HomeMy WebLinkAboutContract 60234DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
CSC No. 60234
GE DIGITAL GENERAL TERMS AND CONDITIONS
SOFTWARE AND SUPPORT SERVICES ONLY
The license or provision of the GE products and services ("GE Offerings") by the GE Digital business ("GE") providing
this proposal or quote is expressly conditioned upon the terms and conditions contained or referred to herein. Any
authorization by Customer to furnish the GE Offerings or order placed by Customer for GE Offerings will constitute
acceptance of these terms and conditions.
DEFINITIONS.
The capitalized terms used in this Agreement shall have the meaning given to them below. Words imparting the
singular shall also include the plural and vice versa, as the context requires. GE and Customer are each referred to
herein as a "Party" and together as "Parties." The term "General Terms and Conditions" shall mean the body of the
text that follows and all appendices included therein. The term "Agreement" shall mean, collectively, these General
Terms and Conditions and any Order issuing from the attached quote or proposal.
1.1. "Affiliate" means, with respect to a Party, an entity that controls, is controlled by, or is under common
control with such Party, where control means ownership, directly or indirectly, of 50% or more of the voting
shares of the subject entity or the right to appoint a majority of the board of directors of the subject entity.
1.2. "Confidential Information" of a Party means all of that Party's information and documentation disclosed
to or accessed by the other Party in connection with this Agreement that is marked (or, if disclosed other
than in writing, designated at the time of disclosure) as "confidential" or with a similar designation,
including any information developed by reference to or use of the other Party's Confidential Information.
GE's Confidential Information includes the GE Offerings. "Confidential Information" does not include
information that: (a) is independently developed by the receiving Party, as demonstrated by the recipient's
written records, without violating the disclosing Party's proprietary rights; (b) is or becomes publicly known
(other than through unauthorized disclosure); (c) is disclosed by the owner of such information to a third
party free of any obligation of confidentiality; (d) is already known by the receiving Party at the time of
disclosure, as demonstrated by the receiving Party's written records, and the receiving Party has no
obligation of confidentiality other than pursuant to this Agreement; or (e) is rightfully received by the
receiving Party free of any obligation of confidentiality.
1.3. "GE Offerings" means, collectively, the Software and Support Services provided by GE in accordance with
this Agreement.
1.4. "Infringement Claim" is defined in Section 9.1.
1.5. "Open Source Software" means any software that is distributed as "free software," "open source software"
or under a similar licensing or distribution model, including without limitation the GNU General Public
License (GPL) (including the GNU Affero GPL License), GNU Lesser General Public License (LGPL), Mozilla
Public License (MPL), BSD licenses, the Artistic License, the Netscape Public License, the Sun Community
Source License (SCSL), the Sun Industry Standards License (SISL) and the Apache License.
1.6. "Software" is defined in Section 3.1.
1.7 "Support Services" means services associated with the support programs described in Appendix A.
-1-
GE CONFIDENTIAL GE GENERALTERMS AND CONDITIONS SWS AND SUPPORT ONLY v 4.2 March 2022
OFFICIAL RECORD
CITY SECRETARY
FT. WORTH, TX
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
1.8 "Third Partv Software" is defined in Section 3.3.
SCOPE; ORDERS.
2.1. Scope. Any offer made by GE herein is expressly conditioned upon acceptance of this Agreement, which
sets forth the sole and exclusive terms and conditions that govern any Order for the provision of the GE
Offerings. Any purchase order, order receipt, acceptance, confirmation, correspondence, online terms, or
other confirmatory documents presented by Customer shall be deemed to be presented for payment
purposes only. GE rejects, and shall not be bound by, any additional or different terms contained in such
documents.
2.2. Term and Compensation. The initial term of this Agreement is for five (5) years, beginning on the date this
Agreement is fully executed by the City of Fort Worth's Assistant City Manager and a GE Digital authorized
representative ("Effective Date") and continue for a period of five (5) years after such date (the "Initial Term"), unless
terminated earlier in accordance with this Agreement. Unless otherwise mutually agreed to in writing by both
Parties, the total compensation under this Agreement will not exceed Fifty Thousand Dollars and no cents
($50,000.00) during the Initial Term.
3. SOFTWARE.
3.1. Scope. As used herein, the term "Software" shall mean certain computer software and related
documentation described in an Order, that is provided to Customer by digital download or on physical
media for Customer's installation on Customer's computers, including any updates or upgrades provided
by GE in connection with Support Services. As used herein, the term "Software" excludes any software
hosted by or on behalf of GE and provided as a service.
3.2. Licenses. Subject to Customer's payment of all applicable fees and compliance with this Agreement, GE
grants to Customer a limited, non -transferable, nonexclusive license, for the license period specified in the
applicable Order, to use the Software provided pursuant to an Order for Customer's internal business use.
Customer must comply with any license scope or usage limitations (such as named user, concurrent user,
processor, server, site, facility, or asset based limitations) described on the applicable Order. Customer shall
not license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share, or commercially
exploit the Software, or make the Software available to any third party, other than as expressly permitted
by this Agreement.
3.3. Separately Licensed Software. Some Software may be supplied to Customer under a separate license
agreement, including Open Source Software ("Third Partv Software"). Customer's use of such Third Party
Software will be governed by such separate license agreements. GE shall have no warranty, support,
maintenance, or other obligations or liability under this Agreement with respect to such Third Party
Software.
3.4. Customer Responsibilities. Unless otherwise specified in an Order, Customer shall be solely responsible for:
a) properly installing, configuring, and using the Software in accordance with applicable documentation,
b) providing any hardware, equipment, and physical infrastructure necessary to run the Software,
c) providing any third party software not included in the Software,
d) maintaining the security, privacy, and backup of Customer Content,
e) compliance with applicable laws related to the use, storage, or processing of Customer Content,
-2-
GE CONFIDENTIAL GEGENERALTERMSAND CONDITIONS SWSAND SUPPORT ONLY v4.2March 2022
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
f) the proper operation, control, and maintenance of Customer equipment monitored by the Software,
and
g) applying patches, bug fixes, upgrades, and updates of the Software or third party software.
3.5. GE Software Warrantv. GE warrants that as of the date of delivery by GE, Software will materially conform
with the written product documentation supplied with the Software. If within ninety (90) days of the date
of delivery it is shown that the Software does not meet this warranty, GE shall, at its option, either correct
the defect or error in the Software, free of charge, or make available to Customer satisfactory substitute
software, or, if none of the foregoing is reasonably practicable, offer to return to Customer all payments
made as license fees therefor after Customer certifies that it has returned or deleted all copies of the
Software in its possession. The remedy provided in this Section shall be Customer's exclusive remedy, and
GE's sole obligation and liability, for any breach by GE of the foregoing warranty.
3.6. DISCLAIMERS. WITHOUT LIMITING THE DISCLAIMERS IN SECTION 6.2, GE SPECIFICALLY DISCLAIMS ANY
REPRESENTATION OR WARRANTY THAT: (I) SOFTWARE WILL OPERATE UNINTERRUPTED OR ERROR -FREE
OR WILL MEET CUSTOMER'S SPECIFIC NEEDS; (II) SOFTWARE WILL DETECT ANY PARTICULAR FAILURE,
FAULT, OR CONDITION, OR PROVIDE ANY PARTICULAR DEGREE OF ADVANCE WARNING OF AN IMPENDING
FAILURE, FAULT OR CONDITION OF THE CUSTOMER EQUIPMENT; OR (III) CYBERSECURITY SOFTWARE WILL
PROVIDE COMPLETE OR COMPREHENSIVE PROTECTION AGAINSTALL POSSIBLE SECURITY VULNERABILITIES
OR UNAUTHORIZED INTRUSIONS.
3.7. Deliverv. Unless otherwise specified in an Order, Software will be made available for electronic download
by Customer. GE shall be deemed to have delivered Software when GE makes the Software available for
download by Customer. If an Order specifies that Software is to be delivered to Customer on physical media,
then delivery of physical media will be made FCA GE's facility (Incoterms 2010). No title to the Software
shall be transferred.
3.8. Return or Destruction. Upon the expiration of Customer's license, or its earlier termination in accordance
with this Agreement, Customer shall certify, at GE's written request, the deletion or return of all copies of
Software in Customer's possession.
4. DELIVERY.
4.1. General. Unless otherwise agreed by the Parties in writing: (a) GE shall determine the method and routing
of all deliveries; (b) delivery dates and times are approximate and based on (i) prompt receipt by GE of all
information necessary to permit GE to proceed with work immediately and without interruption, (ii)
Customer's compliance with the payment terms, (iii) prompt receipt by GE of all evidence GE may request
that any required export or import license, as applicable, is in effect; (c) the prices for the GE Offerings
include only GE's usual quality processes, systems, and tests; and (d) partial deliveries shall be permitted.
4.2. Packing. Hardware or tangible media delivered by GE shall be prepared, packed, and shipped by or on behalf
of GE in accordance with good commercial practices, unless otherwise agreed by the Parties. A complete
packing list shall be enclosed with all shipments. Customer agrees to reimburse GE for any costs for any
non-standard packing, marking, or shipping directions requested by Customer.
-3-
GE CONFIDENTIAL GE GENERALTERMS AND CONDITIONS SWS AND SUPPORT ONLY v 4.2 March 2022
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
S. PAYMENT.
5.1. Pavment Terms. Except to the extent otherwise specified by GE in writing, invoices for GE Offerings shall
be issued pro rata as shipments are made or services performed or made available. If GE consents to delay
shipments after completion of any equipment, payment shall become due, title shall pass, and equipment
shall be held at Customer's risk and expense as of the date when GE is prepared to make shipment. Unless
otherwise agreed in an Order, payment is due net thirty (30) days from the date of invoice. All payments
shall be made without set off for claims arising out of other sales by GE. Payment shall be made in the
currency quoted.
5.2. Financial Condition. If the financial condition of Customer at any time does not, in the judgment of GE,
justify continued performance on the terms of payment previously agreed upon, GE may require full or
partial payment in advance or otherwise shall be entitled to terminate any Order or Statement of Work and
receive any early termination charges specified therein.
5.3. Late Pavments. Customer shall pay a monthly late payment charge computed at the rate of 1.5%, or the
maximum interest rate permitted by law, whichever is less, on any past due amount for each calendar
month (or fraction thereof) that the payment is overdue, and Customer shall reimburse GE for any and all
costs and expenses of GE's collections efforts including reasonable attorney's fees, and costs associated
with compromises and judgments arising therefrom.
5.4. Sales and Similar Taxes. GE shall be responsible for and shall pay any and all corporate and personal income
taxes imposed on GE and its employees by applicable laws ("GE Taxes"). Customer shall be responsible for
and shall pay to GE all taxes, duties, fees, and other charges of any nature (including, but not limited to, ad
valorem consumption, excise, franchise, gross receipts, import, export, license, property, sales and use,
stamp, contract duty / registration fees, storage, transfer, turnover, value-added taxes ("VAT"), Business
and Occupation or other similar taxes, and any and all items of deficiency, penalty, addition to tax, interest,
or assessment related thereto), imposed by any governmental authority of any country in connection with
the execution or performance of the Agreement ("Customer Taxes"), but excluding GE Taxes. All prices are
exclusive of Customer Taxes, which may be added by GE to Customer's invoice if applicable, unless
Customer provides a direct pay or exemption certificate to GE where permitted by law. If Customer deducts
or withholds any GE Taxes from payments owed hereunder, Customer shall provide to GE, within 30 days
from payment, the official receipt issued by the competent government authority to which the GE Taxes
have been paid, or an alternative document acceptable to the relevant tax authorities. In respect of taxes
to be withheld, if any, Customer shall comply with any applicable bilateral conventions against double
taxation. The Parties shall reasonably cooperate to claim any available exemptions from tax, fees, or duties
that may apply to this Agreement. When Customer arranges the export or intra-European Union
community shipment, Customer shall provide to GE, free of charge and within 90 days (or, in the case of
exports from the U.S., 30 days), evidence (obtained from Customer's forwarder) of exportation or intra EU
community shipment. If the laws in the country in which GE performs under this Agreement, or the laws in
the country of incorporation of Customer, require the Agreement to be subject to stamp duty, fee, or
registration with any local authority, Customer shall be responsible for the required formalities and bear
the related costs. Customer shall return to GE a copy of the registration certificate or a registered copy of
the Agreement within 10 days from the due date required by said laws to apply for such fee, duty, or
registration.
-4-
GE CONFIDENTIAL GE GENERALTERMS AND CONDITIONS SWS AND SUPPORT ONLY v 4.2 March 2022
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
6. REPRESENTATIONS AND WARRANTIES.
6.1. General Conditions of Warrantv. The warranties and remedies set forth herein are conditioned upon:
proper storage, installation, use, and maintenance of the GE Offering in accordance with the applicable
documentation, the proper design, operation, and configuration of the system into which the GE Offering
is installed, conformance with any applicable recommendations of GE, and GE's ability to reproduce and
observe the claimed defect, and prompt notification to GE of any defects and, as required, promptly making
any personnel and computer systems available. Any unauthorized modification to or use of the GE Offerings
by Customer will void the warranty.
6.2. Disclaimer of Implied Warranties. EXCEPT FOR THE EXPRESS WARRANTIES MADE IN THIS AGREEMENT, GE
AND ITS AFFILIATES AND LICENSORS MAKE NO WARRANTIES, CONDITIONS, OR REPRESENTATIONS,
WHETHER EXPRESS, IMPLIED, OR STATUTORY, AND GE AND ITS LICENSORS EXPRESSLY DISCLAIM THE
IMPLIED WARRANTIES OF MERCHANTABILITY, NON -INFRINGEMENT, DATA ACCURACY, SYSTEM
INTEGRATION, AND FITNESS FOR A PARTICULAR PURPOSE.
6.3. Customer Warranties. Customer represents and warrants that it has all rights and consents necessary to
disclose Customer Content to GE and to permit GE to use the Customer Content to perform GE's obligations
hereunder.
OWNERSHIP.
7.1. Customer Content. As between Customer and GE, Customer retains all rights, title, and interests in and to
Customer Content. Except as provided in this Agreement, GE obtains no rights under this Agreement from
Customer to any Customer Content.
7.2. Service Data. Customer consents to GE's use of Customer Content to provide the GE Offerings to Customer
and to perform GE's obligations under this Agreement. Customer further agrees that GE and its Affiliates
may use information derived from Customer Content or generated by the GE Offerings to maintain, protect,
create, develop, and improve the GE Offerings and other GE products and services, to the extent permitted
by applicable law.
7.3. Reserved Rights. Customer acknowledges that the GE Offerings are protected by the copyright, patent,
trade secret, trademark, and/or other intellectual property laws of the United States and other countries.
As between GE and Customer, GE (or its Affiliates and licensors) own and reserve all rights, title, and
interests in the GE Offerings, except those rights and licenses expressly granted to Customer by this
Agreement.
7.4. Restrictions. Except as expressly authorized by this Agreement, Customer shall not (a) sublicense, copy,
distribute, modify, or create derivative works of any GE Offering, except to the extent authorized by GE
under separate agreements, (b) reverse engineer, disassemble, or decompile any GE Offering or apply any
other process or procedure to derive the source code of the GE Offerings, (c) access or use the GE Offerings
in a way intended to avoid incurring fees or to exceed usage limits or quotas, or (d) remove, alter, or obscure
any proprietary notices that accompany the GE Offerings; or authorize or assist others to do any of the
foregoing.
7.5. Suggestions. If Customer provides GE or its Affiliates with any feedback or suggested improvements to the
-s-
GE CONFIDENTIAL GE GENERALTERMS AND CONDITIONS SWS AND SUPPORT ONLY v 4.2 March 2022
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
GE Offerings, then Customer consents to GE's use and implementation of such suggestions, without
compensation to Customer, and as between the Parties, GE shall solely own products and services
developed by or for GE from such suggestions.
CONFIDENTIALITY.
8.1. Non -Disclosure and Non -Use. A Party receiving Confidential Information (the "Receiving Party") shall not
directly or indirectly, at any time, without the prior written consent of the Party disclosing such Confidential
Information (the "Disclosing Party"), use or disclose the Confidential Information or any part thereof for any
use other than necessary for the performance of the Receiving Party's obligations under this Agreement or
as otherwise expressly permitted by this Agreement. The Receiving Party shall use reasonable efforts, but
not less than those efforts it uses to protect its own information of a similar nature, to avoid disclosure,
dissemination, or unauthorized use of the Confidential Information of the Receiving Party.
8.2. Compelled Disclosure. If the Receiving Party is requested by a governmental authority to disclose any
Confidential Information, it shall promptly notify the Disclosing Party, to the extent permitted by law, to
permit the Disclosing Party to seek a protective order or take other appropriate action. The Receiving Party
shall only disclose that part of the Confidential Information as is required by applicable law to be disclosed
and unless prohibited by applicable law. In addition to any other rights and remedies under this Agreement
or at law, the Receiving Party acknowledges and agrees that, due to the nature of the Confidential
Information, its confidentiality obligations to the Disclosing Party under this Agreement are of a unique
character and agrees that any breach of such obligations may result in irreparable and continuing damage
to the Disclosing Party for which there may be no adequate remedy in damages and accordingly the
Disclosing Party shall be authorized and entitled to seek injunctive or other equitable relief.
8.3 Customer is a government entity under the laws of the State of Texas and all documents held or maintained
by Customer are subject to disclosure under the Texas Public Information Act. In the event there is a request
for information marked Confidential or Proprietary, Customer shall promptly notify GE. It will be the
responsibility of GE to submit reasons objecting to disclosure. A determination on whether such reasons
are sufficient will not be decided by Customer, but by the Office of the Attorney General of the State of
Texas or by a court of competent jurisdiction.
INDEMNIFICATION.
9.1. By GE. GE shall, at GE's expense, defend or, at GE's option, settle any claim brought against Customer by a
third party that any GE Offering infringes any third party's United States patent, copyright, trademark, or
trade secret (an "Infringement Claim"), and pay any final judgments awarded by a court of competent
jurisdiction or settlements entered into by GE on Customer's behalf. As a condition of GE's obligation,
Customer must notify GE promptly of any Infringement Claim in writing, tender to GE sole control and
authority over the defense or settlement of such claim, and reasonably cooperate with GE and provide GE
with available information in the investigation and defense of such claim. Any effort by Customer to settle
an Infringement Claim without GE's involvement and written approval shall void any indemnification
obligation hereunder. If use of any GE Offering becomes, or in GE's opinion is likely to become, enjoined or
subject to a valid claim of infringement, GE may, at GE's option, (i) procure, at no cost to Customer, the
right to use such GE Offering, or (ii) modify the GE Offering or provide a substitute that is non -infringing. If
the foregoing is not commercially reasonable, GE may terminate Customer's license to the affected
Software and refund the pro -rated license fees. GE shall have no obligation or liability under this Section
-6-
GE CONFIDENTIAL GE GENERALTERMS AND CONDITIONS SWS AND SUPPORT ONLY v 4.2 March 2022
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
for any Infringement Claim to the extent caused by: (a) a modification to the GE Offerings not provided or
performed by GE, (b) Customer Content and Customer designs and specifications, (c) the combination of
the GE Offerings with other hardware, software, content, or services not provided by GE, (d) use of an
infringing GE Offering after GE has provided a non -infringing alternative, or (e) use of the GE Offerings
beyond the scope authorized by this Agreement or contrary to applicable documentation. This Section
states GE's sole obligation and exclusive liability, and Customer's sole remedy, for any third party claims of
infringement or misappropriation of any intellectual or proprietary right.
LIMITATIONS OF LIABILITY.
GE, INCLUDING ITS AFFILIATES AND LICENSORS, SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, PUNITIVE,
EXEMPLARY, SPECIAL, OR CONSEQUENTIAL DAMAGES, OR FOR ANY LOSS OF PROFITS OR REVENUE, USE, GOODWILL,
DATA, OR COSTS OF SUBSTITUTE GOODS OR SERVICES, REGARDLESS OF THE THEORY OF LIABILITY (INCLUDING
NEGLIGENCE). CUSTOMER IS SOLELY RESPONSIBLE FOR, AND BEARS ALL RISKS ASSOCIATED WITH THE CONTROL,
OPERATION, AND USE OF CUSTOMER EQUIPMENT. EXCEPT TO THE EXTENT DIRECTLY CAUSED BY GE'S NOW
COMPLIANCE WITH THE APPLICABLE GE DATA PROTECTION PLANS, GE SHALL HAVE NO LIABILITY ARISING FROM
CYBERATTACKS OR UNAUTHORIZED INTRUSIONS. GE, INCLUDING ITS AFFILIATES AND LICENSORS, SHALL NOT BE
LIABLE FOR CLAIMS ARISING OUT OF THIS AGREEMENT IN A CUMULATIVE AMOUNT EXCEEDING CUSTOMER'S
ACTUAL DIRECT DAMAGES, UP TO THE AMOUNTS PAID BY CUSTOMER FOR THE PRODUCT OR SERVICE GIVING RISE
TO THE LIABILITY.
10. TERM AND TERMINATION.
10.1. Termination.
10.1.1. For Breach. Either Party may terminate this Agreement, or any individual Order or Statement of
Work, for a material breach by the other Party, which breach is not cured within thirty (30) days of
written notice provided to the breaching Party, or which breach is incapable of being cured.
10.1.2. For Insolvency. A Party may terminate this Agreement upon notice to the other Party if the other
Party becomes insolvent, makes an assignment for the benefit of creditors, has a receiver or
trustee appointed, or is the subject of a proceeding under bankruptcy or insolvency law that is not
dismissed within thirty (30) days of the filing date thereof.
10.1.2 Fiscal Funding Out. In the event no funds or insufficient funds are appropriated by Customer in any
fiscal period for any payments due hereunder, Customer will notify GE of such occurrence and the
Agreement shall terminate on the last day of the fiscal period for which appropriations were
received without penalty or expense to the Customer of any kind whatsoever, except as to the
portions of the payments herein agreed upon for which funds have been appropriated.
10.1.3. Effect of Termination. The expiration or termination of this Agreement, or of any Order or
Statement of Work, shall terminate the licenses granted and services provided thereunder, except
as otherwise provided in Section 11.1 or agreed in writing. Upon any termination or expiration of
this Agreement, the following Sections survive: 5 (Payment), 7 (Ownership), 8 (Confidentiality), 9
(Indemnification), 10 (Limitations of Liability), 11(Term and Termination), and 12 (Miscellaneous).
11.4 Deletion of Expired Software. Upon the expiration or termination of any license to Software
-7-
GE CONFIDENTIAL GE GENERALTERMS AND CONDITIONS SWS AND SUPPORT ONLY v 4.2 March 2022
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
(including the expiration of a limited -term license), unless otherwise renewed, Customer shall
immediately uninstall and delete or return to GE all copies of such Software. At GE's request,
Customer shall promptly deliver to GE a written certification, signed by a duly authorized
representative, that Customer has not retained any copies of such Software.
11. MISCELLANEOUS.
11.1. Performance by GE. GE shall have the right to use subcontractors and Affiliates to perform its obligations
under this Agreement, and in such event, GE shall remain responsible to Customer for such obligations.
11.2. Excusable or Delaved Performance. GE shall not be liable for delays or nonperformance due to causes
beyond its reasonable control, including, but not limited to, acts of God, acts of Customer, prerequisite work
by others, acts of civil or military authority, government priorities, changes in laws or regulations, fires,
strikes or other labor disturbances, floods, epidemics, war, terrorism, riot, delays in transportation or car
shortages, or inability to obtain or delay in obtaining suitable labor, materials, government permits, or
facilities, due to causes beyond its reasonable control. In the event of any such delay, the time of
performance shall be extended for a period equal to the time lost because of the delay, or if performance
is rendered impossible, GE shall be excused from performance subject to an equitable adjustment to the
applicable fees. In the event GE is delayed by conditions caused by Customer or by prerequisite work by
other contractors or suppliers of Customer, GE shall be entitled to an equitable price adjustment in addition
to extension of the time of performance.
11.3. Independence. GE and Customer are independent contractors, and neither Party, nor any of their
respective Affiliates, is an agent, partner, orjoint-venturer of the other for any purpose or has the authority
to bind the other. Both Parties reserve the right (a) to develop or have developed for it products, services,
concepts, systems, or techniques that are similar to or compete with the products, services, concepts,
systems, or techniques developed or contemplated by the other Party and (b) to assist third party
developers or systems integrators who may offer products or services which compete with the other Party's
products or services.
11.4. No Third Partv Beneficiaries. This Agreement does not create any third party beneficiary rights in any
individual or entity that is not a party to this Agreement.
11.5. Trade Compliance. Each Party shall comply with applicable laws that govern the import, export, or re-
export of data or materials supplied underthis Agreement. Without limiting the foregoing, Customer agrees
that it shall not sell, distribute, disclose, release, or otherwise transfer any item or technical data provided
under this Agreement to: (i) any country designated as a "State Sponsor of Terrorism" by the U.S.
Department of State including, for this Agreement, the countries of Cuba and North Korea (ii) any entity
located in, or owned by an entity located in, a "State Sponsor of Terrorism" country, Cuba, or North Korea,
(iii) the region of Crimea, or (iv) any person or entity listed on the "Entity List" or "Denied Persons List"
maintained by the U.S. Department of Commerce, the list of "Specifically Designated Nationals and Blocked
Persons" maintained by the U.S. Department of Treasury or any other applicable prohibited party list of the
US Government. This clause shall apply regardless of the legality of such a transaction under local law.
Except as otherwise agreed in writing between the Parties, each Party shall be responsible for obtaining
and maintaining any authorization required for its performance under this Agreement (including the
transfer any item or technical data under this Agreement), such as export license, import license, exchange
permit or other required government export or import authorization. Each Party shall provide reasonable
-8-
GE CONFIDENTIAL GE GENERALTERMS AND CONDITIONS SWS AND SUPPORT ONLY v 4.2 March 2022
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
assistance necessary for the other Party to secure and comply with such authorizations as may be required.
Each Party shall not be liable if any government export authorization is delayed, denied, revoked, restricted
or not renewed despite commercially reasonable efforts by the Party. Additionally, such delay, denial,
revocation or non -renewal shall not constitute a breach of this Agreement. Customer acknowledges that
GE may conduct periodic screening of Customer and of its beneficial owners to comply with applicable laws
and consents to the foregoing.
11.6. Language. All communications and notices to be made or given pursuant to this Agreement must be in the
English language.
11.7. Severabilitv and Interpretation. If any portion of this Agreement is held to be invalid or unenforceable, the
remaining portions of this Agreement shall remain in full force and effect. Any invalid or unenforceable
portions shall be interpreted to effect the intent of the original portion. If such construction is not possible,
the invalid or unenforceable portion shall be severed from this Agreement but the rest of the Agreement
shall remain in full force and effect. Section headings are used for convenience only.
11.8. Audit. Customer agrees to permit GE or GE's designated agent, upon reasonable notice to Customer, to
audit Customer's books, records, and facilities to verify Customer's compliance with the terms and
conditions of this Agreement, including any usage limitations or restrictions applicable to the GE Offerings.
If any audit reveals an underpayment by Customer, GE may invoice Customer for such underpayment in
accordance with GE's standard policies. Customer agrees to pay such invoice in accordance with the
payment terms of this Agreement. GE shall pay for any audits, unless an audit reveals that Customer has
underpaid by more than 15% of the fees owed in any 3-month period, in which case, Customer shall
reimburse GE for its reasonable audit costs.
11.9. 11.8.1 GE agrees that Customer shall, until the expiration of three (3) vears after final pavment under
the Agreement, have access to and the right to examine invoicing and pavment records (the "Records"I
involving transactions relating to the Agreement. Customer acknowledged and agrees that GE may share
such Records in the electronically. Notices. GE may provide any notice required or permitted to be given
to Customer under this Agreement by sending a written notice to the mailing or email address set forth in
the Order or otherwise provided by Customer to GE during account registration, as may be updated by
Customer from time to time upon written notice to GE. Notices to GE may be provided as follows:
By personal delivery, overnight courier, or U.S. Postal registered or certified mail:
GE Digital LLC
58 Charles Street
Cambridge MA 02114 Attention: GENERAL COUNSEL
11.10. Assignment. Neither Party may assign this Agreement, or any of its rights or obligations hereunder, without
the prior written consent of the other Party, and any assignment in violation of this provision shall be void.
Notwithstanding the foregoing, GE may assign this Agreement, or any of its rights or obligations hereunder,
without the necessity for obtaining consent, to any Affiliate of GE. Subject to these requirements, this
Agreement shall be binding upon, and inure to the benefit of the Parties and their respective successors
and assigns.
-9-
GE CONFIDENTIAL GE GENERALTERMS AND CONDITIONS SWS AND SUPPORT ONLY v 4.2 March 2022
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
11.11. Entire Agreement. This Agreement is the entire agreement between Customer and GE regarding the subject
matter of this Agreement. This Agreement supersedes all prior or contemporaneous representations,
understandings, agreements, or communications between Customer and GE, whether written or oral,
regarding the subject matter of this Agreement.
11.12. Amendments. Any Amendments to this Agreement must be in writing and must be signed by both Parties.
No oral agreement, course of dealing, or trade usage shall be deemed to modify this Agreement.
11.13. Waivers. The failure of a Party to enforce any provision of this Agreement shall not constitute a present or
future waiver of such provision or limit a Party's right to enforce such provision later. All waivers must be
in writing and signed by the Party issuing the waiver.
11.1. Choice of Law. This Agreement shall be governed by the laws of the State of Texas, without reference to
its conflict of laws provisions. The provisions of the United Nations Convention on the International Sale of
Goods shall not apply to this Agreement. The obligations under this Section shall not apply to any claim
(including for injunctive relief) by a Party relating to any actual or alleged infringement of its copyright,
patent or patent application, trademark, or trade secret, or for any breach of confidentiality hereunder.
11.2. High Risk Uses. Customer acknowledges that the GE Offerings are not designed for real-time control or
time -sensitive applications that have the potential to cause death, personal injury, or property damage or
that could result in radioactive, chemical, or biological contamination or environmental damage. Customer
assumes the entire risk for any such use and shall defend and indemnify GE and its Affiliates from any
liability to third parties resulting therefrom. Customer agrees not to use the GE Offerings for control of any
nuclear facility or activity.
11.3. U.S. Government Contracting. If Customer is a U.S. Government entity or procures GE Offerings for or on
behalf of a U.S. Government entity, the following provisions apply: (a) Customer agrees that all GE Offerings
meet the definition of "commercial -off -the -shelf" (COTS) or "commercial item" as defined in FAR 2.101, and
that the subparagraph terms of FAR 52.212-5(e) or FAR 52.244-6 (or, for orders from the U.S Government,
FAR 52.212-5 and FAR 52.212-4 with tailoring to the extent permitted by FAR 12.302 by replacing all
paragraphs exceptthose listed in FAR 12.302(b) with these terms and conditions), and (subject to subsection
(e) below) DFARS 252.212-7001(c) or DFARS 252.244-7000, whichever are applicable, apply only to the
extent applicable to COTS or commercial items and only as appropriate for the dollar value of this order;
(b) with regard to any terms related to Buy American Act or Trade Agreements, the country of origin of GE
Offerings is unknown unless otherwise specifically stated in writing by GE; (c) Customer agrees that any
services offered by GE are exempt from the Service Contract Act of 1965 (FAR 52.222-41); (d) Customer
agrees that this sale is not funded, in whole or in part, by the American Recovery and Reinvestment Act
unless otherwise set forth in a written agreement of the Parties; (e) GE makes no representations,
certifications, or warranties whatsoever with respect to the ability of GE Offerings to satisfy DFARS 252.225-
7009, Restriction on Acquisition of Certain Articles Containing Specialty Metals; (f) with regard to DFARS
252.204-7012, Customer agrees that no Unclassified Controlled Technical Information or Covered Defense
Information shall be provided to GE, delivered by GE to Customer, or used by GE in the performance of this
Agreement; and (g) Customer is solely and exclusively responsible for compliance with any other applicable
statutes or regulations governing sales to the U.S. Government, and GE makes no representations,
certifications or warranties whatsoever with respect to the ability of GE Offerings or prices to satisfy any such
statutes and regulations other than those contained herein.
GE CONFIDENTIAL GE GENERALTERMS AND CONDITIONS SWS AND SUPPORT ONLY v 4.2 March 2022
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
11.4 Data Breach. With respect to its treatment of any Customer Content, GE agrees to comply with its data
protection policy attached hereto and incorporated herein by this reference as Appendix B.
IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed on the last date written below by
their respective qI&sag„e grized officers or representatives.
-0
E
By GE F3019AC94E57446... By City Of Fort Worth
Dana Burghdoff (Oc[q0231 DT)
Signature Signature
Jeff Bartoletti VP, Commercial ops & Marketin
Cana Burghdoff
Print Name / Title
02-oct-2023
Date
APPROVAL RECOMMENDED:
Chrisfooher !Harder
BY: Christopher Harder(Oct 9, 202308:43 CDT)
Name: Christopher Harder
Title: Director, Water Department
Qovoun��
ATTEST: p of FORra0
OVo oi0
Opa o 0 *�d
aaa�fEzps0a4a
bUoao44
By:
Name: Jannette Goodall
Title: City Secretary
Assistant City Manager
Oct 9, 2023
Date
CONTRACT COMPLIANCE MANAGER:
By signing I acknowledge that I am the person
responsible for the monitoring and administration of this
contract, including ensuring all performance and
reporting requirements.
By: Richard Use(Oct 3, 202309:53 CDT)
Name: Richard Lisenbee
Title: Senior IT Manager, Water Department
APPROVED AS TO FORM AND LEGALITY:
By:
Name: Taylor C. Paris
Title: Assistant City Attorney
CONTRACT AUTHORIZATION:
M&C: N/A
-11-
GE CONFIDENTIAL GE GENERALTERMS AND CONDITIONS SWS AND SUPPORT ONLY v 4.2 March 2022
OFFICIAL RECORD
CITY SECRETARY
FT. WORTH, TX
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
Appendix A
Product Specific Terms and Conditions
The following terms and conditions apply to specific GE Offerings listed below, in addition to the terms and
conditions of the main body of the Terms and Conditions . In the event of any conflict between the terms and
conditions in this Appendix and the main body of the Terms and Conditions, these terms and conditions shall take
precedence with respect to the GE Offerings described below.
1. Trial Offerings.
From time to time, GE may offer Customer access to certain GE Offerings that GE designates as "beta," "evaluation,"
or "trial" on the Predix Web site or in Order documents ("Trial Offerings"). Trial Offerings are provided to Customer
free of charge, except as otherwise specified by GE. GE may limit, suspend, or terminate Customer's license or
subscription to any portion of the Trial Offerings for any reason, in GE's sole discretion, including, for example, the
expiration of the Trial Offerings period, to enforce Trial Offering usage limitations, or to protect GE's services or
systems. Any product or service designated "alpha," "beta," or "pre-release" is subject to change without notice,
may differ substantially upon commercial release, and may have limited or no Support Services. Trial Offerings have
not been fully tested and may contain defects, may lack standard security features, and may be taken offline or
become unavailable without notice. Customer acknowledges that Trial Offerings may not meet all the security
standards in the Data Protection Plan, and Customer is advised not to process or store any sensitive or confidential
information or manage a production environment using Trial Offerings. TRIAL OFFERINGS ARE PROVIDED "AS IS"
AND "WITH ALL FAULTS" AND GE HAS NO OBLIGATION OR LIABILITY WITH RESPECT TO TRIAL OFFERINGS.
2. Acceleration Plans (Support Services).
2.1. Support Services. GE shall provide the support program and associated level of support as reflected in the
applicable Order ("Support Services"). The applicable program, level of service and included or a la carte
components that constitute the Support Services are further described in the Acceleration Plans Support &
Services Guide and shall be acknowledged by GE (the "Support Confirmation"). Support Services may
include various types of Services as described in the Acceleration Plans Support & Services Guide.
2.2. Nature of Support Services. Support Services may be provided independently as a GE Offering or as a
required component of another GE Offering. To the extent Support Services are provided as a component
part of another GE Offering, the relevant Support Services must be purchased and shall terminate when
such GE Offering is terminated or shall be extended to the extent such GE Offering is extended (including
any automatic renewals thereof). To the extent Support Services are associated with Software, such Support
Services shall automatically terminate in the event the license to the underlying Software is terminated.
2.3. Support Disclaimer. Customer acknowledges that the interpretation or application of key indicators,
metrics, information, or advice provided in connection with Support Services depends on many factors
outside of GE's ability to control or foresee, and therefore, Customer assumes sole responsibility for
appropriate testing and validation prior to taking any action or decision. GE does not and cannot guarantee
that every fault condition can be foreseen or detected or that GE will be able to provide any particular
amount of advance warning of any impending fault or failure.
-12-
GE CONFIDENTIAL GE GENERALTERMS AND CONDITIONS SWS AND SUPPORT ONLY v 4.2 March 2022
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
2.4. Term. Renewal and Termination.
2.4.1. Support Services Associated with Software. The Support Services subscription term will be as
stated on the Confirmation. The subscription term shall be for such initial term and thereafter be
renewed automatically for successive one (1) year renewal terms unless a Party provides the other
Party with written notice of its intent to not renew at least thirty (30) days prior to the end of the
initial or successive term. The renewal rate shall be increased at each renewal to reflect the
annually published Consumer Price Index plus one percent (1%) over the prior period. CPI shall
mean the twelve-month U.S. City Average for ALL Urban Consumers (CPI-U). The twelve-month
period will be updated by GE no more than twice per year.
2.4.2. Reinstatement Fee. If for any reason, Customer permits the Support Services to lapse, then GE
may charge a re -instatement fee as a condition to reactivating such Support Services.
2.4.3. No Riaht of Refund. Payment for any and all Support Services is required in advance, without right
of refund for any reason.
3. OS -Restricted Products (Software).
3.1 System Restrictions. For versions of iFIX, CIMPLICITY, and other on -premise GE Offerings that are
labelled as "Embedded" or "IOT" versions (collectively, the "OS -Restricted Offerings"), the
Customer is only granted a right to run the OS -Restricted Offerings on the specific version and
edition of the operating system identified below:
GE Product version Permitted operating system
Embedded Windows 7 Embedded
IOT Windows 10 IOT Enterprise
3.2 License Prohibitions. Use of the OS -Restricted Offering on other operating systems is prohibited,
and such use is a breach of the Agreement. In addition, OS -Restricted Offerings may not operate
or perform properly when run under prohibited operating systems. Such non -operation or mis-
operation under prohibited operating systems shall not constitute a breach of the Agreement by
GE.
-13-
GE CONFIDENTIAL GEGENERALTERMSAND CONDITIONS SWSAND SUPPORT ONLY v4.2March 2022
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
Appendix B-GE Digital's Data Protection Plan
-14-
GE CONFIDENTIAL GE GENERALTERMS AND CONDITIONS SWS AND SUPPORT ONLY v 4.2 March 2022
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
GE DIGITAL
DATA PROTECTION PLAN
This Data Protection Plan ("Data Protection Plan") describes the data protection policies and procedures applicable to
Customer Content (defined below) processed by GE Digital ("GE Digital; we; us; our") as part of our products and services (the
"GE Offerings"). This Data Protection Plan is incorporated by reference, and forms part of your agreement with GE Digital (the
"Customer Agreement"). In the event of any conflict or inconsistency between this Data Protection Plan and the terms in your
Customer Agreement, the Data Protection Plan shall prevail. Your use of anythird-party products or services, including in
connection with the GE Offerings, will be governed by such separate third -party terms. For purposes of this Data Protection
Plan, "GE Digital" means the GE Digital entity set forth in your Customer Agreement. All other terms shall be as defined herein,
or in your Customer Agreement.
1. GE Digital's Obligations.
1.1 Security. Section 2 describes the technical and organizational measures we use to protect the confidentiality,
integrity, and availability of the data, information, documentation, and software, if any, you provide to us in connection
with the GE Offerings ("Customer Content"). Section 2 also describes your obligations with respect to any Customer
Content you provide to us.
We reserve the right to modify this Data Protection Plan at any time, including to meet our evolving security requirements,
industry standards, or legal requirements; provided that, during the term specified in your Customer Agreement, the level
of security we provide in processing the Customer Content shall in no event be less protective than what is described in
this Data Protection Plan.
1.2 Personal Data. We act as a "data processor" of any personal data included as part of your Customer Content as that
term is defined under applicable data protection laws. You remain the data controller of all such personal data. We will act
on your documented instructions when processing your personal data as part of your Customer Content, and use
reasonable efforts to assist you in fulfilling your obligation under applicable data protection laws, including when notifying
relevant supervisory authorities and data subjects about security incidents involving your personal data. We will comply
at all times with our privacy policy when processing your personal data httDs://www.ae.com/r)rivacv ("GE Privacy Policy").
1.3 Compliance with Law. Each Party will comply with the laws and regulations applicable to its obligations under this
Data Protection Plan. If Customer Content includes any data subject to specific legal or regulatory requirements
(including, but not limited to, health care data, EU personal data, export -controlled data, or sensitive government data),
you agree to notify us in writing of such requirements and provide any information that is necessary or reasonably
requested by us to determine the applicable regulatory requirements. Except as may be specified by us in writing, we will
not have any responsibility to discover or provide GE Offerings that comply with such legal or regulatory requirements.
1.4 Location and Transfer of Customer Content. Customer Content may be transferred to, stored and/or processed
in the United States or other countries in which we or our affiliates or subcontractors operate. We will act in accordance
with the requirements of the Customer Agreement and applicable data protection law regardless of where we store or
process Customer Content. Upon your reasonable request, we will negotiate in good faith regarding any further data
processing, localization or data transfer agreements as may be required to support the lawful processing or transfer of
personal data. Our processing and transfers of personal data, if any, included in the Customer Content will be performed
as described in the GE Privacy Policv.
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
2. GE Digital Security Measures.
This section describes technical and organizational measures we use to protect the confidentiality, integrity,
and availability of Customer Content you provide to us as part of the GE Offerings.
Functional Area Measure
Administrative Security Organization. Our information security program is managed through a cross -
Controls functional, coordinated structure that includes our Business, IT, Legal, HR, Facilities and Cyber
(organization, Security stakeholders.
policies,
verification, Security Policies. We have implemented detailed policies, procedures, and technical measures
training) to secure data, systems, and services associated with the GE Offerings.
Security Oversight.
• Chief Information Security Officer. The CISO oversees risk mitigation for the GE
Offerings. Responsibilities include developing and maintaining security policies applicable
to the GE Offerings; issuing supporting standards, technical security requirements and
guidelines; and monitoring and enforcing compliance with applicable policies, standards,
and contractual and legal requirements.
• GE Board of Directors. As part of its oversight role, GE's Board of Directors reviews our
practices and programs related to cybersecurity. The committee is updated regularly on
our cyber threats and risk -management strategy.
Human Resource Security. Our employment candidates, employees, and suppliers are subject
to background verification proportional to their roles, consistent with applicable law. Our
employees are required to undergo training regarding our privacy and information security
policies, including the acceptable use of GE information resources, before accessing customer
data. GE employees receive on -going privacy and security awareness training and
communications.
Asset and Access Asset Inventory. We follow a standard process for controlling the inventory of our managed
Management devices and equipment ("GE Assets"). This process requires all GE Assets be identified and
tracked, and the asset owners identified. GE Asset owners are responsible for maintaining up-to-
date information regarding their GE Assets.
Access Control. We follow a standard process for controlling access to GE Digital managed
infrastructure. This process encompasses account and password control, segregation of duties
and monitoring, passwords, and entitlement reviews.
• GE Digital user IDs may be created and/or modified only with the approval of designated
personnel. Accounts are requested and approved via workflows, and each account is
attributable to a single individual with a unique ID (not shared) and requires
authentication (e.g., password) prior to access. We terminate user logical and physical
access to accounts promptly following personnel separation or transfer to a role no
longer requiring access.
Prior to granting physical or logical access to facilities, systems or data, suppliers and
customers are required to sign agreements setting forth their responsibility for
managing information security in a manner consistent, as applicable, with GE Digital
security policies and requirements consistent with this Data Protection Plan.
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
A small set of shared administrative accounts are available to our designated system
administrators for emergencies. These accounts are stored in an encrypted shared
account password management application that may be accessed only by approved
administrators. This `password safe' application requires two -factor authentication.
Access to the safe is controlled via roles. Authenticated users can retrieve passwords for
specific servers or approved applications. Passwords retrieved from the safes are reset
upon check -in or forcibly reset after eight (8) hours if not checked in prior to expiration.
Use of these emergency accounts is logged and reviewed.
We deactivate authentication credentials that have not been used for six months or
more.
We identify those personnel who may add, modify, or remove authorized access to
system resources.
Authentication. We use industry standard password protection practices and policies, including
practices designed to maintain the confidentiality and integrity of passwords when they are
assigned and distributed, and during storage.
• We use industry standard practices to identify and authenticate users who attempt to
access information systems.
• Where authentication mechanisms are based on passwords, we require the password
to be at least eight characters long and meet complexity requirements.
• Where authentication mechanisms are based on passwords, we require that the
passwords are renewed regularly.
• We store passwords in a way that makes them unintelligible while they are in force.
Physical and GE Digital Managed Data Centers. We use industry standard practices for physical and
Environmental environmental security.
Security • Physical access is controlled both at the perimeter and at building ingress points by
professional security staff utilizing electronic means.
• Authorized staff utilize multi -factor authentication mechanisms to access data center
floors.
• Data center physical access is provided only to approved employees and contractors who
have a legitimate business need for such privileges.
• Visitors are required to present identification, are logged, and escorted by authorized
staff.
• When an employee or contractor no longer requires these privileges, his or her access is
revoked.
• Access privileges are reviewed periodically. Access that is no longer required is removed
as part of the review.
• Environment controls include fire detection/suppression and protection.
• Data center electrical power systems are designed to provide back-up power via
generators and Uninterruptible Power Supply (UPS).
• Data centers are conditioned to maintain atmospheric conditions at specified levels.
Third Party Data Center Providers. We obtain "Service Organization Control" (SOC 2) reports
for our hosting providers to ensure controls around physical and environmental security meet our
data protection standards, where available.
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
Change Information System Acquisition, Development and Maintenance
Management • A Secure Development Lifecycle (SDL) program is contained within our Software
Development Life Cycle (SDLC).
• Our Cyber Security team provides education, tools, and guidance to support Product
Engineering and Development teams.
• We have anti -piracy and open -source programs designed to prevent the introduction of
counterfeit products or components into our products.
Change Management
• Our change management follows a standard process for changes to GE Digital -managed
infrastructure, including data center facilities, networking devices, servers, and other
system -level changes we control.
• The change management process includes risk assessment, planning, business -defined
and Change Advisory Board (CAB) approval, implementation, and closure. CABS meet on
a regular basis to review requested changes.
Backup and Capacity
We perform backups of our systems, critical configuration items and components that are used to
administer the environment. We validate restoration of data periodically for disaster recovery
purposes. Our backup and redundancy processes undergo periodic review and validation.
Operations Vulnerability Management
Management
We use discovery tools to identify vulnerabilities in the GE Offerings. The vulnerability
management processes include risk assessment, communicating findings, remediation guidance
that may include identification of available patches, and tracking vulnerabilities through to
remediation. In situations where we utilize other Infrastructure as a Service (laaS) providers,
where available, we obtain "Service Organization Control' (SOC 2) reports from providers to
ensure controls around vulnerability management meet our standards.
Data Classification and Handling
We classify our data according to a data classification policy and implement controls based upon
classification for our data.
Malware Protection
GE deploys malware protection of infrastructure and hosted GE Offerings. Automatic and manual
updates are applied to protect against new threats. Data of discovered threats is delivered real-
time to our Cyber Incident Response Team (CI RT) for action.
Data Retention
Data retention policies and procedures are defined and maintained in accordance with
regulatory, statutory, contractual, or business requirements applicable to us. We maintain
Customer Content as long as necessary to provide GE Offerings based on Customer
Agreements.
You must inform us with respect to any data retention requirements applicable to the customer
data we process as part of the GE Offerings. We provide the capabilities for customers to exercise
their rights related to the data we process, as described in our GE Privacv Policv. These include
rights to access, update, move etc. as afforded under applicable data protection laws.
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
Media Disposal
• Data on hard drives and rewritable storage media are disposed of by rewriting over data a
minimumof three times. Data on floppy disks, tapes, CD-ROM, and other non-writeable
storage media are destroyed securely by disintegration, pulverizing, or shredding.
• Customer Content is disposed of in accordance with the Customer Agreement. You are
responsible for setting and managing any customer data classification and retention
policies and procedures applicable to your Customer Content and informing us of the
same.
Technical Control Network Security. Incoming network communications between external networks and our
Environment internal GE production network are managed using controls that provide for identification,
authentication, authorization, and logging.
• Service monitoring includes network access to internal, external, and edge -facing GE
Offerings equipment (from the outside in) including, but not limited to, routers, switches,
bridges, firewalls, access points, broadband cards, and VPN devices, as well as Systems
accessto all IT, Development and Production systems including cloud and external storage.
• User identification and authentication is performed at the application level, even if
identificationwas made at the network level (unless single sign -on or multifactor
authentication has been implemented).
Encryption in Transit. We utilize a token -based Virtual Private Network ("VPN") to implement
multi -factor authentication for remote access connections to the secured GE Digital network. We
maintain Transport Layer Security ("TLS") for secure email transmission, Secure File Transfer
Protocol ("SFTP") for secure file transfers, and Secure Sockets Layer ("SSL") encryption for secure
internet transmissions.
Encryption in Storage. GE -managed laptops are encrypted using Advanced Encryption Standard
("AES") 256 encryption algorithm. We use a risk -based approach for implementation of encryption
at the operating system, database, and application layers, which is implemented by our local
Information Security Teams.
Vendor Onboarding. We perform an information security assessment of all suppliers and partners that
Management will have access to Customer Content or require a direct GE Digital network connection. On -site
assessments are performed as needed based on a risk assessment. We require our suppliers, at a
minimum, comply with the level of security in this document applicable to the services they
provide. Suppliers deemed to be high risk based on the sensitivity of Customer Content to which
they may have access may be required to comply with additional security controls.
Ongoing. Our suppliers are assessed on an ongoing basis at a frequency determined by their risk
rating. Any concerns discovered during an assessment are tracked to resolution.
Off boarding. When a supplier relationship ends, oursuppliers are required to return to us, and/or
delete all copies of Customer Content in their possession. Where appropriate, an off -boarding plan
is developed that describes how Customer Content is to be removed from the supplier's
environment. The plan is reviewed and approved by our IT management team, and with the
customer, as appropriate.
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
Incident Our incident management processes include the detection, triage, reporting, containment,
Management analysis, remediation, and coordination of responses to unauthorized intrusions on networks and
assets owned and managed by us as part of the GE Offerings. Our incident management team
incorporates cyber threat information into our response plan to help mitigate the effectiveness of
future attacks. We assess known threats and customize our enterprise tool suite to address
threats across our worldwide network. Our penetration testing team simulates real -world threats
faced by us.
Our cyber-incident response plan and its elements are tested regularly.
Each incident and test is analyzed to determine if changes in existing security practices are
necessary. Allreported incidents are logged, and the remedial action indicated.
GE Digital employees are required to report all security incidents immediately to the Cyber
Incident Response Team (CIRT). Reports of security incidents are escalated promptly.
Security breaches are investigated promptly. If criminal action is suspected, the CISO or CIO, in
conjunction with our Legal Team and other stakeholders, will determine whether to contact law
enforcement, data protection and investigative authorities.
Incidents involving personal data are managed in accordance with applicable data protection laws
and our GE Privacv Policv.
Business We maintain a framework to minimize the impact of business disruptive events on our business
Continuity operations globally. Our business continuity plans are validated for viability in the event of a
business disruptive event.
Compliance and We maintain a comprehensive framework to govern the control activities for GE Offerings.
Audit Changes to the framework are maintained by our Cyber Security team and, where applicable, new
or updated controls are implemented and/or evaluated against existing processes. We perform
periodic reviews of our processes. Our personnel who violate information security policies,
standards or procedures are subject to disciplinary action, up to and including, loss of computer
network access, discharge and/or legal action. Other users who violate our policies, standards or
procedures are subject to actions that include loss of computer access, termination of contracts,
and/or legal action.
Exceptions Any exceptions to our information security policies or standards must be approved by the CIO
or CISO, or appropriate delegate. The exceptions and mitigation plan must be documented.
Standards, We have adopted an ISO 27001-based security governance andcontrols framework for select
Certifications and products and services. Independent external audits are performed at least annually for continued
Audit certification under ISO27001. Certificates for GE products and services which are currently ISO -
certified will be made available upon request.
3. Customer Security Measures.
This section describes technical and organizational controls required from customers to protect the
confidentiality, integrity, and availability of Customer Content you provide to us as part of the GE Offerings
and the infrastructure supporting those GE Offerings.
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
Access • Perform all user administration of your users accessing our hosted GE Offerings. This
Management includes provisioning of unique user IDs and limiting use of shared accounts.
• Protect authentication credentials of your users accessing our hosted GE Offerings.
• Limit our access to Customer Data to the extent necessary for us to provide GE Offerings,
and minimize our processing of Customer Data in accordance with applicable data
protection laws.
Security . Protect your infrastructure, including computer systems and equipment used in
Management interactions with us through the use of malicious code prevention software, firewall
systems, Intrusion Detection Systems (IDS), Security Incident and Event Monitoring, up-
to-date software, and similar tools.
• Protect your Application and Programming Interfaces (APIs) used in interactions with us,
with securely designed, developed, deployed, and tested APIs in accordance with leading
industry standards (e.g., OWASP for web applications).
Data Protection • Provide classification details of Customer Content provided to us.
• Manage retention, corrections, updates, modifications -to and deletion of all Customer
Data.
• Ensure Customer Data that may legally be transferred to and processed by us and that
our access to Customer Data in connection with the Customer Agreement does not violate
any laws, regulations or contractual agreements applicable to such Customer Data.
Scan Customer Data for malware or vulnerabilities using industry -standard controls prior
• to transmission to us and ensuring that Customer Data does not contain any malware or
other vulnerabilities.
Enable encryption during data transmissions to the GE Offerings, and encrypt anyfiles
• hosted on the GE Offerings to meet your needs.
Implement and maintain privacy and security protections for components of the GE
• Offerings that you provide or control.
Notifying us promptly in the event of an actual or suspected securityorprivacyincidentrelating
• to Customer Data, or compromise of data or systemsrelated to our or your provision or use
of the GE Offerings.
Provide data retention requirements applicable to the Customer Data we process as
• part of the GE Offerings.
Set and manage any data classification and retention policies and procedures applicable
• to your Customer Content and informing us of the same.
Laws and To the extent you process any of our personal data in the course of receiving the GE
Regulations Offering under your Customer Agreement, you will comply with all applicable data
protection laws, and will only process our personal data in order to perform your
obligations under the Customer Agreement in accordance with our documented
instructions, or to comply with your legal and regulatory obligations applicable to such
data.
Breach You will notify us as soon as reasonably practicable upon becoming aware of a breach
Notification affecting personal data, and, where reasonably practicable, provide a copy of any proposed
notification and consider in good faith any comments made by us before notifying any
third parties, and provide all reasonable assistance required for us to comply with our
obligations under data protection laws.
7
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
4. Contact GE Digital.
If you are required to contact us as described in this Data Protection Plan, or wish to contact us for
any other reason related to the security or privacy of the GE Offerings or Customer Content, you may
contact us asdescribed in the Customer Agreement. For privacy -related inquiries, please see our
Privacv Policv.
Approval and Ownership
Owner
Title
Version
Date
History
Russ Dietz
CSO
v1.0
Dec 2019
Ross McIntyre
CISO
v1.1
January
2021
Ross McIntyre
CISO
V1.2
March
2023
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
GE PRIVACY POLICY
Privacy Policy
LANGUAGE
English
Last Updated December 15, 2020
The General Electric Company and its wholly and majority -owned entities (collectively, the "GE Group"),
respect your concerns about privacy. References in this Privacy Policy to "GE", "we", "us", and "our" are
references to the entity responsible for the processing of your personal information, which generally is
the entity that obtains your personal information.
This Privacy Policy applies to the personal information we obtain through the GE Group's properties,
including websites, mobile applications and social media pages that reference this Privacy Policy
("Online Channels"); offline collection in connection with sales, marketing, partner and supplier
engagement ("Offline Channels"); and third -party sources, including ad networks and lead brokers
(collectively, the "Channels"). This Privacy Policy does not apply to personal information obtained
through our Careers website, which is subject to the Candidate Privacy Notice available here, or to
products and services that post separate privacy policies.
This Privacy Policy describes the types of personal information we obtain through the Channels, how we
may use that personal information, with whom we may share it, and how you may exercise your rights
regarding our processing of the information. The Privacy Policy also describes the measures we take to
safeguard the personal information we obtain and how you can contact us about our privacy practices.
The Online Channels may provide links to other third -party websites and features, or contain third -party
cookies, that are not owned or controlled by the GE Group. Please review the privacy policies of these
third parties to familiarize yourself with their practices. You may also exercise your choices regarding
third -party cookies using our Cookie Consent Tool by clicking on "Cookies" at the bottom of the page for
the GE Business you are interested in managing cookie preferences for.
Personal Information We Obtain
We may obtain personal information through the Channels. The types of personal information we may
obtain include:
• contact information (such as name, phone and fax number, email and postal address) for you or
for others (e.g., principals in your business);
• information used to create your online account (such as username, password and security
question and answer);
• biographical and demographic information (such as date of birth, age, gender, job title/position,
marital status and dependent, spousal and other family information);
• purchase and customer service history;
• financial information (such as payment information, including name, billing address and
payment card details (i.e., card number, expiration date and security code); bank account
information; financial statements; income; and credit score);
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
• location data (such as data derived from your IP address, country and zip code) and the precise
geolocation of your mobile device where we have provided notice and choice, as appropriate;
• audio, electronic, or visual information;
• contact information you provide about friends or other people you would like us to contact;
• inferences about you, including about your preferences;
• clickstream data and other information about your online activities (such as information about
your devices, browsing actions and usage patterns), including across the Online Channels and
third -party websites, that we obtain through the use of cookies, web beacons and similar
technologies (see our Cookie Consent Tool); and
• other personal information contained in content you submit to us (such as through our " Co ntact
Us" feature).
In addition, in connection with our insurance and financial services products, we may obtain
government -issued ID numbers and Tax ID numbers, such as US Social Security numbers.
We use third -party web analytics services in connection with the Online Channels, including Google
Analytics, Adobe Analytics and Marketo, which use cookies and similar technologies to collect data (such
as IP addresses) to evaluate use of and interaction with the Online Channels. (You may learn about
Google's advertising features, including Google Analytics' currently available opt -out mechanisms, here.
To learn more about these and other analytics services and how to opt out, please view our Cookie
Consent Tool here.)
Please note that providing personal information to us is voluntary on your part. If you choose not to
provide us certain information, we may not be able to offer you certain products and services, and you
may not be able to access certain features of the Online Channels.
Cookies and Similar Technologies
Like most companies, GE uses cookies and similar technologies ("cookies") on our websites to
personalize and enhance your experience on our sites.
How We Use Cookies
Cookies contain small amounts of information which are downloaded to your device when you visit our
website. Cookies are sent back to our website to allow us to recognize your device.
Essential Cookies allow us to recognize your device to help you navigate efficiently to obtain the
information and services you have requested.
Analytical and Customization Cookies allow our site to remember your preferences such as language
selection, and help you to view information that is most relevant to your interests; these cookies also
help us to maintain and improve our websites by providing information on how visitors find and use the
sites, and how well the sites are performing.
Advertising Cookies may be used in some cases to make advertising messages more relevant to you.
Making Cookie Choices
You may see the list of GE and selected partner cookies on our website and make choices about those
cookies by visiting our Cookie Consent Tool, by clicking on "Cookies" at the bottom of the page for the
GE Business you are interested in managing cookie preferences for. In addition to our Cookie Consent
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
Tool, most browsers allow you to manage cookie preferences, If you decide to disable cookies on our
site, you may not be able to take full advantage of all our website features once you have done so.
Except for cookies that are essential to the operation of this website (Essential Cookies), you may make
choices about the cookies on this website. Please note that if you choose to manage cookies on our
websites, the Tool will place a cookie on your device to allow your choices to be honored.
Sharing Tools
To enhance your experience on our websites, we sometimes embed content and sharing tools from
other third -party sites, such as "like" buttons from social networking sites; these third -party sites may
also place and access cookies on your device. GE does not control the placement or access of these
third -party cookies. The third parties can be found in our Cookie Consent Tool. Please review the privacy
policies of these third parties to familiarize yourself with their practices. You may exercise choices
regarding third party cookies using our Cookie Consent Tool, by clicking on "Cookies" at the bottom of
the page for the GE Business you are interested in managing cookie preferences for.
How We Use Personal Information
We may use the personal information we obtain to:
• provide and administer our products and services;
• process and fulfill orders and keep you informed about the status of your order;
• communicate about and administer our products, services, events, programs and promotions
(such as by sending alerts, promotional materials, newsletters and other marketing
communications);
• conduct and facilitate surveys, sweepstakes, contests, focus groups and market research
initiatives;
• perform data analytics (such as market research, trend analysis, financial analysis and customer
segmentation);
• engage in ad retargeting and evaluate the effectiveness of our marketing efforts (including
through our participation in ad networks);
• provide customer support;
• process, evaluate and respond to requests, inquiries and applications;
• create, administer and communicate with you about your account (including any purchases and
payments);
• administer and register participants in our courses;
• provide investor services;
• conduct marketing and sales activities (including generating leads, pursuing marketing
prospects, performing market research, determining and managing the effectiveness of our
advertising and marketing campaigns and managing our brand);
• operate, evaluate and improve our business (such as by administering, enhancing and improving
our products and services; developing new products, services and Online Channels; managingour
communications and customer relationships; and performing accounting, auditing, billing,
reconciliation and collection activities);
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
• verify your identity and protect against and prevent fraud and other unlawful activity,
unauthorized transactions, claims and other liabilities, and manage risk exposure and quality;
• conduct investigations and comply with and enforce applicable legal requirements, relevant
industry standards, contractual obligations and our policies and terms (such as this Privacy
Policy and other Online Channels terms of use); and
• maintain and enhance the safety and security of our products, services, Online Channels,
network services, information resources and employees.
We may combine personal information we obtain through Online Channels with information we obtain
through Off line Channels, as well as other information, for the purposes described above. We may
anonymize or aggregate personal information and use it for the purposes described above and for other
purposes to the extent permitted by applicable law. We also may use personal information for
additional purposes that we identify at the time of collection. We will obtain your consent for these
additional uses to the extent required by applicable law.
Where required by applicable law, we will obtain your consent for the processing of your personal
information for direct marketing purposes.
The legal basis for GE processing your personal information as described above will typically be one of
the following:
• Your consent;
• Performance of a contract with you or a relevant party;
• Our legitimate business interests; or
• Compliance with our legal obligations.
Personal Information Sharing
We do not sell or otherwise disclose personal information about you except as described here or at the
time of collection.
• We may share personal information within the GE Group for the purposes described in this
Privacy Policy.
• We may share personal information with service providers we have retained to perform services
on our behalf (such as payment processing, order fulfillment, customer support and data
analytics). These service providers are contractually required to safeguard the information
provided to them and are restricted from using or disclosing such information except as
necessary to perform services on our behalf or to comply with legal requirements.
• We may share personal information with our joint marketing partners and other business
partners for the purposes described in this Privacy Policy, or in the case of processing that is
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
specific to a particular GE Business , as described in the Business privacy and / or information
handling practices notice.
• We may disclose personal information about you (1) if we are required or permitted to do so by
applicable law or legal process (such as a court order or subpoena), (2) to law enforcement
authorities or other government officials to comply with a legitimate legal request, (3) when we
believe disclosure is necessary to prevent physical harm or financial loss, (4) to establish,
exercise or defend our legal rights, (5) in connection with an investigation of suspected or actual
fraud or illegal activity or (6) otherwise with your consent.
• We reserve the right to transfer to relevant third -parties any information we have about you in
the event of a potential or actual sale or transfer of all or a portion of our business or assets
(including in the event of a merger, acquisition, joint venture, reorganization, divestiture,
dissolution or liquidation) or other business combination. In such case, we will require the
relevant third parties to provide comparable levels of protection as the GE Group provides with
respect to the information we share.
Data Transfers
We may transfer the personal information we collect through the Channels to, and store such data in,
other countries, including the U.S., which may have different data protection laws than the country in
which the information was provided. If we do so, we will transfer the personal information only for the
purposes described in this Privacy Policy. To the extent required by applicable law, when we transfer
your personal information to recipients in other countries, we will take measures to protect that
information. The GE Group has entered into Binding Corporate Rules governing our handling of personal
information of residents of the European Union. For further information about the GE Group's Binding
Corporate Rules, please click here.
The General Electric Company's privacy practices, described in this Privacy Policy, comply with the APEC
Cross Border Privacy Rules (CBPR) system. The APEC CBPR system provides a framework for
organizations to ensure protection of personal information transferred among participating APEC
economies. More information about the APEC framework can be found here.
Your Choices
We offer you certain choices in connection with the personal information we obtain about you. To
update your preferences, limit the communications you receive from us or submit a request, please
contact us as specified in the How To Contact Us section of this Privacy Policy.
You also may exercise choice over how information about your interests is used by ad networks to
deliver you relevant advertising. To learn how to opt out of ad network interest -based advertising in the
United States, please visit Digital Advertising Alliance, and the Network Advertising Initiative . In the
European Union, please visit European Interactive Digital Advertising Alliance. In Canada, to consent to
receiving electronic communications, please visit https://www.Re.com/ca/casl and, to learn how to opt
out of receiving electronic communications, please visit https://sc.ge.com/*casl-unsubscribe. The Online
Channels are not designed to respond to "do not track" signals received from web browsers.
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
To the extent provided by the law of your jurisdiction, you may have the right to (1) access certain
personal information we process about you and request details of that processing; (2) request that we
update, correct, amend, erase, or restrict your personal information or; (3) exercise your right to data
portability. Where provided by law, you may withdraw consent you previously provided to us or object
at any time to the processing of your personal information on legitimate grounds relating to your
particular situation, and we will apply your preferences going forward as appropriate. To request to
exercise these rights, please contact us as indicated in the How To Contact Us section of this Privacy
Policy. For more information, please see the "Individual Rights" section of our Binding Corporate Rules
here. To help protect your privacy and maintain security, we may take steps to verify your identity
before granting you access to the information. To the extent permitted by applicable law, a charge may
apply before we provide you with a copy of any of your personal information that we maintain.
Depending on your location, you may have the right to file a complaint with a government regulator if
you are not satisfied with our response. GE endeavors to respond to complaints within thirty days of
receipt.
How We Protect Personal Information Transmission
We maintain administrative, technical and physical safeguards, consistent with legal requirements
where the personal information was obtained, designed to protect against unlawful or unauthorized
destruction, loss, alteration, use or disclosure of, or access to, the personal information provided to us
through the Channels.
Retention of Personal Information
To the extent permitted by applicable law, we retain personal information we obtain about you as long
as (1) it is needed for the purposes for which we obtained it, in accordance with the provisions of this
Privacy Policy or (2) we have another lawful basis, stated in this Privacy Policy or at the point of
collection, for retaining that information beyond the period for which it is necessary to serve the original
purpose for obtaining the personal information.
Additional Information & Jurisdiction Specific Notices
• Notice to residents of Mainland China
• Notice to California Residents
• Notice Regarding Joint Use of Personal Data Under the Personal Information Protection Act of
Japan
• P erso nal D ata P ro cessing Po licv in Russia/ nofi ?K EHHE O flop RAKE OBP ABOT KH
nEP COHAIIbHbIX 4AHHbIX
• Notice to residents of Brazil
• Notice to Residents of South Africa
Children's Personal Information
The Online Channels are designed for a general audience and are not directed to children under the age
of 13. We do not knowingly collect or solicit personal information from children under the age of 13
DocuSign Envelope ID: F90548B1-F847-48EA-8EE1-725613045FD7
through the Online Channels. If we become aware that we have collected personal information from a
child under the age of 13, we will promptly delete the information from our records. If you believe that a
child under the age of 13 may have provided us with personal information, please contact us as
specified in the How To Contact Us section of this Privacy Policy.
Changes to Our Privacy Policy
This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our
information practices. We will indicate at the top of this Privacy Policy when it was most recently
updated.
How to Contact Us
If you have any questions or comments about this Privacy Policy or if you would like us to update
information we have about you or your preferences, please contact us by visiting our Feedback &
Inquiries Form or write to us at:
Attn: Chief Privacy Officer
General Electric Company
5 Necco Street
Boston, MA 02210
United States
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please
contact our U.S.-based third -party dispute resolution provider (free of charge) at htti3s://feedback-
form.truste.com/watchdog/request.
FoRTWORTH.
Routing and Transmittal Slip
DOCUMENT TITLE: GE Digital, LLC
M&C: CPN:
TO:
Todd Kay - Approver
Rick Lisenbee - Signer
GE Digital, Adam Michael — Signer
Shane Zondor — Approver
Jan Hale - Approver
Chris Harder - Signer
Taylor Paris - Signer
Dana Burghdoff - Signer
Ron Gonzales - Approver
Jannette Goodall - Signer
Allison Tidwell — Form Filler
Charmaine Baylor - Acceptor
Needs to be notarized:
Action Required:
❑ As Requested
❑ For Your Information
Signature/Routing and/or Recording
❑ Comment
❑ File
Water
Department
CSO:
�K
FOR CMO USE ONLY: Routing to CSO YES ❑ NO
DOC #:
INITIALS
❑ YES x NO
J6k
EXPLANATION
The attached contract needing your signature and/or approval is the agreement between GE Digital, LLC
and the Water Department for software, maintenance and support of the Human Machine Interface
software and Programable Logic Controller software at the Eagle Mountain Water Treatment Plant.
The total spending authority will be $50,000.00. The agreement will commence upon being signed by
Dana Burghdoff, ACM, and the term is one five-year block, with no renewals.
If you have any questions or concerns, feel free to call or email me.
Thank you,
Charmaine Baylor
Sr. IT Business Planner, Water IT
Fort Worth Water Department
200 Texas Street
Fort Worth, Texas 76102
Phone: (817) 392-6629
Email: Charmaine.bavlor(c,fortworthtexas.aov