HomeMy WebLinkAbout23S161 - EBSCOHOSTCONTRACT ABSTRACT
Contract/Amendment
Name of Contract:
Company Name:
Company Contact:
Email:
Summary of Services:
Contract Price:
Contract Term:
Public Integrity/ Business
Disclosure Forms:
Contract Administration
Lead Department:
Contract Administrator/ Ext:
Contract Approvals
Council/City Manager Approval Date:
Agreement Number:
Amendment Number:
Contract Compliance
Exhibits: Signatures:
Insurance: Bonds:
Business License:
Sole Source Co-Op
CoOp Agmt #: Sole Source
Documents: CoOp Name:
CoOp Pricing:
By: Submitted on:
Contract Abstract Form Rev 6.13.23
Authorized Signers:
Name, Email
(Corporations require 2 signatures)
Ebscohost
Ebsco Publishing, Inc.
Lauren Weyburn
lweyburn@ebsco.com
Provides libraries access to electronic magazine and newspaper
articles through a database subscription service.
$57,921
5 Year Term
Yes
Alex Saltzman asaltzman@ebsco.com
Sam Brooks sbrooks@ebsco.com
Larry Klingaman
Information Technology
9/14/2023, 1P
23S161
Yes
No
No
Yes
N/A
Yes
6/28/23 Kendall Bradley
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 1 Standard License Agreement
www.ebsco.com
LAST UPDATED: January 2023
EBSCO LICENSE AGREEMENT
Standard
By using the services available at this site or by making the services available to Authorized Users, the
Authorized Users and the Licensee agree to comply with the following terms and conditions (the "Agreement").
For purposes of this Agreement, "EBSCO" is EBSCO Publishing, Inc.; the "Licensee" is the entity or institution that
makes available databases and services offered by EBSCO; the "Sites" are the Internet websites offered or
operated by Licensee from which Authorized Users can obtain access to EBSCO's Databases and Services; and
the "Authorized User(s)" are employees, students, registered patrons, walk-in patrons, or other persons
affiliated with Licensee or otherwise permitted to use Licensee's facilities and authorized by Licensee to access
Databases or Services. "Authorized User(s)" do not include alumni of the Licensee. "Services" shall mean
EBSCOhost, EBSCO Discovery Service, EBSCO eBooks, Flipster and related products to which Licensee has
purchased access or a subscription. "Services" shall also include audiobooks and eBooks to which a Licensee has
purchased access or a subscription and periodicals to which Licensee has purchased a subscription. "Databases"
shall mean the products made available by EBSCO. EBSCO disclaims any liability for the accuracy, completeness
or functionality of any material contained herein, referred to, or linked to. Publication of the servicing
information in this content does not imply approval of the manufacturers of the products covered. EBSCO
assumes no responsibility for errors or omissions nor any liability for damages from use of the information
contained herein. Persons engaging in the procedures included herein do so entirely at their own risk.
I. LICENSE
A.EBSCO hereby grants to the Licensee a nontransferable and non-exclusive right to use the Databases and
Services made available by EBSCO according to the terms and conditions of this Agreement. The Databases and
Services made available to Authorized Users are the subject of copyright protection, and the original copyright
owner (EBSCO or its licensors) retains the ownership of the Databases and Services and all portions thereof.
EBSCO does not transfer any ownership, and the Licensee and Sites may not reproduce, distribute, display,
modify, transfer or transmit, in any form, or by any means, any Database or Service or any portion thereof
without the prior written consent of EBSCO, except as specifically authorized in this Agreement.
B.The Licensee is authorized to provide on-site access through the Sites to the Databases and Services to any
Authorized User. The Licensee may not post passwords to the Databases or Services on any publicly indexed
websites. The Licensee and Sites are authorized to provide remote access to the Databases and Services only to
their patrons as long as security procedures are undertaken that will prevent remote access by institutions,
employees at non-subscribing institutions or individuals, that are not parties to this Agreement who are not
expressly and specifically granted access by EBSCO. For the avoidance of doubt, if Licensee provides remote
access to individuals on a broader scale than was contemplated at the inception of this Agreement then EBSCO
may hold the Licensee in breach and suspend access to the Database(s) or Services. Remote access to the
Databases or Services is permitted to patrons of subscribing institutions accessing from remote locations for
personal, non-commercial use. However, remote access to the Databases or Services from non-subscribing
institutions is not allowed if the purpose of the use is for commercial gain through cost reduction or
avoidance for a non-subscribing institution.
C.Licensee and Authorized Users agree to abide by the Copyright Act of 1976 as well as by any contractual
restrictions, copyright restrictions, or other restrictions provided by publishers and specified in the Databases or
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 2 Standard License Agreement
www.ebsco.com
Services. Pursuant to these terms and conditions, the Licensee and Authorized Users may download or print
limited copies of citations, abstracts, full text or portions thereof, provided the information is used solely in
accordance with copyright law. Licensee and Authorized Users may not publish the information. Licensee and
Authorized Users shall not use the Database or Services as a component of or the basis of any other publication
prepared for sale and will neither duplicate nor alter the Databases or Services or any of the content therein in
any manner, nor use same for sale or distribution. Licensee and Authorized Users may create printouts of
materials retrieved through the Databases or Services online printing, offline printing, facsimile or electronic
mail. All reproduction and distribution of such printouts, and all downloading and electronic storage of materials
retrieved through the Databases or Services shall be for internal or personal use. Downloading all or parts of the
Databases or Services in a systematic or regular manner so as to create a collection of materials comprising all or
part of the Databases or Services is strictly prohibited whether or not such collection is in electronic or print
form. Notwithstanding the above restrictions, this paragraph shall not restrict the use of the materials under the
doctrine of "fair use" as defined under the laws of the United States. Publishers may impose their own
conditions of use applicable only to their content. Such conditions of use shall be displayed on the computer
screen displays associated with such content. The Licensee shall take all reasonable precautions to limit the
usage of the Databases or Services to those specifically authorized by this Agreement.
D.Authorized Sites may be added or deleted from this Agreement as mutually agreed upon by EBSCO and
Licensee.
E.Licensee agrees to comply with the Copyright Act of 1976, and agrees to indemnify EBSCO against any actions
by Licensee that are not consistent with the Copyright Act of 1976.
F.The computer software utilized via EBSCO's Databases and Service(s) is protected by copyright law and
international treaties. Unauthorized reproduction or distribution of this software, or any portion of it, is not
allowed. User shall not reverse engineer, decompile, disassemble, modify, translate, make any attempt to
discover the source code of the software, or create derivative works from the software.
G.The Databases are not intended to replace Licensee's existing subscriptions to content available in the
Databases.
H.Licensee agrees not to include any advertising in the Databases or Services.
II.LIMITED WARRANTY AND LIMITATION OF LIABILITY
A.EBSCO and its licensors disclaim all warranties, express or implied, including, but not limited to, warranties of
merchantability, noninfringement, or fitness for a particular purpose. Neither EBSCO nor its licensors assume or
authorize any other person to assume for EBSCO or its licensors any other liability in connection with the
licensing of the Databases or the Services under this Agreement and/or its use thereof by the Licensee and Sites
or Authorized Users.
B.THE MAXIMUM LIABILITY OF EBSCO AND ITS LICENSORS, IF ANY, UNDER THIS AGREEMENT, OR ARISING OUT
OF ANY CLAIM RELATED TO THE PRODUCTS, FOR DIRECT DAMAGES, WHETHER IN CONTRACT, TORT OR
OTHERWISE SHALL BE LIMITED TO THE TOTAL AMOUNT OF FEES RECEIVED BY EBSCO FROM LICENSEE
HEREUNDER UP TO THE TIME THE CAUSE OF ACTION GIVING RISE TO SUCH LIABILITY OCCURRED. IN NO EVENT
SHALL EBSCO OR ITS LICENSORS BE LIABLE TO LICENSEE OR ANY AUTHORIZED USER FOR ANY INDIRECT,
INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR SPECIAL DAMAGES RELATED TO THE USE OF THE DATABASES OR
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 3 Standard License Agreement
www.ebsco.com
SERVICES OR TO THESE TERMS AND CONDITIONS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
C. Licensee is responsible for maintaining a valid license to the third-party resources configured to be used via
the Services (if applicable). EBSCO disclaims any responsibility or liability for a Licensee accessing the third-party
resources without proper authorization.
D. EBSCO is not responsible if the third-party resources accessible via the Services fail to operate properly or if
the third-party resources accessible via the Services cause issues for the Licensee. While EBSCO will make best
efforts to help troubleshoot problems, Licensee acknowledges that certain aspects of functionality may be
dependent on third party resource providers who may need to be contacted directly for resolution.
III. PRICE AND PAYMENT
A. License fees have been agreed upon by EBSCO and the Licensee, and include all retrospective issues of the
Product(s) as well as updates furnished during the term of this Agreement. The Licensee's obligations of
payment shall be to EBSCO or its assignee. Payments are due upon receipt of invoice(s) and will be deemed
delinquent if not received within thirty (30) days. Delinquent invoices are subject to interest charges of the
maximum rate allowed by law. Failure or delay in rendering payments due EBSCO under this Agreement will, at
EBSCO's option, constitute material breach of this Agreement. If changes are made resulting in amendments to
the listing of authorized Sites, Databases, Services and pricing identified in this Agreement, pro rata adjustments
of the contracted price will be calculated by EBSCO and invoiced to the Licensee and/or Sites accordingly as of
the date of any such changes. Payment will be due upon receipt of any additional pro rata invoices and will be
deemed delinquent if not received within thirty (30) days of the invoice dates.
B. Taxes, if any, are not included in the agreed upon price and may be invoiced separately. Any taxes applicable
to the Database(s) under this Agreement, whether or not such taxes are invoiced by EBSCO, will be the exclusive
responsibility of the Licensee and/or Sites.
IV. TERMINATION
A. In the event of a material breach of any of its obligations under this Agreement, Licensee shall have the right
to remedy the material breach within thirty (30) days upon receipt of written notice from EBSCO. Within the
period of such notice, Licensee shall make every reasonable effort and document said effort to remedy such a
material breach and shall institute any reasonable procedures to prevent future occurrences of such breaches. If
the Licensee fails to remedy such a material breach within the period of thirty (30) days, EBSCO may (at its
option) terminate this Agreement upon advanced written notice to the Licensee.
B. If EBSCO becomes aware of a material breach of Licensee's obligations under this Agreement or a breach by
Licensee or Authorized Users of the rights of EBSCO or its licensors or an infringement on the rights of EBSCO or
its licensors, then EBSCO will notify the Licensee immediately in writing and shall have the right to temporarily
suspend the Licensee's access to the Databases or Services. Licensee shall be given the opportunity to remedy
the breach or infringement within thirty (30) days following receipt of written notice from EBSCO. Once the
breach or infringement has been remedied or the offending activity halted, EBSCO shall reinstate access to the
Databases or Services. If the Licensee does not satisfactorily remedy the offending activity within thirty (30)
days, EBSCO may terminate this Agreement upon written notice to the Licensee.
C. The provisions set forth in Sections I, II and V of this Agreement shall survive the term of this Agreement and
shall continue in force into perpetuity.
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 4 Standard License Agreement
www.ebsco.com
V. NOTICES OF CLAIMED COPYRIGHT INFRINGEMENT
EBSCO has appointed an agent to receive notifications of claims of copyright infringement regarding materials
available or accessible on, through, or in connection with our services. Any person authorized to act for a
copyright owner may notify us of such claims by contacting the following agent: Kim Stam, EBSCO Publishing, 10
Estes Street, Ipswich, MA 01938; phone: 978-356-6500, fax: 978-356-5191; email: kstam@ebsco.com. In
contacting this agent, the contacting person must provide all relevant information, including the elements of
notification set forth in 17 U.S.C. 512.
VI. GENERAL
A. Neither Party will be liable or deemed to be in default for any delays or failure in performance resulting
directly or indirectly from any cause or circumstance beyond its reasonable control, including but not limited to
acts of God, war, riot, embargoes, acts of civil or military authority, rain, fire, flood, accidents, earthquake(s),
strikes or labor shortages, transportation facilities shortages or failures of equipment, or failures of the Internet.
B. This Agreement and the license granted herein may not be assigned by the Licensee to any third party
without written consent of Parties.
C. If any term or condition of this Agreement is found by a court of competent jurisdiction or administrative
agency to be invalid or unenforceable, the remaining terms and conditions thereof shall remain in full force and
effect so long as a valid Agreement is in effect.
D. If the Licensee and/or Sites use purchase orders in conjunction with this Agreement, then the Licensee and/or
Sites agree that the following statement is hereby automatically made part of such purchase orders: "The terms
and conditions set forth in the EBSCO License Agreement are made part of this purchase order and are in lieu of
all terms and conditions, express or implied, in this purchase order, including any renewals hereof."
E. This Agreement and our Privacy Policy represent the entire agreement and understanding of the parties with
respect to the subject matter hereof and supersede any and all prior agreements and understandings, written
and/or oral. There are no representations, warranties, promises, covenants or undertakings, except as described
in this Agreement and our Privacy Policy.
F. EBSCO grants to the Licensee a non-transferable right to utilize any IP addresses provided by EBSCO to
Licensee to be used with the Services. EBSCO does not transfer any ownership of the IP addresses it provides to
Licensee. In the event of termination of the Licensee's license to the Services, the Licensee's right to utilize such
IP addresses will cease.
G. All information that EBSCO collects when Licensee accesses, uses, or provides access to, the Databases and
Services is subject to EBSCO’s Privacy Policy, which is incorporated herein by reference. By accessing or using the
Databases and/or Services, you consent to all actions taken by EBSCO with respect to your information in
compliance with the Privacy Policy.
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 5 Standard License Agreement
www.ebsco.com
DATA PROCESSING ADDENDUM
This Data Processing Addendum (the “Addendum”) supplements the EBSCO License Agreement (the
“Agreement”) between the Customer (“Customer”) and EBSCO Publishing, Inc. (“EBSCO”).
1. Definitions
1.1 For the purpose of this Addendum the terms, “Controller,” “Processor,” “Data Subject,” “Personal
Data,” “Personal Data Breach,” “Processing,” “Subprocessor,” and “Supervisory Authority” shall
have the same meanings as in applicable Data Protection Legislation, and their related terms shall be
construed accordingly.
1.2 “Appropriate technical and organizational measures" shall be interpreted in accordance with
applicable Data Protection Legislation.
1.3 “Customer Personal Data” means the Personal Data that is provided by Customer to EBSCO or that is
processed by EBSCO on Customer’s behalf in connection with the Agreement.
1.4 “Data Protection Legislation” means all applicable data protection and privacy legislation in force
from time to time where EBSCO does business, including the General Data Protection Regulation,
Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”), the Privacy
and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC), the
California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100, et seq. (the “CCPA”), and all
other applicable laws and regulations relating to the Processing of Personal Data, including any
legislation that implements or supplements, replaces, repeals and/or supersedes any of the
foregoing.
1.5 “International Data Transfer” means the transfer (either directly or via onward transfer) of Personal
Data from within the European Economic Area/United Kingdom (as applicable) to a country not
recognized by the European Commission as providing an adequate level of protection for Personal
Data (as described in the GDPR).
1.6 “User Personal Data” means the Personal Data provided directly by Customer’s end users to EBSCO
through the products and services purchased by Customer.
2. Data Processing: EBSCO as Processor for Customer
2.1 Where Customer Personal Data is processed by EBSCO, EBSCO will act as the Processor and the
Customer will act as the Controller.
2.1.1 Subject Matter. The subject matter of the Processing is the Customer Personal Data.
2.1.2 Duration. The Processing will be carried out for the duration set forth in the Agreement.
2.1.3 Nature and Purpose. The purpose of the Processing is the provision of products and
services to the Customer purchased by the Customer from time to time.
2.1.4 Type of Customer Personal Data and Data Subjects. Customer Personal Data consists of
the following categories of information relevant to the following categories of Data
Subjects:
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 6 Standard License Agreement
www.ebsco.com
(a) Representatives of Customer: name, address; email address; billing information;
login credentials; geolocation data; and professional affiliation.
(b) Customer’s end users of the EBSCO products and services purchased by Customer
(where personalized account information is provided to EBSCO by Customer):
name; address; and email address.
2.2 EBSCO shall not Process Customer Personal Data other than on the Customer’s documented
instructions (as set forth in this Addendum or the Agreement or as otherwise directed by Customer
in writing). EBSCO will not Process Customer Personal Data for any purpose, including for any
commercial purpose, other than for the specific purpose of performing the services specified in the
Agreement. If Processing of Customer Personal Data inconsistent with the foregoing provisions of
this section is ever required by applicable Data Protection Legislation to which EBSCO is subject,
EBSCO shall, to the extent permitted by applicable Data Protection Legislation, inform the Customer
of that legal requirement before proceeding with the relevant Processing of that Customer Personal
Data.
2.3 EBSCO will notify Customer promptly if an instruction for the Processing of Customer Personal Data
infringes applicable Data Protection Legislation.
2.4 EBSCO shall ensure that all personnel who have access to and/or Process the Customer Personal Data
are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
2.5 EBSCO shall, in relation to the Customer Personal Data, implement appropriate technical and
organizational measures to protect against unauthorized or unlawful Processing of Customer
Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data.
When considering what measure is appropriate, each party shall have regard to the state of good
practice, technical development and the cost of implementing any measures to ensure a level of
security appropriate to the harm that might result from such unauthorized or unlawful Processing or
accidental loss or destruction, and to the nature of the data to be protected.
2.6 EBSCO shall assist Customer, taking into account the nature of the Processing, (A) by appropriate
technical and organizational measures and where possible, in fulfilling Customer’s obligations to
respond to requests from data subjects exercising their rights under Applicable Data Protection
Legislation; (B) in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR,
taking into account the nature of the Processing and the information available to EBSCO; and (C) by
making available to Customer all information reasonably requested by Customer for the purpose of
demonstrating that Customer’s obligations relating to the appointment of processors as set out in
Article 28 of the GDPR have been met.
2.7 EBSCO shall promptly notify Customer upon becoming aware of any confirmed Personal Data Breach
affecting the Customer Personal Data.
2.8 Upon termination of the Agreement, EBSCO shall, at Customer’s election, securely delete or return
Customer Personal Data and destroy existing copies unless preservation or retention of such
Customer Personal Data is required by any applicable law to which EBSCO is subject.
2.9 EBSCO shall allow Customer and Customer’s authorized representatives to access and review up-to-
date attestations, reports, or extracts thereof from independent bodies (e.g., external auditors, data
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 7 Standard License Agreement
www.ebsco.com
protection auditors) or suitable certifications, or to conduct audits or inspections to ensure
compliance with the terms of this Addendum. Any audit or inspection must be conducted during
EBSCO’s regular business hours, with reasonable advance notice to EBSCO and subject to reasonable
confidentiality procedures. In addition, audits or inspections shall be limited to once per year.
EBSCO shall, in the event of third-party subprocessing that is subject to Data Protection Legislation,
(A) inform Customer and obtain its prior written consent (execution of this Addendum shall be
deemed as Customer’s prior written consent to such third-party subprocessing); (B) provide a list of
third-party Subprocessors upon Customer’s request; and (C) inform Customer of any intended
changes to third-party Subprocessors, and give Customer a reasonable opportunity to object to such
changes. If EBSCO provides Personal Data to third-party Subprocessors, EBSCO will include in its
agreement with any such third-party Subprocessor terms which offer at least the same level of
protection for the Customer Personal Data as those contained herein and as are required by
applicable Data Protection Legislation.
3. Data Processing: EBSCO as Joint Controller With Customer
3.1 EBSCO and Customer shall act as joint Controllers with respect to User Personal Data.
3.2 EBSCO shall be responsible for providing Customer’s end user Data Subjects with the information
required under GDPR Articles 13 and 14 (including by identifying a contact point for Data Subjects)
before processing User Personal Data, and with informing Customer’s end users of the essence of
EBSCO’s arrangement with Customer.
3.3 EBSCO shall provide Customer’s end user Data Subjects with the ability to exercise their individual
rights with respect to User Personal Data within a self-service portal.
4. International Data Transfer
4.1 To the extent that any Customer Personal Data is subject to any International Data Transfer, the
parties agree to be bound by, and all terms and provisions of the Controller to Processor Standard
Contractual Clauses adopted by the European Commission (“Processor Model Clauses”) shall be
incorporated by reference to this Addendum with the same force and effect as though fully set forth
in this Addendum, wherein:
4.1.1 Customer is the “data exporter” and EBSCO International, Inc. is the “data importer;” and
4.1.2 The provisions of Module Two are incorporated; the provisions under Modules One,
Three, and Four, the footnotes, and Clauses 9, 11(a) Option and 17 Option 1 are omitted;
the clauses shall be governed by the law of Ireland; and the competent supervisory
authority is Ireland.
4.2 To the extent that any User Personal Data is subject to any International Data Transfer, the parties
the parties agree to be bound by, and all terms and provisions of the Controller to Controller
Standard Contractual Clauses adopted by the European Commission (“Controller Model Clauses”)
shall be incorporated by reference to this Addendum with the same force and effect as though fully
set forth in this Addendum, wherein:
4.2.1 Customer is the “data exporter” and EBSCO is the “data importer;” and
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 8 Standard License Agreement
www.ebsco.com
4.2.2 The provisions of Module One are incorporated; the provisions under Modules Two,
Three and Four, the footnotes, and Clauses 9, 11(a) Option and 17 Option 1 are omitted;
the clauses shall be governed by the law of Ireland; and the competent supervisory
authority is Ireland.
4.3 The Processor Model Clauses and Controller Model Clauses shall be collectively, the “Standard
Contractual Clauses.” The applicable version of the Standard Contractual Clauses is those which were
approved by the European Commission on June 4, 2021. In the event that the Standard Contractual
Clauses are updated, replaced, amended or re-issued by the European Commission (with the
updated Standard Contractual Clauses being the “New Contractual Clauses”) during the term of this
Addendum, the New Contractual Clauses shall be deemed to replace the Standard Contractual
Clauses and the parties undertake to be bound by the terms of the New Contractual Clauses effective
as of the date of the update (unless either party objects to such change) and the parties shall execute
a form of the New Contractual Clauses.
4.4 The descriptions required by the Annexes of the Standard Contractual Clauses are replaced by the
information in Schedule 1, Schedule 2, and Schedule 3 of this Addendum.
4.5 To the extent that the UK Information Commissioner’s Office issues any standard contractual clauses
for the purpose of making lawful International Data Transfers during the term of this Addendum that
will impact the transfers of Customer Personal Data or User Personal Data (with such clauses being
the “UK Standard Contractual Clauses”), to the extent possible, the UK Standard Contractual Clauses
shall be deemed to be incorporated into this Addendum and the parties undertake to be bound by
the terms of the UK Standard Contractual Clauses effective as of the date of their issuance (unless
either party objects to such change) and the parties shall execute a form of the UK Standard
Contractual Clauses.
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 9 Standard License Agreement
www.ebsco.com
Schedule I
List of Parties and Description of
Data Transfers
A. LIST OF PARTIES
Data exporter(s): [Identity and contact details of the data exporter(s) and, where applicable, of its/their data
protection officer and/or representative in the European Union]
1. Name:
Address:
Contact person’s name, position and contact details:
Activities relevant to the data transferred under these Clauses:
Signature and date:
Role (controller/processor): Controller and Joint Controller
2. Additional Information: EBSCO and Customer shall act as Joint Controllers with respect to User Personal
Data (as defined in the Agreement). The Joint Controllers shall perform the following responsibilities
accordingly:
Customer EBSCO
- Personalization: Customer decides whether
to enable features of personalized accounts
in product
- Authorize the processing of end user data by
EBSCO via the Agreement between parties
o Provide legal basis for processing end
user data
o Establish the purposes and scope of
processing
- Implementation of technical and
organizational measures to ensure security of
network
o Access controls – provide guidelines
to EBSCO for authorizing who may
access the product under the
customer’s subscription
- Data Subject Access Requests
o As needed, provides details of
requests to EBSCO if request is
received by Customer from end users
(in the event that an end user
submits a request through Customer
rather than through EBSCO)
- Implementation of organizational and
technical measures
o See Annex II and Security Whitepaper
for details
- Maintenance and support of product
o Security patches
o Feature updates
o Technical support
o Availability and up-time
- Data storage, including backups - Establish the purposes and scope of
processing via the Agreement between
Parties
- Data Subject Access Requests
o Receives and processes Data Subject
Access Requests and honors the data
subject rights of information, access,
rectification, erasure, restricted
processing, data portability, right to
object, and the right to avoid
automated decision-making
o Manages the contact form, email
address, and phone number for
intake of privacy requests
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 10 Standard License Agreement
www.ebsco.com
Customer EBSCO
o Upon request, notifies customer of
data subject request
- Provide legal basis for processing end user
data
o Agreement between parties
establishes contract to provide
services
o Collection of individual consent and
acceptance of terms of use, privacy
policy, etc. from end users - Incident response
o Implementation of process
o Notification of customer
- Subprocessors - vetting and notifying
customer of new subprocessors
- Privacy Risk Assessments – conduct PRA/DPIA
as needed for vendors, features, products,
etc. which process personal information
Data importer(s):
For Customer Personal Data:
1. Name: EBSCO International, Inc.
Address: 10 Estes Street, Ipswich, MA 01938
Contact person’s name, position and contact details:
Activities relevant to the data transferred under these Clauses: Academic and scholastic research
Signature and date:
Role (controller/processor): Joint Controller and Processor
2. Additional Information: Customer will act as the Controller of Customer Personal Data where Customer
Personal Data is processed by EBSCO. EBSCO will act as the Processor of Customer Personal Data.
“Customer Personal Data” means the Personal Data that is provided by Customer to EBSCO or that is
processed by EBSCO on Customer’s behalf in connection with the Agreement.
For User Personal Data:
1. Name: EBSCO International, Inc.
Address: 10 Estes Street, Ipswich, MA 01938
Contact person’s name, position and contact details:
Activities relevant to the data transferred under these Clauses: Academic and scholastic research,
creation and creation of user profiles
Signature and date:
Role (controller/processor): Joint Controller and Processor
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 11 Standard License Agreement
www.ebsco.com
2. Additional Information: Customer will act as the Controller of User Personal Data where User Personal
Data is processed by EBSCO. EBSCO will act as the Joint Controller of User Personal Data.
“User Personal Data” means the Personal Data provided directly by Customer’s end users to EBSCO
through the products and services purchased by Customer.
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred: Entity information required for handling the
subscription and users of applications, including but not limited to students, teachers, employees, authors.
Categories of personal data transferred: First name, last name, email address, authentication information,
search information, research notes.
Sensitive Data transferred (if applicable), and applied restrictions or safeguards that fully take into
consideration the nature of the data and the risks involved: Not Applicable.
The frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis):
Continuous.
Nature of the processing: Providing access to EBSCO databases; storing user information in customized profiles;
facilitating the retrieval of user search history.
Purpose(s) of the data transfer and further processing: To perform the obligations between the parties, per the
Agreement, to provide research tools, to personalize the experience and to prevent harvesting. The period for
which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: As
long as reasonably necessary, some personalization information will be held until deletion is requested by a
customer or user.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing:
Subject Matter: First name, last name, email address, authentication information, search information, research
notes
Nature of processing: The nature of processing includes the following: Data storage and software delivery,
consent management, fulfilling data subject rights requests. Please also see Annex III, List of Subprocessors, for
comprehensive information about how specific subprocessors process data.
Duration: Continuous
C. COMPETENT SUPERVISORY AUTHORITY
The competent supervisory authority, in accordance with Clause 13, is the Supervisory Authority of Ireland.
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 12 Standard License Agreement
www.ebsco.com
Schedule II
Technical and Organizational
Measures Including Technical and
Organizational Measures to Ensure
the Security of Data
EBSCO shall maintain and use appropriate safeguards to prevent the unauthorized access to or use of Customer
Personal Data and to implement administrative, physical and technical safeguards to protect Customer Personal
Data. Such safeguards shall include:
1. Network and Application Security and Vulnerability Management:
a. Measures of pseudonymization and encryption of personal data:
Personal data is encrypted at rest using the 256-bit Advanced Encryption Standard (AES-256),
and in transit using Transport Layer Security (TLS) encryption. Cryptographic key management
is in place as outlined in National Institute of Science and Technology (NIST) standard 800-57.
b. Measures for ensuring ongoing confidentiality, integrity, availability and resilience of
processing systems and services:
EBSCO has an ongoing commitment to certification against relevant International
Organization for Standardization (ISO) standards, including ISO standards 27001, 27017,
27018 and 27701 both on-premise and at Amazon Web Services (AWS) managed data
centers. EBSCO is hosted both within the Amazon Web Services platform and within legacy on
premise data centers in Ipswich, MA and Boston, MA. Applications and data are distributed
for purposes of high availability and resilience. Features such as automatic recovery and
automatic scaling have been implemented. Applications together with their container
configuration can be redeployed within minutes, if necessary.
c. Measures for ensuring the ability to restore the availability and access to personal data in a
timely manner in the event of a physical or technical incident:
All applications and data are distributed across multiple nodes and the nodes are distributed
across multiple availability zones within Amazon Web Services to ensure high availability of
the service. The use of a container-based architecture further helps to ensure high availability
of the service. For example, applications automatically restart if they encounter issues and if a
specific node fails, it is removed from service and traffic is directed to the remaining ‘healthy’
nodes. Where appropriate, nodes are set to automatically scale to handle unexpected spikes
in traffic. Regular service management meetings review the performance and future capacity
needs of the service. The infrastructure enables horizontal and vertical scaling to be
implemented with significantly reduced lead times compared to a physical infrastructure.
For our legacy on premise, EIS employs two concurrent data centers with failover capabilities
in the event that one of the sites experiences an outage. EBSCO’s on-premise data centers are
protected with uninterruptable power supplies, fire suppression systems and limited access
only to personnel necessary for the ongoing operation of the data centers.
EBSCO continuously monitors service availability. The current status can be found here:
https://status.ebsco.com/
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 13 Standard License Agreement
www.ebsco.com
d. Processes for regularly testing, assessing, and evaluating the effectiveness of technical and
organizational measures in order to ensure the security of the processing:
EBSCO contracts third party penetration testing on an annual basis. In addition, vulnerability
scans are conducted through an automated code deployment pipeline. Our production
environment is scanned continuously. We employ a managed 24/7 security operations team
to continuously monitor our environment. EBSCO regularly applies security updates to our
environment following our comprehensive vulnerability management process. These updates
are done on a rolling basis using a Scaled Agile Framework for Enterprises (SAFe).
Organizational measures are reviewed twice annually, through an internal audit as well as an
external audit conducted on an annual basis by accredited third party auditors. In addition,
regular access reviews to sensitive data and systems are conducted on a regular basis.
EBSCO continually evaluates the security of its network and associated Services to determine
whether additional or different security measures are required to respond to security risks or
findings generated by periodic reviews.
e. Measures for the protection of data during transmission:
All data is encrypted in transit using TLS, both from the users’ browser to the applications as
well as data in transit between EBSCO systems and subprocessors.
f. Measures for the protection of data during storage:
Personal Data is encrypted at rest using the 256-bit Advanced Encryption Standard (AES-256).
All data storage is isolated from the public internet by a dedicated firewall to ensure only
EBSCO personnel can access the database.
g. Measures for ensuring system configuration, including default configuration:
Standardized system configurations are enforced through automated code deployment
pipelines where appropriate.
h. Measures for internal IT and IT security governance and management:
EBSCO’s Governance Risk and Compliance (GRC) Team maintains the EBSCO Information
Security and Privacy Management system (ISPMS). The ISPMS is continuously monitored and
improved to conform to or exceed the standards required by ISO 27001, ISO 27701, ISO
27017, and ISO 27108. The EBSCO ISPMS is comprised of the ISMS-Information Security
Management System and PIMS-Privacy Information Management System. External and
internal audits of the ISPMS are performed on an annual basis. Security logs are monitored
continuously.
i. Measures for certification/assurance of processes and products:
In addition to the measures for internal IT management and IT security governance above,
regular, mandatory training is delivered through an online learning platform to ensure all staff
are familiar with their responsibilities and up to date with policies and procedures. Clear
processes are in place to manage security related incidents and to liaise with law enforcement
if required.
j. Measures for ensuring data minimization:
EBSCO follows best practices for minimizing data attributes to only those needed to perform
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 14 Standard License Agreement
www.ebsco.com
required functions and allow its customers and user patrons the ability to extend the
minimum default data set if required.
k. Measures for ensuring data quality:
Institutions and end users have the ability to review and update their information through a
self-service module, or through contacting EBSCO according to the Privacy Policy. Where
applicable, data validation controls are implemented in our environment.
2. Logical access controls:
a. Measures for user identification and authorization:
A small number of the EBSCO Team with responsibilities for administering and supporting the
system have access to the production environment and databases. This is strictly controlled
by role and requires two-factor authentication to gain access.
Customer Administrator access to end user data is only possible through using an
EBSCOadmin administrator account. Only personnel designated by the customer and a small
number of EBSCO’s privileged users have access to this information.
Customers have the ability to set up different authentication options. Options include, but are
not limited to, integration through Single Sign On (SSO) using SAML 2.0, username and
password, IP whitelist authentication, patron ID, Google Campus Activated Subscriber Access
(CASA), Universal CASA and Cookies.
3. Secure media disposal controls:
a. Measures for ensuring limited data retention:
It is vital that personal data stored within EBSCO’s systems meets the requirements for data
privacy and protection and part of that is ensuring personal data is not retained beyond what
is necessary for the defined purpose.
In many cases, EBSCO allows the ability for customers to anonymize end user data by
pseudonymized SSO configuration or removing the option for User Patrons to personalize.
b. Measures for allowing data portability and ensuring erasure:
Upon request or through the self-service module, EBSCO customers can extract Database
Usage Reports, Interface Usage Reports, Link Activity Reports, Login Usage Report and Title
Usage Reports. This data can also be obtained upon request at contract termination, or at any
time through EBSCOadmin.
4. Logging Controls:
a. Measures for ensuring events logging:
EBSCO allows customers to view database usage reports, interface usage reports, link activity
reports, login usage reports and title usage reports through EBSCOadmin.
EBSCO employs Security Information and Event Management (SIEM) logs across our resources.
These logs are monitored internally by our information security team and 24/7 managed
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 15 Standard License Agreement
www.ebsco.com
security operations center (SOC). No customer action is required, and customers do not have
access to these internal logs.
5. Personnel Controls:
Contracts for new staff and the onboarding process emphasize individual responsibilities for
information security and the potential penalties for misuse. Staff resignations trigger an automated
process to ensure access rights to EBSCO’s systems are revoked in a timely fashion.
The IT Acceptable Use Agreement covers the acceptable use of EBSCO’s information assets. It is issued
to both permanent and contract staff and forms part of the induction for new starters.
Security awareness training is delivered through EBSCO’s online training platform. It is delivered at
least annually and is mandatory for all employees.
6. Physical security and environmental controls:
a. Measures for ensuring physical security of locations at which personal data are processed:
EBSCO is committed to ensuring the safety of its employees, contractors and assets and takes
the issue of physical security very seriously. EBSCO has a comprehensive set of physical
security controls which ensure that its data centers and offices are sufficiently protected.
Access to data centers is limited only to necessary personnel, and all access is logged and
reviewed for abnormalities.
EBSCO also contracts with AWS for the processing of customer data. AWS provides world class
security within their hosted data centers. For more information on physical security in AWS
hosted environments see: https://aws.amazon.com/compliance/datacenter/controls.
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 16 Standard License Agreement
www.ebsco.com
Schedule III
List of Subprocessors
MODULE TWO: Transfer controller to processor
Last Updated: October 18, 2022
The controller has been notified of the use of the subprocessors listed below may be utilized at the time of
contract execution. For an updated list of subprocessors, please see www.ebsco.com/subprocessors.
Data Center Facility Providers
The following providers are used to store EBSCO data and deliver EBSCO products and services.
Name Purpose Location
Amazon Web Services (AWS)
Most EBSCO products primarily use
AWS for data storage and software
delivery
United States for most products.
Certain software products allow
customers to choose hosting options
in other regions
Markley Group EBSCO uses the Markley data center
as backup to its main on-premises
legacy data center in Ipswich, MA
United States
Software as a Service
The various software packages below are used to monitor, manage and/or enhance the platform
Name Purpose Location
Alation Data cataloging United States
Amplitude Application metrics and analysis tool United States
Auth0 SSO authentication services United States
ChurnZero Product usage analysis United States
FullStory Application metrics and analysis tool United States
OneTrust Data Subject Access Right request
software and consent management
forms
United States
Optimizely Application feature optimization,
experimentation and rollout tool
United States
Osano Cookie management United States
Snowflake Data warehousing United States
Navisite (Velocity Cloud) Software delivery platform, hosting
and services
United States
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Page | 17 Standard License Agreement
www.ebsco.com
Staff Augmentation
EBSCO augments its internal staff with assistance from the following staffing providers
Name Purpose Location
InfoSys Software development support India
EPAM Software development support India, Europe
NES Customer support—NES staff work
within EBSCO-managed offices using
EBSCO-managed workstations
India
Resold Products
EBSCO resells the following products that hold personal information
Name Purpose Location
OpenAthens (Jisc) Optional single sign-on product for
customers
United Kingdom
Thought Industries (Accel5) Accel5, a business skills product, is
managed by Thought Industries
United States
Marketing/Administrative Subprocessors
As part of the marketing, billing and administrative process, EBSCO uses these vendors to process purchaser and
prospect data on EBSCO.com. EBSCO does not share account information on end users for institutionally
purchased products such as EBSCOhost, EBSCO Discovery Service, DynaMed, etc., with these subprocessors.
Name Purpose Location
Adobe Marketing United States
Celigo Sales and prospecting support tools United States
CyberSource Payment processing United States
DocuSign Contract management United States
Facebook Marketing pixels United States
Microsoft Email, Office 365 United States
OptInMonster Marketing United States
Qlik Data analytics United States
Shopify Direct-to-consumer product purchasing United States
Stripe Payment Processing United States
Google Analytics EBSCO.com marketing pixels United States
NetSuite (NetCRM) Customer Relationship Manager United States
SalesForce Customer Relationship Manager United States
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Revised 4.13.23 Page 11 of 17
IN WITNESS WHEREOF, the Parties have executed this Agreement as of the dates stated
below.
CONTRACTOR:
By: _______________________________________By: _________________________________________
Signature Signature
(2nd signature required for Corporations)
Date:Date:
CITY OF PALM SPRINGS:
APPROVED BY CITY COUNCIL:
Date: 9/14/23 Item No. : 1P
APPROVED AS TO FORM: ATTEST:
By: ___________________________ By: _______________________________
City Attorney City Clerk
APPROVED:
By: _______________________________ Date:
City Manager – over $50,000
Deputy/Assistant City Manager – up to $50,000
Director – up to $25,000
Manager – up to $5,000
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
9/25/2023 10/8/2023
10/10/2023
Quotation Proposal Provided for:
PALM SPRINGS PUBLIC LIBRARY
Submitted by: EBSCO
Prepared by: LAUREN WEYBURN
Phone: (978) 414-0463
Email: lweyburn@ebsco.com
Date of quote: June 27, 2023
Offer Valid for 90 days from date of quote
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
Products
PS PL: Custom 5-Year Database Package with Annual Billing $57,921.00
Term (in months)Price
MasterFILE Reference eBook Subscription-1 60
MasterFILE Premier : HOST 60
Newspaper Source Plus-1 60
Total:$57,921.00
The above excludes all applicable tax
Offer expires September 25, 2023 Currency: USD
Product
Descriptions
MasterFILE Premier
Designed specifically for public libraries, this database provides full-text magazines, reference books and primary source documents.
It also includes an extensive image collection containing photos, maps and flags.
Newspaper Source Plus
Newspaper Source Plus provides a full-text digital collection of the world's major news content. It includes millions of articles from
newspapers, newswires and news magazines. In addition, it offers television and radio transcripts and ongoing daily updates from
popular news sources.
Additional
Information Annual Price Outline Year 23-24: $11,130 Year 24-25: $11,353 Year 25-26: $11,580 Year 26-27: $11,811 Year 27-28: $12,047
Terms and
Conditions
Prices for EBSCO proprietary databases include unlimited local and remote access (for authorized users of the institution). EBSCO
Information Services price quotations are strictly prohibited from being placed on a library's homepage or anywhere else on the
World Wide Web. Payment terms net 30 days. Prices are subject to tax, if applicable. EDS pricing is contingent upon the customer
supplying catalog data to EBSCO in MARC record format.
(WSR773918)June 27, 2023 Valid through September 25, 2023
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292
June 16th 2023
RE: Sole Source Statement
Dear Jeannie Kays:
Please accept this letter as formal notice that EBSCO Information Services is the sole
source provider of Newspaper Source Plus and MasterFile Premier via the EBSCOhost®
proprietary search platform.
Should you have any questions or require further assistance, please do not hesitate to
contact me at your convenience.
Sincerely,
Lauren Weyburn
Senior Account Executive
EBSCO Information Services
lweyburn@ebsco.com
DocuSign Envelope ID: 05194B28-DB9D-4238-98C8-24776EB38292