If the compliance rate does not meet the transition benchmark, the Client may elect to discontinue the service at no cost or explore additional measures to further improve compliance before committing to an ongoing program. CertiSync remains available to assist in analyzing compliance gaps and potential strategies for optimization. 

5. Ongoing Program and Billing

5.1. Automatic Transition to Full Program: Unless the Client provides written notice of termination under Section 6.1 prior to the end of the pilot period, the InsuraSync program will automatically transition to a standard ongoing service agreement. No additional contract will be required. The Client agrees to enroll all tenants in their portfolio not registered at the time of the pilot by submitting the required data as outlined in Section 2.1.

5.2. Billing Terms: Following the pilot period the Client will be billed quarterly in advance for all registered tenants at the pre-negotiated rate established prior to the pilot. Tenant counts for billing will be determined from Client rent roll reports or from the CertiSync Daily or Weekly Tenant Status Report in the absence of rent roll reports. A detailed invoice will be provided outlining the number of registered tenants and associated fees. Payment is net 30 days.

5.3. Adjustments for Tenant Changes: New tenants added after commencement of current billing quarter will be immediately registered in the program and billed in the next quarter billings. Tenants vacating during the current billing quarter will not be credited for the quarter in which they vacate.

5.4. Service Continuity: CertiSync will ensure uninterrupted service during the transition from the pilot program to the ongoing service agreement, including continued compliance tracking, reporting and support.

5.5. Termination of Ongoing Services: If the Client chooses to terminate the ongoing program after the pilot period, termination will be subject to the provisions outlined in Section 6.1 and Section 6.2.

6. Termination and Data Handling

6.1. Termination by Either Party: This Agreement may be terminated by either party at any time, with or without cause, upon providing thirty (30) days’ written notice to the other party.

6.2. Immediate Termination for Breach: Either party may terminate this Agreement immediately upon written notice if the other party:
a. Breaches any material obligation under this Agreement and fails to cure such breach within ten (10) business days of receiving written notice of the breach; or
b. Engages in fraud, gross negligence, or willful misconduct.

6.3. Data Return and Deletion Upon Termination:
a. Client Data Return: Upon termination of the Agreement, CertiSync shall return all data submitted or collected during the pilot program, including tenant data, in a structured, commonly used, and machine-readable format (e.g., .csv or other agreed-upon format). This return shall be completed within thirty (30) days of termination.
b. Data Deletion: CertiSync shall permanently delete all Client and tenant data from its servers, backups, and systems within thirty (30) days of termination, unless retention is required by law or for compliance purposes. CertiSync shall certify in writing that data deletion has been completed.

6.4. Continuity of Obligations: Termination of this Agreement shall not relieve either party of obligations incurred prior to the termination date, including payment for services rendered or indemnification obligations.

6.5. Survival of Certain Terms: The following provisions shall survive termination of this Agreement: Confidentiality (Section 7), Indemnification (Section 8), Governing Law, and Dispute Resolution (Section 9).

7. Confidentiality

7.1. Definition of Confidential Information: For the purposes of this Agreement, “Confidential Information” means all non-public, proprietary, or sensitive information disclosed by one party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally, in writing, or electronically, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. This includes, but is not limited to:
a. Tenant data, lease details, and proof of insurance documents;
b. Business plans, strategies, financial information, technical information, and product details related to the InsuraSync platform;
c. Any data, analyses, reports, or insights derived from the use of the InsuraSync platform; and
d. The terms of this Agreement.

7.2. Obligations of the Receiving Party: The Receiving Party agrees to:
a. Maintain the confidentiality of all Confidential Information using at least the same degree of care it uses to protect its own confidential information, but in no event less than a reasonable standard of care;
b. Use Confidential Information solely for the purpose of performing obligations under this Agreement or evaluating the InsuraSync program;
c. Restrict access to Confidential Information to employees, contractors, or agents who have a need to know such information for the purposes of this Agreement and are bound by confidentiality obligations no less stringent than those in this Agreement; and
d. Not disclose Confidential Information to any third party without the prior written consent of the Disclosing Party, except as required by law or court order (in which case, the Receiving Party must promptly notify the Disclosing Party and cooperate in seeking a protective order or other appropriate remedy).

7.3. Exclusions from Confidential Information: Confidential Information does not include information that:
a. Was publicly known and made generally available in the public domain prior to the time of disclosure by the Disclosing Party;
b. Becomes publicly known and made generally available after disclosure by the Disclosing Party through no action or inaction of the Receiving Party;
c. Is already in the possession of the Receiving Party without confidentiality obligations at the time of disclosure by the Disclosing Party;
d. Is obtained by the Receiving Party from a third party without a breach of such third party’s obligations of confidentiality; or
e. Is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information.

7.4. Return or Destruction of Confidential Information: Upon termination or expiration of this Agreement, or upon written request by the Disclosing Party, the Receiving Party shall promptly:
a. Return or destroy all copies, whether in written, electronic, or other form, of the Disclosing Party’s Confidential Information in its possession or control; and
b. Certify in writing to the Disclosing Party that such return or destruction has been completed.

7.5. Injunctive Relief: The Receiving Party acknowledges that any unauthorized disclosure or misuse of Confidential Information may result in irreparable harm to the Disclosing Party for which monetary damages may be inadequate. Therefore, the Disclosing Party shall be entitled to seek injunctive or equitable relief to protect its rights in addition to any other remedies available at law or in equity.

7.6. Survival: The obligations of confidentiality under this section shall survive the termination or expiration of this Agreement for a period of five (5) years, except with respect to trade secrets, which shall remain confidential indefinitely.

8. Indemnification

8.1. Indemnification by the Client: The Client agrees to indemnify, defend, and hold harmless CertiSync, its affiliates, officers, directors, employees, agents, and subcontractors (collectively, the “CertiSync Parties”) from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees and court costs) arising out of or in connection with:
a. The Client’s breach of this Agreement;
b. The Client’s failure to obtain valid consent from tenants to share their data with CertiSync, as required under applicable privacy laws;
c. Any inaccuracies, omissions, or errors in the tenant data provided by the Client to CertiSync;
d. Claims from tenants or third parties regarding the enforcement or interpretation of lease agreements or insurance requirements; and
e. The Client’s misuse of the InsuraSync platform.

8.2. Indemnification by CertiSync: CertiSync agrees to indemnify, defend, and hold harmless the Client, its affiliates, officers, directors, employees, agents, and subcontractors (collectively, the “Client Parties”) from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees and court costs) arising out of or in connection with:
a. CertiSync breach of this Agreement;
b. A data breach, unauthorized access, or misuse of tenant data caused by CertiSync’s negligence or failure to maintain reasonable security measures;
c. Any infringement or alleged infringement of third-party intellectual property rights resulting from the Client’s authorized use of the InsuraSync platform.

8.3. Limitations: Neither party shall be liable to indemnify the other for indirect, incidental, consequential, or punitive damages unless such damages arise from gross negligence, willful misconduct, or a breach of confidentiality obligations.

8.4. Indemnification Procedures: In the event of a claim subject to indemnification under this Agreement:
a. The indemnified party must promptly notify the indemnifying party in writing of the claim;
b. The indemnifying party shall have the right to assume control of the defense and settlement of the claim, provided that the indemnified party may participate in the defense at its own expense; and
c. The indemnifying party shall not settle any claim in a manner that imposes obligations, liabilities, or restrictions on the indemnified party without the indemnified party’s prior written consent.

9. Dispute Resolution

9.1. Good Faith Negotiation: In the event of any dispute, claim, or controversy arising out of or relating to this Agreement, including the interpretation, breach, termination, or validity thereof (collectively, “Disputes”), the parties agree to first attempt to resolve the Dispute through good faith negotiations. Either party may initiate negotiations by providing written notice of the Dispute to the other party, outlining the issues and desired resolution.

9.2. Mediation: If the parties cannot resolve the Dispute through negotiation within thirty (30) days of written notice, the parties agree to submit the Dispute to non-binding mediation before a mutually agreed-upon mediator. If the parties cannot agree on a mediator within fourteen (14) days, either party may request that a mediator be appointed by the Canadian Arbitration Association. Each party shall bear its own costs for mediation, with mediator fees split equally between the parties.

9.3. Arbitration: If the Dispute remains unresolved after mediation, it shall be submitted to binding arbitration in accordance with the Arbitration Act, 1991 (Ontario) or any successor legislation. The arbitration shall be conducted by a single arbitrator mutually agreed upon by the parties or, failing agreement, appointed by a judge of the Ontario Superior Court of Justice. The arbitration shall take place in Toronto, Ontario, and shall be conducted in English.

The arbitrator’s decision shall be final and binding on the parties, and the award may be enforced in any court of competent jurisdiction. Each party shall bear its own legal fees and costs associated with the arbitration unless otherwise awarded by the arbitrator.

9.4. Venue and Governing Law: The mediation and arbitration shall be conducted in Toronto Canada, and this Agreement shall be governed by and construed in accordance with the laws of Ontario.

9.5. Exclusions: Nothing in this clause shall prevent either party from seeking injunctive or equitable relief in a court of competent jurisdiction to protect its confidential information or intellectual property.

10. Data Privacy and Security

10.1. Compliance with Applicable Laws: Both parties agree to comply with all applicable data protection and privacy laws and regulations, including but not limited to the Personal Information Protection and Electronic Documents Act (PIPEDA), the General Data Protection Regulation (GDPR), and any other relevant local or international data privacy legislation applicable to the handling of personal information under this Agreement.

10.2. CertiSync Data Protection Obligations: CertiSync shall:
a. Secure Processing: Implement and maintain appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of all personal data processed under this Agreement, including encryption, access controls, and regular security audits.
b. Data Minimization: Process only the data necessary to provide the services outlined in this Agreement and ensure it is used solely for the purposes defined herein.
c. Access Control: Limit access to personal data to authorized employees, contractors, or agents who require such access to perform services under this Agreement and ensure that such individuals are bound by confidentiality obligations.
d. Data Breach Notification: Notify the Client without undue delay, and in any event within 48 hours, upon discovering any data breach that compromises personal data. The notification shall include the nature of the breach, the categories and approximate number of data subjects affected, and the measures taken to address the breach.
e. Third-Party Processors: Ensure that any third-party service providers or sub processors engaged by CertiSync comply with equivalent data privacy and security obligations as outlined in this Agreement.

10.3. Client’s Data Protection Obligations: The Client shall:
a. Consent Collection: Ensure that tenants have been informed of, and have consented to, the sharing and processing of their personal data as required by applicable laws prior to providing the data to CertiSync.
b. Data Accuracy: Provide accurate, complete, and up-to-date tenant data to CertiSync to facilitate the services effectively.
c. Cooperation: Cooperate with CertiSync to address data subject requests, including access, rectification, deletion, and restriction of personal data, in compliance with applicable laws.

10.4. Data Retention: CertiSync will retain personal data only for the duration necessary to fulfill its obligations under this Agreement or as required by applicable laws. Upon termination of this Agreement, all personal data will be returned or securely deleted in accordance with Section 6.3.

10.5. Audit Rights: The Client reserves the right to conduct reasonable audits or inspections of CertiSync data processing practices, upon providing at least thirty (30) days’ written notice, to ensure compliance with this Agreement and applicable data protection laws. CertiSync agrees to cooperate fully with such audits.

10.6. Data Subject Rights: CertiSync shall assist the Client in responding to data subject requests regarding their personal data, including requests to access, rectify, delete, or restrict processing, as required by applicable data privacy laws. CertiSync will do so promptly and at no additional cost to the Client.

10.7. Cross-Border Data Transfers: If personal data is transferred outside of Canada or the jurisdiction in which it was collected, CertiSync shall ensure that such transfers comply with applicable laws by implementing appropriate safeguards, such as Standard Contractual Clauses, as required under GDPR or equivalent mechanisms under other regulations.

10.8. Indemnification for Privacy Breaches: Each party shall indemnify and hold the other harmless against any fines, penalties, or claims arising from their breach of this Data Privacy and Security clause or applicable data protection laws.