Vendor Terms and Conditions

Current version of standard vendor terms and conditions

STANDARD VENDOR TERMS AND CONDITIONS

These standard vendor terms and conditions (the “Agreement”) is between GitLab Inc. with offices at 268 Bush Street, Suite 350, San Francisco, CA 94104 (or if a different corporate entity is listed as “GitLab” on a Transaction Document as defined below) ("GitLab" or “Customer”), and the provider of Deliverables and/or Products as set forth in a Transaction Document (as defined below). This Agreement is entered into on the earlier of GitLab and Vendor mutually agreeing, in writing, to a Transaction Document referencing this Agreement ("Effective Date"). For the avoidance of doubt, in the event the Transaction Document does not reference any agreement, the terms and conditions of this Agreement shall apply.

1. DEFINITIONS

1.1 “Accepted” means GitLab’s written confirmation of receipt of Deliverables or Products having been provided in a manner deemed appropriate by GitLab. “Acceptance” shall be deemed to occur on the date when, in the reasonable opinion of GitLab, the Deliverable(s) or Products conform to the requirements set forth in this Agreement, the Transaction Document and/or SOW.

1.2 “Affiliates” means any entity(ies) controlling, controlled by, and/or under common control with a party hereto, where “control” means the ownership of more than 50% of the voting securities of such entity.

1.3 “Agreement” means these Vendor Terms and Conditions and any/ all Transaction Documents mutually agreed to by the parties in writing.

1.4 “Confidential Information” means any proprietary information that was previously, is currently, or is subsequently disclosed by the Disclosing Party (defined herein) to the Receiving Party (defined herein) and (i) is or was identified as confidential or proprietary at the time of disclosure, or, if disclosed orally, which is or was identified as confidential or proprietary at the time of disclosure and such designation is confirmed orally or in writing no later than thirty (30) days after such disclosure, or (ii) the nature of such proprietary information and the manner of disclosure are such that a reasonable person would understand it to be confidential. Confidential Information includes, without limitation, all proprietary information which relates to GitLab’s business including, without limitation, business plans, financial data, customer information, marketing plans, technology, technical drawings, designs, schematics, algorithms, technical data, product plans, research plans, software, products, services, trade secrets, know-how, formulas, processes, ideas, and inventions (whether or not patentable).

1.5 “Deliverables” means the specific solution, end-product, or item to be created by Vendor, for GitLab, as documented in a SOW (defined herein) as part of a Transaction Document.

1.6 “Disclosing Party” means a party which discloses Confidential Information.

1.7 “Fees” means the amount(s) stated in an executed Transactional Document between the parties.

1.8 “Force Majeure” means events beyond the reasonable control of either party as defined herein.

1.9 “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

1.10 “GitLab” means GitLab Inc. and any GitLab Affiliate identified in a Transaction Document.

1.11 “GitLab Code of Conduct” means the published document, updated from time to time, found at https://handbook.gitlab.com/handbook/legal/partner-code-of-ethics/.

1.12 “GitLab Data” means all GitLab information or data, including without limitation, personal data and data otherwise defined by applicable data privacy laws and regulations used by Vendor in connection with the Agreement.

1.13 “Invoice” means Vendor’s document which outlines the Fees owed by GitLab pursuant to an executed Transaction Document. Invoices must include: (i) Vendor’s legal entity name, (ii) GitLab’s legal entity name (as stated on the Transaction Document), (iii) GitLab’s PO Number for the applicable purchase, (iv) the start date and/or end date of the Products and/or Professional Services (as defined below), (v) quantity, unit price, total price, applicable taxes, and identification of the Products and/or Professional Services.

1.14 “Order” Transaction Document for Products or licensed subscriptions.

1.15. “PO” means the purchase order, or similar document, provided by GitLab to Vendor. Each PO shall include a unique identification number (hereinafter referred to as “PO Number”).

1.16 “Products” means Vendor’s solution(s) which are identified in the Transaction Document, this includes support, maintenance and other elements which create the Product.

1.17 “Professional Services” means services identified in a Transaction Document. Professional Services includes all services and materials used in fulfilling obligations under an SOW.

1.18 “Receiving Party” means the party receiving Confidential Information.

1.19 “Statement of Work” or “SOW” means a Transaction document showing the task list, Deliverables or milestones (if applicable) outlining the items to be delivered under the Professional Services.

1.20 “Transaction Document” means the ordering agreement which states the purchase of Products and/or Professional Services by GitLab from Vendor in the form of a Statement of Work or Order. Such Transactional Document shall not be enforceable unless executed by GitLab or the GitLab Affiliate.

1.21 “Vendor” means the entity or entity subcontractor, employee, agent, or an Affiliate supplying Products and/or Professional Services to GitLab.

2. APPLICABILITY

2.1 All sales of Products and/or Professional Services by Vendor to GitLab are subject to this Agreement and the applicable Transaction Document. Terms and conditions of the Vendor (whether contained in an invoice, confirmation or otherwise) which in any way conflict, are inconsistent with, different from or in addition to this Agreement shall not be binding on GitLab. Such terms and conditions are expressly rejected and shall not be considered applicable unless expressly agreed to in writing by GitLab. The supply of Products and/or Professional Services to GitLab pursuant to any PO shall be conclusive evidence of Vendor’s approval of and consent to the terms and conditions herein contained in this Agreement. For the avoidance of doubt, in the event no terms and conditions are executed, or agreed to between the parties, this Agreement shall govern both parties rights and obligations.

2.2 All Professional Services shall be in accordance with this Agreement. Vendor shall not make any changes to the Professional Services without the written consent of GitLab. The Professional Services contemplated herein shall be set forth in a Statement of Work, as accepted by Vendor and GitLab in writing, which shall reference this Agreement.

3. TERMS OF PAYMENT

3.1 Unless otherwise agreed to between the parties in a Transaction Document, or similar agreement executed by GitLab, payment(s) shall be made in U.S. Dollars in accordance with the remittance instructions furnished by Vendor in an Invoice. Payment terms are net sixty (60) days from the date of receipt of Invoice.

3.2 GitLab shall have no obligation for payment of any amounts which are, (i) not agreed to in writing by GitLab, (ii) Deliverables that are not Accepted by GitLab, and/or (ii) in excess of the Fees stated in a Transaction Document.

3.3 In the event of an invoicing error, GitLab shall notify Vendor, in writing, as soon as possible, but not later than 30 days from receipt of invoice and the parties shall work in good faith to resolve any billing disputes. GitLab agrees that the undisputed portion of any invoice is due and payable in accordance with the payment terms herein or as mutually agreed to, in writing, in a Transaction Document.

3.4 Correct Vendor invoices must be submitted no later than ninety (90) days from the provisions of Professional Services and/or Products ("Late Invoices"). GitLab shall be relieved of payment obligations for Late Invoices. Correct invoices accurately reflect the quantity, pricing, and nature of

the Professional Services and/or Products as agreed to in the applicable Transaction Document. Applicable taxes owed by GitLab should be accurately itemized.

3.5 Vendor shall supply invoices and receive payments through the current procurement tool indicated by GitLab.

4. CONFIDENTIALITY

4.1 The Receiving Party agrees: (i) not to divulge to any third person any such Confidential Information, (ii) to give access to such Confidential Information solely to those employees with a need to have access thereto for purposes of this Agreement, and (iii) to take the same security precautions to protect against disclosure or unauthorized use of such Confidential Information that it takes with its own Confidential Information, but in no event will Receiving Party apply less than reasonable precautions to protect such Confidential Information. The Disclosing Party agrees that the foregoing shall not apply with respect to any information that the Receiving Party can document: (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party, (b) was in its possession or known by Receiving Party prior to receipt from the Disclosing Party, (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Confidential Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing Confidential Information pursuant to any judicial or governmental order, provided that the Receiving Party gives the Disclosing Party reasonable prior written notice of such disclosure to allow Disclosing Party to contest such order.

4.2 Each party acknowledges and agrees that the other may suffer irreparable damage in the event of a breach of Section 4 of this Agreement and that such party will be entitled to seek injunctive relief (without the necessity of posting a bond) in the event of any such breach.

5. RIGHT TO AUDIT

5.1 Subject to Vendor’s reasonable security and confidentiality procedures, GitLab, or any third party auditor retained by GitLab, may at any time, but not more frequently than once per year, during normal business hours, audit the books, records and accounts of Vendor to the extent that such books, records and accounts pertain to the sale of any Products and Services hereunder or otherwise relate to the performance of this Agreement by Vendor. Notwithstanding the foregoing, GitLab shall have the right to audit in excess of once per year if it has a reasonable belief that Vendor is in breach of obligations herein, or, in violation of applicable laws and regulation. Vendor shall maintain all such books, records, and accounts for a period of at least three (3) years after the date of expiration or termination of this Agreement. The Purchaser’s right to audit under this Section 5 and GitLab’s rights hereunder shall survive the expiration or termination of this Agreement for a period of three (3) years after the date of such expiration or termination.

5.2 Audit rights herein include, but are not limited, to service and operating controls, service level agreement reports/ certifications, compliance reporting applicable to Vendor, data privacy and confidentiality policy, payment card industry reports, if applicable, financial and insurance statements, business continuity and disaster recovery reports, information security, third party risk management, risk rating methodologies, billing, and subcontractors.

6. WARRANTIES

6.1 Vendor represents, warrants and covenants that: (a) the Products and Deliverables are free from defects in material and workmanship, (b) Professional Services will be provided in a professional and workman-like manner, (c) Products and Deliverables shall conform to the specifications represented by Vendor, (d) the Products and Deliverables will not infringe a third party’s intellectual property rights, (e) it will comply with the GitLab Code of Conduct, and (f) its performance under this Agreement will comply with all applicable laws, rules and regulations, including, but not limited to data privacy related laws, rules and regulations.

7. TERMINATION

7.1 Termination for Convenience. GitLab may terminate this Agreement, any SOW or Order, or all at any time, for no reason or for any reason, upon notice to Vendor. Upon receipt of notice of such termination, Vendor shall inform GitLab of the extent to which it has completed performance as of the date of the notice, and Vendor will collect and deliver to GitLab whatever Work Product then exists, if applicable. GitLab will pay Vendor for all Work acceptably performed through the date of notice of termination, provided that GitLab will not be obligated to pay any more than the payment that would have become due had Vendor completed and GitLab had accepted the Work. GitLab will have no further payment obligation in connection with any termination.

7.2 Upon termination or expiration of this Agreement, Vendor shall return or destroy any GitLab Confidential Information and provide written certification thereof.

8. FORCE MAJEURE

8.1 Neither party shall be liable to the other for delays or failures in performance resulting from causes beyond the reasonable control of that party, including, but not limited to, acts of God, labor disputes or disturbances, material shortages or rationing, local epidemics, pandemics, riots, acts of war, governmental regulations, communication or utility failures, or casualties and if applicable, local, national or international travel restrictions or disruptive required quarantines that last three (3) or more days (“Force Majeure”). In the event of a Force Majeure impact on the performance of either party, then the parties are immediately relieved of obligation to perform. From notice to vendor, GitLab is relieved of the payment obligation. As soon as is practical, but not more than sixty (60) days from written notice from one party to the other invoking rights under this provision, GitLab shall receive from Vendor a pro-rata refund of, any fees previously paid, from the date of notice to the end of the term.

9. INTELLECTUAL PROPERTY

9.1 Any inventions, products, designs, specification, drawings, technical information, data, tools, processes, techniques, computer programs, databases, user interfaces, know-how, notes, works of authorship software, or any other material furnished, or paid for, by GitLab shall: (i) remain or become GitLab’s property, (ii) be used by Vendor exclusively to provide the Products and/or Professional Services, (iii) be destroyed or returned, at GitLab’s sole option, to GitLab upon written request. Vendor hereby assigns and agrees to assign GitLab all right, title, and interest in and to the Deliverables. For the avoidance of doubt, the assignment of right, title, and interest shall not apply to Vendor Product(s) which are “off-the-shelf” and do not include any GitLab Confidential Information.

10. INSURANCE

10.1 Vendor shall be solely responsible for maintaining for itself and requiring its subcontractors and agents to maintain adequate insurance coverage that is standard and commercially reasonable for Vendor’s industry. Upon request, Vendor shall supply GitLab with certificates of insurance.

11. SUBCONTRACTORS

11.1 With respect to the delivery of Professional Services, which include Vendor access and/or use of GitLab Confidential Information, Vendor shall seek GitLab’s prior written approval prior to provision of Professional Services being performed by a third party. For the avoidance of doubt, Vendor shall at all times be liable for any acts or omissions taken by a third party subcontractor.

12. BUSINESS CONTINUITY PLAN & DISASTER RECOVERY

12.1 With respect to the provision of any SaaS Deliverables and/or software Products provided to GitLab, Vendor shall ensure it has industry standard business continuity and disaster recovery policies and infrastructure to ensure, (i) adequate protection of all GitLab Confidential Information, and (ii) Vendor’s ability to perform its obligations under this Agreement. Upon written request, Vendor shall supply all reasonable information with regard to Vendor’s business continuity plan(s) and disaster recovery process, procedures and infrastructure.

13. INDEMNIFICATION

13.1 Vendor shall defend, indemnify, and hold GitLab, their affiliates and each of their respective shareholders, members, directors, officers, managers, employees, customers, partners and representatives, and agents including, but not limited to contractors and subcontractors harmless from and against all third party claims demands, causes of action and liability for damages, losses, costs and expenses, including legal fees and disbursements and other amounts paid or payable to unaffiliated third parties, arising or resulting from: (i) the infringement or violation of any intellectual property rights by the Products and/or Deliverables, (ii) the violation of applicable law or regulation by Vendor in performance of its obligations hereunder, (iii) the violation of applicable law or regulation by Vendor, (iv) any grossly negligent act committed by Vendor, its employees, contractors or subcontractors, representatives or agents hired or engaged by Vendor in connection with the performance of Vendor’s obligations under this Agreement, except to the extent such actions or liabilities are due to the willful misconduct or gross negligence of GitLab, or (v) any breach by Vendor of its obligations under the sections titled “Data Privacy” or “Confidentiality” of this Agreement. GitLab shall notify Vendor of any such claim or demand, and Vendor shall defend any suits based thereon. If an injunction is issued as a result of any such claim, Vendor agrees, at its expense, and at GitLab’s option, to: (a) procure for GitLab the right to continue using items purchased hereunder, (b) replace such Products and/or Deliverables with non-infringing items, (c) modify the Products and/or Deliverables, so they are no longer infringing, or (d) refund to GitLab the amount paid for the Products and/or Deliverables.

14. LIMITATION OF LIABILITY

14.1 IN NO EVENT WILL GITLAB BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND IN CONNECTION WITH THIS AGREEMENT, OR EXECUTED TRANSACTION DOCUMENT, EVEN IF GITLAB HAS BEEN INFORMED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES. GITLAB’S AGGREGATE LIABILITY UNDER THIS AGREEMENT AND/OR ANY TRANSACTION DOCUMENT WILL NOT EXCEED THE FEES STATED ON THE APPLICABLE TRANSACTION DOCUMENT FOR THE PROVISION OF THE PRODUCTS AND/OR DELIVERABLES STATED THEREIN.

15. INDEPENDENT CONTRACTOR

15.1 The relationship between GitLab and Vendor is one of independent contractors, and neither party will represent itself as a dealer, agent, or other representative of the other party or as having authority to assume or create obligations or otherwise act on behalf of the other party.

16. REMEDIES

16.1 The rights and remedies to GitLab herein shall be cumulative and in addition to any other rights and remedies provided by law or equity or those provided under the Uniform Commercial Code.

17. PUBLICITY

17.1 Vendor will not: (i) issue any press releases referencing GitLab; (ii) make any disclosures regarding a purchasing document, its terms, or the nature or existence of any relationship between the parties; or (iii) use GitLab trademarks, service marks, corporate or other trade names, or other proprietary marks ("GitLab Marks") without GitLab’s prior written consent from the GitLab legal group. Notwithstanding the foregoing, if the purpose of the engagement under the Agreement or any transaction document includes a required use of GitLab Marks by Vendor, then GitLab grants Vendor a limited, non-exclusive, non-transferable, royalty-free license to use GitLab Marks solely related to services provided herein and in strict accordance with any logo, branding, or trademark guidelines communicated to Vendor or provided in the Brand Resources.

17.2 For the sake of clarity; use of GitLab Marks is permitted in the provision of Vendor services herein and restricted for use in the promotion of Vendor as a provider of services.

18. DATA PRIVACY

18.1 To the extent Vendor collects, records, organizes, alters, accesses, consults or transmits personal data for which GitLab is responsible and as it relates to the provision of the Products or Professional Services, Vendor shall process such personal data in accordance with the GitLab Data Processing Addendum (“DPA”) and Standard Contractual Clauses found at https://handbook.gitlab.com/handbook/legal/Vendor-DPA. The terms of the DPA are valid upon the Effective Date of this Agreement, and as may be updated by GitLab from time to time, provided any such updates are required by applicable law. In order to comply with applicable law and as provided for in Section 6.2 of the DPA, Vendor shall provide to GitLab its current Sub-processor List(s), prior to completing and/or providing any Services.

19. SEVERABILITY

19.1 If any provision contained in this Agreement is held to be invalid or unenforceable under the laws of any jurisdiction where enforcement is sought, such invalidity or unenforceability will not affect any other provisions of this Agreement, and this Agreement will be construed as if such invalid or unenforceable provision had not been contained herein in that jurisdiction.

20. GOVERNING LAW

20.1 This Agreement shall be construed and enforced in accordance with the laws of California, U.S.A., and the parties submit to the jurisdiction of the State and Federal courts in San Francisco, California, without giving effect to any conflicts of laws principles.

21. ENTIRE AGREEMENT

21.1 This Agreement contains the entire understanding of the parties hereto in respect of transactions contemplated hereby and supersedes any prior agreements and understandings between the parties with respect to such subject matter. The parties agree that all such prior agreements and understandings shall have no further force and effect.