Master Services Agreement
“Affiliate” means an entity that directly or indirectly controls, is controlled by, or is under common control with a Party. For purposes herein, “control” means ownership, directly or indirectly, of more than fifty percent (50%) of the voting shares or other equity interest in an entity. “Customer” or Client” means the person or entity receiving services from Cybereason. “DPA” means Cybereason’s Data Processing Agreement located at: https://www.cybereason.com/DPA, as may be amended or supplemented. “Offering” or “Service(s)” means any software and services provided by Cybereason under an SOW or pursuant to an order or a quote.
Cybereason shall provide Offerings as set out in a signed statement of work (SOW) agreed between the Parties (which shall be subject to the provisions contained herein) at the fees set out therein or a quotation/proposal/offer which has been confirmed by the Customer. In the event of any conflict between the terms herein (the “Agreement”) and an SOW, the former shall prevail unless otherwise expressly stated in the SOW. If Cybereason is requested to provide any services other than those set out in the SOW, the Parties shall agree to the fees for such additional work/services, and in the absence of such agreement such work/services shall be provided at Cybereason’s standard time and material rates.
For the avoidance of doubt, Cybereason may have any one or more of its Affiliates and/or subcontractors and/or independent contractors (collectively “Agents”) perform its obligations and relevant activities hereunder, which performance shall be subject to the terms and provisions of the Agreement. Cybereason is fully responsible for such performance of its Agents.
Services will be provided directly to Customer and under Customer’s instructions, save for where the Customer instructs Cybereason otherwise. Any services and/or information received from or provided to Customer’s legal counsel (and/or at request of such counsel) shall be treated as strictly confidential and protected by the Attorney-client privilege.
Fees will be invoiced at the time Services are ordered, unless otherwise designated in the applicable services description, quote or SOW. The fees agreed between the Parties do not include payment to Cybereason for any services it may be required to provide due to a subpoena clause related to the Services, and Customer shall reimburse Cybereason for such services based on Cybereason standard T&M rates.
All fees are exclusive of any taxes, including sales, use, excise, value added, withholding taxes, customs duties and tariffs now or hereafter claimed or imposed by any governmental authority, and are the net amounts to be actually received by Cybereason after payment of all such taxes, duties or charges all of which shall be paid by Customer and which are in addition to the amounts to be actually received by Cybereason. In the event Cybereason is required to pay any such tax, duty or charge, Customer will promptly reimburse Cybereason for any such actual fees on an after-tax basis. All fees are non-refundable and shall not be subject to any offsets or reductions (except as otherwise specifically provided herein). Customer is responsible for providing any applicable tax exemption certificates.
For purposes of providing the Offerings to Customer, Customer acknowledges and agrees that Cybereason may access, process and collect the data set out in the DPA and any other data or information described in an applicable quote, SOW, or Offering specification. Upon Customer’s reasonable request, Cybereason may enable the Offerings to collect additional data or information, including but not limited to, specific files or logs. To the extent that Cybereason processes any Customer Personal Data (as defined in the DPA, as applicable), the terms of the DPA, which are hereby incorporated by reference, shall apply and the Parties agree to comply with such terms.
“Confidential Information” means, any information, data or knowledge of any kind and in any form and however disclosed, presented or displayed, by a Party hereto and/or any of its Affiliates (“Disclosing Party”) to the other Party (the “Receiving Party”) and which is not generally available to the public, including products and services (and any related documentation), computer programs, business information, trade-secrets, methodology, know-how, marketing and other commercial/financial knowledge, techniques, specifications, plans and other proprietary information. Any reports prepared by Cybereason in the course of providing the Offerings shall be Cybereason’s Confidential Information and may be used solely for addressing a possible cybersecurity threat, litigation or other legal proceedings, or Customer’s internal business purposes, in all cases in accordance with all applicable laws.
Confidential Information shall not include information which (a) is in or comes into the public domain without fault on the part of the Receiving Party; (b) was lawfully known to it prior to its disclosure by the Disclosing Party; (c) is lawfully disclosed to the Receiving Party by a third party; (d) was independently developed without reference to the Confidential Information; (e) is made available to third parties by the Disclosing Party without restriction on the disclosure of such information; or (f) is approved by the Disclosing Party for release in writing.
The Receiving Party will maintain the Confidential Information in strict confidence and will use the same degree of care and discretion as it uses to protect its own confidential information. Except as authorized hereunder, the Receiving Party will not disclose or use or allow others to disclose or use the Confidential Information without the prior written consent of the Disclosing Party. The Receiving Party shall only use the Confidential Information for the purposes of this Agreement and only disclose the Confidential Information to its directors, officers, employees, Agents and any other person that the Disclosing Party has authorized the receiving Party to disclose the Confidential Information to (“Representatives”) who need to have access to the same for said purpose, provided that each of the Representatives is bound by confidentiality obligations no less restrictive than those contained herein and that the Receiving Party will be responsible for any breach of any of the provisions of this Agreement by its Representatives. If the Receiving Party/ its Representatives receives a request or order for disclosure of Confidential Information from any court, tribunal, government department or agency or other official body, or if the Receiving Party believes disclosure is otherwise required under applicable law, if legally permissible, it shall promptly notify the Disclosing Party and shall cooperate with the Disclosing Party (at the Disclosing Party’s expense) if it wishes to seek a protective order. If the Receiving Party/ its Representatives is legally compelled to disclose Confidential Information, it may disclose only the minimal amount legally required to be disclosed.
6.1 Cybereason warrants that Services will be performed in a professional and workmanlike manner consistent with generally accepted industry standards. Customer’s sole and exclusive remedy and Cybereason’s entire liability for its breach of this warranty will be for Cybereason, at its option and expense, to use commercially reasonable efforts to re-perform the non-conforming Services, or refund a portion of the pre-paid fees attributable to the non-conforming Services.
6.2 Customer warrants that (i) it has the right to be in possession of, or is the owner of, all media/equipment/information/data furnished to Cybereason and/or processed by the Offerings (collectively “Materials”) and (ii) the Materials are furnished for a lawful purpose, and (iii) where applicable, Customer’s collection, possession, processing and transfer of such Materials is in compliance with any and all applicable laws, regulations and Customer policies, including without limitation concerning data privacy and employee consents.
6.3 CUSTOMER UNDERSTANDS THAT CYBEREASON DOES NOT AND CANNOT CONTROL THE FLOW OF DATA TO OR FROM CYBEREASON’S OR CUSTOMER’S NETWORK AND OTHER PORTIONS OF THE INTERNET, AND ACCORDINGLY CYBEREASON DISCLAIMS ANY AND ALL WARRANTIES AND LIABILITIES RESULTING FROM OR RELATED TO A FAILURE IN THE PERFORMANCE OF INTERNET SERVICES PROVIDED OR CONTROLLED BY A THIRD PARTY. CUSTOMER UNDERSTANDS AND AGREES THAT CYBEREASON DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, DISCOVER OR REMEDIATE ALL OF CUSTOMER’S OR ITS AFFILIATES’ SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND CUSTOMER AND ITS AFFILIATES WILL NOT HOLD CYBEREASON RESPONSIBLE THEREFOR. CUSTOMER LIKEWISE UNDERSTANDS THAT ITS VARIOUS FORMS OF DATA/MEDIA CARRIERS MAY BE DAMAGED, INFECTED, CORRUPTED AND OTHERWISE EFFECTED PRIOR TO THE SERVICES BEING PROVIDED AND CYBEREASON SHALL BEAR NO RESPONSIBILITY THEREFOR OR FOR ANY PROBLEM STEMMING THEREFROM, OR FROM ANY THIRD PARTY OR OPEN SOURCE DATA USED IN THE DELIVERY OF THE SERVICES. ANY DATA, ESPECIALLY DATA RESTORED FROM UNKNOWN SOURCES, MAY CONTAIN VIRUSES OR OTHER MALWARE; THEREFORE, CUSTOMER ASSUMES RESPONSIBILITY TO TAKE ALL NECESSARY PRECAUTIONS WITH REGARD TO SUCH DATA AND SHALL ADVISE ANYONE THAT MAY BE IMPACTED BY THE SAME OF SUCH DANGER.
6.4 THE EXPRESS WARRANTIES SET FORTH IN THIS SECTION CONSTITUTE THE ONLY WARRANTIES WITH RESPECT TO THE OFFERINGS. CYBEREASON MAKES AND CUSTOMER RECEIVES NO OTHER REPRESENTATION OR WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED OR STATUTORY WITH RESPECT TO THE OFFERINGS. CYBEREASON EXPRESSLY DISCLAIMS ANY AND ALL PROMISES, REPRESENTATIONS AND WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION, WARRANTIES OF NON-INFRINGEMENT, TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ERROR FREE OPERATION OR NON-INTRUSION DUE TO HACKING OR OTHER SIMILAR MEANS OF UNAUTHORIZED ACCESS, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT FOR A PARTY’S INDEMNIFICATION OBLIGATIONS OR THE MISAPPROPRIATION OF EITHER PARTY’S INTELLECTUAL PROPERTY RIGHTS (THE “EXCLUSIONS”), IN NO EVENT WILL EITHER PARTY, INCLUDING ITS PROVIDERS, BE LIABLE FOR ANY INCIDENTAL, INDIRECT, PUNITIVE, EXEMPLARY, SPECIAL OR CONSEQUENTIAL DAMAGES, OR FOR COSTS OF PROCUREMENT OF SUBSTITUTE OFFERINGS, LOST PROFITS, LOSS OF BUSINESS OR BUSINESS OPPORTUNITIES, LOSS OF GOODWILL, REPUTATIONAL DAMAGES, WORK STOPPAGE, BUSINESS INTERRUPTION, OR LOST SAVINGS OR REVENUES OF ANY KIND, OR FOR LOST DATA, DAMAGE TO OTHER SOFTWARE, COMPUTER FAILURE OR MALFUNCTION OR DOWNTIME OR THIRD PARTY CLAIMS. EXCEPT FOR THE EXCLUSIONS OR WILLFUL MISCONDUCT, EACH PARTY’S, INCLUDING ITS PROVIDERS, TOTAL AND CUMULATIVE LIABILITY FOR ALL CLAIMS UNDER THIS AGREEMENT, REGARDLESS OF THE FORM OF ACTION SHALL NOT EXCEED THE AGGREGATE AMOUNTS RECEIVED BY CYBEREASON DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRIOR TO THE DATE THE CAUSE OF ACTION AROSE. THE LIMITATIONS SET FORTH IN THIS SECTION SHALL APPLY EVEN IF A PARTY AND ITS RELATED PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The Services do not contemplate Cybereason being made party to any legal proceedings, or subject to third-party claims. Accordingly, Customer agrees to hold harmless and indemnify Cybereason against all third-party claims, damages and costs (including reasonable attorneys' fees and disbursements) arising out of such Services (including any use of any reports by Customer) except for when resulting from any negligence, fraud, willful misconduct or unlawful conduct by Cybereason.
9.1 Either Party may terminate this Agreement by written notice to the other Party if the other Party breaches any material obligation hereunder, which breach remains uncured for thirty (30) days after receipt of written notice of breach by the breaching Party. Cybereason may immediately suspend performance of this Agreement upon delayed payment of more than fifteen (15) days.
9.2 Either Party may immediately terminate this Agreement by written notice to the other if (i) the other Party ceases to do business or becomes insolvent, (ii) upon institution by the other Party of insolvency, receivership or bankruptcy proceedings or any other proceedings for the settlement of debt, (iii) upon the institution of such proceedings against the other Party, which are not dismissed or otherwise resolved in such Party’s favor within sixty (60) days thereafter or (iv) upon the other Party making a general assignment for the benefit of creditors. In addition, Cybereason may immediately terminate this Agreement if Customer or any of its affiliates, owners, partners, officers, directors, employees, or any other persons acting for or on its behalf is or becomes a Prohibited Person.
10.1 Survival. Sections 5, 6, 7, 8, 10.1, 10.3, 10.8 and 10.9 and all payment obligations incurred prior to the termination or expiration of this Agreement will survive such termination or expiration.
10.2 Customer shall meet its obligations as set out in the SOW and will provide all information and assistance reasonably required by Cybereason for the purpose of executing the SOW.
10.3 Notices. All notices under this Agreement will be in writing, will reference this Agreement, and will be addressed to (i) Cybereason, at the address set forth above, and (ii) to Customer, at the address set forth in a quote, or to such other address that a Party previously designates for such purpose. All notices will be effective: (i) when personally delivered, (ii) on the reported delivery date if sent by a recognized international or overnight courier, or (iii) five (5) business days after being sent by registered or certified mail (or ten (10) days for international mail).
10.4 Force Majeure. Neither Party will be responsible for any failure to perform its obligations (other than payment obligations) under this Agreement attributable in whole or in part to the other Party’s fault or negligence and/or to any cause beyond its reasonable control, including but not limited to acts of God, government actions, war, or civil disturbance.
10.5 Assignment. Neither Party may assign or transfer any rights or obligations under this Agreement without the prior written consent of the other Party; provided, that either Party may assign this Agreement and any of its rights or obligations hereunder to any of its Affiliates or in the event of a merger, sale, acquisition, amalgamation, change of control, corporate restructuring, or sale of all or substantially all of its assets and/or stock, or any similar transaction without such prior written consent. Any assignment or transfer of this Agreement made in contravention of the terms hereof shall be null and void. Subject to the foregoing, this Agreement shall be binding on and inure to the benefit of the Parties’ respective successors and permitted assigns.
10.6 No Third-Party Beneficiaries. This Agreement is intended solely for the benefit of the Parties. In no event will any third party have any rights in relation to this Agreement or any right to enforce the terms hereof. Notwithstanding the foregoing, if for any reason the general terms of this Agreement are put in place for purposes of an agreement between Customer and a Cybereason partner, Cybereason shall be a third party beneficiary to such agreement.
Conflicts of Interest. The provision of any services hereunder shall not prevent Cybereason and/or its Affiliates from providing similar services to any other of its clients that may be adverse to Customer on the condition that such services provided to the other clients are not on the same (or substantially related) matter on which the services are provided hereunder to Customer.
10.8 No Additional Commitments; Amendment; Waiver.
(a) This Agreement (including any terms incorporated herein) constitutes the entire agreement between the Parties concerning the subject matter hereof and supersedes any previous agreements, understandings and arrangements relating to the same. Any contradictory or pre-printed terms and conditions or purchase order terms that Customer may provide in connection with its order shall be deemed null and void.
(b) This Agreement may not be modified except by a written agreement executed by both Parties, except as expressly permitted herein.
(c) If any of the provisions of this Agreement are held to be invalid under any applicable law, the invalid part will be replaced with a provision which accomplishes, to the fullest extent possible, the original purpose of such part or provision in a valid manner, and the balance of this Agreement will remain in full force and effect. No failure or delay in exercising any right in relation to a breach shall operate as a waiver of such right, and the waiver by either Party of any such breach will not be construed as a waiver of subsequent breaches or as a continuing waiver of such breach.
10.9 Governing Law; Jurisdiction; Jury Waiver. This Agreement is to be construed in accordance with and governed by the laws of the applicable jurisdiction, as set forth in the table below (the “Applicable Jurisdiction”) without giving effect to any choice of law rule that would cause the application of the laws of any other jurisdiction. Any legal suit, action or proceeding arising out of or relating to this Agreement shall be commenced only in the courts of the Applicable Jurisdiction and each Party hereto irrevocably submits to the exclusive jurisdiction and venue of any such court in any such legal suit, action or proceeding.
|
Region in which Customer’s Address is Located |
Applicable Jurisdiction |
|
Europe/Middle East and Africa (EMEA) |
London, England |
|
Asia/Pacific (APAC) and India (excluding Japan) |
Singapore, Republic of Singapore |
|
North America/Central & Latin America (NA/CALA) |
New York, NY, USA |
|
Japan |
Tokyo, Japan |
IF RELEVANT TO THE APPLICABLE JURISDICTION, EACH PARTY HERETO HEREBY IRREVOCABLY WAIVES, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL SUIT, ACTION OR PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT.
10.10 Independent Contractors. The Parties will at all times be independent contractors with respect to each other and neither Party will purport to bind the other. No partnership, joint venture, agency, employer-employee relationship or any other relationship between the Parties hereto is contemplated or created hereby.
10.11 Third Party components and Services. In the event that any of the services provided through third party products/services/vendors become unavailable or inaccessible to Cybereason for any reason, Cybereason will provide prompt written notice to Customer and may replace discontinued services with an equal or greater valued offering. In the event the services cannot be reasonably replaced, Customer shall be entitled to receive a return of fees paid in advance for the non-provided part of the services.
10.12 Compliance with Laws; Use Restrictions. Customer represents and warrants that neither it nor any of its affiliates, owners, partners, officers, directors, employees, or any other persons acting for or on its behalf is a Prohibited Person. Cybereason shall have the sole discretion to withdraw, cancel, terminate, alter, or modify the services to the extent Cybereason finds it necessary to do so in order to comply with applicable laws including Export Controls and Economic Sanctions Laws. Customer is solely responsible for determining the appropriateness of the services for its business purposes, complying with laws applicable to it in connection with receipt/use of the services and obtaining any and all required consents for receiving the services.
For the purposes of the above section:
“Export Controls and Economic Sanctions Laws” means all export control, economic or financial sanctions, and trade embargo laws, regulations, orders, directives and other legal requirements applicable to Company, a Cybereason partner, and/or Customer, including but not limited to those administered and enforced from time to time by (a) the U.S. government, including the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), the U.S. Department of State, or the U.S. Department of Commerce, (b) the United Nations, (c) the European Union (“EU”), (d) the state of Israel, (e) HM Treasury of the United Kingdom, or (f) the government of any other country or territory in which Company, a Cybereason partner, or Customer conducts or in the past have conducted business, directly or indirectly.
“Prohibited Person” means any individual or entity that is (i) on the U.S. Department of Commerce’s Denied Persons List, Entity List, Unverified List or affiliated lists, (ii) on the OFAC Specially Designated Nationals and Blocked Persons List or Consolidated Sanctions List, (iii) on the U.S. Department of State’s Debarred List or Nonproliferation List, (iv) located, resident, or organized in jurisdictions subject to U.S. and/or other applicable territorial sanctions (collectively “Prohibited Jurisdictions”; as of the date of this Agreement, such jurisdictions include, without limitation, Cuba, Iran, Iraq, Lebanon, Libya, North Korea, Sudan, Syria, Venezuela, Yemen and the Regions of Crimea, Donetsk and Luhansk (Ukraine)), (v) any entity, regardless of location, that is owned or controlled by a government of any Prohibited Jurisdiction, or (vi) otherwise the targets of any Export Controls and Economic Sanctions Laws such that dealings with such individual or entity by the Company, a Cybereason partner, or any Customer would be prohibited.