Terms And Conditions For Providing Horangi Services

 

THESE TERMS AND CONDITIONS ARE ENTERED BETWEEN THE VENDOR OF THE SERCIVES, HORANGI (“VENDOR) AND CUSTOMER (“YOU”/”CUSTOMER”), WHERE THE CUSTOMER IS EITHER A DIRECT CUSTOMER OF THE SERVICES OR A INDIRECT CUSTOMER HAVING A CONTRACTUAL RELATIONSHIP WITH AN AUTHORIZED VENDOR’s RESELLER. THE PRESENT TERMS AND CONDITIONS TOGETHER WITH THE STATEMENTS OF WORK SET FORTH THE TERMS FOR THE PROVISION OF THE SERVICES HEREINAFTER REFERENCED TOGETHER AS “THE AGREEMENT”.

The Parties may enter into one or more Statements of Work (SOWs), which will be governed by these Terms and Conditions setting forth additional obligations between the Parties.

NOW, FOR GOOD AND VALUABLE CONSIDERATION, THE PARTIES AGREE AS FOLLOWS:

PLEASE READ THIS STATEMENT CAREFULLY. CUSTOMER REPRESENT AND AGREE ON BEHALF OF YOUR COMPANY THAT YOU HAVE THE CAPACITY AND AUTHORITY TO BIND YOUR COMPANY AND THAT YOU HAVE READ, UNDERSTOOD, AND AGREED TO BE BOUND BY THE TERMS INCLUDED HEREINAFTER.

IF THE CUSTOMER DOES NOT AGREE TO THESE TERMS AND CONDITIONS, DO NOT USE ANY SERVICES. BY CONTINUING OR BY USING OR BY INITIATING ANY SERVICE WITH IN ANY WAY, CUSTOMER (EITHER AN INDIVIDUAL OR AS ENTITY) IS INDICATING ITS COMPLETE UNDERSTANDING AND ACCEPTANCE OF THESE TERMS AND CONDITIONS.

IF CUSTOMER DOES NOT AGREE TO ALL OF THESE TERMS, PLEASE SEND AN EMAIL OF REFUSAL TO: LEGAL@HORANGI.COM.

 

1. DEFINITIONS.

“Access Credentials” means any username and password or other security credentials that Customer or User must provide when accessing Services via encrypted platform.

Affiliate” means any entity in which a party, as applicable, owns or controls, directly or indirectly, and any parent company that owns or controls, and any of the companies the parent company controls. For purposes of this definition, “control” means the direct or indirect beneficial ownership of over fifty percent (50%) of the voting interests (representing the right to vote for the election of directors or other managing authority) in an entity.

“Authorized User” means a person that Customer authorizes to administer use of the Services.

“Vendor” means the entity that enters into this Agreement with Customer, as stated in the SOW and any other of its Affiliates involved in the provision of the Services.

“Horangi Services” or “Services” means the following services provided by Vendor and its affiliates: Offensive Services - Red Team Services and Offensive Services - Penetration Testing Services as detailed herein or in the SoW or on the Vendor websites, and may include associated media, printed materials, and Documentation.

Offensive Services - Red Team Services” shall have the meaning of an intelligence-led assessment that simulates real-life threat actors to demonstrate how attackers would attempt to compromise the critical functions and underlying systems of your organization. It identifies security vulnerabilities (physical and/or digital) in the organization to help security team improve detection and response capabilities. Compared to a typical penetration test assessment, red teaming is goal-oriented and aims to assess the organization holistically by using Techniques, Tactics and Procedures (TTPs) driven by the MITRE ATT&CK Framework. More details are presented in the SoW agreed by parties or on the Vendor website.

“ Offensive Services -Penetration Testing Services” refers to the process of testing a target for exploitable security weaknesses in the Customer's security controls. Such weaknesses may be in areas such as authentication, authorization, validation and the targets of the penetration testing activity can include, without limitation: web applications, mobile applications, web Application Programming Interface (APIs), network devices, thick client applications, and wireless networks. Testing methodology may span from "black box testing"(where no knowledge is shared of the target) to "white box testing" (where maximum details of the target is shared, including where applicable source code, architecture diagrams, etc.). More details are presented in the SoW agreed by parties or on the Vendor website. 

“Confidential Information” means this Agreement, the Services, Technology, Vendor’s pricing information, Customer Data, Customer Materials, and any other information of a proprietary or confidential nature, trade secrets disclosed by one party (“Discloser”) to the other (“Recipient”) related to this Agreement, whether orally or in writing, and that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of the disclosure.

“Customer”, “You or “Your” refers to the company that purchased the Horangi Services and/or related services or solutions from Vendor or its authorized resellers or distributors. An employee or other agent, including contractor, of this company, which accepts this Agreement and/or uses Services must be a representative of the entity and must accept this Agreement on behalf of the company before the Services may be used. Please print this Agreement or save a copy electronically.

“Customer Materials” means any items, documents, software, data, or other materials provided to Vendor by Customer.

“Deliverables” means the report and any documents, computer code, work products and related materials, provided by or on behalf of Vendor to Customer while performing the Services. For the avoidance of doubt, Deliverables do not include Fixes.

“Documentation” means the electronic documentation Vendor provides for use with the Services which may be amended from time to time, including the Technical Scoping of the Services as stated in the exhibit of the SoW.

“Intellectual Property Rights” means any patent, copyright, or trademark under the laws of the United States or the country where the Customer is headquartered.

“Personal Data” means Customer personal data as defined by GDPR, that is processed by Vendor for and on behalf of the Customer.

“Statement of Work”, “SOW” means a document executed by both parties that details the Services purchased by Customer, including the quantities, start and end dates, associated fees, the description of the Services, and other related details. If multiple SoWs are executed related to this Agreement, each SoW will be governed by these Terms and Conditions.

“SoW Term” means the Statement of Work validity period during which the Services are available to Customer, pursuant to the Statement of Work.

“Technical Data” means all electronic data stored on or transmitted by Customer to Vendor within the use of the Services such as any data or device information mainly, but not limited to data or device information related to threats, malicious websites and/or filenames, URLs, C&C Ips, hashes of various virus, malware threats which is: (i) collected from Customer by Vendor (ii) anonymized when knowing that such data may be deemed personal data, except for IPs, Mac addresses, computer names, command lines, filenames, URLs or the like (such that it is no longer personal data in accordance with applicable data protection law); (iii) cannot be linked to Personal Data; and (iv) is required by Vendor for the purposes of enhancing the security protection offered by Vendor solutions for the benefit of Customer and Vendor’s clients, and of improving and measuring the functionality or performance of Vendor technologies.

 

2. PROVISION OF SERVICES.

2.1 Scope and Content of Services

Vendor shall provide the Services to Customer in accordance with the terms and conditions of this Agreement and applicable SoW signed by Parties, having all the details established in the Technical Scoping Exhibit of the SOW. Apart from documentation, manuals, and software directly acquired in conjunction with and necessary for the Services provided, no other materials shall be supplied under this Agreement.

The precise scope of Services to be provided by Vendor shall be defined in a Statement of Work.

Customer or any affiliate of Customer may enter into Statements of Work with Vendor under this Agreement.

Vendor’s ability to deliver the Services described in Statements of Work depends upon full and timely cooperation by Customer and Customer’s staff, as well as the accuracy and completeness of any information provided. Vendor may provide Customer additional assumptions in writing in the respective Statements of Work before providing any Services thereunder.

Vendor may provide some or all of the Services to Customer via the encrypted platform. Further to this provision of Services via the encrypted platform l, Customer may receive Access Credentials from Vendor.

Upon Vendor’ acceptance of your order as stated in the SoW and in consideration of the payment of the fee by Customer and receipt of the corresponding payment by Vendor or its authorized resellers or distributors, Vendor shall provide the Services that Customer ordered as stated in the SOW and solely for Your internal business operations, and subject to the terms of this Agreement. Customer may allow its Authorized Users to use Services for this purpose and Customer is responsible for their compliance with this Agreement in such use.

Vendor will endeavor to confirm resources for this project as soon as a signed project confirmation sheet has been received and the Technical Scoping has been agreed. The dates will only be confirmed once written acceptance for these dates has been received. Once dates have been accepted, Vendor will ensure that resources are assigned and thereafter the late cancellation policy will come into effect.
 

2.2 Service Level. Vendor will make the Services available to Customer in accordance with service levels hereto. Vendor may update the Services during the Term, however, at no time will an update materially diminish the function of the Services.

Vendor shall provide the following services level for Penetration Test: i) Final Report for the assessment to be provided within five business days after the scheduled reporting day, ii) Final Report for the assessment to be updated within five business days after the scheduled retest day.

Vendor shall provide the following services level for Red Team: Final Report for the assessment to be provided within seven business days upon completion of the assessment.

These SLAs presented above are depending on the fulfillment of the prerequisites stated below.
 

2.3 Prerequisites: The Customer must fulfill the following before Vendor can start the delivering the Services, before the Start Date. Also Customer must obtain all necessary rights and permissions from all its Users before Vendor can deliver the Services.
 

2.3.1 Penetration Testing- Web Application Assessment prerequisites:

●  Confirmation of in-scope URL;

●  Provisioning of 2 sets of accounts for each user role;

●  Each user account to be provisioned with sample test data;

●  No infrastructure or code changes to be made during the assessment period;

●  Whitelisting of Vendor’s external testing IP addresses, 13.76.47.44, 52.230.87.131 and 34.87.70.149 (for external assessments);

●  Whitelisting of Vendor’s testing IP addresses from any WAF, IPS, or IDS systems;

●  If the case for online assessment, logistics for onsite assessment to be provided during the time of testing (including tables, chairs, electricity, network connectivity, on-demand physical access, relevant authorization and permissions, etc);

●  Temporary disable 2FA and CAPTCHA validation (if any) and enable it upon request;

●  Technical point of contact for any queries during the assessment;

●  Consultants’ mobile numbers to be tied to SMS 2FA mechanism (where applicable).
 

2.3.2 Penetration Testing – Web API Assessment prerequisites:

●  Provisioning of full API project Postman/Swagger files;

●  Full API documentation, with details on functions, parameters, and expected responses;

●  Sample API request data for all in-scope API calls;

●  Provisioning of 2 sets of credentials for each user role (where applicable);

●  Each user account to be provisioned with sample test data;

●  Provisioning of means to generate API authorization keys/tokens (where applicable);

●  No infrastructure or code changes to be made during the assessment period;

●  Whitelisting of Vendor’s external testing IP addresses, 13.76.47.44, 52.230.87.131 and 34.87.70.149 (for external assessments);

●  Whitelisting of Vendor’s testing IP addresses from any WAF, IPS, or IDS systems;

●  If the case, Logistics for onsite assessment to be provided during the time of testing (including tables, chairs, electricity, network connectivity, on-demand physical access, relevant authorization and permissions, etc);

●  Temporarily disable 2FA and CAPTCHA validation and enable it upon request;

●  Technical point of contact for any queries during the assessment.
 

2.3.3 Penetration Testing-External/Internal Network Assessment prerequisites:

●  Confirmation of in-scope IP addresses;

●  Provision of authentication credentials to log into the in-scope devices (For Grey-box only);

●  Whitelisting of Vendor’s testing IPs on port 135,445 for Windows devices or port 22 SSH for Unix-based devices (For Grey-box only);

●  No infrastructure changes to be made during the assessment period;

●  Whitelisting of Vendor’s external testing IP addresses, 13.76.47.44, 52.230.87.131 and 34.87.70.149 (for external assessments);

●  Whitelisting of Vendor’s testing IP addresses from any WAF, IPS, or IDS systems;

●  Technical point of contact for any queries during the assessment.
 

2.3.4 Penetration Testing- Mobile Application Assessment prerequisites:

●  Provisioning of 2 sets of accounts for each user role;

●  Each user account to be provisioned with sample test data;

●  Provisioning of Android APK and iOS IPA binaries, without security mechanisms in place, if present (root/jailbreak detection, SSL pinning, anti-debugging, etc.);

●  Provisioning of Android APK and iOS IPA binaries, with security mechanisms in place, if present (root/jailbreak detection, SSL pinning, anti-debugging, etc.);

●  No infrastructure or code changes to be made during the assessment period;

●  Whitelisting of Vendor’s external testing IP addresses, 13.76.47.44, 52.230.87.131 and 34.87.70.149 (for external assessments);

●  Vendor’s testing IP addresses to be whitelisted from any WAF, IPS, or IDS systems;

●  Technical point of contact for any queries during the assessment;
 

2.3.5 Red Team (Adversarial Attack Simulation Exercise) Assessment prerequisites:

●  Confirm the Red Team (Adversarial Attack Simulation Exercise) objectives.

●  Customer to assign technical point of contact to:

1. Provide logistics and other information required, prior to commencement of the engagement. 

2. Respond to any technical queries during the assessment.

3. Confirm out-of-scope elements e.g specific system or critical servers, specific departments or individuals for social engineering, phishing or any other attacks.

4. Provide a seeded access laptop for the Assume Breach phase and support to execute the payload, if required.

●  As Vendor performs actions across the cyber kill chain, seeded access or information may be required to increase the efficacy of the engagement. It is advisable that Customer prepares the following information and resources to be provided to Vendor when it is necessary, including but not limited to:

1. Additional information such as network diagram, onboarding information as if a new employee, list of technologies used such as EDR, email security, SIEM, NAC, etc.

2. One or more standard build laptop, with domain-joined user accounts of varying privileges that are based on department or roles.

3. Access to the network via VPN or a jumphost.

4. The red team consultant mobile numbers to be tied to SMS 2FA mechanism for VPN, cloud applications, etc., if required.

●  Letter of authorisation from board of director / project sponsor and point of contact for potential escalations during physical assessment.

●   Vendor and Customer to implement proper risk management strategy.

If the case, when the Red Team is delivered using a gated approach, then Vendor may not be able to resume the red team exercise immediately upon request. The request will be served on the next earliest available time slot of the red team consultant. Vendor will maintain the Command and Control (C2) and phishing infrastructure for a maximum of two (2) months between stages. Thereafter, should the next stage not have been initiated, the project will be deemed to have concluded.
 

2.3.6        Cloud Security Assessment

Cloud infrastructure brings with it a multitude of vulnerabilities introduced through poor configuration or the adoption of default configuration. Our cloud security assessment includes a cloud security process gap analysis and configuration review of target in scope cloud infrastructure/assets. The assessment is modelled around best practices such as CIS and frameworks from the applicable Clous Service Provider (CSP) and covers the following topics to provide your organization with guidance and recommendations: Identity and Access Management, Logging & Monitoring, Data Encryption & Protection, Infrastructure Security. The details will be established by parties in the technical scoping service document.

2.3.7 Smart Contract Audit

The introduction of block chain technology has bought new risks and standards. Our service will involve performing a smart contract audit which involves scanning and a manual review of the source contract code to identify vulnerabilities not detected by static analysis tools. The assessment is modelled around best practices such as Smart Contract Security Standards. This list of vulnerability categories is covered within the audit and help to provide your organization with guidance and recommendations like.

•    Integer Overflow and Underflow

•    Re-entrance Attacks

•    Silent Failing Send /Unchecked Send Attacks

•    Denial of Service

•    Insufficient Randomness

•    Front-Running Attacks

•    Time Manipulation Attacks

•    Short Address Attacks

•    Gas Grieving Attacks

•    Business Logic Misconfigurations

The details will be established by parties in the technical scoping service document.

2.3.8 Host Configuration Review

An assessment of your system configurations, ensuring they align with industry best practices and security standards. By identifying and addressing vulnerabilities in host configurations, we fortify your infrastructure against potential cyber threats. Elevate your security posture with a tailored review that optimizes settings, mitigates risks, and bolsters your resilience against evolving cyber challenges. The details will be established by parties in the technical scoping service document.

2.3.9 Virtual Chief Information Security Office as a Service

CISO-as-a-Service is a flexible and scalable solution for organizations undergoing digital transformation to build security and compliance capabilities using our experienced cyber strategists. The CISO-as-a-Service provides both the C-level security expertise and dedicated professionals needed to drive your organization’s digital initiatives. What you get is a pool of resources or dedicated individual that can support with; Steering Committee Leadership and Participation, Security Compliance Management, Cyber Strategy & Risk Assessment, Project Management, Policy and Process Development, Compliance Management, Information Security Budget Management, Security Recruitment and Hiring, Security Training and Awareness, Third-Party Vendor Security Assessments, and Business Continuity Planning. The details will be established by parties in the technical scoping service document.

2.3.10 Cyber Security Assessment (ISO27001, NIST CSF, etc.)

Understanding how cyber security is managed across your orgainsation is critical to understand where to prioritise investment and resources to ultimately reduce risk. A Cyber Security Assessment is a holistic analysis of an organization's security posture with a unique methodology refined over decades of diverse expertise from security leadership and threat forensics to regulatory and legal compliance. By uncovering gaps in your security posture and comprehensively understanding your business challenges, a tailored strategy and roadmap is produced to fit into your organization's objectives. The details will be established by parties in the technical scoping service document.

2.3.11 Risk Assessment

Cyber security is another business risk and managing it effectively is critical to operating a business. A risk assessment helps to create a comprehensive view of risk across an organization by identifying the top threats and vulnerabilities facing your organization. This enables you to work with Vendor to make informed and cost effective decisions on how to address them, in line with your organizations risk appetite. The details will be established by parties in the technical scoping service document.

2.3.12 Compliance Readiness (ISO27001, PDPA, etc.)

Compliance services against well known industry standards such as ISO27001 or PDPA, to support your organization identify gaps in compliance and provide recommendations. Our support extends to support specific remediation activities relevant to the identified findings to ensure the organization achieves the certification. This can include a wide number of services, such as:

·        Annual penetration testing

·        Risk assessments

·        Third-Party vendor security assessments

·        Policy and process development

·        Questionnaire (SAQ) preparation and review

·        ISO 27001 controls gap assessment

·        Network segmentation designs

·        Remediation assistance

·        Business continuity planning

The details will be established by parties in the technical scoping service document.

2.3.13 Incident Response Table Top Exercises

A simulated scenario designed to evaluate your organization's readiness against potential cyber threats. Participants will navigate through a number of hypothetical security breaches with our team of experts, testing their decision-making, communication, and collaboration skills. This hands-on exercise provides a risk-free environment to identify gaps in your response strategy, refine procedures, and enhance overall cybersecurity resilience. The details will be established by parties in the technical scoping service document.

2.3.14 Policy Framework Development

Our team will collaboratively craft comprehensive policies tailored to your specific needs, ensuring alignment with relevant industry standards and compliance mandates. Through meticulous procedure development, we establish clear guidelines for the management of cyber security risk bolstering your resilience against cyber threats. Equip your team with a robust framework and cultivate a culture of cybersecurity awareness and adherence. The details will be established by parties in the technical scoping service document.

2.3.15 Supply Chain Risk Management

Through the definition of supplier tiering and multi-tiered assessments and validation of the security practices of your suppliers, we ensure they meet stringent cyber security standards and best practices relevant to your organization. Our comprehensive evaluation covers aspects such as data protection, network security, and compliance, providing you with a thorough understanding of potential risks. This service helps to fortify your organization against supply chain vulnerabilities, ensuring a resilient and secure ecosystem. The details will be established by parties in the technical scoping service document.

2.3.16 Training and Awareness

Our tailored training and awareness programs equip employees with the knowledge and skills to recognize, prevent, and respond to cybersecurity risks. Through topic specific training or broader cyber security awareness, we cultivate a culture of heightened awareness, reducing the likelihood of human error. Elevate your organization's security posture by investing in comprehensive training that transforms your team into vigilant security champions and proactive defenders against evolving cyber threats. The details will be established by parties in the technical scoping service document.

 

2.4 Services Restrictions. Customer shall use the Services according to the agreed use cases and as agreed in the Technical Scoping Exhibit.

Customer shall neither directly nor indirectly: (i) interfere with or disrupt the integrity or performance of the Services or the data contained therein; (ii) attempt to gain unauthorized access to the Services or their related systems or networks; (iii) use the Services, or permit them to be used, for purposes of product benchmarking, competitive research, or other comparative analysis without Vendor's prior written consent; (iv) use the Services for a use other than as set forth in the Technical Scoping.

The Services is protected by know how laws and international copyright treaties, as well as other intellectual property laws and treaties. This Agreement only gives Customer some rights to use the Services.
 

2.5 Access and License to Customer Data. Customer grants Vendor a non-exclusive, worldwide, royalty-free, fully paid-up right and license to copy, access, transmit and otherwise process the Technical Data to provide the Services to Customer as set forth in this Agreement. Vendor will not access Customer Data except (i) to provide the Services and the associated support services; (ii) to prevent or address service, security or technical problems with the Services; (iii) to audit Customer’s use of the Services and confirm Customer’s compliance with the Agreement; (iv) to aggregate de-identified information regarding Customer’s usage and configuration metrics of Services (which in no event shall include Customer Data) with that of other Vendor customers and use such aggregated customer services data as part of the Services; (v) as compelled by law; or (vi) as Customer expressly permits in writing.
 

2.6 Customer Responsibilities. Customer is responsible for the acts and omissions of all Users in connection with this Agreement, as well as any and all access to and use of the Service by any User or any other person logging in under a User ID registered under Customer’s account, even if a claim may not be enforceable directly against those Users, due to lack of power or authority, discharge, offset or defense. Customer is responsible for the networking and hardware data security for the Services to the extent the Services are deployed on Customer controlled networks or hardware, including the legal and operational consequences of its configuration. Customer acknowledges that Customer’s access information, will be Customer’s “key” to the Services; accordingly, Customer will be responsible for maintaining the confidentiality of such access information. Customer will: (i) notify Vendor promptly of any unauthorized use of any password or account or any other known or suspected breach of security; (ii) not impersonate another Vendor user or provide false identity information to gain access to or use the Services.
 

2.6 Independence. The relationship between the Parties is that of independent contractors. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture or other form of joint enterprise, employment or fiduciary relationship between the Parties, and neither Party shall have authority to contract for or bind the other Party in any manner whatsoever. Vendor may use its own independent contractors to perform the Services, in which case Vendor will be responsible for the performance of such independent contractors.

Vendor hosts portions of the Services either directly or subcontracted through a third-party hosting provider; and some configurations of the Services may require Customer cooperation on Customer controlled hardware. Subject to the terms and limitations on relevant SoW, Vendor grants to Customer during the Term the worldwide, non-exclusive, revocable, limited, non-transferable, royalty-free right for the Authorized Users to access and use the Services and Documentation consistent with the Documentation and the SoW solely for its internal business purposes or as otherwise indicated in the applicable SoW.
 

2.7 Acceptance. The parties shall agree upon the Acceptance Criteria. Customer shall send a notice to Vendor if failure to confirm with the Acceptance criteria within 7 days from completion of the Services. The Services are deemed to be accepted two (2) weeks following completion of the Services or if the Customer has performed payment. The respective services or partial Services are furthermore always deemed accepted if the Services are used for productive purposes.

 

3. PAYMENT TERMS. 

3.1 Service Fees. Customer can pay Vendor, the Services fees and any other amounts for Vendor’s Services ordered by Customer as stated in the SOW and agreed within the Technical Scoping of the Services, either directly or through the Vendor channel partner contracted, (collectively, the “Service Fees”).

Unless otherwise agreed with the channel partner, all Fees will be invoiced in advance in accordance with the purchase order submitted to the channel partner. Unless otherwise set forth in the purchase orders, all Fees are due and payable Net 30 days after the date of the applicable invoice. All invoices that are not paid within 30 days, and all credit accounts that are delinquent, shall be assessed a 1% late payment charge (or if this exceeds the legally permitted maximum, the highest legal rate under applicable law) for each month the invoice is not paid, or the account is delinquent. Customer will reimburse Vendor or its resellers for all reasonable costs (including reasonable attorneys’ fees) incurred by Vendor or its resellers in connection with collecting any overdue amounts. Except as otherwise specified in this Agreement payment obligations are non-cancelable and fees paid are non-refundable, and the purchased Services cannot be decreased or exchanged for alternative Services or subscriptions.
 

All services and fees shall be consumed in the Term of the services agreed. No fees which are not consumed will survive the termination of the services.

3.2 Taxes. All fees are exclusive of all sales and use taxes, value-added taxes, excise taxes, levies, or duties which may be imposed by applicable national or federal, state/provincial or local municipalities relating to Customer’s purchase of subscriptions or use of the Services (the “Taxes”), and Customer will be responsible for payment of all such Taxes. Unless Customer provides Vendor or its resellers with evidence of its sales tax exemption and Customer shall pay Vendor all relevant taxes payable related to Customer’s purchases, excluding taxes based on Vendor’s net income. Customer will pay all fees free and clear of, and without reduction for, any such Taxes, including withholding taxes imposed by any country. Customer will provide receipts issued by the appropriate taxing authority to establish that such Taxes have been paid.
 

3.3 Expenses. Unless expressly excluded or unambiguously waived in a Statement of Work under which Services are performed, Customer shall pay reasonable out-of-pocket travel and living expenses (if any) as required by Vendor personnel to perform the Services on Customer’s premise, where agreed under this Agreement.
 

3.4. Cancellation. If all or part of the engagement is to be canceled or postponed once booked and confirmed; Vendor requires at least 30 days prior notice. If work is to be canceled/postponed less than 30 days prior to the agreed start date the following charges will be incurred:
 

Timing of notification of cancellation or postponement
 

   Fee payable

>30 business days before the agreed Delivery Start Date
 

   No cancellation fee

Between 16 and 30 days before the agreed Start Delivery Date
 

   50% of the project fee

Between 7 and 15 days before the agreed Start Delivery Date
 

   75% of the project fee

<7 days before the agreed Start Delivery Date
 

   100% of the project fee

After the agreed Delivery Start Date
 

   100% of the project fee


 

4. INTELLECTUAL PROPERTY OWNERSHIP.

4.1 OWNERSHIP. All Deliverables provided by Vendor to Customer in connection with the Services shall be in the form of written report(s) and/or policy document(s): (i) detailing the actions that have taken place and/or been witnessed by Vendor personnel; and (ii) comprising such findings, recommendations, documentation, adversary information, templates, know-how, ideas, inventions, techniques, models, flowcharts, diagrams, computer code, algorithms, work products, and other materials and information deemed relevant to be included by Vendor personnel.

As between the Parties, Vendor owns all rights, title, and interest, including all related all Intellectual Property rights to the Services and Deliverables, except for any Confidential Information of Customer or Customer Materials. The foregoing also includes any and all Services system performance data and machine learning based upon metadata, Technical Data (and not Personal Data), including machine learning algorithms, and the results and output of such machine learning. Vendor retains all Intellectual Property Rights arising from any Services. No jointly owned intellectual property is created under or in connection with this Agreement.

Provided that Customer has fully paid all applicable fees in relation to the relevant Report, Vendor hereby grants Customer a license to use all such rights on a non-exclusive, non-sublicensable, non-transferable, worldwide, royalty-free and perpetual basis to the extent necessary to enable Customer to internally use the Report, as described in the applicable Statement of Work.

Customer shall not: (i) rent, lease, modify Report without the prior written consent of Vendor; ii) transfer licenses to, or sublicense, fixes and/or Report to any third party including the national governments.

All rights not expressly set forth hereunder are property or reserved by Vendor.

 Services may operate or interface with software or other technology that is licensed from third parties, which is not proprietary of Vendor. Customer agrees to use such third party software in accordance with this Agreement; no third party licensor makes any warranties, conditions, undertakings or representations of any kind, either express or implied, to Customer concerning such third party software or the products themselves; no third party licensor will have any obligation or liability to Customer as a result of this Agreement or Your use of such third party software; such third party software may be licensed under license terms which grant Customer additional rights or contain additional restrictions in relation to such materials, beyond those set forth in this Agreement, and such additional license rights and restrictions are described or linked to in the applicable Documentation.

Any applicable Open-Source License Terms will be published within the documentation of Services published by Vendor.

In respect of the open-source software, their stipulations shall apply to the extent expressly required by their licenses; the terms of relevant licenses (including in particular the scope of license as well as disclaimers of warranties and liabilities) shall apply to the respective third-party software in lieu of this Agreement. Such third-party license terms relating to respective software are located at the place as indicated in the software.

ANY OPEN-SOURCE SOFTWARE IS PROVIDED BY VENDOR “AS IS, WITH ALL FAULTS, AS AVAILABLE” WITHOUT (AND VENDOR SPECIFICALLY DISCLAIMS) ANY GUARANTEE, CONDITION, OR WARRANTY (EXPRESS, IMPLIED, OR OTHERWISE) OF ANY KIND OR NATURE, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, TITLE, AND/OR NON-INFRINGEMENT. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, AS IT RELATES TO ANY AND ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH OPEN-SOURCE SOFTWARE, VENDOR SHALL HAVE NO LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, HOWSOEVER CAUSED AND/OR OTHERWISE BASED ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF OPEN- SOURCE SOFTWARE, EVEN IF VENDOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
 

4.2 FEEDBACK.

It is expressly understood, acknowledged, and agreed that if Customer will, regardless of whether formally requested to do so or not, provide to Vendor reasonable suggestions, comments, testimonials and feedback regarding Vendor technologies, solutions or Services, including but not limited to usability bug reports and test results (collectively, "Feedback") than any Feedback that it may provide is entirely voluntary, and Vendor shall be free to use such Feedback as it deems fit and without any obligation to Customer.

Further, Customer warrant that Your Feedback is not subject to any license terms that would purport to require Vendor to comply with any additional obligations with respect to any Services.

 

5. TERM.TERMINATION.

5.1 TERM. This Agreement begins on the Effective Date as stated in the SoW and, unless earlier terminated as set forth below or otherwise in this Agreement, will continue for the period mentioned in the SOW. No service obligation of the Vendor will survive the termination of the agreement.
 

5.2 TERMINATION. Either party may terminate this Agreement (or any relevant SoW) upon the other party’s material breach that remains uncured for thirty (30) days following written notice. Vendor may suspend or terminate this Agreement or the Services upon ten (10) days written notice if Customer fails to pay any undisputed amount within thirty (30) days of the date on which payment was due. Vendor reserves the right to modify or discontinue offering any portion or version of the Services effective as of the conclusion of Customer’s then-current SoW Term, provided that Vendor has given Customer at least ninety (90) days’ prior written notice of such modification or discontinuance.
 

5.3 Effect of Termination; Survival. Upon expiration or termination of this Agreement: (a) all rights to use or access the Services will cease and (b) Sections 1, 2.5, 2.6, 3.4, 4, 6, and 7 through 10, and 12 will survive.

Also, if Customer does not continue to abide by the terms of this Agreement, Customer acknowledges that Customer has no right to use the Services and Customer agrees with the termination of agreement and to not use the Services forth with upon Customer not continuing to abide by the terms of this Agreement.

 

6. EVALUATION SERVICES.

THE PROVISIONS OF THIS SECTION APPLY IN PLACE OF SECTION WARRANTIES WITH RESPECT TO ANY EVALUATION SERVICE OR SOLUTIONS.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, SERVICES USED FOR TRIAL PURPOSES OR EVALUTION SERVICES ARE PROVIDED TO CUSTOMER "AS IS" WITHOUT WARRANTIES OF ANY KIND.

EVALUATION DISCLAIMER

THE EVALUATION SERVICES PROVIDED HEREUNDER ARE BELIEVED TO CONTAIN DEFECTS AND A PRIMARY PURPOSE OF THIS TESTING IS TO OBTAIN FEEDBACK ON PERFORMANCE AND THE IDENTIFICATION OF DEFECTS. CUSTOMER IS ADVISED TO SAFEGUARD IMPORTANT DATA, TO USE CAUTION AND NOT TO RELY IN ANY WAY ON THE CORRECT FUNCTIONING OR PERFORMANCE OF THE SERVICES AND/OR ACCOMPANYING MATERIALS.

WHERE LEGAL LIABILITY CANNOT BE EXCLUDED BY THIS DISCLAIMER, BUT MAY BE LIMITED, VENDOR’S LIABILITY AND THAT OF ITS SUPPLIERS/LICENSORS/RESELLERS UNDER THIS AGREEMENT RELATED TO TEST SOFTWARE OR SERVICES AND ANY APPLIANCE ON WHICH THE TEST SOFTWARE IS DEPLOYED, SHALL BE LIMITED IN THE AGREEGATE TO THE SUM OF ONE HUNDRED DOLLARS (USD$100.00) OR THE EQUIVALENT IN LOCAL CURRENCY

Your right to use Services ends when the Evaluation Period ends or if Customer violates any term of this Agreement. Upon termination of the Evaluation Period, Customer must delete or destroy all copies of Services including Deliverables and stop using the Service.

 

7. CONFIDENTIALITY.

Each party acknowledges that in connection with this Agreement it may obtain Confidential Information of the other party. The receiving party (“Recipient”) shall not access or use, or permit the access or use of, the Confidential Information of the disclosing party (“Discloser”) other than as necessary to perform Recipient’s obligations or exercise its rights hereunder. Receiving Party acknowledges that all Confidential Information, as defined herein is a trade secret and exclusive property of the Disclosing Party.

Recipient may not knowingly disclose, or permit to be disclosed, Discloser’s Confidential Information to any third party without Discloser’s prior written consent, except that Recipient may disclose Discloser’s Confidential Information solely to Recipient’s employees, officers, directors, consultants, contractors, agents or advisors (“Representatives”) who have a need to know for purposes of the Recipients’ exercise of its rights or performance of its obligations under this Agreement and who are bound in writing to keep such information confidential consistent with this Agreement. Recipient acknowledges and agrees that it is responsible and liable for any breach by its Representatives of this section of this Agreement. Recipient agrees to exercise due care in protecting Discloser’s Confidential Information from unauthorized use and disclosure and will not use less than a reasonable degree of care. The foregoing will not apply to any information that: (i) was or becomes generally known by the public through no fault of Recipient or its Representatives; (ii) was known to Recipient, without restriction on disclosure, prior to disclosure by Discloser; (iii) was lawfully disclosed by a third party to Recipient, without restriction; (iv) Recipient independently develops without use of Discloser’s Confidential Information; or (v) is expressly permitted to be disclosed pursuant to the terms of this Agreement. If the Recipient or any of its Representatives is required pursuant to a judicial or other governmental order or proceeding to disclose any Confidential Information of Discloser, then, to the extent permitted by applicable law, the Recipient shall promptly notify the Discloser of such requirement prior to disclosure so that the Discloser can seek a protective order or other remedy.

Upon Discloser’s written request at any time and subject to any contrary obligations under this Agreement or applicable law, Recipient shall at Discloser’s direction promptly return or destroy and erase from all systems it uses or controls all or part of any originals and copies of documents, materials and other embodiments and expressions in any form or medium that contain, reflect, incorporate or are based on Discloser’s Confidential Information, in whole or in part, except to the extent required by applicable law or retained in backup systems until deleted in the ordinary course, provided that all such information and materials will remain subject to the confidentiality and security requirements set forth in this Agreement. Recipient shall provide, upon request, a written statement to Discloser certifying that it has complied with the requirements of this section. These obligations shall survive for 3 years after receiving the Information.

 

8. WARRANTIES. LIABILITIES. INDEMNIFICATION.

8.1 WARRANTIES.

8.1.1 Vendor represents and warrants to Customer that the Services will conform to the Documentation, Technical Scoping of the Services. Customer’s sole and exclusive remedy to the breach of such representation and warranty is that Customer will have thirty (30) days following the delivery of the Services as mentioned in SoW to accept or reject the Services (“Warranty Period”). Vendor will have no obligation under this Agreement to correct, and Vendor makes no warranty with respect to, errors caused by or attributable to: (i) use of the Services in a manner inconsistent with the Documentation, Technical Scoping of the Services or this Agreement; or (ii) hardware or software misuse, modification, or malfunction (iii) improper installation or any modification, alteration, or addition thereto, or any problem or error in the operating system software with which the software is installed and is designed to operate; (iv) if any problem or error in delivering the Services has resulted from improper use, misapplication or misconfiguration, or the use of the Services with other programs or services that have similar functions or features which are incompatible with the Services; (v) if the Services are used as any evaluation, beta or trial version or for which Vendor does not charge a fee; or (vi) if Vendor does not receive notice of a non-conformity within the applicable Warranty period (vii) the issue has been caused by Customer’s failure to apply updates, or any other action or instruction recommended by Vendor, (viii) the issue results from any cause outside of Vendor’s reasonable control.

If Vendor is notified in writing of a breach of warranty during the Warranty Period, Vendor’s entire liability and Customer’s sole remedy shall be (at Vendor’s option): (i) to correct, repair or replace Services within a reasonable time, or (ii) to authorize a refund of the prorate unused fees following return of accompanied by proof of purchase. Any reperformance of Services shall be warranted for the remainder of the original Warranty Period.

Due to the continual development of new techniques for attacking endpoints, networks, systems, Vendor does not represent, warrant or guarantee: (1) that any Vendor Solutions or Services will detect, block, or completely remove, or clean any or all applications, routines, and files that are vulnerable, malicious, fraudulent or unwanted; or (2) that any product or any data, equipment, system or network on which a Vendor Service is used will be free of vulnerability to intrusion or attack. Customer agrees that protection of your endpoints, servers, cloud, networks, and data are dependent on factors solely under your control and responsibility, including, but not limited to: (a) the design, implementation, deployment, and use of hardware and software security tools in a coordinated effort to manage security threats; (b) the selection, implementation, and enforcement of appropriate internal security policies, procedures and controls regarding access, security, encryption, use, and transmission of data; (c) development of, and ongoing enforcement of, processes and procedures for the backup and recovery of any system, software, database, and any stored data; and (d) diligently and promptly downloading and installing all Updates made available by Vendor.

CUSTOMER UNDERSTANDS AND AGREES THAT VENDOR CANNOT, AND DOES NOT HEREIN, PROVIDE ANY WARRANTY, GUARANTEE, CONDITION, OR ASSURANCE THAT THE DEPLOYMENT/USE OF ANY VENDOR SERVICES (EITHER BY ITSELF OR IN COMBINATION WITH OTHER VENDOR SERVCES OR SOLUTIONS) WILL GUARANTEE COMPLETE PROTECTION FROM AND AGAINST ALL PRESENT AND FUTURE SECURITY THREATS TO YOUR NETWORKS, SYSTEMS, DEVICES, OR DATA AND NOTHING HEREIN THIS AGREEMENT SHALL BE DEEMED TO IMPLY SUCH A WARRANTY, GUARANTEE, CONDITION, OR ASSURANCE.

8.1.2 Customer represents and warrants to Vendor that it: a) has full right and power to authorize Vendor to provide the Services above; ii) owns the systems to be tested and/or has obtained or will obtain all necessary third-party authorization for Vendor to provide the Services; iii) understands that the Services may constitute crimes under, inter alia, the criminal code or other local legislation unless expressly authorized by Customer; and iv) has created or will create a full backup of all systems to be tested and has verified that the backup procedure will enable Customer to restore all such systems to their pre- Services state;

Customer represents and warrants that Customer has full right, power and authority to consent to have Vendor scan for vulnerabilities of the IP address and/or URL and/or domain names identified to Vendor by Customer for scanning, whether electronically or by any other means.

Customer hereby irrevocably releases, waives, and discharges Vendor and its contractors and personnel from any and all actions arising from or in connection with the Services to be performed. Vendor shall not be liable for any loss, damage, penalties, costs, expenses, and fees that may be incurred, suffered or expended by Customer arising from or in connection with the Service to be performed.

 

8.2 INDEMNIFICATION.

8.2.1 Subject to 8.1.2, Vendor shall indemnify and keep Customer harmless from any claim by a third party that use of the Services in accordance with the terms and conditions of this Agreement infringes any third party patent, trademark or copyright.

The foregoing obligation of Vendor does not apply with respect to software, services or portions or components thereof: (i) not supplied by Vendor; (ii) used in a manner not expressly authorized by this Agreement or the accompanying Documentation (iii) made in accordance with Your specifications; (iv) modified by anyone other than Vendor, if the alleged infringement relates to such modification; (v) combined with other products, processes or materials where the alleged infringement would not exist but for such combination; (vi) for any evaluation or trial version or (vii) where Customer continue the allegedly infringing activity after being notified thereof and provided with modifications that would have avoided the alleged infringement, vii) breach of Customer’s warranties under 8.1.2

In the event the Services is held by a court of competent jurisdiction to constitute an infringement of third party rights of patent, trademark or copyright Vendor shall, at its sole option, do one of the following: (i) procure the right to continued use; (ii) modify the Services so that their use becomes non-infringing; (iii) replace the Services with substantially similar products in functionality and performance; or (iv) if none of the foregoing alternatives is reasonably available to Vendor, Vendor shall refund the pro-rata unused portion of the fees paid for Services.
 

8.2.2 Customer will defend Vendor against any Claim made or brought against Vendor by a third party alleging the breach of any third party rights under applicable laws, and will indemnify and hold harmless Vendor from any damages, attorney fees and costs finally awarded to such third parties as a result of breach of the Customer warranties in 8.1.2, or for any amounts paid by Customer under a settlement of such Claim.

The Parties may request indemnification under this section, provided they: (a) give notice within ten (10) days of any claim being made or proceedings being issued against; (b) give sole control of the defense and settlement to the indemnifying party (provided any settlement relieves the indemnified party of all liability in the matter); (c) provide all available information and reasonable assistance; and (d) have not previously compromised or settled such claim.

 

THIS SECTION STATES VENDOR’S ENTIRE LIABILITY AND YOUR SOLE AND EXCLUSIVE REMEDY FOR INFRINGEMENT AND MISAPPROPRIATION CLAIMS.

 

8.3 LIMITATION OF LIABILITY.

VENDOR DOES NOT WARRANT THAT SERVICES WILL MEET YOUR REQUIREMENTS. VENDOR DOES NOT GUARANTEE THAT THE SOFTWARE AND SERVICES WILL PERFORM ERROR-FREE OR RISK FREE OR UNINTERRUPTED OR THAT VENDOR WILL CORRECT ALL PROGRAM ERRORS. TO THE EXTENT PERMITTED BY LAW, THESE WARRANTIES ARE EXCLUSIVE AND THERE ARE NO OTHER EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

 SERVICES ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. SERVICES ARE NOT FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, OR COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY OR PROPERTY/ENVIRONMENTAL DAMAGES.

EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, VENDOR DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE PRODUCTS, SOFTWARE AND SERVICE, ENHANCEMENTS, MAINTENANCE OR SUPPORT RELATED THERETO, OR ANY OTHER MATERIALS (TANGIBLE OR INTANGIBLE) OR SERVICES SUPPLIED BY HIM. VENDOR HEREBY EXPRESSLY DISCLAIMS ANY IMPLIED WARRANTIES AND CONDITIONS, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, LOSS OF DATA, FALSE POSITIVES OR FALSE NEGATIVES, DEVICE FAILURE OR MALFUNCTION FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INTERFERENCE, ACCURACY OF DATA, ACCURACY OF INFORMATIONAL CONTENT, SYSTEM INTEGRATION, AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS BY FILTERING, DISABLING, OR REMOVING SUCH THIRD PARTY’S SOFTWARE, SPYWARE, ADWARE, COOKIES, EMAILS, DOCUMENTS, ADVERTISEMENTS NOR THAT VENDOR SOLUTIONS AND SERVICES WILL DETECT ANY OR ALL SECURITY OR MALICIOUS CODE THREATS OR USE OF VENDOR SOLUTIONS AND SERVICES WILL KEEP YOUR NETWORKS, CLOUD OR ENDPOINTS OR ANY SYSTEMS AND DEVICES FREE FROM ALL VIRUSES OR OTHER MALICIOUS OR UNWANTED CONTENT OR SAFE FROM INTRUSIONS OR OTHER SECURITY ATTACKS/BREACHES OR WHETHER ARISING BY STATUTE, LAW, COURSE OF DEALING, CUSTOM AND PRACTICE, OR TRADE USAGE.

CUSTOMER SHALL BE SOLELY RESPONSIBLE FOR PROPER BACK-UP OF ALL DATA AND CUSTOMER SHALL TAKE APPROPRIATE MEASURES TO PROTECT SUCH DATA. VENDOR ASSUMES NO LIABILITY OR RESPONSIBILITY WHATSOEVER IF DATA IS LOST OR CORRUPTED.

Vendor is acting on behalf of its partners for the purpose of disclaiming, excluding and/or limiting obligations, warranties and liability as provided in this Agreement. The foregoing provisions shall be enforceable to the maximum extent permitted by applicable law.

VENDOR SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, OR DATA USE OR DAMAGES THAT WERE REASONABLY FORESEEABLE BY BOTH PARTIES BUT COULD HAVE BEEN PREVENTED SUCH AS, FOR EXAMPLE, LOSSES CAUSED BY VIRUSES, MALWARE, OR OTHER MALICIOUS PROGRAMS, OR LOSS OF OR DAMAGE TO CUSTOMER DATA. VENDOR’S MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT OR YOUR ORDER, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, AND SHALL BE LIMITED TO THE FEES CUSTOMER PAID TO VENDOR FOR THE DEFICIENT SERVICES IN THE LAST 12 MONTHS UNDER THIS AGREEMENT. SOME STATES DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO CUSTOMER.

IN NO CASE SHALL VENDOR'S LIABILITY EXCEED THE PURCHASE PRICE PAID BY CUSTOMER FOR SERVICES IN THE PREVIOUS 12 MONTHS IMMEDIATELY PRECEDING THE EVENT OR CIRCUMSTANCE FIRST GIVING RISE TO A CLAIM.

NOTWITHSTANDING VENDOR DOES NOT LIMIT OR EXCLUDE ITS LIABILITY FOR (i) DEATH OR PERSONAL INJURY CAUSED BY GROSS NEGLIGENCE DIRECTLY ATTRIBUTABLE TO VENDOR, (ii) FRAUDULENT MISREPRESENTATION, OR (iii) ANY OTHER LIABILITY TO THE EXTENT THAT SUCH LIABILITY CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW.
 

Each Party recognizes and agrees that the waivers, warranty limitations, as well as disclaimers and exclusions from and limitations of liability and/or remedies in this Agreement are a material and essential basis of this Agreement; reflect a reasonable allocation of risk between the Parties; are fair, reasonable, and a fundamental part of this agreement; and each has been taken into account and reflected in determining the consideration to be given by each Party under this Agreement and in the decision by each Party to enter into this Agreement. The Parties acknowledge and agree that absent any of such waivers, disclaimers, exclusions, and/or limitations of liability/remedies, the provisions of this Agreement, including the economic terms, would be substantially different, or in the alternative, this Agreement would not have been consummated.

 

9. ELECTRONIC COMMUNICATIONS.

Vendor may send Customer legal notices and other communications about the Services or our use of the information the Customer provides us. Vendor will send Communications via email to the primary user's registered email address, or will post Communications on its Sites. The legal basis for sending these communications are this contract (for the transactional communications) and the legitimate interest for marketing with the current customers (for the commercial communications).

Notwithstanding, Customer agree that Vendor may send Customer required legal notices and other communications about Vendor solutions (including updates), other and/or new Vendor solutions and services, special offers and pricing or other similar information, customer surveys, and other requests for feedback (collectively “Communications”). Vendor may provide Communications via (among other methods): (a) in-person contacts by Vendor and/or Reseller personnel; (b) email to registered email addresses of named contacts; and/or (c) posted Communications on its Websites. With respect to email notices, any such email notice to Customer will be sent by Vendor to the account administrator(s) named by Customer during registration. Customer are responsible for ensuring that the email address for the account administrator is accurate. Any email notice that Vendor sends to the then-current email address will be effective when sent, whether or not Customer actually receive the email. By accepting this Agreement, Customer consents to receive all Communications through these means.

 

10. DATA PROTECTION.

Vendor acts as a data processor in relation to Personal Data collected through the Services for the purposes of Customer’s internal security management. The Customer acts as data controller in relation to the collected Personal Data by providing instructions when configuring the Services under the SoW and Documentation. The Customer is strictly responsible for complying with the data protection laws including GDPR provisions, complying with lawful processing of personal data, informing users about the use of their personal data, the security of personal data and ensuring data subjects can exercise their rights, according to the Data Protection Agreement between Vendor and Customer available here: https://www.bitdefender.com/site/view/data-processing-agreement.html

 

11. TECHNOLOGIES.

Vendor informs Customer that in the course of providing the Services, certain programs or solutions may use data collection technology to collect technical information (including suspect files).

Vendor reserves the right to collect certain information from the user activity, depending on the modules and services Customer has solicited under the Services. As such, Customer agrees that certain modules, services and components may collect pieces of data from Your systems for the purpose of evaluating and improving the ability of Vendor’s products to detect malicious behavior, potentially fraudulent websites and other Internet security risks.

Customer acknowledges that the Services may utilize automatic data processing and analysis technologies, which may include automated techniques, and which may rely on heuristics and other similar techniques, the accuracy and efficiency of which may vary or be affected by variables beyond Vendor’s knowledge or control, and accordingly while Vendor will do all things that are reasonably required to maximize the accuracy and efficiency of the Services, technically or otherwise, Customer acknowledges that: i) the output of the Services may contain errors and inaccuracies from time to time; ii) the Services are not designed to be used in isolation, and Customer must employ techniques independent of the Services, including manual analysis and verification of the output of the Services, to verify or contradict the accuracy of the output of the Services; and Iii) the technology that enables the Services may, from time to time, be updated, amended, and/or modified by Vendor, and the accuracy and efficiency of the Services may vary from time to time.

12. AUDIT RIGHTS.

Vendor may audit the use of the Services to verify that Your usage complies with the terms of this Agreement and with applicable Documentation. An audit will be done upon reasonable notice and during normal business hours, but not more often than once each year unless a material discrepancy was identified during the course of a prior review. Customer agrees to implement internal safeguards to prevent any unauthorized copying, distribution, installation, or use of, or access to, the Services. Customer further agree to keep records sufficient to certify Your compliance with this Agreement, and, upon request of Vendor, provide and certify metrics and/or reports based upon such records and accounting for both numbers of copies (by product and version) and network architectures as they may reasonably relate to Your deployment of the Services. If an audit reveals any deployment or use of the solutions that is in excess of the subscriptions conditions or is otherwise out of compliance with this Agreement, then Customer agree to promptly correct such non-compliance. If the usages for any unlicensed or excess utilization of all solutions audited hereunder is greater than, in the aggregate, ten percent (10%) of the actual licensed use for solutions purchased by Customer, Customer agrees to reimburse Vendor for its reasonable costs incurred in performing the audit.

 

13. FORCE MAJEURE.

Neither Party shall be in breach of the Agreement in the event it is unable to perform its obligations as a result of natural disaster, war, emergency conditions, labor strike, acts of terrorism, the substantial inoperability of the Internet, the inability to obtain supplies, or any other reason or condition beyond its reasonable control; provided, however, if such reasons or conditions remain in effect for a period of more than thirty (30) calendar days, either Party may terminate the Agreement affected by such force majeure following the written notice to the other Party. Notwithstanding the aforementioned, the Parties agree that payment obligations derived from this Agreement as well as the protection of Intellectual Property Rights shall not be delayed for any reason.

 

14. GENERAL.

If Customer is located in the United States or Canada, this Agreement is governed by the laws of the State of Florida, USA, with the venue in Broward County. If Customer is located in UK, APAC, Australia and New Zealand, this Agreement will be governed by the laws of UK, with the venue in Reading, If Customer is located in Singapore and Indonesia, this Agreement will be governed by the laws of Singapore, with the venue in Singapore. If Customer is located in the Netherlands, Belgium, Denmark, Finland, Iceland, Norway, and Sweden, this Agreement is governed by the Dutch Laws with the venue in the Hague. If Customer is located in Germany and Austria, this Agreement is governed by the German Laws with the venue in München. If Customer are located in rest of Europe, Africa, Middle East and Asia, this Agreement will be governed by the laws of Romanian with the venue in the courts of Bucharest.

In the event of invalidity of any provision of this Agreement, the invalidity shall not affect the validity of the remaining portions of this Agreement.

This Agreement describes certain legal rights. Customer may have other rights under the laws of Your state or country. Customer may also have rights with respect to the party from whom Customer acquired the Services. This Agreement does not change Your rights or obligations under the laws of Your state or country if the laws of Your state or country do not permit it to do so.

Vendor reserves the right to cooperate with any legal process and any law enforcement or other government inquiry related to Your use of this Services and Services. This means that Vendor may provide documents and information relevant to a court subpoena or to a law enforcement or other government investigation according to applicable law after taking reasonable measures to protect it.

Either party represents and warrants that (i) in connection with this Agreement, it has not and will not make any payments or gifts or any offers or promises of payments or gifts of any kind, directly or indirectly, to any official of any foreign government or any agency or instrumentality thereof and (ii) it will comply in all respects with the Foreign Corrupt Practices Act and any other applicable laws and (iii) it will comply with the export compliance laws applicable to each party fulfillment its obligation under this Agreement.

 Services is be subject to U.S. and foreign export control laws. Customer agree to comply with all laws and regulations of the United States and other countries where Services is used by Customer and Your users to ensure that they are not exported, directly or indirectly, in violation of such laws.

To the maximum extent permissible by written waiver, disclaimer, limitation, and/or exclusion under Applicable Laws, this Agreement is entered into solely between and for the benefit of, and may be enforced only by, the Parties hereto and no third party shall have any right/benefit hereunder, whether arising hereunder, under any statute now or hereafter enacted (such as Contracts (Rights of Third Parties) Act of 1999 in the UK and similar laws enacted in Ireland, Singapore, New Zealand, Hong Kong S.A.R., and certain states of Australia, the application of each of which is hereby barred and disclaimed), or otherwise. This Agreement does not, and shall not be deemed to, create any express or implied rights, remedies, benefits, claims, or causes of action (legal, equitable or otherwise) in or on behalf of any third parties including employees, independent consultants, agents, and Affiliates of a Party, or otherwise create any obligation or duty to any third party; provided, however, notwithstanding anything contained herein this Agreement to the contrary, Vendor’s hardware suppliers, software licensors, and Resellers shall be intended third party beneficiaries for the exclusions, limitations, and disclaimers with respect to Vendor Solutions as stated in this Agreement.

Vendor and Vendor logos are trademarks of VENDOR. All other trademarks used in the product or in associated materials are the property of their respective owners.

Vendor retains the right to assign this Agreement in its sole discretion. Customer may not assign this Agreement without the prior written permission of Vendor.

 

Publicity. Vendor may use the Customer’s name and logo on its website or in any of its advertising, publicity, or promotional material, without referencing the content of the services provided and Vendor will use its best efforts to coordinate such advertising or promotion with Customer.

Nothing in this Agreement shall be construed as precluding or limiting in any way the right of Vendor to provide consulting, development, or other services of any kind to any individual or entity (including without limitation performing services or developing materials which are similar to and/or competitive with the Services and/or Deliverables hereunder).

Vendor may revise these Terms at any time and the revised terms shall automatically apply to the corresponding versions of the Services distributed with the revised terms. If any part of the Agreement is found void and unenforceable, it will not affect the validity of rest of the Terms, which shall remain valid and enforceable. In case of controversy or inconsistency between translations of the Agreement to other languages, the English version issued by Vendor shall prevail.

This Agreement and all related SoWs and Addenda form the entire agreement between Customer and Vendor regarding the subject matter hereof. Any conflict between this Agreement and the terms of any SOW, any Order Form, or other exhibit hereto, will be resolved in the following order: (a) any SoW in date order with the most recent SoW being of highest precedence; and (b) this Master Subscription Agreement. This entire agreement supersedes all prior or contemporaneous negotiations or agreements, both oral and written, between the parties regarding its subject matter. Any preprinted terms on any Customer purchase order will have no effect on the terms of this Agreement and are hereby rejected. Headings are for reference purposes. Any additional, conflicting, or different terms or conditions proposed by Customer in any its issued document (such as an SOW or Order), are hereby rejected by Vendor and excluded herefrom.

Contact VENDOR, Horangi at 109 North Bridge Road, #05-21, Funan, Singapore (179097), e-mail address: office@horangi.com.