSE A. EBSCO hereby grants to the Licensee a nontransferable and non-exclusive right to use the Databases and Services made available by EBSCO according to the terms and conditions of this Agreement. The Databases and Services made available to Authorized Users are the subject of copyright protection, and the original copyright owner (EBSCO or its licensors) retains the ownership of the Databases and Services and all portions thereof. EBSCO does not transfer any ownership, and the Licensee and Sites may not reproduce, distribute, display, modify, transfer or transmit, in any form, or by any means, any Database or Service or any portion thereof without the prior written consent of EBSCO, except as specifically authorized in this Agreement. B. The Licensee is authorized to provide on -site access through the Sites to the Databases and Services to any Authorized User. The Licensee may not post passwords to the Databases or Services on any publicly indexed websites. The Licensee and Sites are authorized to provide remote access to the Databases and Services only to their patrons as long as security procedures are undertaken that will prevent remote access by institutions, employees at non -subscribing institutions or individuals, that are not parties to this Agreement who are not expressly and specifically granted access by EBSCO. For the avoidance of doubt, if Licensee provides remote access to individuals on a broader scale than was contemplated at the inception of this Agreement then EBSCO may hold the Licensee in breach and suspend access to the Database(s) or Services. Remote access to the Databases or Services is permitted to patrons of subscribing institutions accessing from remote locations for personal, non-commercial use. However, remote access to the Databases or Services from non -subscribing institutions is not allowed if the purpose of the use is for commercial gain through cost reduction or avoidance for a non -subscribing institution. C. Licensee and Authorized Users agree to abide by the Copyright Act of 1976 as well as by any contractual restrictions, copyright restrictions, or other restrictions provided by publishers and specified in the Databases or Services. Pursuant to these terms and conditions, the Licensee and Authorized Users may download or print www.ebsco.com Standard License Agreement Page 1 1 limited copies of citations, abstracts, full text or portions thereof, provided the information is used solely in accordance with copyright law. Licensee and Authorized Users may not publish the information. Licensee and Authorized Users shall not use the Database or Services as a component of or the basis of any other publication prepared for sale and will neither duplicate nor alter the Databases or Services or any of the content therein in any manner, nor use same for sale or distribution. Licensee and Authorized Users may not use artificial intelligence tools or machine learning technologies with any of the content included in the Databases or Services for any purpose. Licensee and Authorized Users may create printouts of materials retrieved through the Databases or Services online printing, off line printing, facsimile or electronic mail. All reproduction and distribution of such printouts, and all downloading and electronic storage of materials retrieved through the Databases or Services shall be for internal or personal use. Downloading all or parts of the Databases or Services in a systematic or regular manner so as to create a collection of materials comprising all or part of the Databases or Services is strictly prohibited whether or not such collection is in electronic or print form. Notwithstanding the above restrictions, this paragraph shall not restrict the use of the materials under the doctrine of "fair use" as defined under the laws of the United States. Publishers may impose their own conditions of use applicable only to their content. Such conditions of use shall be displayed on the computer screen displays associated with such content. The Licensee shall take all reasonable precautions to limit the usage of the Databases or Services to those specifically authorized by this Agreement. D. Authorized Sites may be added or deleted from this Agreement as mutually agreed upon by EBSCO and Licensee. E. Licensee agrees to comply with the Copyright Act of 1976, and agrees to indemnify EBSCO against any actions by Licensee that are not consistent with the Copyright Act of 1976. F. The computer software utilized via EBSCO's Databases and Service(s) is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this software, or any portion of it, is not allowed. User shall not reverse engineer, decompile, disassemble, modify, translate, make any attempt to discover the source code of the software, or create derivative works from the software. G. The Databases are not intended to replace Licensee's existing subscriptions to content available in the Databases. H. Licensee agrees not to include any advertising in the Databases or Services, II. LIMITED WARRANTY AND LIMITATION OF LIABILITY A. EBSCO and its licensors disclaim all warranties, express or implied, including, but not limited to, warranties of merchantability, noninfringement, or fitness for a particular purpose. Neither EBSCO nor its licensors assume or authorize any other person to assume for EBSCO or its licensors any other liability in connection with the licensing of the Databases or the Services under this Agreement and/or its use thereof by the Licensee and Sites or Authorized Users. B. THE MAXIMUM LIABILITY OF EBSCO AND ITS LICENSORS, IF ANY, UNDER THIS AGREEMENT, OR ARISING OUT OF ANY CLAIM RELATED TO THE PRODUCTS, FOR DIRECT DAMAGES, WHETHER IN CONTRACT, TORT OR OTHERWISE SHALL BE LIMITED TO THE TOTAL AMOUNT OF FEES RECEIVED BY EBSCO FROM LICENSEE HEREUNDER UP TO THE TIME THE CAUSE OF ACTION GIVING RISE TO SUCH LIABILITY OCCURRED. IN NO EVENT SHALL EBSCO OR ITS LICENSORS BE LIABLE TO LICENSEE OR ANY AUTHORIZED USER FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR SPECIAL DAMAGES RELATED TO THE USE OF THE DATABASES OR www.ebsco.com Standard License Agreement Page 1 2 SERVICES OR TO THESE TERMS AND CONDITIONS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, C. Licensee is responsible for maintaining a valid license to the third -party resources configured to be used via the Services (if applicable). EBSCO disclaims any responsibility or liability for a Licensee accessing the third -party resources without proper authorization. D. EBSCO is not responsible if the third -party resources accessible via the Services fail to operate properly or if the third -party resources accessible via the Services cause issues for the Licensee. While EBSCO will make best efforts to help troubleshoot problems, Licensee acknowledges that certain aspects of functionality may be dependent on third party resource providers who may need to be contacted directly for resolution. A. License fees have been agreed upon by EBSCO and the Licensee, and include all retrospective issues of the Product(s) as well as updates furnished during the term of this Agreement. The Licensee's obligations of payment shall be to EBSCO or its assignee. Payments are due upon receipt of invoice(s) and will be deemed delinquent if not received within thirty (30) days. Delinquent invoices are subject to interest charges of 12% per annum on the unpaid balance (or the maximum rate allowed by law if such rate is less than 12%). The Licensee will be liable for all costs of collection. Failure or delay in rendering payments due EBSCO under this Agreement will, at EBSCO's option, constitute material breach of this Agreement. If changes are made resulting in amendments to the listing of authorized Sites, Databases, Services and pricing identified in this Agreement, pro rata adjustments of the contracted price will be calculated by EBSCO and invoiced to the Licensee and/or Sites accordingly as of the date of any such changes. Payment will be due upon receipt of any additional pro rata invoices and will be deemed delinquent if not received within thirty (30) days of the invoice dates. B. Taxes, if any, are not included in the agreed upon price and may be invoiced separately. Any taxes applicable to the Database(s) under this Agreement, whether or not such taxes are invoiced by EBSCO, will be the exclusive responsibility of the Licensee and/or Sites. 9 A. In the event of a breach of any of its obligations under this Agreement, Licensee shall have the right to remedy the breach within thirty (30) days upon receipt of written notice from EBSCO. Within the period of such notice, Licensee shall make every reasonable effort and document said effort to remedy such a breach and shall institute any reasonable procedures to prevent future occurrences of such breaches. If the Licensee fails to remedy such a breach within the period of thirty (30) days, EBSCO may (at its option) terminate this Agreement upon written notice to the Licensee. B. If EBSCO becomes aware of a material breach of Licensee's obligations under this Agreement or a breach by Licensee or Authorized Users of the rights of EBSCO or its licensors or an infringement on the rights of EBSCO or its licensors, then EBSCO will notify the Licensee immediately in writing and shall have the right to temporarily suspend the Licensee's access to the Databases or Services. Licensee shall be given the opportunity to remedy the breach or infringement within thirty (30) days following receipt of written notice from EBSCO. Once the breach or infringement has been remedied or the offending activity halted, EBSCO shall reinstate access to the Databases or Services. If the Licensee does not satisfactorily remedy the offending activity within thirty (30) days, EBSCO may terminate this Agreement upon written notice to the Licensee. www.ebsco.com Standard License Agreement Page 1 3 C. The provisions set forth in Sections I, II and V of this Agreement shall survive the term of this Agreement and shall continue in force into perpetuity. V. NOTICES OF CLAIMED COPYRIGHT INFRINGEMENT EBSCO has appointed an agent to receive notifications of claims of copyright infringement regarding materials available or accessible on, through, or in connection with our services. Any person authorized to act for a copyright owner may notify us of such claims by contacting the following agent: Kim Gibbons, EBSCO Publishing, Inc., 10 Estes Street, Ipswich, MA 01938; phone: 978-356-6500, fax: 978-356-5191; email: kgibbons@ebsco.com, In contacting this agent, the contacting person must provide all relevant information, including the elements of notification set forth in 17 U.S.C. 512. VI. GENERAL A. Neither EBSCO nor its licensors will be liable or deemed to be in default for any delays or failure in performance resulting directly or indirectly from any cause or circumstance beyond its reasonable control, including but not limited to acts of God, war, riot, embargoes, acts of civil or military authority, rain, fire, flood, accidents, earthquake(s), strikes or labor shortages, transportation facilities shortages or failures of equipment, or failures of the Internet. B. This Agreement and the license granted herein may not be assigned by the Licensee to any third party without written consent of EBSCO. C. If any term or condition of this Agreement is found by a court of competent jurisdiction or administrative agency to be invalid or unenforceable, the remaining terms and conditions thereof shall remain in full force and effect so long as a valid Agreement is in effect. D. If the Licensee and/or Sites use purchase orders in conjunction with this Agreement, then the Licensee and/or Sites agree that the following statement is hereby automatically made part of such purchase orders: "The terms and conditions set forth in the EBSCO License Agreement are made part of this purchase order and are in lieu of all terms and conditions, express or implied, in this purchase order, including any renewals hereof." E. This Agreement and our i='rivacy PoDicy represent the entire agreement and understanding of the parties with respect to the subject matter hereof and supersede any and all prior agreements and understandings, written and/or oral. There are no representations, warranties, promises, covenants or undertakings, except as described in this Agreement and our Privacy Poficy. F. EBSCO grants to the Licensee a non -transferable right to utilize any IP addresses provided by EBSCO to Licensee to be used with the Services. EBSCO does not transfer any ownership of the IP addresses it provides to Licensee. In the event of termination of the Licensee's license to the Services, the Licensee's right to utilize such IP addresses will cease. G. All information that EBSCO collects when Licensee accesses, uses, or provides access to, the Databases and Services is subject to EBSCO's IPr vacy Policy, which is incorporated herein by reference. By accessing or using the Databases and/or Services, you consent to all actions taken by EBSCO with respect to your information in compliance with the Prilvacy Fohcy. www.ebsco.com Standard License Agreement Page 14 This Data Processing Addendum (the "Addendum") supplements the EBSCO License Agreement (the "Agreement") between the Customer ("Customer") and EBSCO Publishing, Inc. ("EBSCO"). Definitions 1.1 For the purpose of this Addendum the terms, "Controller," "Processor," "Data Subject," "Personal Data," "Personal Data Breach," "Processing," "Subprocessor," and "Supervisory Authority" shall have the same meanings as in applicable Data Protection Legislation, and their related terms shall be construed accordingly. 1.2 "Appropriate technical and organizational measures" shall be interpreted in accordance with applicable Data Protection Legislation. 1.3 "Customer Personal Data" means the Personal Data that is provided by Customer to EBSCO or that is processed by EBSCO on Customer's behalf in connection with the Agreement. 1.4 "Data Protection Legislation" means all applicable data protection and privacy legislation in force from time to time where EBSCO does business, including the General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council (the "GDPR"), the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC), the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100, et seq. (the "CCPA"), and all other applicable laws and regulations relating to the Processing of Personal Data, including any legislation that implements or supplements, replaces, repeals and/or supersedes any of the foregoing. 1.5 "International Data Transfer" means the transfer (either directly or via onward transfer) of Personal Data from within the European Economic Area/United Kingdom (as applicable) to a country not recognized by the European Commission as providing an adequate level of protection for Personal Data (as described in the GDPR). 1.6 "User Personal Data" means the Personal Data provided directly by Customer's end users to EBSCO through the products and services purchased by Customer. 2. Data Processing: EBSCO as Processor for Customer 2.1 Where Customer Personal Data is processed by EBSCO, EBSCO will act as the Processor and the Customer will act as the Controller. 2.1.1 Subject Matter. The subject matter of the Processing is the Customer Personal Data. 2.1.2 Duration. The Processing will be carried out for the duration set forth in the Agreement. 2.1.3 Nature and Purpose. The purpose of the Processing is the provision of products and services to the Customer purchased by the Customer from time to time. 2.1.4 Type of Customer Personal Data and Data Subjects. Customer Personal Data consists of the following categories of information relevant to the following categories of Data Subjects: www.ebsco.com Standard License Agreement Page 15 (a) Representatives of Customer: name, address; email address; billing information; login credentials; geolocation data; and professional affiliation. (b) Customer's end users of the EBSCO products and services purchased by Customer (where personalized account information is provided to EBSCO by Customer): name; address; and email address. 2.2 EBSCO shall not Process Customer Personal Data other than on the Customer's documented instructions (as set forth in this Addendum or the Agreement or as otherwise directed by Customer in writing). EBSCO will not Process Customer Personal Data for any purpose, including for any commercial purpose, other than for the specific purpose of performing the services specified in the Agreement. If Processing of Customer Personal Data inconsistent with the foregoing provisions of this section is ever required by applicable Data Protection Legislation to which EBSCO is subject, EBSCO shall, to the extent permitted by applicable Data Protection Legislation, inform the Customer of that legal requirement before proceeding with the relevant Processing of that Customer Personal Data. 2.3 EBSCO will notify Customer promptly if, in EBSCO's opinion, an instruction for the Processing of Customer Personal Data infringes applicable Data Protection Legislation. 2,4 EBSCO shall ensure that all personnel who have access to and/or Process the Customer Personal Data are subject to confidentiality undertakings or professional or statutory obligations of confidentiality. 2.5 EBSCO shall, in relation to the Customer Personal Data, implement appropriate technical and organizational measures to protect against unauthorized or unlawful Processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data. When considering what measure is appropriate, each party shall have regard to the state of good practice, technical development and the cost of implementing any measures to ensure a level of security appropriate to the harm that might result from such unauthorized or unlawful Processing or accidental loss or destruction, and to the nature of the data to be protected. 2.6 EBSCO shall assist Customer, taking into account the nature of the Processing, (A) by appropriate technical and organizational measures and where possible, in fulfilling Customer's obligations to respond to requests from data subjects exercising their rights under Applicable Data Protection Legislation; (B) in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of the Processing and the information available to EBSCO; and (C) by making available to Customer all information reasonably requested by Customer for the purpose of demonstrating that Customer's obligations relating to the appointment of processors as set out in Article 28 of the GDPR have been met. 2.7 EBSCO shall promptly notify Customer upon becoming aware of any confirmed Personal Data Breach affecting the Customer Personal Data. 2.8 Upon termination of the Agreement, EBSCO shall, at Customer's election, securely delete or return Customer Personal Data and destroy existing copies unless preservation or retention of such Customer Personal Data is required by any applicable law to which EBSCO is subject. 2.9 EBSCO shall allow Customer and Customer's authorized representatives to access and review up-to- date attestations, reports, or extracts thereof from independent bodies (e.g., external auditors, data www.ebsco.com Standard License Agreement Page 1 6 protection auditors) or suitable certifications, or allow its procedures and documentation to be inspected or audited by Customer (or its designee) to ensure compliance with the terms of this Addendum. Any audit or inspection must be conducted during EBSCO's regular business hours without interrupting EBSCO's business operations, with reasonable advance notice (at least 45 days) to EBSCO and subject to reasonable confidentiality procedures. In addition, audits or inspections shall be limited to once per year. The scope of such audit shall be limited to documents and records allowing the verification of EBSCO's compliance with the obligations set forth in this Addendum and shall not include financial records of EBSCO or any records concerning EBSCO's other customers. Remote audits shall be utilized where possible, with on -site audits occurring only where a walkthrough of the premises is required. EBSCO shall, in the event of third -party subprocessing that is subject to Data Protection Legislation, (A) inform Customer and obtain its prior written consent (execution of this Addendum shall be deemed as Customer's prior written consent to such third -party subprocessing); (B) provide a list of third -party Subprocessors upon Customer's request; and (C) inform Customer of any intended changes to third -party Subprocessors, and give Customer a reasonable opportunity to object to such changes. If EBSCO provides Personal Data to third -party Subprocessors, EBSCO will include in its agreement with any such third -party Subprocessor terms which offer at least the same level of protection for the Customer Personal Data as those contained herein and as are required by applicable Data Protection Legislation. Data Processing: EBSCO as Joint Controller With Customer 3.1 EBSCO and Customer shall act as joint Controllers with respect to User Personal Data. 3.2 EBSCO shall be responsible for providing Customer's end user Data Subjects with the information required under GDPR Articles 13 and 14 (including by identifying a contact point for Data Subjects) before processing User Personal Data, and with informing Customer's end users of the essence of EBSCO's arrangement with Customer. 3.3 EBSCO shall provide Customer's end user Data Subjects with the ability to exercise their individual rights with respect to User Personal Data within a self-service portal. 4. International Data Transfer 4.1 To the extent that any Customer Personal Data is subject to any International Data Transfer, the parties agree to be bound by, and all terms and provisions of the Controller to Processor Standard Contractual Clauses adopted by the European Commission ("Processor Model Clauses") shall be incorporated by reference to this Addendum with the same force and effect as though fully set forth in this Addendum, wherein: 4.1.1 Customer is the "data exporter" and EBSCO International, Inc. is the "data importer;" and 4.1.2 The provisions of Module Two are incorporated; the provisions under Modules One, Three, and Four, the footnotes, and Clauses 9, 11(a) Option and 17 Option 1 are omitted; the clauses shall be governed by the law of Ireland; and the competent supervisory authority is Ireland. 4.2 To the extent that any User Personal Data is subject to any International Data Transfer, the parties www.ebsco.com Standard License Agreement Page 17 agree to be bound by, and all terms and provisions of the Controller to Controller Standard Contractual Clauses adopted by the European Commission (''Controller Model Clauses") shall be incorporated by reference to this Addendum with the same force and effect as though fully set forth in this Addendum, wherein: 4.2.1 Customer is the "data exporter" and EBSCO is the "data importer;" and 4.2.2 The provisions of Module One are incorporated; the provisions under Modules Two, Three and Four, the footnotes, and Clauses 9, 11(a) Option and 17 Option 1 are omitted; the clauses shall be governed by the law of Ireland; and the competent supervisory authority is Ireland. 4.3 The Processor Model Clauses and Controller Model Clauses shall be collectively, the "Standard Contractual Clauses." The applicable version of the Standard Contractual Clauses is those which were approved by the European Commission on June 4, 2021. In the event that the Standard Contractual Clauses are updated, replaced, amended or re -issued by the European Commission (with the updated Standard Contractual Clauses being the "New Contractual Clauses") during the term of this Addendum, the New Contractual Clauses shall be deemed to replace the Standard Contractual Clauses and the parties undertake to be bound by the terms of the New Contractual Clauses effective as of the date of the update (unless either party objects to such change) and the parties shall execute a form of the New Contractual Clauses. 4.4 The descriptions required by the Annexes of the Standard Contractual Clauses are replaced by the information in Schedule I, Schedule II, and Schedule III of this Addendum. 4.5 To the extent that the UK Information Commissioner's Office issues any standard contractual clauses for the purpose of making lawful International Data Transfers during the term of this Addendum that will impact the transfers of Customer Personal Data or User Personal Data (with such clauses being the "UK Standard Contractual Clauses"), to the extent possible, the UK Standard Contractual Clauses shall be deemed to be incorporated into this Addendum and the parties undertake to be bound by the terms of the UK Standard Contractual Clauses effective as of the date of their issuance (unless either party objects to such change) and the parties shall execute a form of the UK Standard Contractual Clauses. www.ebsco.com Standard License Agreement Page 1 8 List of Pairties and Description of Data Transfers A. LIST OF PARTIES Data exporter(s): (Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union] 1. Name: Address: Contact person's name, position and contact details: Activities relevant to the data transferred under these Clauses: Signature and date: Role (controller/processor): Controller and Joint Controller 2. Additional Information: EBSCO and Customer shall act as Joint Controllers with respect to User Personal Data (as defined in the Agreement). The Joint Controllers shall perform the following responsibilities accordingly: ._ ..... .........._. Customer ._...._ _—...... ....� - .,.. �.,..W._........ � EBSCO - Personalization: t'ion: Customer decides whether - Implementation of organizational and to enable features of personalized accounts technical measures in product o See Schedule II for details - Authorize the processing of end user data by Maintenance and support of product EBSCO via the Agreement between parties o Security patches o Provide legal basis for processing end o Feature updates user data o Technical support o Establish the purposes and scope of o Availability and up -time processing Data storage, including backups Implementation of technical and Establish the purposes and scope of organizational measures to ensure security of processing via the Agreement between network Parties o Access controls — provide guidelines - Data Subject Access Requests to EBSCO for authorizing who may o Receives and processes Data Subject access the product under the Access Requests and honors the data customer's subscription subject rights of information, access, Data Subject Access Requests rectification, erasure, restricted o As needed, provides details of processing, data portability, right to requests to EBSCO if request is object, and the right to avoid received by Customer from end users automated decision -making (in the event that an end user o Manages the contact form, email submits a request through Customer address, and phone number for rather than through EBSCO) intake of privacy requests o Upon request, notifies customer of data subject request www.ebsco.com Standard License Agreement Page 1 9 . ............................................................... Customer EBSCO Provide legal basis for processing end user data o Agreement between parties establishes contract to provide services o Collection of individual consent and acceptance of terms of use, privacy policy, etc. from end users Incident response o Implementation of process o Notification of customer Subprocessors - vetting and notifying customer of new subprocessors Privacy Risk Assessments — conduct PRA/DPIA as needed for vendors, features, products, etc. which process personal information Data iimporter(.$): For Customer Personal Data: 1. Name: EBSCO International, Inc. Address: 10 Estes Street, Ipswich, MA 01938 Contact person's name, position and contact details: Activities relevant to the data transferred under these Clauses: Academic and scholastic research Signature and date: Role (controller/processor): Processor 2. Additional Information: Customer will act as the Controller of Customer Personal Data where Customer Personal Data is processed by EBSCO. EBSCO will act as the Processor of Customer Personal Data. "Customer Personal Data" means the Personal Data that is provided by Customer to EBSCO or that is processed by EBSCO on Customer's behalf in connection with the Agreement. For User Personal Data, 1. Name: EBSCO International, Inc. Address: 10 Estes Street, Ipswich, MA 01938 Contact person's name, position and contact details: Activities relevant to the data transferred under these Clauses: Academic and scholastic research, creation of user profiles Signature and date: Role (controller/processor): Joint Controller and Processor 2. Additional Information: Customer will act as the Controller of User Personal Data where User Personal Data is processed by EBSCO. EBSCO will act as the Joint Controller of User Personal Data. www.ebsco.com Standard License Agreement Page 1 10 "User Personal Data" means the Personal Data provided directly by Customer's end users to EBSCO through the products and services purchased by Customer. B. DESCRIPTION OF TRANSFER Categories of data subjects whose personal data is transferred: Entity information required for handling the subscription and users of applications, including but not limited to students, teachers, employees, authors. Categories of personal data transferred: First name, last name, email address, authentication information, search information, research notes. Sensitive Data transferred (if applicable), and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved: Not Applicable. The frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis): Continuous. Nature of the processing: Providing access to EBSCO databases; storing user information in customized profiles; facilitating the retrieval of user search history. Purpose(s) of the data transfer and further processing: To perform the obligations between the parties, per the Agreement, to provide research tools, to personalize the experience and to prevent harvesting. The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: As long as reasonably necessary, some personalization information will be held until deletion is requested by a customer or user. For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: Subject Matter: First name, last name, email address, authentication information, search information, research notes Nature of processing: The nature of processing includes the following: Data storage and software delivery, consent management, fulfilling data subject rights requests. Please also see Schedule III for the link to the Subprocessors for comprehensive information about how specific subprocessors process data. Duration: Continuous 61&WWA8 The competent supervisory authority, in accordance with Clause 13, is the Supervisory Authority of Ireland. www.ebsco.com Standard License Agreement Page 1 11 Technical and Organizational Measures Including Technical I Organizational Measures -to Ensure -the Security of IData EBSCO shall maintain and use appropriate safeguards to prevent the unauthorized access to or use of Customer Personal Data and to implement administrative, physical and technical safeguards to protect Customer Personal Data. Such safeguards shall include: 1. Network and Application Security and Vulnerability Management: a, Measures of Q50U dm2yrridzat n g d n+Ly—p ion omm rsonal d t is Personal data is encrypted at rest using the 256-bit Advanced Encryption Standard (AES-256), and in transit using Transport Layer Security (TLS) encryption. Cryptographic key management is in place as outlined in National Institute of Science and Technology (NIST) standard 800-57. b. Measures fOr &ISUring ongolu ron.fidentmjan ty integrity, avai ability ands r�esihence�of rocrtssin systems and services: EBSCO has an ongoing commitment to certification against relevant International Organization for Standardization (ISO) standards, including ISO standards 27001, 27017, 27018 and 27701 both on -premise and at Amazon Web Services (AWS) managed data centers. EBSCO is hosted both within the Amazon Web Services platform and within legacy on premise data centers in Ipswich, MA and Boston, MA. Applications and data are distributed for purposes of high availability and resilience. Features such as automatic recovery and automatic scaling have been implemented. Applications together with their container configuration can be redeployed within minutes, if necessary. Measures for Lfisurin m' the abifity tra' restore tl Er ci�l�1dt�blilt� a�C1i� �� ;"�%� # �C36ta� d It � RD 3 timely manner in the event of ahmysical or technical incident: All applications and data are distributed across multiple nodes and the nodes are distributed across multiple availability zones within Amazon Web Services to ensure high availability of the service. The use of a container -based architecture further helps to ensure high availability of the service. For example, applications automatically restart if they encounter issues and if a specific node fails, it is removed from service and traffic is directed to the remaining 'healthy' nodes. Where appropriate, nodes are set to automatically scale to handle unexpected spikes in traffic. Regular service management meetings review the performance and future capacity needs of the service. The infrastructure enables horizontal and vertical scaling to be implemented with significantly reduced lead times compared to a physical infrastructure. For our legacy on premise, EIS employs two concurrent data centers with failover capabilities in the event that one of the sites experiences an outage. EBSCO's on -premise data centers are protected with uninterruptable power supplies, fire suppression systems and limited access only to personnel necessary for the ongoing operation of the data centers. EBSCO continuously monitors service availability. The current status can be found here: it:t:ps://st:at: is.i.Tllbsr.,-o.coTi/ www.ebsco.com Standard License Agreement Page 1 12 Processes for rr�;ulari�k tr�si"iri s *s ��b � gA d evafuatan the L few ... ' '`:s of tec�anical sand ._ _ ctry rrt.s organizational measures in carder to ensure the security of the �rocessmg: �_� EBSCO contracts third party penetration testing on an annual basis. In addition, vulnerability scans are conducted through an automated code deployment pipeline. Our production environment is scanned continuously. We employ a managed 24/7 security operations team to continuously monitor our environment. EBSCO regularly applies security updates to our environment following our comprehensive vulnerability management process. These updates are done on a rolling basis using a Scaled Agile Framework for Enterprises (SAFe). Organizational measures are reviewed twice annually, through an internal audit as well as an external audit conducted on an annual basis by accredited third party auditors. In addition, regular access reviews to sensitive data and systems are conducted on a regular basis. EBSCO continually evaluates the security of its network and associated Services to determine whether additional or different security measures are required to respond to security risks or findings generated by periodic reviews. e. Measures for d-ie proltection of data dour irk �;rfrnsnui�sr�ion: All data is encrypted in transit using TLS, both from the users' browser to the applications as well as data in transit between EBSCO systems and subprocessors. f. MeasuresJor the protection of data durin ..storage, Personal Data is encrypted at rest using the 256-bit Advanced Encryption Standard (AES-256), All data storage is isolated from the public internet by a dedicated firewall to ensure only EBSCO personnel can access the database. g. MeaagUrgs for enstaing system confs� ur�ation, ir7�cludir� default con�fi �rrat�c�ru: Standardized system configurations are enforced through automated code deployment pipelines where appropriate. h. Measures for internal IT and IT security governance and management: EBSCO's Governance Risk and Compliance (GRC) Team maintains the EBSCO Information Security and Privacy Management system (ISPMS). The ISPMS is continuously monitored and improved to conform to or exceed the standards required by ISO 27001, ISO 27701, ISO 27017, and ISO 27108. The EBSCO ISPMS is comprised of the ISMS -Information Security Management System and PIMS-Privacy Information Management System. External and internal audits of the ISPMS are performed on an annual basis. Security logs are monitored continuously. Measures for certufication uassurance of rocesses and aroducts: In addition to the measures for internal IT management and IT security governance above, regular, mandatory training is delivered through an online learning platform to ensure all staff are familiar with their responsibilities and up to date with policies and procedures. Clear processes are in place to manage security related incidents and to liaise with law enforcement if required. j. MeaWres for pinsuriri data minimization: EBSCO follows best practices for minimizing data attributes to only those needed to perform www.ebsco.com Standard License Agreement Page 1 13 required functions and allow its customers and user patrons the ability to extend the minimum default data set if required. k. Measures for ensue inn data cLaly: Institutions and end users have the ability to review and update their information through a self-service module, or through contacting EBSCO according to the Privacy Policy. Where applicable, data validation controls are implemented in our environment. 2. Logical access controls: Measures for user, identification and autho6zation: A small number of the EBSCO Team with responsibilities for administering and supporting the system have access to the production environment and databases. This is strictly controlled by role and requires two -factor authentication to gain access. Customer Administrator access to end user data is only possible through using an EBSCOadmin administrator account. Only personnel designated by the customer and a small number of EBSCO's privileged users have access to this information. Customers have the ability to set up different authentication options. Options include, but are not limited to, integration through Single Sign On (SSO) using SAML 2.0, username and password, IP whitelist authentication, patron ID, Google Campus Activated Subscriber Access (CASA), Universal CASA and Cookies. 3. Secure media disposal controls: MeaSLWes for ensur�in Nin, ited data retention: It is vital that personal data stored within EBSCO's systems meets the requirements for data privacy and protection and part of that is ensuring personal data is not retained beyond what is necessary for the defined purpose. In many cases, EBSCO allows the ability for customers to anonymize end user data by pseudonymized SSO configuration or removing the option for User Patrons to personalize. Measures for allowi data portabilit and ensurin erasure: Upon request or through the self-service module, EBSCO customers can extract Database Usage Reports, Interface Usage Reports, Link Activity Reports, Login Usage Report and Title Usage Reports. This data can also be obtained upon request at contract termination, or at any time through EBSCOadmin. 4. Logging Controls: a. Measures for ensaw riir , events to Agin : EBSCO allows customers to view database usage reports, interface usage reports, link activity reports, login usage reports and title usage reports through EBSCOadmin. EBSCO employs Security Information and Event Management (SIEM) logs across our resources. These logs are monitored internally by our information security team and 24/7 managed www.ebsco.com Standard License Agreement Page 1 14 security operations center (SOC). No customer action is required, and customers do not have access to these internal logs. Personnel Controls: Contracts for new staff and the onboarding process emphasize individual responsibilities for information `security and the potential penalties for misuse. Staff resignations trigger an automated process to ensure access rights to EBSCO's systems are revoked in a timely fashion. The IT Acceptable Use Agreement covers the acceptable use of EBSCO's information assets. It is issued to both permanent and contract staff and forms part of the induction for new starters. Security awareness training is delivered through EBSCO's online training platform. It is delivered at least annually and is mandatory for all employees. 6. Physical security and environmental controls: MeaSUres for e: saariir)R 0lug sa�al s � °I1: of localions dot which a r�sonal data ire n oca ssed: EBSCO is committed to ensuring the safety of its employees, contractors and assets and takes the issue of physical security very seriously. EBSCO has a comprehensive set of physical security controls which ensure that its data centers and offices are sufficiently protected. Access to data centers is limited only to necessary personnel, and all access is logged and reviewed for abnormalities. EBSCO also contracts with AWS for the processing of customer data. AWS provides world class security within their hosted data centers. For more information on physical security in AWS hosted environments see: htt s° aws au azon.corn/rnmiolii!Lce data -center controls . www.ebsco.com Standard License Agreement Page 1 15 List of , ubp r c ss lrs MODULE TWO: Transfer controller to processor The controller has been notified of the use of the subprocessors linked below may be utilized at the time of contract execution. For an updated list of subprocessors, please see ,(?Ila:: co.ccorn/ stiuU)pirocesb 3oo's. www.ebsco.com Standard License Agreement Page 1 16 LAST UPDATED: July 2024 EBSCOLICENSES AGREEMENT NoveUst Sailed By making the service available to Authorized Users, and others who access the Licensee's digital services, the Authorized Users and the Licensee agree to comply with the following terms and conditions (the "Agreement"). For purposes of this Agreement, "EBSCO" is EBSCO Publishing, Inc.; the "Licensee" is the entity or institution that makes available databases and services offered by EBSCO; the "Sites" are the websites, applications, or digital tools offered or operated by Licensee from which Authorized Users can obtain access to EBSCO's Databases and Services; and the "Authorized User(s)" are employees, students, registered patrons, walk-in patrons, or other persons affiliated with Licensee or otherwise permitted to use Licensee's facilities and authorized by Licensee to access the Service. "Service" shall mean any version or part of Novelist Select, delivered into any channel (including, but not limited to, catalog, self -checkout, mobile app, digital signage, etc.). "Content" shall mean both the textual and graphic information that is transmitted via the Service for display in online catalogs. EBSCO disclaims any liability for the accuracy, completeness or functionality of any material contained herein, referred to, or linked to. Publication of the servicing information in this content does not imply approval of the manufacturers of the products covered. EBSCO assumes no responsibility for errors or omissions nor any liability for damages from use of the information contained herein. Persons engaging in the procedures included herein do so entirely at their own risk. I. LICENSE A. EBSCO hereby grants to the Licensee a nontransferable and non-exclusive right to use the Service made available by EBSCO according to the terms and conditions of this Agreement. The Content and Service made available to Authorized Users are the subject of copyright protection, and the original copyright owner (EBSCO or its licensors) retains the ownership of the Content and Service and all portions thereof. EBSCO does not transfer any ownership, and the Licensee and Sites may not reproduce, distribute, display, modify, transfer or transmit, in any form, or by any means, the Service or any portion thereof without the prior written consent of EBSCO, except as specifically authorized in this Agreement. B. The Licensee is authorized to provide on -site access through the Sites to the Content and Service to any Authorized User. The Licensee and Sites are authorized to provide remote access to the Content and Service to Authorized Users. For the avoidance of doubt, if Licensee provides remote access to individuals on a broader scale than was contemplated at the inception of this Agreement then EBSCO may hold the Licensee in breach and suspend access to the Service. Remote access to the Content or Service is permitted to Authorized Users of subscribing institutions accessing from remote locations for personal, non-commercial use. However, remote access to the Databases or Services from non -subscribing institutions is not allowed if the purpose of the use is for commercial gain through cost reduction or avoidance for a non -subscribing institution. Remote access for personal use from these institutions is permissible. C. Licensee and Authorized Users agree to abide by the Copyright Act of 1976 as well as by any contractual restrictions, copyright restrictions, or other restrictions provided by publishers and specified in the Databases or Services. Pursuant to these terms and conditions, the Licensee and Authorized Users may download or print limited copies of citations, abstracts, full text or portions thereof, provided the information is used solely in accordance with copyright law. Licensee and Authorized Users may not publish the information. Licensee and Authorized Users shall not use the Content or Services as a component of or the basis of any other publication www.ebsco.com License for NoveList Select Page 1 1 prepared for sale and will neither duplicate nor alter the Content or Services in any manner, nor use same for sale or distribution. Licensee and Authorized Users may not use artificial intelligence tools or machine learning technologies with any of the content included in the Databases or Services for any purpose. Licensee and Authorized Users may create printouts of materials retrieved through the Service via online printing, off line printing, facsimile or electronic mail. All reproduction and distribution of such printouts, and all downloading and electronic storage of materials retrieved through the Service shall be for internal or personal use. Downloading all or parts of the Service in a systematic or regular manner so as to create a collection of materials comprising all or part of the Service is strictly prohibited whether or not such collection is in electronic or print form. Notwithstanding the above restrictions, this paragraph shall not restrict the use of the materials under the doctrine of "fair use" as defined under the laws of the United States. Publishers may impose their own conditions of use applicable only to their content. Such conditions of use shall be displayed on the computer screen displays associated with such content. D. Authorized Sites may be added or deleted from this Agreement as mutually agreed upon by EBSCO and Licensee E. Licensee agrees to comply with the Copyright Act of 1976, and agrees to indemnify EBSCO against any actions by Licensee that are not consistent with the Copyright Act of 1976. F. The computer software utilized via EBSCO's Service is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this software, or any portion of it, is not allowed. User shall not reverse engineer, decompile, disassemble, modify, translate, make any attempt to discover the source code of the software, or create derivative works from the software. G. The Service is not intended to replace Licensee's existing subscriptions to content available in the Service. II. LIMITED WARRANTY AND LIMITATION OF LIABILITY A. EBSCO and its licensors disclaim all warranties, express or implied, including, but not limited to, warranties of merchantability, noninfringement, or fitness for a particular purpose. Neither EBSCO nor its licensors assume or authorize any other person to assume for EBSCO or its licensors any other liability in connection with the licensing of the Service under this Agreement and/or its use thereof by the Licensee and Sites or Authorized Users. B. THE MAXIMUM LIABILITY OF EBSCO AND ITS LICENSORS, IF ANY, UNDER THIS AGREEMENT, OR ARISING OUT OF ANY CLAIM RELATED TO THE PRODUCTS, FOR DIRECT DAMAGES, WHETHER IN CONTRACT, TORT OR OTHERWISE SHALL BE LIMITED TO THE TOTAL AMOUNT OF FEES RECEIVED BY EBSCO FROM LICENSEE HEREUNDER UP TO THE TIME THE CAUSE OF ACTION GIVING RISE TO SUCH LIABILITY OCCURRED. IN NO EVENT SHALL EBSCO OR ITS LICENSORS BE LIABLE TO LICENSEE OR ANY AUTHORIZED USER FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR SPECIAL DAMAGES RELATED TO THE USE OF THESERVICE OR TO THESE TERMS AND CONDITIONS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. C. Licensee is responsible for maintaining a valid license to the third party resources configured to be used via the Services (if applicable). EBSCO disclaims any responsibility or liability for a Licensee accessing the third party resources without proper authorization. D. EBSCO is not responsible if the third party resources accessible via the Service fail to operate properly or if the third party resources accessible via the Services cause issues for the Licensee. While EBSCO will make best www.ebsco.com License for NoveList Select Page 12 efforts to help troubleshoot problems, Licensee acknowledges that certain aspects of functionality may be dependent on third party resource providers who may need to be contacted directly for resolution. III. PRICE AND PAYMENT A. License fees have been agreed upon by EBSCO and the Licensee, and include all retrospective issues of the Product as well as updates furnished during the term of this Agreement. The Licensee's obligations of payment shall be to EBSCO or its assignee. Payments are due upon receipt of invoice(s) and will be deemed delinquent if not received within thirty (30) days. Delinquent invoices are subject to interest charges of 12% per annum on the unpaid balance (or the maximum rate allowed by law if such rate is less than 12%). The Licensee will be liable for all costs of collection. Failure or delay in rendering payments due EBSCO under this Agreement will, at EBSCO's option, constitute material breach of this Agreement. If changes are made resulting in amendments to the listing of authorized Sites, Service and pricing identified in this Agreement pro rata adjustments of the contracted price will be calculated by EBSCO and invoiced to the Licensee and/or Sites accordingly as of the date of any such changes. Payment will be due upon receipt of any additional pro rata invoices and will be deemed delinquent if not received within thirty days of the invoice dates. B. Taxes, if any, are not included in the agreed upon price and may be invoiced separately. Any taxes applicable to the Service under this Agreement, whether or not such taxes are invoiced by EBSCO, will be the exclusive responsibility of the Licensee and/or Sites. IV. TERMINATION A. In the event of a breach of any of its obligations under this Agreement, Licensee shall have the right to remedy the breach within thirty (30) days upon receipt of written notice from EBSCO. Within the period of such notice, Licensee shall make every reasonable effort and document said effort to remedy such a breach and shall institute any reasonable procedures to prevent future occurrences of such breaches. If the Licensee fails to remedy such a breach within the period of thirty (30) days, EBSCO may (at its option) terminate this Agreement upon written notice to the Licensee. B. If EBSCO becomes aware of a material breach of Licensee's obligations under this Agreement or a breach by Licensee or Authorized Users of the rights of EBSCO or its licensors or an infringement on the rights of EBSCO or its licensors, then EBSCO will notify the Licensee immediately in writing and shall have the right to temporarily suspend the Licensee's access to the Service. Licensee shall be given the opportunity to remedy the breach or infringement within thirty (30) days following receipt of written notice from EBSCO. Once the breach or infringement has been remedied or the offending activity halted, EBSCO shall reinstate access to the Service. If the Licensee does not satisfactorily remedy the offending activity within thirty (30) days, EBSCO may terminate this Agreement upon written notice to the Licensee. C. The provisions set forth in Sections I, II and V of this Agreement shall survive the term of this Agreement and shall continue in force into perpetuity. V. NOTICES OF CLAIMED COPYRIGHT INFRINGEMENT EBSCO has appointed an agent to receive notifications of claims of copyright infringement regarding materials available or accessible on, through, or in connection with our services. Any person authorized to act for a copyright owner may notify us of such claims by contacting the following agent: Kim Gibbons, EBSCO Publishing, Inc., 10 Estes Street, Ipswich, MA 01938; phone: 978-356-6500; fax: 978-356-5191; email: www.ebsco.com License for Novelist Select Page 1 3 In contacting this agent, the contacting person must provide all relevant information, including the elements of notification set forth in 17 U.S.C. 512, VI. GENERAL A. Neither EBSCO nor its licensors will be liable or deemed to be in default for any delays or failure in performance resulting directly or indirectly from any cause or circumstance beyond its reasonable control, including but not limited to acts of God, war, riot, embargoes, acts of civil or military authority, rain, fire, flood, accidents, earthquake(s), strikes or labor shortages, transportation facilities shortages or failures of equipment, or failures of the Internet. B. This Agreement and the license granted herein may not be assigned by the Licensee to any third party without written consent of EBSCO. C. If any term or condition of this Agreement is found by a court of competent jurisdiction or administrative agency to be invalid or unenforceable, the remaining terms and conditions thereof shall remain in full force and effect so long as a valid Agreement is in effect. D. If the Licensee and/or Sites use purchase orders in conjunction with this Agreement, then the Licensee and/or Sites agree that the following statement is hereby automatically made part of such purchase orders: "The terms and conditions set forth in the Novelist Select License Agreement are made part of this purchase order and are in lieu of all terms and conditions, express or implied, in this purchase order, including any renewals hereof." E. This Agreement and our (Privacy Fohcy represent the entire agreement and understanding of the parties with respect to the subject matter hereof and supersede any and all prior agreements and understandings, written and/or oral. There are no representations, warranties, promises, covenants or undertakings, except as described in this Agreement and our (Privacy IPs: h y. F. EBSCO grants to the Licensee a non -transferable right to utilize any IP addresses provided by EBSCO to Licensee to be used with the Service. EBSCO does not transfer any ownership of the IP addresses it provides to Licensee. In the event of termination of the Licensee's license to the Service, the Licensee's right to utilize such IP addresses will cease. G. Information We Collect. All information that EBSCO collects when Licensee accesses, uses, or provides access to, the Databases and Services is subject to EBSCO's Privacy Eofi y, which is incorporated herein by reference. By accessing or using the Databases and/or Services, you consent to all actions taken by EBSCO with respect to your information in compliance with the Mvacy Pohcy. www.ebsco.com License for NoveList Select Page 14 DATA PROCESSING This Data Processing Addendum (the "Addendum") supplements the EBSCO License Agreement (the "Agreement") between the Customer ("Customer") and EBSCO Publishing, Inc. ("EBSCO"). Definitions 1.1 For the purpose of this Addendum the terms, "Controller," "Processor," "Data Subject," "Personal Data," "Personal Data Breach," "Processing," "Subprocessor," and "Supervisory Authority" shall have the same meanings as in applicable Data Protection Legislation, and their related terms shall be construed accordingly. 1.2 "Appropriate technical and organizational measures" shall be interpreted in accordance with applicable Data Protection Legislation. 1.3 "Customer Personal Data" means the Personal Data that is provided by Customer to EBSCO or that is processed by EBSCO on Customer's behalf in connection with the Agreement. 1.4 "Data Protection Legislation" means all applicable data protection and privacy legislation in force from time to time where EBSCO does business, including the General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council (the "GDPR"), the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC), the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100, et seq. (the "CCPA"), and all other applicable laws and regulations relating to the Processing of Personal Data, including any legislation that implements or supplements, replaces, repeals and/or supersedes any of the foregoing. 1.5 "International Data Transfer" means the transfer (either directly or via onward transfer) of Personal Data from within the European Economic Area/United Kingdom (as applicable) to a country not recognized by the European Commission as providing an adequate level of protection for Personal Data (as described in the GDPR). 1.6 "User Personal Data" means the Personal Data provided directly by Customer's end users to EBSCO through the products and services purchased by Customer. 2. Data Processing: EBSCO as Processor for Customer 2.1 Where Customer Personal Data is processed by EBSCO, EBSCO will act as the Processor and the Customer will act as the Controller. 2.1.1 Subject Matter. The subject matter of the Processing is the Customer Personal Data. 2.1.2 Duration. The Processing will be carried out for the duration set forth in the Agreement. 2.1.3 ilatuir�; and IP'ur ose. The purpose of the Processing is the provision of products and services to the Customer purchased by the Customer from time to time. 2.1.4 lygtof Customer Personal Data and Data � bye ts. Customer Personal Data consists of the following categories of information relevant to the following categories of Data Subjects: www.ebsco.com License for Novelist Select Page 1 5 (a) Representatives of Customer: name, address; email address; billing information; login credentials; geolocation data; and professional affiliation. (b) Customer's end users of the EBSCO products and services purchased by Customer (where personalized account information is provided to EBSCO by Customer): name; address; and email address. 2.2 EBSCO shall not Process Customer Personal Data other than on the Customer's documented instructions (as set forth in this Addendum or the Agreement or as otherwise directed by Customer in writing). EBSCO will not Process Customer Personal Data for any purpose, including for any commercial purpose, other than for the specific purpose of performing the services specified in the Agreement. If Processing of Customer Personal Data inconsistent with the foregoing provisions of this section is ever required by applicable Data Protection Legislation to which EBSCO is subject, EBSCO shall, to the extent permitted by applicable Data Protection Legislation, inform the Customer of that legal requirement before proceeding with the relevant Processing of that Customer Personal Data. 2.3 EBSCO will notify Customer promptly if, in EBSCO's opinion, an instruction for the Processing of Customer Personal Data infringes applicable Data Protection Legislation. 2.4 EBSCO shall ensure that all personnel who have access to and/or Process the Customer Personal Data are subject to confidentiality undertakings or professional or statutory obligations of confidentiality. 2.5 EBSCO shall, in relation to the Customer Personal Data, implement appropriate technical and organizational measures to protect against unauthorized or unlawful Processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data. When considering what measure is appropriate, each party shall have regard to the state of good practice, technical development and the cost of implementing any measures to ensure a level of security appropriate to the harm that might result from such unauthorized or unlawful Processing or accidental loss or destruction, and to the nature of the data to be protected. 2.6 EBSCO shall assist Customer, taking into account the nature of the Processing, (A) by appropriate technical and organizational measures and where possible, in fulfilling Customer's obligations to respond to requests from data subjects exercising their rights under Applicable Data Protection Legislation; (B) in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of the Processing and the information available to EBSCO; and (C) by making available to Customer all information reasonably requested by Customer for the purpose of demonstrating that Customer's obligations relating to the appointment of processors as set out in Article 28 of the GDPR have been met. 2.7 EBSCO shall promptly notify Customer upon becoming aware of any confirmed Personal Data Breach affecting the Customer Personal Data. 2.8 Upon termination of the Agreement, EBSCO shall, at Customer's election, securely delete or return Customer Personal Data and destroy existing copies unless preservation or retention of such Customer Personal Data is required by any applicable law to which EBSCO is subject. 2.9 EBSCO shall allow Customer and Customer's authorized representatives to access and review up-to- date attestations, reports, or extracts thereof from independent bodies (e.g., external auditors, data www.ebsco.com License for Novelist Select Page 1 6 protection auditors) or suitable certifications, or allow its procedures and documentation to be inspected or audited by Customer (or its designee) to ensure compliance with the terms of this Addendum. Any audit or inspection must be conducted during EBSCO's regular business hours without interrupting EBSCO's business operations, with reasonable advance notice (at least 45 days) to EBSCO and subject to reasonable confidentiality procedures. In addition, audits or inspections shall be limited to once per year. The scope of such audit shall be limited to documents and records allowing the verification of EBSCO's compliance with the obligations set forth in this Addendum and shall not include financial records of EBSCO or any records concerning EBSCO's other customers. Remote audits shall be utilized where possible, with on -site audits occurring only where a walkthrough of the premises is required. EBSCO shall, in the event of third -party subprocessing that is subject to Data Protection Legislation, (A) inform Customer and obtain its prior written consent (execution of this Addendum shall be deemed as Customer's prior written consent to such third -party subprocessing); (B) provide a list of third -party Subprocessors upon Customer's request; and (C) inform Customer of any intended changes to third -party Subprocessors, and give Customer a reasonable opportunity to object to such changes. If EBSCO provides Personal Data to third -party Subprocessors, EBSCO will include in its agreement with any such third -party Subprocessor terms which offer at least the same level of protection for the Customer Personal Data as those contained herein and as are required by applicable Data Protection Legislation. Data Processing: EBSCO as Joint Controller With Customer 3.1 EBSCO and Customer shall act as joint Controllers with respect to User Personal Data. 3.2 EBSCO shall be responsible for providing Customer's end user Data Subjects with the information required under GDPR Articles 13 and 14 (including by identifying a contact point for Data Subjects) before processing User Personal Data, and with informing Customer's end users of the essence of EBSCO's arrangement with Customer. 3.3 EBSCO shall provide Customer's end user Data Subjects with the ability to exercise their individual rights with respect to User Personal Data within a self-service portal. 4. International Data Transfer 4.1 To the extent that any Customer Personal Data is subject to any International Data Transfer, the parties agree to be bound by, and all terms and provisions of the Controller to Processor Standard Contractual Clauses adopted by the European Commission ("Processor Model Clauses") shall be incorporated by reference to this Addendum with the same force and effect as though fully set forth in this Addendum, wherein: 4.1.1 Customer is the "data exporter" and EBSCO International, Inc. is the "data importer;" and 4.1.2 The provisions of Module Two are incorporated; the provisions under Modules One, Three, and Four, the footnotes, and Clauses 9, 11(a) Option and 17 Option 1 are omitted; the clauses shall be governed by the law of Ireland; and the competent supervisory authority is Ireland. 4.2 To the extent that any User Personal Data is subject to any International Data Transfer, the parties www.ebsco.com License for Novelist Select Page 1 7 agree to be bound by, and all terms and provisions of the Controller to Controller Standard Contractual Clauses adopted by the European Commission ("Controller Model Clauses") shall be incorporated by reference to this Addendum with the same force and effect as though fully set forth in this Addendum, wherein: 4.2.1 Customer is the "data exporter" and EBSCO is the "data importer;" and 4.2.2 The provisions of Module One are incorporated; the provisions under Modules Two, Three and Four, the footnotes, and Clauses 9, 11(a) Option and 17 Option 1 are omitted; the clauses shall be governed by the law of Ireland; and the competent supervisory authority is Ireland. 4.3 The Processor Model Clauses and Controller Model Clauses shall be collectively, the "Standard Contractual Clauses." The applicable version of the Standard Contractual Clauses is those which were approved by the European Commission on June 4, 2021. In the event that the Standard Contractual Clauses are updated, replaced, amended or re -issued by the European Commission (with the updated Standard Contractual Clauses being the "New Contractual Clauses") during the term of this Addendum, the New Contractual Clauses shall be deemed to replace the Standard Contractual Clauses and the parties undertake to be bound by the terms of the New Contractual Clauses effective as of the date of the update (unless either party objects to such change) and the parties shall execute a form of the New Contractual Clauses. 4.4 The descriptions required by the Annexes of the Standard Contractual Clauses are replaced by the information in Schedule I, Schedule II, and Schedule III of this Addendum. 4.5 To the extent that the UK Information Commissioner's Office issues any standard contractual clauses for the purpose of making lawful International Data Transfers during the term of this Addendum that will impact the transfers of Customer Personal Data or User Personal Data (with such clauses being the "UK Standard Contractual Clauses"), to the extent possible, the UK Standard Contractual Clauses shall be deemed to be incorporated into this Addendum and the parties undertake to be bound by the terms of the UK Standard Contractual Clauses effective as of the date of their issuance (unless either party objects to such change) and the parties shall execute a form of the UK Standard Contractual Clauses. www.ebsco.com License for Novelist Select Page 18 List of Paris and Description of DataTransfers A. LIST OF PARTIES Data expoirteir(s): (Identity and contact details of the data exporter(s) and, where applicable, of its/their data protection officer and/or representative in the European Union] 1. Name: Address: Contact person's name, position and contact details: Activities relevant to the data transferred under these Clauses: Signature and date: Role (controller/processor): Controller and Joint Controller 2. Additional Information: EBSCO and Customer shall act as Joint Controllers with respect to User Personal Data (as defined in the Agreement). The Joint Controllers shall perform the following responsibilities accordingly: Customer � EBSCO _ - Personalization: Customer decides whether - p zational and implementation of organizational to enable features of personalized accounts technical measures in product o See Schedule II for details Authorize the processing of end user data by - Maintenance and Support of product EBSCO via the Agreement between parties o Security patches o Provide legal basis for processing end o Feature updates user data o Technical support o Establish the purposes and scope of o Availability and up -time processing - Data storage, including backups Implementation of technical and - Establish the purposes and scope of organizational measures to ensure security of processing via the Agreement between network Parties o •Access controls — provide guidelines - Data Subject Access Requests to EBSCO for authorizing who may o Receives and processes Data Subject access the product under the Access Requests and honors the data customer's subscription subject rights of information, access, Data Subject Access Requests rectification, erasure, restricted o As needed, provides details of processing, data portability, right to requests to EBSCO if request is object, and the right to avoid received by Customer from end users automated decision -making (in the event that an end user o Manages the contact form, email submits a request through Customer address, and phone number for rather than through EBSCO) intake of privacy requests www.ebsco.com License for Novelist Select Page 19 ..... _ — ..._........ Customer EBSCO _._.. _W...._. o , Upon request, notifies customer o p q f data subject request Provide legal basis for processing end user data o Agreement between parties establishes contract to provide services o Collection of individual consent and acceptance of terms of use, privacy policy, etc, from end users Incident response o Implementation of process o Notification of customer Subprocessors - vetting and notifying customer of new subprocessors Privacy Risk Assessments — conduct PRA/DPIA as needed for vendors, features, products, etc. which process personal information Data irnporter(s)° For Customer Personal Data: 1. Name: EBSCO International, Inc. Address: 10 Estes Street, Ipswich, MA 01938 Contact person's name, position and contact details: Activities relevant to the data transferred under these Clauses: Academic and scholastic research Signature and date: Role (controller/processor): Processor 2. Additional Information: Customer will act as the Controller of Customer Personal Data where Customer Personal Data is processed by EBSCO. EBSCO will act as the Processor of Customer Personal Data. "Customer Personal Data" means the Personal Data that is provided by Customer to EBSCO or that is processed by EBSCO on Customer's behalf in connection with the Agreement. For User Personal Data: Name: EBSCO International, Inc. Address: 10 Estes Street, Ipswich, MA 01938 Contact person's name, position and contact details: Activities relevant to the data transferred under these Clauses: Academic and scholastic research, creation of user profiles Signature and date: Role (controller/processor): Joint Controller and Processor www.ebsco.com License for Novelist Select Page 1 10 2. Additional Information: Customer will act as the Controller of User Personal Data where User Personal Data is processed by EBSCO. EBSCO will act as the Joint Controller of User Personal Data. "User Personal Data" means the Personal Data provided directly by Customer's end users to EBSCO through the products and services purchased by Customer. B. DESCRIPTION OF TRANSFER Categories of data subjects whose personal data is transferred: Entity information required for handling the subscription and users of applications, including but not limited to students, teachers, employees, authors. Categories of personal data transferred: First name, last name, email address, authentication information, search information, research notes. Sensitive Data transferred (if applicable), and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved: Not Applicable. The frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis): Continuous. Nature of the processing: Providing access to EBSCO databases; storing user information in customized profiles; facilitating the retrieval of user search history. Purpose(s) of the data transfer and further processing: To perform the obligations between the parties, per the Agreement, to provide research tools, to personalize the experience and to prevent harvesting. The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: As long as reasonably necessary, some personalization information will be held until deletion is requested by a customer or user. For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: Subject Matter: First name, last name, email address, authentication information, search information, research notes Nature of processing: The nature of processing includes the following: Data storage and software delivery, consent management, fulfilling data subject rights requests. Please also see Schedule III for the link to the Subprocessors for comprehensive information about how specific subprocessors process data. Duration: Continuous C. COMPETENT SUPERVISORY AUTHORITY The competent supervisory authority, in accordance with Clause 13, is the Supervisory Authority of Ireland. www.ebsco.com License for Novelist Select Page 1 11 Technical and Organizationa� Measures Including Technical and Organizational Measures -to Ensure -the Security of Data EBSCO shall maintain and use appropriate safeguards to prevent the unauthorized access to or use of Customer Personal Data and to implement administrative, physical and technical safeguards to protect Customer Personal Data. Such safeguards shall include: 1. Network and Application Security and Vulnerability Management: a. Measures of pseudo nyrnization and onraylLtion of personal dirt ,: Personal data is encrypted at rest using the 256-bit Advanced Encryption Standard (AES-256), and in transit using Transport Layer Security (TLS) encryption. Cryptographic key management is in place as outlined in National Institute of Science and Technology (NISI) standard 800-57. Measures for ergs arwi�m on oin confi l� e tim Vi e, it vat aiaihty arid resihence of pc r�cftssi�tems.and services: EBSCO has an ongoing commitment to certification against relevant International Organization for Standardization (ISO) standards, including ISO standards 27001, 27017, 27018 and 27701 both on -premise and at Amazon Web Services (AWS) managed data centers. EBSCO is hosted both within the Amazon Web Services platform and within legacy on premise data centers in Ipswich, MA and Boston, MA. Applications and data are distributed for purposes of high availability and resilience. Features such as automatic recovery and automatic scaling have been implemented. Applications together with their container configuration can be redeployed within minutes, if necessary. c. Measures for ensuring true �jbilitd Ito reskpre t!Le �vailabpBily gnd access to er5on�al d��ta 41 a timely manner in the event of a physical or technical incident. All applications and data are distributed across multiple nodes and the nodes are distributed across multiple availability zones within Amazon Web Services to ensure high availability of the service. The use of a container -based architecture further helps to ensure high availability of the service. For example, applications automatically restart if they encounter issues and if a specific node fails, it is removed from service and traffic is directed to the remaining 'healthy' nodes. Where appropriate, nodes are set to automatically scale to handle unexpected spikes in traffic. Regular service management meetings review the performance and future capacity needs of the service. The infrastructure enables horizontal and vertical scaling to be implemented with significantly reduced lead times compared to a physical infrastructure. For our legacy on premise, EIS employs two concurrent data centers with failover capabilities in the event that one of the sites experiences an outage. EBSCO's on -premise data centers are protected with uninterruptable power supplies, fire suppression systems and limited access only to personnel necessary for the ongoing operation of the data centers. EBSCO continuously monitors service availability. The current status can be found here: www.ebsco.com License for Novelist Select Page 1 12 Processes for repaularki Gestimtg, asses.sineand evaluating, the effectiveness of technical and organizational measures in order to ensure the ser;urit+ of the processing: EBSCO contracts third party penetration testing on an annual basis. In addition, vulnerability scans are conducted through an automated code deployment pipeline. Our production environment is scanned continuously. We employ a managed 24/7 security operations team to continuously monitor our environment. EBSCO regularly applies security updates to our environment following our comprehensive vulnerability management process. These updates are done on a rolling basis using a Scaled Agile Framework for Enterprises (SAFe). Organizational measures are reviewed twice annually, through an internal audit as well as an external audit conducted on an annual basis by accredited third party auditors. In addition, regular access reviews to sensitive data and systems are conducted on a regular basis. EBSCO continually evaluates the security of its network and associated Services to determine whether additional or different security measures are required to respond to security risks or findings generated by periodic reviews. e. Measures for the prategbon of data orfurin transmission: All data is encrypted in transit using TLS, both from the users' browser to the applications as well as data in transit between EBSCO systems and subprocessors. f. Measures for the protection of data Burin stora e: Personal Data is encrypted at rest using the 256-bit Advanced Encryption Standard (AES-256), All data storage is isolated from the public internet by a dedicated firewall to ensure only EBSCO personnel can access the database. g. Measures toa° ea'rsurin- sNtern configu�°° a oL. incqurSin�f,fault confugr,_ar° tioa Standardized system configurations are enforced through automated code deployment pipelines where appropriate. Measures for internal IT and IT securitv governance and mana ement: EBSCO's Governance Risk and Compliance (GRC) Team maintains the EBSCO Information Security and Privacy Management system (ISPMS). The ISPMS is continuously monitored and improved to conform to or exceed the standards required by ISO 27001, ISO 27701, ISO 27017, and ISO 27108. The EBSCO ISPMS is comprised of the ISMS -Information Security Management System and PIMS-Privacy Information Management System. External and internal audits of the ISPMS are performed on an annual basis. Security logs are monitored continuously. Measr.trgs for certification assurance of arocesses arad roducts:. In addition to the measures for internal IT management and IT security governance above, regular, mandatory training is delivered through an online learning platform to ensure all staff are familiar with their responsibilities and up to date with policies and procedures. Clear processes are in place to manage security related incidents and to liaise with law enforcement if required. j. Measures for ensuring data minimization: EBSCO follows best practices for minimizing data attributes to only those needed to perform www.ebsco.com License for NoveList Select Page 1 13 required functions and allow its customers and user patrons the ability to extend the minimum default data set if required. k. Me MLVes fm ensuring data _st_y: Institutions and end users have the ability to review and update their information through a self-service module, or through contacting EBSCO according to the Privacy Policy. Where applicable, data validation controls are implemented in our environment. 2. Logical access controls: Measures for user idenCification and authorization, A small number of the EBSCO Team with responsibilities for administering and supporting the system have access to the production environment and databases. This is strictly controlled by role and requires two -factor authentication to gain access. Customer Administrator access to end user data is only possible through using an EBSCOadmin administrator account. Only personnel designated by the customer and a small number of EBSCO's privileged users have access to this information. Customers have the ability to set up different authentication options. Options include, but are not limited to, integration through Single Sign On (SSO) using SAML 2.0, username and password, IP whitelist authentication, patron ID, Google Campus Activated Subscriber Access (CASA), Universal CASA and Cookies. 3. Secure media disposal controls: Measures for ensuring limited data retention; It is vital that personal data stored within EBSCO's systems meets the requirements for data privacy and protection and part of that is ensuring personal data is not retained beyond what is necessary for the defined purpose. In many cases, EBSCO allows the ability for customers to anonymize end user data by pseudonymized SSO configuration or removing the option for User Patrons to personalize. b. Measures for allowdag data portability and ensurpDera5aarf,1:, Upon request or through the self-service module, EBSCO customers can extract Database Usage Reports, Interface Usage Reports, Link Activity Reports, Login Usage Report and Title Usage Reports. This data can also be obtained upon request at contract termination, or at any time through EBSCOadmin. 4. Logging Controls: a. Measures for ensuring events to gl :: EBSCO allows customers to view database usage reports, interface usage reports, link activity reports, login usage reports and title usage reports through EBSCOadmin. EBSCO employs Security Information and Event Management (SIEM) logs across our resources. These logs are monitored internally by our information security team and 24/7 managed www.ebsco.com License for NoveList Select Page 1 14 security operations center (SOC). No customer action is required, and customers do not have access to these internal logs. Personnel Controls: Contracts for new staff and the onboarding process emphasize individual responsibilities for information security and the potential penalties for misuse. Staff resignations trigger an automated process to ensure access rights to EBSCO's systems are revoked in a timely fashion. The IT Acceptable Use Agreement covers the acceptable use of EBSCO's information assets. It is issued to both permanent and contract staff and forms part of the induction for new starters. Security awareness training is delivered through EBSCO's online training platform. It is delivered at least annually and is mandatory for all employees. 6. Physical security and environmental controls: a. Measures for ens. r4lkt1ginill data are rocessee : EBSCO is committed to ensuring the safety of its employees, contractors and assets and takes the issue of physical security very seriously. EBSCO has a comprehensive set of physical security controls which ensure that its data centers and offices are sufficiently protected. Access to data centers is limited only to necessary personnel, and all access is logged and reviewed for abnormalities. EBSCO also contracts with AWS for the processing of customer data. AWS provides world class security within their hosted data centers. For more information on physical security in AWS hosted environments see: htt s: aws.amazon.cQrn coNance data -center controls www.ebsco.com License for NoveList Select Page 1 15 List of Subprocessors MODULE TWO: Transfer controller to processor The controller has been notified of the use of the subprocessors linked below may be utilized at the time of contract execution. For an updated list of subprocessors, please see vvww,eb5;(.o,(:(:)rri/skAb1:)r()(:(,.c�sor�. www.ebsco.com License for Novelist Select Page 1 16 Agreement No. 7304 1. In the event of any conflicts between the following additional terms and the EBSCO License Agreement, Standard and NoveList Select, both updated in July 2024, these additional terms shall take precedent and govern. 2. TERMINATION. The City of El Segundo ("City" or "Licensee") can terminate this Agreement without cause, effective at the end of the then -applicable term on June 30, 2028, by providing written notice at least 30 calendar days prior to the renewal date of July 1, 2028. 3. INDEMNIFICATION. EBSCO agrees to the following: A. EBSCO indemnifies and holds City harmless from and against any claim, action, damages, costs (including, without limitation, attorney's fees), injuries, or liability, arising out of this Agreement, or its performance, except for such loss or damage arising from City's negligence, willful misconduct or unauthorized use of EBSCO's Databases or Services. Should City be named in any suit, or should any claim be brought against it by suit or otherwise, whether the same be groundless or not, arising out of this Agreement, or its performance, EBSCO will defend City (at City's request and with counsel satisfactory to City) and will indemnify City for any judgment rendered against it or any sums paid out in settlement or otherwise, to the extent the claim did not arise out of City's negligence, willful misconduct or unauthorized use of EBSCO's Databases or Services. B. Intellectual Property Infringement. Notwithstanding any provision to the contrary, EBSCO will, at its own expense, indemnify and defend City against any claim that the authorized use of EBSCO's services or work product furnished under this Agreement infringes a patent or copyright in the United States or Puerto Rico. In such event, EBSCO will pay all costs damages and attorney's fees that a court finally awards as a result of such claim. To qualify for such defense and payment, City must (a) give EBSCO prompt written notice of any such claim; and (b) allow EBSCO to control, and fully cooperate with EBSCO in the defense and all related settlement negotiations. City agrees that if the authorized use of EBSCO's Databases or Services or work product becomes, or EBSCO believes is likely to become, the subject of such an intellectual property claim, City will permit EBSCO, at its option and expense, either to secure the right for City to continue using EBSCO's services and work product or to replace it with comparable services and work product. C. For purposes of this section "City" includes the City of El Segundo and its elected and appointed officials, officers, employees, bnd volunteers. D. It is expressly understood and agreed that the foregoing provisions will survive termination of this Agreement. 4. INSURANCE. A. Before commencing performance under this Agreement, and at all other times this Agreement is effective, EBSCO will procure and maintain the following types of insurance with coverage limits complying, at a minimum, with the limits set forth below: Type of Insurance Limits Agreement No. 7304 Commercial general liability: $1,000,000 Professional Liability $1,000,000 Technology Errors and Omissions Liability $1,000,000 Cyber Liability $1,000,000 Privacy Liability $1,000,000 Workers compensation Statutory requirement B. Commercial general liability insurance will meet or exceed the requirements of ISO- CGL Form No. CG 00 01 11 85 or 88. The amount of insurance set forth above will be a combined single limit per occurrence for bodily injury, personal injury, and property damage for the policy coverage. Liability policies will be endorsed to name City, its officials, and employees as "additional insureds" under said insurance coverage and to state that such insurance will be deemed "primary" such that any other insurance that may be carried by City will be excess thereto. Such endorsement must be reflected on ISO Form No. CG 20 10 11 85 or 88, or equivalent. Such insurance will be on an "occurrence," not a "claims made," basis and will not be cancelable or subject to reduction except upon thirty (30) days prior written notice to City. C. Professional liability coverage will be on an "occurrence basis" if such coverage is available, or on a "claims made" basis if not available. Such insurance will have the same coverage and limits as the policy that was in effect during the term of this Agreement, and will cover EBSCO for all claims made by City arising out of any errors or omissions of EBSCO, or its officers, employees or agents during the time this Agreement was in effect. D. Technology Errors and Omissions Liability Insurance will cover all third party claims arising out of any act, error, omission or breach of contract provision of EBSCO's technology services, including loss arising from destruction of data, in the amount set forth above per occurrence. E. Cyber Liability Insurance to cover all third party loss from hacking attack or virus emanating from or passed through EBSCO's computer system or a cloud provider's system into City's systems in the amount set forth above per occurrence. F. Privacy Liability Insurance to cover all security breach and notification cost resulting in actual loss of personal information or any other records considered confidential for the City's data located on service providers servers or on a cloud computing provider's system in the amount set forth above per occurrence. G. Each such liability policy shall name the City of El Segundo as an Additional Insured for such liability of the City, and each such first -party shall name the City as a Loss Payee. EBSCO will furnish to City duly authenticated Certificates of Insurance evidencing maintenance of the insurance required under this Agreement and such other evidence of insurance or copies of policies as may be reasonably required by City from time to time. Insurance must be placed with insurers with a current A.M. Best Company Rating equivalent to at least a Rating of "A:VII." Agreement No. 7304 H. Should EBSCO, for any reason, fail to obtain and maintain the insurance required by this Agreement, City may obtain such coverage at EBSCO's expense and deduct the cost of such insurance from payments due to EBSCO under this Agreement or terminate this Agreement. CITY OF EL SEGUNDO, a general law city Darrell George, City Manager EBSCO PUBLISHING, INC. an Alabama corporation Alex Saltm n SVP, Inside Sales ATTES Taxpayer ID No. 63-6014186 Susan Truax, City Clerk APPROVED AS TO FORM: MARK D. HENSLEY, City Attorney Joaquin, , a que :, Assistai City Attorney mv, Mary Sha Brennan, Risk Iate r