End User Licence Agreement
-THIS EULA IS GDPR COMPLAINT-
IMPORTANT NOTICE: PLEASE READ CAREFULLY BEFORE PROCEEDING. This end user licence agreement (EULA) is a legal agreement between you (Customer or you) and CybSafe Limited (CybSafe) incorporated and registered in England and Wales with company number 9642350 whose registered office is at Windmill Hill Business Park, Whitehill Way, Swindon SN5 6QR for the use of the subscription services provided by CybSafe via an authorised reseller to you under this EULA via https://cybsafe.com or any other website notified to the Client by CybSafe from time to time, as more particularly described in the Documentation.
BY CHECKING ON THE “ACCEPT” BOX YOU AGREE TO THE TERMS OF THIS EULA WHICH WILL BIND YOU AND YOUR EMPLOYEES. IF YOU DO NOT AGREE TO THE TERMS OF THIS EULA, WE ARE UNWILLING TO PROVIDE YOU WITH ACCESS TO THE SERVICES. IN THIS CASE YOU MUST RETURN ANY CUSTOMER CODE AND ANY ACCOMPANYING DOCUMENTATION TO THE RESELLER FROM WHOM YOU PURCHASED THE SERVICES.
You should save a copy of this EULA for future reference.
1. I NTERPRETATION
1.1 The definitions and rules of interpretation in this clause apply in this EULA.
(a) Agreed Terms: The agreement made between the Customer and the Authorised Reseller for the provision of the Services.
(b) Analytical Data: the data provided to the Customer via the Services and in accordance with the Documentation detailing the Authorised Users use of the Services.
(c) Authorised Reseller: a person authorised by CybSafe to resell and distribute the Services
(d) Authorised Users: those employees, agents and independent contractors of the Customer who are authorised by the Customer to use the Services and the Documentation, as further described in clause 2.2(d).
(e) Business Day: a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.
(f) Complaint: a complaint or request relating to either party’s obligations under Data Protection Laws relevant to this Agreement, including any compensation claim from a Data Subject or any notice, investigation or other action from a Supervisory Authority;
(g) Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in clause 7.6.
(h) Customer Code: the unique reference number or link specified by CybSafe and provided to the Customer by the Authorised Reseller which allows a Customer to access the Service.
(i) Customer Data: the data inputted by the Customer, Authorised Users, or an Authorised Reseller on the Customer’s behalf for the purpose of using the Services or facilitating the Customer’s use of the Services.
(j) Data Controller : has the meaning set out in the Data Protection Laws;
(k) Data Processor : has the meaning given to that term (or to the term ‘processor’) in the Data Protection Laws;
(l) Data Protection Laws :
(i) the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426, and any laws or regulations implementing Directive 95/46/EC (Data Protection Directive) or Directive 2002/58/EC (ePrivacy Directive); and/or
(ii) the General Data Protection Regulation (EU) 2016/679 (GDPR), once applicable, and/or any corresponding or equivalent United Kingdom national laws or regulations (Revised UK DP Law);
(iii) and, in either case any judicial or administrative interpretation of any of the above, any guidance, guidelines, codes of practice, approved codes of conduct or approved certification mechanisms issued by any relevant Supervisory Authority
(m) Data Subject : has the meaning set out in the Data Protection Laws;
(n) Data Subject Request: a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Laws;
(o) Documentation: the document made available to the Customer by CybSafe online via https://cybsafe.com or such other web address notified by CybSafe to the Customer from time to time which sets out a description of the Services and the user instructions for the Services.
(p) Personal Data : has the meaning given to that term in the Data Protection Laws and relates only to personal data, or any part of such personal data, in respect of which the Customer is the Data Controller and in relation to which Cybsafe is providing services under this Agreement (but does not, in particular, include personal data provided by an Authorised User or the Customer to a third party acting in the capacity of a data controller);
(q) Services: the subscription services provided by CybSafe to the Customer under this EULA via https://cybsafe.com or any other website notified to the Customer by CybSafe from time to time, as more particularly described in the Documentation.
(r) Software: the online software applications provided by CybSafe as part of the Services.
(s) Subscription Term: The Subscription Term agreed between the Customer and an Authorised Reseller
(t) Supervisory Authority : any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws
(u) User Subscriptions: the user subscriptions purchased by the Customer from an Authorised Reseller which entitle Authorised Users to access and use the Services and the Documentation in accordance with this EULA.
(v) Virus: any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
1.2 Clause, schedule and paragraph headings shall not affect the interpretation of this EULA.
1.3 A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality) and that person’s legal and personal representatives, successors or permitted assigns.
1.4 A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.
1.5 Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.
1.6 Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.
1.7 A reference to a statute or statutory provision is a reference to it as it is in force as at the date of this EULA.
1.8 A reference to a statute or statutory provision shall include all subordinate legislation made as at the date of this EULA under that statute or statutory provision.
1.9 A reference to writing or written includes faxes but not e-mail.
1.10 References to clauses and schedules are to the clauses and schedules of this EULA; references to paragraphs are to paragraphs of the relevant schedule to this EULA.
1.11 A reference to a holding company or a subsidiary means a holding company or a subsidiary (as the case may be) as defined in section 1159 of the Companies Act 2006. In the case of a limited liability partnership which is a subsidiary of a company or another limited liability partnership, section 1159 of the Companies Act 2006 shall be construed so that: (a) references in sections 1159(1)(a) and (c) to voting rights are to the members’ rights to vote on all or substantially all matters which are decided by a vote of the members of the limited liability partnership; and (b) the reference in section 1159(1)(b) to the right to appoint or remove a majority of its board of directors is to the right to appoint or remove members holding a majority of the voting rights.
2.1 Subject to the restrictions set out in this clause 2 and the other terms and conditions of this EULA, CybSafe hereby grants to the Customer a non-exclusive, non-transferable right to permit the Authorised Users to use the Services and the Documentation during the Subscription Term solely for the Customer’s internal business operations.
2.2 In relation to the Authorised Users, the Customer undertakes that:
(a) the maximum number of Authorised Users that it authorises to access and use the Services and the Documentation shall not exceed the number of User Subscriptions it has purchased from time to time;
(b) it will not allow or suffer any User Subscription to be used by more than one individual Authorised User;
(c) each Authorised User shall keep a secure password for his use of the Services and Documentation, and that each Authorised User shall keep his password confidential;
(d) it shall maintain a written, up to date list of current Authorised Users and provide such list to CybSafe or the Authorised Reseller through whom it purchases the Services within 5 Business Days of CybSafe’s written request at any time or times;
(e) it shall permit CybSafe to audit the Services in order to establish the name and password of each Authorised User. Such audit may be conducted no more than once per quarter, at CybSafe’s expense, and this right shall be exercised with reasonable prior notice, in such a manner as not to substantially interfere with the Customer’s normal conduct of business; and
(f) if any of the audits referred to in clause 2.2(e) reveal that any password has been provided to any individual who is not an Authorised User, then without prejudice to CybSafe’s other rights, the Customer shall promptly disable such passwords and CybSafe shall not issue any new passwords to any such individual.
2.3 The Customer shall not:
(a) except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties:
(i) and except to the extent expressly permitted under this EULA, attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software and/or Documentation (as applicable) in any form or media or by any means; or
(ii) attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software;
(b) access all or any part of the Services and Documentation in order to build a product or service which competes with the Services and/or the Documentation; or
(c) use the Services and/or Documentation to provide services to third parties; or
(d) subject to clause 13.1, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services and/or Documentation available to any third party except the Authorised Users, or
(e) attempt to obtain, or assist third parties in obtaining, access to the Services and/or Documentation, other than as provided under this clause 2
2.4 The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify the Authorised Reseller.
2.5 The rights provided under this clause 2are granted to the Customer only, and shall not be considered granted to any subsidiary or holding company of the Customer unless the Authorised Reseller agrees otherwise in writing.
2.6 CybSafe shall, during the Subscription Term, provide the Services and make available the Documentation to the Customer on and subject to the terms of this EULA.
3. CUSTOMER DATA
3.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
3.2 CybSafe shall follow its archiving procedures for Customer Data and the Analytical Data as set out in its Back-Up Policy available at https://cybsafe.com or such other website address as may be notified to the Customer from time to time, as such document may be amended by CybSafe in its sole discretion from time to time. In the event of any loss or damage to Customer Data or Analytical Data, the Customer’s sole and exclusive remedy shall be for CybSafe to use reasonable commercial endeavours to restore the lost or damaged Customer Data or Analytical Data from the latest back-up of such Customer Data or Analytical Data maintained by CybSafe in accordance with the archiving procedure described in its Back-Up Policy. CybSafe shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by CybSafe to perform services related to Customer Data maintenance and back-up).
3.4 If CybSafe processes any Personal Data on the Customer’s behalf when performing its obligations under this EULA, the parties record their intention that the Customer shall be the data controller and CybSafe shall be a data processor.
3.5 Cybsafe shall comply with all Data Protection Laws (which apply to it in its capacity as a data processor) in connection with the processing of Personal Data in respect of the delivery of the Services and the exercise and performance of its rights and obligations under this Agreement.
3.6 The Customer shall comply with all Data Protection Laws (which apply to it in its capacity as a data controller) in connection with the processing of Personal Data in respect of the exercise and performance of its rights and obligations under this Agreement, and to enable Cybsafe to deliver the Services.
3.7 Instructions and details of processing – Insofar as Cybsafe processes Personal Data on behalf of the Customer:
3.7.1 unless required to do otherwise by applicable laws, Cybsafe shall (and shall ensure each person acting under its authority shall) process the Personal Data only on and in accordance with the Customer’s documented instructions as set out in this clause 3 and Schedule 2 (Data Processing Details), and as updated from time to time by the written agreement of the parties ( Processing Instructions ); and
3.7.2 if any applicable laws require it to process Personal Data other than in accordance with the Processing Instructions, Cybsafe shall notify the Customer of any such requirement before processing the Personal Data (unless any of the applicable laws prohibit such information on important grounds of public interest).
3.8 Technical and organisational measures – Cybsafe shall implement and maintain, at its cost and expense (taking into account those factors which it is entitled to take into account pursuant to the Data Protection Laws) appropriate technical and organisational measures in relation to the processing of Personal Data by Cybsafe:
3.8.1 so as to ensure a level of security in respect of the Personal Data processed by it is appropriate to the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed; and
3.8.2 without prejudice to clause 3.11, insofar as is possible, to assist the Customer in the fulfilment of the Customer’s obligations to respond to Data Subject Requests relating to Personal Data.
3.9 Using staff and other processors – Cybsafe shall not engage another Data Processor for carrying out any processing activities in respect of the Personal Data without the Customer’s prior written consent. The Customer consents to the processing of Personal Data by the Authorised Reseller in accordance with the Data Processing Instructions.
3.10 Cybsafe shall ensure that all Cybsafe personnel processing Personal Data:
3.10.1 are subject to obligations of confidentiality which apply, generally or specifically, to the Personal Data; and
3.10.2 are reliable and have received appropriate training on compliance with the Data Protection Laws.
3.11 Assistance with Customer’s Compliance with Data Subject Rights – Cybsafe shall:
3.11.1 record and then refer all Data Subject Requests it receives to the Customer, without undue delay;
3.11.2 provide such assistance to the Customer as the Customer reasonably requests in relation to a Data Subject Request; and
3.11.3 not respond to any Data Subject Request or Complaint without the Customer’s prior written approval.
3.12 Without prejudice to clause 3.11 Cybsafe shall, at its cost and expense, provide such assistance to the Customer as the Customer reasonably requires (taking into account the nature of processing and the information available to Cybsafe) in ensuring compliance with such obligations as apply to the Customer under Data Protection Laws, with respect to:
3.12.1 security of processing;
3.12.2 Data Protection Impact Assessments (as such term is defined in the Data Protection Laws;
3.12.3 prior consultation with a Supervisory Authority regarding high risk processing.
3.13 International Data Transfer
3.13.1 Subject to clause 3.13.2, Cybsafe shall not engage another Data Processor (Sub Processor) for carrying out any processing activities in respect of the Personal Data without the Client’s prior written consent;
3.13.2 Subject to clause 3.13.3, and without prejudice to the generality of clause 3.13.1, the Customer consents to the appointment of Sub Processors in connection with certain tools used by Cybsafe to deliver the Services, and for the purpose of some web hosting undertaken for Cybsafe in connection with the Services and to the processing of Personal Data by each of such Sub Processors in accordance with the Data Processing Instructions.
3.13.3 Cybsafe may only transfer the Personal Data to the Sub Processors and permit the processing of Personal Data outside the EU under the following conditions:
(a) the Personal Data is being processed in a territory which is subject to a current finding by the European Commission under the Data Protection Laws that the territory provides adequate protection for the privacy rights of individuals; or
(b) Cybsafe participates in a valid cross-border transfer mechanism under the Data Protection Laws, and has entered into an agreement with each Sub Processor which includes the European Commission’s Standard Contractual Clauses for the transfer of Personal Data from the European Union to processors established in third countries, as set out in the Annex to Commission Decision 2010/87/EU
3.14 Records, Information and Audit – Cybsafe shall maintain complete, accurate and up to date written records of all categories of processing activities carried out on behalf of the Customer being:
3.14.1 the name and contact details of the Data Processor(s) and (subject to the Customer providing such information) of each Data Controller on behalf of which the Data Processor is acting, and of Cybsafe’s representative and data protection officer (if any);
3.14.2 the categories of processing carried out on behalf of each Data Controller;
3.14.3 where applicable, details of transfers of Personal Data to an International Recipient; and
3.14.4 where possible, a general description of the technical and organisational security measures referred to in clause 3.8.
3.15 Cybsafe shall make available to the Customer on request in a timely manner copies of the records under clause 3.14.
3.16 Subject to clause 3.22 Cybsafe shall allow for and contribute to audits, including inspections, conducted by the Customers or another auditor mandated by the Customer, for the purpose of demonstrating compliance by Cybsafe with its obligations under Data Protection Laws and under this clause 3.
3.17 Breach notification – In respect of any Personal Data Breach, Cybsafe shall:
3.17.1 notify the Customer of the Personal Data Breach without undue delay;
3.17.2 provide the Customer without undue delay with such details as the Customer reasonably requires regarding:
(a) the nature of the Personal Data Breach, including the categories and approximate numbers of Data Subjects and Personal Data records concerned;
(b) the likely consequences of the Personal Data Breach; and
(c) any measures taken, or that Cybsafe recommends, to address the Personal Data Breach, including to mitigate its possible adverse effects, provided that, (without prejudice to the above obligations) if Cybsafe cannot provide all these details without undue delay it shall provide the Customer with reasons for the delay and when it expects to be able to provide the relevant details (which may be phased), and give the Customer regular updates on these matters.
3.18 Each party shall promptly inform the other party if it receives a Complaint and provide the Customer with full details of such Complaint.
3.19 Deletion or return of Personal Data and copies – Cybsafe shall without delay, at the Customer’s written request, either securely delete or securely return all the Personal Data to the Customer after the end of the provision of the relevant Services related to processing unless:
3.19.1 storage of any data is required by applicable laws and, if so, Cybsafe shall inform the Customer of any such requirement); or
3.19.2 Cybsafe requires storage of any data for the establishment, exercise or defence of legal claims.
3.20 The Customer acknowledges that Cybsafe is reliant on the Customer for direction as to the extent to which Cybsafe is entitled to use and process the Personal Data. Consequently, Cybsafe will not be liable for any claim brought by a Data Subject arising from any action or omission by Cybsafe to the extent that such action or omission resulted from the Customer’s instructions or from the Customer’s failure to comply with Data Protection Laws or its obligations under this Agreement.
3.21 Without prejudice to clause 3.5 the Customer shall:
3.21.1 establish the legal basis under Data Protection Laws for the processing of the Personal Data by Cybsafe and any Third-Party Providers for the delivery of the Services (including, in the absence of any other legal basis, all necessary consents);
3.21.2 provide Cybsafe with details of such legal basis.
3.22 Each audit and inspection referred to in clause 3.16 shall be carried out:
3.22.1 during normal business hours on at least 20 Business Days’ prior written notice to Cybsafe and shall take no longer than two Business Days;
3.22.2 not more than once in any twelve month period;
3.22.3 in a manner that is limited to that which is reasonably required to demonstrate compliance with Cybsafe’s obligations under the Data Protection Laws and this clause 3, without access to Cybsafe confidential information unrelated to this Agreement (including information relating to other customers of Cybsafe; and
3.22.4 In so far as reasonably possible, in a manner that minimises disruption to Cybsafe’s business and the delivery of the Services.
3.23 This clause 3 shall survive termination of the Agreement.
4. CYBSAFE’S OBLIGATIONS
4.1 CybSafe undertakes that the Services will be performed substantially in accordance with the Documentation and with reasonable skill and care.
4.2 The undertaking at clause 4.1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to CybSafe’s instructions, or modification or alteration of the Services by any party other than CybSafe or CybSafe’s duly authorised contractors or agents. If the Services do not conform with the foregoing undertaking, CybSafe will, at its expense, use all reasonable commercial endeavours to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Customer’s sole and exclusive remedy for any breach of the undertaking set out in clause 4.1. Notwithstanding the foregoing, CybSafe:
(a) does not warrant that the Customer’s use of the Services will be uninterrupted or error-free; or that the Services, Documentation and/or the information obtained by the Customer through the Services will meet the Customer’s requirements; and
(b) is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
5. CUSTOMER’S OBLIGATIONS
5.1 The Customer shall:
(a) comply with all applicable laws and regulations with respect to its activities under this EULA;
(b) ensure that the Authorised Users use the Services and the Documentation in accordance with the terms and conditions of this EULA and shall be responsible for any Authorised User’s breach of this EULA;
(c) obtain and shall maintain all necessary licences, consents, and permissions necessary for CybSafe, its contractors and agents to perform their obligations under this EULA, including without limitation the Services;
(d) ensure that its network and systems comply with the relevant specifications provided by CybSafe from time to time; and
(e) be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to CybSafe’s data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer’s network connections or telecommunications links or caused by the internet.
6. PROPRIETARY RIGHTS
6.1 The Customer acknowledges and agrees that CybSafe and/or its licensors own all intellectual property rights in the Services and the Documentation. Except as expressly stated herein, this EULA does not grant the Customer any rights to, or in, patents, copyright, database right, trade secrets, trade names, trade marks (whether registered or unregistered), or any other rights or licences in respect of the Services or the Documentation.
6.2 CybSafe confirms that it has all the rights in relation to the Services and the Documentation that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of this EULA.
7.1 Each party may be given access to Confidential Information from the other party in order to perform its obligations under this EULA. A party’s Confidential Information shall not be deemed to include information that:
(a) is or becomes publicly known other than through any act or omission of the receiving party;
(b) was in the other party’s lawful possession before the disclosure;
(c) is lawfully disclosed to the receiving party by a third party without restriction on disclosure;
(d) is independently developed by the receiving party, which independent development can be shown by written evidence; or
(e) is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.
7.2 Each party shall hold the other’s Confidential Information in confidence and, unless required by law or as permitted by clause 7.3, not make the other’s Confidential Information available to any third party, or use the other’s Confidential Information for any purpose other than the implementation of this EULA.
7.3 CybSafe shall be permitted to share the following limited information with the Authorised Reseller from whom the Customer purchased the Services: Customer name, account status (active/inactive); number of Authorised Users; overview performance statistics; expiry date of current subscription term.
7.4 Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this EULA.
7.5 Neither party shall be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party.
7.6 The Customer acknowledges that details of the Services, and the results of any performance tests of the Services, constitute CybSafe’s Confidential Information.
7.7 CybSafe acknowledges that the Customer Data is the Confidential Information of the Customer.
7.8 This clause 7 shall survive termination of this EULA, however arising.
7.9 Customer acknowledges that and provides consent that CybSafe may make, any public announcement concerning this agreement without the prior written consent of the other parties, except as required by law, any governmental or regulatory authority (including, without limitation, any relevant securities exchange), any court or other authority of competent jurisdiction.
8.1 CybSafe shall defend the Customer, its officers, directors and employees against any claim that the Services or Documentation infringes any United Kingdom patent effective as of the date that the Customer first accesses the Services, copyright, trade mark, database right or right of confidentiality, and shall indemnify the Customer for any amounts awarded against the Customer in judgment or settlement of such claims, provided that:
(a) CybSafe is given prompt notice of any such claim;
(b) the Customer provides reasonable co-operation to CybSafe in the defence and settlement of such claim, at CybSafe’s expense; and
(c) CybSafe is given sole authority to defend or settle the claim.
8.2 In the defence or settlement of any claim, CybSafe may procure the right for the Customer to continue using the Services, replace or modify the Services so that they become non-infringing or, if such remedies are not reasonably available, terminate this EULA on 2 Business Days’ notice to the Customer without any additional liability or obligation to pay liquidated damages or other additional costs to the Customer.
8.3 In no event shall CybSafe, its employees, agents and sub-contractors be liable to the Customer to the extent that the alleged infringement is based on:
(a) a modification of the Services or Documentation by anyone other than CybSafe; or
(b) the Customer’s use of the Services or Documentation in a manner contrary to the instructions given to the Customer by CybSafe; or
(c) the Customer’s use of the Services or Documentation after notice of the alleged or actual infringement from CybSafe or any appropriate authority.
8.4 The foregoing states the Customer’s sole and exclusive rights and remedies, and CybSafe’s (including CybSafe’s employees’, agents’ and sub-contractors’) entire obligations and liability, for infringement of any patent, copyright, trade mark, database right or right of confidentiality.
9. LIMITATION OF LIABILITY
9.1 This clause 9 sets out the entire financial liability of CybSafe (including any liability for the acts or omissions of its employees, agents and sub-contractors) to the Customer:
(a) arising under or in connection with this EULA;
(b) in respect of any use made by the Customer of the Services and Documentation or any part of them; and
(c) in respect of any representation, statement or tortious act or omission (including negligence) arising under or in connection with this EULA.
9.2 Except as expressly and specifically provided in this EULA:
(a) the Customer assumes sole responsibility for results obtained from the use of the Services and the Documentation by the Customer, and for conclusions drawn from such use;
(b) all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this EULA; and
(c) the Services and the Documentation are provided to the Customer on an “as is” basis.
9.3 Nothing in this EULA excludes the liability of CybSafe:
(a) for death or personal injury caused by CybSafe’s negligence; or
(b) for fraud or fraudulent misrepresentation.
9.4 Subject to clause 9.2 and clause 9.3:
(a) CybSafe shall not be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under this EULA; and
(b) CybSafe’s total aggregate liability in contract tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this EULA shall be limited to the total subscription fees paid by the Authorised Reseller to CybSafe for the User Subscriptions during the 12 months immediately preceding the date on which the claim arose.
10. TERM AND TERMINATION
10.1 This EULA shall, unless otherwise terminated as provided in this clause 10, commence on the date agreed between the Customer and the Authorised Reseller and will terminate when the Agreed Terms terminate or expire.
10.2 Without affecting any other right or remedy available to it, either party may terminate this EULA with immediate effect by giving written notice to the other party if:
(a) the other party fails to pay any amount due under this EULA on the due date for payment and remains in default not less than 20 days after being notified in writing to make such payment;
(b) the other party commits a material breach of any other term of this EULA which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so;
(c) the other party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;
(d) a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of that other party other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;
(e) an application is made to court, or an order is made, for the appointment of an administrator, or if a notice of intention to appoint an administrator is given or if an administrator is appointed, over the other party;
(f) the holder of a qualifying floating charge over the assets of that other party has become entitled to appoint or has appointed an administrative receiver;
(g) a person becomes entitled to appoint a receiver over the assets of the other party or a receiver is appointed over the assets of the other party;
(h) a creditor or encumbrancer of the other party attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of the other party’s assets and such attachment or process is not discharged within 14 days;
(i) any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in clause 10.2(c) to clause 10.2(h) (inclusive).
10.3 On termination of this EULA for any reason:
(a) all licences granted under this EULA shall immediately terminate;
(b) CybSafe may terminate any licence granted to Authorised Users in connection with the use of a mobile application as part of the Services;
(c) each party shall return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to the other party;
(d) CybSafe may destroy or otherwise dispose of any of the Customer Data and the Analytical Data in its possession unless CybSafe receives, no later than ten days after the effective date of the termination of this EULA, a written request for the delivery to the Customer of the then most recent back-up of the Customer Data and Analytical Data. CybSafe shall use reasonable commercial endeavours to deliver the back-up to the Customer within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination).
The Customer shall pay all reasonable expenses incurred by CybSafe in returning or disposing of Customer Data and Analytical Data or providing the Customer with a back-up copy of such data; and
(e) any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination shall not be affected or prejudiced.
11. FORCE MAJEURE
CybSafe shall have no liability to the Customer under this EULA if it is prevented from or delayed in performing its obligations under this EULA, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of CybSafe or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors, provided that the Customer is notified of such an event and its expected duration.
12.1 Conflict. If there is an inconsistency between any of the provisions in the Agreed Terms, the main body of this EULA and the Schedule, the provisions shall take precedence in the order stated in this clause 15.1.
12.2 Variation. CybSafe shall be entitled to vary the terms of this EULA by giving the Customer 30 days notice by email. No other variation of this EULA shall be effective unless it is in writing and signed by the parties (or their authorised representatives). The administrator of the Customer’s account shall be deemed to be an authorised representative of the Customer.
12.3 Waiver. No failure or delay by a party to exercise any right or remedy provided under this EULA or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
12.4 Rights and Remedies. Except as expressly provided in this EULA, the rights and remedies provided under this EULA are in addition to, and not exclusive of, any rights or remedies provided by law.
12.5 Severance. If any provision (or part of a provision) of this EULA is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, the other provisions shall remain in force.
12.6 If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were deleted, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties.
12.7 Entire Agreement. This EULA, and any documents referred to in it, constitute the whole agreement between the parties and supersede any previous arrangement, understanding or agreement between them relating to the subject matter they cover.
12.8 Each of the parties acknowledges and agrees that in entering into this EULA it does not rely on any undertaking, promise, assurance, statement, representation, warranty or understanding (whether in writing or not) of any person (whether party to this EULA or not) relating to the subject matter of this EULA, other than as expressly set out in this EULA.
12.9 No Partnership or Agency. Nothing in this EULA is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
12.10 Third Party Rights. This EULA does not confer any rights on any person or party (other than the parties to this EULA and, where applicable, their successors and permitted assigns) pursuant to the Contracts (Rights of Third Parties) Act 1999.
13.1 The Customer shall not, without the prior written consent of CybSafe (which shall not be unreasonable withheld or delayed), assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this EULA.
13.2 CybSafe may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this EULA.
14.1 Any notice required to be given under this EULA shall be in writing and shall be delivered by hand or sent by pre-paid first-class post or recorded delivery post or email to the other party at its address set out in this EULA, the customer portal at https://cybsafe.com or such other address as may have been notified by that party for such purposes.
14.2 A notice delivered by hand shall be deemed to have been received when delivered (or if delivery is not in business hours, at 9 am on the first business day following delivery). A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A notice sent by email shall be deemed to have been received when sent.
15. GOVERNING LAW AND JURISDICTION
15.1 This EULA and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.
15.2 Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this EULA or its subject matter or formation (including non-contractual disputes or claims).
THIS AGREEMENT has been entered into on the date stated at the beginning of it.
END OF MAIN DOCUMENT
SCHEDULE 1 – SERVICE LEVEL AGREEMENT
1. I NTERPRETATION
The following definitions and rules of interpretation apply in this schedule.
Commercially Reasonable Efforts: the same degree of priority and diligence with which Cybsafe meets the support needs of its other similar customers.
Customer Cause: any of the following causes:
(a) any improper use, misuse or unauthorised alteration of the Software or Services by the Customer;
(b) any use of the Software or Services by the Customer in a manner inconsistent with the then-current Documents; and
(c) outages or disruptions to the Service caused by the Customer.
Fault: any failure of the Services to operate in all material respects in accordance
with the Documentation, including any failure or error referred to in the Service Level Table.
Help Desk Support: any support provided by help desk technicians sufficiently qualified and experienced to identify and resolve most support issues relating to the Services.
Main Agreement: the agreement to which this schedule relates.
Out-of-scope Services: any services provided by Cybsafe in connection with any apparent problem regarding the Services reasonably determined by Cybsafe not to have been caused by a Fault, but rather by a Customer Cause or a cause outside Cybsafe’s control (including any investigational work resulting in such a determination).
Service Levels: the service levels set out in paragraph 5.1.
Solution: either of the following outcomes:
(a) correction of a Fault; or
(b) a workaround in relation to a Fault (including a reversal of any changes to the Software and/or Services if deemed appropriate by Cybsafe) that is reasonably acceptable to the Customer.
Support Request: request made by the Customer in accordance with this schedule for support in relation to the Services, including correction of a Fault.
Support Services: Maintenance of the Software and providing Help Desk Support but excluding any Out-of-scope Services.
1.2 All initial capitalised terms in this schedule shall have the meaning given to them in the Main Agreement.
2. SUPPORT SERVICES
2.1 During the Subscription Term Cybsafe shall perform the Support Services during the Normal Working Hours in accordance with the Service Levels.
2.2 As part of the Support Services, Cybsafe shall:
(a) provide Help Desk Support by means of the following e-mail address firstname.lastname@example.org and by means of the help desk support page;
(b) use Commercially Reasonable Efforts to correct all Faults notified under paragraph (a); and
(c) provide technical support for the Software and the Services in accordance with the Service Levels.
2.3 Cybsafe shall carry out planned maintenance outside of the Core Hours; and
2.4 Cybsafe may reasonably determine that any services are Out-of-scope Services. If Cybsafe makes any such determination, it shall promptly notify the Customer of that determination.
2.5 The Customer acknowledges that Cybsafe is not obliged to provide Out-of-scope Services.
3.1 The provision of Support Services on a remote (via email), off-site basis within the Subscription Term shall be included in the fees you pay to our Authorised Reseller
3.2 The provision of Support Services outside the Subscription Term or at the Customer’s premises or the provision of Out-of-scope Services shall be charged at the time and materials rates agreed between the parties when the Out-of-Scope Services are requested.
4. SUBMITTING SUPPORT REQUESTS AND ACCESS
4.1 The Customer may request Support Services by way of a Support Request made via email by completing the support request form on the help desk support page.
4.2 Each Support Request shall include a description of the problem and the start time of the incident.
4.3 The Customer shall provide Cybsafe with:
(a) prompt notice of any Faults; and
(b) such output and other data, documents, information, assistance and (subject to compliance with all Customer’s security and encryption requirements notified to Cybsafe in writing) remote access to the Customer System, as are reasonably necessary to assist Cybsafe to reproduce operating conditions similar to those present when the Customer detected the relevant Fault and to respond to the relevant Support Request.
4.4 All Support Services shall be provided remotely by Cybsafe.
5. SERVICE LEVELS
Service Availability and Maintenance
5.1 Cybsafe shall use commercially reasonable endeavours to make the Services available 97% of the time during the Core Hours, except for unscheduled maintenance performed during the Core Hours, provided that Cybsafe has used reasonable endeavours to give the Customer at least 3 Core Hours’ notice in advance.
5.2 Cybsafe shall:
(a) prioritise all Support Requests based on its reasonable assessment of the severity level of the problem reported; and
(b) respond to all Support Requests within the response times specified in the table set out below by acknowledging receipt of the Support Request and commencing Commercially Reasonable Efforts to achieve a Solution:
Severity level of Fault
Service Level response time*
Fatal: An error in, or failure of, the Services such that the Services are unavailable to all Authorised Users
4 Normal Working Hours
Severe: An error in, or failure of, the Services with more than 25% of Authorised Users or critical functions affected but which is not a Fatal Fault. Use of Services is intermittent.
12 Normal Working Hours
Medium: An error in, or failure of, the Services:
a) that affects between more than 10% number of Authorised Users but which is not a Fatal or Severe Fault; and/or
b) that affects a limited number of functions;but the Services can still be used.
24 Normal Working Hours
Minor: An error in, or failure of, the Services that affects less than 10% of Authorised Users. The Service can still be used.
3 Business Days
*For the purposes of this table, where a Support Request is received outside Normal Working Hours, it shall be deemed to have been received upon the commencement of the next Normal Working Hour.
5.3 The parties may, on a case-by-case basis, agree in writing to a reasonable extension of the Service Level response times.
5.4 Cybsafe shall give the Customer regular updates of the nature and status of its efforts to correct any Fault.
5.5 All Support Requests shall be received and responded to in English
6.1 If the Customer is not satisfied with the response or the response time, the Customer may escalate the Support Request to the parties’ respective Relationship Managers.
7.1 In addition to the mechanisms for giving notice specified in clause
17 of the Main Agreement, the parties may communicate in respect of any matter referred to in this agreement by e-mail (unless specified otherwise).
SCHEDULE 2 – DATA PROTECTION – DATA PROCESSING DETAILS
Subject matter of processing
Cybsafe is providing the Services to the Customer through a unified cyber awareness platform which educates Authorised Users via a range of modules designed to optimise behavioural change.
Duration of Processing
Personal Data will be processed for the duration of this Agreement
Nature and Purpose of Processing
Cybsafe will process the Personal Data in order to identify and authenticate Authorised Users, give the Customer and Authorised Users access to the learning modules, analyse the levels of understanding and improvements in behaviour of Authorised Users in relation to cyber security and provide analyses to the Customer.
Cybsafe will anonymise the Personal Data for use as comparative and statistical information.
Types of Personal Data to be Processed
Data of Authorised Users to be processed will be:
Categories of Data Subjects
The Data Subjects will be employees, agents and independent contractors of the Customer authorised to use the Services.
Transfers of Personal Data to a country outside EU/international organisation
Some third party tools – such as Google Analytics – used by Cybsafe to deliver the Services involve personal data being processed in the USA. This is only done under the legally binding personal data protection terms of EU-US Privacy Shield Agreement.
END OF SCHEDULE