(1) Cybertested ( Verdatek OÜ ) and
(2) The Customer as identified in the Order (“Customer”)
A. Cybertested has developed certain vulnerability scanner software products which it makes available to customers on a SaaS basis, to enable the Customer to find cyber security weaknesses in their digital infrastructure.
B. The Customer wishes to use Cybertested’s services for its internal business purposes.
C. Cybertested has agreed to provide, and the Customer has agreed to take and pay for, Cybertested’s services subject to the terms and conditions of this Agreement.
1.1 In this Agreement, the following words will have the following meanings:
“Agreement” means these terms and conditions together with the Order, schedules, annexes and all other documents referred to herein;
"Business Day" means any day which is not a Saturday, a Sunday or a bank or public holiday in England;
"Confidential Information" means the provisions of this Agreement and in relation to either Party, all information, in any form or medium, which is secret or otherwise not publicly available (either in its entirety or in the precise configuration or assembly of its components), including commercial, financial, marketing or technical information, accounts, business plans, business methods, strategies and financial forecasts, tax records, correspondence, designs, drawings, manuals, specifications, customer or sales or supplier information, technical or commercial expertise, software, formulae, processes, methods, knowledge, know-how and trade secrets, whether disclosed orally, in writing or by electronic means, before or after the date of this Agreement;
"Customer User" means any employee, agent, contractor and/or consultant of the Customer who uses the Services on behalf of the Customer;
“Effective Date” means the date that the Order is accepted by Cybertested;
“End Customers” means the end customers of the Customer on behalf of whom the Customer may use the Services.
“Fees” means the fees for the Services as specified in the relevant Plan;
"Force Majeure" means any event outside the reasonable control of either Party affecting that Party's ability to perform any of its obligations (other than payment) under this Agreement including act of God, fire, flood, lightning, illegality, compliance with any law or governmental order, rule, regulation or direction, war, revolution, act of terrorism, riot or civil commotion, strikes, lock outs and industrial action, failure of supplies of power, fuel, transport, equipment, raw materials or other goods or services including telecommunications and internet services;
"Intellectual Property Rights” means any and all rights in and to any patent, copyright, database, design, trade mark, service mark, domain name, know-how, utility model, business method or process, whether such right is registered or not, or where relevant, any application for any such right, or other industrial or intellectual property right anywhere in the world;
"Cybertested Portal" means the online portal (as may be modified by Cybertested from time to time) through which the Customer and Customer Users can manage their Target Systems and view their security Weaknesses;
“Order” means the specific order for Services as accepted by Cybertested during the relevant sign up process;
"Party" or "Parties" means Cybertested and/or the Customer as the context may require;
“Plan” means the relevant plan (Essential, Pro, Verified or other plan) as made available by Cybertested, including in relation to the specified number of Target Systems, and the relevant related Fees and Term as specified in the relevant Order.
“Platform” means the Cybertested software platform, including the Cybertested Portal, via which the Services are made available, including all versions, amendments and improvements thereto and/or any other tools, methods, models, know how, code, functionality or other elements owned or developed by Cybertested;
“Platform Data” means all usage and/or statistical or other data, information, learnings or know how related to and/or derived from the use of the Platform by customers and users, only in anonymised and aggregated form, and at all times not including any data or information that could individually identify a Customer.
“Services” means the services to be supplied by Cybertested under this Agreement, in accordance with the relevant Plan, as identified in the Order;
"Target System" means an individual computer system as identified by the IP address, hostname or other unique identifier assigned to it. Where the same computer system is monitored via multiple IP addresses, hostnames, or other identifiers, each separate entry in the Cybertested Portal will count as a unique system;
“Term” means the monthly or annual period set out in the relevant Plan or Order;
"Weakness" means a particular configuration, software patch level, or application code deployment which is perceived as likely to, or can be demonstrated to reduce or undermine the security of a Target System, or the information stored, processed or transmitted by it;
"Year" means each period of 12 months from the commencement date.
1.2 Drafting Conventions
(a) The headings in this Agreement are inserted for convenience only and shall not affect the interpretation or construction of this Agreement.
(b) Words expressed in the singular shall include the plural and vice versa. Words referring to a particular gender include every gender. References to a person include an individual, company, body corporate, corporation, unincorporated association, firm, partnership or other legal entity.
(c) The words "other", "including" and "in particular" shall not limit the generality of any preceding words or be construed as being limited to the same class as any preceding words where a wider construction is possible.
(d) All references in this Agreement to Clauses are to the Clauses in these Terms and Conditions unless otherwise stated.
2.1 Subject to acceptance of a relevant Order by Cybertested, and receipt of the Fees in accordance with the relevant payment terms, and subject to compliance by the Customer with the provisions of the relevant Plan and the terms of this Agreement, Cybertested agrees to provide the Customer with the Services.
2.2 The Customer may, subject to the relevant Plan details:
(a) use the Services for the Customer's own internal business purposes in relation to its own Target Systems;
(b) use the Services to provide services to its own End Customers, by including its end customer’s systems in the Target Systems.
2.3 For the avoidance of doubt the Customer may not permit its End Customers to use the Services or access the Platform directly, and the Customer must at all times use the Services on behalf of its End Customers. The Customer is responsible for ensuring that only employees, agents and consultants authorised and permitted by the Customer can access and use the Service. Only employees, agents and consultants of the Customer are entitled to be Customer Users.
2.4 The Customer shall be responsible for all access to and use of the Service as enabled by the Customer via the Customer’s account and or Customer Users’ login credentials.
3.1 The Customer shall perform or comply with the Customer responsibilities under this Agreement and agrees that Cybertested's provision of the Service is dependent on the Customer performing or complying with the Customer responsibilities.
3.2 The Customer permits Cybertested to access the Customer's systems and networks (including without limitation the Target Systems and any applications or data held on such network and systems) for the purposes of the Computer Misuse Act 1990 (as updated, replaced and amended from time to time) and represents it has authority and will have authority at all times during this Agreement, to give such permission.
3.3 The Customer undertakes that it has and will have at all times during this Agreement, all necessary permissions, authorisations and consents from the owners or licensors of the Customer's systems and networks (including without limitation the Target Systems) to enable the Services to be provided to the Customer.
3.4 The Customer undertakes that where it uses the Service in any jurisdiction or territory other than the UK, it shall be wholly responsible for ensuring that the use of the Service in that jurisdiction or territory complies with applicable laws or regulation.
3.5 The Customer shall not and shall not permit any third party to:
(a) attempt to download, copy, modify, create derivative works from, frame, mirror, republish or distribute any portion of the Platform except to the extent expressly set out in this Agreement; or
(b) attempt to copy, adapt, decompile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Platform, except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties;
(c) use any knowledge or information acquired in relation to the Platform or Services in order to build a software product which competes with the Platform;
(d) resell, sublicense or otherwise use the Platform or Services to provide services to third parties, save as permitted under clause 2.2.
4.1 The Customer acknowledges that in order for Cybertested to provide the Services it will use penetration testing techniques on the Target Systems in accordance with the Service Specification to try and identify Weaknesses. The Customer acknowledges that use of the Service may cause certain temporary increase of network bandwidth usage and / or system processing load of the Target System during the tests, and that Cybertested is not responsible for any consequences of Customer network bandwidth or processing capacity limitations.
4.2 Notwithstanding the above, Cybertestedwill ensure it or the Services do not cause any new or worsen any existing Weaknesses, and will not enable any unauthorised access to or use of the Target Systems.
4.3 The Customer acknowledges that the Service is not built specifically as a service for the Customer or the Target Systems and is not guaranteed to and may not identify all Weaknesses that can impact or affect systems.
4.4 Cybertested shall not be responsible for any damage or loss that the Customer, any Customer User or End Customer may suffer, whether directly or indirectly as a result of use and provision of the Service as intended, and / or in relation to any Weakness that is not identified by the Service.
5.1 Cybertested has, at its sole cost, created, licensed and developed the Services and the technology and systems including the Platform that form part of the Services.
5.2 As between the Parties, all Intellectual Property Rights in the Services, the Platform and the Platform Data belong to Cybertested.
5.3 This Agreement shall not constitute a transfer of any Intellectual Property Rights in the Services or Platform to the Customer, nor grant the Customer any rights to the Services or Platform, (including any Intellectual Property Rights in the same) other than as set out in Clause 2.
6.1 The Fee under this Agreement is payable by the Customer in full and cleared funds on the Effective Date and on the first day of each Year or Month thereafter, in advance of any access to the Services. In the event your payment method is by payment card, you authorise us to automatically take further payment on renewal of the Term, until you instruct us otherwise.
6.2 The Fee payable under this Agreement is exclusive of value added, sales, withholding or any similar tax, import or customs duties, which shall be paid in addition by the Customer to Cybertested at the then prevailing rate.
6.3 If any sum payable under this Agreement is not paid when due then until payment is made in full Cybertested shall be entitled to:
(a) suspend access to the Services; and
(b) charge interest on any overdue payment at the rate of 4% per annum above the base rate of the Bank of England.
7.1 Each Party shall keep and procure to be kept secret and confidential all Confidential Information of the other Party disclosed or obtained as a result of the relationship of the Parties under this Agreement and shall not use nor disclose the same except in relation to the performance of this Agreement or with the prior written consent of the other Party. Where disclosure is made by a Party of the other Party's Confidential Information, to any employee, agent or consultant, it shall be done subject to obligations equivalent to those set out in this Agreement. Each Party agrees to use its best endeavours to procure that any such employee, agent or consultant complies with such obligations provided that each Party shall continue to be responsible to the other Party in respect of any disclosure or use of such Confidential Information by a person to whom disclosure is made.
7.2 The obligations of confidentiality in this Clause shall not extend to any information which the other Party can show:
(a) is in, or has become part of, the public domain other than as a result of a breach of the obligations of confidentiality under this Agreement; or
(b) was in its written records prior to the date of this Agreement and not subject to any confidentiality obligations; or
(c) was independently disclosed to it by a third party entitled to disclose the same; or
(d) is required to be disclosed under any applicable law, or by order of a court or governmental body or authority of competent jurisdiction.
7.3 The Customer shall ensure that the Customer Users are aware of and undertake to comply with the obligations of confidentiality set out in this Clause.
7.4 This Clause shall survive termination of this Agreement.
8.1 Subject to Clauses 4 and 8.2, Cybertested warrants that:
(a) the Service shall comply in all material respects with the Service Specification and shall be provided with all reasonable skill and care and good industry practice.
(b) it has full right, power and authority to enter into this Agreement; and
(c) the Platform and Services will, to the best of its knowledge, contain nothing that infringes the statutory, common law, or Intellectual Property Rights of any third party.
8.2 Save as expressly set out here, any other conditions, warranties or other terms which might have effect between the parties or be implied or incorporated into this Agreement whether by statute, common law or otherwise, are hereby excluded to the fullest extent permitted by law, including, without limitation, the implied conditions, warranties or other terms as to satisfactory quality and fitness for purpose.
8.3 The Customer warrants that:
(a) It, and its representative signing up to the Agreement, has full right, power and authority to enter into this Agreement;
(b) it has all the rights, licences, permits, approvals and clearance of third party rights as required by applicable laws and as are necessary to perform its obligations and allow Cybertested to perform its obligations under this Agreement;
8.4 Cybertested will indemnify the Customer from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against the Customer payable in relation to any third party claims or actions as a result of or in connection with any breach by Cybertested of clause 8.1.
8.5 The Customer will indemnify Cybertested from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against Cybertested payable in relation to any third party claims or actions as a result of or in connection with any breach by the Customer of clause 8.3 and/or clauses 3.2, 3.3 and 3.4.
8.6 Each Party will fully indemnify the other from and against any and all losses, damages, claims, penalties, fines, costs and expenses (including reasonable external legal expenses) suffered or incurred by or awarded against the other as a result of or in connection with any breach by the other of clause 7 (Confidentiality).
8.7 In all cases the indemnified party agrees to:
(c) promptly notify the indemnifying party of any allegation of infringement or other claim that may give rise to reliance on an indemnity, which comes to its attention, and give the indemnifying party all reasonable assistance subject to reimbursement by the indemnifying party of the indemnified party’s costs so incurred;
(d) not to make any admission, settle, compromise or negotiate the settlement of any such claim without the prior consent of the indemnifying party (such consent not to be unreasonably withheld) provided that the indemnifying party considers and defends any claim diligently, using competent counsel and in such a way as not to bring the reputation of the indemnified party into disrepute; and
(e) allow the indemnifying party to conduct and settle all negotiations and proceedings, save that the indemnifying party may not conclude settlement of any negotiations and proceedings which may have a material effect (whether financial, practical or in terms of reputation) on the indemnified party without the indemnified party’s prior written consent which will not be unreasonably withheld.
9.1 Nothing in this Agreement shall exclude or limit:
(a) either Party’s liability for death or personal injury caused by that Party’s negligence, fraud or fraudulent misrepresentation, or any liability which cannot be legally excluded or limited;
(b) the Customer's liability to pay the Fees.
9.2 Subject to Clause 9.1, neither party will be liable, whether in contract, tort (including negligence) breach of statutory duty, or otherwise, for any of the following losses or damage (whether or not such losses or damage were direct, foreseen, foreseeable, known or otherwise) howsoever arising in respect of any: special, indirect, incidental or consequential loss or damage; loss of actual or anticipated profits; loss of business or contracts; loss of revenue or of the use of money; loss of anticipated savings; and/or loss of goodwill, arising out of or in connection with this Agreement.
9.3 Subject to Clauses 9.1, the maximum aggregate liability of Cybertested to the Customer for all claims arising in connection with this Agreement whether in contract, tort (including negligence) or breach of statutory duty, misrepresentation or otherwise shall be limited £1,000,000 (one million pounds).
9.4 Cybertested shall have no liability towards any End Customer.
10.1 This Agreement will begin on the Effective Date and continue for the Term, unless terminated in accordance with these terms.
10.2 At the end of the relevant Term the Order will be automatically renewed for successive periods equivalent to the Term (each a "Renewal Period"), unless either party notifies the other party of termination, before the end of the Term or any Renewal Period, in which case this Order shall terminate upon the expiry of the applicable Term or Renewal Period. The Customer will not be entitled to any refund or credit for any portion of the Fee for any unused part of the Term already paid for. In the event your payment method is by payment card, you authorise us to automatically take further payment on renewal of the Term, until you instruct us otherwise.
10.3 Either Party may terminate this Agreement if the other party commits a material breach of this Agreement that is capable of remedy and which the party in breach has not remedied within 30 days of a receipt of a written notice identifying the breach.
10.4 Cybertested may terminate this Agreement immediately and/or suspend the Service without notice if the Fee has not been received by the due date or if the provision of the Service is found to be unlawful in the jurisdiction or territory in which it is used.
10.5 In the event of any termination of this Agreement by Cybertested under clause 10.3 or 10.4, Cybertested will not refund nor shall credit, and the Customer will not be entitled to any refund or credit for, any portion of the Fee for any unused part of the Term.
10.6 Upon termination of this Agreement for any reason whatsoever:
(a) the relationship of the Parties shall cease and all rights granted under this Agreement to access and use the Service shall cease immediately;
(b) any provision which is expressly or by implication intended to come into force or remain in force on or after termination will continue in full force and effect.
10.7 The termination of this Agreement shall be without prejudice to the rights and remedies of either Party which may have accrued up to the date of termination.
11.1 A Party will not be in breach of this Agreement nor liable for any failure or delay in performance of any obligations (except for those in relation to payment) under this Agreement, and the date for performance of the obligations affected will be extended accordingly, as a result of Force Majeure, provided that such Party shall:
(a) promptly notify the other Party in writing of the matters constituting the Force Majeure and shall keep that Party fully informed of their continuance and of any relevant change of circumstances whilst such Force Majeure continues; and
(b) take all reasonable steps available to it to minimise its effects on the performance of its obligations under this Agreement.
11.2 If Force Majeure continues for longer than 30 days' either Party may, whilst the Force Majeure continues, immediately terminate this Agreement by notice in writing to the other.
12.1 The Customer may not assign, transfer, charge or otherwise dispose of all or any of its rights and responsibilities under this Agreement.
12.2 A person who is not a Party to this Agreement has no rights (whether under the Contracts (Rights of Third Parties) Act 1999 or otherwise) to enforce any provision of this Agreement.
12.3 Neither Party may pledge the credit of the other Party nor represent itself as being the other Party nor an agent, partner, employee or representative of the other Party and neither Party may hold itself out as such nor as having any power or authority to incur any obligation of any nature, express or implied, on behalf of the other.
12.4 Nothing in this Agreement, and no action taken by the Parties pursuant to this Agreement creates, or is deemed to create, a partnership or joint venture or relationship of employer and employee or principal and agent between the Parties.
13.1 Entire Agreement
(a) This Agreement contains the entire agreement between the Parties in relation to its subject matter and supersedes any prior arrangement, understanding written or oral agreements between the Parties in relation to such subject matter.
(b) The Parties acknowledge that this Agreement has not been entered into wholly or partly in reliance on, nor has either Party been given, any warranty, statement, promise or representation by the other or on its behalf other than as expressly set out in this Agreement.
(c) Each Party agrees that the only rights and remedies available to it arising out of or in connection with any warranties, statements, promises or representations will be for breach of contract and irrevocably and unconditionally waives any right it may have to any claim, rights or remedies including any right to rescind this Agreement which it might otherwise have had in relation to them.
(d) All warranties, conditions, terms and representations not set out in this Agreement whether implied by statute or otherwise are excluded to the extent permitted by law.
(e) Nothing in this Clause will exclude any liability in respect of misrepresentations made fraudulently.
13.2 Severability of provisions
(a) If at any time any part of this Agreement is held to be or becomes void or otherwise unenforceable for any reason under any applicable law, the same shall be deemed omitted from this Agreement and the validity and/or enforceability of the remaining provisions of this Agreement shall not in any way be affected or impaired as a result of that omission.
(b) If any void or unenforceable part of this Agreement would be valid and enforceable if some part of it were deleted, the part shall apply with the minimum modification necessary to make it valid and enforceable.
13.3 Waiver. The rights and remedies of either Party in respect of this Agreement shall not be diminished, waived or extinguished by the granting of any indulgence, forbearance or extension of time granted by that Party to the other nor by any failure of, or delay in ascertaining or exercising any such rights or remedies. Any waiver of any breach of this Agreement shall be in writing. The waiver by either Party of any breach of this Agreement shall not prevent the subsequent enforcement of that provision and shall not be deemed to be a waiver of any subsequent breach of that or any other provision.
14.1 Variation. No purported alteration or variation of this Agreement shall be effective unless it is in writing, refers specifically to this Agreement, and is signed or otherwise expressly agreed to by each of the Parties to this Agreement.
14.2 Language. This Agreement is entered into in the English language. All amendments or correspondence concerning or relating to this Agreement and all notices given and all documentation to be delivered by either Party to the other under this Agreement shall be written in the English language or shall be accompanied by an English translation prepared by such person or body as the Parties shall have approved in advance. If there is any conflict in meaning between the English language version and any version or translation of this Agreement in any other language the English version shall prevail.
14.3 Notices
(a) Any notices sent under this Agreement must be in writing, sent and delivered by email to contact@cybertested.com.
(b) Notices shall be served to the addresses set out above or to such other email address and/or address as the relevant Party may give notice to the other Party for the purpose of service of notices under this Agreement. The deemed time of delivery of notice by email shall be 9:00am recipient’s time on the first Business Day after sending and proof of service of email despatched in a legible and complete form to the correct email address without any error message.
14.4 Complaints. Formal complaints relating to the Service must be delivered either by email to contact@cybertested.com, or via the in-app customer support widget.
15.1 This Agreement and any issues, disputes or claims arising out of or in connection with it (whether contractual or non-contractual in nature) shall be governed by, and construed in accordance with, the laws of England.
15.2 All disputes or claims arising out of or relating to this Agreement shall be subject to the exclusive jurisdiction of the English Courts to which the Parties irrevocably submit.
Cybertested shall be entitled to describe the Customer as a customer of this Service and include its name on marketing and promotional materials. In addition and on reasonable notice the Customer shall act as a referee for Cybertested in respect of prospective customers of Cybertested for the Service.