Terms of Use

Website Terms of Use and Conditions

Website Terms of Use and Master Services Agreement (MSA) Terms & Conditions

Effective Date: September 05, 2025

WEBSITE TERMS OF USE

1) Acceptance & Changes - By using resilientexcellenceconsulting.com, you agree to these Terms and our Privacy Policy. We may update Terms by posting a new version.

2) Permitted Use & Acceptable Use - Use the site lawfully. Do not interfere with operation, attempt unauthorized access, scrape without consent, or transmit malware/spam or infringing/illegal content.

3) No Professional Advice - Site content is informational only and not legal, security, or compliance advice.

4) Intellectual Property - All content, logos, and trademarks are owned by REC or its licensors. Do not copy, modify, distribute, or create derivative works without permission.

5) Third‑Party Links - We are not responsible for third‑party sites or practices.

6) Disclaimers & Limitation of Liability - The site is provided “AS IS.” To the fullest extent permitted by law, REC disclaims all warranties and is not liable for indirect, incidental, special, or consequential damages. Maximum aggregate liability for site use is $100.

7) Indemnity - You agree to defend and indemnify REC for claims arising from your site use or breach of these Terms.

8) Governing Law & Venue - These Terms are governed by Indiana law. Exclusive venue lies in the state or federal courts located in Hamilton County, Indiana.

MASTER SERVICES AGREEMENT (MSA) – TERMS & CONDITIONS

Applies to: Consulting, assessments, training, documentation, audit readiness, and related services.

1) Scope & Deliverables - Scope, deliverables, fees, and timelines are defined in a Statement of Work (SOW) or order form, incorporated by reference.

2) Client Responsibilities - Provide timely access to systems, data, facilities, and personnel; ensure accuracy of information provided; maintain necessary licenses and permissions.

3) Fees & Payment - Unless otherwise stated: [e.g., 50% upfront; NET 15]. Late amounts may accrue [1.5% per month] or the maximum lawful rate. Client is responsible for applicable taxes.

4) Confidentiality - Each party will protect the other’s Confidential Information and use it only for the Engagement. Exceptions apply where information is public, independently known, or legally required to be disclosed.

5) Data Protection & Roles

• For website visitors and our own operations, REC acts as a controller.

• For Client-provided personal data we process under Client instructions, REC acts as a processor/service provider; the DPA applies.

6) Security Incident & Breach Notice - REC will notify Client without undue delay after confirming a personal-data breach affecting Client data, provide known details, cooperate on remediation, and support legally required notifications (including Indiana’s 45‑day rule for Indiana residents, where applicable).

7) Intellectual Property & License - Pre-existing IP remains each party’s property. Work Product produced for Client is licensed for Client’s internal business use unless the SOW provides otherwise. Resale of training/courseware requires REC’s written consent.

8) Warranties & Disclaimers - REC warrants services will be performed in a professional and workmanlike manner. EXCEPT AS EXPRESSLY STATED, SERVICES/DELIVERABLES ARE PROVIDED “AS IS,” WITHOUT OTHER WARRANTIES.

9) Limitation of Liability - REC’s aggregate liability for claims arising from an Engagement will not exceed the fees paid for the Engagement in the 12 months prior to the claim, excluding liability for third‑party IP infringement and REC’s willful misconduct.

10) Non‑Solicitation - During the Engagement and for 6 months thereafter, neither party will solicit for employment personnel directly involved in the Engagement (excluding general advertisements).

11) Termination - Either party may terminate for material breach not cured within 30 days of notice, or for convenience on [30] days’ notice (Client pays for work to termination date).

12) Governing Law; Disputes - Indiana law governs. Venue is Hamilton County, Indiana courts. The parties will attempt good‑faith negotiation/mediation before litigation.

ADDENDUMS

DATA PROCESSING ADDENDUM (DPA) – SUMMARY (Controller ↔ Processor)

Applies when REC processes personal data on Client’s documented instructions.

1) Subject Matter & Duration - As defined in the SOW; continues until deletion/return of data at the end of the Engagement.

2) Nature & Purpose - Security consulting, assessments, training, audit readiness, and related services.

3) Types of Data & Data Subjects - Business contact data, logs, and related information about Client’s employees, contractors, or customers provided by Client.

4) Processor Obligations - Process only on documented instructions; ensure confidentiality; implement appropriate security; assist with data‑subject requests, data protection assessments, and security incidents; delete/return data at end of Engagement; allow reasonable audits; flow down obligations to subprocessors and notify of material changes.

5) International Transfers - For EEA/UK personal data transferred to the U.S., the parties incorporate the EU Standard Contractual Clauses (2021/914) and the UK Addendum/IDTA, as applicable, with annexes completed via the SOW.

6) Security - Maintain administrative, technical, and physical controls proportionate to risk (e.g., access controls, MFA, encryption in transit/at rest where appropriate, logging/monitoring, secure SDLC).

7) Breach Notice - Notify Client without undue delay upon confirming a breach; cooperate in investigation, mitigation, and notifications.

U.S. COMPLIANCE ADDENDUM (High‑Level)

• Indiana: We align with the Indiana Consumer Data Protection Act standards and extend comparable rights to U.S. residents where feasible. We will meet Indiana breach‑notice requirements, including timely notice to affected residents and the Attorney General as applicable.

• State Patchwork: We track core obligations across U.S. state privacy laws (e.g., CA, CO, CT, UT, VA, TX, OR, NJ, DE, MT, IA, TN, FL, NH, MD, MN, RI and others) regarding consumer rights, data protection assessments, sensitive data rules, and opt‑out mechanisms.

• Opt‑Out Signals: We honor recognized signals such as Global Privacy Control (and Colorado’s state‑recognized mechanism) where required.

• Email & SMS: We comply with CAN‑SPAM (including a physical address and opt‑out in emails) and obtain prior consent for marketing texts/calls (TCPA).

EU/UK GDPR ADDENDUM (High‑Level)

• Principles & Bases: We process in accordance with GDPR principles (lawfulness, fairness, transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity/confidentiality). Lawful bases include contract, legitimate interests, consent, legal obligation, and—if applicable—explicit consent for special categories.

• Rights: Data subjects may access, rectify, erase, restrict, object, and port their data, and may withdraw consent at any time (without affecting prior processing). Complaints may be lodged with a supervisory authority.

• DPIA & Records: We support Client’s privacy impact assessments and maintain records as required.

• Transfers: We use the EU SCCs (and UK Addendum/IDTA) and take supplementary measures as appropriate for cross‑border transfers.

Resilient Excellence Consulting LLC  •  9783 E. 116th St, PMB 1082, Fishers, IN 46037  •  admin@resilientexcellenceconsulting.com