END USER LICENCE AGREEMENT
General
Welcome to CyberSmart, the smarter way to be cyber safe and compliant with recognised standards. A binding agreement between you (“You” or “Your”) and CyberSmart and shall come into force at such time as you use the Website and/or purchase any of our products (“Products”) comprising these Terms, the terms and conditions of any Relevant Intermediary (where applicable) and our Privacy Policy (together, the “Agreement”). Please read these documents carefully and contact us in case You have any questions.
1. Definitions
In these Terms, except where expressly stated otherwise, the following words and expressions shall have the meanings given to them as follows:
Agent: a program developed together with leading cyber security professionals that can be installed on a computer or mobile device and which can check and secure the configuration of the computer or device;
Auto-Fix: refers to features which, after enabled by You, can change the configuration of Your systems;
CE: Cyber Essentials as defined in the Cyber Essentials Scheme;
Customer: You, as an unregistered user of the Website or a registered user of one or more Products with an account available through the Dashboard, including if that access has been set up by an Intermediary on Your behalf. For the purposes of these Terms, an Intermediary may also be a Customer;
CyberSmart: CyberSmart Ltd., company number 10088945 whose registered address is at 68 Hanbury Street, London, E1 5JL;
Dashboard: the means by which Your individual Customer account details may be viewed and registered users can manage their CyberSmart Products on the Platform;
Data Protection Laws: means the EU GDPR and the UK GDPR and any other applicable laws relating to the processing of Personal Data;
Essential 8: cybersecurity framework as defined by the Australian Cyber Security Centre
EU GDPR: means the General Data Protection Regulation (Regulation (EU) 2016/679) and all other EU laws regulating the processing of Personal Data, as such laws may be updated, amended and superseded from time to time;
Fees: the fees payable by You (or a relevant Intermediary on Your behalf) to CyberSmart for the provision of a Product in accordance with this Agreement. The detail of any Fees will be available either (i) on Your Dashboard where You have purchased directly from CyberSmart or (ii) from Your Intermediary;
Intellectual Property Rights: patents, copyright and related rights, trade marks, trade names and domain names, goodwill and the right to sue for passing off, rights in designs, database rights, rights to preserve the confidentiality of information and any other intellectual property rights, including all applications for, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist, now or in the future, in any part of the world;
Intermediary: any party authorised by CyberSmart from whom You have acquired use of the Product where You have not acquired such Product directly from CyberSmart;
Mandatory Policies: CyberSmart’s mandatory business policies as may be amended by CyberSmart from time to time. The security related policies are available at: https://cybersmart.com/security/. The policy on modern slavery is available at https://cybersmart.com/wp-content/uploads/2022/05/Modern-Slavery-Policy-Statement.pdf
Personal Data means any Personal Data (as defined in UK GDPR) that is processed by CyberSmart on Your behalf in relation to this Agreement. Your Personal Data excludes any Personal Data with respect to which CyberSmart is a controller (such as, but not limited to, business contact information relating to any relevant Intermediary and Your personnel and representatives used for the purposes of entering into and performing this Agreement, communicating with a relevant Intermediary in connection with this Agreement, reporting on use of the CyberSmart Products and services and invoicing and receiving payments of the Fees);
Platform: the platform used by CyberSmart to deliver and for You to access Products;
Privacy Policy: CyberSmart’s privacy policy at https://cybersmart.com/privacy/;
Products: such products, Agents, applications and services owned by CyberSmart as well as third parties which are indicated as available (i) on the Dashboard and at https://cybersmart.com/ from time to time and (ii) for use on the Platform;
SLA: CyberSmart’s service level agreement, as listed at https://cybersmart.com/partner-service-level-agreement/ from time to time which is hereby incorporated into these Terms;
Subscription Overview: the confirmation by CyberSmart displayed in the Dashboard of all active Subscriptions placed by You or by Your Intermediary (if applicable) for the provision of the Products;
Systems: any technology or computer infrastructure, software and hardware;
Terms: the terms and conditions set out in this End User Licence Agreement;
UK GDPR: means the EU GDPR as transposed into UK law (including by the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019) and all other UK laws regulating the processing of Personal Data, as such laws may be updated, amended and superseded from time to time; and
Website: the website at www.cybersmart.com and any of its sub-domains, including any Customer relationship management tools.
2. Scope of these Terms
- Your use of the Website and the Products is subject to Your acceptance of the terms of this Agreement. If You disagree with any of the provisions of the Agreement, You should stop using the Website and/or any Products.
- This Agreement constitutes the entire agreement under which CyberSmart’s Products and the Website may be used. Any prior communication, warranty or statement shall not apply to this Agreement.
- Headings have been inserted for convenience and may not be used to interpret the content of this Agreement.
- By using the Website and Products as representative of a corporate entity, You warrant that You are entitled to do so.
3. Use of Products and Website
- CyberSmart’s Products, Website and all its contents are owned by and under copyright of CyberSmart and/or third-party licensors. You may not reproduce any written content, images or concepts without the prior written permission of CyberSmart. You may not (and shall not incite or cause others to):
- modify, disassemble, decompile or reverse-engineer the Products or Website, except to the extent expressly permitted by law;
- resell, sublicense, distribute or otherwise transfer any materials from the Products or Website to any third party;
- copy any of the Product or Website content;
- circumvent, disable or remove any Product or Website security features;
- interfere (or try to do so) with the proper working of the Website or any activities conducted on it.
- In case of Your breach of this provision, CyberSmart shall have the right to immediately terminate Your access to the Website and Products and, where appropriate, claim damages for the damage suffered.
- The Website and Products are provided on an “as is” and “as available” basis without any representation or endorsement made and CyberSmart makes no warranties, whether express or implied, in relation to the Website or Products or their use. You acknowledge that CyberSmart cannot be responsible for the security or privacy of information transmitted to CyberSmart and You must bear the risk associated with the use of the internet.
4. Access to the Products
- Products may be purchased directly from CyberSmart, or indirectly through an Intermediary. In each case, this Agreement shall apply. Where You have contracted through an Intermediary, You may be required to enter into an additional agreement with that Intermediary. If You purchase additional Product(s) from time to time, these will be added to the scope of this Agreement.
- You will be granted non-exclusive, non-transferable access to any Product which is shown in Your Subscription Overview displayed on Your Dashboard. You are responsible at all times for the security of its access details and CyberSmart will not be responsible for any loss or damage caused by any third-party access caused by Your failure to keep the same secure.
- You will be liable for any and all loss, liability and/or damage to CyberSmart or third parties through the use of Your Website account, Dashboard, Products or other relationship tools as applicable, including any unauthorised third-party access. You are recommended to follow best practices, including the use of strong passwords, change in case of a suspected security breach, and to enable multi-factor authentication at all times. In the case of a suspected security breach, You must inform CyberSmart in writing immediately.
- It is Your responsibility to provide CyberSmart or Your Intermediary at all times with accurate contact information including, but not limited to, a valid e-mail address. Changes in Your contact information must be registered through the Dashboard or by communicating with Your Intermediary or directly with CyberSmart.
5. Use of the Products
- CyberSmart hereby grants to You (or shall procure the same) a licence to use the Products (and any IPR therein) in the course of Your business in accordance with this Agreement. CyberSmart represents and warrants that the only licence terms that are required for the use of the Product by You are included in this Agreement (including, without limitation, the Product-specific terms in Schedule 2). Other obligations may exist as set out in agreements between Intermediaries and You where Products have not been purchased directly from CyberSmart.
- In order for the Products to function comprehensively, You or Your Intermediary must install Agents on Your Systems so as to facilitate certification and provide 24/7 compliance monitoring. You or Your Intermediary agree to Agents being installed on Your Systems, and You and Your Intermediary will not hold CyberSmart, its officers or employees liable for any damage, loss or inconvenience caused by any such Agents.
- CyberSmart provides Auto-Fix solutions, which help You to implement standards more efficiently. The Customer accepts that Auto-Fixes are applied at Your or (where applicable) Your Intermediary’s discretion and risk. CyberSmart will not be held liable for any damage incurred by You using such a function.
- In offering certain Products, CyberSmart provides a non-exclusive, non-transferable licence to You to access certain materials through the Dashboard, including, without limitation, opinions and guidance. You acknowledge that such opinions and guidance are not legally binding and CyberSmart will not be held liable for any damage or inconvenience resulting from You following such opinions or guidance provided. You should always discuss any changes in Your IT infrastructure with a professional familiar with Your Systems.
- All information entered by You or Your Intermediary (where applicable) onto Your account on the Dashboard or in the Product in the course of using the Products is treated by CyberSmart as confidential. You acknowledge that CyberSmart, as well as any Intermediary has the right to access, monitor and modify Your account (including Your Dashboard) for the purpose of providing access to use the Products.
- CyberSmart may make commercially reasonable changes to the Products from time to time. If CyberSmart makes a material change to the Products, CyberSmart or Your Intermediary will notify You, by giving not less than 30 day’s prior notice. If You notify CyberSmart that You do not agree with such material change, then You will remain governed by the Agreement in effect immediately prior to the change until the end of any then-current subscription terms, except where such change is required by applicable law.
- Individual Products may have specific requirements for their operation, details of which can be accessed through the Dashboard or via additional instructions or obligations from CyberSmart or Your Intermediary and it is Your or Your Intermediary’s responsibility to be familiar with these. You or Your Intermediary shall be liable for any failure to meet any stated time limits, and You may as a result be required to re-purchase Products where such limits apply.
- You or Your Intermediary may also be required to take certain actions as a result of a third-party audit which is an integral part of the relevant Product. A failure to correct defects identified by any such third-party audit may require You to re-purchase a Product or pay additional fees (as identified in the relevant Product).
6. Fees
- You shall pay or be responsible for procurement of the payment of the Fees by Your Intermediary to CyberSmart for continued use of the Products.
- Fees may be reviewed by CyberSmart at the time of renewal at CyberSmart’s discretion. All Fees payable under this Agreement are exclusive of VAT or any relevant local sales taxes, for which You shall be responsible.
- Where You have purchased a Product directly from CyberSmart, we shall provide You with a minimum of 30 calendar days’ notice of any change in the Fees. Where You have purchased through an Intermediary, You will be informed of any fee changes by them.
- If You or an Intermediary fail to make any payment due to CyberSmart under this Agreement by the due date for payment, then, without limiting CyberSmart’s remedies under Clause 8:
- CyberSmart may require You (or Your Intermediary) to pay interest on any overdue amount at the rate of 4% per annum above HSBC’s base rate from time to time. Such interest shall accrue daily from the due date until actual payment of the overdue amount, whether before or after judgement. You (or Your Intermediary) shall pay the interest together with the overdue amount, including the full costs of enforcement of any debt owed pursuant to the terms of this Agreement; and
- CyberSmart reserves the rights to cancel Your access to the Platform and/or Products after a thirty-day (30) notice day period.
7. Personal Data
- Any data provided by You whilst using or accessing the Products, the Dashboard and the Agents remain Your sole property. As a necessary part of providing the Website, Dashboard and Products, CyberSmart stores and processes Your Personal Data. The terms of the Privacy Policy apply to all processing of Personal data under the Agreement.
- In the event of any loss or damage to Your data (whether or not Personal Data), Your sole and exclusive remedy against CyberSmart shall be for CyberSmart to use reasonable commercial endeavours to restore the lost or damaged data from the latest back-up maintained by CyberSmart in accordance with its archiving procedure. CyberSmart shall not be responsible for any loss, destruction, alteration or disclosure of data caused by any third party (except those third parties sub-contracted by CyberSmart to perform services related to data maintenance and back-up).
- All parties agree to comply at all times with applicable Data Protection Laws.
- Each party (the “Controller” as applicable) shall only supply to the other (the “Processor” as applicable) and such Processor shall only process, in each case under or in relation to this Agreement the Personal Data of data subjects falling within the categories specified in Schedule 1 (Data processing information) (or such other categories as may be agreed by the parties in writing).
- The Processor shall only process the Personal Data of the Controller:
- during the term of this Agreement and for not more than 1 year following the end thereof, subject to the other provisions of this Clause 7, unless there is a valid business need (including, in the case of CyberSmart, any regulatory requirement);
- on the documented instructions of the Controller (including with regard to transfers of Personal Data to a third country under the Data Protection Laws), as set out in this Agreement or any other document agreed by the parties in writing; and/or
- by way of transfer to a country, a territory or sector to the extent that the competent data protection authorities have decided that the country, territory or sector ensures an adequate level of protection for Personal Data or appropriate documents are entered into for the purpose.
- The Processor shall promptly inform the Controller if, in the reasonable opinion of the Processor, an instruction of the Controller relating to the processing of Personal Data infringes the Data Protection Laws.
- Notwithstanding any other provision of this Agreement, a Processor may process Personal Data if and to the extent that it reasonably believes that it is required to do so by applicable law. In such a case, the Processor shall inform the Controller of the legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
- The Processor shall ensure that persons authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
- Each party shall implement appropriate technical and organisational measures to ensure an appropriate level of security for Personal Data.
- No Processor may engage any third party to process Personal Data without the prior specific or general written authorisation of the Controller. In the case of a general written authorisation, the Processor shall inform the Controller at least 14 days in advance of any intended changes concerning the addition or replacement of any third-party processor, and if the Controller reasonably objects to any such changes before their implementation, then the Processor must not implement the changes. Each Processor shall ensure that each third party sub-processor is subject to equivalent legal obligations as those imposed on the Processor by this Clause 7.
- The Processor assist the Controller in ensuring compliance with the obligations relating to the security of processing of personal data, the notification of personal data breaches to the supervisory authority, the communication of personal data breaches to the data subject, data protection impact assessments and prior consultation in relation to high-risk processing under the Data Protection Laws. A Processor shall notify the Controller of any breach affecting Personal Data without undue delay and, in any case, not later than 48 hours after the Processor becomes aware of the breach.
- The Processor shall make available to the Controller all information necessary to demonstrate compliance with its obligations under this Clause 7 and Data Protection Laws.
- At the termination or expiry of this Agreement, each party shall, at the choice of the Controller, delete or return all Personal Data to the Controller after the provision of services relating to the processing, and shall delete existing copies save to the extent that applicable law requires storage of the relevant Personal Data.
- Each party shall allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller in respect of the compliance of the processing of Personal Data with the Data Protection Laws and this Clause 7.
8. Termination
- You may, at any time without cause terminate this Agreement. You (or Your Intermediary) must notify CyberSmart directly in writing at least 30 days’ notice before the end of a Subscription period, failing which the Subscription will automatically renew.
- If this Agreement terminates pursuant to Clause 8.1, where You have paid any Fees:
- annually in advance, You shall not be entitled to any refund of monies paid to CyberSmart; or
- by monthly subscription(s), You shall remain liable on termination for a sum of the difference between Your current fees paid and the full value of Your subscription, with the calculation date to start from the date upon which the subscription started. Such fees will be liable per subscription terminated.
- Without affecting any other right or remedy available to it, CyberSmart may terminate this Agreement with immediate effect by giving written notice to You if You (or any Intermediary on Your behalf) fail to pay any Fees due under this Agreement on the due date for payment and remain in default for not less than 30 days after being notified in writing to make such payment.
- Without affecting any other right or remedy available to it, either party may terminate this Agreement with immediate effect by giving written notice to the other party, if:
- the other party commits a material breach of any other term of this Agreement, which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified to do so;
- the other party suspends, or threatens to suspend, payment of its debts or is unable to pay its debts as they fall due or admits inability to pay its debts or is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986;
- a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of that other party other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party;
- an application is made to court, or an order is made, for the appointment of an administrator, or if a notice of intention to appoint an administrator is given or if an administrator is appointed, over the other party;
- the holder of a qualifying floating charge over the assets of that other party has become entitled to appoint or has appointed an administrative receiver;
- a person becomes entitled to appoint a receiver over the assets of the other party or a receiver is appointed over the assets of the other party;
- a creditor or encumbrancer of the other party attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of the other party’s assets and such attachment or process is not discharged within 30 days; or
- the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business.
- CyberSmart may terminate this Agreement with immediate effect on notice if You undergo a change of control and Your new controlling shareholder is in CyberSmart’s reasonable opinion a direct competitor of CyberSmart.
- CyberSmart may, in the event of a cyber or other security incident significantly affecting, or in CyberSmart’s reasonable opinion, likely to significantly affect the provision of the Products or harm customers, suspend access to the Products for such period as CyberSmart considers reasonably necessary for the incident to be contained.
- Any provision of this Agreement that expressly or by implication is intended to come into or continue in force on or after termination or expiry of this Agreement shall remain in full force and effect.
- Termination or expiry of this Agreement shall not affect any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination or expiry.
- On termination for any reason, all rights granted to You under this Agreement shall cease.
9. Warranties and Liability
- CyberSmart undertakes to provide the Website, Platform and Products using reasonable skill and care and in accordance with the SLA, however, it does not warrant that access to and/or use of the Website, Platform and Products will be uninterrupted or error-free. In particular, CyberSmart is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and You acknowledge that the Website, Platform and Products may be subject to limitations, delays and other problems inherent in the use of such communications facilities. CyberSmart may, at any time and at its own discretion, temporarily or permanently discontinue its Products where necessary as a result of any cause beyond CyberSmart’s reasonable control including, without limitation, mechanical, electronic or communications failure. Under such circumstances, CyberSmart shall not be liable for any damage, loss or inconvenience.
- You (and Your Intermediary) accept responsibility for the selection of the Products to achieve Your intended results and acknowledge that the Products have not been developed to meet Your individual requirements.
- All other conditions, warranties or other terms which might have effect between the parties or be implied or incorporated into this Agreement or any collateral contract, whether by statute, common law or otherwise, are hereby excluded, including the implied conditions, warranties or other terms as to satisfactory quality, fitness for purpose or the use of reasonable skill and care.
- Notwithstanding any other provision in this Agreement, nothing will affect or limit any rights You may have under English Law; or exclude or limit either party’s liability for death or personal injury caused by its negligence or for fraud or fraudulent misrepresentation or any other liability which cannot be excluded or limited under applicable law.
- In no event will CyberSmart be liable for any indirect, special, punitive, exemplary or consequential losses or damages of whatsoever kind arising out of Your use of, or access to the Website, Platform or Products, including loss of profit, loss of business, loss of opportunity or loss of contract whether or not in the contemplation of the parties, whether based on breach of contract, tort (including negligence), product liability or otherwise. CyberSmart’s total aggregate liability for direct losses or damages of whatsoever kind (including loss of profits) in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, relating to any claim in relation to Your purchase of the Products shall be limited to the total fees actually paid to CyberSmart for Your own use of the Products during the 12 months immediately preceding the date on which the claim arose.
10. General
- In performing its obligations under this Agreement, You (and Your Intermediary) shall comply with:
- the Mandatory Policies; and
- all applicable laws, regulations and sanctions relating to anti-bribery and anti-corruption including but not limited to the Bribery Act 2010.
- Subject to Clause 5.6 above, CyberSmart may, at any time and at its discretion by notice, amend these Terms and its Privacy Policy. You agree that it is Your (or Your Intermediary’s) responsibility to regularly check the Website for notice of any such changes to these documents.
11. Dispute Resolution and Jurisdiction
- Any disputes shall be subject to the version of the Agreement in effect at the date at which the dispute was first brought to CyberSmart’s attention in writing.
- Before instigating court proceedings, You agree to provide CyberSmart with sufficient time and information to rectify the point in issue. Furthermore, before filing any claims You agree to provide CyberSmart with the opportunity to engage in an alternative dispute resolution process.
- Subject to clause 11.1, this Agreement and any claims resulting from its application are subject to the laws of England and Wales. You hereby waive any right of claim in any other jurisdiction. CyberSmart may at its discretion bring a claim in Your jurisdiction.
Schedule 1
Data Protection
1. Categories of data subject
Party representatives
End User employees and nominated sub-contractors
2. Types of Personal Data
Contact details – name, address and email
Device details: relevant operating systems and software version information
3. Purposes of Processing
To provide the Products in accordance with this Agreement.
4. Security measures for Personal Data
CyberSmart is ISO 27001 accredited
CyberSmart Data Protection Officer
Schedule 2
- Product Specific Terms
- CyberSmart’s Products are described here: https://cybersmart.com/#. All Products are accessed through the Platform, with some Products relying for their operation on Agents installed on a computer or mobile device to check and secure the configuration of the computer or device.
- All CyberSmart’s Products are subscription products. The start date of a subscription is the date at which Dashboard access is granted to You,. All Subscriptions auto-renew on the anniversary of the Subscription start date, unless terminated in advance by You or a relevant Intermediary on Your behalf in accordance with the terms of this Agreement.
- Active Protect and Essential 8: When You purchase Active Protect, You (or Your Intermediary) will need to install the Agent on all relevant computers and devices. You will be charged according to Your subscription plan tier or on a licence pool basis. You will have access to the Platform to help You manage and complete the Essential 8 assessment process from start to finish, and help You stay compliant.
- CertOS: CertOS is only available to registered certification bodies and is charged on either a per-certification or annual subscription fee basis.