Master Professional Services Agreement, dated as of August 1, 2019, between The Goldman Sachs Group, Inc. and CoreCard Software, Inc

Contract Categories: Business Operations - Services Agreements
EX-10.2 3 ex_245336.htm EXHIBIT 10.2 ex_245336.htm

Exhibit 10.2

 

[***] Certain portions of this exhibit have been omitted because they are not material and the registrant customarily and actually treats that information as private or confidential.

Goldman Sachs-CoreCard Confidential

 

 

 

 

 

 

 

 

 

MASTER PROFESSIONAL SERVICES AGREEMENT

 

BY AND BETWEEN

 

THE GOLDMAN SACHS GROUP, INC.

 

AND

 

CORECARD SOFTWARE, INC.

 

 

 

 

 

 

 

 

Goldman Sachs-CoreCard Confidential

 

MASTER PROFESSIONAL SERVICES AGREEMENT

 

This MASTER PROFESSIONAL SERVICES AGREEMENT (this "Agreement"), effective as of August l, 2019 (the "Effective Date"), is entered into by and between The Goldman Sachs Group, Inc. ("GS"), and CoreCard Software, Inc. ("Consultant") (each, a "Party" and together, the "Parties").

 

RECITALS

 

WHEREAS, Consultant is the owner or licensee of certain computer software and provider of related support services;

 

WHEREAS, under a separate agreement, GS has obtained a license from Consultant to use certain of Consultant's computer software and is receiving the related support services from Consultant; and

 

WHEREAS, subject to the provisions of this Agreement, GS desires to receive from Consultant certain professional services related to such computer software and support services.

 

NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which the Parties hereby acknowledge, the Parties agree as follows:

 

GENERAL TERMS AND CONDITIONS ("GTCs")

 

ARTICLE I

DEFINITIONS

 

As used in this Agreement, the capitalized terms below have the meanings given below. Other capitalized terms used in this Agreement are defined in the context in which they are used.

 

Section 1.1 "Acceptance" has the meaning provided in Section 2.7(h) of the GTCs.

 

Section 1.2 "Add-Ons/Interfaces" has the meaning provided in the Master License Agreement. 

 

Section 1.3 "Affiliate" of a Person (including a Party) means any other Person that directly or indirectly, through one or more intermediaries, now or hereafter Controls, is Controlled by, or is under common Control with that Person (but only while the other Person meets those requirements).

 

Section 1.4 "Business Day" shall mean every day Monday through Friday other than Federal Bank holidays. References in this Agreement to "days" that do not specifically refer to Business Days are references to calendar days and, unless otherwise provided, a period of more than seven (7) days that expires on a day other than a Business Day shall be automatically extended to the next following Business Day.

 

Section 1.5 "Compliant" has the meaning provided in Section 2.7(c) of the GTCs.

 

Section 1.6 "Consultant Independent IP" means any Material: (a) created by or for Consultant or its Affiliates prior to the Effective Date of the Agreement; (b) created by or for Consultant or its Affiliates outside and independent of the Agreement; (c) created by Consultant or its Affiliates pursuant to this Agreement, excluding any Work Product; or (d) created for Consultant or its Affiliates pursuant to this Agreement, excluding any GS Material.

 

 

 

Goldman Sachs-CoreCard Confidential

 

Section 1.7 "Consultant Material" means any Material that is owned or licensed by Consultant or its Affiliates (other than Material licensed or sub-licensed to Consultant and/or its Affiliates from GS or its Affiliates), including (a) Trade Secrets and Confidential Information of Consultant or its Affiliates; (b) any Consultant Independent IP; (c) all Deliverables hereunder (other than Work Product); and (d) any Derivative Work of the foregoing in (a)-(c). For clarity, Consultant Material includes the Licensed Material and Derivative Works thereof (other than Derivative Works of Licensed Material that are expressly agreed to by the Parties to be Work Product).

 

Section 1.8  "Control" means the authority, directly or indirectly, to direct or cause the direction of the affairs, policies or management of a Person, whether through the ownership of voting securities, by contract, as trustee or executor, or otherwise.

 

Section 1.9  "Defect" means (a) with respect to the initial delivery of the Licensed Software to GS, any failure of Licensed Software to have the functionality or perform in all material respects in accordance with, or meet any specifications or requirements contained in, the Documentation for the Licensed Software; and (b) with respect to Deliverables and Work Product, if any, any failure of such Deliverables or Work Product to have the functionality or perform in all material respects in accordance with its Specifications. For clarity, a Defect shall not include any such failure to the extent such failure is caused by any user or operator error by any Personnel of the GS Parties and/or the Service Providers of the GS Parties.

 

Section 1.10 "Deliverable" means any Material (including related documentation) that is (a) developed or conceived by Consultant and/or its Personnel (solely or jointly with GS, its Affiliates and/or its Personnel) pursuant to this Agreement; (b) to be provided to GS pursuant to a Schedule of Work; and (c) identified in the applicable Schedule of Work as a "Deliverable" or "Work Product". For clarity, Deliverables may include Derivative Works of, to or based on the Licensed Software and other Consultant Material.

 

Section 1.11 "Derivative Work" means any modification, enhancement, or derivative of any existing Material that would constitute a derivative work under U.S. copyright Law.

 

Section 1.12 "Divested Entity" means any Affiliate, line of business or division of GS that ceases to Control, be Controlled by or be under common Control with GS as a result of a sale or other divestiture after the Effective Date.

 

Section 1.13 "Documentation" has the meaning provided in the Master License Agreement.

 

Section 1.14 "Evaluation Period" has the meaning provided in Section 2.7(a) of the GTCs.

 

Section 1.15 "Event of Deteriorating Financial Condition" means any of the following events: (a) Consultant is insolvent, ceases to do business as a going concern, or makes an assignment for the benefit of creditors, (b) any of Consultant's assets are subject to levy, seizure, assignment or sale by any creditor or Governmental Authority, (c) Consultant's auditors issue an opinion expressing doubt as to whether Consultant can maintain itself as a going concern, (d) Consultant cannot pay its debts as they become due, (e) Consultant files for, or becomes the subject of, any bankruptcy, receivership, insolvency or similar proceeding; or (f) circumstances occur that trigger a right of a creditor or other counterparty of Consultant to accelerate the payment of amounts owed by Consultant to such Person, where, if such right is exercised, such acceleration would have a material adverse impact on Consultant's financial condition that would adversely impact Consultant's performance under this Agreement.

 

Section 1.16 "Excluded Entity" has the meaning provided in the Master License Agreement.

 

2

Goldman Sachs-CoreCard Confidential

 

Section 1.17 "Exclusivity Period" means, with respect to any Deliverable that is referenced in, as applicable, Section 8.2(a) of the GTCs or Section 8.2(b) of the GTCs, that period of time (a) commencing on the Exclusivity Period start date set forth in the applicable Schedule of Work, if any, for such Deliverable; and (b) ending upon the expiration of the time period, if any, set forth in the applicable Schedule of Work for such Deliverable (unless ending sooner in accordance with, as applicable, Section 8.2(a)(Y)(iii) of the GTCs or Section 8.2(b)(Y)(iii) of the GTCs). It is not the intent of Consultant that any Deliverable be granted an Exclusivity Period other than on an exception basis where expressly agreed to by the Parties in writing pursuant to a fully executed Schedule of Work.

 

Section 1.18 "GAAP" means U.S. generally accepted accounting principles, applied on a consistent basis.

 

Section 1.19 "Governmental Authority" means any federal, state, local, national or supranational (or other political subdivision thereof or thereto) (a) government, (b) governmental, legislative, regulatory, military, police, taxation, or administrative authority, agency, department, or commission, or (c) court, tribunal, or judicial or arbitral body of competent jurisdiction which exercises executive, legislative, judicial, regulatory or administrative functions of or pertaining to government.

 

Section 1.20 "GS Data" means all (a) data, metadata, reports, input and output processed or generated by or on behalf of the GS Parties as a result of their use of the Licensed Software or any Deliverable; (b) any data or other information owned or controlled by the GS Parties to which Consultant or any Consultant Personnel has or obtains access; (c) Personal Information of GS, its Affiliates and their respective customers; and (d) with respect to each of (a), (b) and (c), any data or other information developed or derived therefrom (including processing output and results). Notwithstanding the foregoing, GS Data does not include: (i) Confidential Information, Intellectual Property and/or Trade Secrets of Consultant; and (ii) any data, materials, or information owned, licensed or otherwise acquired by Consultant prior to or independently of (A) the Agreement; (B) the Interim Software License Agreement between GS and Consultant effective as of March 9, 2018, as amended; and (C) the Services Agreement entered into by and between Goldman Sachs Bank USA and Consultant on January 12, 2018.

 

Section 1.21 "GS Independent IP" means any Material: (a) created by or for GS or its Affiliates prior to the Effective Date of the Agreement (excluding Material created by Consultant, its Affiliates and/or its Personnel for GS or its Affiliates prior to the Effective Date of the Agreement (solely or jointly with GS or its Affiliates)); (b) created by or for GS or its Affiliates outside and independent of the Agreement (excluding Material created by Consultant, its Affiliates and/or its Personnel for GS or its Affiliates outside and independent of the Agreement (solely or jointly with GS or its Affiliates)); (c) created by GS or its Affiliates pursuant to this Agreement, excluding any Consultant Material; or (d) created for GS or its Affiliates pursuant to this Agreement, excluding any Consultant Material.

 

Section 1.22 "GS Material" means any Material that is owned or licensed by GS or its Affiliates (other than Material licensed or sub-licensed to GS and/or its Affiliates from Consultant or its Affiliates), including (a) Trade Secrets and Confidential Information of GS or its Affiliates (including any Feedback); (b) GS Data; (c) any GS Independent IP (including any Add-Ons/Interfaces); (d) all Work Product hereunder, if any; and (e) any Derivative Work of the foregoing in (a)-(d).

 

Section 1.23 "GS Parties" means GS and Affiliates of GS (but excluding any Excluded Entity, subject to Section 10.l(a)(2) of the Master License Agreement).

 

Section 1.24 "Intellectual Prope1ty" means (a) patents, (b) trademarks, service marks, domain names, trade dress, trade names and other identifiers of source or goodwill, including the goodwill connected with the use thereof and symbolized thereby (collectively, "Trademarks"), (c) copyrights, moral rights, works of authorship (including Software) and rights in data and databases, (d) confidential and proprietary information, including trade secrets, know-how and invention rights, (e) rights of privacy and publicity, (f) registrations, applications, renewals, extensions, reissues, divisions, continuations, continuations-in-part and reexaminations for any of the foregoing in (a)-(e), and (g) all other proprietary rights existing from time to time under any applicable Law.

 

3

Goldman Sachs-CoreCard Confidential

 

Section 1.25 "IT Assets” means servers, computers, hardware, firmware, middleware, networks, systems, workstations, data communications lines, routers, hubs, switches, magnetic, optical or electrical data storage devices, and all other information technology and communications equipment (including any such equipment that is used for cloud computing).

 

Section 1.26 "Law" means any law, rule, regulation, ruling, judgment, order or approval of any Governmental Authority, as may be amended or otherwise revised from time to time.

 

Section 1.27 "Licensed Material" has the meaning provided in the Master License Agreement.

 

Section 1.28 "Licensed Software" has the meaning provided in the Master License Agreement.

 

Section 1.29 "Master License Agreement" means that certain Software License and Support Agreement between the Parties hereto dated October 16, 2018.

 

Section 1.30 "Material" means any document, drawing, design, computer program or other tangible form or medium in which a work of authorship or expression is fixed; or any invention, business method, or process; or any materials, software, systems, trademarks, trade names, trade secrets, know­ how, copyrights and copyrightable work (including computer programs), data, databases, information, patents, patent disclosures, inventions and discoveries of any kind.

 

Section 1.31 "Material Acceptance Failure" means any failure of a Test Item that is not in Production Use to be Compliant after three (3) Remediation Periods as set forth in Section 2.7 of the GTCs.

 

Section 1.32 "Object Code" means computer program code that is readable and useable by machines, but not intelligible to humans without decompiling, disassembly or reverse engineering.

 

Section 1.33 "Open Source Software" means Software that is, contains or is derived from Software distributed as freeware, shareware or open source Software, or under similar licensing or distribution models that (a) require the licensing, disclosure or distribution of Source Code to any other Person, (b) prohibit or limit the receipt of consideration in connection with licensing or distributing any Software, (c) allow any Person to decompile, disassemble or reverse engineer any Software, (d) require the licensing or distribution of any Software to any other Person for the purpose of making Derivative Works, (e) are identified by the Open Source Initiative as open source licensing or distribution models at www.opensource.org, or (f) are identified by the Free Software Foundation as free software licenses at www.gnu.org.

 

Section 1.34 "Person" means any (a) individual or (b) partnership, firm, corporation, limited liability company, joint venture, association, trust, unincorporated organization, or other legal entity or organization.

 

4

Goldman Sachs-CoreCard Confidential

 

Section 1.35 "Personal Information" means all information covered by Privacy Laws and/or all information that identifies or can be used to identify or authenticate an individual, including contact information, location data and financial account information.

 

Section 1.36 "Personnel" of a Person means that Person and its employees, officers, directors, members, agents, representatives, suppliers, consultants, contractors and subcontractors.

 

Section 1.37 "Privacy Laws" means all applicable Laws relating to privacy or data security, including Section 6809(4) of the Gramm-Leach-Bliley Act, and its applicable implementing regulations.

 

Section 1.38 "Production Use" has the meaning provided in the Master License Agreement. Section 1.39         "Remediation Period" has the meaning provided in Section 2.7(f) of the GTCs.

 

Section 1.40 "Schedule of Work" or "SOW" has the meaning provided in Section 2.1 of the GTCs.

 

Section 1.41 "Service Provider" means any Person (excluding Consultant, its Affiliates and its and their Personnel) that GS or its Affiliates engage to provide business process services, information processing services, and/or information technology services, including any application or IT service provider, hosting or colocation service provider, service bureau or similar provider, any provider of any IT Assets, or any robotic process automation tool.

 

Section 1.42 "Services" has the meaning provided in Section 2.1 of the GTCs.

 

Section 1.43 "Software" means (a) computer programs, applications, systems and code, including Source Code and Object Code, (b) data and databases, whether machine-readable or otherwise, and (c) development and design tools (but if with respect to Software that is Licensed Software, development and·design tools developed by or for Consultant), library functions, and graphical user interfaces, together (in each case of (a)-(c)) with all (i) bug or error fixes, patches, modifications, enhancements, updates, upgrades, corrections, replacement and successor products, new versions, new releases, and Derivative Works of, to or based on any of the foregoing, and (ii) copies and tangible embodiments of any of the foregoing in any form or media.

 

Section 1.44 "Source Code" means computer program code written in a programming language that is intelligible to a reasonably skilled programmer and capable of being compiled or assembled into Object Code or otherwise executed by a computer processor for operation on computer equipment, including all comments, programmer's notes, development and design tools (but if with respect to Source Code of the Licensed Software, development and design tools developed by or for Consultant), logic diagrams, encryption keys, utilities, stored procedures, procedural code and job control language statements.

 

Section I .45 "Specifications" means the specifications and requirements for a Deliverable or Work Product as set forth in a Schedule of Work.

 

Section 1.46 "Term" has the meaning provided in Section 9.l(a) of the GTCs.

 

Section 1.47 "Test Item" has the meaning provided in Section 2.7 of the GTCs.

 

Section 1.48 "Third Party Materials" has the meaning provided in Section 7.2(k) of the GTCs.

 

5

Goldman Sachs-CoreCard Confidential

 

Section 1.49 "Trade Secrets" means with respect to a Party, information related to the services and/or business of the disclosing Party, and/or of a third party, which (a) derives economic value, actual or potential, from not being generally known to or readily asce1iainable by other persons who can obtain economic value from its disclosure or use; and (b) is the subject of efforts by the disclosing Party that are reasonable under the circumstances to maintain its secrecy, including without limitation (i) marking any information clearly and conspicuously with a legend identifying its confidential or proprietary nature; (ii)    identifying any oral presentation or communication as confidential immediately before, during or after such oral presentation or communication; or (iii) otherwise, treating such information as confidential or secret. Assuming the criteria in sections (a) and (b) above are met, Trade Secrets include, but are not limited to, technical and nontechnical data, formulas, patterns, compilations, computer programs and software, devices, drawings, processes, methods, techniques, designs, programs, financial plans, product plans, and lists of actual or potential customers and suppliers.

 

Section 1.50 "Vulnerability" means any virus, malware, spyware, malicious code, Trojan horse, worm, back door, trap door, time bomb, software lock, drop dead device or other program, routine, instruction, device, code, contaminant, logic, effect or other undisclosed feature that would, or is designed or intended to, delete, disable, deactivate, interfere with, disrupt, erase, deny access to, enable any Person to access without authorization, produce modifications of, or otherwise adversely affect the functionality or interfere with the use of, any Software, data or IT Asset.

 

Section 1.51 "Work Product" means a Deliverable that is identified in a Schedule of Work as "Work Product", which such Schedule of Work is signed by a senior officer of Consultant and Consultant's legal representative and expressly provides that GS and/or its Affiliates shall own all right, title and interest, including all Intellectual Prope1iy rights, in and to such Work Product, including related documentation. It is not the intent of Consultant that any Work Product be provided under this Agreement other than on an exception basis where expressly agreed to by the Parties in writing under this Agreement.

 

ARTICLE 2

SERVICES; SCHEDULES OF WORK; ACCEPTANCE PROCESS AND RELATED TERMS

 

Section 2.1 General. Consultant shall provide the services described in any schedule of work referencing this Agreement (the "Services") which has been fully executed by Consultant and a GS Party in accordance with, subject to, and incorporating the terms of this Agreement (each, a "Schedule of Work" or "SOW"). Consultant shall perform all Services (a) in accordance with the provisions of this Agreement, (b) in a manner that meets or exceeds applicable performance criteria set forth in the applicable Schedule of Work, and (c) in a professional, competent and workmanlike manner in accordance with generally accepted industry standards and practices, using fully trained and qualified Personnel. Under this Agreement, the Parties may agree that Consultant will provide Services to the GS Parties as contemplated under the Master License Agreement.

 

Section 2.2 Schedules of Work. Each Schedule of Work shall include, at a minimum (a) a description of the Services to be performed (including scope), (b) the cost breakdowns and the basis for payment for the Services (i.e., "time-and-materials" or "fixed-fee"), and (c) descriptions of any milestones, deadlines, Deliverables, Specifications for such Deliverables, and, if applicable, acceptance criteria. A sample form of Schedule of Work is attached hereto as Exhibit A.

 

Section 2.3 Other Documents. The Parties shall perform in accordance with each and every exhibit, annex and addendum to any Schedule of Work and to this Agreement that (a) may be attached thereto or hereto, (b) references this Agreement or the applicable Schedule of Work, as applicable, and (c) is (if applicable) signed by the Parties. References to "Agreement" in this Agreement shall include all such documents.

 

6

Goldman Sachs-CoreCard Confidential

 

Section 2.4 Master License Agreement.

 

(a)    Consultant and GS agree that, as documented in any Schedule of Work hereunder, the Services may include software development, implementation, installation, configuration, testing, consulting and training services to be provided by Consultant with respect to the Licensed Material that GS is licensing from Consultant under the Master License Agreement (including the development of Deliverables that are a Derivative Work of Licensed Software and other customizations of Licensed Software).

 

(b)    The Parties acknowledge and agree that, notwithstanding any references in this Agreement to the Master License Agreement and notwithstanding any references in the Master License Agreement to this Agreement, (i) this Agreement and the Master License Agreement are separate and independent agreements between the Parties; and (ii) unless otherwise expressly agreed to by the Parties in writing, no terms of the Master License Agreement are incorporated into this Agreement by reference and no terms of this Agreement are incorporated into the Master License Agreement by reference.

 

Section 2.5 Cooperation. Consultant in the delivery of the Services will, as reasonably directed by GS, work and cooperate with any Service Provider.

 

Section 2.6 Change Management. For all material requested changes, modifications, or additions to a Schedule of Work (i.e., for significant changes to scope, Deliverables, Specifications, cost, fees, duration and staffing), the Party requesting the change shall submit a written change order request ("Change Order Request") to the other Patty. The Party receiving the Change Order Request shall review the Change Order Request, and respond in writing to the Patty originating the Change Order Request within ten (10) Business Days. If Consultant is initiating the Change Order Request (or if Consultant is responding to a GS initiated Change Order Request), the Change Order Request or response thereto, as applicable, shall include information identifying any anticipated changes in price, schedule, or any other terms of the applicable Schedule of Work resulting from the requested changes. Unless and until the Parties accept the Change Order Request as evidenced by each signing the applicable Change Order Request, the changes to the Schedule of Work shall not be made. If such changes are accepted, and each Party signs the Change Order Request, the requested changes to the Schedule of Work shall be made, and the fully executed Change Order Request shall be deemed to constitute an amendment to the Schedule of Work, and shall be deemed to be a part of the Agreement.

 

Section 2.7 Acceptance Process. Unless otherwise specified in the applicable Schedule of Work, the following procedure will govern GS's acceptance testing of (i) the initial delivery of the Licensed Software provided by Consultant under the Master License Agreement; (ii) pursuant to Section 2.7 of the Master License Agreement, Updates (as defined in the Master License Agreement) provided by Consultant under the Master License Agreement as part of the Support Services (as defined in the Master License Agreement); and (iii) the Deliverables provided by Consultant as part of the Services, including Work Product (each of the foregoing items, a "Test Item"):

 

(a)    GS will have a thirty (30) Business Day evaluation period (or such other period as may be agreed to in the applicable Schedule of Work) immediately following GS's receipt of the Test Item ("Evaluation Period") to determine whether such Test Item performs without Defect.

 

(b)    GS will notify Consultant in writing (email is sufficient) of its acceptance or rejection of such Test Item by the end of the Evaluation Period and, if rejected, will provide Consultant with an itemized list of all reasons for rejection, GS in the relevant Schedule of Work will specify to Consultant which Personnel of GS are authorized to so notify Consultant.

 

7

Goldman Sachs-CoreCard Confidential

 

(c)    During the Evaluation Period and to the extent within the scope of Services set out in the relevant Schedule of Work (and if not within such scope of Services, subject to the Parties executing a Schedule of Work for configuration Services), Consultant will cooperate with GS and its Service Providers to configure the Test Item so that it is executable and may be utilized by GS for acceptance testing by GS to determine if the Test Item is free of Defects ("Compliant").

 

(d)    In conducting acceptance testing, GS may, at its sole discretion, use its own internal test procedures and any sample input data.

 

(e)    If GS notifies Consultant in writing that the Test Item is Compliant, Acceptance of such Test Item is effective as of the date of that notice.

 

(f)    If GS notifies Consultant in writing that the Test Item is not Compliant and rejects the Test Item, Consultant will have no more than thirty (30) Business Days (unless a longer period is agreed to by the Parties) from the date of GS's rejection to modify the Test Item to make it Compliant ("Remediation Period") at no additional charge to GS, and to deliver the revised Test Item to GS, GS will thereafter have successive Evaluation Periods to re-conduct the acceptance tests subject to Section 2.7(g) of the GTCs, For clarity, under no circumstances will GS have any obligation to pay Consultant, and Consultant may not charge GS, for any such activities undertaken by Consultant to make a given Test Item Compliant pursuant to the foregoing.

 

(g)    If any Test Item is not Compliant after the first Remediation Period, Consultant shall have up to two (2) additional Remediation Periods to make the Test Item Compliant. In the event of a Material Acceptance Failure, GS may elect one of the following three (3) options: (i) require Consultant to continue revising and correcting the Test Item under the terms of the acceptance process described in this Section 2.7 of the GTCs (in which case any subsequent failure of the Test Item to be Compliant will be still considered a Material Acceptance Failure), or (ii) reject such Test Item, receive a refund from Consultant of the Schedule of Work fees relevant to such rejected Test Item, and terminate the relevant Schedule of Work (in whole or in part) without further liability on either Party (provided, however, that GS shall pay Consultant any Schedule of Work fees relevant to any Test Items that GS has not rejected under such relevant Schedule of Work), or (iii) exercise its termination rights in Section 9.2(d) of the GTCs at no cost and with no further financial obligations to Consultant. Notwithstanding the foregoing, nothing in the Agreement will affect or limit GS's rights under Section 9.2(d) of the Master License Agreement.

 

(h)    GS may not unreasonably withhold or delay Acceptance. Each Test Item that is subject to such acceptance testing will be considered Accepted by GS on the earlier to occur of (i) the Test Item is used in Production Use; or (ii) the expiration of the relevant Evaluation Period for the Test Item without GS having provided written notice of rejection of such Test Item specifying in reasonable detail the reasons for the rejection (provided, however, that Consultant has, in its written release notes for each Test Item that Consultant delivers to GS for acceptance testing, expressly specified for GS the date that any such "deemed" acceptance will occur (which requirement will apply to each delivery after each Remediation Period)); or (iii) GS notifies Consultant in writing that the item is Compliant. The occurrence of any of (i), (ii) or (iii) immediately above shall be "Acceptance". Consultant acknowledges that Acceptance does not waive any provisions of, or GS's rights deriving from, this Agreement.

 

(i)    Risk of loss of any tangible media on which any item is delivered will not pass to GS unless and until Acceptance of such item in accordance with the terms hereof.

 

8

Goldman Sachs-CoreCard Confidential

 

Section 2.8 Delivery.

 

(a)    Consultant shall (i) deliver to GS all Test Items (including all computer authorization codes or access rights necessary for the GS Parties to exercise the rights granted in this Agreement and the Master License Agreement), and (ii) test all Test Items before delivery to ensure the Test Item operates in all material respects in accordance with its Specifications (or Documentation, as applicable), Consultant shall deliver all Test Items to GS electronically (unless otherwise agreed by the Parties in writing).

 

(b)    For any Test Item that has not been Accepted by GS pursuant to Section 2.7 of the GTCs due to a security issue, Consultant will provide bug or error fixes, patches or corrections for such security issue as soon as possible after a Party's identification of such an issue or Defect pursuant to Section 2.7(f) of the GTCs,

 

(c)    For any Deliverable that is a Derivative Work of the Licensed Software and that has been Accepted by GS pursuant to Section 2,7 of the GTCs, Consultant will provide bug or error fixes, patches or corrections for security issues as soon as possible after a Party's identification of such an issue or Defect pursuant to the third sentence of Section 2.2 of the Master License Agreement.

 

(d)    For any Deliverable that is not a Derivative Work of the Licensed Software and that has been Accepted by GS pursuant to Section 2.7 of the GTCs, Consultant will provide bug or error fixes, patches or corrections for security issues as soon as possible after a Party's identification of such an issue or Defect pursuant to the maintenance and support terms agreed to by the Parties for such Deliverable in the relevant Schedule of Work.

 

(e)    The delivery of the Test Items will require Consultant to work, and to reasonably cooperate and coordinate, with both GS and its Service Providers.

 

(f)    Following delivery of the Test Item to GS, Consultant may not remove, modify, delete, disable, or otherwise interfere with the operation of that Test Item, except to the extent necessary to perform permitted updates.

 

Section 2.9 GS Personnel and Service Providers. The Personnel of the GS Parties and the Service Providers of the GS Patties may exercise the rights granted in this Agreement solely on behalf of the GS Parties (including on and through GS's and/or its Affiliate's and/or a Service Provider's IT Assets). GS shall be liable for the actions or omissions of its Affiliates and its and their Personnel and Service Providers in breach of this Agreement as if such actions or omissions were the actions or omissions of GS. At GS's request, Consultant shall assist and cooperate with the GS Parties or any Service Provider with respect to: (a) if applicable, the delivery of the Test Items to a GS Party or Service Provider; and (b) the performance of the Services.

 

Section 2.10 Non-Disruption. Consultant acknowledges the importance of the continued availability of the Services. If there is a good-faith dispute between the Patties, (a) Consultant shall continue to perform the Services and its other obligations under this Agreement (subject to Consultant's termination rights in Section 9.3 of the GTCs), and (b) GS shall continue to pay all amounts due to Consultant in accordance with Article 6 of the GTCs.

 

ARTICLE 3.

LICENSOR PERSONNEL

 

Section 3.1 Consultant Personnel.

 

(a)    To provide and complete the Services, Consultant will provide an adequate number of qualified and suitable Consultant Personnel. Such Consultant Personnel may or may not be listed in the applicable Schedule of Work.

 

9

Goldman Sachs-CoreCard Confidential

 

(b)    Prior to assigning such Consultant Personnel to perform Services under this Agreement, Consultant will, at a minimum: (i) directly employ all Consultant employees and cause any subcontractors to directly employ all Personnel of such subcontractors; (ii) take all legally required steps to ensure that Consultant Personnel may work lawfully in the United States or any other jurisdiction where such services are provided; and (iii) no more than six (6) months prior to assigning such Consultant Personnel to perform the Services, conduct drug, credit, criminal and background checks on the Consultant Personnel to ensure that assigned Consultant Personnel are qualified and suitable in accordance with Section 3.l(a) of the GTCs (where such testing is permissible by Law); provided that Consultant will not permit any Consultant Personnel to provide the Services who, as indicated by such checks: (1) has been convicted of (or plead no contest to) (A) a crime involving dishonesty or breach of trust, or (B) a felony or the equivalent of a felony-level offense in jurisdictions that do not use that term; (2) is an individual identified, known or suspected to have connections with any person or organization identified by the United States Department of the Treasury Office of Foreign Asset Control as a criminal, terrorist or criminal or terrorist organization; or (3) failed a drug test. At GS's request, Consultant will furnish evidence of compliance with this Section. Consultant will notify GS immediately upon becoming aware of any facts concerning Consultant Personnel that could be a violation of this Section and cooperate fully with GS in investigating any such matter.

 

(c)    In addition to the terms above, Consultant will not knowingly permit any of its employees or subcontractors' employees to have access to the Services, Deliverables, GS Material, or the IT Assets of a GS Party or its Service Providers when such employee: (i) uses drugs in violation of applicable Law; or (ii) has been convicted of a crime in connection with a dishonest act or a breach of trust, as set f01th in Section 19 of the Federal Deposit Insurance Act, 12 U.S.C. 1829(a). During the Term of this Agreement, Consultant will take all reasonable precautions to ensure that none of such Consultant or subcontractor employees with access to the Services, the Deliverables, GS Material, or the IT Assets of a GS Party or its Service Providers are: (1) listed on the U.S. Department of Treasury, Office of Foreign Assets Control, Specially Designated Nationals and Blocked Persons List (available at www.treas.gov/ofac), (2) listed on the U.S. Department of State's Terrorist Exclusion List (available at www.state.gov), (3) a citizen or resident of, domiciled in, or operating under license issued by, N01th Korea, Sudan, Syria, Iran or any jurisdiction now or later identified by the U.S. Department of State as a sponsor of international terrorism or which becomes subject to comprehensive economic sanctions by Law, executive order or regulations (except for individuals residing in the United States that have been granted the right by the U.S. Government to reside in and/or work in the United States), or (4) included on any list of entities or individuals maintained and updated by any U.S. government organization including the Denied Persons List and the Entity List maintained by the Department of Commerce to whom the unlicensed export of goods and services is prohibited by U.S. Laws, as_ updated from time to time.

 

(d)    Consultant will treat all Consultant employees as employees for all purposes (e.g. tax purposes, wage and hour purposes, benefits purposes, etc.). Consultant will cause each of its subcontractors to treat its Personnel as employees for all purposes (e.g. tax purposes, wage and hour purposes, benefits purposes, etc.). Consultant and its subcontractors, as applicable, will be solely responsible for payment of compensation of the Consultant Personnel and reporting, withholding or paying any associated taxes assessed by any relevant taxing authority (including, without limitation, contributions for worker's compensation, disability benefits, and unemployment insurance).

 

10

Goldman Sachs-CoreCard Confidential

 

(e)    Consultant will, at all times, comply with all applicable international, federal, state, and local Laws, rules and regulations concerning Consultant employees (and will cause any of its subcontractors to, at all times, comply with all applicable international, federal, state, and local Laws, rules and regulations concerning its Personnel), including but not limited to equal employment opportunity and anti-discrimination Laws; wage and hour Laws (including Laws governing minimum wage, overtime, pay frequency and timeliness, wage deductions, wage statements and other notice and reporting obligations, and meal and rest periods); benefits Laws; sick, disability, family and medical, and other leave and paid time off Laws; accommodation Laws; immigration Laws; insurance Laws; mass layoff and plant closing Laws; Privacy Laws; and tax Laws.

 

(f)    GS may, in its sole discretion, request Consultant to remove any Consultant Personnel from performing Services hereunder for any lawful reason at any time, in which event Consultant will promptly remove such Consultant Personnel and GS will have no further obligation with respect to such Consultant Personnel except to pay Consultant for the Services performed by such Consultant Personnel prior to the removal from their assignment. This provision does not in any way require, endorse or approve (expressly or impliedly) Consultant's continuing or terminating the employment of any Consultant Personnel removed under this paragraph.

 

(g)    Consultant will use all reasonable efforts to ensure that all Consultant Personnel continue to perform the Services until such services are completed. If Consultant Personnel are no longer employed by Consultant for any reason (or retained, in the case of approved subcontractors, if any), or GS requests Consultant remove the Consultant Personnel from performing Services under Section 3.1(f) of the GTCs, Consultant will provide replacement qualified and suitable Consultant Personnel. Other than for Consultant Personnel removed at the request of GS pursuant to Section 3.1(f) of the GTCs (except to the extent that any such removal was for cause or the result of a breach of this Agreement by Consultant, any subcontractor or any of their Personnel), GS will not be obligated to pay Consultant for any fees associated with the time necessary to prepare such replacement Consultant Personnel to perform the assigned work at a satisfactory level.

 

(h)    All Consultant Personnel, when working on OS's premises (including any colocation site) or accessing OS's networks or systems (including those at any colocation site), any GS Data or any IT Asset (whether directly or remotely), will comply with all GS rules, policies and procedures made available to Consultant relating to security, safety, supervision, on-boarding and any other rules, policies and procedures applicable to such Consultant Personnel, including execution of applicable on-boarding documentation, and rules, policies and procedures applicable to non-employees, visitors, and guests. If GS determines, in its sole discretion, that further screening of Consultant Personnel is required because of the access to GS systems or premises contemplated by the Services, then notwithstanding any screening Consultant performs in accordance with this Agreement, GS may, at OS's cost and expense, also conduct background, reference, educational, criminal record, credit and other checks, as well as finger printing and drug screens (where such testing is permissible by Law), and may require additional agreements on confidentiality and security with such Consultant Personnel.

 

(i)    Consultant shall ensure that its Personnel comply with all provisions of this Agreement applicable to Consultant. Consultant is liable to GS and, as between the Parties, to all other Persons, for (i) the failure of Consultant's Personnel to comply with those provisions to the same extent that Consultant would have been had Consultant failed to comply, (ii) the acts and omissions of Consultant's Personnel in breach of this Agreement, and (iii) all payments to and claims by Consultant's Personnel relating to this Agreement.

 

11

 

U) Consultant will not subcontract any part of the Services or its obligations under the Agreement (including to Affiliates of Consultant, subcontractors, consultants, individual contractors, contingent workers, non-employees of Consultant, and other Persons) without prior written consent of GS in each case. In accordance with the preceding sentence, GS hereby provides its approval to the list of Consultant Affiliates and subcontractors attached hereto as Exhibit I. Consultant will ensure that the terms and conditions of any subcontract will conform in all material respects to the terms and conditions in this Agreement. Neither the performance of the Services by any Consultant subcontractor or other Consultant third party nor GS's consent thereto will relieve Consultant of its obligations under this Agreement. Any breach of this Agreement by a subcontractor (whether or not approved by GS) will be deemed a breach of the Agreement by Consultant to the same extent as if Consultant had committed such breach.

 

Section 3.2 Key Personnel. With respect to Consultant Personnel identified by name as "Key Personnel" in Exhibit D or a Schedule of Work, or as otherwise agreed to by the Parties in writing, Consultant will ensure that the Key Personnel are actively engaged in the provision of the Services and will observe and abide by the following policies and procedures with respect to the Key Personnel.

 

(a)    One of the Key Personnel will be an "Account Manager". The Account Manager will be GS's primary contact with respect to this Agreement. The Account Manager will have overall responsibility for directing all of Consultant's activities and for the overall managing and coordinating of the delivery of Services, and will be vested with all necessary power and authority to fulfill that responsibility and make decisions on behalf of Consultant with respect to actions to be taken in the ordinary course of day to day performance of such services. The Account Manager will provide the Services to GS as his or her primary responsibility.

 

(b)    Two of the Key Personnel will be "Escalation Managers", to whom GS may escalate issues regarding the Services. One Escalation Manager will be Consultant's Chief Technology Officer (or its equivalent), and the other Escalation Manager will be Consultant's chief software engineer (or Consultant's next most senior software engineer if the chief software engineer and the Chief Technology Officer are the same person). Neither Escalation Manager will be dedicated to providing the Services to GS on a full-time basis and each Escalation Manager may service other customers of Consultant.

 

(c)    Consultant will not remove, reassign or replace the Key Personnel, or materially change any Key Personnel members' function with respect to the Services without first notifying GS and meeting the requirements of Section 3.2(d) of the GTCs and Section 3.2(e) of the GTCs. Consultant will not remove, reassign, or replace such Key Personnel until a replacement has been hired or reassigned and the role has been transitioned to such replacement, provided that this provision will not apply where such Key Personnel (i) have been terminated by Consultant for cause, (ii) have voluntarily left Consultant's employ, or (iii) have involuntarily left Consultant's employ due to death or illness.

 

(d)    If Consultant is advised that any Key Personnel's employment with Consultant is terminating for any reason, Consultant will promptly notify GS of such event.

 

(e)    In the event of any vacancy or anticipated vacancy of any Key Personnel for any reason, Consultant will provide an appropriate replacement as soon as commercially practicable, at no additional cost of GS, and with GS's prior written input regarding such replacement (not to be unreasonably withheld and provided as promptly as reasonable practicable). As part of obtaining such prior written input, Consultant will provide to GS, at a minimum, the name, resume and other information reasonably requested by GS of the Key Personnel's proposed replacement, as well as an opportunity for GS to interview the proposed replacement. If in providing such input GS expresses any reasonable concerns with respect to the proposed replacement, Consultant will address such concerns. 

 

Any replacement will have the same level of seniority, expertise and authority as the Key Personnel being replaced.

 

12

Goldman Sachs-CoreCard Confidential

 

ARTICLE 4

CONSULTANT'S OBLIGATIONS

 

Section 4.1 Information.

 

(a)    Consultant shall, except to the extent prohibited by applicable Law or by an applicable contractual obligation, notify GS promptly if Consultant becomes aware of any claims, facts or circumstances that in Consultant's reasonable judgement may adversely impact or are likely to adversely impact OS's use of the Deliverables or Consultant's performance or OS's receipt of the Services, including: (i) IT Assets interruptions; (ii) compliance lapses, enforcement actions or other regulatory actions; (iii) mergers, acquisitions, joint ventures, divestitures, business combinations or other similar corporate events (and with respect to this subsection (iii), to the extent not prohibited by applicable Law or by an applicable contractual obligation, Consultant at least will notify GS promptly of the existence of any such actual or potential corporate event (without revealing to GS the name(s) of the relevant counterparties)); (iv) an Event of Deteriorating Financial Condition; and (v) any information security issue or Vulnerability. Such information shall be considered Confidential Information of Consultant.

 

(b)    The following terms will apply if Consultant or Consultant's parent Affiliate is no longer a public company. In such circumstance, in order for GS to verify the financial condition of Consultant and its Affiliates (such as the entity is solvent, profitable and not over-leveraged) and for GS to verify Consultant's ability to perform in accordance with the terms of this Agreement, Consultant will furnish to GS either:

 

 

(i)    Subject to Section 4. l(b)(ii) of the GTCs and Section 4.1(b)(iii) of the GTCs, information that would have been provided to the public if Consultant or Consultant's parent Affiliate were a public company, to the extent Consultant or its parent Affiliate still prepares such information. Consultant will furnish such information to GS on the same schedule that Consultant would have been required to provide such information to the public; or

 

(ii)    To the extent Consultant or its parent Affiliate elects not to provide the information described in subsection (i), if Consultant or its parent Affiliate is preparing financial statements for a financing source(s), including bona fide financing group(s) and/or multiple parties (as long as such financing source(s) are not exclusively comprised of Consultant's or its parent Affiliate's owners), such financial statements (prepared in accordance with GAAP). Consultant may elect to furnish such information to GS on the same schedule that Consultant is required to provide such information to such financing source(s); or

 

(iii)    To the extent Consultant or its parent Affiliate elects not to provide the information described in subsection (i) and elects not to provide the information described in subsection (ii), such information agreed to by the Parties in writing that is sufficient to verify the financial condition of Consultant and its Affiliates (such as the entity is solvent, profitable and not over-leveraged) and for GS to verify Consultant's ability to perform in accordance with the terms of this Agreement (which may include, if so agreed to by the Parties, summary income statements, balance sheets and cash flow statements (all prepared in accordance with GAAP)). Consultant will furnish such information to GS no less than annually. All information provided by Consultant or its parent Affiliate to GS pursuant to this Section 4.1(b) shall be considered Confidential Information of Consultant.

 

13

Goldman Sachs-CoreCard Confidential

 

Section 4.2 Compliance with Laws. In performing their obligations under this Agreement, each Party shall comply with all applicable Laws, including all Laws governing Personal Information and the import or export of Software. Subject to Section 10.20 of the GTCs, Consultant shall obtain all licenses and consents, and pay all fees, required by applicable Law for Consultant to fulfill its obligations, and for the GS Parties to exercise the rights and licenses granted, under this Agreement. Without limiting the generality of the foregoing, and by way of example and not limitation, Consultant shall comply with, and shall take no action or make any omission that would cause GS to fail to comply with, as applicable, the Gramm-Leach-Bliley Act of 1999 and its implementing regulations and guidelines ("GLBA''), the Bank Secrecy Act (and associated anti-money laundering ("AML") duties), OFAC directives, the Equal Credit Opportunity Act, the Fair Housing Act, and other consumer protection Laws, In the event requested by GS in connection with an audit, investigation or inquiry by a Governmental Authority, Consultant shall furnish to GS a written statement certified by an authorized officer or senior manager of Consultant, stating that Consultant has, to the best of its knowledge, complied with all applicable Laws. Consultant shall notify GS promptly if Consultant or its Authorized Persons receive any complaint from any Person (including a Governmental Authority) relating to Consultant's or its Authorized Persons' actual or alleged failure to comply with any Laws applicable to this Agreement. Each Party shall cooperate with the other Party and any other Person in connection with any audit of either Party required under applicable Law.

 

Section 4.3 Business Continuity Plan.

 

(a)    Consultant shall have a business continuity/disaster recovery plan ("BCP") for the licenses provided to GS under this Agreement and for the Services provided to GS under this Agreement. The BCP shall provide for the continuation of services in the event of a disruption or impairment that materially impacts Consultant's ability to provide the services. Consultant shall perform the following tasks in support of its BCP:

 

(i)    Provide a copy of the BCP to GS upon execution of the Agreement and annually thereafter. Such BCP shall include the testing strategy along with documentation on the scope, executions and results of testing activity conducted. Additionally, Consultant will provide confirmation that there are no unactioned or open or residual issues relating to such testing within a reasonable timeframe after completion of such testing;

 

(ii)    Regularly review and test the BCP, no less than once per year in accordance with accepted industry practices for BCP testing to ensure that the BCP complies with BCP Standards (defined as generally accepted practices for business continuity planning) and provide GS with results of such regular testing (properly redacted to maintain the confidential nature of any relevant information provided to GS) at GS's request;

 

(iii)   Specify escalation points of contact in the event of a BCP occurrence;

 

(iv)    Notify GS any time the BCP is revoked or the BCP plan is altered for the services offered to GS; and

 

(v)    Maintain and modify the BCP in a manner such that it is as comprehensive and effective as is the BCP in effect as of the Effective Date.

 

14

Goldman Sachs-CoreCard Confidential

 

(b)    Upon fifteen (15) Business Days' notice to Consultant and during normal business hours, GS has the right to audit and verify Consultant's BCP to ensure that Consultant is maintaining adequate measures. GS may conduct audit and verification reviews itself or with the assistance of a third party organization (provided that the third party organization executes a confidentiality agreement that contains protections for confidential information comparable to this Agreement), at OS's expense. All audits shall be performed in a manner intended to minimize disruption to the Parties' respective businesses.

 

(c)    Consultant shall periodically provide, at OS's written request, current information and documentation (including audits of its BCP, policies and procedures, summaries of test results, or other equivalent evaluations) confirming Consultant has satisfied its obligations hereunder.

 

Section 4.4  Manner of Performance.

 

(a)    Consultant will perform its obligations under this Agreement in a manner that does not materially interrupt, degrade or otherwise materially adversely impact the business or technical operations of GS and its Affiliates.

 

(b)    Consultant will perform its obligations under this Agreement diligently and in a timely manner, and in accordance with any applicable time schedules agreed to by the Parties. Without limiting the foregoing or Consultant's other obligations lJ11der this Agreement, Consultant will promptly notify GS upon becoming aware of any circumstance that may be reasonably expected to jeopardize the timely and successful completion or delivery of any Service.

 

(c)   Consultant will use reasonable efforts to avoid or minimize delays in performance.

 

(d)    Except as otherwise agreed by the Parties, as between Consultant and GS, Consultant will be operationally, administratively and financially responsible for providing, managing, maintaining, updating and upgrading all facilities, equipment, software and other materials and resources located at Consultant's or its Personnel's facilities that are necessary to perform the Services. Unless otherwise agreed to by GS, GS will not provide Consultant or its Personnel with, or access to, any equipment, software and other materials and resources of the GS Parties and Service Providers that is located at a GS Party's or its Service Provider's facilities.

 

(e)    Consultant's nonperformance of its obligations under this Agreement shall be excused if and to the extent (i) such Consultant nonperformance directly results from OS's or its Affiliates' or Personnel's failure to perform its or their responsibilities; (ii) Consultant provides GS with prompt written notice of such Consultant nonperformance and the occurrence of such GS failure (including the potential impact on the Services and/or any project schedule) (with e-mail notification to the GS Program Director (as identified in the relevant Schedule of Work) being an acceptable form of such notice); (iii) if GS does not promptly respond to such notification, Consultant escalates the issue to the GS Program Director for the relevant Schedule of Work; and (iv) if requested by GS, Consultant uses commercially reasonable efforts to perform notwithstanding OS's failure to perform (with GS being responsible to reimburse Consultant for its additional and reasonable out-of-pocket expenses for such efforts).

 

Section 4.5 Non-Exclusivity. This Agreement is non-exclusive. GS and/or any of its Affiliates will have the right to, and may, obtain from third parties, or perform itself, services that are similar to the Services. Consultant and/or any of its Affiliates and its agents will have the right to provide services similar to the Services and/or provide any other products and/or services to any third party; provided that the foregoing will not affect the rights of the GS Parties under this Agreement in any manner. With respect to GS, nothing in this Agreement will be construed as a requirements contract, and GS makes no commitment for any minimum or maximum volume, scope, or value under this Agreement.

 

15

Goldman Sachs-CoreCard Confidential

 

Section 4.6 Services Generally. Consultant's responsibilities to perform the Services will include the performance of all tasks, activities, functions and responsibilities to the extent they are inherent, customary and/or reasonably necessary for the proper performance of such Services, regardless of whether they are specifically described in this this Agreement.

 

Section 4.7 Duty to Avoid Conflicts. As of the Effective Date, Consultant is not aware of any conflict of interest that would prevent or restrict Consultant from fulfilling its obligations under this Agreement. If during the course of this Agreement, Consultant becomes aware of any agreement or relationship with (a) a third party, including with a subcontractor, and/or (b) an Affiliate of Consultant, that presents a conflict of interest that would prevent or restrict Consultant from fulfilling its obligations under this Agreement, Consultant unde1takes to give GS prompt written notification of the same. In the event of any such conflict, the Parties will work together to address and resolve the conflict on a mutually agreeable basis as promptly as practicable.

 

ARTICLE 5

CONFIDENTIALITY AND DATA SECURITY

 

Section 5.1 Confidential Information. Subject to Section 5.4 of the GTCs, "Confidential Information" of a Pmty and its Affiliates (the "Discloser") means all confidential or proprietary information of, held by, or concerning Discloser or its Personnel, licensors, or potential or actual customers, whether in verbal, written, electronic, graphic or other form, including Discloser's customer and client lists; internal controls; business, technical and financial information; computer Software, data processing, and communications architectures, systems, applications, programs, and routines; business affairs, planning and methods, and proposed methods of conducting business; data; metadata; Source Code; know-how; Trade Secrets, and long-term plans and goals, whether (a) disclosed by or on behalf of Discloser to the other Party or its Affiliates or its Personnel ("Recipient"), or (b) obtained by Recipient in any other manner, including through (i) observing or accessing Discloser's business activities, documents, Software or materials, or (ii) communications with parties authorized by Discloser to communicate with, or otherwise provide information to, Recipient concerning Discloser or any of the services under this Agreement. Subject to Section 5.4 of the GTCs, Discloser's Confidential Information includes all documents and other materials Recipient or its Personnel generate to the extent describing, summarizing, commenting on, or otherwise containing Discloser's Confidential Information. Without limiting the foregoing and subject to Section 5.4 of the GTCs, GS's Confidential Information includes (A) all information Consultant obtains in connection with accessing GS's websites, Software or IT Assets; (B) GS Material; and (C) Personal Information of the GS Parties and Service Providers. Without limiting the foregoing and subject to Section 5.4 of the GTCs, Consultant's Confidential Information includes (X) Consultant Material (including, without limitation the Licensed Material); and (Y) Personal Information of Consultant, its Affiliates and its subcontractors. The provisions of this Agreement shall be deemed to be the Confidential Information of both Parties. For the avoidance of doubt, Confidential Information of a Party also includes information which has been disclosed to such Party by a third party, which Party is obligated to treat as confidential or secret. As between the Parties, all Confidential Information of a Discloser shall remain the exclusive property of Discloser or its suppliers and licensors (unless the relevant information is the Confidential Information of both Parties). The Discloser's disclosure of the Confidential Information does not constitute an express or implied grant to the Recipient of any rights to or under the Discloser's Intellectual Prope1ty rights. Except as expressly permitted under this Agreement, without the prior written permission of the Discloser, Recipient will not sell, assign, license, market, transfer or otherwise dispose of, give or disclose the Confidential Information of Discloser to any person, firm or corporation, or permit any agent or employee to do the same.

 

16

Goldman Sachs-CoreCard Confidential

 

Section 5.2 Obligations. Recipient shall maintain in confidence Discloser's Confidential Information and protect that Confidential Information from any unauthorized disclosure, access, use, destruction, alteration or loss ("Information Loss"), exercising at least the same degree of care as Recipient exercises for its own Confidential Information, but not less than a reasonable degree of care. With respect to Personal Information of actual or potential customers of the GS Parties (the "GS Customer Personal Information"), Consultant also shall implement and maintain security practices and procedures that are consistent with leading industry standards, but no less protective than as are required to maintain a reasonable standard of security and comply with all Privacy Laws. For purposes of this Agreement, a "reasonable" standard of security includes at least those standards employed by Consultant as of the Effective Date, as well as physical, administrative and technical safeguards, including (a) education and training of employees on the proper use of information systems and information security systems, and (b) the use of (i) secure authentication protocols and devices consistent with current industry standards; (ii) secure access control measures consistent with current industry standards for access to logical and physical resources; (iii) current industry standard encryption for all transmission of GS Customer Personal Information across public networks; (iv) automated security measures, including current industry standard perimeter monitoring and protection systems, auditing systems, firewalls, and security agent Software capable of detecting and mitigating threats from Vulnerabilities; and (v) encryption technology consistent with current industry standards for all devices on which GS Customer Personal Information is stored or transmitted, including fixed disks, removable media, other portable devices, and electronic media.

 

Section 5.3 Additional Obligations. Subject to Section 5.5 of the GTCs, Recipient shall not, nor permit or assist any Person to, (a) use or copy Discloser's Confidential Information except as necessary to perform Recipient's obligations under this Agreement, or (b) disclose Discloser's Confidential Information to any Person other than Recipient's Personnel, attorneys, auditors or accountants who require the Confidential Information to act on Recipient's behalf in connection with Recipient's obligations under this Agreement (collectively, "Authorized Persons"), except that the GS Parties may disclose Consultant's Confidential Information to Governmental Authorities with regulatory or oversight jurisdiction over the GS Parties, or in the course of fulfilling a GS Party's regulatory responsibilities (each such disclosure by a GS Party, a "Regulatory Disclosure"). Recipient (A) shall ensure that its Authorized Persons with access to Discloser's Confidential Information (x) comply with this Article as if they were parties to this Agreement in place of Recipient and (y) are bound by written confidentiality obligations, or are otherwise under a duty of confidentiality, sufficient to protect Discloser's Confidential Information in a manner that is consistent with this Article; and (B) is liable to Discloser for the failure of Recipient's Authorized Persons to comply with this Article to the same extent that Recipient would have been had Recipient failed to comply. With respect to Confidential Information of Discloser, Recipient shall include on all copies of such Confidential Information any copyright or other confidentiality or proprietary notices appearing on the original version. Consultant shall not transfer, export, distribute or otherwise communicate any of GS's Confidential Information outside of the United States for any purpose without the prior written consent of GS.

 

Section 5.4 Exclusions. "Confidential Information" excludes information that (a) is or becomes generally available to and known by the public, other than due to Recipient's breach of this Article; (b) Recipient rightfully possessed without a duty of confidentiality before obtaining it from Discloser; (c) Recipient received on an unrestricted basis from a source unrelated to either Party and not under a duty of confidentiality with respect to the information; or (d) Recipient developed independently of the disclosed information and for which Recipient provides documentary evidence maintained contemporaneously with the development that verifies the development was independent. Any exclusion from the definition of Confidential Information set forth in the foregoing sentence does not apply to (i) Personal Information; and/or (ii) that GS Data that is data, metadata, reports, input and output processed or generated by or on behalf of the GS Parties as a result of their use of the Licensed Software or any Deliverable. As between the Parties, Recipient bears the burden of proving that any information Recipient obtains from Discloser is not Confidential Information.

 

17

Goldman Sachs-CoreCard Confidential

 

Section 5.5 Required Disclosure. Except for Regulatory Disclosures, Recipient shall (a) to the extent permitted by Law, notify Discloser as promptly as possible if Law requires, or a Governmental Authority of competent jurisdiction requires or requests, that Recipient disclose Discloser's Confidential Information and (b) use reasonable efforts to allow Discloser an opportunity to seek injunctive relief from, or a protective order with respect to, the contemplated disclosure, and Recipient shall cooperate in these efforts. Recipient may disclose only that portion of Discloser's Confidential Information that Recipient's counsel advises is not subject to privilege and must be disclosed.

 

Section 5.6 Remedies. Recipient acknowledges that Discloser's Confidential Information is valuable and proprietary to Discloser, and any Information Loss or other breach of this Article may cause Discloser irreparable injury such that the available remedies at law may be inadequate. Without limiting any of Discloser's other rights and remedies, if there is an Information Loss or other breach of this Article or threat of the foregoing, (a) Recipient promptly shall notify Discloser and cooperate with Discloser to regain possession of its Confidential Information and prevent any further Information Loss, and (b) Discloser may obtain any injunctive or other equitable relief that a court of competent jurisdiction deems proper (including an order restraining any threatened or future Information Loss), on use of affidavit evidence or otherwise, and without furnishing proof of actual damages or posting a bond or other surety.

 

Section 5.7 Return of Information. At Discloser's request, Recipient shall (a) stop using and copying Discloser's Confidential Information, (b) to the extent permitted by applicable Law, (i) return to Discloser all of Discloser's Confidential Information in Recipient's or its Authorized Persons' possession or control, or (ii) destroy that Confidential Information in a manner that makes the Confidential Information non-readable and non-retrievable, and (c) provide Discloser with a certificate of return or destruction that includes the dates and facts of the return or destruction and is signed under oath by an officer of Recipient. Notwithstanding the foregoing, (A) Recipient has no obligation to return or destroy Discloser's Confidential Information backed up from a computer system in the ordinary course of Recipient's business, but that Confidential Information remains subject to all applicable obligations under this Agreement, and (B) except if the Master License Agreement is terminated by Consultant in its entirety (including the license grants to the GS Parties therein) in accordance with Section 9.3(b) of the Master License Agreement, GS has no obligation to return, destroy or stop using any Deliverables (other than Work Product, if any) that are Derivative Works of the Licensed Software during the term of the license therefor under the Master License Agreement, and all such Deliverables remain subject to the provisions of the Master License Agreement.

 

Section 5.8 Duration; Conflict. Each Party's obligations in this Article 5 with respect to the other Party's Confidential Information and Trade Secrets will survive in perpetuity any termination or expiration of this Agreement until: (i) with respect to Confidential Information, the relevant Confidential Information falls into one of the exclusions set out in Section 5.4 of the GTCs (provided, however, that no such exclusion shall apply to Personal Information or that GS Data that is data, metadata, reports, input and output processed or generated by or on behalf of the GS Parties as a result of their use of the Licensed Software or any Deliverable); and (ii) with respect to Trade Secrets, until such Trade Secrets no longer qualify as Trade Secrets under applicable Law. If a provision in this Agreement conflicts with a provision in any non-disclosure agreement, confidentiality agreement, or similar agreement between the Parties, the provision in this Agreement governs to the extent of the conflict.

 

18

Goldman Sachs-CoreCard Confidential

 

Section 5.9 Data Security. Consultant hereby agrees to adhere to (and will cause its Personnel to adhere to) the data security requirements set forth in Exhibit G (the Data Protection Addendum).

 

ARTICLE 6

PAYMENT

 

Section 6.1 Fees. Subject to Section 6.3 of the GTCs, GS will pay Consultant for Services actually performed under the applicable Schedule of Work (i) at the rates or payment schedule specified in such Schedule of Work; (ii) Taxes in accordance with Section 6.2 of the GTCs; and (iii) expenses that are pre-approved by GS in accordance with Section 6.l(e) of the GTCs. There are no fees, charges or expenses for the Services other than the fees expressly set forth in this Agreement.

 

(a)    Supporting Documentation. Consultant shall submit each invoice with appropriate supporting documentation, including time sheets and data from Consultant's time tracking system, and any receipts required in connection with expense reimbursements approved under Section 6.l(e) of the GTCs below.

 

(b)    Time Tracking System. To ensure accuracy in payment of invoices, Consultant's Personnel shall be required to record time worked in a Consultant time tracking system.

 

(c)    Payment by GS: Invoice Submission. GS shall pay all properly delivered invoices within forty-five (45) days of receipt (which such invoice must include any expense documentation for pre-approved expenses, if any). Consultant shall submit all invoices electronically via email directly to the following: [***] (and to such other addresses as GS may reasonably request in advance).

 

(d)    Additional Terms. No amount arising under this Agreement will be due from GS prior to the execution of this Agreement and a Schedule of Work, and GS's receipt of a valid invoice from Consultant.

 

(e)    Reimbursable Expenses. Consultant shall not charge or invoice GS for any expenses (including any charges, expenses or fees payable to any third party, any Consultant Affiliate or any Consultant Personnel) without GS's prior written consent (which GS may give or not give in its sole discretion). If GS provides such consent, Consultant will submit such expenses to GS in reasonable detail, together with copies of supporting documentation. All such expenses will be reimbursable by GS only if they are in accordance with GS's then-current travel and expense policy. Any such expenses will be charged on a pass-through basis at Consultant's actual cost unless otherwise specified in the Schedule of Work; provided, however, that notwithstanding anything to the contrary in any Schedule of Work, all pre-approved expenses related to travel and related expenses will be charged on a pass-through basis at Consultant's actual cost.

 

(f)    Timeftame to Invoice. All invoices for Services and any pre-approved expenses must be properly delivered by Consultant to GS no more than one hundred and twenty (120) days after the relevant Service is rendered or the relevant expense is incurred. Consultant shall be deemed to have waived the right, and GS will not be responsible, for such payment if an invoice is not received within this timeframe.

 

(g)    No Unauthorized Amounts. Notwithstanding anything to the contrary in this Agreement, GS will have no obligation to pay Consultant any amounts that are invoiced by Consultant but that are not expressly set forth in this Agreement as chargeable to GS (i.e., fees for the Services set out in the relevant Schedule of Work, Taxes, and expenses that are pre-approved by GS) or that are not otherwise agreed to by the Parties in writing and in advance [***].

 

19

Goldman Sachs-CoreCard Confidential

 

(h)    No Post-Termination Fees. Unless as set forth otherwise in a Schedule of Work, GS shall be obligated to pay only for actual Services rendered, or expenses approved under Section 6. l(e) of the GTCs, prior to the effective date of any termination under the Agreement or a Schedule of Work, as applicable.

 

(i)    Rates. The rates for Consultant's Personnel performing Services that are in effect as of the Effective Date are set forth in Exhibit B. Any increases in the rates for performing Services shall be in accordance with the provisions set forth in Exhibit B.

 

G)    Time and Materials-Based Fees. As specified in the relevant Schedule of Work, GS will pay for Services on either a fixed fee basis or time and materials basis. With respect to those fees that are calculated on a time and materials basis, the following terms will apply:

 

(i)    Prior to commencing performance under each Schedule of Work, Consultant shall provide GS with a report that specifies (A) the estimated number of hours for the work for the Schedule of Work; and (B) a forward looking staff and budget estimate for the applicable Schedule of Work;

 

(ii)    By the 15th day of each month (and in a manner consistent with Consultant's submission of invoices to GS), Consultant shall provide GS with a report regarding the preceding month that specifies the following information for each Consultant Personnel performing Services: (A) name, role and the applicable Schedule of Work; (B) the number of hours worked during the month and to date; and (C) a non-binding forecast of hours to be worked during the then-current month; and

 

(iii)    All Services performed pursuant to a Schedule of Work on a time and materials basis shall be charged at an hourly rate for every hour worked.

 

Section 6.2 Taxes. Prices in this Agreement do not include any applicable sales, use, ad valorem or similar taxes (each, a "Tax" and collectively, "Taxes") regardless of the taxing authority. GS shall pay such Taxes unless there is an applicable exemption from such Tax, with written confirmation of such Tax exemption to be provided to Consultant upon request. To the extent Consultant is required by law to collect such Taxes, one hundred percent (100%) of such Taxes shall be added to invoices as separately stated charges and paid in full by GS in accordance with this Agreement, unless GS is exempt from such Taxes and furnishes Consultant with a certificate of exemption. Consultant is responsible for complying with all Tax Laws applicable to the provision of Services. Consultant shall be responsible for all taxes imposed on Consultant's income or property.

 

Section 6.3 Disputes. GS may, in writing to Consultant, dispute in good faith any amount invoiced by Consultant under this Agreement. "Disputed Amount" means those amounts invoiced by Consultant pursuant to this Agreement that GS disputes in good faith in the aggregate and across all invoices.

 

(a)   If GS in good faith disputes any invoices, then the following terms shall apply:

 

(i)    [***]

 

20

Goldman Sachs-CoreCard Confidential

 

(ii)    [***]

 

(iii)    [***]

 

(iv)    In any event, GS shall pay Consultant all undisputed invoiced amounts [***] pursuant to Section 6.1 of the GTCs; provided, however, that such payment(s) shall not affect the fact that such amounts are in dispute.

 

(b)    Consultant acknowledges that (i) GS's failure to pay any amount GS disputes in good faith [***] is not a breach of this Agreement, and (ii) GS's failure to identify a disputed amount before payment does not limit or waive any of GS's rights or remedies with respect to that amount, [***] it disputes in good faith from amounts subsequently due to Consultant; provided, however, GS shall be deemed to have waived the right to dispute a charge if GS does not dispute a charge within one hundred and twenty (120) days of its receipt of the invoice (subject, however to the terms of Section 6.5(a) of the GTCs).

 

(c)    Consultant will not suspend/terminate/cancel/interrupt/charge additional fees for any Service provided to GS or begin collection proceedings for GS's nonpayment of Disputed Amounts.

 

(d)    Without limiting GS's rights in this Section 6.3, in the event of an invoicing clerical error, GS will notify Consultant of the same and, if agreed by Consultant that a clerical error has occurred, Consultant will correct and resend the invoice to GS for payment.

 

(e)    Any monetary dispute under this Section 6.3 that is not resolved within thirty (30) days of GS's written notice to Consultant of such dispute shall be submitted to the dispute resolution process pursuant to Section 10.7 of the GTCs.

 

Section 6.4 Records. Consultant shall prepare and maintain accurate accounting records of all fees and expenses under this Agreement in the normal course of business and in accordance with GAAP. During the Term of this Agreement, and for a period of at least three (3) years thereafter or longer as directed by GS to comply with applicable Law, Consultant shall (a) retain time sheets, records and other supporting documentation sufficient to document fees, expenses, Consultant's provision of the Services, and Consultant's compliance with all applicable Laws and terms of this Agreement, (b) maintain backup, security and other measures sufficient to protect that documentation from loss, alteration, destruction or unauthorized disclosure, and (c) promptly provide that documentation to GS at GS's reasonable request.

 

21

Goldman Sachs-CoreCard Confidential

 

Section 6.5 Audits.

 

(a)    From time to time, but no more often than once in any twelve (12) consecutive month period, during regular business hours and upon reasonable advance notice (except to the extent otherwise required for audits performed by any Governmental Authority or any supervisory authority), GS, its regulators and its internal and external auditors may perform audits of Consultant's facilities, equipment, operational systems, policies, procedures, books and records (electronic or otherwise) for the purpose of inspecting, examining and assessing (i) Consultant's provision and performance of the Services, (ii) that Consultant's invoices and reports to GS are accurate, and/or (iii) Consultant's compliance with the terms and conditions of the Agreement, and applicable Laws, including but not limited to vendor management, information security, technology risk, operations and compliance policies and procedures, security, cybersecurity, business continuity and contingency plans. Consultant agrees to respond to all requests for information truthfully, completely and reasonably promptly. Consultant shall provide, upon GS's reasonable request, access to facilities where the Services are being performed, to Consultant Persom1el who provide the Services, and to data and records relating to this Agreement and the Services. If any audit reveals that Consultant has charged GS any amount that GS is not obligated to pay under the Agreement (an "Overcharge"), Consultant shall give GS a credit in the amount of the Overcharge on Consultant's next invoice (and if there are no more invoices to be sent under this Agreement, Consultant shall promptly refund the Overcharge to GS in cash). If the Overcharge exceeds five percent (5%) of the correct amount payable, Consultant also shall reimburse GS for all reasonable expenses incurred by GS in connection with the audit. If any audit reveals that GS has underpaid any amounts due to Consultant under this Agreement, GS will remit to Consultant such amounts due within forty-five (45) days after receiving from Consultant an invoice therefor.

 

(b)    At Consultant's expense, Consultant will cause to be conducted the third party audits described in this Section 6.5(b) of its operations in each country in which Consultant performs its obligations under this Agreement. The audits described in this Section 6.5(b) will be conducted by a recognized auditing firm, and Consultant shall provide such auditor with such assurance of management as may be required, in conformance with the requirements for a SOC 2 audit under American Institute of Certified Public Accountants SSAE 18 ("SSAE 18"), or any successor or substitute statement adopted by such (or, in those jurisdictions in which SSAE 18 standards do not apply, a comparable auditing standard), and its scope will include the processes and internal controls maintained by Consultant to provide the Services to GS under this Agreement. Promptly after completion of each such SSAE 18 audit (or comparable audit), Consultant will provide GS with a copy of the audit report. In all cases the scope of the audits shall be as to the Services that Consultant performs for GS under this Agreement. Consultant shall provide GS or GS's auditors reasonable input into the scope of each proposed audit. In addition, Consultant will promptly correct any deficiencies (including "Matters Requiring Attention"), concerns or weaknesses expressed in the audit report and will provide a summary report promptly to GS of those responses and Consultant's success in correcting those concerns or weaknesses.

 

(c)    At GS's reasonable request, Consultant will cause to be conducted the third party audits described in this Section 6.5(c) of its operations in each country in which Consultant performs its obligations under this Agreement. The audits described in this Section 6.5(c) will be conducted by a recognized auditing firm, and Consultant shall provide such auditor with such assurance of management as may be required, in conformance with the requirements for a SOC 1 audit under American Institute of Certified Public Accountants SSAE 18 ("SSAE 18"), or any successor or substitute statement adopted by such (or, in those jurisdictions in which SSAE 18 standards do not apply, a comparable auditing standard), and its scope will include the processes and internal controls maintained by Consultant to provide the Services to GS under this Agreement. Promptly after completion of each such SSAE 18 audit (or comparable audit), Consultant will provide GS with a copy of the audit report. In all cases the scope of the audits shall be as to the Services that Consultant performs for GS under this Agreement. Consultant shall provide GS or GS's auditors reasonable input into the scope of each proposed audit. In addition, Consultant will promptly correct any deficiencies (including "Matters Requiring Attention"), concerns or weaknesses expressed in the audit report and will provide a summary report promptly to GS of those responses and Consultant's success in correcting those concerns or weaknesses. Any such GS-requested audit will be subject to the following terms:

 

22

Goldman Sachs-CoreCard Confidential

 

(i)    GS will reimburse Consultant for its reasonable external expenses and internal resources required for conducting any such audit requested by GS (including, for clarity, the reasonable fees of the auditing firm conducting any such audit) (collectively, the "Reimbursable Audit Expenses"), provided, however, that to the extent the scope of any such requested audit overlaps with the scope of any other third party audit that Consultant itself has conducted, then GS will be reimburse Consultant for those reasonable external expenses (i.e., the fees of the auditing firm conducting any such audit) that are incremental and the direct result of GS' s audit request; and

 

(ii)    Prior to the commencement of any such audit, GS and Consultant will enter into a letter agreeme1i.t that documents Consultant's then-current estimate of the Reimbursable Audit Expenses for such audit and Consultant's basis for such estimate; provided, however, that the foregoing requirement to enter into any such letter agreement (A) will be solely for operational purposes to document such estimate and to be the contractual basis for Consultant to invoice, and for GS to pay, the Reimbursable Audit Expenses pursuant to the terms of Section 6.1 of the GTCs and Section 6.5(c)(i) of the GTCs; and (B) will not limit or qualify either GS's right under this Section 6.5 to request any such audit or Consultant's obligation under this Section 6.5 to cause to be conducted any such audit.

 

Section 6.6 Insurance. Without limiting Consultant's liability or other obligations to GS or other Persons, Consultant shall maintain, at its expense, the insurance coverages as set forth in Exhibit C attached hereto.

 

ARTICLE 7

REPRESENTATIONS, INDEMNIFICATION AND LIABILITY

 

Section 7.1 General Representations.

 

(a)    As of and at all times after the Effective Date, Consultant represents and warrants that (i) it is duly organized and in good standing under the Laws of the jurisdiction of its organization; (ii) it has the right to enter into this Agreement and perform its obligations under this Agreement without violating the terms or provisions of any other agreement or contract to which it is a party and has all requisite power and authority (corporate or otherwise) to execute, deliver and perform its obligations under this Agreement; and (iii) its execution, delivery and performance of this Agreement: (x) have been duly authorized by all necessary action on its part and (y) do not and will not violate, conflict with or result in the breach of any provision of its charter or by-laws (or similar organizational documents).

 

(b)    As of and at all times after the Effective Date, GS represents and warrants that: (i) it is duly organized and in good standing under the Laws of the jurisdiction of its organization; (ii) it has the right to enter into this Agreement and perform its obligations under this Agreement without violating the terms or provisions of any other agreement or contract to which it is a party and has all requisite power and authority (corporate or otherwise) to execute, deliver and perform its obligations under this Agreement; and (iii) its execution, delivery and performance of this Agreement: (x) have been duly authorized by all necessary action on its part and (y) do not and will not violate, conflict with or result in the breach of any provision of its charter or by-laws (or similar organizational documents).

 

(c)    Disclaimer. EXCEPT AS OTHERWISE EXPRESSLY PROVIDED IN THIS AGREEMENT, THE PARTIES MAKE NO REPRESENTATIONS, WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, REGARDING ANY MATTER, INCLUDING THE MERCHANTABILITY, SUITABILITY, FITNESS FOR A PARTICULAR USE OR PURPOSE, OR RESULTS TO BE DERIVED FROM THE USE OF ANY SERVICE, SOFTWARE, HARDWARE, DELIVERABLES OR OTHER MATERIALS PROVIDED UNDER THIS AGREEMENT. EXCEPT AS SPECIFICALLY STATED IN THIS AGREEMENT, CONSULTANT MAKES NO WARRANTY THAT SERVICES WILL BE UNINTERRUPTED OR ERROR FREE.

 

23

Goldman Sachs-CoreCard Confidential

 

Section 7.2 Additional Consultant Representations. Consultant represents and warrants that:

 

(a)    As of the Effective Date and at all times thereafter during the Term, Consultant's delivery of, and the GS Parties' use of (in accordance with applicable Law) and other exercise of rights with respect to, the Services and Deliverables and Consultant's performance and the GS Parties' receipt of the Services, do not and will not violate any applicable Law; provided, however, that Consultant will not be responsible pursuant to the foregoing if: (i) GS enters into the Deliverable parameters that directly cause GS to fail to comply with any such Laws (e.g., GS enters into the Deliverable a rate of interest that is contrary to applicable Law), but the foregoing exception will not apply if the relevant parameter was set by Consultant (unless directed to do so by GS) or at Consultant's direction; or (ii) Consultant has delivered to GS a release of the Deliverable that Consultant has informed GS in writing is necessary to comply with changes in applicable Law;

 

(b)    As of and at all times after the Effective Date, Consultant's delivery of, and the GS Parties' use of and other exercise of rights with respect to the Services and the Deliverables and Consultant's performance and the GS Parties' receipt of the Services do not and will not infringe or otherwise violate, trespass or in any manner contravene, breach or constitute the unauthorized use or misappropriation of, or conflict with, any Intellectual Property right of any third party, and there is no claim or action pending or threatened against Consultant (or any customer of Consultant) alleging any of the foregoing; provided, however, that Consultant will not be responsible pursuant to the foregoing if Consultant has delivered to GS a release of the Deliverable that Consultant has informed GS in writing is necessary to avoid an infringement and/or misappropriation claim;

 

(c)    As of and at all times after the Effective Date during which GS has a license to use the Deliverables (other than Work Product), Consultant possesses, and will possess, all rights, licenses, authorizations and consents, and has timely paid and will timely pay all fees and royalties, necessary for Consultant (i) to perform its obligations under this Agreement, and (ii) to grant the GS Parties, and for the GS Parties to receive and exercise, the rights and licenses granted to the GS Parties under this Agreement; Consultant shall disclose to GS any development that may have a material impact on its ability to perform its obligations under the Agreement, including provision of Services effectively and in compliance with applicable Laws;

 

(d)    As of and at all times after the Effective Date during which GS has a license to use the Deliverables (other than Work Product), Consultant has and will have good title to all such Deliverables (or, with respect to Third Patty Materials, has and will have adequate license rights), free and clear of all liens, claims or encumbrances;

 

(e)    With respect to any Deliverable that is not a Derivative Work of the Licensed Software, for a period of ninety (90) days following the date that any such Deliverable is in Production Use ("Warranty Period"), the Deliverable: (i) shall conform in all material respects to its agreed-to Specifications; and (ii) shall in all material respects meet the functional, performance and reliability requirements set forth in its agreed-to Specifications;

 

24

Goldman Sachs-CoreCard Confidential

 

(f)    At the time of each delivery of a Deliverable to GS, the Deliverable will not contain (and Consultant prior to each such delivery shall have used commercially available scanning tools to identify and remove from the Deliverable) any Vulnerabilities, including malicious or other codes or programming devices that might be used to access, modify, delete, damage, deactivate, disable or impair the operation of the Deliverable or any other software, firmware, computer hardware, network or data of the GS Parties, including without limitation any worms, viruses, disabling code, time bombs or Trojan horses. Notwithstanding the foregoing, if any such Vulnerability in a Deliverable is discovered after the time of the relevant delivery, Consultant as soon as practicably reasonable will remove the Vulnerability and remediate the issue as part of the Services and at no additional charge to GS;

 

(g)    As of the Effective Date and at all times thereafter during the Term, all Deliverables will at the time of delivery to GS, at a minimum, be consistent with industry standards then in effect with respect to data protection and security. As of the Effective Date and at all times thereafter during the Term, all Deliverables that are Derivative Works of the Licensed Software will at the time of delivery to GS, at a minimum, be backwardly compatible with the data structures, databases and system architectures employed with previous versions of the Licensed Software then in use by GS. No Deliverable will result in any material loss or degradation of the functionalities, capabilities, features or security of the Licensed Software as set forth in the Documentation;

 

(h)    As of and at all times after the Effective Date, Consultant has not directly or indirectly offered or provided, and will not offer or provide, any GS Personnel any gratuity, merchandise, cash, service, benefit, fee, commission, dividend, gift or other consideration as an inducement in connection with this Agreement;

 

(i)     With respect to:

 

(i)    Any Deliverable that is not Work Product and that is a Derivative Work of the Licensed Material, as of and at all times after the Effective Date, except as disclosed in Exhibit K, as may be modified only in a writing signed by the Parties (with agreement by GS not to be unreasonably withheld or delayed), no Open Source Software, or Software licensed to Consultant by any other Person, is included or embedded in, or required for the GS Parties to use, operate or otherwise exercise their rights with respect to, any such Deliverable; and

 

(ii)    Any other Deliverable not included in Section 7.2(i)(i) of the GTCs immediately above, as of and at all times after the Effective Date, except as may be agreed to by the Parties in a writing signed by the Parties (with agreement by GS not to be unreasonably withheld or delayed), no Open Source Software, or Software licensed to Consultant by any other Person, is included or embedded in, or required for the GS Parties to use, operate or otherwise exercise their rights with respect to, any such Deliverable;

 

G)    As of and at all times after the Effective Date, the licensing terms for the Open Source Software disclosed above in Section 7.2(i) of the GTCs do not and will not (i) require the licensing, disclosure or distribution to any other Person of any Intellectual Property of the GS Parties (including the GS Material), other than Source Code licensed to GS that was Open Source Software prior to being licensed to GS, (ii) prohibit or limit the receipt of consideration in connection with the licensing, sublicensing or distribution of any Intellectual Property of the GS Parties (including the GS Material) to other Persons, (iii) allow any Person to decompile, disassemble or reverse engineer any Intellectual Property of the GS Parties (including the GS Intellectual Property), or (iv) otherwise impose any limitation, restriction or condition on the right or ability of the GS Parties, or their licensees or licensors, to license, disclose, distribute, reproduce or otherwise use any Intellectual Property of the GS Pmties (including the GS Material);

 

25

Goldman Sachs-CoreCard Confidential

 

(k)    As of and at all times after the Effective Date, with respect to the Open Source Software and third party material or Software disclosed above in Section 7.2(i) of the GTCs or otherwise included or embedded in a Deliverable ("Third Party Materials"), GS's rights and Consultant's obligations under this Agreement with respect to the Deliverables will apply also to all Third Party Materials, including GS's rights, and Consultant's obligations, with respect to indemnification of GS by Consultant under this Agreement (but, for clarity, such indemnification obligations will not extend to any third party Software that (i) is provided to GS by Consultant as a separate unit of Software on a standalone basis, (ii) is not included or embedded in a Deliverable by Consultant, and (iii) is not sublicensed by Consultant to GS in writing). GS's rights, and Consultant's obligations, will not be restricted or limited in any way by either the provision and use of any Third Party Materials in connection with this Agreement;

 

(I)     As of and at all times during which Consultant has an obligation to perform the Services, Consultant will perform the Services in a professional and workmanlike manner, consistent with applicable industry standards; and

 

(m)   As of and at all times during which Consultant has an obligation to perform the Services, each of the Consultant Personnel assigned to perform Services has and will have the proper skill, training and background so as to be able to provide such services in a competent and professional manner.

 

Section 7.3 Indemnification.

 

(a)   As used in this Section 7.3:

 

(i)    "Claims" means any and all suits, claims, demands, actions and proceedings threatened or brought by third parties.

 

(ii)    "Consultant Indemnitees" means Consultant and its Affiliates and each of its and their Personnel, managing directors, partners, officers, employees, successors, assigns, agents and representatives.

 

(iii)    "GS Indemnified Parties" means the GS Parties and the Divested Entities and each of its and their Personnel, Service Providers, managing directors, partners, officers, employees, shareholders, successors, assigns, agents and representatives.

 

(iv)    "Losses" means any actual liabilities, damages, costs, losses, obligations and expenses that are incurred in connection with a Claim, including court costs, investigation costs, and reasonable attorneys' and experts' fees and expenses.

 

(b)    Consultant shall, at its sole expense, defend, indemnify, and hold harmless the GS Indemnified Parties from and against any and all Claims and Losses to the extent arising from or in connection with or relating to:

 

(i)    Consultant or Consultant Personnel actions or omissions that are an actual or alleged breach of this Agreement;

 

(ii)   any assertion that any Consultant Personnel are employees of a GS Indemnified Party;

 

26

Goldman Sachs-CoreCard Confidential

 

(iii)    the performance, provision or utilization of Services, Consultant Material, Third Party Materials (only to the extent embedded within a Deliverable), Deliverables, concepts, information or process designed, procured or delivered by Consultant to GS hereunder or any portion thereof constitutes an infringement, violation, trespass, unauthorized use, misappropriation, contravention or breach of any Intellectual Property right of any third party;

 

(iv)    all claims for personal injuries, death or damage to tangible personal or real property, including claims of any employee of a GS Indemnified Party, to the extent caused by acts or omissions of Consultant or any of its Affiliates or its or their Personnel; or

 

(v)    GS conducting background, reference, educational, criminal record, credit and other checks, as well as fingerprinting and drug screens, of any Consultant Personnel, but only to the extent that GS uses such background checking and testing information for determining the eligibility of such Consultant Personnel performing Services under this Agreement.

 

With respect to Consultant's obligation to indemnify the GS Indemnified Parties pursuant to Section 7.3(b)(iii) of the GTCs, Consultant shall have no obligation to indemnify any of the GS Indemnified Parties to the extent that the Claim of infringement or misappropriation is caused by: (1) any of the GS Indemnified Parties' modification of the relevant item unless Consultant specifically directs, approves or authorizes such modification in writing; (2) such GS Indemnified Parties' use of such item in combination with any other item not owned, furnished, approved or recommended by Consultant in writing where the infringement or misappropriation would not have occurred but for such combination and where the combination was not contemplated by the Parties in writing; (3) Consultant has delivered to GS a release of the Deliverable that Consultant has informed GS in writing is necessary to avoid an infringement and/or misappropriation claim; or (4) Consultant's compliance with specifications provided by GS, where such specifications require that Consultant develop and implement Work Product, if any, for GS where such infringement would not have occurred but for compliance with GS's specifications, except to the extent Consultant knew that such compliance would result in such infringement.

 

(c)    GS shall, at its sole expense, defend, indemnify, and hold harmless the Consultant Indemnitees from and against any and all Claims and Losses to the extent arising from or in connection with or relating to:

 

(i)    the GS Parties' or their Personnel's actions or omissions that are an actual or alleged breach of this Agreement; or

 

(ii)    all claims for personal injuries, death or damage to tangible personal or real property, including claims of any employee of Consultant or any of its Affiliates, to the extent caused by acts or omissions of GS or any of its Affiliates or its or their employees or agents,

 

Section 7.4 Procedure. The applicable indemnified party will give the applicable indemnifying party prompt notice of any demand by the indemnified party for indemnification that is based on a Claim to be indemnified as set forth in Section 7.3(b) of the GTCs or Section 7.3(c) of the GTCs, as applicable, as well as copies of any papers served on the indemnified party relating to that Claim, but the indemnified party's failure to provide or delay in providing that notice or those copies will not release the indemnifying party from its obligations under this Article 7, except to the extent the failure or delay materially prejudices the indemnifying party's ability to defend or settle the Claim. The indemnifying party has the exclusive right to conduct the defense of any Claim and any negotiations for its settlement, except that (a) the indemnifying party may not bind any indemnified party to any agreement without the indemnified party's prior written consent, which the indemnified party may not unreasonably withhold or delay, (b) the indemnified party will assist the indemnifying party in its defense of any Claim, at the indemnifying party's request and expense, (c) the indemnified party may participate at its expense in the indemnifying party's defense of or settlement negotiations for any Claim with counsel of the indemnified party's own selection, and (d) the indemnified party may, at its option and the indemnifying party's expense, and on notice to the indemnifying party, conduct the defense of and any settlement negotiations for any Claim in place of the indemnifying party if the indemnifying party fails to promptly defend the Claim as required in this Article 7. The Parties acknowledge that this Article 7 is intended for the benefit of, and to be enforceable by, the GS Indemnified Parties and the Consultant Indemnitees, as applicable.

 

27

Goldman Sachs-CoreCard Confidential

 

Section 7.5 Mitigation and GS Remedies.

 

(a)    Where Consultant is required, or in Consultant's reasonable judgment is likely to be required, to indemnify the GS Indemnified Parties pursuant to Section 7.3(b)(iii) of the GTCs, Consultant will in addition to its indemnity obligations, and at its expense, pursue the following mitigation actions: (i) procure the right for the GS Indemnified Parties to continue using the infringing or allegedly infringing item in the manner described in this Agreement; (ii) replace the infringing or allegedly infringing item with a non-infringing equivalent, provided that such non-infringing equivalent does not result in a material degradation of the functionality, performance or quality in relation to the infringing or allegedly infringing item; (iii) modify the infringing or allegedly infringing item, or have the infringing or allegedly infringing item modified, to make it non-infringing, provided that such modification does not result in a material degradation of the functionality, performance or quality of the infringing or allegedly infringing item; or (iv) create a feasible non-infringing workaround, provided that such workaround does not result in a material degradation of the functionality, performance or quality in relation to the infringing or allegedly infringing item.

 

(b)    If options in Section 7.5(a) of the GTCs are not available on a commercially reasonable basis within a reasonable period of time, then GS may in its discretion: (i) terminate this Agreement and/or the applicable Schedule of Work for cause; and/or (ii) seek damages and other remedies against Consultant under this Agreement; or (iii) obtain a refund from Consultant to reflect the removal of the infringing or allegedly infringing item, such refund to be based on a five (5) year straight-line depreciation basis.

 

Section 7.6 Limitation of Liability.

 

(a)    FOR ALL ACTS, OMISSIONS OR EVENTS GIVING RISE TO LIABILITY THAT OCCUR DURING THE PERIOD COMMENCING ON THE EFFECTIVE DATE AND ENDING ON THE DAY BEFORE THE FIFTH ANNIVERSARY OF THE EFFECTIVE DATE, IN NO EVENT SHALL EITHER PARTY'S LIABILITY UNDER THIS AGREEMENT EXCEED THE GREATER OF:

 

(i)    [***], AND

 

(ii)    THE AGGREGATE AMOUNT PAID OR PAYABLE BY GS UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE DATE WHEN SUCH LIABILITY AROSE,

 

WHETHER IN CONTRACT, TORT, UNDER ANY WARRANTY OR ANY OTHER THEORY OF LIABILITY.

 

(b)    FOR ALL ACTS, OMISSIONS OR EVENTS GIVING RISE TO LIABILITY THAT OCCUR ON OR AFTER THE FIFTH ANNIVERSARY OF THE EFFECTIVE DATE, IN NO EVENT SHALL EITHER PARTY'S LIABILITY UNDER THIS AGREEMENT EXCEED THE GREATER OF:

 

(i)   [***], AND

 

28

Goldman Sachs-CoreCard Confidential

 

(ii)    THE AGGREGATE AMOUNT PAID OR PAYABLE BY GS UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE DATE WHEN SUCH LIABILITY AROSE,

 

WHETHER IN CONTRACT, TORT, UNDER ANY WARRANTY OR ANY OTHER THEORY OF LIABILITY.

 

(c)    IN NO EVENT WILL EITHER PARTY BE LIABLE UNDER THIS AGREEMENT FOR ANY LOST PROFITS OR LOST REVENUE, OR FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, EVEN IF IT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

 

(d)    NOTWITHSTANDING THE FOREGOING, NOTHING CONTAINED IN THE AGREEMENT SHALL LIMIT EITHER PARTY'S LIABILITY HEREUNDER FOR ANY CLAIM RESPECTING DAMAGES ARISING IN RESPECT OF CLAIMS UNDER THE CONFIDENTIALITY PROVISIONS HEREIN, THE DATA PROTECTION PROVISIONS HEREIN, OR THE INDEMNIFICATION PROVISIONS HEREIN, OR FOR ANY DAMAGES RESULTING FROM EITHER PARTY'S FRAUD, GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, OR FOR ANY CLAIMS FOR PERSONAL INJURY OR DAMAGE TO TANGIBLE PROPERTY.

 

ARTICLE 8

INTELLECTUAL PROPERTY RIGHTS, DELIVERABLES AND WORK PRODUCT

 

Section 8.1    Ownership.

 

(a)    GS Material. As between GS and Consultant, all right, title and interest, including all Intellectual Property rights, in and to the GS Material belong to and vest entirely in GS, its Affiliates or their licensors (as applicable). Consultant agrees not to take any action that would limit GS's, its Affiliates' and their licensors' ability to sell, license or assign any such Intellectual Property rights.

 

(b)    Ownership of Consultant Material. As between GS and Consultant, all right, title and interest, including all Intellectual Property rights, in and to the Consultant Material belong to and vest entirely in Consultant or its Affiliates or their licensors (as applicable), GS agrees not to take any action that would limit the Consultant's, its Affiliates' and their licensors' ability to sell, license or assign any such Intellectual Prope1ty rights.

 

Section 8.2    License Grants by Consultant.

 

(a)    License for Certain Deliverables (Non-Work Product). With respect to any Deliverable that is not Work Product and that is not a Derivative Work of the Licensed Material, Consultant grants GS and its Affiliates a perpetual, irrevocable, royalty-free, worldwide, paid-up, non­ transferable (subject to Section 10.1 and Section 10.2 of the GTCs) right and license to use each such Deliverable (which, if software, will be in Object Code form only) (A) solely to serve the needs of GS's and its Affiliates' internal businesses and operations (including to provide products and services to customers of GS and its Affiliates), and (B) under all Intellectual Property rights that are embodied in such Deliverable or otherwise necessary to enjoy the benefit of the right and license granted in this Section 8.2(a); provided, however that the foregoing right and license for each such Deliverable: (X) will come into effect upon the date that Consultant receives payment in full for such Deliverable from GS or its Affiliates; and (Y) if expressly affirmed in a Schedule of Work that this Section 8.2(a)(Y) is applicable, (i) will be exclusive to GS and its Affiliates during the Exclusivity Period; (ii) will be non-exclusive to GS and its Affiliates after such Exclusivity Period; and (iii) will become non-exclusive to GS and its Affiliates prior to the end of such Exclusivity Period if Consultant demonstrates to GS that the functionality of such Deliverable has become available in the market from other service providers or other software licensors.

 

29

Goldman Sachs-CoreCard Confidential

 

(b)    License for Derivative Works of Licensed Material (Non-Work Product). With respect to any Deliverable that is not Work Product and that is a Derivative Work of the Licensed Material, each such Deliverable will be licensed and, subject to Section 8.2(e)(i) of the GTCs, supported by Consultant to and for GS and its Affiliates pursuant to the terms and conditions of the Master License Agreement (including Section 2.1 of the Master License Agreement, subject to the proviso at the end of this Section 8.2(b)) and each such Deliverable will be deemed to be "Licensed Material" (as such term is defined in the Master License Agreement) under the Master License Agreement; provided, however that the foregoing right and license for each such Deliverable: (X) will come into effect upon the date that Consultant receives payment in full for such Deliverable from GS or its Affiliates; and (Y) if expressly affirmed in a Schedule of Work that this Section 8.2(b)(Y) is applicable, (i) will be exclusive to GS and its Affiliates during the Exclusivity Period; (ii) will be non-exclusive to GS and its Affiliates after such Exclusivity Period; and (iii) will become non-exclusive to GS and its Affiliates prior to the end of such Exclusivity Period if Consultant demonstrates to GS that the functionality of such Deliverable has become available in the market from other service providers or other software licensors.

 

(c)    License for Consultant Material Embedded in Work Product. With respect to any Consultant Material that is incorporated into or embedded in any Work Product, Consultant grants GS and its Affiliates a perpetual, irrevocable, royalty-free, worldwide, paid-up, transferable, unrestricted, sub-licensable and non-exclusive right and license to use such Consultant Material solely in connection with the Work Product within which such Consultant Material is embedded. Consultant retains all Intellectual Property rights to such Consultant Material for any future use.

 

(d)    Bankruptcy Code. The Parties acknowledge that (i) the licenses granted to GS and its Affiliates under this Agreement are licenses of "intellectual property;" and (ii) the subject matter of this Agreement is an "embodiment" of "intellectual property," in each case of (i)-(ii), as those terms are used in and interpreted under Section 365(11) of the United States Bankruptcy Code, as amended (the "Code"). The Parties intend that GS and each of its Affiliates, as a licensee of intellectual property, may retain and exercise all of its rights and elections under the Code, If Consultant (or any of its licensors) as a debtor in possession, or the trustee in bankruptcy, rejects this Agreement in whole or in part in a case under the Code or any analogous foreign statute, GS may elect to retain and exercise its rights under this Agreement, and any supplementary agreement.

 

(e)    Deliverable Support.

 

(i)    With respect to any Deliverable that is a Derivative Work of the Licensed Material (including if such Deliverable is Work Product), if the Parties in a Schedule of Work agree that Consultant will support and maintain any such Deliverable, then the relevant Schedule of Work shall specify: (A) the scope of such support and maintenance Services (provided that such scope shall be consistent with the scope of Support Services (as defined in the Master License Agreement) set out in the Master License Agreement); and (B) the annual fees payable by GS for such support and maintenance Services (provided that such amrnal fees shall meet the requirements of Section 3(c)(i)(D) of Exhibit A to the Master License Agreement). For clarity, (1) the foregoing shall apply to Updates (as defined in the Master License Agreement) provided by Consultant under this Agreement as part of the Services pursuant to Section 3(c)(i)(D) of Exhibit A to the Master License Agreement; and (2) the foregoing shall not apply to Updates (as defined in the Master License Agreement) provided by Consultant under the Master License Agreement (x) as part of the Support Services (as defined in the Master License Agreement), and (y) in consideration of GS's payment to Consultant of the Support Fees (as defined in the Master License Agreement).

 

30

Goldman Sachs-CoreCard Confidential

 

(ii)    With respect to any Deliverable that is not a Derivative Work of the Licensed Material (including if such Deliverable is Work Product), if the Parties in a Schedule of Work agree that Consultant will support and maintain any such Deliverable, then the relevant Schedule of Work shall specify: (A) the scope of such support and maintenance Services (provided that such scope shall be as consistent as reasonably possible with the scope of Support Services (as defined in the Master License Agreement) set out in the Master License Agreement); and (B) the annual fees payable by GS for such support and maintenance Services (provided that such annual fees shall be as consistent as reasonably possible with the requirements of Section 3(c)(i)(D) of Exhibit A to the Master License Agreement).

 

(f)    GS Rights. To the extent that any GS rights under this Agreement are conditioned on GS making payment in full to Consultant, the Parties agree that no such condition will affect or restrict GS's rights under this Agreement with respect to (i) acceptance testing; and (ii) disputed fees as set forth in Section 6.3 of the GTCs.

 

Section 8.3 License Grants by GS.

 

(a)    License for GS Material. Subject to any limitations or restrictions set fo1th in agreements between GS (or its Affiliate) and its third party licensors, GS grants Consultant and its Affiliates and Personnel a limited, royalty-free, worldwide, paid-up, non-transferable and non-exclusive right and license to use during the Term of this Agreement GS Material furnished to Consultant or its Affiliates or Personnel pursuant to this Agreement solely in accordance with this Agreement and for the sole purpose of providing Services to GS and GS Affiliates hereunder. Consultant acknowledges that GS Material is provided "as is", and all warranties and representations of any kind with regard to GS Material are disclaimed, including any implied warranties of merchantability, quality, accuracy, non-infringement, fitness for a particular purpose and/or warranties that GS Material is error-free and/or warranties as to any results to be obtained by and/or from the use of GS Material.

 

(b)    Feedback License. In the event GS provides to Consultant any suggestions, comments or other feedback (collectively, the "Feedback"), GS hereby grants to Consultant a perpetual, royalty-free, irrevocable, worldwide, paid-up, and non-exclusive right and license to use the Feedback in any manner or form and for any purpose that Consultant elects, including the right and license to sublicense, license, assign, disclose, release, make available or otherwise transfer the Feedback to any third party or any make modifications, improvements, enhancements, or Derivative Works thereof; provided, however, that (i) such use by Consultant shall not identify GS or its Affiliates as the provider of the Feedback; (ii) Consultant acknowledges that the Feedback and such license is provided "as is", and all warranties and representations of any kind with regard to the Feedback are disclaimed by GS and its Affiliates, including any implied warranties of merchantability, quality, accuracy, non-infringement, fitness for a particular purpose and/or warranties that the Feedback is error-free and/or warranties as to any results to be obtained by and/or from the use of the Feedback; and (iii) such license does not and shall not restrict, impede or otherwise affect (A) the Intellectual Property rights of GS and/or its Affiliates in and to the Feedback, or (B) the right of GS and its Affiliates to use the Feedback in any manner or form and for any purpose that GS or its Affiliate elects, including the right to sublicense, license, rent, sell, assign, disclose, release, make available or otherwise transfer the Feedback to any third party or make any modifications, improvements, enhancements, or Derivative Works thereof.

 

31

Goldman Sachs-CoreCard Confidential

 

Section 8.4  Terms Regarding Work Product.

 

(a)    Subject to Section 8.2(c) of the GTCs, GS and Consultant intend for Work Product to be works made-for-hire, and Consultant acknowledges and agrees that any Work Product (including all Source Code for Work Product that is Software) will belong solely and exclusively to GS upon payment in full therefore, with GS having the sole right to obtain, hold and renew, in its own name and/or for its own benefit, all Intellectual Property rights with respect to any Work Product.

 

(b)    Subject to Section 8.2(c) of the GTCs, to the extent that exclusive title and ownership rights in Work Product may not originally vest in GS as contemplated hereunder, Consultant hereby irrevocably assigns, transfers and conveys to GS, and will cause its Affiliates and Personnel to irrevocably assign, transfer and convey to GS, all right, title and interest in all Work Product.

 

(c)    Consultant will, and will cause its Affiliates and Personnel to, give GS or GS's designee all reasonable assistance and execute all documents necessary to assist with enabling GS to prosecute, perfect, register or record its Intellectual Property rights in and to any Work Product. Consultant will enter into written agreements with its Personnel providing the Services as may be necessary to ensure GS's rights under this Agreement.

 

(d)    Consultant and its Personnel will, if requested, at the time of the initiation of the development of Work Product under a Schedule of Work provide GS with a certificate evidencing compliance with this Section 8.4.

 

(e)    Any and all Work Product, if any, and related Material will be delivered to GS on payment in full therefore, and Consultant and its Affiliates or Personnel may retain copies solely for the purpose of providing technical support with respect to such Work Product.

 

Section 8.5 Third Party Materials. Subject to Section 7.2(i), Section 7.2U) and Section 7.2(k) of the GTCs: (a) Consultant will not include in any Deliverable, without OS's prior written consent, any Third Party Materials; (b) Consultant will provide GS all licenses applicable to the Third Patty Materials, including GS's use thereof ("Third Party Licenses") together with any request for GS's consent; and (c) Consultant need not seek additional consent to use Third Patty Materials that have been explicitly identified in, and for which all Third Party Licenses have been provided to GS prior to execution of, the applicable Schedule of Work.

 

ARTICLE 9

TERM AND TERMINATION

 

Section 9.1 Term.

 

(a)    This Agreement is effective as of the Effective Date and will continue in effect until terminated in accordance with this Article 9 (that period in which the Agreement is in effect, the "Term").

 

(b)    The Services shall commence on the date set forth in each applicable Schedule of Work and shall continue thereafter for the period set forth in such Schedule of Work or upon the completion of the Services to be performed pursuant to such Schedule of Work (each such term, the "SOW Term"), unless otherwise terminated earlier in accordance with the terms of such Schedule of Work or this Agreement.

 

(c)    After termination or non-renewal of this Agreement or any Schedule of Work, all licenses granted to GS and its Affiliates, and the restrictions and limitations and all GS obligations with respect thereto, under this Agreement will continue in full force and effect without impairment or modification, and GS and its Affiliates will have no obligation to return or cease the use of any Deliverables that are not Work Product.

 

32

Goldman Sachs-CoreCard Confidential

 

Section 9.2 Termination by GS. In addition to GS's termination rights expressly set forth elsewhere in this Agreement, GS will have the right to terminate this Agreement or any Schedule of Work as follows:

 

(a)    Termination For Cause: Curable Material Breach. In the event of a material breach of the Agreement or a Schedule of Work by Consultant, GS may terminate the Agreement or the Schedule of Work for cause by giving Consultant written notice of the breach and GS's intention to terminate, indicating in reasonable detail the nature of the breach. If the breach has not been cured within the period ending thirty (30) days after Consultant's receipt of such notice, and GS provides written notice of termination to Consultant ("Termination Notice"), this Agreement (or relevant Schedule of Work) will terminate at the time specified in the Termination Notice. In the event that the Agreement (or relevant Schedule of Work) is terminated for cause pursuant to this Section, GS will, in addition to its rights of termination, be entitled to pursue all other remedies against Consultant.

 

(b)    Termination For Cause: Non-curable Material Breach. In the event of a material breach of the Agreement or a Schedule of Work by Consultant that is not curable within thirty (30) days, GS may terminate this Agreement or the Schedule of Work for cause upon written notice to Consultant. In the event that the Agreement (or relevant Schedule of Work) is terminated for cause pursuant to this Section, GS will, in addition to its rights of termination, be entitled to pursue all other remedies against Consultant.

 

(c)    Termination For Cause: Multiple Breaches Collectively Material. In the event of either (i) a series of material breaches of the Agreement or a Schedule of Work by Consultant over any twelve (12) consecutive month period that are cured within the time period specified in Section 9.2(a) of the GTCs, or (ii) a series of non-material breaches of the Agreement or a Schedule of Work by Consultant over any twelve (12) consecutive month period that in the aggregate constitute a material breach of the Agreement (including multiple service level defaults that in the aggregate constitute a material breach of the Agreement, regardless of whether any service level credits were paid), and (in either case) following escalation of the issues to the senior management of both Parties, GS may terminate the Agreement or the Schedule of Work for cause upon written notice to Consultant. In the event that the Agreement (or relevant part thereof) is terminated for cause pursuant to this Section, GS will, in addition to its rights of termination, be entitled to pursue all other remedies against Const1ltant.

 

(d)    Termination For Cause: Failure to Pass Acceptance Testing. A Material Acceptance Failure will, at the option of GS, constitute a material breach of the Agreement or a Schedule of Work, and GS will have the right to terminate the Agreement or a Schedule of Work for cause upon written notice to Consultant. In the event that the Agreement or a Schedule of Work is terminated for cause pursuant to this Section, subject to Section 5.7(A) of the GTCs, GS shall immediately cease using the non-accepted Test Item, delete the Test Item from all computers and storage devices and either immediately return all copies of the Test Item to Consultant or immediately destroy all copies of the Test Item. In the event that the Agreement (or relevant part thereof) is terminated for cause pursuant to this Section, GS will, in addition to its rights of termination, be entitled to pursue all other remedies against Consultant.

 

(e)    Termination for Cause: Failure o(Mitigation. If the mitigation options described in Section 7.5 of the GTCs are not feasible, GS will have the right to terminate this Agreement or the Schedule of Work for cause upon written notice to Consultant. In the event that the Agreement (or relevant Schedule of Work) is terminated for cause pursuant to this Section, GS will, in addition to its rights of termination, be entitled to pursue all other remedies against Consultant.

 

33

Goldman Sachs-CoreCard Confidential

 

(f)    Termination for Cause: Failure to Comply with Laws. If Consultant either (X) materially violates any Laws applicable to Consultant and/or the Services (for example, by Consultant breaching its obligations in Section 4.2 of the GTCs or Section 7.2(a) of the GTCs); or (Y) causes GS to be in breach of or non-compliant with any applicable Law of which GS has notified Consultant that applies to the conduct of the business of GS or its Affiliates (for example, by Consultant breaching its obligations in Section 4.2 of the GTCs); or (Z) violates any applicable Laws, or any GS policies that have been disclosed to Consultant, regarding the offering of unlawful or improper inducements in relation to this Agreement, then:

 

(i)    if any such breach is not curable, as reasonably determined by GS or its regulators (and the Parties agree that any breach described in the foregoing subsection (Z) is not curable), GS may terminate this Agreement or the Schedule of Work for cause upon written notice to Consultant, and

 

(ii)    if any such breach is curable, as reasonably determined by GS or its regulators (excluding any breach described in the foregoing subsection (Z)), GS may terminate this Agreement or the Schedule of Work for cause if GS gives Consultant written notice of the breach and Consultant fails to cure such breach within thirty (30) days after Consultant's receipt of such notice.

 

In the event that the Agreement (or relevant Schedule of Work) is terminated for cause pursuant to this Section, GS will, in addition to its rights of termination, be entitled to pursue all other remedies against Consultant.

 

(g)    Termination for Cause: Other Bad Acts. If Consultant commits or engages in intentional torts, willful misconduct (including intentional breach of contract), unlawful conduct or gross negligence in relation to this Agreement or a Schedule of Work, GS will have the right to terminate this Agreement or the Schedule of Work for cause upon written notice to Consultant. In the event that the Agreement (or relevant Schedule of Work) is terminated for cause pursuant to this Section, GS will, in addition to its rights of termination, be entitled to pursue all other remedies against Consultant.

 

(h)    Termination for Cause: Financial Condition. If Consultant experiences an Event of Deteriorating Financial Condition and is not performing its material obligations in accordance with this Agreement or a Schedule of Work, GS will have the right to terminate this Agreement or the Schedule of Work for cause upon written notice to Consultant. In the event that the Agreement (or relevant Schedule of Work) is terminated for cause pursuant to this Section, GS will, in addition to its rights of termination, be entitled to pursue all other remedies against Consultant.

 

(i)    Termination for Convenience. Notwithstanding anything to the contrary contained in this Agreement, and without modification of GS's right to access and use the Deliverables:

 

(i)    Subject to Section 9.2(i)(ii) of the GTCs, GS may terminate this Agreement at any time by giving Consultant at least sixty (60) days prior written notice of termination. If GS terminates this Agreement pursuant to the foregoing, this Agreement and all outstanding Schedules of Work shall terminate on the effective date specified in such notice. Upon any such termination, GS shall have no further payment obligation with respect to this Agreement or any Schedules of Work except to pay Consultant for the Services performed prior to its termination, and Consultant shall have no further obligation with respect to the Deliverables under the Schedules of Work so terminated except as described in Section 9.4 of the GTCs below; and

 

34

Goldman Sachs-CoreCard Confidential

 

(ii)    Unless otherwise expressly set forth to the contrary in a Schedule of Work with respect to requiring prior written notice for the termination of such Schedule of Work, GS may terminate any Schedule of Work and any Services under a Schedule of Work, in whole or in part, immediately for any reason at any time upon written notice to Consultant. Upon any such termination, GS shall have no further obligation with respect to such Schedule of Work except to pay Consultant for the Services performed prior to its termination, and Consultant shall have no further obligation with respect to the Deliverables under the Schedule of Work so terminated except as described in Section 9.4 of the GTCs below. Any such termination shall not be interpreted to terminate this Agreement.

 

G) Termination for Force Majeure. GS may terminate this Agreement or a Schedule of Work as a result of Force Majeure as described in Section 10.8 of the GTCs.

 

(k) Termination for Consultant Change of Control, Upon a Change of Control of Consultant or its parent Affiliate and for a period of up to one (1) year after the Change of Control becomes effective, GS may terminate this Agreement. "Change of Control" means the occurrence of any of the following: (i) the sale, lease, transfer, conveyance or other disposition, or by way of merger or consolidation, in one or a series of related transactions, of all or substantially all of the assets of Consultant or its parent Affiliate (or any successor entity to either thereof) to a "person", as such term is used in Section 13(d)(3) of the Securities Exchange Act of 1934, as amended, where such "person" either does not have sufficient financial and operational resources to continue Consultant's business, or is an entity with which a regulator of a GS Party indicates that the GS Party cannot do business (e.g., the country, entity or individual is subject to embargo or sanctions by the United States government); or (ii) the consummation of any transaction, including, without limitation, any merger or consolidation, the result of which is that a "person" becomes the beneficial owner, directly or indirectly, of more than 50% of the voting stock of Consultant or its parent Affiliate, where such "person" either does not have sufficient financial and operational resources to continue Consultant's business, or is an entity with which a regulator of a GS Party indicates that the GS Party cannot do business (e.g., the country, entity or individual is subject to embargo or sanctions by the United States government). Any such termination by GS will be without any penalty, liability or increase in any fees.

 

Section 9.3 Termination by Consultant. Subject to Section 6.3 of the GTCs, if GS fails to pay Consultant two (2) months' worth of charges within forty-five (45) days of the due date under this Agreement and fails to cure such default within thirty (30) days of written notice from Consultant regarding such failure and of the possibility of termination for failure to make such payment in full, Consultant may, by written notice to GS, terminate this Agreement for cause as of a date specified in the notice of termination. In such event, (a) all licenses granted to the GS Parties, and the restrictions and limitations and obligations with respect thereto, under this Agreement for Deliverables for which Consultant has received payment in full will continue in full force and effect without impairment or modification; (b) all licenses granted to the GS Parties under this Agreement for Deliverables for which Consultant has not received payment in full will terminate on the date specified in the notice of termination; (c) the GS Parties will have no obligation to return or cease the use of any Deliverable (other than Work Product) to which GS has perpetual license rights under this Agreement or the Master License Agreement and for which Consultant has received payment in full; (d) on the date specified in the notice of termination, the GS Parties will be obligated to return or cease the use of any Deliverable (other than Work Product) to which GS has perpetual license rights under this Agreement or the Master License Agreement and for which Consultant has not received payment in full (subject to Section 5.7(A) of the GTCs); (e) the GS Parties will have no obligation to return or cease the use of any Work Product (including Source Code) for which Consultant has received payment in full (including any in progress Work Product for which Consultant has received payment in full); and (f) on the date specified in the notice of termination, the GS Parties will be obligated to return or cease the use of any Work Product (including Source Code) for which Consultant has not received payment in full (including any in progress Work Product for which Consultant has not received payment in full) (subject to Section 5.7(A) of the GTCs).

 

35

Goldman Sachs-CoreCard Confidential

 

Section 9.4 Consequences of Termination and Post-Termination,

 

(a)    Following service of a notice pursuant to this Article 9 terminating this Agreement or a Schedule of Work, but prior to the effective date of such termination, each Patty shall continue to abide by the terms and conditions of this Agreement, comply fully with its obligations hereunder and shall not in any way hinder or interrupt the performance of this Agreement during any period between the date of the termination notice and the date of actual termination.

 

(b)    Upon termination or expiration of this Agreement or any Schedule of Work for whatever reason:

 

(i)    Consultant shall deliver to GS all Work Product (including Source Code) for which Consultant has received payment in full at the time of termination or expiration (including any in progress Work Product for which Consultant has received payment in full at the time of termination or expiration);

 

(ii)    Consultant shall deliver to GS all Deliverables (other than Work Product) to which it has perpetual license rights under this Agreement or the Master License Agreement and for which Consultant has received payment in full;

 

(iii)    Consultant shall, at OS's cost and expense, work with GS to ensure a smooth transition of Services to GS or a third party;

 

(iv)    Consultant shall cease to use and shall return to GS: (A) all GS Material; and (B) all equipment, third party software and/or documentation provided by GS during the provision of the Services;

 

(v)    if requested by GS, and at OS's cost and expense, Consultant shall negotiate in good faith to assign any Third Party Materials, licenses, equipment leases, maintenance agreements, support agreements or other agreements relating primarily to the Services;

 

(vi)    Consultant shall repay to GS all monies paid in advance in respect of the Services which have not been supplied; and

 

(vii)    Consultant shall render a final invoice for any Services performed since the date of the last invoice issued under this Agreement which GS shall pay in accordance with Article 6.

 

(c)    Termination of this Agreement or a Schedule of Work shall be without prejudice to any rights or remedies either Party may have against the other under the Agreement or in respect of any antecedent breach.

 

36

Goldman Sachs-CoreCard Confidential

 

Section 9.5 Survival.

 

(a)    Article 5 (Confidentiality and Data Security), Section 7.3 (Indemnification), Section 7.4 (Procedure), Section 7.5 (Mitigation and GS Remedies), Section 7.6 (Limitation of Liability), Article 8 (Intellectual Property Rights, Deliverables and Work Product), Section 9.4 (Consequences of Termination and Post-Termination), and Section 10.11 (No Promotion) of the GTCs shall survive the termination or expiration of this Agreement, together with any other provision of this Agreement (or any exhibit, schedule or attachment hereto) which, by its terms, survives termination or expiration of this Agreement.

 

(b)    [***]

 

Section 9.6 Termination of Master License Agreement. Subject to the terms of Section 9.4(b) of the Master License Agreement regarding transition services, and unless otherwise agreed to by the Parties in writing, if the Master License Agreement terminates or expires for any reason, this Agreement and all Schedules of Work hereunder will terminate on the effective date of the termination or expiration of the Master License Agreement (as extended by such transition services).

 

ARTICLE 10

MISCELLANEOUS

 

Section 10.1 Assignment. Neither Party may assign, delegate or otherwise transfer this Agreement or any of its rights, remedies or obligations under this Agreement (including by forward or reverse merger, consolidation, dissolution or operation of Law, and/or whether voluntarily or by a Governmental Authority's action or order, and/or pursuant to any Change of Control) without the other Party's prior written consent (which that other Party may not unreasonably withhold or delay); except that if a Party assigns or otherwise transfers the Master License Agreement as permitted under Section 10.1 of the Master License Agreement, then such Party shall assign or otherwise transfer this Agreement at the same time as, and to the same permitted assignee or transferee, as such assignment or transfer. Any assignment of this Agreement in contravention of this Section 10.1 is void. The Parties agree that if, as of the effective date of any corporate event described in Section 10.l(a)(Y) of the Master License Agreement, there exists a GS or GS permitted assignee proprietary Card (as defined in the Master License Agreement) program(s) that does not meet the requirements in the Section 10.l(a)(Y) of the Master License Agreement, and if GS or the GS permitted assignee desire to continue such proprietary Card program(s), then GS (or the GS permitted assignee) and Consultant immediately shall enter into a separate agreement that is identical to this Agreement in order for Consultant to grant license rights and perform Services with respect to such proprietary Card program(s). This Agreement binds and inures to the benefit of the Parties and their respective successors and permitted assigns.

 

Section 10.2 Divested Entity. If, during the Term of this Agreement, GS divests all or a portion of its ownership interest in any Divested Entity, the Parties agree that the Divested Entity may, for a period of eighteen (18) months after the effective date of such divestiture (or such shatter period of time as Consultant and the Divested Entity may agree in writing) (the "Transition Period") continue to receive Services and use the Deliverables (other than Work Product) in accordance with this Agreement and without additional charges or fees; provided that the Divested Entity: (i) used the Deliverables prior to being divested, (ii) after being divested, does not require Consultant to modify its systems or processes used to perform and provide the Deliverables and/or the Services; and (iii) either: (A) GS agrees in writing to be responsible for (x) the obligations of the Divested Entity under the Agreement; and (y) the actions and/or omissions of the Divested Entity in breach of the Agreement to the same extent as if such actions and/or omissions were the actions and/or omissions of GS; or (B) the Divested Entity agrees in writing to be subject to all of the terms and conditions of the Agreement. Consultant and the Divested Entity and/or their respective Affiliates will use reasonable efforts and good faith efforts to enter into agreements granting the Divested Entity rights during and/or after the Transition Period that are substantially similar to the rights granted to the GS Parties in this Agreement.

 

37

Goldman Sachs-CoreCard Confidential

 

Section 10.3 Entire Agreement; Prior Agreement. This Agreement (including all Exhibits to this Agreement and the addenda specified in Section 10.17 of the GTCs below and all Schedules of Work executed hereunder) constitutes the entire agreement, and supersedes any prior or contemporaneous statements or agreements with respect to the subject matter hereof. The Parties agree that: (a) as of the Effective Date, this Agreement supersedes the Services Agreement entered into by and between Goldman Sachs Bank USA and Consultant on January 12, 2018 ("Services Agreement"); (b) as of the Effective Date, the Services Agreement is no longer in effect; (c) although there are no statements of work (or the like) that are active and in effect under the Services Agreement, Consultant was performing certain services under the Services Agreement immediately prior to the Effective Date; (d) with respect to any such services that had been performed by Consultant under the Services Agreement immediately prior to the Effective Date and that will continue to be performed by Consultant after the Effective Date (the "Ongoing Services"), such services (i) shall be described in one or more Schedules of Work hereunder (which Schedules of Work shall be executed by the Parties at the same time that the Parties execute this Agreement or as shortly as possible thereafter); and (ii) shall be deemed "Services" under this Agreement commencing on the Effective Date; and (e) all services that had been performed by Consultant under the Services Agreement prior to the Effective Date (the "Prior Services") shall be deemed to have been performed pursuant and subject to the terms of this Agreement; provided, however, that with respect to the Prior Services: (i) GS shall not have the right to dispute any amounts under the Services Agreement that have been invoiced by Consultant prior to the Effective Date and paid by GS prior to the Effective Date; and (ii) those Prior Services (including any associated completed deliverables that have been provided to GS) that are not Ongoing Services shall be deemed to be complete and accepted by GS.

 

Section 10.4 Severability. If a Governmental Authority of competent jurisdiction holds any provision of this Agreement to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired thereby, and such provision shall be deemed to be restated to reflect the Parties' original intentions as nearly as possible in accordance with applicable Law(s).

 

Section 10.5 Amendment, This Agreement may be amended or modified only by a written instrument signed by each Party's authorized representative referring to this Agreement that explicitly states that the intent of that instrument is to amend or modify this Agreement and is executed in accordance with Section 10.14 of the GTCs, but "written instrument" does not include (a) the text of e­ mails or similar electronic transmissions, or (b) the terms of any (i) shrink-wrap, click-wrap, browse-wrap or similar agreement between the Parties or (ii) website owned, operated or controlled by either Party.

 

Section 10.6 Governing Law. This Agreement (including this Section 10.6), any dispute, claim or controversy between the Parties arising out of or relating to this Agreement, whether in contract, tmt or otherwise (each, a "Disputed Matter"), and the Parties' rights, remedies and obligations under this Agreement, are to be construed in accordance with and governed by the laws of the State of New York applicable to agreements made and to be wholly performed in that state by Persons residing or having their principal places of business therein, without giving effect to the State of New York's conflict of laws rules to the extent those rules would require applying another jurisdiction's laws. Both Parties hereby waive any right to a trial by jury. The Parties exclude the application to this Agreement of the United Nations Convention on Contracts for the International Sale of Goods. The Parties may commence an action, suit or proceeding arising out of or relating to this Agreement only in, and hereby consent to the exclusive jurisdiction of, the federal and state courts located in the County of New York within the State of New York.

 

38

Goldman Sachs-CoreCard Confidential

 

Section 10.7 Dispute Resolution. The Parties shall resolve Disputed Matters in accordance with the following procedures:

 

(a)    For purposes of this Section 10.7, "Disputed Matters" excludes claims for indemnification under Article 7 of the GTCs.

 

(b)    Before initiating formal legal action against the other Party relating to a Disputed Matter, the Parties agree to work in good faith to resolve disputes and claims arising out of this Agreement. To this end, either Party may request that each Party designate an officer or other management employee with authority to bind such Party to meet to resolve the dispute or claim. If the dispute is not resolved within thirty (30) days (or such longer time period as the Parties may agree in writing) of the commencement of informal effo1ts under this paragraph, either Party may pursue formal dispute resolution. The Parties acknowledge that their discussions and efforts during such period to resolve a Disputed Matter are settlement discussions under applicable rules of evidence and without prejudice to either Party's legal position. This paragraph will not apply if expiration of the applicable time for bringing a formal legal action is imminent, and will not prohibit a Patty from pursuing injunctive or other equitable relief to which it may be entitled.

 

(c)    Each Party is required to and will continue performing its obligations under the Agreement while the Parties are participating in this dispute resolution process toward·resolution of a Disputed Matter unless and until such obligations are terminated by the termination or expiration of the Agreement pursuant to the terms of this Agreement (provided, for clarity, that the foregoing does not affect Consultant's obligations in Section 9.4(b) of the GTCs). For the avoidance of doubt, GS's withholding of payment of disputed charges as permitted under Section 6.3 of the GTCs will not be considered to prevent Consultant from performing the Services, nor will this Section be interpreted to limit either Party's right to terminate the Agreement as provided in this Agreement. Each Party understands that a breach of this Section could foreseeably cause substantial harm to the other Party for which monetary damages may not be sufficient, and, therefore, without limiting other rights herein, each Party agrees that the other Party will be entitled to seek injunctive relief to prevent breaches of this Section or to specifically enforce the terms of such Section.

 

Section 10.8 Force Majeure. Neither Party shall incur any liability due to failure or delay in performance of any obligation caused by Force Majeure, at least for the duration of the Force Majeure; provided, however, that the affected Party shall promptly notify the other of the existence of the Force Majeure and the effect on its ability to perform its obligations, and that the affected Party undertakes all reasonable efforts to mitigate the impact of the Force Majeure on the other Party. The term "Force Majeure" shall mean and include any act of God, industry-wide strikes, explosion, fire, flood, war and other hostilities, civil commotion, governmental acts, regulations or orders, generalized inadequate supply of raw materials or components, or any other circumstance of a similar nature beyond the reasonable control of an affected Patty (but excluding any act or omission by an Affiliate of such Party). If any Force Majeure endures more than sixty (60) days and prevents, hinders or delays Consultant's performance of a material part of the Services then, upon notice to Consultant, the Parties shall meet and review in good faith the desirability and conditions of this Agreement, and GS may determine to terminate without further liability to Consultant. GS shall have the right to cover and seek a third party source for Services, at its own expense, during any event of Force Majeure, without liability to Consultant for any such services affected by the Force Majeure. Consultant shall not be entitled to claim relief under this Section to the extent the effect of the Force Majeure event could have been avoided or mitigated by the proper performance of its disaster recovery and business continuity obligations hereunder. For clarity, a Force Majeure event that affects Consultant will not affect the licenses granted to the GS Parties under this Agreement or GS's access and use of the Deliverables.

 

39

Goldman Sachs-CoreCard Confidential

 

Section 10.9 No Presumption. The Parties acknowledge that the provisions of this Agreement are the language the Parties chose to express their mutual intent and hereby waive any remedy and the applicability of any Law that would require interpretation of any claimed ambiguity, omission or conflict in this Agreement against the Party that drafted it.

 

Section 10.10 Interpretation. The descriptive headings in this Agreement are used solely for convenience and are not intended to affect its meaning or interpretation. The words "including," "include," and "includes" are not limiting and are to be read as if they were followed by the phrase "without limitation." The word "or" should be interpreted to mean "and/or" except where the context does not so permit. The words "sole discretion" mean, with respect to any determination to be made under this Agreement by a Party, the sole and absolute discretion of that Party, without regard to any standard of reasonableness or other standard by which the determination of that Party might be challenged. The words "reasonable efforts" mean, with respect to a given obligation, the efforts that a reasonable and prudent Person desirous of achieving a result would use in similar circumstances to perform that obligation as promptly as possible consistent with its normal business practices and good-faith business judgment, including the incurrence of reasonable immaterial expenditures or liabilities. Unless stated otherwise, all references to a date or time of day in this Agreement are references to that date or time of day in New York, New York. Each of "shall" and "will" is, unless the context requires otherwise, an expression of command, not merely an expression of future intent or expectation. Singular terms include the plural and vice versa. Reference to one gender includes all genders.

 

Section 10.11 No Promotion. Consultant agrees that it will not, without the prior written consent of GS in each instance, (i) use in advertising, publicity, marketing or other promotional materials or activities, the name, trade name, trademark, trade device, service mark or symbol, or any abbreviation, contraction or simulation thereof, of GS, its Affiliates or their respective partners or employees, or (ii) represent, directly or indirectly, that any product or any service provided by Consultant has been approved or endorsed by GS.

 

Section 10.12 Third-Party Beneficiaries. Except to the extent stated otherwise in this Agreement, nothing in this Agreement confers any legal or equitable right, benefit or remedy upon any Person other than the Parties. GS and Consultant specifically acknowledge and agree that it is their intention (i) that all of the Deliverables and/o Services contemplated by the Agreement be made available to, and used by, the GS Parties, and (ii) that the GS Patties are third party beneficiaries entitled to enforce the terms and conditions of this Agreement.

 

Section 10.13 No Waiver. A Party's failure to enforce any provisions of or rights deriving from this Agreement does not waive those provisions or rights, or that Patty's right to enforce those provisions or rights. Except to the extent stated otherwise in this Agreement, each Party's rights and remedies under this Agreement are cumulative and are in addition to any other rights and remedies available at Law or in equity.

 

Section 10.14 Counterparts. The Parties may execute this Agreement in one or more counterparts, each of which when executed is an original counterpart and all of which taken together constitute one and the same Agreement. A Patty's delivery to the other Patty of an original counterpart to this Agreement in accordance with this Section 10.14, or as a scanned image (such as a .pdf file) attached to an email to the other Patty's authorized representative, is effective as delivery of that counterpart.

 

40

Goldman Sachs-CoreCard Confidential

 

Section 10.15 Notices. All notices, requests, claims and other communications described in or otherwise regarding this Agreement must be in writing and shall be deemed given (a) if delivered by hand, on the date delivered to a Party at its address identified on the signature page of this Agreement or at any other address of which that Party has notified the other Party in accordance with this Section 10.15, or (b) if sent by registered or certified mail, return receipt requested, or by a reputable overnight delivery service, three (3) Business Days following the date sent to a Party at its address identified on the signature page of this Agreement or at any other address of which that Paiiy has notified the other Paiiy in accordance with this Section 10.15.

 

Section 10.16 Exclusion of Alternate Terms. This Agreement and the Exhibits hereto contain the exclusive set of terms applicable to the Services, notwithstanding any other set of terms (i) that may be embedded in or displayed by the Deliverables or the Services, during or after installation or operation thereof, (ii) to which the Deliverables or Services may refer, (iii) that may accompany or be packaged with the Deliverables or Services, or (iv) that may be presented at any time to either Party or its Personnel or agents orally, online, electronically, whether by click-thru or opt-in, or in writing (the foregoing, collectively, "Other Terms"), whether or not any such Party or its personnel or agent assents to the Other Terms online, electronically or otherwise at any time. Such Other Terms shall be void with respect to the Parties.

 

Section 10.17 Order of Precedence.

 

(a)    As of the Effective Date, this Agreement comprises: (i) the General Terms and Conditions of this document ("GTCs"); (ii) Exhibit A (Form of Schedule of Work) attached hereto; (iii) Exhibit B (Rates) attached hereto; (iv) Exhibit C (Insurance Requirements) attached hereto; (v) Exhibit D (Key Personnel) attached hereto; (vi) [***]; (vii) the Resolution and Recovery Amendment attached hereto as Exhibit F (the "R&R Addendum"); (viii) the Data Protection Addendum attached hereto as Exhibit G (the "Data Protection Addendum"); (ix) the Consumer Compliance Amendment attached hereto as Exhibit H (the "Consumer Compliance Addendum"); (x) Exhibit I (Approved Affiliates and Subcontractors) attached hereto; (xi) Exhibit J (MasterCard Rules) attached hereto (the "MasterCard Rules"); and (xii) Exhibit K (Third Party Materials) attached hereto.

 

(b)    If there is a conflict among any of the documents that comprise this Agreement, the following order of precedence will prevail: (i) [***]; (ii) MasterCard Rules; (iii) R&R Addendum; (iv) Data Protection Addendum; (v) Consumer Compliance Addendum; (vi) GTCs; (vii) any other exhibit, schedule or attachment to the GTCs; (viii) any amendment to this Agreement subsequently executed by the Parties (except to the extent such document expressly overrides a provision in items (i)-(vii)); and (ix) any Schedule of Work executed by the Parties or otherwise effective hereunder (except to the extent such document expressly overrides a provision in items (i)-(viii), in which case such override shall apply solely to that Schedule of Work and shall require the signature of Consultant's legal representative).

 

Section 10.18 Independent Contractors. The Parties acknowledge that (i) Consultant is, and shall be at all times, an independent contractor hereunder and not an agent of GS; and nothing contained in this Agreement nor any actions taken by or arrangements entered into between them in accordance with the provisions of this Agreement shall be construed as or deemed to create any partnership or joint venture between the Parties; (ii) neither Party shall have any authority to commit the other Party contractually or otherwise to any obligations to third parties; (iii) neither Consultant nor any of its Personnel is an agent, employee, Affiliate, joint venturer or partner of GS; and (iv) neither GS nor any of its Personnel is an agent, employee, Affiliate, joint venturer or partner of Consultant.

 

41

Goldman Sachs-CoreCard Confidential

Section 10.19 Geography.

 

(a)    Consultant agrees that, as of the Effective Date, Consultant will perform the Services in and from the following geographies and locations: (i) United States (with a facility in Norcross, Georgia); (ii) India (with facilities in Bhopal and New Mumbai); and (iii) Romania (with a facility in Timisoara). If, following the Effective Date, Consultant desires to perform the Services in and from additional or different locations within the United States, India and/or Romania, Consultant will notify GS of such additional or different locations in writing. If, following the Effective Date, Consultant desires to perform the Services in and from additional or different geographies or locations outside of the United States, India and Romania, Consultant will obtain GS's prior written consent (which will not be unreasonably withheld or delayed).

 

(b)    If during the Term, the Parties agree in writing to a modification of the scope of this Agreement such that Consultant will perform the Services from or for geographies other than those geographies that are contemplated by the Patties as of the Effective Date, then the Parties will document such agreement in a duly executed amendment to this Agreement, which amendment will modify the terms of this Agreement to reflect GS's requirements with respect to such modified geography (e.g., regarding compliance with laws, additional data protection and privacy terms for cross-border transfer of Personal Information, etc.).

 

Section 10.20 Export Control. Each Party acknowledges that the Deliverables may be subject to Laws regarding export controls and economic sanctions regulations. Each Patty agrees that it will not transfer, export, or re-export, directly or indirectly, the Deliverables to any country outside of the United States of America without obtaining prior authorization from the administering agency of the United States government, if required (or do so otherwise in a manner that is not in compliance with applicable Laws). Consultant agrees to provide GS with information such as the Export Control Classification Number ("ECCN") for the Deliverables in order for GS to procure any licenses, permits, registrations or other permission necessary to export the Deliverables to locations outside of the United States of America. In the event the ECCN of the Deliverables changes, Consultant agrees to notify GS of such changes. For clarity, with respect to the Services and those locations outside of the United States of America from which Consultant provides the Services, Consultant (and not any GS Party) will be responsible for obtaining any such authorizations, if required, and for complying with any such applicable Laws.

 

Section 10.21 [***]

 

Section 10.22 [***]

 

 

[End of General Terms and Conditions]

 

[Signature page follows]

 

42

Goldman Sachs-CoreCard Confidential

 

The Parties have caused this Agreement to be executed by their respective duly authorized representatives.

 

 

THE GOLDMAN SACHS GROUP, INC.          CORECARD SOFTWARE, INC.
   
By: /s/ Elizabeth Overbay By: /s/ Matt White
Name: Elizabeth Overbay Name: Matt White
Title: Authorized Signatory Title: CFO
Date: 8-8-19 Date: 8/7/19

 

.ADDRESSES FOR NOTICES:

 

If to GS:

If to Consultant:

The Goldman Sachs Group, INC.

200 West Street

New York, NY 10282

USA

Attention: [***]

CoreCard Software, Inc.
One Meca Way
Norcross, GA 30093
USA

Attention: Chief Executive Officer

   

with copies to:

with copies to

   

•  Legal-Contracts

   [***]

•         CoreCard Chief Financial

    Officer; and

•         CoreCard Vice President

                at the address identified above.

at the address identified above;

 

and in the case of notices of default, late payment or termination, a copy to:

 
   

Pillsbury Winthrop Shaw Pittman LLP

1200171l1Street NW Washington, DC 20036

Attention: [***]

 

 

43

Goldman Sachs-CoreCard Confidential

 

EXHIBIT A

 

FORM OF SCHEDULE OF WORK

 

SCHEDULE OF WORK NO. [_]

TO PROFESSIONAL SERVICES AGREEMENT

 

 

<This form of Schedule a/Work includes instructions to the Parties (in brackets and italics) that should be addressed and then removed.>

 

<Each Schedule a/Work should be numbered and dated where indicated above and below.>

 

<Any GS Party may enter into an SOW. If a GS Party other than The Goldman Sachs Group, Inc. is executing this SOW, change the GS Party name below.>

 

This Schedule of Work No. [_] (the "SOW"), effective as of [_] (the "SOW Effective Date"), is entered into pursuant to, and is subject to and governed by, the Master Professional Services Agreement (the "Agreement"), dated August 1, 2019, by and between The Goldman Sachs Group, Inc. ("GS"), and CoreCard Software, Inc. ("Consultant") (each, a "Party" and together, the "Parties").

 

Except as expressly set forth in Section V of this SOW, the GTCs and their accompanying relevant Exhibits and Attachments will govern performance of the Services described in this SOW.

 

Capitalized terms used in this SOW will have meanings given in this SOW or, if not defined in this SOW, will have the meanings given in the Agreement.

 

<In completing the SOW, the Parties should add attachments to the SOW, with appropriate cross­ references in the body of the SOW, as needed.>

 

I.

General Information

 

Table 1. General Information
General Information

Project Name:

 

 

Brief Description of

Project:

 

 

SOW Effective Date:

 SOW Term:  

Commencement and Completion

Planned Commencement Date:

Planned Completion Date:  

 

44

Goldman Sachs-CoreCard Confidential

 

Table 1. General Information
Contacts
GS Program Director for this SOW:

 

Consultant Program Director for this SOW:  
 

Tel:

 

Email:

 

Tel:

 

Email:

Tracking and Oversight Reports and Meetings <Parties may add reports and meetings specific to the SOW in addition to those required under the Agreement.>
Reports:   Meetings:  

 

II.

Services and Deliverables

 

 

A.

Services <Parties should add as much detail as is reasonably necessary to address the items below in order for there be a clear understanding about the scope of Services under this SOW. Add and reference attachments to this SOW as needed (e.g., more detailed scope descriptions, project plans, etc.). If a given item is not applicable, specify "NIA",>

 

Table 2-1: Services

Scope. Consultant will provide the following Services under this SOW:

 

GS Requirements. GS's requirements with respect to the Services include:

 

Locations. The locations (Consultant and GS) from which Consultant will perform the Services are:

 

Timeline. The expected timeline for the Services (including all deadlines) being performed is:

 

Milestones. The project milestones (and their descriptions) that Consultant is to meet are:

 

Personnel. Consultant Personnel performing the Services are:

<Add Consultant Personnel if applicable. If not, specify "NIA". Section 3.1(a) of the GTCs states that Consultant Personnel may or may not be listed in an SOW.>

 

45

Goldman Sachs-CoreCard Confidential

 

Table 2-l:Services

Risks/Mitigations. Project risks and mitigations are:

 

GS Material. GS will make the following GS Material available to Consultant:

 

Performance Criteria. Consultant

 

will meet the following performance criteria and service levels:

 

GS Resources. GS will make available the following equipment, software or other materials and resources of the GS Parties and Service Providers:

 

Other. Additional details regarding the Services:

 

 

 

B.

Deliverables <Parties should add as much detail as is reasonably necessary to address the items below in order for there be a clear understanding about the Deliverables to be provided under this SOW. Add and reference attachments to this SOW as needed. Add additional tables as necessary for multiple Deliverables in the same category. If a given item is not applicable, specify "NIA".>

 

Table 2-2: Deliverable - Non-Work Product and Derivative Work of Licensed Material (per Section 8.2(b) of GTCs)

Deliverable Name.

 

Description.

 

Documentation/Specifications/ Acceptance Criteria (per Acceptance process in Section 2.7 of GTCs).

 

GS Personnel (per Section 2.7(b) of GTCs).

The following Personnel of GS are authorized to notify consultant (email is sufficient) of GS's acceptance or rejection of the Deliverable:

Third Party Materials/Third Party Licenses (per Sections 7.2(i), 7.2(j), 7.2(k) and 8.5 of GTCs).

 

Maintenance and Support Terms (per Section 8.2(e)(i) of GTCs).

 

 

46

Goldman Sachs-CoreCard Confidential

 

Table 2-3: Deliverable -Non-Work Product and Derivative Work of Licensed Material (per Section. 8.2(a)of GTCs)

Section 8.2(b)(Y) of GTCs re Exclusivity Applicable?

☐ No.

 

☐ Yes:

 

Exclusivity Period Start Date:

 

Exclusivity Period Duration:

 

<If an Exclusivity Period (as defined in Section 1.17 of the GTCs) is applicable, specify above (i) the Exclusivity Period's start date,· and (ii) how long the Exclusivity Period will last.>

 

 

Table 2--4: Deliverable - Work Product)

(per Section 8.4 of GTCs)

* The Parties agree that GS and/or. its Affiliates shall own all title and interest, including all
 Intellectual Property rights; in and to such Work Product, including related documentation.

Deliverable Name.

 

Description.

 

Documentation/Specifications/ Acceptance Criteria (per Acceptance process in Section 2.7 of GTCs).

 

GS Personnel (per Section 2.7(b) of GTCs).

The following Personnel of GS are authorized to notify consultant (email is sufficient) of GS's acceptance or rejection of the Deliverable:

Third Party Materials/Third Party Licenses (per Sections 7.2(i), 7.2(j), 7.2(k) and 8.5 of GTCs).

 

Maintenance and Support Terms (per Section 8.2(e)(i) of GTCs or Section 8.2(e)(ii) of GTCs (as applicable)).

 

 

 

C.

Updates (other than Deliverables) <Parties should use this section to address details regarding Acceptance testing of Updates (as defined in the Master License Agreement) provided by Consultant under the Master License Agreement as part of the Support Services (as defined in the Master License Agreement). Parties to add as much detail as is reasonably necessary to address the items below in order for there be a clear understanding about the Updates to be tested under this SOW. Add and reference attachments to this SOW as needed. Add additional tables as necessary for multiple Updates in the same category. If a given item is not applicable, specify "NIA".>

 

47

Goldman Sachs-CoreCard Confidential

 

Table 2-5: Update - Other than Deliverables
(per Section 2.7(ii) of GTCs)
Update Name:  
Description:  
Documentation/Specifications/ Acceptance Criteria (per Acceptance process in Section 2.7 of GTCs).  
GS Personnel (per Section 2.7(b) of GTCs).    The following Personnel of GS are authorized to notify consultant (email is sufficient) of GS's acceptance or rejection of the Update:

 

III.

Fees and Expenses

 

<This section should be filled out to reflect the mutually agreed pricing model. This section also should be consistent with the other applicable terms of Article 6 of the GTCs.>

 

 

A.

Charging Model. The fees for the Services performed under this SOW will be billed by Consultant in accordance with the applicable pricing model specified below.

 

 

D

T&M. <This section should comply with Sections 6.J(a), 6.l(b), 6.J(e), 6.J(i), 6.J(j) and 6.2 of the GTCs, and with Exhibit B of the Agreement. Specifically, this section should specify (i) the number of Consultant Personnel assigned to perform the Services, (ii) the corresponding skill sets of such Consultant Personnel, (iii) whether such Consultant Personnel are Consultant employees or non-Consultant employees, and (v) the applicable T&M rates (based on Exhibit B of the Agreement).>

 

 

Table 3-1: T & M Charging Model

Estimated Number of Hours (per Section 6. l(j)(i)(A) of GTCs).

 

Forward Looking Staff and Budget Estimate (per Section 6.l(j)(i)(B) of GTCs).

 

Applicable T&M Rates (per Section 6. l(i) of GTCs and Exhibit B of Agreement).

 

 

48

Goldman Sachs-CoreCard Confidential

 

Table 3-1: T&M Charging Model

Approved Travel Expenses (per

 

Section 6. l(e) of GTCs).

 

Approved Other Pass-Through

 

Expenses (ger Section 6.l(e) of

 

GTCs).

 

Estimated Service-Related Taxes

 

(ger Section 6.2 of GTCs).

 

Estimated Total Charges.

 

Authorized Expenditure Budget.

 

Milestone(s).

<If applicable, specify milestone due dates and amount of credit for Consultant's failure to meet the milestone by the due date.>

 

 

D

Fixed Price. <This section should comply with Sections 6.l(a}, 6.l(e) and 6.2 of the GTCs.>

 

Table 3-2: Fixed Price Charging Model

Firm Fixed Price.

 

Approved Travel Expenses (ger Section 6.1(e) of GTCs, if not in Fixed Price),

 

Approved Other Pass-Through Expenses (ger Section 6.l(e) of GTCs, if not in Fixed Price).

 

Estimated Service-Related Taxes

(per Section 6.2 of GTCs).

 

Estimated Total Charges.

 

Milestone(s).

<Specify milestone due dates and amount of Fixed Price payable when Consultant meets each milestone by the due date.>

 

 

B.

Annual Fees for Maintenance and Support.

 

49

Goldman Sachs-CoreCard Confidential

 

<If Consultant is providing maintenance and support for any Deliverable, specify the annual fees for such maintenance and support below, If not applicable for a given item, specify "NIA".>

 

 

Table 3-3: Annual Fees for Maintenance and Support

For Deliverables - Derivative Works

 

of Licensed Material (per Section

 

8.2(e)(i} of GTCs).

 

For Deliverables - Not Derivative

 

Works of Licensed Material (ger

 

Section 8.2(e)(ii) of GTCs).

 

 

IV.

Key Personnel for SOW

 

<This section should be filled out if there are Key Personnel specific to this SOW (i.e., in addition to those at the "Agreement" level as set out in Exhibit D of the Agreement. If none, indicate "NIA".>

 

The Key Personnel for this SOW are as set forth in the following table.

 

 

Table 4
Key Personnel for SOW
Position Name Location
     
     
     

 

50

Goldman Sachs-CoreCard Confidential

 

V.

Conflicts with Agreement and SOW Overrides

 

<This section should be rarely used and requires the signature of each Party's legal department. Insert any SOW overrides in the style of a formal amendment. If none, indicate "NIA".>

 

Pursuant to Section 10.17(b) of the GTCs, if there is a conflict between the provisions of this SOW and the provisions of the Agreement, the provisions of the Agreement will control except as to provisions specifically identified below as modifying or amending specified provisions of the Agreement. Any such modifications or amendments specifically identified below (a) will be void unless approved by Consultant's legal department in writing, and (b) if so approved, will control for purposes of this SOW only.

 

Table 5
Agreement Reference SOW Override
   
   

 

[End of Main Terms of SOW]


[Signature page follows]

 

51

Goldman Sachs-CoreCard Confidential

 

 

The Parties have caused this SOW to be executed by their respective duly authorized representatives.

 

<Any GS Party may enter into an SOW. If a GS Party other than The Goldman Sachs Group, Inc. is executing this SOW, change the GS Party name below.>

 

THE GOLDMAN SACHS GROUP, INC.   CORECARD SOFTWARE, INC.
 

 

 

 

 

 

By:

 

 

By:

 

 

Name:

 

 

Name:

 

 

Title:

 

 

Title:

 

 

Date:

 

 

Date:

 

 

           
           
      APPROVAL BY CORECARD LEGAL  
      (necessary if there (i) is any Work Product under this SOW; and/or (ii) are any SOW overrides in Section V of this SOW)  
           
      By:    
      Name:    
      Title:    
      Date:    
           
      APPROVAL BY CORECARD SENIOR OFFICER  
      (necessary if there is any Work Product under this SOW)  
           
      By    
      Name:    
      Title:    
      Date:    

 

52

Goldman Sachs-CoreCard Confidential

 

EXHIBIT B

 

RATES

 

 

l.

Rates.

 

 

"Contract Year" means each twelve (12) month period during the Term commencing on the Effective Date or the anniversary thereof.

 

The rates to be used by the Parties during the first [***] Contract Years for Services to be performed under a Schedule of Work shall be as follows (subject to Section 3 of this Exhibit below):

 

[***]

Location

Bill Rate

[***]

United States

[***]

[***]

United States

[***]

[***]

United States

[***]

[***]

Offshore - India / Romania

[***]

[***]

Offshore - India / Romania

[***]

[***]

Offshore - India / Romania

[***]

 

* [***]

 

The rates in the Table immediately above are subject to change based on the addition of new Consultant geographies from which Services are to be performed and for additional levels of Consultant personnel. Any such new rates shall be (i) subject to the mutual agreement of the Parties in writing, including in a Schedule of Work; and (ii) subject to Section 3 of this Exhibit below.

 

2.

Level Descriptions.

 

The minimum qualifications and skills for each Consultant Personnel level specified in the table in Section 1 of this Exhibit above will be as set out in the following table.

 

[***]

 

53

Goldman Sachs-CoreCard Confidential

 

  Description

Senior Level Managed Services 5+ ears of industry experience

Consultant offshore resources performing managed services tasks with a minimum of 5 years of experience

Junior Level Managed Services (up to 5 years of industry

experience)

Consultant offshore resources performing managed services with less than 5 years of experience

 

3.

Increases to Rates,

 

During the first one (1) Contract Year, the rates set out in Section 1 above (and any other rates that may be agreed to by the Parties in writing, including in a Schedule of Work) will be fixed and may not be increased by Consultant. Thereafter, Consultant may increase such rates solely for inflation on an annual basis (the "Annual Inflation Adjustment") as follows and subject to the following terms: (a) Consultant shall provide GS with at least sixty (60) days' prior written notice of any Annual Inflation Adjustment (and shall include in each such notice the unadjusted rates, the adjusted rates, and Consultant's adjustment calculations); (b) Consultant may make an Annual Inflation Adjustment no more than once in any twelve (12) consecutive month period during the Term; (c) Consultant shall time each Annual Inflation Adjustment with the beginning of each calendar year during the Term; and (d) each Annual Inflation Adjustment will equal an amount up to the lesser of (i) [***]; and (ii) the corresponding annual percentage increase in the U.S. Department of Labor Consumer Price Index (All Urban Consumer).

 

54

Goldman Sachs-CoreCard Confidential

 

EXHIBIT C

 

INSURANCE REQUIREMENTS

 

Consultant shall carry and maintain the following insurance coverage:

 

Workers Compensation

 

As prescribed by statute or other jurisdiction in which is work is to be performed

Employer's Liability

 

$1 million bodily injury each accident

$1 million bodily injury by disease, policy limit

$1 million bodily injury by disease, each employee

Commercial General Liability

 

$1 million each occurrence and $2 million in the aggregate, covering bodily injury, property damage, personal injury, blanket contractual liability and completed operations.

Excess Liability Insurance (Umbrella Form)

 

$10 million per occurrence and in the aggregate over the Employer's, General and Auto Liability.

Fidelity Coverage (Crime)

 

$5 million

Professional Liability (Errors & Omission Insurance)

 

$2 million

Commercial Automobile Liability

 

$1 million combined single limit covering all owned, non-owned and

hired automobiles, if the use of automobiles is required.

 

Consultant shall maintain appropriate insurance coverage in accordance with this Exhibit C, and shall furnish GS with a certificate of insurance evidencing such coverage prior to the execution of this Agreement and thereafter upon OS's reasonable request. Consultant shall notify GS in writing: (i) at least thirty (30) days prior to the effectiveness of any applicable policy being cancelled or materially altered as to affect coverage for GS, if such change was initiated or caused by Consultant; and (ii) promptly upon Consultant becoming aware of any applicable policy being cancelled or materially altered as to affect coverage for GS, if such change was initiated or caused by Consultant's relevant insurance carrier. Any liability policies, except for Employer's and Professional Liability policies, Workers Compensation/Employer Liability policies, and Crime policies, shall name GS and its managing directors, partners, employees, agents and authorized representatives as additional insureds as its or their interests may appear. Policies of insurance, except for Crime policies, shall contain a waiver of subrogation in favor of GS. Consultant's insurance coverage, except for Employer's and Professional Liability policies, shall be primary for all losses and damages without contribution from the insurance of GS or other third party. Consultant's failure to deliver satisfactory evidence of coverage shall not be construed as a waiver of that Party's obligation to provide the required insurance coverage. Receipt by GS of a non-conforming certificate of insurance does not constitute acceptance.

 

55

Goldman Sachs-CoreCard Confidential

 

EXHIBIT D

 

KEY PERSONNEL

 

The Key Personnel are as set forth in the following table:

 

Key Personnel
Position Name Location

Account

Manager

[***]

Atlanta, Georgia

Escalation Manager

[***]

Atlanta, Georgia

Escalation Manager

[***]

Atlanta, Georgia

 

Consultant's Support Manager:

 

[***]

Location: Bhopal, India

 

56

Goldman Sachs-CoreCard Confidential

 

EXHIBIT E

 

[***]

 

 

 

57

Goldman Sachs-CoreCard Confidential

 

EXHIBIT F

 

RESOLUTION AND RECOVERY AMENDMENT

 

Goldman Sachs and CoreCard each acknowledge and agree that the continued provision by CoreCard of the services and/or products set fo1th in the Master Professional Services Agreement entered between the Parties and dated August 1, 2019, as amended ("Agreement"), pursuant to which CoreCard performs professional services (collectively, the "Services"), will be important to ensure that Goldman Sachs and its Affiliates are able to continue to carry on their business notwithstanding the occurrence of an insolvency, resolution or other similar proceeding or event, including pursuant to "recovery and resolution", "special administration", "special resolution regime" or analogous applicable laws or regulations with respect to Goldman Sachs or any Affiliate of Goldman Sachs in any jurisdiction (any such proceeding or event, a "Resolution Event") and as a result, Goldman Sachs and CoreCard each agree to supplement the terms of the Agreement in accordance with terms sets forth in this Exhibit F (collectively, these "Supplemental Terms"). Capitalized terms used herein and not otherwise defined herein shall have the meanings ascribed to them in the Agreement.

 

Thus, notwithstanding any other provision in the Agreement or any rights granted under any applicable insolvency law or otherwise, and provided that all amounts payable by Goldman Sachs under the terms of the Agreement are paid to CoreCard when due, CoreCard hereby irrevocably and unconditionally:

 

(a)

agrees that it shall not exercise any right to terminate the Agreement or reduce or withhold its provision of Services or otherwise exercise any right or remedy under the Agreement to the extent that such right arose or arises from (i) the occurrence of a Resolution Event with respect to Goldman Sachs or any Affiliate of Goldman Sachs, (ii) any default by Goldman Sachs or any Affiliate of Goldman Sachs (other than Goldman Sachs' obligation to make payments when due) occurring as a result of a Resolution Event, or (iii) any failure or delay by Goldman Sachs or any Affiliate of Goldman Sachs to perform any other obligation under the Agreement (other than Goldman Sachs' obligation to make payments when due) accrued or due before the commencement of any Resolution Event that is cured within a reasonable period following the commencement of such Resolution Event;

 

(b)

agrees that it shall not exercise any right to prevent renewal of the Services for a period of eighteen (18) months following the occurrence of a Resolution Event, provided, however, that nothing in this clause (b) shall be deemed to require CoreCard to continue providing Services under the Agreement after the date the Services would otherwise end without opportunity for further renewal (and the period of any required post-termination transition assistance);

 

(c)

consents to any change of control of Goldman Sachs or any Affiliate of Goldman Sachs in connection with a Resolution Event provided that the surviving entity is not an Excluded Entity (subject to Section 1O. l(a)(2) of the Master License Agreement);

 

(d)

consents to the assignment, delegation, novation or transfer, in connection with a Resolution Event, of any or all of Goldman Sachs' rights and obligations under the Agreement, in whole or in part, to any entity other than any Excluded Entity (subject to Section 10.l(a)(2) of the Master License Agreement) that is or becomes (or, as of immediately prior to the Resolution Event, was) (i)    an Affiliate of Goldman Sachs, (ii) an acquirer of any such entity, or (iii) a successor to or an acquirer of the whole or a part of the business of Goldman Sachs or an Affiliate of Goldman Sachs (including, for the avoidance of doubt, any "bridge company", "bridge bank" or similar entity formed for the purpose of acquiring or carrying on such business);

 

58

Goldman Sachs-CoreCard Confidential

 

(e)

agrees that, in the event of any such divestiture by Goldman Sachs or any Affiliate of Goldman Sachs of all or part of its business or of any of its Affiliate in connection with a Resolution Event, CoreCard will provide transition services to such divested entity in accordance with Section 10.2 of the Agreement;

 

(f)

agrees that if Goldman Sachs is subject to a Resolution Event and, under the law applicable to such Resolution Event, rejects, disclaims, repudiates or fails or refuses to perform its obligations under the Agreement, then the Agreement shall remain in full force and effect as between any other Affiliate of Goldman Sachs that: (i) used the Services or Deliverables prior to the Resolution Event; and (ii) assumes in writing all of the obligations of Goldman Sachs under the Agreement, and CoreCard shall not exercise any right to terminate the Agreement or reduce or withhold its provision of Services or otherwise exercise any right or remedy under the Agreement with respect to any other such Affiliate of Goldman Sachs to the extent that such right arose or arises from the Resolution Event so long as such other Affiliate of Goldman Sachs continues to perform its obligations assumed by it under the Agreement.

 

These Supplemental Terms form a part of the Agreement and are incorporated therein. If there is any conflict between the terms of the Agreement and these Supplemental Terms with respect to the subject matter of these Supplemental Terms, these Supplemental Terms shall prevail, but otherwise the Agreement shall remain in full force and effect.

 

These Supplemental Terms shall be governed by and construed in accordance with the law governing the Agreement. Any dispute arising out of or in connection with these Supplemental Terms shall be resolved in the manner provided for in the Agreement for the settlement of any disputes arising out of or in connection with the Agreement and the provisions of the Agreement relating to the settlement of disputes shall apply as if incorporated in this these Supplemental Terms with any necessary modifications.

 

59

Goldman Sachs-CoreCard Confidential

 

EXHIBIT G

 

DATA PROTECTION ADDENDUM

 

This Data Protection Addendum ("Addendum") forms part of the Master Professional Services Agreement dated August 1, 2019 ("Principal Agreement") between: (i) CoreCard Software, Inc. ("Vendor") acting on its own behalf and as agent for each Vendor Affiliate; and (ii) The Goldman Sachs Group, Inc. ("GS" or "Goldman Sachs") acting on its own behalf and as agent for each GS Affiliate, The terms used in this Addendum shall have the meanings set forth in this Addendum. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Principal Agreement. Except as modified below, the terms of the Principal Agreement shall remain in full force and effect. If there is any conflict between the terms of the Principal Agreement and this Addendum with respect to the content of this Addendum, this Addendum shall prevail. In consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out below shall be added as an Addendum to the Principal Agreement. Except where the context requires otherwise, references in this Addendum to the Principal Agreement are the Principal Agreement as amended by, and including, this Addendum.

 

Article 1 - Definitions

 

1.1   "Covered Entity" has the meaning set forth in the NYDFS Regulation.

1.2    "Data Security Incident" means any of the following that occur with respect to Vendor's Information Systems: (i) loss or misuse of GS Data, regardless of whether in electronic or hard copy, whether the loss or misuse was actual or reasonably believed by Vendor to have occurred; (ii) any other inadvertent, unauthorized, or unlawful Processing of GS Data, regardless of whether in electronic or hard copy form; or (iii) unauthorized access to or use of a GS Information System via Vendor's Information Systems that has a reasonably likelihood of materially harming any material part of the normal operations of GS, Data Security Incident includes, without limitation, a Cybersecurity Event (as defined by the NYDFS Regulation, Sections 500.01 and in scope of 500.1?(a)1-2).

1.3    "Governmental Authority" means any federal, state, local, national or supranational (or other political subdivision thereof or thereto) (a) government, (b) governmental, legislative, regulatory, military, police, taxation, or administrative authority, agency, department, or commission, or (c) court, tribunal, or judicial or arbitral body of competent jurisdiction which exercises executive, legislative, judicial, regulatory or administrative functions of or pertaining to government.

1.4    "GS Data" means Nonpublic Information, Personally Identifiable Information, and Goldman Sachs' Confidential Information as defined by the Principal Agreement and this Addendum.

1.5   "Information Systems" has the meaning set forth in the NYDFS Regulation.

1.6    "Law" means any law, rule, regulation, ruling, judgment, order or approval of any Governmental Authority, as may be amended or otherwise revised from time to time.

1.7    "Nonpublic Information" has the meaning set forth in the NYDFS Regulation but is limited to such information provided by, about or relating to Goldman Sachs. Nonpublic Information provided by or collected on behalf of Goldman Sachs pursuant to the Principal Agreement also constitutes Goldman Sachs' "Confidential Information" defined in the Agreement.

1.8    "Personally Identifiable Information" or "PU" means any information provided by Goldman Sachs: (i) that identifies or can be used to identify an individual either alone or in combination with other readily available data; (ii) includes personally identifiable financial or insurance information, including but not limited to "non-public personal information" as that term is defined in GLBA; and (iii) including, without limitation, any combination of data that, if compromised, would require notice or reporting under any applicable Privacy Laws. PII provided by or collected on behalf of Goldman Sachs pursuant to the Principal Agreement also constitutes Goldman Sachs' "Confidential Information" defined in the Agreement.

 

60

Goldman Sachs-CoreCard Confidential

 

1.9    "Privacy Laws" means all applicable privacy and data security laws in all relevant jurisdictions, including but not limited to the following, in each case, as amended or supplemented: Gramm-Leach-Bliley Act ("GLBA''); Fair Credit Reporting Act; New York Department of Financial Services 23 NYCRR 500 ("NYDFS Regulation"); California Financial Information Privacy Act; the Federal Trade Commission Act; the Telephone Consumer Protection Act; the CAN-SPAM Act of 2003; 201 Code of Mass Regs 17.01, et seq.; state data breach and data security Laws; and analogous local, state, federal and international Laws relating to the Processing, privacy, usage, protection and security of PII.

 

1.10    "Process" or "Processing" means any operation or set of computer operations, including, but not limited to, collection, recording, organization, storage, access, adaptation, alteration, retrieval, consultation, use, corruption, transfer, transmit, sale, rental, disclosure, dissemination, making available, alignment, combination, deletion, erasure, or destruction.

 

1.11   "Vendor Controls" has the meaning given in Attachment I to this Addendum.

 

1.12   "Vendor Systems" has the meaning given in Attachment I to this Addendum.

 

Article 2 - General

 

2.1    Processing of GS Data; Compliance with Privacy Laws. Vendor shall Process GS Data only in accordance with Goldman Sachs's instructions to fulfil the objectives of the Principal Agreement. Vendor shall comply with all Privacy Laws in connection with any Processing of GS Data provided directly, or indirectly, by Goldman Sachs to Vendor.

 

2.2    Access, Nondisclosure and Restrictions of GS Data. Vendor acknowledges that it has no right or title in or to (including, without limitation, copyright rights in) GS Data. Except as necessary to fulfil the objectives of the Principal Agreement, Vendor shall not (i) use, transfer, distribute, or otherwise disclose GS Data; (ii) sell or rent GS Data, (iii) use or make available GS Data for Vendor's own purposes or for the benefit of anyone other than GS. Vendor shall not create or maintain data sets that are derived from or derivative works of GS Data. Vendor shall not use or disclose GS Data to any third party (including, without limitation, subcontractors) except upon prior express written consent of GS. Vendor may only permit employees, agents, or any other person or entity acting on its behalf to access GS Data if that access is in compliance with the Principal Agreement, conducted by individuals who have a need-to­ lmow, who have been appropriately trained and bound by commercially reasonable and legally enforceable confidentiality, data privacy and data security obligations that are no less robust than those set forth in this Principal Agreement. With respect to its employees, affiliates, subcontractors, agents, representatives and their respective employees, affiliates, subcontractors, agents and representatives, Vendor shall be liable for: (1) any unauthorized use or disclosure of any GS Data received by it; and (2) any actions and omissions as if they were Vendor's own actions and omissions.

 

2.3    Notification of Access Requests. Vendor must notify Goldman Sachs in writing as soon as reasonably practicable and in any event within three (3) Business Days after Vendor receives: (i) any complaint about Processing of PII or Nonpublic Information by Vendor or on Vendor's behalf; (ii) any request for access from any Governmental Authority relating to any PII or Nonpublic Information (where not legally prohibited from doing so); or (iii) any other request related to PII or Nonpublic Information from a third party.

 

Article 3 - Protections and Safeguards

 

3. I         General Information Security Safeguards. Vendor shall protect GS Data using administrative, technical and physical safeguards designed to protect against threats or hazards to the security, integrity or confidentiality of GS Data, including, without limitation, unauthorized access to or use of GS Data that could result in harm to Goldman Sachs, its employees, customers or consumers. Vendor shall, in all circumstances, apply the same or better protections to GS Data as it applies to its own confidential information. Vendor shall identify to Goldman Sachs a Vendor method of contacting Vendor's 24/7 data security desk. Vendor represents and warrants that as of the effective date of this Addendum and throughout the term, the Vendor Controls described in Attachment 1 to this Addendum shall be in effect with respect to GS Data at all times.

 

61

Goldman Sachs-CoreCard Confidential

 

3.2         Secure Return or Destruction of GS Data. At Goldman Sachs's request or upon the termination or expiration of the Principal Agreement, Vendor shall: (1) promptly return to Goldman Sachs all copies, whether in written, electronic or other form of media, of GS Data in its possession, or securely dispose of all such copies; and (2) certify its compliance with this section in writing to Goldman Sachs.

 

Article 4 - Data Security Incidents

 

4.1    Notification. Vendor shall take appropriate actions to contain and mitigate any Data Security Incident, including, without limitation, notification to Goldman Sachs as soon as possible, but at most within forty-eight (48) hours of learning of the Data Security Incident (subject to any delay required by law). Such notifications shall include a detailed summary of the known facts of the Data Security Incident with respect to data elements and number of records exposed/misused and the corrective action to be taken by Vendor. Vendor shall update GS with additional information with respect to such subjects as Vendor works to investigate and address the Data Security Incident (subject to holding back any information where required by law). Vendor shall not disclose the existence of a Data Security Incident, including, without limitation, to Goldman Sachs' customers, consumers or the general public, without the express written permission of Goldman Sachs, except as necessary to inform others as required by applicable law.

 

4.2    Cooperation and Assistance. Vendor shall cooperate with Goldman Sachs to investigate the nature and scope of any Data Security Incident and to determine appropriate actions to mitigate, remediate and otherwise respond to the Data Security Incident or associated risks, at Vendor's own expense. Goldman Sachs further reserves the right to require Vendor to implement particular security measures and risk management procedures and requirements to resolve confidentiality and integrity issues relating to a Data Security Incident at Vendor's own expense; provided, however, that if such Goldman Sachs requirements require Vendor to incur more than $1 million in costs (as reasonably demonstrated by Vendor to Goldman Sachs), Goldman Sachs and Vendor each will be responsible for 50% of such costs in excess of $1 million.

 

Article 5 -Assessments

 

5.1 Where any Vendor Control cannot be verified by supporting evidence, GS reserves the right to, at its own expense, conduct an on-site test or audit to ensure specific Vendor Controls are operating effectively, subject to the terms of Section 6.5 of the Principal Agreement. Vendor Controls are to be part of Vendor's general standards and practices and need not be exclusively created for GS.

 

Article 6 -PCI Compliance

 

6.1         If the services include Vendor (I) handling, accessing or interfacing with any (A) data, materials, or information subject to the PCI Requirements (defined below) (collectively, "PCI Data"), or (B) systems that contain PCI Data, or (2) receiving, accessing, transmitting, storing or processing PCI Data, Vendor covenants, represents and warrants that:

 

 

(i)

it is responsible for the security of cardholder data that Vendor's possess or otherwise stores, processes or transmits on behalf of GS, or to the extent that Vendor may impact the security of the GS's cardholder data environment;

 

62

 

 

(ii)

it has been certified as a compliant, Level 1 service provider (or Level 1 merchant, as applicable) (a "Level 1 Provider") with the then-current PCI Security Standards Council's Payment Card Industry Data Security Standard and with any other applicable requirements as may be promulgated from time to time by the PCI Security Standards Council, by any member thereof, or by any entity that functions as a card brand, card association, payment processor, acquiring bank, switch network, merchant bank or issuing bank, including, without limitation, with respect to a payment card bearing the logo of a PCI Security Standards Council member ("PCI Requirements") by a qualified security assessor and approved scanning vendor, as applicable, and shall continue to be in compliance with all PCI Requirements and certified as a complaint Level 1 Provider, including, without limitation, all associated audit and certification requirements;

 

(iii)

Vendor shall immediately notify GS in writing of any changes in Vendor's compliance with PCI Requirements or Level 1 Provider status;

 

(iv)

Vendor shall continue to comply with PCI Requirements and Level 1 Provider requirements, shall validate compliance annually according to PCI Requirements and shall be listed as a Level 1 Provider on all card brand and card association registries; and

 

(v)

Vendor shall provide to GS on an annual basis, and upon request, written evidence of Vendor's compliance with PCI Requirements and Level 1 Provider status, including, without limitation, copies of any Third Party audits required by the PCI Requirements or otherwise commissioned by Vendor.

 

In addition, if Vendor, in connection with its performance under this Agreement, uses or provides: (i) any payment applications that store, process or transmit PCI Data as part of authorization or settlement; or (ii) any personal identification number (PIN) entry terminals used for payment card transactions, Vendor covenants, represents and warrants that it shall ensure that such payment applications or PIN entry terminals, as the case may be, comply with applicable PCI Requirements, including, without limitation, the Payment Card Industry PIN Transaction Security standard, the Payment Card Industry P2PE standard, the Payment Card Industry Payment Application Data Security Standard and any successor standards.

 

Without limiting any of Vendor's other obligations under this Agreement, Vendor covenants, represents and warrants that it shall ensure that any software, hardware or other materials used by Vendor, or provided or made available to GS, in connection with Vendor's performance under this Agreement, shall comply with, and shall not prevent GS and its clients from complying with, PCI Requirements.

 

63

Goldman Sachs-CoreCard Confidential

 

Attachment 1 to Exhibit G

 

Vendor Security Measures

 

Vendor will implement appropriate technical and organizational measures, policies and controls (including third-party verification of compliance with SSAE 18) (collectively, "Vendor Controls") to maintain the effective security of all Vendor computer or network systems accessing, storing, transmitting, processing or otherwise supporting the processing of GS Data ("Vendor Systems"), and to ensure that GS Data is protected from accidental, unauthorized or unlawful processing, access, disclosure, loss, alteration, damage or destruction. Vendor shall maintain, and provide upon request, a comprehensive written information security plan and incident response plan that memorializes these Vendor Controls. Vendor shall not modify the Vendor Controls in any way that might reasonably be expected to reduce the overall scope or level of security protections as represented to Goldman Sachs during diligence and procurement, or as otherwise specified by a request for proposal in relation to the Principal Agreement.

 

Vendor will promptly inform GS in case of any material non-compliance with the requirements set out below including, without limitation, any subsequent changes in Vendor's operating environment resulting in a material non-compliance, and will provide evidence of alternative or compensating controls implemented to protect GS Data.

 

Vendor will be subject to initial and periodic assessments by GS to validate Vendor Controls, including, without limitation, appropriate on-site audits and control testing by GS, the timing and terms of which shall be as set forth in Section 6.5 of the Principal Agreement. As part of these assessments, Vendor will provide relevant documentary evidence of its compliance with this Attachment 1, including, without limitation, effective operation of Vendor Controls via mutually agreed communication channels. Where any Vendor Control have not been implemented by Vendor, Vendor shall provide evidence of an effective alternative or compensating control.         

 

 

1.

Vendor will have information security policies and standards, consistent with industry standards for information security such as SSAE 18, that describe the Vendor Controls implemented by the Vendor to protect GS Data and Vendor Systems ("Vendor Policies"). Vendor Policies will be reviewed and updated periodically by Vendor.

 

 

2.

Vendor will ensure its personnel are aware of the Vendor Policies describing the authorized and acceptable business and personal use of corporate data processing systems.

 

 

3.

Vendor will ensure senior management have oversight of information security working practices, and are accountable for managing risks and maintaining effective operation of Vendor Controls including, without limitation, monitoring compliance with the Vendor Policies.

 

 

4.

Vendor will maintain appropriate and sufficient personnel, tools and procedures to effectively operate Vendor Controls in line with the Vendor Policies.

 

 

5.

Vendor will ensure its personnel are aware of information risks and appropriately trained in Vendor Policies.

 

 

6.

Vendor will operate a third party risk management process to assess and manage third party related technology risks, and will ensure third party service providers have in place security controls equivalent to the Vendor Controls.

 

64

Goldman Sachs-CoreCard Confidential

 

 

7.

Vendor will maintain physical access controls to prevent unauthorized physical access to Vendor Systems and Vendor's premises, and implement specific environmental protection measures for fire and flood protection as appropriate.

 

 

8.

Vendor will maintain logical access controls to (a) prevent unauthorized access to Vendor Systems, (b) ensure authorized personnel are granted only the minimum appropriate level of access, and (c) enforce segregation of duties between job roles to avoid conflicts of interest.

 

 

9.

Vendor will maintain audit trails of: (a) personnel's access to Vendor Systems and Vendor's premises; and (b) Privileged Account access to Vendor Systems. Such audit records will be retained for one year and routinely monitored to detect misuse.

 

 

10.

Vendor Systems will enforce appropriate user authentication measures, such as strong passwords, multi-factor authentication and biometric authentication.

 

 

11.

Vendor will ensure persom1el accessing Vendor Systems via remote access from an untrusted external network use two-factor authentication.

 

 

12.

Vendor will limit and control the use of accounts with privileged, elevated or system-level access to Vendor Systems, including, without limitation, those with developer, operator, administration level access ("Privileged Accounts"), to prevent misuse or unauthorized access.

 

 

13.

Vendor will prevent the routine or unconstrained use of system, generic and other shared or non­ user Privileged Accounts. Access to such Privileged Accounts will be granted on a temporary basis only for authorized scheduled changes or emergency maintenance, using appropriate security measures such as one-time password, just-in-time password or break-glass procedures.

 

 

14.

Vendor will periodically recertify individual access permissions to Vendor System to ensure access levels continue to be appropriate to the job role. Vendor will promptly remove or adjust access permissions where necessary.

 

 

15.

Vendor will prevent unauthorized transfer or disclosure of GS Data to external recipients via internal and external email systems, network or cloud storage, social media or internet forums or any other communication channels (commonly known as data leakage prevention). Access to these channels will be disabled by default, and where permitted will be restricted to authorized personnel only.

 

 

16.

Vendor will restrict and control the use of any computing device owned by Vendor's personnel to access GS Data (commonly known as bring your own device or BYOD), via appropriate mobile device management controls that: (a) restrict the copying of Non-Public Information and PII to such devices; (b) ensure that multi-factor authentication is required to access GS Data or networks or systems that contain or allow for access to GS Data; (c) encrypt Non-Public Information and PII in transit and at rest and at all other times, using industry standard encryption protocols; and (d) track and remotely wipe GS Data in the event of a device being lost.

 

 

17.

Vendor will encrypt Non-Public Information and PII at all times using industry standard encryption protocols, including, without limitation, when in rest or not in use on (a) portable devices where such data is stored (e.g. laptops); and (b) offline and/or archived copies of such data, including, without limitation, backup tapes and removable media.

 

65

Goldman Sachs-CoreCard Confidential

 

 

18.

Where required under applicable law, Vendor will encrypt systems and databases storing or processing GS Data.

 

 

19.

Vendor will ensure that physical and electronic media used to store GS Data are shredded, purged or otherwise securely destroyed when no longer required.

 

 

20.

Vendor will not store or process GS Data on unsecured systems, and will encrypt GS Data in transit across unsecured networks.

 

 

21.

Vendor will ensure in-house software development follows a secured development lifecycle, in which design reviews, code reviews, penetration testing, static analysis and dynamic analysis are conducted as appropriate to identify and resolve security vulnerabilities prior to each release or major revision of the software.

 

 

22.

Vendor will operate appropriate change management processes to prevent unscheduled or unauthorized changes to Vendor Systems. All changes to production Vendor Systems must be reviewed and approved by senior management prior to deployment.

 

 

23.

Vendor will protect Vendor Systems and networks from unauthorized access from untrusted external networks, including, without limitation, the internet and connections to third parties. All external co1111ections to Vendor Systems and networks will be protected by recognized, accredited, and properly maintained firewall and intrusion detection/prevention systems, which will be continuously monitored for suspicious activity.

 

 

24.

Vendor will operate Vendor Controls to detect, respond, escalate and internally repo1t security incidents. Vendor will notify GS of any Data Security Incidents in accordance with Article 4 of this Addendum.

 

 

25.

Vendor will test and monitor Vendor Systems to identify where these are vulnerable to attack or exploit from untrusted external networks, and will promptly resolve detected vulnerabilities.

 

 

26.

Vendor will conduct regular, comprehensive penetration tests on Vendor Systems. Such penetration testing will be undertaken at least annually, or following major changes, by an accredited third party vendor. Vendor will provide GS with access to penetration test reports describing the scope and results of the penetration test on Vendor Systems, including, without limitation: (a) a detailed description of findings, (b) criticality rating for each issue, (c) mitigation plans, (d) current mitigation status, and (e) timelines to resolve vulnerabilities.

 

 

27.

Vendor will conduct regularly vulnerability scanning of Vendor Systems, including, without limitation, network connections, in-house and third party software components, operating systems, libraries, middleware, and development frameworks, using recognized and accredited tools, or by an accredited third party vendor. External facing Vendor Systems will be scanned at least weekly. Test results will be provided to GS upon request and in an agreed format.

 

 

28.

Vendor will resolve critical vulnerabilities on external facing Vendor Systems within four weeks of being detected.

 

 

29.

Vendor will apply critical security patches on external facing Vendor Systems within four weeks of patches being made available.

 

 

30.

[Intentionally deleted]

 

 

31.

Vendor will inform GS of any Vendor System vulnerabilities due to unsupported or End Of Life software, and will describe the additional controls implemented to protect GS Data.

 

 

32.

Vendor will protect Vendor Systems from various forms of malware, including computer viruses, trojans, rootkits, ransomware and unauthorized third-party scripts or cookies in accordance with its undertakings in the Principal Agreement.

 

66

Goldman Sachs-CoreCard Confidential

 

EXHIBIT H

 

CONSUMER COMPLIANCE AMENDMENT

 

This CONSUMER COMPLIANCE AMENDMENT ("Addendum") is made and entered into by and between The Goldman Sachs Group, Inc. and its Affiliates ("Goldman Sachs") and CoreCard Software, Inc. ("Provider"), together with Goldman Sachs, the "Parties", and each individually a "Party") supplementing the Master Professional Services Agreement entered between the Parties and dated August 1, 2019, as amended ("Agreement"), pursuant to which Provider performs Services.

 

ARTICLE 1

DEFINITIONS

Section 1.1    Certain Defined Terms

 

For purposes of this Addendum, each of the following terms shall have the meaning specified with respect thereto. For the avoidance of doubt, the following definitions apply only with respect to this Addendum and shall not modify or otherwise affect the meaning of terms used in the Agreement, whether capitalized or uncapitalized. Capitalized terms used in this Addendum and not otherwise defined herein shall have the meanings ascribed to them in the Agreement.

 

"Generally Accepted Practices": Generally accepted practices applicable to the Services and in the industry in which Provider operates.

 

"Governmental Authority" means any federal, state, local, national or supranational (or other political subdivision thereof or thereto) (a) government, (b) governmental, legislative, regulatory, military, police, taxation, or administrative authority, agency, department, or commission, or (c) com1, tribunal, or judicial or arbitral body of competent jurisdiction which exercises executive, legislative, judicial, regulatory or administrative functions of or pertaining to government.

 

"Law" means any law, rule, regulation, ruling, judgment, order or approval of any Governmental Authority, as may be amended or otherwise revised from time to time.

 

"Personnel" of a Person means that Person and its employees, officers, directors, members, agents, representatives, suppliers, consultants, contractors and subcontractors.

 

"Services": The services that Provider has agreed to provide to Goldman Sachs under the Agreement (including the provision of the Deliverables), whether directly or through one or more agents, subcontractors or service providers.

 

Section 1.2         Provisions of General Application.

 

For purposes of this Addendum, except as otherwise expressly provided or unless the context otherwise requires:

 

(a)    Terms used in this Addendum have the meanings assigned to them in this Addendum, and include the plural as well as the singular, and the use of any gender herein shall be deemed to include the other genders.

 

67

Goldman Sachs-CoreCard Confidential

 

(b)    References herein to an "Article" or "Section," shall be to the specified article or section of this Addendum and shall include all sections and subsections of such article, and subsections of such section, respectively.

 

(c)    The words "herein," "hereof," "hereunder" and other words of similar import refer to this Addendum as a whole and not to any particular provisions.

 

(d)    The word "including" and other words of similar import shall be interpreted to mean "including but not limited to" unless the context otherwise expressly requires.

 

(e)    Section headings and other similar headings are not to be considered part of this Addendum, are solely for convenience of reference, and shall not affect the meaning or interpretation of this Addendum or any of its provisions.

 

ARTICLE 2

AMENDMENT

 

Section 2.1         Nature of Addendum

 

This Addendum constitutes a supplement to the Agreement. Except as specifically provided herein, but subject to Section 2.2 of this Addendum, the terms and conditions of this Addendum shall be construed as additional and supplemental to the terms and conditions of the Agreement.

 

Section 2.2         Conflicts

 

In the event of any conflict between the terms of this Addendum and the Agreement that makes it impossible for the obligated Party to comply with both, this Addendum shall govern the obligations of such Party with respect to the subject matter of this Addendum.

 

ARTICLE 3

COVENANTS

 

Section 3.1         Compliance with Applicable Law.

 

In addition to any covenants made by each Party under the Agreement, each Party agrees that it will at all times comply with all applicable Law, including, without limitation, the Gramm-Leach-Bliley Act, the Dodd-Frank Act, the Fair Credit Reporting Act, the Equal Credit Opportunity Act, the Truth in Lending Act, the Servicemembers Civil Relief Act, the Telephone Consumer Protection Act, the Fair Debt Collection Practices Act, the CAN-SPAM Act, and their respective implementing regulations. Each Party shall also require any of its Personnel, including subcontractors to the extent permitted by the Agreement, who perform duties related to the Agreement to comply with all applicable Law. If, in either Party's reasonable judgment the Deliverables or performance of the Services would violate any applicable Law, such Party may immediately suspend the provision of the Services. Such action shall not constitute a default under this Agreement. The Parties will use commercially reasonable efforts to implement an alternative method of performing the Services.

 

ARTICLE 4

COMPLAINTS AND REGULATORY INQUIRIES

 

Section 4.1         Tracking

 

In the event that Provider receives any complaints and inquiries (e.g., regulatory, governmental, etc.) related to the Services and the Goldman Sachs' customers, Provider will notify Goldman Sachs of same. Complaints and inquiries shall include those received in writing or orally, including as delivered by email, or other electronic media.

 

68

Goldman Sachs-CoreCard Confidential

 

Section 4.2         Responses Generally.

 

Promptly upon Goldman Sachs' written request, Provider shall provide information reasonably requested by Goldman Sachs in connection with any customer remediation relating to the Services.

 

Section 4.3         Material Actions.

 

Provider shall give prompt written notice to Goldman Sachs of (i) any material action, suit or proceeding instituted by or against Provider or any of its subsidiaries related to the Services in any federal or state court or before any commission or other regulatory body (federal, state, local, domestic, or foreign), or any such proceeding to Provider's knowledge threatened against Provider or any of its subsidiaries related to the Services in a writing containing the details thereof; (ii) any putative class action complaint related to the Services; and (iii) material government investigation involving the Services, unless such notice and related disclosure is prohibited by applicable Law. To the extent any information related to any such action, proceeding or investigation is not information available to the public, such information shall be the Confidential Information of Provider.

 

Section 4.4         Regulatory Supervision.

 

Provider agrees that certain Governmental Authorities, including the Federal Reserve Bank of New York and the Consumer Financial Protection Bureau, may have the authority to examine Provider, including access to all work papers, drafts, and other materials of the Provider, and to regulate the functions or operations performed by the Provider to the same extent as if they were performed by Goldman Sachs itself.

 

ARTICLE 5

MISCELLANEOUS

 

Section 5.1         Full Force and Effect

 

Except as expressly modified by this Addendum, the terms and conditions of the Agreement shall remain unmodified and in full force and effect.

 

Section 5.2         Entire Agreement

 

This Addendum and the Agreement constitute the entire agreement between the Parties with respect to the subject matter hereof and thereof. This Addendum may not be modified except by an instrument in writing, signed by the Parties.

 

Section 5.3         Applicable Law

 

This Addendum shall be governed by and construed in accordance with law of the jurisdiction governing the Agreement, without regard to conflict of laws principles.

 

Section 5.4         Severability.

 

If any one or more of the covenants, provisions or terms of this Addendum shall be for any reason whatsoever held invalid, then such covenants, provisions or terms shall be deemed severable from the remaining covenants, provisions or terms of this Addendum, and shall in no way affect the validity or enforceability of the other provisions of this Addendum, or the rights of the Parties.

 

69

Goldman Sachs-CoreCard Confidential

 

EXHIBIT I

 

APPROVED AFFILIATES AND SUBCONTRACTORS

 

Third Party Subcontractors

 

 

Thales (support for HSM hardware)

 

Baracuda (support for load balancer hardware)

 

Dell (support for server and networking hardware)

 

Cisco (support for networking hardware)

 

Microsoft (support for SQL Server software and Windows OS)

 

VMWare (support for OS and Management software)

 

AVG (support for anti-virus software)

 

Consultant Affiliate Subcontractors

 

 

Intelligent Systems Inc. to provide administrative support.

 

India subsidiary: ISC Software PVT. LTD (with 2 offices, one in Bhopal and the other in Mumbai) to provide services under this Agreement.

 

Romanian subsidiary: CoreCard SRL (with office in Timisoara) to provide services under this Agreement.

 

70

Goldman Sachs-CoreCard Confidential

 

EXHIBIT J

 

MASTERCARD RULES

 

Consultant agrees that it will perform its obligations under the Agreement in a manner that it will comply with the terms of Section 7.2.3 of the MasterCard Rules (as MasterCard may modify such terms from time to time) that are applicable to the services being provided by Consultant under the Agreement. As of the Effective Date, the applicable terms of Section 7.2.3 of the MasterCard Rules are set out below. Capitalized terms in such terms that are not defined in this Agreement will have the meaning given them in the MasterCard Rules (but the Parties agree that (i) "Customer" refers to GS and its Affiliates; and (ii) "Service Provider" refers to Consultant).

 

If, after the Effective Date, a GS Party uses a Card network in addition to MasterCard or instead of MasterCard, then the Parties promptly will amend this Exhibit J to include any rules of such Card network that are applicable to the services being provided by Consultant under the Agreement.

 

Subject to Section 6.3 of the GTCs, Updates (as defined in the Master License Agreement) required to be made to the Licensed Material by Consultant to maintain compliance with any and all Card networks shall be subject to OS's payment of the Network Compliance Fees as set f01th in Section 6 of Exhibit A of the Master License Agreement.

 

Rule 7.2.3

 

Prior to the commencement of the performance of Program Service by an entity in support of a Customer Program, the Customer and the Service Provider must enter into a written agreement describing the Program Service to be performed (the "Program Service agreement"). The Program Service agreement must be updated from time to time as appropriate to reflect the Program Service that the Service Provider performs in suppo1t of or benefiting, the Customer Program and may not be inconsistent with the Standards.

 

The Program Service agreement must reflect the Customer's responsibility for establishing all management and operating policies described herein and must not include any provision that attempts to limit the Customer's responsibility for the Program. The Program Service agreement must include all of the following provisions:

 

 

1.

The Service Provider received, understands, and agrees to comply with all applicable Standards, including the Service Provider Rules.

 

 

2.

On an ongoing basis, the Service Provider is promptly to provide the Customer with the current addresses of each of its offices.

 

 

3.

In the event of any inconsistency between any provision of the Program Service agreement and the Standards, the Standards will govern.

 

 

4.

The Program Service agreement automatically and immediately terminates if the Corporation de­ registers the Service Provider or if the Customer ceases to be a Customer or if the Customer fails to have a valid License by the Corporation to use any Mark pertaining to the Program Service to be performed by the Service Provider.

 

71

 

 

5.

The Service Provider acknowledges that the Corporation is the sole owner of the Marks, agrees not to contest the ownership of the Marks for any reason, and agrees the Corporation may prohibit the Service Provider from using any of the Marks for any reason.

 

 

6.

The Service Provider acknowledges that the Corporation has the right to enforce any provision of the Standards and to prohibit a Service Provider from engaging in any conduct the Corporation deems could create a risk of injury to the Corporation, or that could adversely affect the integrity of the Interchange System, and agrees not to take any action that could interfere with the exercise of this right by the Corporation.

 

72

 

EXHIBIT K

 

THIRD PARTY MATERIALS

 

The lists in this Exhibit K apply to Deliverables that are not Work Product and that are Derivative Works of the Licensed Software.

 

1.

Third Party Materials - Open Source Software.

 

[***]

 

2.

Third Party Materials - Other Than Open Source Software.

 

[***]

 

73