Home > About us > Annual Notifications > Software Agreement

Software Agreement

SOFTWARE AGREEMENT

This Agreement, made and entered into ________ (Effective Date), by and between ______________, having offices at ______________________________________ (“Vendor”), and the Weedsport Central School District, having an office at 2821 East Brutus Street, Weedsport, New York 13166 (“School District”) (collectively “Parties”).

In consideration of the mutual promises and covenants contained herein, the Parties agree as follows:

1. (Pick One) [Services. Vendor shall perform the services set forth in this Agreement, as described in Addendum A (the “Services”). Vendor shall provide the Services at the School District location or on a remote basis, as agreed to by the Parties. Vendor warrants that the Services provided hereunder will be performed in a good and workmanlike manner.]

OR

[License. Vendor hereby grants to School District, including to all School District’s authorized users, a non-exclusive, non-sublicensable, non-assignable and royalty-free license to access and use the service (the “Services”) solely for School District’s operations in accordance with the terms of this Agreement.]

2. Data Accessed by Vendor. Vendor shall identify categories of all data accessed by Vendor or its subcontractors as part of this Agreement as set forth in Addendum B.

3. Term of Services. This Agreement begins on the Effective Date and will continue for a period of one (1) year unless terminated pursuant to Section 4 below (the “Term”).

4. Termination. This Agreement may be terminated as follows:

(a) By the School District upon thirty (30) days prior written notice to Vendor;
(b) By the School District immediately in the event of breach by the Vendor; and
(c) By either Party upon written mutual agreement.

5. Payment. The School District shall make a one-time payment of $__________ for the [Services/License] provided by Vendor in accordance with this Agreement.

6. Protection of Confidential Data. Vendor shall provide its Services in a manner which protects Student Data (as defined by 8 NYCRR §121.1(q)) and Teacher or Principal Data (as defined by 8 NYCRR §121.1(r)) (hereinafter “Confidential Data”) in accordance with the requirements articulated under Federal, State and local laws and regulations, including but not limited to the foregoing:

(a) Vendor will adopt technologies, safeguards and practices that align with the NIST Cybersecurity Framework.
(b) Vendor will comply with the School District Data Security and Privacy Policy, Education Law § 2-d, and 8 NYCRR §121.
(c) Vendor will limit internal access to personally identifiable information to only those employees or subcontractors that need access to provide the contracted services.
(d) Vendor will not use the personally identifiable information for any purpose not explicitly authorized in this Agreement.
(e) Vendor will not disclose any personally identifiable information to any other party without the prior written consent of the parent or eligible student, unless otherwise authorized pursuant to applicable law.
(f) Vendor will maintain reasonable administrative, technical and physical safeguards to protect the security, confidentiality and integrity of personally identifiable information in its custody.
(g) Vendor will use encryption to protect personally identifiable information in its custody while in motion or at rest.
(h) Vendor will not sell personally identifiable information nor use or disclose it for any marketing or commercial purpose or facilitate its use or disclosure by any other party for any marketing or commercial purpose or permit another party to do so.
(i) In the event Vendor engages a subcontractor to perform its contractual obligations, the data protection obligations imposed on the Vendor shall apply to the subcontractor.

7. Data Breach. In the event that Confidential Data is accessed or obtained by an unauthorized individual, Vendor shall provide notification to the School District without unreasonable delay and not more than seven (7) calendar days after the discovery of such breach. Vendor shall follow the following process:

(a) The security breach notification shall be titled “Notice of Data Breach”, shall be clear, concise, use language that is plain and easy to understand, and to the extent available, shall include: a brief description of the breach or unauthorized release; the dates of the incident and the date of discovery; a description of the types of Confidential Data affected; an estimate of the number of records affected; a brief description of the Vendors investigation or plan to investigate; and contact information for representatives who can assist the School District with additional questions.
(b) The Vendor shall also prepare a statement for parents and eligible students which provides information under the following categories: “What Happened”, “What Information Was Involved”, “What We Are Doing”, “What You Can Do”, and “For More Information”.
(c) Where a breach or unauthorized release of Confidential Data is attributed to Vendor, and/or a subcontractor or affiliate of Vendor, Vendor shall pay for or promptly reimburse the School District for the cost of notification to parents and eligible students of the breach.
(d) Vendor shall cooperate with the School District and law enforcement to protect the integrity of investigations into the breach or unauthorized release of Confidential Data.
(e) Vendor further acknowledges and agrees to have a written incident response plan that is consistent with industry standards and Federal and State laws for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Confidential Data or any portion thereof. Upon request, Vendor shall provide a copy of said written incident response plan to the School District.

8. Indemnification. Vendor shall at all times (both during and after the Term of this Agreement), indemnify, defend and hold harmless the School District, its agents, employees, and students (collectively for purposes of this Section, “the School District”), from and against any and all settlements, losses, damages, costs, counsel fees and all other expenses relating to or arising from (a) Vendor’s failure to comply with the terms of this Agreement; and/or (b) the negligent operations, acts or omissions of the Vendor.

9. Compliance with Laws. Vendor, its employees and representatives shall at all times comply with all applicable Federal, State and local laws, rules and regulations.

10. Independent Relationship. It is expressly intended by the Parties hereto, and Vendor hereby specifically warrants, represents and agrees, that Vendor and the School District are independent entities. The Parties intend that this Agreement is strictly between two independent entities and does not create an employer/employee relationship for any purpose. Vendor shall perform the duties contemplated by this Agreement as an independent entity, to whom no benefits shall accrue except for those benefits expressly set forth in this Agreement.

11. Assignment. This Agreement is binding upon the Parties and their respective successors and assigns, but Vendor’s obligations under this Agreement are not assignable without the prior written consent of the School District. Any assignment without the School District’s consent shall be null and void.

12. Governing Law. This Agreement and any Services provided hereunder shall be governed by the laws of the State of New York both as to interpretation and performance, without regard to its choice of law requirements.

13. Waiver. No delay or omission of the School District to exercise any right hereunder shall be construed as a waiver of any such right and the School District reserves the right to exercise any such right from time to time, as often as may be deemed expedient.

14. Addendums. The following Addendums are attached hereto and incorporated herein:
• Addendum A: Description of Specifications and Services
• Addendum B: Schedule of Data
• Addendum C: School District’s Parents’ Bill of Rights
• Addendum D: Parents’ Bill of Rights – Supplemental Information Addendum
• Addendum E: Vendor’s Data Security and Privacy Plan

15. Severability. Should any part of this Agreement for any reason be declared by any court of competent jurisdiction to be invalid, such decision shall not affect the validity of any remaining portion, which remaining portion shall continue in full force and effect as if this Agreement had been executed with the invalid portion hereof eliminated, it being the intention of the Parties that they would have executed the remaining portion of this Agreement without including any such part, parts or portions which may for any reason be hereafter declared invalid.

16. Entire Agreement. This Agreement and its Addendums constitute the entire Agreement between the Parties with respect to the subject matter hereof and shall supersede all previous negotiations, commitments and writings. It shall not be released, discharged, changed or modified except by an instrument in writing signed by a duly authorized representative of each of the Parties.

IN WITNESS WHEREOF, the Parties have signed this Agreement intending to be legally bound.

[Vendor] Weedsport Central School District

By: By:

Name: Name:

Title: Title:

Date: Date: