CC – Item 7A – Continued Discussion and Consideration of License Agreement with C3 AIROSEMEAD CITY COUNCIL
STAFF REPORT
TO: THE HONORABLE MAYOR AND CITY COUNCIL
FROM: BEN KIM, CITY MANAGER
DATE: APRIL 23, 2024
SUBJECT: CONTINUED DISCUSSION AND CONSIDERATION OF LICENSE
AGREEMENT WITH C3 Al
SUMMARY
At the April 9, 2024, City Council meeting, Mayor Ly received a request to table the discussion
for consideration of an agreement with C3 Al (Attachment A) at the next meeting. In a
consensus, the City Council directed the City Clerk to schedule a special meeting or bring back
the item before the City Council at the April 23rd meeting.
STAFF RECOMMENDATION
It is recommended that the City Council:
1. Authorize the City Manager to execute the License Agreement with C3 AI for the C3
Generative Al and/or C3 Al Law Enforcement subscription(s); OR
2. Provide alternative direction to staff.
FISCAL IMPACT
The software expenditures for the next five years total $995,000 and are to be funded through the
General Fund (Fund 101). If necessary, a budget adjustment to fiscal year 2023-24 will be
presented to Council for approval during the budget process for fiscal year 2024-25.
PUBLIC NOTICE PROCESS
This item has been noticed through the regular agenda notification process.
Prepared by:
Ericka Hernandez, City Clerk
AGENDA ITEM 7.A
City Council Meeting
April 23, 2024
Page 2 of 2
Attachment A: City Council Staff Report Dated April 9, 2024 with Attachments
Attachment B: Presentation Dated April 9, 2024
Attachment A
City Council Staff Report
Dated April 9, 2024 with Attachments
ROSEMEAD CITY COUNCIL
STAFF REPORT
TO: THE HONORABLE MAYOR AND CITY COUNCIL
FROM: BEN KIM, CITY MANAGERVe—�
DATE: APRIL 9, 2024
SUBJECT: CONSIDERATION OF LICENSE AGREEMENT WITH C3 AI
SUMMARY
City Council consideration of a License Agreement with C3 AI to streamline the City's work-
related tasks and workflow utilizing Generative Al and Large Language Model (LLM), and
streamline the crime investigation process and reporting process using C3 Al law enforcement
application.
BACKGROUND
In October 2023, the City conducted a trial pilot program of Generative Al and LLM with C3 AI
to test improvement in work-related tasks and workflow efficiency. The testing included city
departments (Admin, Community Development, Public Works, Finance, and Parks &
Recreation) and approximately 20 test users. Various documents were uploaded to the C3 Al
environment including the City's budgets, council agendas, financial reports, planning
documents, municipal code, strategic plans, etc.
After the trial pilot program, a debriefing meeting was held for C3 Al to receive feedback from
the departments. C3 Al received the feedback, made improvements within the limited scope of
the pilot program, and held several subsequent follow-up meetings with departments including
separately the Los Angeles County Sherifrs Department on the law enforcement application. C3
Al also presented the Generative Al platform, LLM, and law enforcement application to the City
Council on December 12, 2023.
As a reference, the terms Generative AI, LLM, and C3 AI's law enforcement applications are as
follows:
Generative Al
C3 Generative Al is an enterprise application that enables municipalities to rapidly locate,
retrieve, and ask any question on enterprise data and insights through an intuitive search and
chat interface. C3 Generative Al enables a novel Retrieval Augmented Generation (RAG)
framework by combining state-of-the-art foundational large language models (LLMs), the C3
AI Retrieval System, and the C3 Al Platform. Using C3 Generative AI, the City of Rosemead
can ask plain -language questions to retrieve information, visualize data, and reason across
City Council Meeting
April 9, 2024
Page 2 of 5
disparate structured and unstructured datasets to uncover critical insights, accelerate actions,
and improved decision-making.
C3 Generative Al offers several unique capabilities, including full traceability to ground
truth, omni -modal data support, multi-lingual support, built-in advanced mathematics
support, image and table parsing, an LLM agnostic architecture, and the ability to execute
complex, multi -step workflows that include reasoning.
C3 Generative Al will empower city staff to Yespond to resident queries more efficiently and
effectively across multiple languages. Additionally, the application is uniquely positioned to
connect to key data sources, such as CRM, Ordinances, Resolutions, Agendas, and City
Reports, and assist council members to have a stronger impact by conducting faster and
accurate analysis on data in near real-time. C3 Generative Al will provide Rosemead an
unprecedented access to data to help shape better policy decisions at council meetings and as
a result improve resident satisfaction. (Source: C3 AI)
Large Language Model (LLM)
LLM is a type of artificial intelligence system designed to understand and generate human-
like text. These models are trained on vast amounts of textual data and are capable of
performing various natural language processing (NLP) tasks such as text generation, text
summarization, translation, question answering, and more. (Source: ChatGPT)
Law Enforcement Application
C3 Al Law Enforcement is a software solution able to aggregate numerous disparate
investigative data sources into a single platform. Such software would allow the City of
Rosemead to perform more efficient, timely, and accurate crime investigations in pursuit of
stronger intelligence -led policing.
C3 Al's patented Artificial Intelligence/Machine Learning (AI/ML) functionality has the
unique capability to produce automated insights from Rosemead and Los Angeles County
Sheriff's aggregate source data, increasing the likelihood of discovering investigative leads,
and improving public safety within the city.
C3 AI shows historical crime trends and statistics, as well as a data vision screen that allows
users to search, filter, and visualize consolidated crime data and associated connections for
criminal investigations. C3 AI will provide Rosemead and LASO tools and analytics to help
build a unified, standardized view of criminal investigatory data, conduct criminal
investigations, and assess its data faster. (Source: C3 AI)
At this time, C3 AI is proposing to enter into a License Agreement on its generative Al and law
enforcement application (Attachment A). The salient terms of the license are as follows:
City Council Meeting
April 9, 2024
Page 3 of 5
Four-month "deployment phase" from license execution with an opt -out provision. After
the deployment phase, the term is four years and eight months (a total of five years).
• 5 -year license for C3 Generative AI and C3 Al Law Enforcement platforms.
• Subscription fee:
AI Services
Deployment P6
Annual
Subscription Phase
(4 -months)
Year 1
Year 2
Year 3
Year 4
Year 5
8 -months
Al Subscription
C3 Generative Al
$250,000
$80,000
$117,500
$117,500
$117,500
$117,500
C3 Law
Enforcement
$100,000
$15,000
$20,000
$20,000
$20,000
$20,000
3 Al[ COE Fees
Included
-
-
Number of
Included C3 Al
4.5
COE FTEs
Dual Total Fees
$350,000
$95,000
$137,500
$137,500
$137,500
$137,500
Year Total Fees
59951000
'All pricing options include hosting fees.
Generative Al — (i) up to 100,000 PDF/TIFF documents, (ii) up to two (2) source
systems, with up to five structured data tables with up to 30 fields each, and (iii) up to
120,000 queries per year. Additional queries will be charged at $500 per 1,000 queries.
For avoidance of doubt, the C3 Generative Al Subscription includes commercially
reasonable efforts to provide C3 Al support services to integrate additional data into C3
Generative Al during the C3 AI Subscription Term, provided the additional data are
within the Scope of Initial COE Objectives as specified in Exhibit A.
• Customer may purchase C3 AI Services during the Subscription Term to integrate
additional source systems into C3 Generative Al at a rate not to exceed $50,000 per
source system.
Law Enforcement — Access for up to 30 end-users. Additional users will be charged at
$100 per month.
City Council Meeting
April 9, 2024
Page 4 of 5
• Centre of Excellence ("CoE") C3 Al support services during the four-month deployment
phase. After that, the CoE service is $41,667 per month.
Generative Al & Large LanguaPe Model (LLMI
City Staff has thoroughly evaluated the C3 AI application, including the trial pilot testing,
debriefings, individual department head meetings, and group sessions. In its current application,
the most effective usability is with the City Clerk's Office in records and document search
functions. Staff notes that LaserFiche is at most times difficult to navigate and to perform
research. In other departments, Community Development and Public Works, the usability is
currently limited to basic functions because human intelligence and skills are needed to make
code compliance analyses and interpretations, and work with our customers in providing
alternatives and options. Parks and Finance Departments, the current applicability of the
application is not present.
It is noted that Generative AI is a rapidly changing environment that is moving towards
adaptation in many fields and is constantly improving. As noted above, the current applicability
is limited but as technology is moving at a fast pace, there may be an opportunity to build upon
the C3 AI's platform where the departments and their functions may effectively utilize the
platform to increase workflow and productivity. C3 Al has expressed its willingness to work
with the City "scaling up" during the proposed 5 -year license period and within the scope of the
license agreement.
Law Enforcement Application
The Sheriff's Department personnel met with C3 Al for a demonstration of its platform and
evaluated the applicability of C3 AI's law enforcement application. It is noted that the San
Mateo County Sheriff's Department is on the C3 AI platform with 18 of 19 law enforcement
jurisdictions (excluding the town of Hillsborough) have adopted the C3 AI platform. The
Rosemead Chief of Police connected with the Mateo County Sheriff s Department representative
and received positive feedback for C3 AI. The Chief also noted that C3 AI's platform is more
intuitive to navigate than LASD's COPLINK Database Integration and Access for Law
Enforcement Intranet system. LASD notes, however, that the effectiveness of C3 AI (or any
platform) would be heavily dependent on the completeness of the database and that a standalone
database (Rosemead or Temple Station only) would be limited in its effectiveness.
STAFF RECOMMENDATION
It is recommended that the City Council:
L Authorize the City Manager to execute the License Agreement with C3 AI for the C3
Generative AI and/or C3 Al Law Enforcement subscription(s); OR
2. Provide alternative direction to staff.
City Council Meeting
April 9, 2024
Page 5 of 5
FISCAL IMPACT
The software expenditures for the next five years total $995,000 and are to be funded through the
General Fund (Fund 101). If necessary, a budget adjustment to fiscal year 2023-24 will be
presented to Council for approval during the budget process for fiscal year 2024-25.
PUBLIC NOTICE PROCESS
This item has been noticed through the regular agenda notification process.
Attachment A: C3 AI Order Form, License Agreement, and attachments
ATM 111"145
C3 Al Order Form, License Agreement,
and attachments
ME
MalAttachment A
ORDER
THIS ORDER (this "Order") is made and entered into as of the date of the last signature below ("Effective Date") between
City of Rosemead ("Customer") and C3.ai, Inc. ("C3 AI"). C3 Al and Customer may also be referred to herein each as a
"Party" and collectively as the "Parties." The capitalized terms used, but not defined, in this Order have the meanings set forth
in the ELLA.
1. Commercial Terms
A. C3 Al Subscription Term: A deployment phase beginning on the Effective Date and continuing until four (4) months
from the Effective Date ("Deployment Phase"). The Deployment Phase automatically converts to the Annual
Subscription Phase for four (4) years and eight (8) months ("Annual Subscription Phase") unless Customer timely
exercises the Opt Out Right in accordance with Section 4.0 below.
B. Deployment Infrastructure: C3 At hosting services account.
2. Fees
TABLE I — C3 AI Subscription Fees*
'All pricing options include hosting fees.
3. Fees and Payment Terms
A. C3 Al Subscription Fees
Deployment Phase: The fee for the Deployment Phase is $350,000 (the "Deployment Phase Fee"), and is an
irrevocable, nonrefundable commitment on the Effective Date. The Deployment Phase Fee will be invoiced on
the Effective Date.
(Version) December 15, 2023 Order— Confidential
Annual Subscription Phase
3 All Services
Deployment Phase
Year 1
(4 -months)
Year 2 Year 3 Year Year 5
(8 -months)
C3 Al Subscription
C3 Generative Al
$250,000
$80,000
$117,500
$117,500
$117,500
$117,500
C3 Al Law
$100,000
$15,000
$20,000
$20,000
$20,000
$20,000
Enforcement
C3 Al COE Fees
Included
-
-
-
-
-
Number of Included
4.5
-
-
-
-
-
C3 Al COE FTEs
Annual Total Fees
$350,000
$95,000
$137,500
$137,500
$137,500
$137,500
5 -Year Total Fees
$995,000
'All pricing options include hosting fees.
3. Fees and Payment Terms
A. C3 Al Subscription Fees
Deployment Phase: The fee for the Deployment Phase is $350,000 (the "Deployment Phase Fee"), and is an
irrevocable, nonrefundable commitment on the Effective Date. The Deployment Phase Fee will be invoiced on
the Effective Date.
(Version) December 15, 2023 Order— Confidential
ii. Annual Subscription Phase: Unless Customer timely exercises the Opt Out Right in accordance with Section 4.0
below, the fee for the Annual Subscription Phase is $645,000 (the "Annual Subscription Phase Fee"), and is an
irrevocable, nonrefundable commitment on the day after the Opt Out Deadline. The Annual Subscription Phase
Fee will be invoiced as follows: (i) $95,000 on the date four (4) months after the Effective Date, (ii) $137,500 on
the first anniversary of the Effective Date, (iii) $137,500 on the second anniversary of the Effective Date, (iv)
$137,500 on the third anniversary of the Effective Date, (v) $137,500 on the fourth anniversary of the Effective
Date.
iii. C3 Generative AI: The C3 Generative AT subscription includes (i) up to 100,000 PDF/TIFF documents, (ii) up
two (2) source systems, with up to five structured data tables with up to 30 fields each, and (iii) up to 120,000
queries per year. Additional queries will be charged at $500 per 1,000 queries. For avoidance of doubt, the C3
Generative At Subscription includes commercially reasonable efforts to provide C3 AT support services to
integrate additional data into C3 Generative AT during the C3 AI Subscription Term, provided the additional data
are within the Scope of Initial COE Objectives as specified in Exhibit A.
iv. C3 AI Services: Customer may purchase C3 AI Services during the Subscription Term to integrate additional
source systems into C3 Generative AI at a rate not to exceed $50,000 per source system.
V. C3 AT Law Enforcement: C3 AT Law Enforcement subscription includes access for up to 30 named end-users.
Additional users will be charged at $100 per user per month.
B. CoE FTE Resources Fees. Customer has not purchased any CoE FTEs for the period after the expiration of the
Deployment Phase. Customer may purchase additional CoE FTE resources during the Subscription Term upon thirty
(30) days' prior written notice at the rate of $41,667 per FTE per month. The Parties have designated an initial
objective for the CoE during the Deployment Phase as specified in Exhibit A.
4. Additional Terms
A. EULA. This Order is subject to the terms of the C3 At End User License Agreement found at httys:Hc3.ai/legal/c3-
ai-EULA.odf (the "EULA"), which is incorporated herein by reference.
B. Reimbursement of Expenses. Customer shall reimburse C3 AI at cost plus 15% for any reasonable and necessary
expenses for travel and lodging incurred by C3 AT during the provision of C3 AT Services to Customer.
C. Opt Out Right. Provided Customer has paid all fees due and payable hereunder, Customer may opt out of the Annual
Subscription Phase (the "Opt Out") by providing written notice to C3 AT no later than fifteen (15) weeks following
the Effective Date (such deadline, the "Opt Out Deadline"). If Customer timely exercises the Opt Out, this Order shall
terminate four (4) months after the Effective Date.
D. California Public Records Act. If Customer is a government entity subject to the public records and meeting laws of
the State of California, including the California Public Records Act (Government Code Section 6250 et seq.) and the
California Brown Act (Government Code Section 54950 et seq.), any information, including Confidential Information,
communications, and documents received by Customer from C3 AT, and meetings involving Customer may be subject
to requests for disclosure pursuant to the California Public Records Act and the Brown Act. Customer acknowledges
and agrees that trade secrets are exempt from the disclosure requirements of the California Public Records Act and
the California Brown Act. Customer agrees to provide C3 AI with a reasonable opportunity to object to any disclosure
of C3 AI information, including, but not limited to, C3 AI Confidential Information, including seeking an order to
prevent the public disclosure of any C3 AI Confidential Information or to require such Confidential Information to be
disclosed under seal.
[signatures on next page]
(Version) December 15, 2023 Order— Confidential
In Witness Whereof, each of the Parties has duly executed this Order as of the Effective Date.
C3.ai, Inc.
By:
By:
Name:
Name:
Title:
Title:
Date:
Date:
Address
for Notice: General Counsel
1400 Seaport Boulevard
Redwood City, CA 94063
USA
Email C3Leeal(a)C3.at
Address
for Notice:
Email:
(Version) December 15, 2023 Order—Confidential
City of Rosemead
Exhibit A— CoE Deployment Phase Initial Objective
The Parties have designated an initial objective for the Deployment Phase, including the Generative Al Deployment
("Deployment 41") and the C3 Al Law Enforcement Deployment ("Deployment 42"). Customer may change the
overall objective of the CoE during the Deployment Phase in coordination with C3 AI and subject to the remaining
available CoE FTE resources ordered in the Order.
Deployment 91: C3 Generative Al
As of the Effective Date, the joint objective of the Customer CoE during the Deployment Phase for Deployment #1 is
as follows:
i. Install C3 Generative Al in C3 AI's cloud environment.
ii. Load the Deployment 91 In -Scope Data, as outlined in Table I, into C3 Generative Al and set a
regular sync schedule for ingesting and indexing.
iii. Tune C3 Generative Al to improve the precision of search results based on the Deployment 41 In -
Scope Data.
iv. Expose results in the C3 Generative Al interface, and configure the ability to collect feedback from
Rosemead users to enable ongoing model tuning and improvement.
The scope of Deployment #1 includes unlimited users and is limited to up to 100,000 PDF/TIFF documents and up
to two (2) source systems, with up to five (5) structured data tables with up to 30 fields each.
Customer will need to perform the following activities to ensure a successful deployment:
i. Provide access to the Deployment 41 In -Scope Data sources in Table 1.
ii. Make subject matter experts and other Rosemead personnel available as defined in Table 3
iii. Make Rosemead users available for two (2) half-day training sessions on the C3 Al Software
Table 1: In -Scope Data
Type of Data (System Name)
Description and example fields
Expected Data format
and frequency
LaserFiche
Public city documents, including council resolutions,
PDF/TIFF; uploaded
ordinances, meeting minutes, agendas, and staff reports,
per sync schedule
Municode/Civic Plus
City municipal and building codes
PDF; uploaded per
sync schedule
CRM*
Public works database, with details of city projects (e.g.,
CSV
graffiti abatements, tree trims, stormwater drainage)
GovClarity*
Parcel database, with property characteristics (e.g.,
API
improvement characteristics, assessed values, address
*Data source may be substituted with another data source, requiring similar level of effort to complete in agreement
with C3 Al & the Customer.
Deployment #2: C3 Al Law Enforcement
As of the Effective Date, the joint objective of the Customer CoE during the Deployment Phase for Deployment #2 is
as follows:
i. Deploy C3 AI Law Enforcement in C3 AI's cloud environment.
ii. Ingest and unify up to five (5) years of historical extracts of Deployment #2 In -Scope Data, as defined
in Table 2, and configure live data connections (updated up to once daily).
iii. Configure a data model with entities that represent logical objects related to Deployment #2 In -Scope
Data.
(Version) December 15, 2023 Order— Confidential
iv. Expose the unified data and analytics in eight (8) standard screens of the C3 AI Law Enforcement
application:
i. Executive Dashboard — displays jurisdiction -wide crime trends and a geospatial view for
viewing, filtering, and exporting groups of cases
ii. Search — returns relevant detail pages for any query across all ingested data
iii. Case Details — generates a simple, interconnected page for viewing case narratives,
evidence, and associations
iv. Identity — automatically creates a single -pane -of -glass summary of criminal history,
relationships, media, and pattern of life for any individual
v. Blackboard— explores relationships between identities based on available relationship
types across data sources
vi. Investigations— Create collections of detail pages and collaborate with other application
users, with an auditable log of user actions
vii. Search History - view user searches and justifications for transparent administration and
application usage reports
viii. Vehicle Details - lists associations across identities, cases, and citations alongside license
plate reader collections
V. Configure up to four (4) role -based access control tiers to manage application and data access.
Complete integration, quality assurance, user acceptance, and performance testing.
vi. Provide up to three (3) remote C3 Al Law Enforcement training sessions to Rosemead's end-users.
The scope of Deployment #2 C3 Al Law includes access for up to 30 named end-users.
Customer will need to perform the following activities to ensure a successful deployment:
i. Secure a Memorandum of Understanding (MOU) with the Los Angeles County Sheriffs Office,
permitting C3 Al to access the Deployment #2 In -Scope Data in Table 2.
ii. Provide access to and work with C3 Al to set up live data connections to Deployment 42 In -Scope Data
sources in Table 2.
iii. Make subject matter experts and other Rosemead PD personnel available as described in Table 3.
iv. Support product configuration by attending workshops.
V. Inform C3 Al of all necessary steps and certifications needed for data access and deployment, including
locations of access points, required clearances, and/or background checks
Table 2: /n -Scope Data
(Version) December 15, 2023 Order — Confidential
Expected Data
Type of Data (System Name)
Description and example fields
format and
frequency
LA County Sheriffs Records
Agency -wide information, records, documents, or files
CSV; daily
Management System
pertaining to law enforcement operations.
LA County Sheriffs Jail Data
Agency -wide inmate management and incarceration data
CSV; daily
System
Flock ALPR
License plate reader data
API; daily
LA County Sheriffs CAD
Agency -wide 911 call dispatch data
API; daily
(Version) December 15, 2023 Order — Confidential
Table 3: Required Customer and C3 At Resources
Team
Role
Responsibilities
Executive Sponsor
Ensure overall project direction, unblock issues
Project Manager
Manages the day-to-day activities of Project team
1.5 FTE
C3 Al
Data Scientist
Develops and validates machine learning models
I FTE
Solutions Engineer
Performs data integration, supports machine learning, configures
2 FTE
application user interface
Executive Sponsor
Ensure overall project direction, unblock issues
Project Management
Day-to-day project operations and co-ordination with other
I individual throughout the
resources and groups
project (<4 hours per week)
Rosemead
IT/Systems Resource
Supports extraction of required data, and integration to source
(1-2 hours per week during
the first 4 weeks)
systems
Subject Matter Expert
loin and participate actively in weekly meetings to provide
1-2 individuals (1-2 hours per
required subject matter expertise and feedback through the
week during first 8 weeks)
project
(Version) December 15, 2023 Order—Confidential
q.ai
C3 Al END USER LICENSE AGREEMENT
THIS C3 AI END USER LICENSE AGREEMENT ("Agreement') governs Your acquisition and use of the C3 AT
Software and C3 AT Services. If You are entering into this Agreement on behalf of an entity, You represent and warrant
that You have the legal authority to enter into this Agreement and bind such entity to its terms and conditions. The
terms "You' and "Your" shall refer to such entity accepting this Agreement, and the terms "We," "Us" and "Our" shall
refer to C3.ai, Inc. If You do not accept the terms and conditions of this Agreement, then You cannot use the C3 AI
Software and/or C3 AT Services.
This Agreement is effective between You and Us as of the date of your underlying purchase of the C3 AT Software
and/or C3 AI Services. We reserve the right to modify the terms and conditions of this Agreement or its policies
relating to the C3 AT Software and C3 AT Services at any time, effective upon posting of an updated version of this
Agreement on the applicable site. Continued use of the C3 AI Software and C3 AT Services after any such changes
shall constitute Your consent to such changes.
1. DEFINITIONS
"Affiliate" means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with,
the subject entity. "Control," for purposes of this definition, means direct or indirect ownership or control of more
than fifty percent (50%) of the voting interests of the subject entity.
"Authorized Marketplace" means an online or electronic marketplace operated or controlled by a third party where
We have authorized the marketing and distribution of the C3 AI Software or C3 AT Services.
"C3 Al Documentation" means the user documentation made available to You by Us for the C3 AT Software, as may
be updated by Us from time to time.
"C3 Al Materials" mean (a) C3 AI Software and C3 AI Documentation; (b) Our intellectual property existing prior
to the Agreement; (c) intellectual property created by Us independently of the Agreement; (d) Our training materials
related to the C3 AI Software; (e) the results of C3 AI Services; (f) Center of Excellence Software Contributions; (g)
derivative works of any C3 AT Materials; and (h) any and all other intellectual property designed or developed by or
on behalf of Us to provide features or capabilities in the C3 AT Software, including, where applicable, to enable specific
capabilities in Customer Applications or Customer Extensions.
"C3 Al Runtime" means the virtual CPUs or vGPUs ("vCPUs") used by the C3 AT Software, Customer Applications,
or Customer Extensions in any Deployment Environment.
"C3 AI Services" mean C3 Al Support Services, C3 AT training, and other similar services that We provide to You,
and as may be described herein or in the Product -Specific Terms.
"C3 Al Software" means software that You order from Us including, as applicable, any of Our software application(s)
(a "C3 Al Application'), the C3 AT Platform, and any development and integration tools and components.
"Customer Application" means a software application that You operate on the C3 AI Platform that is independently
developed by You without the design, development, or testing assistance of Our personnel, but not including any C3
AI COE Software Contributions (as defined in the Product -Specific Terms).
"Customer Data" means all electronic data and electronic information submitted by or for You, excluding C3 AI
Materials, to be processed on or by the C3 AI Software.
November 16, 2023 C3 At End User License Agreement 1
"Customer Extensions" mean modifications to add data sources to a C3 Al Application that are independently created
by or for You without the design, development, or testing assistance of Our personnel, but not including C3 AI COE
Software Contributions (as defined in the Product -Specific Terms).
"Customer Materials" mean Customer Data, Customer Applications, and Customer Extensions and other materials
designated as Customer Materials in Product -Specific Terns, if any.
"Deployment Environment" means the environments (e.g., development (DEV), testing (QA), production (PROD),
etc.) into which the C3 Al Software, Customer Applications, and Customer Extensions are deployed on the
Deployment Infrastructure.
"Deployment Infrastructure" means the infrastructure on which the C3 AI Software will be deployed.
"Intellectual Property Rights" mean current and future worldwide rights under patent, copyright, trade secret,
trademark, and moral rights laws, and other similar rights of any type under the laws of any governmental authority,
including without limitation rights in the applications and registrations relating to the foregoing.
"Order" means an ordering document or online order specifying the C3 AI Software or C3 AI Services You or any of
Your Affiliates are purchasing, including any addenda and supplements.
"Operational Control" means the C3 Al Operational Controls Description detailing the roles and responsibilities of
You and Us in the deployment of the C3 Al Software in the Development Infrastructure found at
httm://c3.ai/lepal/P,ACI.odf, or any successor or related locations designated by Us, as they may be updated by Us
from time to time.
"Product -Specific Terms" means the C3 Al Product -Specific Terns for specific C3 Al Software or C3 AI Services
You order found at httys://c3.ai/legal/ProductSoecificTenns.13df, or any successor or related locations designated by
Us, as they may be updated by Us from time to time.
"Subscription Term" means the term of Your subscription to the C3 Al Software and/or C3 Al Services, as specified
in the applicable Order.
"Third Party Offering" means any software or services that You license or procure from a third party that You use in
connection with, or which interoperates with, any C3 Al Software.
"User" means a named individual employee or contractor of Yours or of Your Affiliates for whom You have purchased
a subscription, who is authorized by You to access or use C3 Al Software, and to whom You (or, when applicable, We
at Your request) have supplied a user identification and password. You may not name as a User, and Users shall not
include, individuals involved in the design or development of products or services that are intended to be competitive
with the C3 AI Software, C3 AI Materials, or C3 Al Services, whether for Your use or for that of any third party.
2. USE OF OUR SERVICES
2.1. Our Responsibilities.
2.1.1. Provisioning of the Services. Subject to the terms of this Agreement, We will activate a URL to permit You
to access the C3 Al Software specified in the Order in Our hosting services account, at which time the C3 AI
Software is automatically deemed accepted. If the Deployment Infrastructure is not Our hosting services
account: (a) the C3 Al Software will be available in Our hosting services account until an instance of the
applicable C3 Al Software is installed in the Deployment Infrastructure, at which time We will suspend access
to the instance of the C3 Al Software deployed in Our hosting services account; and (b) subject to Your
ongoing compliance with the Agreement, We grant to You a non-exclusive, non -transferable, and non -
November 16, 2023 C3 AI End User License Agreement
sublicensable right during the Subscription Term to install the C3 At Software on the Deployment
Infrastructure for the limited purpose set forth in this Agreement.
2.1.2. C3 Al Support Services. During the Subscription Term for any C3 Al Software as set forth in the applicable
Order, and subject to Customer's compliance with the Agreement, C3 Al will provide the C3 AI Support
Services, which are described in the C3 AI Support Services Description found at
https://c3.ai/legal/Support.pdf, or any successor or related locations designated by C3 AI, as maybe updated
by C3 Al from time to time.
2.1.3. Service Level Agreement. During the applicable Subscription Term, C3 AI will use commercially
reasonable efforts to make the C3 At Software available as set forth in the C3 AI Service Level Agreement,
found at https://c3.ai/legal/SLA.t)df or any successor or related locations designated by C3 Al, as may be
updated by C3 At from time to time.
2.2. License. Upon the effective date of the applicable Order, and subject to the terms of any applicable Order,
We grant to You a non-exclusive, non -transferable, and non-sublicensable right, during the Subscription
Term, to:
(a) Permit an unlimited number of Users to use the C3 At Platform in the Deployment Environment in
accordance with the C3 At Documentation solely to develop and use Customer Applications for Your internal
use;
(b) Permit an unlimited number of Users to use the C3 Al Application(s) in the Deployment
Environment in accordance with the C3 AI Documentation and to develop Customer Extensions for Your
internal use, provided that (i) the functionality of the C3 AI Application must remain within its published
specifications; and (ii) Your use of the C3 Al Application must remain within the scope of the license granted
under the Agreement.
2.3. Your Responsibilities
2.3.1. Hosting Services. If You contract for the Deployment Infrastructure with a hosting services
provider, then You will: (a) create an account with the hosting services provider; (b) provide Us with complete and
accurate information regarding the account and keep the information complete and accurate at all times; (c) cooperate
with Us as reasonably necessary to facilitate the timely installation of the C3 Al Software in accordance with the
applicable C3 Al Installation Guide(s), available at htttos://c3.ai/legal, or any successor or related locations designated
by Us, as they may be updated by Us from time to time. If You require Our assistance to install the C3 At Software
other than in accordance with the C3 Al Installation Guides, We may require You to pay additional fees, unless
otherwise stated in Your Order.
2.3.2. Security. You are responsible for (a) maintaining the security of Your hosting services account (for
example, any applicable login credentials or security keys); (b) all activities that occur under Your account; and (c)
any other actions taken in connection with Your account. We are not responsible for unauthorized access to Your
account. You will notify Us promptly if You believe there has been unauthorized access to or use of Your account.
2.3.3. Usage Responsibilities. You will (a) be responsible for Users' and any third party granted access to
C3 At Materials by You; (b) be responsible for the accuracy, quality and legality of Customer Data, the means by
which You acquired Customer Data, and obtaining adequate permissions to process such Customer Data with the C3
AI Software; (c) use commercially reasonable efforts to prevent unauthorized access to or use of C3 At Materials, and
notify Us promptly of any such unauthorized access or use; (d) use C3 Al Materials only in accordance with this
Agreement, the C3 All Documentation, and applicable laws and government regulations; (e) be solely responsible for
procuring Your own code repository and business intelligence tools; (f) be responsible for complying with terms of
service of any Third Party Offering with which You use any C3 Al Materials; (g) be responsible for the use of
November 16, 2023 C3 At End User License Agreement
recommendations or computational results provided by the C3 AT Software and the outcome realized by such use; and
(h) comply with all obligations in the applicable Operational Control for the Deployment Environment. Our
obligations under this Agreement are contingent upon Your compliance with the applicable Operational Control.
2.4. Usage Restrictions. You will not, nor permit any third parry to: (a) make any C3 AI Materials available to,
distribute, or use any C3 AI Materials for the benefit of, anyone other than You or Users, unless expressly stated
otherwise in the Agreement; (b) sell, resell, license, sublicense, distribute, make available, rent, or lease any C3 AT
Materials, or include any C3 AT Materials in a service bureau or outsourcing offering; (c) design, develop, or provision
applications for third parties that utilize C3 AT Software; (d) use the C3 AI Software to store or transmit infringing,
libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third -party privacy
rights; (e) use C3 AT Software to store or transmit code, files, scripts, agents or programs intended to do harm,
including, for example, viruses, worms, time bombs, and Trojan horses; (f) interfere with or disrupt the integrity or
performance of any C3 AT Software or third -party data contained therein; (g) attempt to gain unauthorized access to
any C3 AI Software or its related systems or networks; (h) permit direct or indirect access to or use of any C3 AT
Software in a way that circumvents Your obligations in this Agreement, including contractual usage limits, or use any
of the C3 AT Software to access or use any of the C3 Materials except as permitted under this Agreement; (i) frame or
mirror any part of any C3 AI Software, other than framing on Your own intranets or otherwise for Your own internal
business purposes; Q) access, use, or copy any C3 AT Materials (including any features, functions, or interface of the
C3 AI Software) to: (1) build a competitive product or service; (2) build a product or service using similar features,
functions, or user interface of the C3 AT Software; or (3) benchmark the C3 AI Software with any third -parry product
or service; (k) disassemble, decompile, or reverse engineer (except to the extent reverse engineering is expressly
permitted by law) any C3 AT Materials or otherwise attempt to discover the source code or underlying structure, ideas,
or algorithms in the C3 AI Software; (1) incorporate or otherwise use any software (including any Third Parry
Offerings) in connection with the C3 AI Software or C3 AI Services that include or link to any software code licensed
under the GNU GPL or AGPL or any similar "open source" or "copyleft" license that would require Us to make the
source code of any part of the C3 AT Software available to any third party; or (m) alter, modify, or create derivative
works of any C3 AT Software.
2.5. Audit Rights. You will maintain all records of Your, and Your User's, use of the C3 AI Materials and
compliance with the Agreement for a period of three (3) years after the end of the Subscription Term. Upon reasonable
prior notice, We have the right, including through an appointed representative, no more than once every twelve (12)
months, at Our expense, to examine such records and accounts during Your normal business hours to verify compliance
with this Agreement. By requesting an audit, We do not waive Our rights to enforce this Agreement or to protect Our
Intellectual Property Rights by any other means permitted by law.
2.6. C3 AT Runtime. C3 AI Runtime will incur fees at the applicable rates specified in the applicable Order. You
will provide regular access, not less than monthly, to C3 AI Runtime logs or records to enable Us to confirm or invoice
C3 AT Runtime fees in accordance with the Agreement. You will maintain C3 AT Runtime logs or records for three
(3) years after the C3 AI Runtime is used.
3. NON -C3 AT PROVIDERS
3.1. Third Party Offerings. Your acquisition or use of a Third Party Offering, and any exchange of data between
You and any third party or the Third Party Offering, is solely between You and the applicable third party. We do not
warrant or support Third Party Offerings. If You choose to use a Third Party Offering with the C3 AT Software, You
grant Us permission to allow the Third Party Offering and its provider to access Customer Data as required for the
interoperation of that Third Party Offering with the C3 AT Software. We are not responsible for any disclosure,
modification, or deletion of Customer Data resulting from access by such Third Party Offering or its provider.
3.2. Integration with Third Party Offerings. The C3 AT Software may contain features designed to interoperate
with Third Party Offerings. To use such features, You may be required to obtain access to such Third Party Offerings
from their providers, and may be required to grant Us access to Your account(s) on such Third Party Offerings. We do
November 16, 2023 C3 At End User License Agreement
not guarantee the continued availability of such C3 Al Software features, and may cease providing them without
entitling You to any refund, credit, or other compensation, if for example and without limitation, the provider of a
Third Party Offering ceases to make the Third Party Offering available for interoperation with the corresponding C3
Al Software features in a manner acceptable to Us. You will ensure that You and Your Affiliates have all necessary
rights and licenses to interoperate any Third Party Offering with any C3 AI Software as contemplated in this
Agreement.
4. DATA PROTECTION
4.1. Protection of Customer Data. We will maintain administrative, physical, and technical safeguards designed
to protect the security, confidentiality, and integrity of Customer Data. We will not use Customer Data except (a) to
operate the C3 Al Software and provide the C3 AI Services and to address service or technical problems, (b) as
compelled by law in accordance with Section 7.3 (Compelled Disclosure) below, or (c) as You expressly permit in
writing.
4.2. Personal Data. Where Your use of the C3 Al Software or C3 Al Services requires Us to process personally
identifiable information, then (a) You will notify Us in writing prior to providing Us any access to any such personal
information; and (b) the terms and conditions of the C3 Al Data Processing Agreement, which may be found at
haus://c3.ai/leeal/DPA.r)df, and as may be updated by Us from time to time, will apply to such processing. You will
not provide any information that is considered protected health information under HIPAA, except pursuant to a
separate Business Associate Agreement mutually agreed to in writing between the You and Us.
4.3. Security & Compliance. We may monitor all use of the C3 AI Software for security and operational
purposes. We may temporarily suspend Your access to any C3 AI Software if We reasonably determine that such
access and use poses a security risk or is a threat to the function of the Software, or in the event a User is engaged in,
or We in good faith suspect is engaged in, any unauthorized conduct, including any violation of any terms and
conditions of this Agreement, any applicable law, or third party rights; provided, however, that We will use
commercially reasonable efforts under the circumstances to provide You with notice and an opportunity to remedy
such unauthorized conduct prior to such suspension.
5. FEES, PAYMENT, AND AUTHORIZED RESELLERS
5.1. Fees. You will pay all subscription fees due under an Order, and, as subsequently invoiced by Us or Our
service provider as applicable, C3 AI Runtime. Fees are based on C3 Al Software subscriptions and C3 AI Services
purchased, and fees cannot be decreased during the applicable Subscription Term, even if the actual usage is lower
than the permitted usage set in a monthly minimum. We may adjust or increase the fees for month-to-month
subscriptions by providing advance written notice to You of at least thirty (30) days. Your payment obligations under
any Order are irrevocable and non -cancelable and any fees paid by You to Us are non-refundable. Unless otherwise
stated in Your Order, invoiced charges are due net thirty (30) days from the invoice date.
5.2. Suspension of Service. If any amount owing by You under the Agreement is thirty (30) or more days overdue,
We may, without limiting Our other rights and remedies, suspend access to and use of C3 AI Software and C3 AI
Services until such amounts are paid in full. We will give You at least ten (10) days' prior notice in accordance with
Section 12.4 (Manner of Giving Notice) for billing notices before suspending services under this Section 5.2.
5.3. Taxes. Our fees do not include any taxes, levies, duties or similar governmental assessments of any nature,
including, for example, value-added, sales, use, or withholding taxes, assessable by any jurisdiction whatsoever
(collectively, "Taxes"). You are responsible for paying all Taxes associated with Your purchases hereunder. If We
have the legal obligation to pay or collect Taxes for which You are responsible under this Section 5.3, We will invoice
You and You will pay such amount unless You provide Us with a valid tax exemption certificate authorized by the
appropriate taxing authority. We are solely responsible for taxes assessable against Us based on Our income, property,
and employees.
November 16, 2023 C3 Al End User License Agreement
5.4. Authorized Resellers and Authorized Marketplaces. If you purchase C3 AI Software or C3 Al Services
through Our authorized reseller or an Authorized Marketplace, this Agreement will govern that C3 All Software or C3
AI Services, as applicable. Your payment obligations for the C3 Al Software or C3 AI Services acquired through Our
authorized reseller or an Authorized Marketplace will be with the authorized reseller or Authorized Marketplace, as
applicable, and not with Us. You will have no direct fee payment obligations to Us for that C3 Al Software or C3 Al
Services. However, in the event You fail to pay Our authorized reseller or the Authorized Marketplace for the C3 Al
Software or the C3 Al Services, We retain the right to enforce Your payment obligations and collect directly from You.
Any terms agreed to between You and Our authorized reseller or the Authorized Marketplace that are in addition to
the terms and conditions in this Agreement are solely between You and Our authorized reseller or the Authorized
Marketplace, as applicable. No agreement between You and Our authorized reseller or Authorized Marketplace is
binding on Us or will have any force or effect with respect to Your rights in, or the operation, use or provision of, the
C3 Al Software or C3 AI Services.
6. PROPRIETARY RIGHTS
6.1. C3 Al Materials Intellectual Property Ownership. Subject to the limited rights granted herein, We and
Our licensors hereby retain all right, title, and interest, including all Intellectual Property Rights, in and to the C3 Al
Materials, including all duplicates, derivative works, modifications, enhancements and adaptations thereto. No rights
are assigned or granted to You hereunder, other than as expressly set forth in this Agreement, and no implied license
or right of any kind is granted to You. You will not delete or in any manner alter Our copyright, patent, trademark, or
other proprietary notices, if any, appearing in any C3 Al Materials.
6.2. Customer Materials Intellectual Property Ownership. Subject to the limited rights granted herein, You
retain all right, title, and interest, including all Intellectual Property Rights, in Customer Materials. We will not delete
or in any manner alter Your copyright, trademark, and other proprietary notices, if any, appearing on any Customer
Materials.
6.3. License to Customer Materials. You grant Us, Our Affiliates, and applicable contractors a royalty -free, non-
exclusive, non -transferable license (a) to -use Customer Materials to perform Our obligations under this Agreement;
and (b) to anonymize and aggregate Customer Data and use such aggregated and anonymized data for purposes of
calculating benchmarks and other analyses that We use internally or to improve the C3 Al Services, provided We shall
not use or disclose any personally identifiable information or personal data or reveal Your identity in connection with
such use of Customer Data.
6.4. License to Use Feedback. You grant to Us and our Affiliates a non-exclusive, worldwide, perpetual,
irrevocable, sub -licensable, royalty -free license, without restriction, to use in any manner and incorporate into Our
and/or Our Affiliates' products or services, any suggestion, enhancement request, recommendation, correction, or other
feedback provided by You or Users relating to Our or Our Affiliates' current or future products or services.
CONFIDENTIALITY
7.1. Definition of Confidential Information. "Confidential Information" means all information disclosed by
a party (the "Disclosing Party") to the other parry or its Affiliates (the "Receiving Party") that is designated in writing
as confidential. Regardless of marking: (a) Your Confidential Information includes Customer Data; (b) Our
Confidential Information includes the C3 Al Services, C3 Al Materials, and any performance testing or benchmarking
results or other evaluations of or conclusions concerning the C3 Al Materials; and (c) Confidential Information of
each party includes the terms and conditions of this Agreement, including pricing. Confidential Information does not
include any information that (i) is or becomes generally known to the public without breach of any obligation owed
to the Disclosing Party; (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without
breach of any obligation owed to the Disclosing Party, as shown by the Receiving Party's contemporaneous written
records; (iii) is received from a third party without breach of any obligation owed to the Disclosing Party; or (iv) was
November 16, 2023 C3 Al End User License Agreement
independently developed by the Receiving Party without the use of the Disclosing Party's Confidential Information,
as shown by the Receiving Party's contemporaneous written records.
7.2. Non -Disclosure. All Confidential Information shall remain the sole and exclusive property of the Disclosing
Party and each Party acknowledges and agrees that, subject to the limited rights granted herein, nothing in this
Agreement will be construed as granting to the Receiving Party any rights or licenses to any Intellectual Property
Rights, including but not limited to, trademarks, inventions, copyrights, trade secrets, or patents. The Receiving Party
(a) will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like
kind (but not less than reasonable care); (b) will not use, distribute or disclose any Confidential Information of the
Disclosing Parry for any purpose outside the scope of this Agreement; and (c) except as otherwise authorized by the
Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its
Affiliates' employees and subcontractors who need that access for purposes consistent with this Agreement and who
have signed confidentiality agreements with the Receiving Party containing protections not materially less protective
of the Confidential Information than those herein. We may use any ideas, know-how, and techniques retained in the
unaided memories of Our personnel who have had access to Your Confidential Information in the course of performing
the C3 AI Services under this Agreement. Either party may disclose the terms of this Agreement to its legal counsel
and accountants without the other party's prior written consent, provided that such recipient is subject to terms of
confidentiality no less restrictive than those set forth herein and the party that makes any such disclosure remains
responsible for such recipient's compliance with this Section 7.2. Notwithstanding the foregoing, We may disclose
the terms of this Agreement to a subcontractor to the extent necessary to perform Our obligations to You under this
Agreement, under terms of confidentiality materially as protective as set forth herein.
7.3. Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party
to the extent compelled by law. In such case, the Receiving Party gives the Disclosing Party prior notice of the
compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the
Disclosing Party wishes to contest the disclosure. If the Disclosing Party waives compliance or, after providing the
notice and assistance required under this Section 7.3, the Receiving Party remains required by law to disclose any
Confidential Information, the Receiving Party will disclose only that portion of the Confidential Information that, on
the advice of the Receiving Party's legal counsel, the Receiving Party is legally required to disclose and will use
commercially reasonable efforts to obtain assurances from the applicable court or other presiding authority that such
Confidential Information will be afforded confidential treatment. If the Receiving Party is compelled by law to
disclose the Disclosing Party's Confidential Information as part of a civil proceeding to which the Disclosing Party is
a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving
Party for its reasonable cost of compiling and providing secure access to that Confidential Information.
S. REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS
8.1. Representations. Each party represents that it has validly entered into this Agreement and has legal power
to do so.
8.2. Our Warranties. We warrant that during an applicable Subscription Term (a) this Agreement, the Orders,
and the C3 Al Documentation accurately describe the applicable administrative, physical, and technical safeguards for
protection of the security, confidentiality and integrity of Customer Data; (b) We will not materially decrease the
overall security of the subscribed C3 AI Software, as applicable; (c) the subscribed C3 Al Software will perform
materially in accordance with the applicable C3 Al Documentation; and (d) the C3 Al Services will be performed in a
professional and workmanlike manner in conformance with generally accepted industry standards. For any breach of
any warranty above, Your exclusive remedies are as follows: (i) for Section 8.2(a), the update of the C3 AI
Documentation to accurately reflect the applicable safeguards; (ii) for Sections 8.2(b) and 8.2(c), the repair or
replacement of the applicable functionality in the C3 Al Software; and (iii) for Section 8.2(d), the re -performance of
any substandard C3 Al Services. The foregoing warranties are subject to Your implementation within no more than
ninety (90) days of all updates and upgrades made available by Us to You.
November 16, 2023 C3 At End User License Agreement
8.3. Disclaimers. EXCEPT FOR THE WARRANTIES EXPRESSLY PROVIDED HEREIN, NEITHER PARTY
MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE,
AND EACH PARTY SPECIFICALLY DISCLAIMS ANY AND ALL IMPLIED WARRANTIES, INCLUDING THE
IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND
NON -INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. EACH PARTY
DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES
CAUSED BY THE HOSTING SERVICES OR ANY THIRD PARTY HOSTING SERVICE PROVIDERS.
9. MUTUAL INDEMNIFICATION
9.1. Indemnification by Us. We will defend You against any claim, demand, suit, or proceeding made or brought
against You by an unaffiliated third party alleging that any C3 AI Software infringes or misappropriates such third
party's Intellectual Property Rights (a "Claim Against You"), and will indemnify You from any damages, attorney
fees, and costs finally awarded against You as a result of a Claim Against You, provided You (a) promptly give Us
written notice of the Claim Against You; (b) give Us sole control of the defense and settlement of the Claim Against
You, except that We may not settle any Claim Against You unless it unconditionally releases You of all liability; and
(c) give Us all reasonable assistance, at Our expense. The foregoing obligation shall not apply with respect to a Claim
Against You if such claim arises out of (i) Our compliance with Your specifications; (ii) use of the C3 AI Software in
combination with any software, hardware, network, data, or system not supplied by Us; (iii) any modification or
alteration of the C3 AT Software by other than by Us; (iv) Your continuing the allegedly infringing or misappropriating
activity after being informed by Us of modifications that would avoid the alleged infringement or misappropriation;
or (v) use of the C3 AI Software other than in accordance with the terms and conditions of this Agreement. If We
receive information about an infringement or misappropriation claim related to C3 AT Software, We may in Our
discretion and at no cost to You (x) modify the C3 AT Software so that it is no longer claimed to infringe or
misappropriate; (y) obtain a license for Your continued use of that C3 AT Software in accordance with this Agreement;
or (z) terminate Your subscriptions for that C3 AT Software and refund to You any prepaid fees covering the remainder
of the Subscription Term of the terminated subscriptions.
9.2. Indemnification by You. You will defend Us against any claim, demand, suit, or proceeding made or brought
against Us by a third party alleging that any of Customer Materials or any Third Party Offering infringes or
misappropriates such third party's Intellectual Property Rights, or arising from Your or Users' use of the C3 AI
Software or Customer Data in violation of the Agreement, the C3 AI Documentation, or applicable law (each a "Claim
Against Us"), and You will indemnify Us from any damages, attorney fees, and costs finally awarded against Us as a
result of a Claim Against Us, provided We (a) promptly give You written notice of the Claim Against Us; (b) give You
sole control of the defense and settlement of the Claim Against Us, except that You may not settle any Claim Against
Us unless it unconditionally releases Us of all liability; and (c) give You all reasonable assistance, at Your expense.
9.3. Exclusive Remedy. Section 9 states the indemnifying party's sole liability to, and the indemnified party's
exclusive remedy against, the other party for any type of claim described in this Section 9.
10. LIMITATION OF LIABILITY
10.1. Disclaimer. IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY ARISING OUT OF OR
RELATED TO THIS AGREEMENT FOR (A) LOST PROFITS, REVENUES, OPPORTUNITIES, OR GOODWILL;
(B), INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, CONSEQUENTIAL, COVER, BUSINESS
INTERRUPTION OR PUNITIVE DAMAGES; (C) THE VALUE OF CUSTOMER DATA; (D) YOUR USE OF THE
COMPUTATIONAL RESULTS THAT YOU OBTAIN FROM THE USE OF THE C3 AT SOFTWARE; OR (E) THE
UNAVAILABILITY OF THE C3 AT SOFTWARE. THE FOREGOING DISCLAIMER (1) APPLIES WHETHER
AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A
PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF A PARTY'S REMEDY
November 16, 2023 C3 At End User License Agreement
OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE; (2) DOES NOT APPLY TO THE EXTENT PROHIBITED
BY LAW.
10.2. Liability Cap. EXCLUDING OUR LIABILITY UNDER SECTION 9.1 (INDEMNIFICATION BY US),
AND YOUR LIABILITY UNDER SECTION 5 (FEES AND PAYMENT), AND SECTION 9.2
(INDEMNIFICATION BY YOU), IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EACH PARTY,
TOGETHER WITH ALL OF ITS AFFILIATES AND LICENSORS, .ARISING OUT OF OR RELATED TO THIS
AGREEMENT EXCEED THE TOTAL AMOUNT OF SUBSCRIPTION FEES PAID BY YOU AND YOUR
AFFILIATES HEREUNDER FOR THE C3 AI SOFTWARE GIVING RISE TO THE LIABILITY IN THE TWELVE
(12) MONTHS PRECEDING THE FIRST INCIDENT OUT OF WHICH THE LIABILITY AROSE. THE
FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND
REGARDLESS OF THE THEORY OF LIABILITY.
10.3. Exception. THE FOREGOING DISCLAIMER WILL APPLY TO THE FULLEST EXTENT ALLOWED
BY LAW. NOTHING SET FORTH HEREIN LIMITS EITHER PARTY'S LIABILITY FOR INFRINGEMENT OR
MISAPPROPRIATION OF THE OTHER PARTY'S INTELLECTUAL PROPERTY RIGHTS.
11. TERM AND TERMINATION
11.1. Term of Agreement. This Agreement commences on the date You first accept it and continues until all
subscriptions have expired, have been discontinued or have been terminated, or the Agreement is otherwise terminated
in accordance with its terms.
11.2. Service Discontinuation. You may terminate any month-to-month subscriptions by providing advance
written notice to Us of at least thirty (30) days, or as otherwise provided in any applicable Product -Specific Terms.
No refunds will be owed to You for the balance of any prepaid fees, or any subscriptions if You terminate under this
Section 11.2. We may terminate any month -to -mouth subscriptions by providing notice to You of at least six (6)
months. Termination pursuant to this Section 11.2 will be effective as of the last day of the full calendar month in
which the termination is effective ("Service Discontinuation Date"). All fees owed as of Service Discontinuation
Date will be invoiced in accordance with Section 5 of this Agreement.
11.3. Termination. A parry may terminate this Agreement for cause (a) upon thirty (30) days' written notice to the
other party of a material breach by such other party, if such breach remains uncured at the expiration of such period;
or (b) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency,
receivership, liquidation or assignment for the benefit of creditors.
11.4. Refund or Payment upon Termination. If You terminate this Agreement in accordance with Section 11.3
(Termination), We will refund You any prepaid fees for the C3 At Software and C3 Al Services that have not yet been
provided as of the effective date of termination. If We terminate this Agreement in accordance with Section 11.3
(Termination), You will pay any unpaid fees covering the remainder of the term. In no event will termination relieve
You of Your obligation to pay any fees payable to Us for the period prior to the effective date of termination.
11.5. Customer Materials Portability and Deletion. If the Deployment Environment is Our hosting services
account, then, upon request by You made within thirty (30) days after the effective date of termination or expiration
of this Agreement, We will make Customer Materials available to You in the then -current format in which it was
stored. After such 30 -day period, We will have no obligation to maintain or provide You any Customer Materials, and
as provided in the C3 Al Documentation, We will thereafter delete or destroy all copies thereof in Our systems or
otherwise in Our possession or control, unless legally prohibited.
11.6. Effect of Termination or Service Discontinuation. At the end of a Subscription Term that is not renewed
or upon the discontinuation, expiration, or termination of this Agreement ("Termination Date"), You shall cease all
use of the C3 At Materials and shall permanently and irretrievably delete and destroy all copies of the C3 At Materials.
November 16, 2023 C3 Al End User License Agreement
You shall certify such cessation, deletion, and destruction to Us in writing within fifteen (15) days of the Termination
Date. If the Deployment Environment is other than Our hosting services account, then after termination or expiration
the Subscription Term and upon providing thirty (30) days' written notice to You, We may examine the Deployment
Environment to ensure that all C3 Al Materials have been deleted. The sections titled Section 1 (Definitions), Section
2.3 (Your Responsibilities), Section 2.4 (Usage Restrictions), Section 2.5 (Audit Rights), Section 2.6 (C3 Al Runtime),
Section 3 (Non -C3 All Providers), Section 5 (Fees and Payment), Section 6 (Proprietary Rights), Section 7
(Confidentiality), Section 8.3 (Disclaimers), Section 9 (Mutual Indemnification), Section 10 (Limitation of Liability),
Section 11.4 (Refund or Payment upon Termination), Section 11.5 (Customer Materials Portability and Deletion),
Section 11.6 (Effect of Termination or Service Discontinuation), Section 12 (Governing Law and Jurisdiction; Notices)
and Sections 13 (General Provisions) will survive any termination or expiration of this Agreement.
12. GOVERNING LAW AND JURISDICTION; NOTICES
12.1. Governing Law and Venue. This Agreement shall be governed by and construed under the laws of the
United States and the State of California and excluding its conflict of law rules. Both parties irrevocably consent to
the exclusive personal jurisdiction of, and waive any venue objections against, the United States District Court for the
Northern District of California, San Francisco Branch and the Superior Court of the State of California, County of San
Mateo, in any litigation arising out of this Agreement.
12.2. Without limiting the foregoing, You acknowledge and agree that any unauthorized use of Our Confidential
Information or C3 Al Materials will cause immediate and irreparable injury to Us and therefore money damages would
be incalculable and insufficient, and We will be entitled, in addition to any other available remedies at law or in equity,
to seek equitable relief, including immediate injunctive relief or specific performance or both, without bond and
without necessity of showing actual monetary damages, with any competent court or enforcement agencies, including
those in the United States and/or in the country in which You are domiciled. The prevailing party in any legal action
related to this Agreement is entitled to recover its reasonable attorneys' fees and costs from the non -prevailing party.
12.3. The Parties agree that the United Nations Convention on Contracts for the International Sale of Goods and
the Uniform Computer Transactions Act are specifically excluded from application to this Agreement.
12.4. Manner of Giving Notice. Except as otherwise specified in this Agreement, all notices related to this
Agreement will be in writing and will be effective upon (a) personal delivery, (b) the second business day after mailing
by registered mail with return receipt requested, or (c), except for notices of termination or an indemnifrable claim
("Legal Notices"), which shall clearly be identifiable as Legal Notices, the day of sending by email. Billing -related
notices to You will be addressed to the relevant billing contact designated by You. All other notices to You will be
addressed to the relevant C3 Al Services system administrator designated by You. Email notices to Us will be emailed
to .
13. GENERAL PROVISIONS
13.1. Export Compliance. The C3 Al Software, other technology We make available, and derivatives thereof may
be subject to export laws and regulations of the United States and other jurisdictions. Each party represents that it is
not named on any U.S. government denied -party list. You shall not and shall not permit Users to access or use any C3
Al Software in a U.S. embargoed country (e.g., Cuba, Iran, North Korea, Syria or the Crimea —region of Ukraine) or
in violation of any export law or regulation of the United States or of any other applicable jurisdiction. You will not
provide to Us, absent prior written notice, any data or other item that requires Us to seek an export license or
authorization from any United States agencies having jurisdiction.
13.2. Anti -Corruption. You agree that You have not received or been offered any illegal or improper bribe,
kickback, payment, gift, or thing of value from any of Our employees or agents in connection with this Agreement.
Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If
November 16, 2023 C3 Al End User License Agreement 10
You learn of any violation of the above restriction, You will use reasonable efforts to promptly notify Our Legal
Department at 01egalaC3.ai.
13.3. High risk applications. C3 AI Materials are not intended for use in, and You agree the C3 Materials will
not be used in, the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control
systems, life support machines, or other equipment or applications in which the failure thereof could lead to death,
personal injury, or severe physical or environmental damage. Any product warranties for the C3 Al Materials under
this Agreement shall exclude the applications and devices set forth in this Section 13.3. We disclaim any and all
liability arising out of, or related to, any such use of the C3 AI Materials.
13.4. Entire Agreement and Order of Precedence. This Agreement constitutes the entire agreement between You
and Us regarding the C3 Al Software and C3 Al Services and supersedes all prior and contemporaneous agreements,
proposals or representations, written or oral, concerning its subject matter. Except as otherwise provided herein, no
modification, amendment, or waiver of any provision of this Agreement will be effective unless in writing and signed
by the party against whom the modification, amendment or waiver is to be asserted. The parties agree that any term
or condition stated in Your purchase order or in any other of Your order documentation is void. In the event of any
conflict or inconsistency among the following documents, the order of precedence shall be: (1) Order Form, (2) the
Product -Specific Terms, and (3) this Agreement.
13.5. Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of
law or otherwise, without the other party's prior written consent, not to be unreasonably withheld; provided, however,
either party may assign this Agreement in its entirety, without the other party's consent, to its Affiliate or in connection
with a merger, acquisition, corporate reorganization, change of control or similar such transaction, or sale of all or
substantially all of its assets related to this Agreement. Any assignment in violation of the terns of this Section 13.5
is void. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective
successors and permitted assigns.
13.6. Third -Party Beneficiaries; Affiliates. There are no third -party beneficiaries under this Agreement. Your
Affiliates may order C3 Al Software or C3 Al Services subject to the terms of this Agreement by entering into a
separate Order for the Service. You are responsible for Your Affiliates' compliance with the terms and conditions of
this Agreement.
13.7. Waiver. No failure or delay by either party in exercising any right under this Agreement will constitute a
waiver of that right.
13.8. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary
to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in
effect.
13.9. Publicity; Non -Disparagement. We may use Your time in any listing of customers of Ours and may
reference You and the nature of the C3 Al Software or C3 AI Services provided hereunder in Our business development
and marketing efforts, including without limitation Our web site. You agree to allow Us to issue a press release upon
execution of this Agreement provided You have approved such press release in writing and in advance, such approval
not to be unreasonably withheld. You agree, and shall cause your Affiliates, not to disparage Us or Our officers,
directors, employees, equity holders, agents, or Affiliates (including Our Affiliates' officers, directors, employees or
agents) in any manner, or to otherwise communicate about any of them in any manner that is reasonably likely to be
harmful to any of them or their businesses, or to their personal or business reputation, including without limitation by
attributed or non -attributed (e.g., anonymous) statements posted on any website or other forum; provided that You
may respond accurately and fully to any question, inquiry, or request for information when required by applicable law.
November 16, 2023 C3 At End User License Agreement
A M
U
v
°W
c
N
U b0
v
U W
0
°'
•3 a.
c
C •o
° _
u
¢
4
b0O
U
U
U U
NQU
3 3 3
a.°'
°
d
N y m
o
U C U
O N
U
N 'aW CO
0.=
zO O
Q , OA
N
M
„t3.
N
N
r0 C C O
t0E
O> O
U
E 9
IdU
E
m,
' a
. c'
E ami
v
L
C d
¢ C
_
CI T O
OT Ta
°
X
°
m
N
Ca
c�
a
'fir «
•o °'
o
•m
w
0
O
G
a v.>
4
V] U
a C
O
L
r bb E
>° 4
8
0
>vo
o ao
o
a
Gl�yy
N NN
d
N
O
U O
y W O
N FU
y
O
O F N
a
G N
7
N
4?
N
N
pp
U yU 0
ttl .�
O
r
Q .- 7o V
m
L>r'
A
0) O L
O
C
$
U
`b
N
C
C
CC y O C
O U
m
U
0. d O U
G> O
O V U
C
O
O
0 O
G`
as
y
°o��
O
Haas°
°
°'°
.N p Qw
O
G C W
a
L
a
¢ u
w°
C boa
dcc
`
A O
O
Coti
.>
r
t0
>
y°
a
cvo
u c
CL
cWti
`^
U =
o Cc
i
v
o•m
U CL
s
o U
_
Y m
0
c
V rrA
°°❑ m
O
m a
a
o
U
a
a
°C
n
O
°
Lm
U
+C
m U O
Q
U C A
N
t C 9 a
O 0
y
tou
V
O
Yd
0
oE
1
0 0
mu
d 0Us
s¢
d
A s
O
v°
U
IM
w
L9
I
G
I
!I
G
T
°
E
A
L
d
_
�
IM
0
U
0
.a
5
m
I
id
v
-C
v
O
¢
L'
•� Q
d
G
`tl
�
i3
v
�
�
a •o
U
O
p
O G U
id
y
a
Q
E
°�
•v
C.
U v
X..
c
s 0
o
❑ Y
�
� ¢ o
y
O M i
p•
U
s
N O
v Y
a
o c a
a
a
U
a
? v
N o
h
U
Q
p m
Ca
� •E
Yd
€
v o "°'
4i
N
O
U�
•b
O E d
Y
�
a n
y
o •o
�
.�
a
e
a
g V
o
E E ti
� v
��
a
0
Ed•>
abi
°
O
°
o' 3
a•aUi'd
�U a .
•R 7 O
,d
�
y
,C
F E '••
•�
..
�
_
•4
m
c �
°
C
� EJ
Uc.0
FL: Uv
d G
•--
N
M
7 h
M
U •0
Y�
0
IM
w
a
I
G
I
!I
1O C
T
6
A
0
❑
IM
U
s
5
m
I
id
v
O
¢
L'
•� Q
d
i3
PJ
IM
w
a
G
O
l y
1O C
T
6
❑
IM
s
id
a
a
d
U'
N
c
c
c
c c
C
�
F
Q
O
c ¢
¢
Q
Q ¢
�
U
¢ ¢
¢
¢
C C
c
�
c
y
z z
z
¢ p
�
J
J
3
�
U E
V
�
v
C
¢ < I Q I Q I Q I¢
d � oz a i N
c c
c
C
�
F
Q
O
u
�
U
¢ ¢
¢
¢
C C
c
�
c
y
z z
z
¢ p
�
J
J
3
�
U E
�
v
p
a
— U U
M
C
Q
O
u
�
U
U
a
� �
a �
�
N N
�
¢ p
�
3
�
U E
�
v
p
a
�
C �
O W
C
U
U
a
W
da
h
e
U
�
U
.
�o
U
Y
O
W
=
>.�.O.fi
� N
w�
Q Q
a
C u
u
C �
�
C
U
U
u
�
VO
�
N
G
�
U N
O
4.
.C.
U
E
s
U
10
0
C
p
U
W
U W
d E
0 U
M
C
Q
O
u
�
U
U
a
� �
a �
�
N N
�
¢ p
�
3
�
U E
�
v
p
a
�
C �
O W
C
U
U
a
W
h
e
U
�
U
.
�o
U
Y
O
W
� N
C
�
C �
�
C
U
U
u
�
�
N
G
�
U N
O
4.
.C.
U
E
s
U
10
0
C
p
W
U
U
.
Z
ti
o
=
m
�
a
�
M
U
�=
�
M
N
�L.
N
T
❑ ° ° o
°
� Z,
N,"
U.nw
o
O
Q M DOE
aN+
N c
mo
E
N .°1.
a
=
o' y
o v
U y
" L C7
.. m E
'D
.3
° °a
c
p3p
u m N L
.£
-`a E
04
O m
cC
ro
N
N
T
N
N
N N
a
c w
T aci o
n y
mss°, o
o f
o `o w
n
U O °U
R OU N VI
D i
tO
6
U G ted
O
�
ON
�
itl
C
U
O
�
y
�
a
Q
C
b0
p
p
m
c
O
p t
�
N U
OO
U
� 6
O Q
m
aU
td y
°
U v
U .aa aXi
v
w
O 44
mss•
ro'o
°
3'v
o m
mv'm
Y
a
Q°> a=-
U a of � � .°
'.
s
ra gyp. 3
x,22 `�° 'o
,.r°'s a ti
0t; E
v
v_m
•-
0 .2
0v
'v c o,
CA
M
U a 3
V
U 6 o a m u m
U m
U a°
d
C�
9
C
E
C
y O
y
yVsa�
'
�
Q
a
t
c
dv
's
m
L
•�
as
a
L
� L�
G
U
O
N •°
�d
L
C
a
� �
0
� G
o
ro
O A
N
bGO t
Oq
O
v'
v°i v U
W y U 'y
W�
N y
N o��°
•�
N
N d X
d
O'
V
$ .00 .� N�
3° •tJ
�,
y o •y
ro L
E
�, o°
N
s> v o ro a�
y� y y
ig
d
E O G
o
V y L W
a m
•�
v ¢
Q Q Q w
3
C a a:
L' �
•`-' :_
= _
•L d ° U T
•" ° .5 `° o
.".
a
.".
m
d a
m
a E
a.E
O'�M•
O��
O,=Q�QcaC
OU«,"p
Oro
• •
O❑���0
d
7 d w
y M
3
N
E S,
U N o N
U�
U� o
U.. c.v
Uro
U ��a
U E sa u�'
d
�
u
a
W
E
s
00
a
°
a
°
d
Q U
2
N
N
y
O
o
w o
U E:
¢'
G A
U
i E
.di
j
o
U a
T
G
G o 0
to
m
[d
U U 0-0
U
E v aO
°
i
a
o
E
> O a �
o
0. c ° 0
o
M
•.N. �
O >
o
G
L
u
'.
U
_ Ym
d W O N
C
C
af
d
U �'
U E
Q
CO U
Irl
O
E
N
U
15 c v
C
�
m Y
U
•p
E
a
p
aN+
N ty U� y
O
Y
V
U
I
I
O
s"
W O
00
p
i
I
i
21aci
o
tNd
_
—
�I
a
Uydld�d�d
b
U
G
v
N
U
O
,0
W E
;
w
7 t
os 3
m
m m m 'mayy
Y..
a.
wU a❑'mM
E
�.
I8
Ca•mI
o
0.
L
v L U U
O
m
O
C
❑ O
`
�
�
0
0 0 —"� •E
o f
°
v
p, T
U U o U U
a
U �
� 3
v
n
o
W �
n
M,
a
M
V
Q Q 1 Q
Q ,;; E
E
E
�
� N y� gJ
_
•O
a
'O
a
9
a
9
a
O Y U
O O O O
Fq• .GC
i
d N
z Z. '. z
�
N �
.Z
t� t0 tV
3
3
3
R
i
M,
a
M
V
U
�
a
E o
i
d N
�
N �
3
� �
R
a
w
O
td
�
c
Y
m •3
E
>
_
U
U
�
m
0o Lo y
c
w �
o
� •-
tea,
w°
m E
m o
�.^�
a
O
c
O
N
L
T N N
°•
0.
E en
E
O O O
aEi
waoM
a
NE°
o o
N „ „
zab�x
QU
U
U
.
w
a
�
�
Uc
M,
r -I
M
.. E
V y
U
y 00
o •>
=
y c
o
,3 �,
� o � � =� a°
Cl.
c
m
E.�
Q d Q OM •3 c
m
�.,�so.'ami
m� `a
w
a '3 c
'F-
v
O° v
o
0. Oa
pv vr. 0•.0va
O
'°- a=i
a
d >om
yY H� 2xv'=YNY�
enm �v
aU3
�=
v > m
80 Q w
G W
7 T U O O= 0..2 Q
C s O
O E
m N 'O
0' •. W m M w
O O
S R vN L W
,O W E
v. •p
T a' N
�'° •5 O m U aEi v
`v .y
°' E 2
«v,«
a3 U O
M O O
M O. O E R 6 0 QG
M�°nn C
R d
M E y
• • •
U° U
U U U R 0. R O U R
U
O
pq
U
O
O
C
p
E
m gym•
w
N
U
m
U U
°
m
°
r -I
0
T
C
C
E a
v o
v
ryr�
U
dC9
G
a
w
o A
w
w ro
U 6
G N
C N
�
v
O L
U •�
'O
«�
ry.
�G
C_• � O
U V '�
y Y 4� U�
L N
N C •O
�'=Q
aE
c
E v a�
U G °C°0�'
'J'
'��'•°
N> L y F•�
.� Y W .� ..�
N a y
m
'e�EE0
oaro$
°?Y
rouU
Um
U a8
U
a
N
m p
N
m
0
0
a
m ^
a
a
�
a a
m a
a
d
A
m
Q 9
N
R
N
dd
0 0
p
0
0
W
❑
o
v o c al
� �
y`o
p d
w0
W
O
V '00
y
u
o
W
c•�
o
a
� °0"U
4. m U
•oa
�
.y.
o s
E
O O
W o m
`.
W
O
N^
afli
cc
.Oj
O y
a.—
v�mAA�'o
..
..o❑c❑
oy_E'«
000ti�
�000ma'�''c
mo
o c
2a
2
Q
•0
O
Q�
Q N
N r p
R� O
O M•
• •
O�
,C
O .`_'
W
O�
a N w
3 y M
7 E
a d N L
tFV N C 4J
Usao
U=U
Um
U�aEa
U EY u�
O
h
u
u
¢
W
Y
•p
C
C
V+
W
O
O
C
�
cm
W
•p,
O
U
a
W O
In U
U
°'
E
W
o >
Q m
0
A a
o c
m
? p
O •O SOq
N
y
v
v
x
3
�
cU
op is
"
d
L
_
C
C
W
w
ap
JO
v bq
op
O
O
G
•y
m
v
v
n
c
�
y
v
C�
O
u
L
r� U
o>
O£
m iC O C
>
G
•L•
4
� a��,
Q
•Y
aUU Uo.
U
�
N
d G! L
M^ N M
7
L
a
m
\\
\/\b
-
/
!
\
u
!jf;l3
!
\
u
0
2
§±)
!SO
}\k)§
:
t\®®d
(
®)f
!
\§ƒless§\\§
{
9
)J;,z<a4a2=(
O
O.
...
.O§B
)
)
.
2
\�
00u
a
uj
>
O of
4
u v
Q
m �.
Q°
v 0 v m a
E i
°' °_'
v r. •-
aai
> a m s
a h s a
c
`' •o
a s 3
0— Oa a
E O
W "ro
y T C M
p E
> Q
.4
>. c U .D
.❑
tb
d
•m o f
a,.°
o v `°
°
c v `0 3 d ;?
vai
° v°
`� •. `C "� E d
O a
,c c
m>
O ro«�
m m
y`o
o v
•m ="
m
a• o A a o �M
o m'
U O ° m a m° U ro
U�
!] .°'.
U a c
U Q
U
c
c
0
m
U
p
O
E
O
Oq
F
ro
❑
d
�
o
A
a
a
m
0
0
w
°
ra
a o
m:g o
T
o
N
fO 'Li
A
Ln
m
4
a c
°
° €.�
o
v v
0
°.E
c M
E a
.$ m`
•a v
v
,a
U
v
C N
(Q Y
a
m
C�
£
O >y
a.n
O a1
a
O aai C C
a.o 0 0
G A
0
7
O
a c
s
d
c
•m
as
a
a
L
¢
¢Aw
3
a
d•�tia
°
d^ao¢
v�
O
0 .V G
0 M•
• •
N C
� a °'
N•m
a mU
a ti
U m o
d -s
U - so
MM
U.4 U
N
r =
°c°
zYv
v
�
U
EO
U
E
U A
U 4.
y W
N
❑
O m N
o
o
'�
E N
x ,c
m ❑ �
N
Q
Z
W
V .
bnb
C
am
¢>�Ebh
mv°•
o E
U
°
.�
weo
o
.0'o
�
❑
¢
U R
¢a
¢A3
¢oE
U m
o
U a °
U
9
W
N
C
� C
N
N
E
a�
�
m
E
3 u
m
n
A
m
00
�
bo
r
c
N
o
E
A
7i
e
$
w �
T
T
fs u
o
s
s
o
o
00
N
o
e
c`a
�
C
V
O TJ
o
F
u
i
a
u
y0
0
C U T
ti� y
�
V
0
v 3$ y o
u
N a
O
U
W V i3
mO
F T n
u
Ci
M
U
O'
'a
0 U 3
ti `O
is a
a
.2 b
.2
ttl .�
GC N
td W
p
to
O O
,y
U ro
U td E
c
y
�
�
9
N
lC
C
O
E
z
c
0
�
m
F
U
U y
a
e o
Q
A U
A
R
7i
e
T
T
E
s
s
o
o
R
e
E
E
N
o
00
N
o
e
c`a
�
C
V
O TJ
o
F
u
i
a
u
0
�
V
mO
F T n
u
Ci
M
U
O'
'a
M
U
ti `O
is a
R
a
e
E
E
o
e
U
o
e
c`a
�
C
o
F
u
i
a
u
0
�
V
a
C
Mai
C3 Al Product -Specific Terms
These C3 AI Product -Specific Terms (the "Product -Specific Terms") govern Your use of C3 AI Software and C3 Al
Services and supplement the C3 At End User License Agreement, found at his://c3.ai/legal/c 3-ai-EU LA.pdf, or other
agreement with Us governing Your use of C3 At Software and C3 At Services (the "Agreement"). In the event of a
conflict between the terms of the Product -Specific Terms and the terms of the Agreement, the terms and conditions of
the Product -Specific Terms apply, but only to the extent of such conflict. Capitalized terms used herein but not defined
herein shall have the meanings set forth in the Agreement.
The Product -Specific Terms below govern Your use of C3 Al Software and C3 At Services ordered pursuant to an
Order. If You have ordered specific C3 At Software or C3 Al Services under an Order, the rights granted to You herein
with respect to such C3 At Software or C3 Al Services shall apply for the applicable Subscription Term. Any rights
described in the Product -Specific Terms for C3 At Software or C3 At Services that You have not purchased under an
Order do not apply. For example, if the Order only includes a subscription to a C3 Al Application, then the Product -
Specific Terms will not grant You any rights to use the C3 At Platform.
GENERAL
Hosting Services. Fees for hosting services ("Hosting Services Fees") are not included in the fees specified in
an Order. If any C3 AI Software is hosted in Our hosting services account, then You will pay the Hosting Services
Fees for Your use of C3 Al Software at cost on a pass-through basis at the rate charged by the hosting services
provider (e.g., Microsoft, Google, or AWS). We will invoice You for the Hosting Services Fees monthly in
arrears. You are solely responsible for the Hosting Services Fees payable for Your hosting services account.
2. Large Language Models. Fees for the use of third -party large language models, if any ("LLM Fees"), are not
included unless specified in an Order. If LLM Fees are not included in an Order, and C3 At incurs any LLM
Fees arising from your subscription to the C3 Al Software, then You will pay such LLM Fees at cost on a pass-
through basis at the rate charged by such third party. We will invoice You for the LLM Fees monthly in arrears.
You are solely responsible for any LLM Fees incurred directly by You for large language models licensed directly
to you as Third -Party Offerings.
3. Users. Each User subscription to the C3 At Software is for a single named User for the Subscription Term and
is personal to that User. You will not allow any User login to be used by anyone other than the individual named
User to whom the login is assigned. You acknowledge that We may monitor the use of login credentials assigned
to Users, including by logging User IP addresses, and prevent multiple simultaneous uses of those login
credentials. You will, and will ensure that Users, keep confidential the login credentials for the use of the C3 At
Software and C3 At Documentation and not permit them to be used by anyone other than the Users to whom the
login credentials are assigned.
BETA SOFTWARE
L Definition. "Beta Software" means C3 At Software or functionality designated as a beta, pilot, limited release,
developer preview, non -production, evaluation or by similar description, that We may make available to You.
2. Beta Software Terms. From time to time, We may make Beta Software available to You at no charge. You may
choose to try such Beta Software, in Your sole discretion. Beta Software (i) is intended for and may only be used
by You for evaluation purposes only and not for production use, (ii) is not supported by Us, and (iii) may be
subject to additional terms. In addition to the foregoing limitations, all use of the Beta Software is subject to all
other terms and conditions that apply to C3 Al Software, including without limitation Our reservation of all rights
and Your obligations and restrictions on use concerning the C3 At Software. Unless otherwise stated, any Beta
Software trial period will expire upon the earlier of (x) one (1) year from the trial start date, (y) the date that a
version of the Beta Software becomes generally available without the applicable Beta Software designation, or
November 16, 2023 C3 At Product -Speck Terms 1
(z) when terminated by Us. We may discontinue Beta Software at any time in Our sole discretion and may never
make it generally available.
3. Warranty Exclusions. BETA SOFTWARE IS PROVIDED "AS -IS," EXCLUSIVE OF ANY WARRANTY
WHATSOEVER. FOR THE AVOIDANCE OF DOUBT, ALL BETA SOFTWARE IS PRE-RELEASE, IS
EXPECTED TO CONTAIN DEFECTS WHICH MAY BE MATERIAL, AND IS NOT EXPECTED TO
OPERATE AT THE LEVEL OF PERFORMANCE OR COMPATIBILITY OF A FINAL, GENERALLY
AVAILABLE PRODUCT OFFERING. BETA SOFTWARE MAY NOT OPERATE ACCURATELY, AND MAY
BE SUBSTANTIALLY MODIFIED PRIOR TO PUBLIC AVAILABILITY OR WITHDRAWN AT ANY TIME.
ACCORDINGLY, ACCESS TO AND USE OF THE BETA SOFTWARE IS ENTIRELY AT YOUR OWN RISK.
4. Limitation of Liability. IN NO EVENT SHALL WE BE LIABLE FOR ANY DAMAGES WHATSOEVER
ARISING OUT OF YOUR USE OF OR INABILITY TO USE THE BETA SOFTWARE, EVEN IF WE HAVE
BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOU ARE ADVISED TO SAFEGUARD
IMPORTANT DATA, AND NOT TO RELY IN ANY WAY ON THE CORRECT FUNCTIONING OR
PERFORMANCE OF ANY BETA SOFTWARE.
C3 All CENTER OF EXCELLENCE (COE) SERVICES
I. Definitions.
"Center of Excellence' or "CoE" means the Center of Excellence, if specified in an Order, that We and You
establish to support the design, development, and testing of Customer Application(s) and/or Customer
Extension(s) by You and Your Affiliates, as described in the C3 Al Center of Excellence Description found at
httos://c3.aiAepal/CoE.ydf, or any successor or related locations designated by Us, as they may be updated by Us
from time to time.
"CoE Software Contributions" means software code, if any, developed by Our resources in the course of
performing the CoE obligations.
2. CoE Software Contributions License. We hereby grant You a non -transferable, non-sublicensable (except to
Users), non-exclusive, worldwide right to use the CoE Software Contributions in connection with Your use of the
Customer Applications and Customer Extensions solely within the scope of Your authorized use of the C3 AI
Software.
3. License to Us. To the extent CoE Software Contributions incorporate Customer Materials, You grant to Us, and
shall procure the grant of, a worldwide, royalty -free, non-exclusive, non -transferable license (and, where relevant,
with the right for Us to sub -license to Our Affiliates or subcontractors) during the Subscription Term of the
applicable Order to use, run, copy, modify, enhance, host and maintain the Customer Materials, and to permit Our
Affiliates and subcontractors to run, copy, modify, enhance, host and maintain the necessary Customer Materials,
in each case as necessary to perform Our obligations under the Agreement.
1. Definition. "C3 AI Implementation Services" mean implementation services that You order from Us as specified
in an Order and described in a mutually agreed Statement of Work attached to such Order.
2. Not a Subscription. C3 AI Implementation Services are not purchased as a subscription.
November I6, 2023 C3 AI Product -Specific Terms
C
Clai
C3 Al Support Services Description
This C3 Al Support Services Description is a policy governing C3 Al Support Services for the C3 Al Software. In
the event of a conflict between the terms of this C3 AI Support Services Description and the terms of the C3 Al End
User License Agreement or other agreement with Us governing Your use of C3 Al Software (the "Agreement"), the
terms and conditions of this C3 Al Support Services Description apply, but only to the extent of such ronflict.
Capitalized terms used herein but not defined herein shall have the meanings set forth in the Agreement. Provided
that You remain current in Your payment obligations to Us, We will provide C3 AI Support Services relating to the
access and operation of the C3 AI Software as set forth herein.
1. Logging a Ticket. To receive such support, You must report technical issues in sufficient detail and in a
timely manner to Our designated support contact(s) by logging a ticket in Our designated support system ("Report")
and assist Us in diagnosing and resolving such issues.
2. Conditions for Support. Our obligations to provide support are subject to Your implementation within no
more than 90 days of all updates and upgrades of C3 Al Software that We make available to You or generally. C3 Al
Support Services do not include support for Customer Applications or Customer Extensions.
3. Support Categories and Details.
Support Category
Provision
Case Limit
No Limit
Response Time
Response Time is measured from receipt of
the Report. See Response Time Matrix below.
On-line Self -Service Portal
Included
4. Response Time Matrix
Severity
Severity Definition
Examples
Response Time
Level
P1
Severe Business
• Production system down or not accessible
60 minutes
Impact
• Data loss/corruption
• Repeated service interruptions
• Severe performance de dation impacting business
P2
Significant Loss of
• Critical previously available functionality missing
8 hours
Functionality
without workarounds, but system is otherwise up
• Intermittent service interruptions
• Noticeable but tolerable performance degradation
P3
Minor Impact
• Some functionality not working as expected but there
I business day
are workarounds available
• How-to or usage questions
P4
No Operational
• Enhancement requests
3 business days
Impact
• General questions
5. Support Hours. Support hours for P I issues are 24/7 (excluding holidays). Support hours for other issues are
from 9 a.m. to 6 p.m. Pacific Time excluding weekends and company holidays. We will use reasonable efforts to
meet the `response time" goals set forth in the table above, based upon the support hours listed above.
March 20, 2023 C3 At Support Services Description
C3 Al Service Level Agreement
This C3 Al Service Level Agreement ("SLA") is a policy that applies to the C3 AI Software. In the event of a conflict
between the terms of this SLA and the terms of the C3 Al End User License Agreement or other agreement with Us
governing Your use of C3 AI Software (the "Agreement"), the terms and conditions of this SLA apply, but only to
the extent of such conflict. Capitalized terms used herein but not defined herein shall have the meanings set forth in
the Agreement.
1. C3 Al SOFTWARE AVAILABILITY PROVISIONS
You shall have the right to the availability provisions set forth herein for the C3 Al Software. Our obligations set
forth in this SLA are subject to Your implementation within ninety (90) days of all updates and upgrades to C3 Al
Software that We make available to You or generally.
This SLA is only applicable to C3 AI Software deployments in (A) Our hosting services account or (B) Your hosting
services account. Our obligations under this SLA are contingent upon Your compliance with the OOoerational Control
applicable to Your Deployment Infrastructure.
2. DEFINITION OF AVAILABILITY
"Availability" or "Available" means You are able to access the C3 Al Software in the Deployment Environment
"Downtime" means any sustained period of time during which the C3 AI Software is not Available, with the following
exceptions ("Downtime Exceptions"):
i. Scheduled maintenance. We will use commercially reasonable efforts to notify You at least seventy-two
(72) hours in advance whenever it is anticipated that scheduled maintenance will have a material impact on
the service provided, except where We deem it to be an emergency. We will use reasonable efforts to (a)
limit the number of hours of scheduled maintenance each month; and (b) schedule maintenance within a
non -peak usage timeline. However, We reserve the right to schedule maintenance as necessary;
ii. Emergency maintenance. We will use commercially reasonable efforts to provide twenty-four (24) hours'
notice to You. However, We reserve the right to perform emergency maintenance as necessary;
iii. Any period in which You are unable to use the C3 Al Software due to Your misconduct or misuse;
iv. To the extent arising out of a failure or malfunction resulting from scripts, data, applications, algorithms,
equipment, or services provided and/or performed by You;
V. To the extent arising out of outages initiated by Us or Our third -party provider at the request or direction of
You for maintenance, back up, or other purposes;
vi. To the extent arising out of outages occurring as a result of any actions or omissions taken by Us or Our
third -party providers at the request or direction of You;
vii. To the extent arising out of outages resulting from Your equipment and/or third -party equipment not within
the control of Us;
viii. To the extent arising out of any unavailability of the C3 AI Software due to circumstances reasonably
believed by Us or Our third -party providers posing: (a) a threat to the normal operation of the C3 Al
Software or the Deployment Environment; or (b) indicating possible unauthorized access to or breach of the
integrity of Customer Data (e.g., a hacker or a virus attack);
ix. To the extent arising out of outages due to system administration (including configuration, operation and
maintenance of the Deployment Environment), commands, or file transfers performed by You (or Your
third -party vendors);
X. To the extent arising out of lack of availability or untimely response time of You to respond to incidents
that require Your participation for source identification and/or resolution, including meeting Your
responsibilities for any services; or
March 20, 2023 C3 Al Service Level Agreement
xi. To the extent arising out of a Force Majeure Event. "Force Majeure Event' means any material event or
circumstance, or combination of material events or circumstances, that (a) arises after the Effective Date;
(b) is beyond Our commercially reasonable control; (c) is not the result of the negligence of, or caused by
Us; and (d) is unavoidable or could not be prevented or overcome by the reasonable efforts and due diligence
of Us, including without limitation an act of God, act of government, flood, fire, earthquake, civil unrest,
act of terror, pandemic, declared health emergency, strike or other labor problem, but does not include (w)
nonperformance by Our suppliers, except for non-performance caused by a Force Majeure Event; (x) any
delay preventable by Us by moving the affected services to an alternate facility; (y) changes in cost or
availability of services; and (z) changes in market conditions.
3. C3 Al SOFTWARE AVAILABILITY
The "C3 Al Software Availability Level' is the sum of the number of hours during a particular period that the C3
At Software was Available to You and the number of hours during a particular period where You were unable to
access the C3 At Software due to Downtime Exceptions, divided by the total number of hours during such period, as
measured at the end of such period. The "Target Availability Level' for the C3 AI Software in any contract year
under the Agreement is 99.5%.
4. SERVICE LEVEL CREDIT
If a Downtime event occurs and (x) within seventy-two (72) hours of such Downtime event, You log a service request
providing detail regarding the Downtime event and requesting a Credit (as defined below), and (y) the C3 At Software
Availability Level is below the Target Availability Level as measured for the applicable contract year, We will issue
to You a Credit calculated as set forth in this Section. A "Credit' will be equal to $1,000 for each single Downtime
event with duration greater than or equal to fifteen (15) consecutive minutes and shorter than or equal to one (1) hour.
If a Downtime event continues for longer than one (1) hour, You will be entitled to one (1) Credit for each additional
consecutive hour of such Downtime event, up to the Maximum Credits. The "Maximum Credits" shall be a total of
twenty-five (25) Credits per C3 At Software offering in any contract year. You will not be eligible to receive multiple
Credits for the same service request, for multiple service requests across different C3 AI Software offerings that arise
from the same outage, or as a result of multiple service failures or outages occurring during the same period of time.
We will keep track of the number of Credits accrued by You for the C3 At Software during the applicable contract
year. Within ten (10) days after the end of each contract year during the term of the Agreement, We will notify You
of the aggregate number of Credits accrued during the immediately preceding contract year for each C3 At Software
offering, and We will apply such Credits towards the subscription fees owed to Us for the respective C3 At Software
offering for the next contract year. Credits can be applied by You only towards subscription fees owed to Us on a
prospective basis, limited to the subscription fees due in the immediately succeeding invoice(s). All Credits must be
applied within twelve (12) months of issuance, after which they shall expire, with no right to roll over Credits to
subsequent periods.
For clarity, if We meet or exceed the Target Availability Level for a C3 AI Software offering in a calendar year, You
will have no right to obtain Credits) for that C3 At Software offering in the applicable contract year. The remedies
set forth in this SLA are Your sole and exclusive remedy and Our sole liability for breach of availability obligations
related to C3 AI Software.
March 20, 2023 C3 At Service Level Agreement
C3 Al DATA PROCESSING AGREEMENT
This C3 Al Data Processing Agreement ('DPA") forms part of the C3 Al End User License Agreement or other
agreement with Us governing Your use of C3 Al Software ("Agreement"). If You are entering into this DPA on behalf
of an entity, You represent and warrant that You have the legal authority to enter into this DPA and bind the entity to
its terms and conditions, and then the terms "You" and "Your" shall refer to such Entity and its Affiliates. This DPA
is effective between You ("Customer") and Us ("C3.ai, Inc.") as of the date of your underlying purchase of the C3
AI Software and/or C3 Al Services. If You do not accept the terms and conditions of this DPA, then You cannot use
the C3 Al Software and/or C3 Al Services.
All capitalized terms not defined herein shall have the meaning set forth in the Agreement. Except as modified below,
the terms of the Agreement shall remain in full force and effect.
In consideration of the mutual obligations set out herein, the parties hereby agree that the terms and conditions set out
below shall be added to the Agreement. Except where the context requires otherwise, references in the DPA to the
Agreement are to the Agreement as amended by, and including, this DPA.
1. Definitions
1.1 In this DPA, the following terms shall have the meanings set out below and cognate terms shall be construed
accordingly:
"Authorized Affiliate" means any of Customer's Affiliate(s) which (a) is subject to the data protection
laws and regulations of the European Union, the European Economic Area and/or their Member States,
and/or the United Kingdom and (b) is permitted to use the C3 AI Services or C3 Al Software pursuant
to the Agreement between Customer and C3 AI.
• "C3 Al Group" means C3 Al and its Affiliates engaged in the Processing of Personal Data.
"Customer Personal Data" means Personal Data included in the "Customer Data" or "Your Data" (as
such terms are defined in the Agreement).
• "Data Protection Laws and Regulations" means all laws and regulations, including laws and
regulations of the European Union and their Member States and the United Kingdom, applicable to the
Processing of Personal Data under the Agreement.
• 'Data Transfer" means (1) a transfer of Personal Data from the Customer or any Customer Authorized
Affiliate to a C3 Al Group member or a Sub -processor; or (2) an onward transfer of Personal Data from
a C3 Al Group member to a Sub -processor, or between two establishments of a Sub -processor, in each
case, where such transfer originates from the European Union, to countries which do not ensure an
adequate level of data protection within the meaning of Data Protection Laws and Regulations of the
foregoing territories.
• "GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27
April 2016 on the protection of natural persons with regard to the processing of personal data and on the
free movement of such data (the "EU GDPR"), and the "UK GDPR" (the EU GDPR as incorporated
into UK law by the UK Data Protection Act 2018 and amended by the Data Protection, Privacy and
Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (each as amended or
replaced from time to time)).
April 14, 2023 C3 At Data Processing Agreement
• "Standard Contractual Clauses" or "SCCs" means the contractual clauses attached hereto as
Attachment 1 for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679
of the European Parliament and of the Council, and implemented by the European Commission decision
2021/914, dated 4 lune 2021.
• "Sub -processor" means any Processor engaged by C3 AT or a member of the C3 AT Group and that
Processes Customer Personal Data.
• "Technical Specification C3001: C3 Al Suite, Applications, and Data Security" means the Security,
Privacy and Architecture Documentation applicable to the specific C3 AT Services and C3 AI Software
purchased by Customer, as updated from time to time.
1.2 The terms, "Controller", "Data Subject", "Member State', "Personal Data", "Personal Data Breach",
"Processing", "Processor" and "Supervisory Authority" shall have the same meaning as in the GDPR.
2. Processing of Customer Personal Data
2.1 Roles of the Parties. The parties acknowledge and agree that if Customer's use of the C3 AI Services or C3
A] Software requires the Processing by C3 AT of Customer's Personal Data, Customer shall be the Controller,
C3 AT shall be the Processor and the terms of this DPA shall apply to such Processing.
2.2 Processing of Personal Data by Customer. Customer shall, in its use of the C3 AT Services or C3 AT
Software, Process Personal Data in accordance with the requirements of Data Protection Laws and
Regulations. For the avoidance of doubt, Customer's instructions for the Processing of Personal Data shall
comply with Data Protection Laws and Regulations. Customer shall have sole responsibility for the accuracy,
quality, and legality of Personal Data, and the means by which Customer acquired Personal Data.
2.3 Processing of Personal Data by C3 Al. C3 AT shall treat Personal Data as confidential information and shall
only Process Personal Data on behalf of and in accordance with Customer's documented instructions for the
following purposes: (i) Processing in accordance with the Agreement and applicable Order Form(s); (ii)
Processing initiated by Users in their use of the C3 AT Services or C3 AT Software; and (iii) Processing to
comply with other documented reasonable instructions provided by Customer (e.g., via email) where such
instructions are consistent with the terms of the Agreement.
2.4 Details of the Processing. The subject -matter of Processing of Personal Data by C3 AT is the performance
of the C3 AT Services and C3 AT Software pursuant to the Agreement. The duration of the Processing, the
nature and purpose of the Processing, the categories of Data Subjects and types of Personal Data Processed
under this DPA are further specified in Annex I to the SCCs(Details of the Processing). Nothing in Annex 1
confers any right or imposes any obligation on any party to this DPA.
3. C3 Al and C3 Al Affiliate Personnel
C3 AI and each C3 AI Affiliate shall take reasonable steps to ensure the reliability of any employee, agent or
contractor of any C3 AI Group member who has access to the Customer Personal Data, ensuring in each case
that access is limited to those individuals who need to know / access the relevant Customer Personal Data,
as necessary for the purposes of the Agreement, ensuring that all such individuals are subject to
confidentiality undertakings or professional or statutory obligations of confidentiality.
4. Security
4.1 Controls for the Protection of Customer Data. C3 AT shall maintain technical and organizational measures
for protection of the security, confidentiality and integrity of Customer Data, as set forth in the Annex 11
(TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND
April 14, 2023 C3 Al Data Processing Agreement
ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA). C3 AT regularly
monitors compliance with these measures.
4.2 Appropriateness of security measures. Customer acknowledges that it has assessed the security measures
implemented by C3 Al, that it considers those measures to be appropriate taking into account the risk of
likelihood and severity for the rights and freedoms of Data Subjects resulting from the Processing of
Customer Personal Data and, as between the parties and the Data Subjects and Supervisory Authorities,
Customer is solely responsible for such determination of appropriateness.
5. Sub -processing
5.1 Appointment of Sub -processors. Customer acknowledges and agrees that (a) C3 AI's Affiliates may be
retained as Sub -processors; and (b) C3 AT and C3 AI's Affiliates respectively may engage third -party Sub -
processors in connection with the provision of the C3 AI Services and C3 AT Software. C3 AT or a C3 AT
Affiliate has entered into a written agreement with each Sub -processor (i) containing data protection
obligations not less protective than those in this DPA with respect to the protection of Customer Data to the
extent applicable to the nature of the services provided by such Sub -processor; (ii) permitting Sub -processor
to access and use Customer Data only to deliver the services such Sub -processor is retained to provide and
prohibited use of Personal Data for any other purpose; and (iii) requiring Sub -processor to adhere to
substantially the same data protection obligations as those binding C3 AT under this DPA and (if applicable)
the SCCs. Where the SCCs apply, the Parties agree to use "Option 2" in clause 9.
5.2 List of Current Sub -processors and Notification of New Sub -processors. C3 AI shall make available to
Customer upon written request the current list of Sub -processors for the C3 AT Services and C3 AI Software.
C3 AT shall provide notification to Customer of a new Sub -processor (in accordance with clause 9(a) of the
SCCs if applicable) before authorizing any new Sub -processor to Process Personal Data in connection with
the provision of the applicable C3 AT Services or C3 AT Software.
5.3 Objection Right for New Sub -processors. Customer may object to C3 AI's use of a new Sub -processor on
compelling grounds relating to personal data protection by notifying C3 AT promptly in writing within ten
(10) business days after receipt of C3 AI's notice in accordance with the mechanism set out in Section 5.2.
In the event Customer objects to a new Sub -processor, as permitted in the preceding sentence, C3 AT will, in
its sole discretion, either (i) use reasonable efforts to make available to Customer a change in the applicable
C3 AI Services or C3 Al Software, (ii) recommend a commercially reasonable change to Customer's
configuration or use of the C3 AT Services or C3 AT Software to avoid Processing of Personal Data by the
objected -to new Sub -processor without unreasonably burdening the Customer, or (iii) propose an alternate
Sub -processor.
5.4 Liability. C3 AT will remain liable to Customer for (i) its obligations under this DPA even if such obligations
are delegated to a Sub -processor, including the proper and timely performance of services, and (ii) the acts
or omissions of any person or entity to which C3 AT delegates any such obligation in its performance of the
delegated obligation.
6. Data Subject Rights
6.1 Notification. C3 AT shall, to the extent legally permitted, promptly notify Customer if C3 AI receives a
request from a Data Subject to exercise the Data Subject's rights of access, rectification, restriction of
Processing, erasure ("right to be forgotten"), data portability, objection to the Processing, as well as its right
not to be subject to an automated individual decision making ("Data Subject Request").
6.2 Assistance. Taking into account the nature of the Processing, C3 AT shall assist Customer by appropriate
technical and organizational measures, insofar as this is reasonably possible, for the fulfilment of Customer's
obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to
the extent Customer, in its use of the C3 AT Services or C3 AT Software, does not have the ability to address
April 14, 2023 C3 Al Data Processing Agreement
a Data Subject Request, C3 Al shall upon Customer's request provide commercially reasonable efforts to
assist Customer in responding to such Data Subject Request, to the extent C3 At is legally permitted to do so
and if the response to such Data Subject Request is required under Data Protection Laws and Regulations.
Customer shall be responsible for any costs arising from C3 AI's provision of any such assistance.
Personal Data Breach
7.1 C3 At maintains security incident management policies and procedures specified in the Technical
Specification C3001: C3 AI Suite, Applications, and Data Security and shall notify Customer without undue
delay upon C3 At or any Sub -processor becoming aware of a Personal Data Breach affecting Customer
Personal Data by providing Customer with available information to help Customer meet its obligations under
the Data Protection Laws and Regulations to report or inform the Supervisory Authority and Data Subjects
of the Personal Data Breach.
7.2 C3 At shall reasonably cooperate with Customer and take such reasonable commercial steps to investigate,
mitigate and remediate each such Personal Data Breach, to the extent the remediation is within C3 AI's
reasonable control. Customer shall be responsible for any costs arising therefrom with respect to incidents
that are caused by Customer or Customer's Users.
8. Data Protection Impact Assessment and Prior Consultation
If, pursuant to Data Protection Law, Customer (or its Controllers) is required to perform a data protection
impact assessment or prior consultation with a regulator, upon Customer's request, C3 AI shall provide
Customer with reasonable cooperation and assistance needed to fulfil Customer's obligation under the GDPR
to carry out a data protection impact assessment related to Customer's use of the C3 AI Services and C3 At
Software, to the extent Customer does not otherwise have access to the relevant information, and to the extent
such information is available to C3 At. C3 AI shall provide reasonable assistance to Customer with respect
to the latter's cooperation or prior consultation with the Supervisory Authority in the performance of its tasks
relating to a data protection impact assessment. Customer shall be responsible for any costs arising from C3
AI's provision of such assistance.
9. Return and Deletion of Customer Personal Data
9.1 Upon written request to C3 At within 30 days of the date of cessation of any C3 At Services or C3 At
Software involving the Processing of Customer Personal Data (the "Cessation Date"), C3 At will make
available to Customer a complete copy of all Customer Personal Data in the then -current format in which it
is stored.
9.2 After a 30 -day period following the Cessation Date, C3 At will delete and procure the deletion of all copies
of those Customer Personal Data Processed by C3 At and any Sub -processor to the extent allowed by
applicable law, in accordance with the procedures specified in the Technical Specification C3001: C3 At
Suite, Applications, and Data Security.
9.3 The parties agree that the certification of deletion of Personal Data that is described in Clause 8 and 16 of the
Standard Contractual Clauses shall be provided by C3 At to Customer only upon Customer's request.
10. Audit rights
10.1 Third -Party Certifications and Audits. C3 AI has obtained the third -party certifications and audits set forth
in the Technical Specification C3001: C3 At Suite, Applications, and Data Security.
10.2 C3 At uses external auditors to verify the adequacy of its security measures. This audit: (a) will be performed
at least annually; (b) will be performed according to international standards (ISO 27001 standards or
substantially equivalent alternatives); (c) will be performed by independent third party security professionals
April 14, 2023 C3 Al Data Processing Agreement
selected by C3 At and at C3 Al's expense; and (d) will result in the generation of an audit report ("Report"),
which will be C3 AI's Confidential Information.
10.3 Upon Customer's written request at reasonable intervals not to exceed annually, and subject to the
confidentiality obligations set forth in the Agreement, C3 Al shall make available to Customer information
regarding C3 AI's compliance with the obligations set forth in this DPA in the form of the third -party
certifications and audits set forth in the Technical Specification C3001: C3 At Suite, Applications, and Data
Security, and the then -current confidential Report, so that Customer can reasonably verify C3 AI's
compliance with its obligations under this DPA.
10.4 Customer agrees to exercise any right it may have to conduct an audit or inspection, including as applicable
under the Standard Contractual Clauses, by instructing C3 At to carry out the audit described in this Section
10. Nothing in this Section varies or modifies the Standard Contractual Clauses nor affects any Supervisory
Authority's or Data Subject's rights under the Standard Contractual Clauses.
11. Data Transfers
11.1 Data Transfers. If the services and/or products provided by C3 At under the Agreement involve an
international transfer of Personal Data between the Parties such transfer shall be in compliance with
applicable Data Protection Laws. If the Personal Data transferred is governed by the GDPR, such transfer
shall only occur subject to the conditions set out in section 11.2 and 11.3.
11.2 Standard Contractual Clauses. Depending on the circumstances of the transfer of Personal Data, the Parties
agree to enter into the SCCs as set out in Attachment 1, for transfers of Personal Data from Customer or its
Affiliates established in the EEA or Switzerland, as a data controller, to C3 Al established in a country outside
the EEA, as a data processor as set out in Module 11 of the European Commission decision 2021/914, dated
4 June 2021 ("Controller to Processor SCCs" or "Module Il"). The Controller to Processor SCCs will only
apply to Personal Data that is transferred outside the EEA, either directly or via onward transfer, to any
country not recognized by the European Commission as providing an adequate level of protection for
Personal Data. Personal Data that C3 AI processes on Customer's behalf may only be disclosed to a third
party located outside the EEA in accordance with clause 8.8 of the Controller to Processor SCCs.
11.3 Instructions. This DPA and the Agreement are Customer's complete and final documented instructions at
the time of signature of the Agreement to C3 At for the Processing of Personal Data. For the purposes of the
Standard Contractual Clauses, instructions by the Customer to Process Personal Data are described (ii) Annex
I to the SCCs and (ii) in Section 2.3 of this DPA.
11.4 Sub -processors. Where the SCCs apply: (i) the parties agree to use "Option 2" in clause 9, and (ii) Customer
acknowledges and expressly agrees that C3 AI may use and/or engage Sub -processors as described in Section
5 of this DPA.
11.5 Audits. Where the SCCs apply: (i) the parties agree that the audits mentioned in the Standard Contractual
Clauses shall be carried out as described in Section 10 of this DPA; and (ii) to the extent Company's audit
requirements under the SCCs or Data Protection Laws cannot reasonably be satisfied through the Report, any
other audit reports or other information C3 AI makes generally available to Customer, C3 At will promptly
respond to Customer's additional audit instructions.
12. General Terms
Governing law and jurisdiction
12.1 Without prejudice to Clauses 17 (Governing Law) and 18 (Choice of forum and jurisdiction) of the Standard
Contractual Clauses:
April 14, 2023 C3 Al Data Processing Agreement
12.1.1 the parties to this DPA hereby submit to the choice of jurisdiction stipulated in the Agreement
with respect to any disputes or claims howsoever arising under this DPA, including disputes
regarding its existence, validity or termination or the consequences of its nullity; and
12.1.2 this DPA and all non -contractual or other obligations arising out of or in connection with it are
governed by the laws of the country or territory stipulated for this purpose in the Agreement.
Order ofprecedence and severance
12.2 In the event of any conflict or inconsistency between this DPA and the Standard Contractual Clauses, the
Standard Contractual Clauses shall prevail. With regard to the subject matter of this DPA, in the event of
inconsistencies between the provisions of this DPA and any other agreements between the parties, including
the Agreement and including (except where explicitly agreed otherwise in writing, signed on behalf of the
parties) agreements entered into or purported to be entered into after the date of this DPA, the provisions of
this DPA shall prevail.
12.3 Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain
valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure
its validity and enforceability, while preserving the parties' intentions as closely as possible or, if this is not
possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.
List of Attachments
Attachment 1: Standard Contractual Clauses
Annex I: Details of Processing of Personal Data
Annex II: TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND
ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
Annex III: List of Sub -Processors
April 14, 2023 C3 Al Data Processing Agreement
ATTACHMENT 1: STANDARD CONTRACTUAL CLAUSES
Agreement to the DPA by the parties includes agreement of the parties to this Attachment 1.
SECTION I
Clause I
Purpose and scope
(a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation
(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of such data (General Data
Protection Regulation) i for the transfer of personal data to a third country.
(b) The Parties:
(i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter `entity/ies')
transferring the personal data, as listed in Annex LA (hereinafter each `data exporter'), and
(ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via
another entity also Party to these Clauses, as listed in Annex LA (hereinafter each `data importer')
have agreed to these standard contractual clauses (hereinafter: `Clauses').
(c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B.
(d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses.
Clause 2
Effect and invariability of the Clauses
(a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal
remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data
transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to
Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate
Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the
standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or
additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the
fundamental rights or freedoms of data subjects.
(b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation
(EU) 2016/679.
Clause 3
Third -party beneficiaries
(a) Data subjects may invoke and enforce these Clauses, as third -party beneficiaries, against the data exporter and/or
data importer, with the following exceptions:
Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as
controller, reliance on these Clauses when engaging another processor (sub -processing) not subject to Regulation (EU) 2016/679
also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23
October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies,
offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No
1247/2002/EC (OJ L 295, 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract
or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned.
This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision
2021/915.
April 14, 2023 C3 Al Data Processing Agreement
(i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7;
(ii) Clause 8 —Module One: Clause 8.5 (e) and Clause 8.9(b); Module Two: Clause 8.1(b), 8.9(a), (c), (d) and (e); Module
Three: Clause 8.1(a), (c) and (d) and Clause 8.9(a), (c), (d), (e), (f) and (g); Module Four: Clause 8.1 (b) and Clause
8.3(b);
(iii) Clause 9 — Module Two: Clause 9(a), (c), (d) and (e); Module Three: Clause 9(a), (c), (d) and (e);
(iv) Clause 12 — Module One: Clause 12(a) and (d); Modules Two and Three: Clause 12(a), (d) and (f);
(v) Clause 13;
(vi) Clause 15.1(c), (d) and (e);
(vii)Clause 16(e);
(viii)Clause 18 —Modules One, Two and Three: Clause 18(a) and (b); Module Four: Clause 18.
(b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679.
Clause a
Interpretation
(a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same
meaning as in that Regulation.
(b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679.
(c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation
(EU) 2016/679.
Clause 5
Hierarchy
In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties,
existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail.
Clause 6
Description of the transfer(s)
The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s)
for which they are transferred, are specified in Annex I.B.
Clause 7— Optional
Docking clause
(a) An entity that is not a Parry to these Clauses may, with the agreement of the Parties, accede to these Clauses at
any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A.
(b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these
Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation
in Annex I.A.
(c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to
becoming a Party.
SECTION II — OBLIGATIONS OF THE PARTIES
Clause 8
Data protection safeguards
The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the
implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses.
MODULE TWO: Transfer controller to processor
8.1 Instructions
April 14, 2023 C3 AI Data Processing Agreement
(a) The data importer shall process the personal data only on documented instructions from the data exporter. The
data exporter may give such instructions throughout the duration of the contract.
(b) The data importer shall immediately inform the data exporter if it is unable to follow those instructions.
8.2 Purpose limitation
The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex
I. B, unless on further instructions from the data exporter.
8.3 Transparency
On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties,
available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential
information, including the measures described in Annex II and personal data, the data exporter may redact part of the
text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data
subject would otherwise not be able to understand the its content or exercise his/her rights. On request, the Parties
shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted
information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of
Regulation (EU) 2016/679.
8.4 Accuracy
If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall
inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to
erase or rectify the data.
8.5 Duration of processing and erasure or return of data
Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the
provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data
processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter
all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data
importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer
that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure
compliance with these Clauses and will only process it to the extent and for as long as required under that local law.
This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify
the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to
laws or practices not in line with the requirements under Clause 14(a).
8.6 Security of processing
(a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and
organisational measures to ensure the security of the data, including protection against a breach of security leading
to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter
`personal data breach'). In assessing the appropriate level of security, the Parties shall take due account of the
state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks
involved in the processing for the data subjects. The Parties shall in particular consider having recourse to
encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled
in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a
specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying
with its obligations under this paragraph, the data importer shall at least implement the technical and
organisational measures specified in Annex It. The data importer shall carry out regular checks to ensure that
these measures continue to provide an appropriate level of security.
(b) The data importer shall grant access to the personal data to members of its personnel only to the extent strictly
necessary for the implementation, management and monitoring of the contract. It shall ensure that persons
authorised to process the personal data have committed themselves to confidentiality or are under an appropriate
statutory obligation of confidentiality.
April 14, 2023 C3 Al Data Process! ng Agreement
(c) In the event of a personal data breach concerning personal data processed by the data importer under these
Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate
its adverse effects. The data importer shall also notify the data exporter without undue delay after having become
aware of the breach. Such notification shall contain the details of a contact point where more information can be
obtained, a description of the nature of the breach (including, where possible, categories and approximate number
of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed
to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and
in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the
information then available and further information shall, as it becomes available, subsequently be provided
without undue delay.
(d) The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its
obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the
affected data subjects, taking into account the nature of processing and the information available to the data
importer.
8.7 Sensitive data
Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical
beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural
person, data concerning health or a person's sex life or sexual orientation, or data relating to criminal convictions and
offences (hereinafter `sensitive data'), the data importer shall apply the specific restrictions and/or additional
safeguards described in Annex I.B.
8.8 Onward transfers
The data importer shall only disclose the personal data to a third party on documented instructions from the data
exporter. In addition, the data may only be disclosed to a third parry located outside the European Union' (in the same
country as the data importer or in another third country, hereinafter `onward transfer') if the third party is or agrees to
be bound by these Clauses, under the appropriate Module, or if.
(i) the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation
(EU) 2016/679 that covers the onward transfer;
(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU)
2016/679 with respect to the processing in question;
(iii) the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of
specific administrative, regulatory or judicial proceedings; or
(iv) the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural
person.
Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses,
in particular purpose limitation.
8.9 Documentation and compliance
(a) The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the
processing under these Clauses.
(b) The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep
appropriate documentation on the processing activities carried out on behalf of the data exporter.
' The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union's internal
market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation
(EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by
the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses.
April 14, 2023 C3 Al Data Processing Agreement 10
(c) The data importer shall make available to the data exporter all information necessary to demonstrate compliance
with the obligations set out in these Clauses and at the data exporter's request, allow for and contribute to audits
of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-
compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held
by the data importer.
(d) The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may
include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be
carried out with reasonable notice.
(e) The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits,
available to the competent supervisory authority on request.
MODULE THREE: Transfer processor to processor
8.1 Instructions
(a) The data exporter has informed the data importer that it acts as processor under the instructions of its controller(s),
which the data exporter shall make available to the data importer prior to processing.
(b) The data importer shall process the personal data only on documented instructions from the controller, as
communicated to the data importer by the data exporter, and any additional documented instructions from the
data exporter. Such additional instructions shall not conflict with the instructions from the controller. The
controller or data exporter may give further documented instructions regarding the data processing throughout
the duration of the contract.
(c) The data importer shall immediately inform the data exporter if it is unable to follow those instructions. Where
the data importer is unable to follow the instructions from the controller, the data exporter shall immediately
notify the controller.
(d) The data exporter warrants that it has imposed the same data protection obligations on the data importer as set out
in the contract or other legal act under Union or Member State law between the controller and the data exporter'.
8.2 Purpose limitation
The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex
I.B., unless on further instructions from the controller, as communicated to the data importer by the data exporter, or
from the data exporter.
8.3 Transparency
On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties,
available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential
information, including personal data, the data exporter may redact part of the text of the Appendix prior to sharing a
copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand its
content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the
redactions, to the extent possible without revealing the redacted information.
8.4 Accuracy
If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall
inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to
rectify or erase the data.
8.5 Duration of processing and erasure or return of data
3 See Article 28(4) of Regulation (EU) 2016/679 and, where the controller is an EU institution or body, Article29(4) of Regulation
(EU) 2018/1725.
April 14, 2023 C3 Al Data Processing Agreement
Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the
provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data
processed on behalf of the controller and certify to the data exporter that it has done so, or return to the data exporter
all personal data processed on its behalf and delete existing copies. until the data is deleted or returned, the data
importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer
that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure
compliance with these Clauses and will only process it to the extent and for as long as required under that local law.
This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify
the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to
laws or practices not in line with the requirements under Clause 14(a).
8.6 Security of processing
(a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and
organisational measures to ensure the security of the data, including protection against a breach of security leading
to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter
"personal data breach"). In assessing the appropriate level of security, they shall take due account of the state of
the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved
in the processing for the data subject. The Parties shall in particular consider having recourse to encryption or
pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner.
In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject
shall, where possible, remain under the exclusive control of the data exporter or the controller. In complying with
its obligations under this paragraph, the data importer shall at least implement the technical and organisational
measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures
continue to provide an appropriate level of security.
(b) The data importer shall grant access to the data to members of its personnel only to the extent strictly necessary
for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to
process the personal data have committed themselves to confidentiality or are under an appropriate statutory
obligation of confidentiality.
(c) In the event of a personal data breach concerning personal data processed by the data importer under these
Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate
its adverse effects. The data importer shall also notify, without undue delay, the data exporter and, where
appropriate and feasible, the controller after having become aware of the breach. Such notification shall contain
the details of a contact point where more information can be obtained, a description of the nature of the breach
(including, where possible, categories and approximate number of data subjects and personal data records
concerned), its likely consequences and the measures taken or proposed to address the data breach, including
measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all
information at the same time, the initial notification shall contain the information then available and further
information shall, as it becomes available, subsequently be provided without undue delay.
(d) The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its
obligations under Regulation (EU) 2016/679, in particular to notify its controller so that the latter may in tum
notify the competent supervisory authority and the affected data subjects, taking into account the nature of
processing and the information available to the data importer.
8.7 Sensitive data
Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical
beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural
person, data concerning health or a person's sex life or sexual orientation, or data relating to criminal convictions and
offences (hereinafter "sensitive data"), the data importer shall apply the specific restrictions and/or additional
safeguards set out in Annex I.B.
April 14, 2023 C3 Al Data Processing Agreement l2
8.8 Onward transfers
The data importer shall only disclose the personal data to a third party on documented instructions from the controller,
as communicated to the data importer by the data exporter. In addition, the data may only be disclosed to a third party
located outside the European Union4 (in the same country as the data importer or in another third country, hereinafter
"onward transfer") if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if:
(i) the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation
(EU) 2016/679 that covers the onward transfer;
(ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of Regulation (EU)
2016/679;
(iii) the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of
specific administrative, regulatory or judicial proceedings; or
(iv) the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural
person.
Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses,
in particular purpose limitation.
8.9 Documentation and compliance
(a) The data importer shall promptly and adequately deal with enquiries from the data exporter or the controller that
relate to the processing under these Clauses.
(b) The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep
appropriate documentation on the processing activities carried out on behalf of the controller.
(c) The data importer shall make all information necessary to demonstrate compliance with the obligations set out in
these Clauses available to the data exporter, which shall provide it to the controller.
(d) The data importer shall allow for and contribute to audits by the data exporter of the processing activities covered
by these Clauses, at reasonable intervals or if there are indications of non-compliance. The same shall apply where
the data exporter requests an audit on instructions of the controller. In deciding on an audit, the data exporter may
take into account relevant certifications held by the data importer.
(e) Where the audit is carried out on the instructions of the controller, the data exporter shall make the results available
to the controller.
(f) The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may
include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be
carried out with reasonable notice.
(g) The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits,
available to the competent supervisory authority on request.
Clause 9
Use of sub -processors
MODULE TWO: Transfer controller to processor
4 The Agreement on the European Economic Area (EEA Agreement) provides for the extension of theEuropean Union's internal
market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation
(EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex X1 thereto. Therefore, any disclosure by
the data importer to a third party located in the EEA does not qualify as an onward transfer for the purposes of these Clauses.
April 14, 2023 C3 At Data Processing Agreement 13
(a) GENERAL WRITTEN AUTHORISATION The data importer has the data exporter's general authorisation for
the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data
exporter in writing of any intended changes to that list through the addition or replacement of sub -processors at
least 14 days in advance, or other reasonable time period based on the service licensed by the data exporter,
thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of
the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable
the data exporter to exercise its right to object.
(b) Where the data importer engages a sub -processor to carry out specific processing activities (on behalf of the data
exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection
obligations as those binding the data importer under these Clauses, including in terms of third -party beneficiary
rights for data subjects.' The Parties agree that, by complying with this Clause, the data importer fulfils its
obligations under Clause 8.8. The data importer shall ensure that the sub -processor complies with the obligations
to which the data importer is subject pursuant to these Clauses.
(c) The data importer shall provide, at the data exporter's request, a copy of such a sub -processor agreement and any
subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other
confidential information, including personal data, the data importer may redact the text of the agreement prior to
sharing a copy.
(d) The data importer shall remain fully responsible to the data exporter for the performance of the sub -processor's
obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure
by the sub -processor to fulfil its obligations under that contract.
(e) The data importer shall agree a third -party beneficiary clause with the sub -processor whereby — in the event the
data importer has factually disappeared, ceased to exist in law or has become insolvent — the data exporter shall
have the right to terminate the sub -processor contract and to instruct the sub -processor to erase or return the
personal data.
MODULE THREE: Transfer processor to processor
(a) GENERAL WRITTEN AUTHORISATION The data importer has the controller's general authorisation for the
engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the controller in
writing of any intended changes to that list through the addition or replacement of sub- processors at least 14 days
in advance, or other reasonable time period based on the service licensed by the data exporter, thereby giving the
controller sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The
data importer shall provide the controller with the information necessary to enable the controller to exercise its
right to object. The data importer shall inform the data exporter of the engagement of the sub-processor(s).
(b) Where the data importer engages a sub -processor to carry out specific processing activities (on behalf of the
controller), it shall do so by way of a written contract that provides for, in substance, the same data protection
obligations as those binding the data importer under these Clauses, including in terms of third -party beneficiary
rights for data subjects.' The Parties agree that, by complying with this Clause, the data importer fulfils its
obligations under Clause 8.8. The data importer shall ensure that the sub -processor complies with the obligations
to which the data importer is subject pursuant to these Clauses.
' This requirement may be satisfied by the sub -processor acceding to these Clauses under the appropriate Module, in accordance
with Clause 7.
' This requirement may be satisfied by the sub -processor acceding to these Clauses under the appropriateModule, in accordance
with Clause 7.
April 14, 2023 C3 Al Data Processing Agreement 14
(c) The data importer shall provide, at the data exporter's or controller's request, a copy of such a sub -processor
agreement and any subsequent amendments. To the extent necessary to protect business secrets or other
confidential information, including personal data, the data importer may redact the text of the agreement prior to
sharing a copy.
(d) The data importer shall remain fully responsible to the data exporter for the performance of the sub -processor's
obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure
by the sub- processor to fulfil its obligations under that contract.
(e) The data importer shall agree a third -parry beneficiary clause with the sub -processor whereby - in the event the
data importer has factually disappeared, ceased to exist in law or has become insolvent - the data exporter shall
have the right to terminate the sub -processor contract and to instruct the sub -processor to erase or return the
personal data.
Clause 10
Data subject rights
MODULE TWO: Transfer controller to processor
(a) The data importer shall promptly notify the data exporter of any request it has received from a data subject. It
shall not respond to that request itself unless it has been authorised to do so by the data exporter.
(b) The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects' requests
for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex
II the appropriate technical and organisational measures, taking into account the nature of the processing, by
which the assistance shall be provided, as well as the scope and the extent of the assistance required.
(c) In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from
the data exporter.
MODULE THREE: Transfer processor to processor
(a) The data importer shall promptly notify the data exporter and, where appropriate, the controller of any request it
has received from a data subject, without responding to that request unless it has been authorised to do so by the
controller.
(b) The data importer shall assist, where appropriate in cooperation with the data exporter, the controller in fulfilling
its obligations to respond to data subjects' requests forthe exercise of their rights under Regulation (EU) 2016/679
or Regulation (EU) 2018/1725, as applicable. In this regard, the Parties shall set out in Annex 11 the appropriate
technical and organisational measures, taking into account the nature of the processing, by which the assistance
shall be provided, as well as the scope and the extent of the assistance required.
(c) In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from
the controller, as communicated by the data exporter.
Clause 11
Redress
(a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual
notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any
complaints it receives from a data subject.
MODULE TWO: Transfer controller to processor
MODULE THREE: Transfer processor to processor
April 14, 2023 C3 Al Data Processing Agreement 15
(b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that
Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other
informed about such disputes and, where appropriate, cooperate in resolving them.
(c) Where the data subject invokes a third -parry beneficiary right pursuant to Clause 3, the data importer shall accept
the decision of the data subject to:
a. lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place
of work, or the competent supervisory authority pursuant to Clause 13;
b. refer the dispute to the competent courts within the meaning of Clause 18.
(d) The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association
under the conditions set out in Article 80(1) of Regulation (EU) 2016/679.
(e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law.
(f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and
procedural rights to seek remedies in accordance with applicable laws.
Clause 12
Liability
MODULE TWO: Transfer controller to processor
MODULE THREE: Transfer processor to processor
(a) Each Parry shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of
these Clauses.
(b) The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation,
for any material or non -material damages the data importer or its sub -processor causes the data subject by
breaching the third -party beneficiary rights under these Clauses.
(c) Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be
entitled to receive compensation, for any material or non -material damages the data exporter or the data importer
(or its sub -processor) causes the data subject by breaching the third -party beneficiary rights under these Clauses.
This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on
behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 or Regulation (EU)
2018/1725, as applicable.
(d) The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data
importer (or its sub -processor), it shall be entitled to claim back from the data importer that part of the
compensation corresponding to the data importer's responsibility for the damage.
(e) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of
these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring
an action in court against any of these Parties.
(f) The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the
other Party/ies that part of the compensation corresponding to its / their responsibility for the damage.
(g) The data importer may not invoke the conduct of a sub -processor to avoid its own liability.
Clause 13
Supervision
MODULE TWO: Transfer controller to processor
Apri114, 2023 C3 Al Data Processing Agreement 16
MODULE THREE: Transfer processor to processor
(a) [Where the data exporter is established in an EU Member State:] The supervisory authority with responsibility
for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as
indicated in Annex I.C, shall act as competent supervisory authority.
[Where the data exporter is not established in an EU Member State, but falls within the territorial scope of
application of Regulation (EU) 20161679 in accordance with its Article 3(2) and has appointed a representative
pursuant to Article 27(1) of Regulation (EU) 2016/679: ] The supervisory authority of the Member State in which
the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated
in Annex I.C, shall act as competent supervisory authority.
[Where the data exporter is not established in an EU Member State, but falls within the territorial scope of
application of Regulation (EU) 20161679 in accordance with its Article 3(2) without however having to appoint
a representative pursuant to Article 27(2) of Regulation (EU) 2016/679:] The supervisory authority of one of the
Member States in which the data subjects whose personal data is transferred underthese Clauses in relation to the
offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C,
shall act as competent supervisory authority. -
(b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory
authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer
agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory
authority, including remedial and compensatory measures. It shall provide the supervisory authority with written
confirmation that the necessary actions have been taken.
SECTION III — LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES
Clause 14
Local laws and practices affecting compliance with the Clauses
MODULE TWO: Transfer controller to processor
MODULE THREE: Transfer processor to processor
(a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of
destination applicable to the processing of the personal data by the data importer, including any requirements to
disclose personal data or measures authorising access by public authorities, prevent the data importer from
fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that
respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate
in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679,
are not in contradiction with these Clauses.
(b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of
the following elements:
(i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors
involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of
processing; the categories and format of the transferred personal data; the economic sector in which the
transfer occurs; the storage location of the data transferred;
April 14, 2023 C3 Al Data Processing Agreement 17
(ii) the laws and practices of the third country of destination— including those requiring the disclosure of data to
public authorities or authorising access by such authorities — relevant in light of the specific circumstances
of the transfer, and the applicable limitations and safeguards';
(iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards
under these Clauses, including measures applied during transmission and to the processing of the personal
data in the country of destination.
(c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to
provide the data exporter with relevant information and agrees that it will continue to cooperate with the data
exporter in ensuring compliance with these Clauses.
(d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent
supervisory authority on request.
(e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the
duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line
with the requirements under paragraph (a), including following a change in the laws of the third country or a
measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with
the requirements in paragraph (a). [For Module Three: The data exporter shall forward the notification to the
controller].
(f) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the
data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify
appropriate measures (e.g. technical or organizational measures to ensure security and confidentiality) to be
adopted by the data exporter and/or data importer to address the situation, [for Module Three: if appropriate in
consultation with the controller]. The data exporter shall suspend the data transfer if it considers that no
appropriate safeguards for such transfer can be ensured, or if instructed by the controller or the competent
supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as
it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties,
the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties
have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply.
Clause 15
Obligations of the data importer in case of access by public authorities
MODULE TWO: Transfer controller to processor
MODULE THREE: Transfer processor to processor
15.1 Notification
7 As regards the impact of such laws and practices on compliance with these Clauses, different elements maybe considered as
part of an overall assessment. Such elements may include relevant and documented practicalexperience with prior instances of
requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time -frame.
This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due
diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where
this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses,
it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements
together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the
Parties have to take into account whethertheir practical experience is corroborated and not contradicted by publicly available or
otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of
the law in practice, such as case law and reports by independent oversight bodies.
April 14, 2023 C3 Al Data Processing Agreement 18
(a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary
with the help of the data exporter) if it:
(i) receives a legally binding request from a public authority, including judicial authorities, under the laws of
the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such
notification shall include information about the personal data requested, the requesting authority, the legal
basis for the request and the response provided; or
(ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these
Clauses in accordance with the laws of the country of destination; such notification shall include all
information available to the importer.
[For Module Three: The data exporter shall forward the notification to the controller.]
(b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the
country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a
view to communicating as much information as possible, as soon as possible. The data importer agrees to
document its best efforts in order to be able to demonstrate them on request of the data exporter.
(c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data
exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the
requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether
requests have been challenged and the outcome of such challenges, etc.). [For Module Three: The data exporter
shall forward the information to the controller.]
(d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the
contract and make it available to the competent supervisory authority on request.
(e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and
Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses.
15.2 Review of legality and data minimization
(a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within
the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it
concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country
of destination, applicable obligations under international law and principles of international comity. The data
importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data
importer shall seek interim measures with a view to suspending the effects of the request until the competent
judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do
so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data
importer under Clause 14(e).
(b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to
the extent permissible under the laws of the country of destination, make the documentation available to the data
exporter. It shall also make it available to the competent supervisory authority on request.
(c) The data importer agrees to provide the minimum amount of information permissible when responding to a
request for disclosure, based on a reasonable interpretation of the request.
SECTION IV —FINAL PROVISIONS
Clause 16
Non-compliance with the Clauses and termination
(a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for
whatever reason.
April 14, 2023 C3 Al Data Processing Agreement 19
(b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data
exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the
contract is terminated. This is without prejudice to Clause 14(f).
(c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data
under these Clauses, where:
(i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b)
and compliance with these Clauses is not restored within a reasonable time and in any event within one month
of suspension;
(ii) the data importer is in substantial or persistent breach of these Clauses; or
(iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority
regarding its obligations under these Clauses.
In these cases, it shall inform the competent supervisory authority [for Module Three: and the controller] of such non-
compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination
only with respect to the relevant Parry, unless the Parties have agreed otherwise.
(d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at
the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same
shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter.
Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In
case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal
data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process
the data to the extent and for as long as required under that local law.
(e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts
a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which
these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to
which the personal data is transferred. This is without prejudice to other obligations applying to the processing in
question under Regulation (EU) 2016/679.
Clause 17
Governing law
MODULE TWO: Transfer controller to processor
MODULE THREE: Transfer processor to processor
Option 2: These Clauses shall be governed by the law of the EU Member State in which the data exporter is established.
Where such law does not allow for third -party beneficiary rights, they shall be governed by the law of another EU
Member State that does allow for third -parry beneficiary rights.
Clause 18
Choice of forum and jurisdiction
MODULE TWO: Transfer controller to processor
MODULE THREE: Transfer processor to processor
(a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State.
(b) The Parties agree that those shall be the courts of Ireland.
(c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts
of the Member State in which he/she has his/her habitual residence.
April 14, 2023 C3 Al Data Processing Agreement 20
(d) The Parties agree to submit themselves to the jurisdiction of such courts.
April 14, 2023 C3 Al Data Processing Agreement 21
APPENDIX
ANNEX
A. LIST OF PARTIES
• Data exporter(s)/Controller: Customer is the data exporter/controller and user of services rendered by, and/or
products provided under the DPA and Agreement.
Name of the data exporting organization: Customer
Address: As specified in the Agreement.
Contact person's name, position and contact details: Contact details for the data exporter are specified in
the Agreement. Details about the data exporter's data protection officer are available to the data importer in
the administrator panel (where such details have been provided by the data exporter).
Activities relevant to the data transferred under these Clauses: The data importer provides the Services to
the data exporter in accordance with the Agreement.
Signature and date: The parties agree that execution of the Agreement by the data importer and the data
exporter shall constitute execution of these Clauses as of the Terms effective date of the Agreement.
• Data importer(s)/Processor:
C3.ai, Inc. is the data importer/Processor and provider of the services and/or products provided under the
DPA and Agreement.
Address: 1400 Seaport Blvd, Redwood City, CA 94063
Contact person's name, position and contact details: Derron Blakely, General Counsel, 650-503-2200,
C3Legal@C3.ai
B. DESCRIPTION OF TRANSFER
In the event Customer requires C3 Al to process personally identifiable information, then (a) Customer
will notify C3 Al in writing prior to providing Us any access to any such personal information. Customer
will not provide any information that is considered protected health information under HIPAA, except
pursuant to a separate Business Associate Agreement mutually agreed to in writing between the Customer
and C3 Al.
Subject matter, Nature and Purpose of Processing: C3 At will Process Personal Data as notified by Customer
to perform the C3 AI Services and provide the C3 At Software pursuant to the Agreement.
Obligations and rights of Customer: The obligations and rights of Customer are set out in the Agreement and
this DPA.
Duration of Processing: Subject to notification by Customer and Section 9 of this DPA, C3 At will Process
Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Categories of Data Subjects: Customer must notify and specify categories of personal data prior to processing
by the C3 At Services and C3 At Software, the extent of which is determined and controlled by Customer in its
sole discretion.
April 14, 2023 C3 Al Data Processing Agreement 22
Type of Personal Data: Customer must notify and specify categories of personal data prior to processing by the
C3 Al Services and C3 Al Software, the extent of which is determined and controlled by Customer in its sole
discretion.
Restrictions Customer shall not use any PH of C3 or its employees outside the scope or purpose of the
engagement.
C. COMPETENT SUPERVISORY AUTHORITY
Identify the competent supervisory authority/ies in accordance with Clause 13:
The Irish Supervisory Authority - The Data Protection Commission, unless the data exporter notifies the data
importer of an alternative competent supervisory authority from time to time in accordance with the
Agreement.
April 14, 2023 C3 Al Data Processing Agreement 23
ANNEX A
TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND
ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA
Description of the technical and organizational security measures implemented by the data importer:
The C3 AI Platform (formerly the C3 AT Suite) and C3 AT Applications employ advanced analytics and machine
learning at scale to deliver real-time or near real-time actionable insights for enterprise business imperatives. C3 AT
understands that the security, confidentiality, integrity, and availability of the C3 AT Platform and the C3 Al
Applications are important to customers.
Protecting Your data is a joint responsibility between you and C3 Al. C3 AI's platform is built with security to
protect your data and applications. You can also implement your own security scheme to reflect the structure and
needs of your organization. C3 AT delivers a unified, cohesive suite of products through a scalable and secure
hosting model:
C3 AT products are delivered as hosted PaaS and SaaS offerings deployed in secure Virtual Private Clouds. This
provides system scalability and data security combined with low overall cost of ownership.
C3 AT implements a rigorous Cyber Security Program to protect critical systems and information assets, constantly
monitoring and improving applications, systems, and processes to meet the growing demands and challenges of
security. Security of C3 Al's hosting operations and C3 AI Platform has been validated in production deployments
for leading utility operators and large commercial and industrial organizations around the world.
C3 AI will maintain appropriate technical and organizational measures for protection of the security, confidentiality,
and integrity of Customer Data, as set forth in the Technical Specification C3001: C3 Al Suite, Applications, and Data
Security. The full text of C3 AI's Technical Specification C3001: C3 Al Suite, Applications, and Data Security to
protect Customer Data is available to Customers upon request.
April 14, 2023 C3 Al Data Processing Agreement 24
ANNEX III: LIST OF SUB -PROCESSORS
C3 Al is a data processor or sub -processor and engages certain onward sub -processors that may process personal
data submitted to C3 AI's services by the controller. The sub -processors are listed below are for C3 AI's default
offerings. This list may be updated by C3 Al from time to time.
Amazon AWS
Microsoft Azure
Google Cloud
Okra
Splunk
Informatics
Zendesk
Atlassian
Gurobi Cloud
Ortec
CCube
BGP Management
April 14, 2023 C3 Al Data Processing Agreement 25
ff]
C3.ai
C3 Al Center of Excellence Description
This C3 AI Center of Excellence Description describes the Center of Excellence ("CoE") services provided by Our
C3 Al CoE FTE resources. In the event of a conflict between the terms of this C3 Al Center of Excellence
Description and the terms of the C3 Al End User License Agreement or other agreement with Us governing Your
use of C3 Al Software (the "Agreement"), the terms and conditions of this C3 Al Center of Excellence Description
apply, but only to the extent of such conflict. Capitalized terns used herein but not defined herein shall have the
meanings set forth in the Agreement.
The Center of Excellence services provide premium support services by a team of Our C3 Al CoE FTE resources
to provide assistance and guidance in the design, development and testing of Customer Application(s) and
Customer Extension(s) by Your and Your Affiliates resources (if included as a party to the Agreement). "C3 Al
CoE FTE" means a full-time equivalent resource for up to 167 person hours per month or 2000 person hours per
year.
1. CoE Overview. The purpose of the CoE is to assist You in utilizing or extending C3 AI Applications and
developing Your own applications on the C3 AI Platform. To facilitate Your efforts, We provide the following CoE
services on C3 Al Platform and C3 Al Applications (if subscribed in the applicable Order) to Your personnel during
the Subscription Term of C3 Al CoE FTEs ordered in an applicable Order:
a. Support and guidance on the overall C3 Al Platform software application architecture;
b. Data integration, data science, and overall software application design, development and
deployment support on the C3 Al Platform;
C. Training on the C3 Al Software for Your named developer Users; and
d. Help to address Your named developer Users' development issues.
2. CoE Set Up. Each Party shall complete the applicable requirements specified below.
a. You: (i) Your developers must complete and pass Our developer qualification requirements; (ii)
Your developers must successfully complete Our required training and (iii) You must define a reasonable
product specification and a reasonable project plan for any Customer Application or Customer Extension to
be developed by Your personnel in the CoE.
b. Us: (i) We will set up the Development, Quality Assurance, and Production environments for the
C3 Al Platform for use by Your qualified named developer Users; and (ii) We will provide online training
resources for Your named developer Users.
3. CoE FTE Resources.
a. We will staff the CoE with the number of Our C3 Al CoE FTE resource(s) as specified in the Order.
The type of Our C3 AI CoE FTE resource may change depending on the stage of CoE engagement and may
be provided on-site or remotely. Any of Our C3 Al CoE FTE person hours in excess of the number specified
in the Order are subject to the payment of additional fees.
b. Our C3 Al CoE FTEs will provide instruction to Your named developers on the design,
development, quality assurance, performance testing, maintenance/upgrade of Customer Applications and
Customer Extensions developed by You. The instruction may include, but not be limited to the following:
i. Develop C3 Al canonical data format and integrate data;
ii. Create and manage C3 Al data types;
iii. Develop application logic;
iv. Create and extend analytics (systematic computational analysis of data or statistics);
v. Write application software test for C3 Al Applications;
vi. Configure machine learning algorithms and perform steps required to test and deploy machine
teaming algorithms;
vii. Configure user interface(s); or
viii. Manage, monitor, and operate sub-components/services of C3 Al Application(s).
C. You will provide a sufficient number of Your qualified personnel for the design, development, and
testing of Customer Application(s) and Customer Extension(s) by You. Your personnel may include Your
named developers, application developers, data scientists, data modelers, data integrators, quality assurance
March 20, 2023 C3 AI Center of Excellence Description
engineers, operations personnel, project management, project leadership personnel, subject matter experts,
and IT personnel knowledgeable about the source data systems.
4. Project Governance and Limitations.
a. We and You will each designate an executive sponsor to manage the relationship under the Order.
We and You will ensure that the appropriate representatives from each Party participate in quarterly, face-
to-face or remote, meetings to review Your product road map and projects. A quarterly executive status report
will be created by Our project leads and shared at the quarterly meeting.
b. Formal CoE project reviews will be conducted monthly by Our and Your team leadership.
C. The Parties agree the Our C3 Al CoE FTE person hours will be reasonably distributed over the
applicable Subscription Term or Pilot Phase, as applicable.
d. The following professional services are outside of the scope of the services provided in the CoE:
post -launch enhancements, customizations, and implementation services.
March 20, 2023 C3 Al Center of Excellence Description
Attachment B
Presentation Dated
April 9. 2024
W
0
m
J
Q
M
L
�a
W
c) �o
M O
Mu uW
qq
N
O
N
�L
Q
El
m
a
0
G1
C6
�
U
IUI
f6
d
E
d
0
L
R
N
co
U
0
y
O
CL
r
3
0
aL
>
_
L
>
co
_
O
U
0
G1
C6
�
U
IUI
No
cc
Cl)
mu
a) a
U c
m
am. h
lC
65
N tiQ
O m v
.0 Ogg
dU
r 0
Uma
OLL
L)
U
m
m
C >"
1 U .
L
0
C6
U
run
i
0
W
0
CL
0
LM
a
m
i it id tb itl I �
co
s
U
F
1 i $e`ff�4fiit F::
Ifft
m'
"I
_
Y
i t �iY
CL
co
QCO
U
:Q
w
p
if
HIM
od
G1
c'a
m
Fla
Z .P
W
�
a#
•Ez ei
�
e� a n
n
O
N
co
U[
0.
z
0
L
�
a�
C6
U
m
Q
0
M
V
W
n
�
O
O
L
CD
U)
i
i
O
i
O
N
�
N
U
E
N
0
:3
N
^�
i
0
U
�
�
U
Y
O
=
O
O
N
_
Clq
CD
M
L
•-
O
_lo
•
11
n
u
_:
'4
cu
2
U
FU
U
m
N
E
O
L
G.
U
a
s
8'
M
U
m
i
0
M
0 U
0
0
0
0
0
W
0
tn<�F>-
Q LL
1
N
l
�
W
at --
Z
a —
0
-•
N
N
N
0
�
W
W
N
I
k
C6
U
m
.2
Ma
2
p4f
CL
d
w
3
�
Q
O
}+
N
i
M
V
L
u�
2
p4f
CL
d
w
L
O
CL
J
01
.i�
Co
U
m
�
�
�
E
m
�
O
�
i
0
m
�
U
i
�
O
cn
M
M
a
E
k )
2 $
k j
\ ^
R
)
2
!�
:
9
,)§�)
-
G
!
"
)
E
\
)
(k /
7
}ok02
{)
W
_
Buip_
Dam_o
__ mnd
,e_.
,_d
)
2
0
0
N241
W
m
a
M
mLJ
M
V
N
cts
CL
t
U
m
U
m
Vi
U)
Q
VJ
a
CO
W
M
U
O
CO
U
a�
o
V
�co
O
O
i
V
:3
y
C/)
Y
�
�m
co
co
a�
14
o
a�
Y
p
M
O
Q)
VJ
W
co
:3
C/)
O
p
M
O
Q)
N
O
,N
cri
Qj
Q
a
O
4
c
U
N Cu
cB
c
�
+
C)
o
a�
RA
4b
i
(n sayaaeas juapisam 6upjew AailOd
Q
vi
U
rum
M
V
4)
N
L`
An
7
C6
U
m
o
�o
Y
N
�
(D
�
U
N
M
2
U-
U)
C6
U
m
N Y
w!
�A
•
I I
�
� i
O
� Y
�a
LL
cB
FFMU
�
Q)
(Z Q)
e
O
o
0Yo
(1) 0
a
3 �
c
m 3 i
M
Cl)
�
CO
�
O
V
cn
0
U
m
N
j
O m
� W
C
w
N
�
R
w
L
Q
d
N
=
U
Y
�
Y
N
d
N
O
r
=
R
R
W
Ul
•=
O
R
_V
Y
y
R
Q
R
cn
Y
a
d
R
O
m
=
U
m
j
O m
� W
C
N
e
p
N
i
V
R
O_
L
C
R
d
j
O
0
R
CL
C
L
i
O
O
N
�.
O
N
E
N
n
O
N_
C
R
O
y
7
C
O
ca
U
y
d
E
O
N
d
R
E
O
al
C
v
c
•Q
O.
y
u
`�°
U
U
W
H
ci
U
run
e
0{0
•
F
o
.E
0P,
O
O
N N
N -O
t0
�N
N O
MW
_
J
�
ci
U
run
C6
U
m
W
0 �
J
M
Q U
|
■
�
e!
JR \ 2 ) \
0
00
® - g
»
, G
M] « » « G
�
�
\
�
e!
JR \ 2 ) \
0
00
® - g
»
, G
M] « » « G
� 2
/
f
\
\
}
\
Q)k
k
=
1
±
2
§
G
{
\
/
\
3
j
� 2!
,@nHHRnlHjRpn
e:we«s
/
6'
0
U
m
w
Cl)
�+
O
= L
c
N
73
-
U
3
d
^,
N
no
N
=
r V
W
�a
a�
�
V
O
'—
i
Q
E
cc
M
R
=
°
a
3
-
_
o
0
W
N
a°i
�,
�
d
;
a
�
o
C
Cy
J
M
cn ai
o
r.
_
Q
O
•—
M
U
6'
0
U
m
M
U
m
C6
U
',
��
mu�
O
O
Lf
co
to
O
O
Ln
M
EA
O
O
r
M
O
.—
Efl
O
O
LO
O
O
O
In
co
r
K3
O
O
O
L6
O
O
O
O
LO
M
Efl
N
O
LL
U-
m
O
tL6,
C
W
~
U
CD
W
E
V
^
V♦
N
_
O N
O
O to
I -
C6
U
',
��
mu�
!�
U
rum
M
�i�