Second Amendment to Master Services Agreement effective as of August 1, 2012 by and between Graphic Packaging International, Inc. and Dell Marketing L.P. (as assignee of Perot Systems Corporation)
EX-10.23 3 exhibit1023dellassignmenta.htm EXHIBIT 10.23 Exhibit
SECOND AMENDMENT EXECUTION COPY
ASSIGNMENT AND ASSUMPTION AGREEMENT
KNOW ALL MEN BY THESE PRESENTS, that the undersigned, PEROT SYSTEMS CORPORATION, a Delaware corporation ("Assignor"), for and in consideration of the payment of such good and valuable consideration, including the assumption of the debts, liabilities and obligations of Assignor under the contract referenced on Exhibit A (the "Contract") by DELL MARKETING L.P., a Texas limited partnership ("Assignee"), the receipt and adequacy of which consideration are hereby acknowledged, does hereby assign, transfer, grant, bargain, sell and deliver to Assignee, its successors and assigns, the Contract, including all of its rights and privileges thereunder, to and for their own use and benefit forever.
Assignee does hereby assume, and agrees to pay, perfmm and discharge, the debts, liabilities and obligations of Assignor under the Contract, including any such debts, liabilities and obligations arising prior to the date hereof.
Assignor, for itself, its successors and assigns, irrevocably constitutes and appoints Assignee, its successors and assigns, and each of them, the true and lawful attorney of Assignor, its successors and assigns, with full power of substitution and gives and grants unto Assignee, its successors and assigns, and each of them, full power and authority in the name of Assignor, its successors and assigns, at any time and from time to time, to demand, sue for, recover and receive any and all rights, demands, claims and causes of action of every kind and description whatsoever incident or relating to the Contract, for the purpose of fully vesting in Assignee, its successors and assigns, all and singular, all the right, title and interest in and to the Contract.
This instrument shall be binding on, and inure to the benefit at: each party and its successors and assigns. This Assignment and Assumption Agreement may be executed in one or more counterparts for the convenience of the parties hereto, all of which together shall constitute one and the same instrument.
This Assignment and Assumption Agreement shall be govemed by, and construed and interpreted in accordance with, the substantive laws of the State of Georgia, without giving effect to any conflict-of-laws rule or principle that might result in the application of the laws of another jurisdiction.
[Signatures appear onfollowing page.]
LEGAL02/33539708v3
SECOND AMENDMENT
EXECUTION COPY
IN WITNESS WHEREOF, this Assignment and Assumption Agreement is
executed as of August 1, 2012 .
ASSIGNOR: ASSIGNEE:
PEROT SYSTEMS CORPORATION DELL MARKETING L.P.
By: _ By: _
Name:
----------------------
Name:
---------------------
Title: Title:
Graphic Packaging lntemational, Inc. hereby consents to the assignment of the
Contract from Assignor to Assignee as described herein.
This consent will not amend the terms of the Contract in any manner and, except for the consent set forth below, will not result in the waiver of any ofthe parties' rights or obligations thereunder.
GRAPHIC PACKAGING INTERNATIONAL, INC.
y--
Name: ZJa..v,p( /A/ . ..St-4"' 'il/e_
Title: .>-;:/,.,.) f_...Ct.:- 0
LEGA1.02 /33539708v3
SECOND AMENDMENT EXECUTION COPY
EXHIBIT A
THE CONTRACT
Master Service Agreement dated November 29, 2007 by and between Perot Systems Corporation ("PSC") and Graphic Packaging International, Inc. ("GPI"), including any amendments and ancillary agreements thereto.
LEGAL02/33539708v3
Schedule 10.9
Data Transfer Agreement
Controller to Processor or Sub-processor Agreement
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, the Parties have agreed on the following Contractual Clauses (the "Clauses") in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
Clause 1
·oefinit'ions
For the purposes of the Clauses:
(a) | "personal data", "special categories of data", "process/processing", "controller", "processor", "data subject" and "supervisory authority" shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; |
(b) | "the data exporter" shall mean the controller who transfers the personal data; |
(c) | "the data importer" shall mean the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of these Clauses and who is not subject to a third country's system ensuring to adequate protection within the meaning of Article 25(1) of Directive 95/46/EC; |
(d) | "the sub-processor" means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be |
carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
(e) | "the applicable data protection law" means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established; and |
(f) "technical and organisational security measures" means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
GPI- Dell Confidential
LEGAL02/33540221v2
1 Schedule 10.9
Clause 3
Third-party beneficiary clause
1. | The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to 0), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary. |
2. | The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. |
3. | The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to outs own processing operations under the Clauses. |
4. | The Parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law. |
Clause 4
Obligations of the data exporter The data exporter agrees and warrants:
(a) | that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, |
where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
(b) | that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses; |
(c) | that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this Schedule 4; |
(d) | that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlaw1ul destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlaw1ul forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; |
GPI- Dell Confidential
LEGAL02133540221v2
1 | Schedule 10.9 |
(e) | that it will ensure compliance with the security measures; |
(f) | that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; |
(g) | to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; |
(h) | to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; |
(i) | that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and |
U) that it will ensure compliance with Clause 4(a) to (i).
Clause 5
Obligations of the data importer The data importer agrees and warrants:
(a) | to process the personal data only on behalf of the data exporter and in compliance with its |
instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(b) | that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data |
exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
(c) | that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred; · |
(d) | that it will promptly notify the data exporter about: |
(i) | any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation; |
(ii) any accidental or unauthorised access; and
(iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;
GPI- Dell Confidential
LEGAL02/33540221v2
2 | Schedule 10.9 |
(e) | to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred; |
(a) | at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority; |
(b) | to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter; |
(c) | that, in tlie event of sub-processing, it has previously informed the data exporter and obtained its prior written consent; · |
(d) | that the processing services by the sub-processor will be carried out in accordance with Clause 11; and |
U) | to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter. |
Clause 6
Liability
1. | The Parties agree that a data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered_ |
2. | If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any |
successor entity has assumed the entire legal obligations of the data exporter by contract or by
operation of law, in which case the data subject can enforce its rights against such entity.
The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
3. | If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Cause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject an enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses. |
GPI- Dell Confidential
LEGAL02/33540221 v2
4 Schedule 10.9
Clause 7
Mediation and jurisdiction
1. | The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject: |
(a) | to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority; |
(b) | to refer the dispute to the courts in the Member State in which the data exporter is established. |
2. | The Parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law. |
Clause 8
Cooperation with supervisory authorities
1. | The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law. |
2. | The Parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law. |
3. | The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b). |
Clause 9
Governing law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Clause 10
Variation of the contract
The Parties undertake not to vary or modify the Clauses. This does not preclude the Parties from adding clauses on business related issues where required as long as they do not contradict the Clauses.
Clause 11
Sub-processing
1. | The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes |
GPI- Dell Confidential
LEGAL02/33540221v2
5 Schedule 10.9
SECOND AMENDMENT EXECUTION COPY
the same obligations .on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor of the sub-processor's obligations under such agreement.
2. | The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses. |
3. | The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established. |
4. | The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 50), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority. |
Clause 12
Obligation after the termination of personal data-processing services
1. | The Parties agree that on the termination of the provision of data processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore. |
2. | The data importer and the sub-processor warrant that upon the request of the data exporter and/or of the supervisory authority, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1. |
[Signatures on following page]
GPI- Dell Confidential
LEGAL02/33540221 v2
6 Schedule 10.9
SECOND AMENDMENT EXECUTION COPY
On behalf of the data exporter :
Name (written out in full) :
Position :
Address :
fort e contract to be binding (if any)
(stamp of organisation)
On behalf of the data importer: Name (written out in full) :
Position:
Address:
Other information necessary in order for the contract to be binding (if any):
Signature ... ............ ...............................
(stamp of organisation)
GPI- Dell Confidential
LEGAL02/33540221 v2
1 | Schedule 10.9 |
SECOND AMENDMENT EXECUTION COPY
Appendix 1
Data exporter
The data exporter is a Party which is a signatory to this Agreement and which is the exporter of personal data to the data importer.
Data importer
The data importer is a Party which is a signatory to this Agreement and which is the recipient of personal data which is exported by the data exporter to it.
Data subjects
The personal data transferred concern the following categories of data subjects:
• | Past, present and prospective employees, volunteers, interns and partners. |
• | Past, present and prospective clients. |
• | Past, present and potential advisors, consultants, suppliers, contractors, subcontractors and agents. |
• | Complainants, correspondents, visitors and enquirers. |
•Beneficiaries, parents and guardians. Categories of data
The personal data transferred concern the following categories of data:
• | Contact details (which may include name, address, email address, telephone, fax, emergency contact details and associated local time zone information). |
• | Employment details (which may include company name, job title, grade, demographic, time recording and location data, nationality and export compliance status). |
• | IT systems and operational information (which may include voice, video and data recordings, user ID and password details, computer name, domain name, IP address, software and hardware inventory, security camera and software usage pattern tracking information, i.e. cookies, and information recorded for operational or training purposes). |
• | Data subjects' email content, online interactive and voice communications (such as blogs, chat, webcam and networking sessions) and transmission data which is available on an incidental basis for the provision of information technology consultancy, support and services (incidental access may include accessing the content of email communications and data relating to the sending, routing and delivery of emails). |
• | Details of goods or services provided to or for the benefit of data subjects. |
• | Financial and government and tax identifier details (e.g. credit, payment, bank details and Nl or social security number). |
GPI- Dell Confidential
LEGAL02/33540221v2
2 | Schedule 10.9 |
SECOND AMENDMENT EXECUTION COPY
Special categories of data
The personal data transferred concern the following special categories of data:
Personal data which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union opinions, memberships or activities, social security files, data concerning health (including physical or mental health or condition), sexual life and information regarding criminal offences or alleged offences and any related court proceedings, any information identified through use of whistle blowing hotlines and shall include special categories of data as defined in Article 8 of Directive 95/46/EC.
Processing operations
The personal data transferred will be subject to the following basic processing activities:
Any operation with regard to personal data irrespective of the means applied and procedures, in particular, the obtaining, collecting, recording, organising, storage, holding, use, amendment, adaptation, alteration, disclosure, dissemination or otherwise making available, aligning, combining, retrieval, consultation, archiving, transmission, blocking, erasing, or destruction of data, the operation and maintenance of systems, management and management reporting, financial reporting, risk management, compliance, legal and audit functions and shall include "processing" which shall have the meaning given to such term in Directive 95/46/EC.
GPI- Dell Confidential
LEGAL02/33540221 v2
9 Schedule 10.9
EXEClJTION Corv
Appendix 2
Description of the technical and organisational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c):
Dell takes information security seriously. This information security overview applies to Dell's corporate controls for safeguarding personal data which is processed and transferred amongst Dell group companies. Dell's information security program enables the workforce to understand their responsibilities. Some customer solutions may have alternate safeguards outlined in the statement of work as agreed with each customer.
Security Practices
Dell has implemented corporate information security practices and standards that are designed to safeguard Dell's corporate environment and to address: (1) information security; (2) system .and asset management; (3) development; and (4) governance. These practices and standards are approved by the Dell CIO and undergo a formal review on an annual basis.
Organisational Security
It is the responsibility of the individuals across the organisation to comply with these practices and standards. To facilitate the corporate adherence to these practices and standards, the function of information security provides:
1. | Strategy and Compliance with policies/standards and regulations, awareness and education, risk assessments and management, contract security requirements management, application and infrastructure consulting, assurance testing and drives the security direction of the company. |
2. | Security testing, design and implementation of security solutions to enable security controls adoption across the environment. |
3. | Security operations of implemented security solutions, the environment and assets, and manage incident response. |
4. | Forensic investigations with security operations, legal, data protection and human resources for investigations including eDiscovery and eForensics. |
Asset Classification and Control
Dell's practice is to track and manage physical and logical assets. Examples of the assets that Dell IT might track include:
• | Information Assets, such as identified databases, disaster recovery plans, business continuity plans, data classification, archived information. |
• | Software Assets, such as identified applications and system software. |
• | Physical Assets, such as identified servers, desktops/laptops, backup/archival tapes, printers and communications equipment. |
The assets are classified based on business criticality to determine confidentiality requirements. Industry guidance for handling personal data provides the framework for technical, organisational and physical
GPI- Dell Confidential
LEGAL02/33540221v2
1 | Schedule 10.9 |
safeguards. | These may include controls such as access management, encryption, logging and monitoring, and |
data destruction.
Personnel Security
As part of the employment process, employees undergo a screening process applicable per regional law. Dell's annual compliance training includes a requirement for employees to complete an online course and pass an assessment covering information security and data privacy. The security awareness program may also provide materials specific to certain job functions.
Physical and Environmental Security
Dell uses a number of technological and operational approaches in its physical security program in regards to risk mitigation. The security team works closely with each site to determine appropriate measures are in place and continually monitor any changes to the physical infrastructure, business, and known threats. It also monitors best practice measures used by others in the industry and carefully selects approaches that meet both uniqueness in business practice and expectations of Dell as a whole. Dell balances its approach towards security by considering elements of control that include architecture, operations, and systems.
Communications and Operations Management
The IT organisation manages changes to the corporate infrastructure, systems and applications through a centralised change management program, which may include, testing, business impact analysis and management approval, where appropriate.
Incident response procedures exist for security and data protection incidents, which may include incident analysis, containment, response, remediation, reporting and the return to normal operations.
To protect against malicious use of assets and malicious software, additional controls may be implemented, based on risk. Such controls may include, but are not limited to, information security practices and standards; restricted access; designated development and test environments; virus detection on servers, desktops and notebooks; virus email attachment scanning; system compliance scans; intrusion prevention monitoring and response; logging and alerting on key events; information handling procedures based on data type, e-commerce application and network security; and system and application vulnerability scanning.
Access Controls
Access to corporate systems is restricted, based on procedures to ensure appropriate approvals. To reduce the risk of misuse, intentional or otherwise, access is provided based on segregation of duties and least privileges.
Remote access and wireless computing capabilities are restricted and require that both user and system safeguards are in place.
Specific event Jogs from key devices and systems are centrally collected and reported on an exceptions basis to enable incident response and forensic investigations.
System Development and Maintenance
Publicly released third party vulnerabilities are reviewed for applicability in the Dell environment. Based on risk to Dell's business and customers, there are pre-determined timeframes for remediation. In addition, vulnerability scanning and assessments are performed on new and key applications and the infrastructure based on risk. Code reviews and scanners are used in the development environment prior to production to
GPI- Dell Confidential
LEGAL02/33540221v2
2 | Schedule 10.9 |
proactively detect coding vulnerabilities based on risk. These processes enable proactive identification of vulnerabilities as well as compliance.
Compliance
The information security, legal, privacy and compliance departments work to identify regional laws and regulations applicable to Dell corporate. These requirements cover areas such as intellectual property of the company and our customers, software licenses, protection of employee and customer personal information, data protection and data handling procedures, trans-border data transmission, financial and operational procedures, regulatory export controls around technology, and forensic requirements.
Mechanisms such as the information security program, the executive privacy council, internal and external audits/assessments, internal and external legal counsel consultation, internal controls assessment, internal penetration testing and vulnerability assessments, contract management, security awareness, security consulting, policy exception reviews and risk management combine to drive compliance with these requirements.
GPI- Dell Confidential
LEGAL02/33540221 v2
12 Schedule 10.9
Second Amendment to
Master Services Ag1·ecment
The Master Services Agreement dated as of November 29,2007, consisting of the terms and conditions set forth therein and the attached schedules, all as previously amended, (the "Agreement") by and between Graphic Packaging International, Inc. ("GPI") and Perot Systems Cmporation is hereby amended effective as of August I, 2012 ("Second Amendment Effective Date") by this Second Amendment ("Second Amendment"). The Parties to this Second Amendment are GPI and Dell Marketing L.P. ("Dell") (as assignee of Perot Systems Corporation). Capitalized terms used without definition in this Second Amendment have the meanings provided in the Agreement. In the event of any contlict or inconsistency between the tem1s and conditions of this Second Amendment and those of the Agreement, the te1ms and conditions of this Second Amendment shall control to the extent of such contlict or inconsistency. All other terms and conditions in the Agreement not amended by this Second Amendment shall remain in full force and effect.
In consideration of the terms and conditions of this Second Amendment and the Agreement, and for other good and valuable consideration, the receipt and sufficiency of which the Parties acknowledge, the Parties agree as follows:
1.Term of Agreement. Section 1.2 (Term) of the Agreement is deleted m its entirety and replaced with the following:
The term of this Agreement (the 'Term") will begin on the Effective Date and, unless te1minated earlier pursuant to Article XV (Termination) or extended pursuant to Section 1.3 (Extension), will continue until 11:59 p.m. Atlanta, Georgia time on July 31, 2017 (the "Term Expiration Date").
2.Extension. Section 1.3(b) of the Agreement is deleted in its entirety and replaced with the following:
Notwithstanding Section l.3(a), GPI shall have two (2) options to extend the Term for a period of up to twelve (12) months each (each such twelve (12) month period, an "Option Period"), resulting in aggregate Option Periods of up to twenty-four (24) months. Dell will provide Notice to GPI of the Term Expiration Date no less than one hundred twenty (120) days prior thereto, and, if Dell has provided such Notice to GPI in accordance with this Section 1.3(b), then GPI shall be deemed to have elected to exercise its option to extend the Term for twelve (12) months unless, by sixty (60) days prior to the Term Expiration Date, GPI provides Notice to Dell that it either (i) declines to extend the Term or (ii) elects to extend the Tetm but specifies a first Option Period of less than twelve (12) months. If GPI elects (or is deemed to have elected) to extend the Term for a first Option Period, then Dell also will provide Notice to GPI of the expiration of the first Option Period no less than one hundred twenty (120) days prior thereto, and, if Dell has provided such
Notice to GPI in accordance with this Section 1.3(b), then GPI shall be deemed to have elected to exercised its option to extend the TClm for twelve (12) months following the
GPI/De/1 Cmifidential
LEGAL02/33539525v3
expiration of the first Option Period unless, by sixty (60) days prior to the expiration of the first Option Period, GPI provides Notice to Dell that it either (i) declines to extend the Term or (ii) elects to extend the Term but specifies a second Option Period of less than twelve (12) months. Dell will provide the Notices described in this Section l.3(b) to both the GPI recipients identified in Section 21.8 (Notices) and the Vice President ofiT Operations at GPI, all in accordance with Section 21.8 (Notices). GPI may also exercise its right to extend the Term for the Option Periods by providing Dell with Notice of such election no less than sixty (60) days prior to the original Term Expiration Date (in the case of GPI's exercise of its right to extend the Tetm for the first Option Period), and no less than sixty (60) days prior to the expiration of the first Option Period (in the case of GPI's exercise of its right to extend the Tenn for the second Option Period), regardless of whether Dell has provided Notice of the Tenn Expiration Date or the expiration of the first Option Period as provided in this Section 1.3(b). Each such extension shall be at the Charges and terms and conditions in effect (i) as of the Term Expiration Date, in the case of the first Option Period; and (ii) as of the expiration of the first Option Period, in the case of the second Option Period.
1.Procedures Manual. Dell will update the Procedures Manual as appropriate to ensure the policies and procedures as set out in the Procedures Manual are accurate and complete in accordance with Section 3.3 (Procedures Manual) of the Agreement on and after the Amendment Date, and deliver the updated Procedures Manual to GPI within ninety (90) days after the Amendment Date. The updated Procedures Manual will be subject to the written approval of GPI and Dell pursuant to the Contract Change Control Procedures.
2. | Payment Terms. |
1.Section 4.2(a) (Monthly Invoice) is deleted in its entirety and replaced with the following:
(a) Monthly Invoice. Not before the fifteenth (151h) calendar day of each calendar month (the "Base Month"), Dell will provide GPI with an invoice (the "Monthly Invoice") setting forth the following: (i) the Monthly Service Charges for the Designated Services to be provided by Dell during that Base Month; and (ii) Adjustments to the Charges relating to Designated Services performed during the month prior to the Base Month (e.g., if the Base Month is April, the Adjustments will be made to Charges for Designated Services performed in March). Together with each Monthly Invoice, Dell will deliver to GPI such reports as are necessary for GPI to understand, evaluate and independently calculate the Adjustments reflected in the Monthly Invoice and to track its intemal use of the Designated Services for charge back purposes. Subject to Section 4.3 (Disputed Invoices), GPI will pay all amounts on the Monthly Invoice within sixty (60) days after receipt, by means of a wire transfer or other electronic means reasonably acceptable to Dell. Interest will accrue on unpaid undisputed invoiced Charges, and on unpaid disputed invoiced Charges that are in excess of the Disputed Charges Limitation, at the rate of one percent (I%) per month, commencing on the first day after such Charges were due.
GP//De/1 Confidential 2
LEGAL02/33539525v3
2. | Section4.3(e) is deleted in its entirety and replaced with the following: |
(e) If it is finally determined, pursuant to the Dispute Resolution Procedures, that GPI owes Dell any withheld disputed amounts, then GPI will pay Dell such amounts, plus interest thereon accruing from the date such amounts were actually due (i.e., sixty (60) days following the date such amounts were invoiced) at the rate of one percent (1%) per month;
3.Benchmarking. Section 5.1(a) of the Agreement is deleted in its entirety and replaced with the following:
(a)GPI may, beginning in the 12'h month following the Second Amendment Effective Date, measure the Charges under this Agreement as compared to other organizations receiving similar services (a "Benchmark"). At the option of GPI, for each Benchmark, GPI may Benchmark (a) all Designated Services or (b) the Designated Services under one or more Service Towers (the "Benchmarked Services"). GPI may not perform a Benchmark more frequently than twice during the Term. Furthennore, GPI may not Benchmark a New Service during the first twelve
(12) months after Dell commences delivery of such New Services; provided that GPI
may Benchmark the Service Tower that includes the New Service during such twelve
(12) month period, but may not include such New Service in the Benchmark.
4.Technology Plan. Section 8.l(b) (Technology Plan) of the Agreement is deleted in its entirety and replaced with the following:
(b)Technology Plan. GPI and Dell will jointly prepare a technology plan that addresses GPI's service and technology requirements (the "Technology Plan"). The Technology Plan will include, among other things (i) a comprehensive assessment and strategic analysis of the Designated Services, (ii) an analysis of the Software and Equipment then utilized in connection with the Designated Services and whether modifications are necessary, and (iii) perfonnance discussion of Key Personnel. The Technology Plan will also include a three (3) year roadmap setting direction and planning for the Designated Services and the teclmologies used by Dell therein (including all Equipment and Software used therein), taking into account GPI's business priorities and strategies, and competitive market forces. At each Semi-Annual Technology Review Meeting, the Parties will update the Technology Plan. Such updates should include specific information regarding requirements, upcoming Projects and such other infonnation that the Pmties believe should be included in short-term plmming. At the second Semi-Annual Technology Review Meeting for a Contract Year, the Parties will review the Technology Plan and update, as appropriate, the three (3) year technology roadmap. The Parties agree that they will use reasonable commercial efforts to use the resources theretofore allocated to the GPI account to accommodate any change to the Technology Plan, and that Dell will attempt to mitigate increases, if any, to the Charges to accommodate such change. Notwithstanding the foregoing and except as set forth in Section 8.1(c) (Changes to Technology Plan) the Parties will agree at the Semi-Annual Technology Review Meetings, upon any increased Charges for a change to the Technology Plan,
GPI/Dell Confidential 3
l.EGAL02/33539525v3
EXECUTION COI'Y
and unless any such changes to Charges are agreed upon at the Semi-Annual Teclmology Review Meetings, all work related to a change to the Technology Plan will be included in the then-existing Charges. The Patties agree to cooperate in good faith to prepare and finalize the Technology Plan within the first ninety (90) days following the Second Amendment Effective Date.
5. | Data Transfer Agreement. New Section 10.9 (Data Transfer Agreement) IS |
added to the Agreement as follows:
10.9 Data Transfet· Agreement. On or about the Second Amendment Effective Date, Dell as the data processor and GPI as the data controller will execute and deliver, as an addendum to this Agreement, the standard contractual clauses for international transfers of personal data that are included within European Commission Decision 2010/87/EU, in the fonn attached as Schedule 10.9 (Data Transfer Agreement). For the purposes of this Section 10.9 and Section 13.1(a), "personal data", "process/processing", "controller", and "processor" shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
1.Data. Section 13.1(a) of the Agreement is deleted in its entirety and replaced with the following:
(a)Ownership and Use of Data. As between Dell and GPI, GPI Data is the exclusive property of GPI. Dell will use the GPI Data only in connection with providing the Designated Services and conducting necessary testing pursuant to this Agreement, all in accordance with Dell's obligations under this Agreement. GPI has and will have the right to transfer to Dell such GPI Data that GPI transfers to Dell that constitutes personal data. Dell has and will have the right to transfer to GPI the personal data that Dell transfers to GPI hereunder or that Dell otherwise requires to transfer to GPI to administer lawful business processing by Dell, except to the extent such personal data is GPI Data covered by GPI instructions. Except as otherwise expressly agreed in writing, Dell will not, and will not attempt to, sell, license, provide, disclose, use, pledge, hypothecate and/or in any other way transfer the GPI Data. All such attempts by Dell will be void, without legal effect and deemed a material breach of this Agreement. All access to GPI Data will be subject to the Confidentiality provisions set forth in Section 13.2 (Confidentiality).
2.Disentanglement Services. Section 15.12(a) of the Agreement is deleted in its entirety and replaced with the following:
1. | Termination Assistance. |
(a)For a period specified by GPI in its discretion, commencing on the date designated by GPI, which may be no earlier than the first to occur of (i) the date on which GPI provides notice of termination, or (ii) ninety (90) days prior to the applicable date of expiration, and ending no later than twenty-four (24) months
GPI/Dell Co!fidential 4
LEGAL02/33539525v3
following the expiration or termination of this Agreement or any Service Tower for any reason (the "Termination Assistance Period"), Dell will perfonn, at the request of GPI, the terminated or expired Designated Services and provide to GPI or a Successor Provider any and all assistance
reasonably requested by GPI to allow the tenninated or expired Designated Services to continue without interruption or adverse effect, to mitigate any disruption to GPI's business, and to facilitate the orderly transfer of responsibility for the terminated or expired Designated Services to GPI or one or more Successor Providers (collectively, the "Termination Assistance Services"). GPI acknowledges that Dell may require the Successor Provider to enter into a commercially reasonable confidentiality agreement prior to Dell sharing any Dell Confidential Information with such Successor Provider.
I 0. Export Controls. Section 10.4(b) of the Agreement is deleted in its entirety and replaced with the following:
(b) Each Party agrees to comply with (i) all United States expmtlaws and regulations issued by any U.S. Governmental Authority that govem the export or reexport of Software, hardware or technology provided hereunder (the "Products") and any of the Designated Services, including without limitation the U.S. Export Administration Regulations, the International Traffic in Arms Regulations ("ITAR") and any regulations administered by the Depm1ment of the Treasury's Office of Foreign Assets Control, and (ii) any applicable Laws and regulations of countries other than the United States that govern the importation, use, export or reexport of the Products and Designated Services. Each Party further agrees (a) to obtain appropriate export authorizations, consents or licenses that may apply to such Party's export of any Products or Designated Services, and (b) to comply with any conditions that are contained in any export licenses pertaining to the Products upon notice of such conditions by the other Pmty. Without limiting the generality of the foregoing, neither Party will export or reexport, directly or indirectly, any of the Products or Designated Services to Cuba, Iran, Libya, Syria, Sudan or Nmth Korea. Each Party agrees to comply with any reporting requirements that may apply to the export or reexpm1 of the Products and Designated Services and to provide to the other Party or the appropriate Govemmental Authority any periodic reports containing such information as may be required under applicable Law. Dell further agrees to provide GPI with Notice of any federal, state, or local U.S. taxes or tariffs that may apply to import, export or reexport of any Products or Designated Services, and, either GPI will pay such taxes or tariffs or, at the request of GPI, Dell will pay any such taxes or tariffs and GPI will promptly reimburse Dell for the amount so paid by Dell. Notwithstanding the foregoing, the Parties do not anticipate the need to disclose technical data that is subject to ITAR. Accordingly, each Party agrees that it will shall not provide any !TAR-controlled information to the other Party unless (I) the disclosing Pmty provides prior Notice to the receiving Party specifically identifying the type of ITAR-controlled information to be disclosed and the purpose for the disclosure, and (2) the receiving Party, upon receipt of the requisite Notice, gives its Notice to the disclosing Party of its consent to receive the !TAR-controlled information.
GPJ/De/1 Coi!fidential 5
J.EGAL02/33539525v3
I.SSAE 16 Reviews. Section 14.9 (SAS 70 Reviews) of the Agreement is deleted in its entirety, re-titled "SSAE 16 Reviews" and replaced with the following:
(a)Dell will cause its independent auditor to perform no fewer than one
(1) Service Organization Controls I ("SOCJ") Type II Review (a "SOC! Review") under Statement on Standards for Attestation Engagements (SSAE") No. 16 (or its successor standard) per calendar year for each Dell Service Location that is a data center from which the Designated Services are provided.
Dell will provide GPI with SOC! reports from the SOC! Reviews (each, a "SOC! Report") within thirty (30) days of receipt of the SOC I Reports from the independent auditor on approximately November I of each year. The audit period covered by the SOC 1 Reports is January I to September 30 of each year.
(b)Prior to initiating the SOC! Review in subsection (a), Dell will Notify GPI if the scope of the upcoming review differs, in any material respect, from the scope of the prior year's SOC! Review. GPI may request that Dell modify the scope of the SOC! Review such that GPI can reasonably rely upon the SOC! Review as evidence (assnming a favorable result from such review) that Dell's internal controls are effective in order that GPI and the GPI Auditors can make their necessary or required attestations, certifications or other statements that GPI's internal controls over its financial repmiing are adequate in accordance with Section 404 of Sarbanes Oxley ("Section 404"). Dell will consider GPI's request, and if practicable Dell will incmporate any such scope modifications; provided that it will not be deemed practical for Dell to implement such scope changes if doing so would cause Dell to incur additional costs or would have a negative impact on its other customers in the applicable data center. If Dell does not incorporate such modifications in accordance with the previous sentence, or if after GPI receives the SOC! Report and determines that an additional audit is necessary for it to meet its control requirements, then Dell, at the request of GPI, will request its independent auditor performing the SOC! Review in subsection (a) to coordinate with GPI and its auditors to perfonn a supplementary audit to Dell's SOC! Review that includes GPI's requested modifications. Any incremental costs related to the supplemental audit will be bome by GPI.
(c)Dell will cause its subcontractors who control a data center from which Designated Services are being performed to perfom1 SOC I Reviews that Complement the SOC! Reviews perfom1ed pursuant to this Agreement. If Dell is unable to cause its subcontractors to perform SOC! Reviews, then Dell will perform audits of the internal controls of its subcontractors that perform the Designated Services to ensure that such internal controls complement the internal controls of Dell. For purposes of this Section 14.9(c), "Complement" means that the internal controls of the subcontractors, when taken in combination with the internal controls of Dell represents the entire control environment applicable to the Service Location that is the subject of the SOC! Review.
(d)During the period in which Dell's independent auditor is conducting the SOC! Review, Dell will provide GPI periodic updates on the status of the review,
GP!!Dell COJ (ldential 6
LEGAL02/33539525v3
and specifically notify GPI of any significant weaknesses that are identified in the internal controls at the applicable Service Location(s).
(e)Upon completion of each SOC! Review, Dell will provide GPI the SOC! Report within the time frames set forth in subsection (a). If the Dell independent auditor conducting the SOC I Repmt concludes that any control issue has not been met in the SOC1 Report (i.e., the SOC! Report auditor opinion is qualified for failure to achieve a control objective relating to the Designated Services) (a "Control Deficiency") and to the extent that such Control Deficiency relates to the Designated Services and Dell has reasonable control over such Control Deficiency, then Dell's failure to promptly remedy the Control Deficiency will be deemed a material breach of this Agreement. Dell shall provide GPI with a written plan for remediating all Control Deficiencies promptly upon discovery, including the remediation activities to be taken by Dell and the target date for the completion of such remediation activities; and shall remediate all Control Deticiencies as promptly as is reasonably possible.
1.Representations, Wan·anties and Additional Covenants.
1.Organization and Qualification. Section 16.1(a) (Organization and Qualification) of the Agreement is deleted in its entirety and replaced with the following:
(a) Organization and Qualification. As of the Second Amendment Effective Date, Dell (i) is duly organized, validly existing and in good standing under the laws of Texas (ii) is duly qualified and in good standing as a foreign limited partnership in every jurisdiction in which the character of its business requires such qualification, and (iii) has the power to own its property and the authority to carry on its business as conducted as of the Effective Date.
2.Non-Solicitation. Section 16.1(j) (Non-Solicitation) and Section 16.2(f) (Non-Solicitation) of the Agreement each are deleted in their entirety and retitled "Reserved." and a new Section 21.13 (Non-Solicitation), which reads as follows, is added to the Agreement:
21.13 Non-Solicitation. Except as set forth in Section l5.12(e), without the prior written Consent of Dell, GPI will not, directly or indirectly, solicit for employment, hire, or otherwise retain the services of any employee of Dell or Dell's Affiliate who was involved in the performance of Dell's obligations under this Agreement during the preceding 12 months. Without the prior written Consent of GPI, Dell will not, directly or indirectly, soliCit for employment, hire, or otherwise retain the services of any employee of GPI or GPI's Affiliates with whom Dell came into contact in connection with the activities under this Agreement during the preceding 12 months. This prohibition on soliciting and hiring shall extend for 90 days after the termination of the employee's employment if such employee voluntarily resigns. Neither (i) the publication of classified advertisements in newspapers, periodicals, Intemet bulletin boards, or other publications of general availability or circulation, or (ii) a solicitation that targets individuals with pmticular work experience or skills based on information available to subscribers, members or
GPJ/Dell Col!f/dential 7
LEGAL02/33539525v3
the general public on professional or social network websites or job boards, nor the consideration and hiring of persons responding to such advertisements or solicitation shall be deemed a breach of this Section, unless the advertisement, solicitation or other recruiting activity is undertaken as a means to circumvent or conceal a violation of this provision or by representatives of a Pmiy acting with knowledge of this hiring prohibition.
2. | Data Loss Event |
1.Property Indemnification by Dell. Section 17.I (a) (Injury and Propetiy Indemnification by Dell) is deleted in its entirety and replaced by the following:
Injury and Property Indemnification by Dell. Dell will indemnify, defend and hold the GPl lndemnitees harmless from and against all Losses for bodily injury (including death) and damage to real and tangible personal property (other than GPI Data or information) arising out of or resulting from tortious conduct of Dell or any employee, agent or subcontractor of Dell, including the negligent failure of such an employee, agent, or subcontractor to comply with any security requirements and other rules and regulations established by GPI applicable to all similarly situated employees of GPI.
2. | Section 18.2(b) is deleted in its entirety and replaced by the following: |
The Damages Limitation is not applicable to: (!) amounts due and payable under this Agreement for Designated Services, Milestone Credits, Service Level Credits, procurement pass-throughs and reimbursements, similar charges, and interest thereon; (2) Losses subject to an indemnification obligation under Sections 17.l(a) (Injury and Propetiy Indemnification by Perot Systems), 17.l(b) (Intellectual Propetiy Indemnification By Perot Systems), 17.l(d) (Data Loss) to the extent the Data Loss Event was caused by Perot Systems' Gross Negligence or willful misconduct, 17.l(g) (Failure to Comply with Regulatory Requirements), 17.l(h) (faxes), 17.1(i) (Obligations to Subcontractors), 17.2(a) (Injury and Property Indemnification by GPI), 17.2(b) (Intellectual Property Indemnification by GPI),17 .2(d) (Failure to Comply with Regulatory Requirements), or 17.2(g) (Taxes); (3) damages resulting from, arising out of or relating to the willful misconduct of a Party; (4) damages resulting from the wrongful termination of this Agreement; (5) Section 19.3 (Property Damage); and (6) damages resulting from the wrongful refusal by Perot Systems to fulfill its Termination Assistance obligations.
3.Property Damage. Section 19.3 (Property Damage) of the Agreement is deleted in its entirety and replaced by the following:
Property Damage. Each Pmiy shall be liable to the other Pmiy, subject to Article XVIII, on direct claims by the other Party for damage to the other Party's real and tangible personal propetiy (other than GPI Data, data owned by Dell, or information) arising from the tortious conduct of the liable Pmiy or its respective employees, agents or subcontractors; provided, that the liable Party's liability shall be secondary to any insurance of the other Party.
GPJ/Dell Confidential 8
LEGAL02/33539525v3
3.Notices. The Parties' addresses and designees for notification purposes as specified in Section 21.8(a) of the Agreement are revised as follows. Notice to GPI either by fax or by electronic mail will no longer be effective as of January 1, 2013.
(i) | If to GPI: |
Notices delivered on or prior to December 31, 2012:
Graphic Packaging International, Inc. 814 Livingston Ct.
Marietta, Georgia 30067
Attn: Joe Pekala
E-mail Address: ***@*** Fax: (770) 644-2929
with a copy to:
Graphic Packaging International, Inc. 814 Livingston Ct.
Marietta, Georgia 30067
Attn: Law Department Fax: (770) 644-2929
F,[fective on and after January 1, 2013:
Graphic Packaging International, Inc. 1500 River Edge Parkway
Sandy Springs, Georgia 30328
Attn: Chief Information Officer with a
copy to:
Graphic Packaging International, Inc.
1500 River Edge Parkway Sandy Springs, Georgia 30328 Attn: Law Depmtment
(ii) | If to Dell: |
Dell Marketing L.P.
2300 West Plano Parkway Plano, Texas 75075-8499
Attn: Kevin Jones, Vice President, Intl-astructure and Cloud Computing E-mail Address: KM ***@***
Facsimile Number: (972) 577-6424
GPJ/De/1 Confidential 9
LEGAL02/33539525v3
with a copy to:
Dell Marketing L.P.
2300 West Plano Parkway Plano, Texas 75075-8499
Attn: Thomas D. Williams, Vice President- Legal E-mail Address: Del ***@*** Facsimile Number: (972) 577-6085
4.Equipment Refresh. Section 16 of the First Amendment to Master Services Agreement is deleted in its entirety and retitled "Reserved." Section 8.3(a) and Section 8.3(a)(i) of the Agreement are deleted in their entirety and replaced with the following:
(a) Refreshes. Dell will implement the refresh of Equipment 111
accordance with the following requirements:
(ii) Dell will refresh GPI Equipment pursuant to Project IMACs, in accordance with the applicable Project Plan, or, at GPI's option if all of the refresh related effort requested by GPI is encompassed by the !MAC rates or One-Time Charges defined in Schedule 4.1, such IMACs or One-Time Charges. The Patties anticipate that such Project IMACs or IMACs will be requested by GPI and performed by Dell consistent with GPI's refresh guidelines set fmth in the Financial Responsibilities Matrix. At each Semi-Annual Technology Review Meeting, GPI will notify Dell of any deviation from such refresh policy, and which GPI Equipment will be impacted from any such deviation.
5.Taxes. The Parties agree to negotiate in good faith the tenns of (i) local country agreements pursuant to Section 1.1(a) of the Agreement to allocate responsibility for any taxes that may arise in Canada and Mexico due to certain Service Recipients' receipt of Designated Services in those countries, consistent with the allocation of responsibility for Taxes stated in Article VI (Taxes), and (ii) modifications to the Parties' respective tax indemnities contained in Section 17.1(h) (Taxes) and 17.2(g) (Taxes) to reflect such agreed allocation of responsibility. No Party shall be indemnified under Section 17.l(h) (Taxes) or 17.2(g)
(Taxes) by the other Party for taxes that such Party (or an Affiliate of such Party) has assumed responsibility for in a local country agreement. The Patties will attempt to reach agreement on such terms within the first ninety (90) days following the Second Amendment Effective Date and, when such tenns are agreed, promptly execute such local country agreements and add such ten1lS as outlined in (ii) above to the Agreemeht pursuant to an amendment.
6.Assignment and Assumption of Master Services Agreement. Perot Systems Corporation and Dell Marketing L.P. are parties to that certain Assignment and Assumption Agreement dated as of the Second Amended Effective Date with respect to the Agreement. Subject to Section 21.5 (Binding Nature; Assignment) of the Agreement, the Parties accordingly agree that references in the Agreement to Perot Systems Corporation and Perot Systems, including as part of any defined term in the Agreement, shall be deemed references to Dell. By way of example, references in the Agreement to Perot Systems Excuse shall be deemed references to Dell Excuse, as such term is defined in amended Schedule A attached hereto.
GPI/De/1 Confidential 10
LEGAL02/33539525v3
SECOND AMENDMENT EXECUTION COl>Y
Notwithstanding the foregoing, all references to Perot Systems contained in Section 1.1(b) of the Agreement shall be deemed references to both Perot Systems and Dell.
7.Schedules and Attachments. The following Schedules and Attachments to the Agreement are amended and restated, effective as of the Second Amendment Effective Date, (except Schedule I 0.9 (Data Transfer Agreement), which is added to the Agreement effective as of the Second Amendment Effective Date) and, as so amended and restated, are attached to and a part of this Second Amendment.
Schedule A Schedule l.l(a) Schedule 2.1.1 Schedule 2.2(a) Schedule 2.5 Schedule 2.7 Schedule 2.8(b) Schedule 2.10 Schedule 2.13 Schedule 3.2 Schedule 3.4 Schedule 3.5(b) Schedule 4.1 Schedule 4.2 Schedule 5.I(c) Schedule 8.2
Definitions and Rules oflnterpretation Service Recipients
Service Towers Statement of Work
Critical Milestones and Milestone Credits Project Guidelines and In-Flight Projects Managed Agreements
Service Level Agreement Repmts
Account Governance
Customer Satisfaction Surveys Contract Change Control Procedures Charges
Invoices
Benchmark Methodology Financial Responsibilities Matrix
Schedule 9.2(a)(i)(A) Key Personnel and Critical Personnel Schedule 9.2(a)(i)(B) GPI Competitors
Schedule 9.3(b) Schedule I 0.2
GPI/De/1 Confidential
LEGAL02/33539525v3
Consented Subcontractors Service Locations
II
Schedule 10.7(a) Schedule 10.7(b) Schedule 10.9 Schedule 15.1 Schedule 19.1 Schedule 20.1
Physical Security Guidelines Logical Security Guidelines Data Transfer Agreement Termination Fees
Insurance
Dispute Resolution Procedure
[Signatures Provided on Next Page]
GPI!Dell C01ifidential 12
LEGAL02/33539525v3
IN WITNESS WHEREOF, the Parties have duly executed and delivered this Second
Amendment as of the datc(s) set forth below.