CYBERFORTRESS MASTER SERVICES AGREEMENT
This CyberFortress Master Services Agreement (this “MSA”) is part of the Agreement between CyberFortress, as defined below, and the CyberFortress customer that is the other party to an Order with CyberFortress (the “Customer”).
1. DEFINITIONS. Capitalized terms used in the Agreement have the meanings stated in this Section or those given in the section of the Agreement where they are first used.
Agreement means this MSA, the Order(s), the Service Level Agreement (if any), Product Specific Terms (if any), the Data Processing Addendum, the Acceptable Use Policy and each document attached to or incorporated by reference in any of them, as any of them may be modified in accordance with Section 12.13 (Changes to the Agreement).
Acceptable Use Policy or AUP means the CyberFortress Acceptable Use Policy published at https://cyberfortress.uk/acceptable-use-policy/.
Backup Services means online access to configurable backup and recovery software application(s) for use in creating, storing, and restoring backup copies of Customer’s Content.
Confidential Information has the meaning given in Section 9 (Confidential Information).
Content means backups of data, files, and other information and material that Customer creates using the Backup Services or Disaster Recovery Services.
CyberFortress means JungleDisk, LLC or the affiliate of JungleDisk, LLC identified in the Order.
CyberFortress Technology means all software, technology, data, and other information and materials used by CyberFortress to provide the Services or provided to Customer for its use in connection with the Services, including all related documentation, all derivative works of any of the foregoing, and all related intellectual property rights.
Disaster Recovery Services means online access to software application(s)for establishing a failover environment.
Managed when used with reference to a Backup Service or Disaster Recovery Service refers to CyberFortress’ Support for the Third Party Technology that is the backup or disaster recovery application identified in the applicable Order.
Order means a description of the Services and related fees and transactions terms that is part of either (i) an online service description that Customer has accepted via a click-to-accept process or other affirmative act of consent, or (ii) a document prepared by CyberFortress for Customer’s signature (such as an Order Form or Statement of Work) that Customer has signed and returned to CyberFortress, or (iii) a CyberFortress quote, proposal, or like document that Customer has accepted by issuing a purchase order (subject to Section 12.14 (Complete Agreement)).
Product Specific Terms means the terms and conditions applicable to Customer’s purchase and use of specific products that are incorporated in an Order, either in full, or by reference to the webpage where they are posted.
Professional Services means planning, implementation, training, customization, support other than standard Support, and other CyberFortress services other than the Backup Services, Disaster Recovery Services, and Support.
Sanctions means any restriction in trade in goods and services administered by the United Nations Security Council, the Office of Foreign Asset Controls of the United States Department of Treasury, including its list of Specially Designated Nationals and Blocked Persons, the United States Department of State, the European Union or by government bodies of the country in which Customer is domiciled.
Security Materials has the meaning given in Section 2.7 (CyberFortress Security).
Service or Services mean the Backup Service or Disaster Recovery Service, Support, and Professional Services, collectively.
Service Level Agreement or SLA means the service level agreement that is applicable to a specific Backup Service or Disaster Recovery Service as described or incorporated by reference in an Order.
Service Warranty has the meaning given in Section 2.2 (Service Warranty).
Support means CyberFortress standard maintenance and technical assistance for a Backup Services or Disaster Recovery Services offering.
Term means the initial term and all renewal terms of an Order.
Third Party Technology or Third Party Technologies has the meaning given in Section 3 (Third Party Technologies and Integrations).
2.1 Services. CyberFortress shall provide the Services described in the Order for the Term of each Order, subject to the terms, conditions and restrictions stated in this MSA, the Order, and other parts of the Agreement.
2.2 Service Warranty. CyberFortress warrants that: (i) the Backup Services and Disaster Recovery Services will conform to the description stated in the Order in all material respects and shall be free from material defects; (ii) it will provide Support and Professional Services in a good and professional manner in accordance with industry standards, using personnel with appropriate skill, training, and experience (the “Service Warranty”). The CyberFortress Service Warranty does not extend to issues with Third Party Technolog(ies) that are unrelated to CyberFortress Support.
2.3 Compliance with Law. CyberFortress warrants that it complies with laws applicable to CyberFortress, and that the Services shall be provided in accordance with laws generally applicable in the jurisdiction of the Customer irrespective of sector or industry. CyberFortress does not warrant that the Services comply with laws specific to the Customer’s industry or sector unless this is specified in the Order.
2.4 Service Level Agreement. If the Order includes a Service Level Agreement, CyberFortress makes the commitments stated in the Service Level Agreement, subject to the restrictions and conditions stated in the Service Level Agreement.
2.5 Restoration. Unless the Order expressly includes CyberFortress restoration services, Customer is responsible for completing any desired restoration using the control panel or dashboard provided as part of the Services.
2.6 License for Mobile Apps, Clients, and APIs. The CyberFortress mobile applications, downloadable software clients, if any, and any API or other software or computer instructions that CyberFortress provides for Customer’s use on a Customer system or device are licensed to Customer on the terms that appear with the download files, or if no terms are included with the download files, on a non-exclusive, limited term basis for Customer’s use only in connection with the Services as permitted by the Agreement, in executable form only, and subject to all of the restrictions and conditions applicable to the use of the Services and CyberFortress Technology stated in the Agreement. CyberFortress may modify its API(s) from time to time on reasonable advance notice.
2.7 CyberFortress Security. On Customer’s request, CyberFortress will provide a description of the security measures it uses to protect Customer Content (the “Security Materials”). CyberFortress will protect Content and other Confidential Information using measures at least as stringent as those stated in the Security Materials for the Term and following the Term for so long as CyberFortress retains any Content. Customer acknowledges that CyberFortress cannot guarantee complete security and that there is always a security risk involved in the use of an online service. Customer acknowledges that the measures described in the Security Materials are reasonable and appropriate given the nature of the Content and agrees that CyberFortress is not responsible to Customer for any harm Customer suffers as a result of a security breach unless the breach resulted from CyberFortress’ failure to maintain the security measures as described in the Security Materials. Customer acknowledges that the Security Materials are CyberFortress’ sensitive Confidential Information covered by the restrictions on use and disclosure stated in Section 9 (Confidential Information).
2.8 CyberFortress Privacy. The Data Processing Addendum published at https://cyberfortress.com/onedpa/ (the “DPA”) is incorporated in this MSA by this reference and is applicable to CyberFortress’ processing of personal data covered by the Data Protection Laws as defined in the DPA.
2.9 Customer Content. Customer retains all right, title, and interest in and to its Content and CyberFortress may not use the Content other than to provide the Services or as expressly permitted by other terms of the Agreement.
2.10 Customer Controlled Encryption Keys. Some CyberFortress Backup Services include the means for Customers to create Customer-controlled encryption keys. Unless otherwise expressly agreed, CyberFortress will not have a master key or backup key, meaning that if a Customer-controlled encryption key is lost the Customer Content encrypted with that key will be permanently unavailable. CyberFortress may delete Content that has become permanently unavailable due to the loss of encryption key(s).
2.11 Customer Credit and Background Check. If CyberFortress discovers that Customer does not meet CyberFortress’ credit, export clearance, or other background checks after the time that it has accepted an Order, it may terminate the Order without liability provided that it promptly refunds to Customer any prepaid fees for unused Services.
2.12 Disclaimers. Except for the warranties expressly stated in the Agreement CyberFortress does not make any warranties or representations regarding the Services or other subject matter of this Agreement and disclaims any implied warranties, including any implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, and non-infringement. CyberFortress does not warrant that the Services are error free, uninterrupted, or completely secure. Customer represents that it has not relied on any representations or warranties other than those expressly stated in the Agreement. This exclusion shall not apply to the extent not permitted by applicable law.
3. THIRD PARTY SERVICES AND INTEGRATIONS
“Third-Party Technology(ies)” means third-party software, online services, or other technology that Customer uses with the Backup Services or Disaster Recovery Services and that are either: (i) purchased by Customer directly from the third party, (ii) purchased by Customer from CyberFortress as a reseller subject to Customer’s acceptance of the third party’s separate pass-through legal terms referenced in this MSA or the Order; or (iii) are identified in the Order as a “third-party service” or with like terminology. Third Party Technologies include cloud infrastructure services, such as Amazon Web Services and Google cloud services, and third-party software such as Veeam, Asigra, and Ahsay. Third-Party Technologies are covered by legal terms between Customer and the provider of the Third-Party Technology; CyberFortress makes no representations, warranties, support commitments or other service commitments whatsoever with respect to Third Party Technology(ies) unless expressly stated in the Agreement. If CyberFortress provides an integration feature for the Third-Party Technology, then that integration feature (but not the Third-Party Technology) is part of the CyberFortress Services and is covered by the warranties and other commitments applicable to the Services. Customer acknowledges that CyberFortress’ integration features may be unavailable or may not work properly if the third party’s API is unavailable or if the third party modifies its API, technology, or services in a way that impacts the CyberFortress integration feature. CyberFortress will use commercially reasonable efforts to modify its integration features to maintain compatibility with Third-Party Technologies but is not responsible for interruptions in the use of the Services that result from third-party changes or interruptions despite CyberFortress’ use of commercially reasonable efforts.
4. CUSTOMER OBLIGATIONS, RESTRICTIONS ON USE
4.1 Configuration, Verification. Customer acknowledges that Backup Service and Disaster Recovery Services must be configured to work with Customer’s specific systems. Customer is responsible for creating and maintaining the configuration of the Backup Services and Disaster Recovery Services unless it has purchased Professional Services that expressly include this service. CyberFortress has tried to make the process intuitive and error-proof, but it cannot cover every possible system combination. CyberFortress recommends that Customer test its ability to restore from backups or failover to a disaster recovery site on a regular basis and following each change to Customer’s systems to ensure that the restoration or failover is successful. CyberFortress may, but is not required to, notify Customer if it discovers that a scheduled backup has failed. CyberFortress’ notification of one or more failed backups does not establish a commitment by CyberFortress to notify of any other failed backups and Customer should not rely on CyberFortress for notice of failed backups.
4.2 Order Quantities. Customer may not use the Backup Services or Disaster Recovery Services in violation of quantity restrictions stated in the Order, such as a restriction on the number of permitted users or devices.
4.3 Fees. Customer will pay properly invoiced amounts when due for the entire Term. Customer will not use or attempt to use the Services in a way that undermines CyberFortress’ ability to correctly calculate its fees.
4.4 No Service Provider Use or Resale. Customer may use the Services only in connection with its and its affiliates’ internal business purposes. Customer may not resell the Services or use the Services to provide services to others unless it has executed a separate agreement with CyberFortress for this purpose.
4.5 Customer’s Security Obligations. Customer will use reasonable security precautions in connection with its use of the Services. For example, Customer will use commercially reasonable efforts to protect its systems and data from malware, will require its users to establish reasonably secure passwords that are different than the passwords used for other online services, and will conduct anti-phishing training. If Customer elects to manage encryption or encryption keys outside of the Services environment, Customer shall use reasonable efforts to ensure the security of its encryption and key management process. Customer shall notify CyberFortress of any unauthorized access to its account or a user’s account login credentials.
4.6 Authorized Users. Customer will authorize as Service users only the following: (i) its personnel, (ii) the personnel of its affiliates, and (iii) the personnel of Customer’s and its affiliates’ contractors for their use in supporting Customer’s or the affiliates’ internal business operations. Customer is solely responsible for de-activating or updating permissions and authentication credentials for Customer’s users, such as on the termination of employment of a user, and for keeping all email and other contact information up to date at all times. Customer authorizes CyberFortress to act on the instructions of a user who authenticates using active account credentials.
4.7 Compliance with Law, Acceptable Use, No High-Risk Use. Customer must comply with all applicable laws and regulations with respect to its activities under this Agreement and any Orders . Customer may not backup or store any information or materials that violate the CyberFortress Acceptable Use Policy or the acceptable use policies of CyberFortress’ network or infrastructure services providers. Customer may not use the Services as part of any activity that involves a risk of death or personal injury, damage to real or personal property, environment hazard, or as part of any life support or medical devices or applications.
4.8 Representations and Warranties. Customer represents and warrants to CyberFortress as of the effective date of each Order and on an ongoing basis that: (i) the information Customer submits about itself and Customer’s activities to establish a Services account with CyberFortress and place an Order is true, correct, and complete, (ii) Customer has not been the target of any legal or regulatory investigations or proceedings in connection with business activities in relation to which the Services will be used, and (iii) Customer has all necessary rights and authority to authorize CyberFortress to use and process Content and other information and data submitted by Customer to CyberFortress as permitted by the Agreement, (iv) for Third Party Technology not resold through CyberFortress, Customer has a current, valid license or other right for its and CyberFortress’ use of the Third Party Technology as contemplated by the Agreement; and (v) Customer, its affiliates, directors and officers are not persons subject to Sanctions, and the Services will not be used in any territory or country subject to Sanctions, including without limitation North Korea, Russia, Crimea, Syria and Iran and Customer is not otherwise a person to whom CyberFortress is legally prohibited to provide the Services.
4.9 CyberFortress Rights in Technology/Intellectual Property. Customer may not copy any part of the Services or CyberFortress Technology except to the extent necessary to use the Services as permitted by the Agreement and shall not remove or obscure CyberFortress’ name or any branding or proprietary notices that appear on or with the CyberFortress Technology. Customer may not reverse engineer or attempt to discover any underlying algorithm or method embodied by the Services or other party of CyberFortress Technology except as permitted by law and where such permission cannot be excluded by agreement between the parties . Customer may not disclose to any third party any benchmarking or other test or evaluation Customer conducts on the Services. Customer may not use the Services or other CyberFortress Technology for the purpose of creating a competing technology. Customer may not use the Services or other CyberFortress Technology other than by means of the interface(s) provided by CyberFortress. Customer may not modify or create derivative works of any CyberFortress Technology. Notwithstanding anything to the contrary in this Agreement, if and to the extent any part of the CyberFortress Technology is covered by an open source software license that conflicts with the terms of the Agreement, the open source software license controls. Except for rights expressly granted in this Agreement, CyberFortress retains all right, title and interest in and to the CyberFortress Technology. No rights in intellectual property may arise by implication or estoppel. If the Services are paid for with United States federal government funds or are intended for use within or for any United States federal agency, the Software is provided with “Restricted Rights” as defined in DFARS 252.227-7013, Rights in Technical Data and Computer Software and FAR 52.227-14, Rights in Data-General, including Alternate III, as applicable. You must notify CyberFortress in advance if you are a federal government entity or are using federal government funds to pay for your use of the Service.
5. FEES AND PAYMENTS
5.1 Fees, Rates. CyberFortress’ fees and rates are stated in the Order. Fees and rates are stated exclusive of any applicable sales, use, value-added, excise and other similar taxes, fees and surcharges that are legally or by custom borne by a purchaser of services or like transactions tax (“Sales Tax”). Unless otherwise stated in the Order, fees and rates are stated in United States dollars and must be paid in United States dollars. Except to the extent otherwise expressly stated in the Agreement, fees are non-refundable.
5.2 Changes to Fees, Rates. CyberFortress may increase the fees and rates from those stated in the Order consistent with inflation in the applicable jurisdiction as measured by a commonly accepted inflation measure in that jurisdiction. In addition, to the extent CyberFortress’ supplier of storage or other information technology infrastructure increases its fees to CyberFortress by more than the applicable measure of inflation CyberFortress may increase its fees and rates by a like percentage. In addition, CyberFortress may increase its fees and rates applicable to any renewal term by giving notice of the increase at least thirty (30) days prior to the start of the renewal term.
5.3 Expenses. CyberFortress shall bear all costs and expenses incurred to provide the Services except for expenses expressly identified as the Customer’s responsibility in an Order.
5.4 Invoices. CyberFortress may invoice its fees, related Sales Tax, and permitted expenses at the times stated in the Order, or if no times are stated in the Order may invoice monthly in advance for fixed fees and monthly in arrears for usage-based fees, hourly rates, expenses, and other fees. Unless otherwise stated in the Order or otherwise agreed to, Customer must arrange for payment of fees by payment card and shall maintain current, valid payment card information with its account information at all times. Unless otherwise stated in the Order CyberFortress may charge fees to Customer’s payment card on the invoice date.
5.5 Late Payment. CyberFortress may charge interest on overdue amounts. Interest under this clause will accrue each day at 4% a year above the Bank of England’s base rate from time to time, but at 4% a year for any period when that base rate is below 0%.. CyberFortress may suspend Customer’s Services and access to its Content if a charge to a payment card is refused or any amount is overdue by more than ten (10) days and Customer has not made the payment within three (3) business days of CyberFortress’ notice. CyberFortress may require Customer to pay a reasonable fee to reinstate Services following a suspension for non-payment. CyberFortress is entitled to recover its reasonable costs of collection for any amount that is overdue by more than thirty (30) days, including reasonable attorney fees and court costs.
5.6 Payment Disputes. Any fee dispute is waived if not described in a written notice to CyberFortress given within thirty (30) days of the invoice date for the disputed amount. If Customer reasonably disputes an invoiced amount within the thirty (30) day period CyberFortress shall extend the due date for the disputed amount for thirty (30) days (i.e., the disputed amount shall not be “due” until the date that is thirty (30) after the original due date). During the thirty (30) day extension the parties shall cooperate in good faith to resolve the dispute. Any suspension, termination or other enforcement rights that CyberFortress has for overdue fees may not be taken during the thirty (30) day extension and no late interest will accrue during the thirty (30) day period even if it is ultimately determined that CyberFortress’ position with respect to the disputed amount is correct.
6. TERM, TERMINATION, SUSPENSION
6.1 Term. The initial term of each Order is stated in the Order, or if not stated is one month. Unless otherwise stated in an Order, each Order automatically renews for consecutive renewal terms of one month each unless either CyberFortress or Customer gives a notice of non-renewal at least thirty (30) days prior to the expiration of the initial term or then current renewal term, as applicable. All parts of the Agreement other than the Order shall have an initial term and renewal term that is the same as the Order’s or Orders’ initial term(s) and renewal term(s).
6.2 Termination. Either party may terminate an Order on written notice prior to expiration if the other party is in material breach of the Order or any part of the Agreement and has failed to cure the breach within ten (10) days of the terminating party’s notice describing the breach and its intent to terminate.
6.3 Suspension. CyberFortress may suspend Customer’s access to the Services, including access to the Content, during any period that Customer is in material breach of the Agreement (including the AUP) or Customer’s access to the Services creates a significant operational or compliance risk or significant security vulnerability. CyberFortress will give Customer at least two (2) business days’ advance notice of the suspension unless the suspension is made under emergency circumstances. CyberFortress will reinstate Customer’s access to the Services when the grounds for suspension are cured unless CyberFortress has already terminated the Agreement as described in this Section.
6.4 Obligations on Termination. On expiration or earlier termination of an Order Customer shall stop using the Services and all mobile applications, clients, API’s, and other CyberFortress Technology. Customer is responsible for exporting its Content from CyberFortress prior to expiration or termination of the Agreement. CyberFortress is not required to export Customer’s Content, but may be available to do so as a Professional Services engagement. CyberFortress shall destroy all copies of Content in its possession or control following expiration or termination using a means of destruction that is reasonably calculated to render the Content unrecoverable; provided, however, that on Customer’s written request given prior to the date of termination CyberFortress shall not destroy Customer’s Content for a reasonable period of time as necessary for Customer to recover its Content on the condition that Customer continue to pay applicable fees.
6.5 Survival. The following parts of this Agreement survive expiration or earlier termination of this Agreement: Section 2.9 (Customer Content), Section 4.9 (CyberFortress Rights in Technology/Intellectual Property), Section 5 (Fees and Payments), Section 6 (Term, Termination, Suspension), Section 7 (Indemnification), Section 8 (Limitations on Remedies, Liability), Section 9 (Confidential Information), Section 11 (Notices), Section 12 (General Terms), and all other parts that are expressly stated to survive or that by their nature are intended to survive expiration or termination.
7.1 IP Claims. CyberFortress shall defend Customer and its affiliates, and each of their respective employees, directors, members, managers, officers, owners, and agents (collectively the “Customer Indemnitees”) from any third-party claim asserting that Customer’s use of the Services as permitted by the Agreement infringes or misappropriates any copyright, trademark, design, trade secret, or patent granted in the United States, by the European Patent Office or by the patent office of a member state of the EU, the United Kingdom, Australia or New Zealand (an “IP Claim”) and pay any resulting liability, judgement, loss, damage, cost and other expense (including reasonable attorneys’ fees) (“Losses”) awarded to the third party by a court of competent jurisdiction, or in the alternative shall settle the IP Claim at CyberFortress’ expense, provided that Customer’s consent is required if the settlement does not fully resolve the IP Claim or requires CyberFortress or any Customer Indemnitee to make a statement admitting culpability. Notwithstanding the foregoing, CyberFortress shall not have any obligation to indemnify an IP Claim to the extent it results from (i) an unauthorized modification of the Services by any of the Customer Indemnitees or persons acting on their instruction, or (ii) an unauthorized combination or use of the Services by any of the Customer Indemnitees or persons acting on their instruction with any software, hardware or other technology, information or materials not provided by CyberFortress unless the combination or use is reasonably contemplated by the nature of the Services or their authorized use. If an IP Claim is asserted, or in CyberFortress’ reasonable opinion is reasonably probable of assertion, CyberFortress may terminate the Agreement without liability except to refund prepaid fees for unused Services, provided that CyberFortress must first have used commercially reasonable efforts to resolve the IP Claim or modify the Services to avoid the IP Claim without material diminishment of functionality. This Section states Customer’s sole and exclusive remedies and CyberFortress sole and exclusive obligations with respect to claims of intellectual property infringement.
7.2 Mutual Indemnification. Each party shall indemnify, defend and hold harmless the other party and each of the other party’s affiliates and their respective employees, directors, members, managers, officers, owners, agents, licensors, suppliers, resellers, and distributors from and any third-party claim and resulting Losses arising from the indemnifying party’s breach of its confidentiality, privacy or security obligations stated in the Agreement or the indemnifying party’s violation of applicable law or breach of the Acceptable Use Policy. The indemnified party shall provide the indemnifying party with prompt notice on learning of any claim covered by this Section, provided that the failure to provide prompt notice shall not relieve the indemnifying party of its obligations under this Section except to the extent the failure adversely affected the defense or resolution of the claim. The indemnifying party shall defend the claim unless it tenders the defense to the indemnified party by written notice, in which case the indemnified party shall defend the claim. The party required to defend the claim shall control the defense of the claim, including selection of counsel, provided that the other party may participate in the defense of the claim with counsel of its choice at its expense. The non-defending party shall promptly comply with the reasonable requests of the defending party for information and assistance in connection with the defense of the claim. The defending party may settle a claim provided that the indemnified party’s consent is required if the settlement does not fully resolve the claim or requires any party or its indemnitees to make a statement admitting culpability.
- LIMITATIONS ON REMEDIES, LIABILITY
8.1 SLA Credits. SLA credits are Customer’s sole and exclusive remedies for CyberFortress’ failure to meet the SLA commitments for which credits are provided.
8.2 Warranty Remedy. If CyberFortress fails to meet the Services Warranty stated in Section 2.2 (Service Warranty), CyberFortress will attempt to cure the failure or if it is unable to cure the failure using commercially reasonable efforts, then the Customer may terminate the Order for the Services not meeting the warranty, and in that event CyberFortress will refund the fees paid for the month during which the failure occurred and any prepaid fees for unused Services. However, to be eligible for a warranty remedy under this Section, Customer must give a written notice describing the failure no later than ten (10) days following the end of the month in which the failure occurred and cooperate with CyberFortress’ reasonable efforts to cure the failure. The remedies stated in this Section are Customer’s sole and exclusive remedy for CyberFortress’ breach of the Service Warranty.
8.3 Exclusion of Consequential, Indirect Damages. Except for claims arising from a party’s breach of Section 9 (Confidential Information), or claims based on the party’s infringement or misappropriation of the other party’s intellectual property rights, neither party nor its affiliates, licensors, suppliers, resellers, distributors or subcontractors is liable to the other for any lost profits, lost revenue, lost business opportunity, or any indirect, special, incidental, punitive, or consequential loss or damage of any kind arising in connection with this Agreement, or any loss or damage that could have been avoided by the claiming party’s reasonable mitigation, even if the party has been advised of or should be aware of the possibility of such damages.
8.4 Maximum Liability. Notwithstanding anything to the contrary in this Agreement, excluding: (i) claims arising from a party’s gross negligence or wilful misconduct , (ii) claims arising from a party’s breach of Section 9 (Confidential Information), (iii) claims based on the party’s infringement or misappropriation of the other party’s intellectual property rights, (v) claims arising from Customer’s breach of Section 4, and (v) payment obligations under Section 5 (Fees and Payments), the maximum aggregate liability of a party and its affiliates, licensors, suppliers, resellers, distributors, and subcontractors under or in connection with this Agreement for any type of damages, claims or obligations including liability for breach of contract, misrepresentation (whether tortious or statutory), tort (including negligence) and breach of statutory duty, shall not exceed the lesser of Five Thousand Dollars ($5,000.00) or amount of fees paid or payable by Customer under the Order giving rise to the claim for the six (6) months preceding the event giving rise to the claim. For clarity, the maximum aggregate monetary limit stated in this Section is not “per incident” but is an aggregate limitation applicable to all claims arising under or regarding the Agreement and includes those claims set forth in Section 7.
8.5 General. Customer acknowledges that CyberFortress has set its fees and entered into the Order in reliance on the limitations of remedies and liability stated in theis Agreement, and that these limitations reflect an agreed allocation of risk between Customer and CyberFortress. The limitations stated in this Section shall apply to any liability arising from any cause of action whatsoever, whether in contract, tort, commercial code, strict liability or otherwise, even if a limited remedy fails of its essential purpose. If these limitations as written are not permitted by applicable law, they shall apply to the extent permitted by applicable law.
8.6 Notwithstanding any other provision in this Agreement, nothing in this Agreement shall operate so as to exclude or limit the liability of either party to the other for: (i) death or personal injury arising out of negligence; (ii) fraud or fraudulent misrepresentation; or (iii) any other liability that cannot be excluded or limited by law.
9. CONFIDENTIAL INFORMATION.
9.1 Definition. “Confidential Information” means any non-public information that a party (the “recipient”) receives from or learns about the other party (the “discloser”) or the discloser’s affiliates as a result of activities contemplated by the Agreement that the recipient should reasonably understand to be confidential, given the nature of the information or the circumstances of its disclosure, but not including any information that is developed by the recipient independently and without reference to the discloser’s Confidential Information, or information that is or becomes available to recipient from a source other than discloser so long as the source did not, to recipient’s knowledge, acquire the information as a result of a violation of a duty of confidentiality to discloser. Customer’s Confidential Information includes the Content. CyberFortress’ Confidential Information includes pricing and service terms, product roadmap information, security information, and non-public technology.
9.2 Restrictions on Use, Disclosure. Neither party may use the other party’s Confidential Information except in connection with the performance of its obligations under this Agreement or the permitted use of the Services, as applicable, the exercise of the party’s legal rights under this Agreement, or as may be otherwise permitted under this Agreement or required by law. Each party agrees not to disclose the other party’s Confidential Information to any third person except as follows: (i) to the party’s respective service providers, agents and representatives, provided that such service providers, agents or representatives are bound by written confidentiality measures that are at least as stringent as these terms; (ii) in response to search warrant, subpoena or like process, or request by regulator, law enforcement agency or similar authority if it is required to do so by law, provided that the party disclosing Confidential Information under this Section first gives the other party written notice at least seven (7) days prior to disclosing the other party’s Confidential Information under this Section (or prompt notice in advance of disclosure, if seven days advance notice is not reasonably feasible), unless the law or a reasonable interpretation of it, forbids such notice, or (iii) as otherwise expressly permitted by the Agreement. On expiration or earlier termination of the Agreement, each party will return or destroy the other party’s Confidential Information, except to the extent reasonably retained to meet legal requirements or reasonable and industry-accepted record keeping requirements or as stored on electronic backup media until such time as the scheduled destruction of information on electronic backup media. All Confidential Information retained by a party following termination of the Agreement remains subject to the requirements of this Section. Each party will use commercially reasonable efforts to safeguard the other’s Confidential Information. CyberFortress’ obligations to use reasonable efforts to safeguard Customer Content is met by its use of the measures described in its Security Materials. Each of Customer and CyberFortress is responsible for a breach of this Section by its service providers, agents and representatives to whom it has disclosed the other party’s Confidential Information.
10. GOVERNING LAW, DISPUTES
10.1 Governing Law, Venue This Agreement and any Orders entered into under it, and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales. Subject to Clause 10.2 each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with this Agreement and any Orders entered into under it, or their subject matter or formation. The parties expressly and irrevocably disclaim and waive the application of the United Nations Convention on Contracts for the International Sale of Goods, to the extent it is applicable.
10.2 Informal Dispute Resolution. Except for a request for temporary injunctive or other equitable relief, each party agrees that it shall not file a lawsuit or other legal action in connection with the Agreement unless it has first given the other party written notice of the dispute, and attempted to resolve the dispute through good faith negotiation. At the request of either party, the dispute will be submitted for non-binding mediation in accordance with the model mediation procedure of the Centre for Effective Dispute Resolution (“CEDR”), unless either party (acting reasonably) considers that the dispute is not suitable for mediation. The following provisions must apply to any mediation commenced under or in relation to this Agreement or the relevant Order:
- there will be a single mediator who will be appointed by agreement in writing between the parties (to be reached within 30 days after the written agreement of the parties to refer the dispute to mediation);
- the person appointed by the agreement of the parties is unable or unwilling to act; or
- the parties are unable to agree on the identity of an agreed mediator within 15 days after the end of the period referred to in clause 10.2.1(a), then the mediator will be appointed by CEDR on the application of either party;
- the mediation will be conducted in London, United Kingdom and in the English language;
- the mediation will be conducted in private and without prejudice to the rights of the parties in any future proceedings;
- the mediation must be held within 30 days of the appointment of the mediator in accordance with clause 10.2.1(a) or 10.2.1(b) (as applicable);
- the fees of the mediator (and CEDR, if any) and the other expenses of the mediation will be borne equally by the parties. Each party must bear its own costs and expenses of its participation in the mediation.
10.3 Injunctive Relief. Notwithstanding anything in this Agreement to the contrary, this Agreement does not prohibit, condition or delay a party’s right to seek temporary injunctive relief in any court of competent jurisdiction to address the other party’s infringement or misappropriation of its intellectual property, or the other party’s breach of its confidentiality obligations under this Agreement.
11.1 Services Issues. Customer’s notices to CyberFortress for Services issues must be submitted via the standard means provided for support requests by CyberFortress, such as by ticket on the customer portal or dashboard. CyberFortress’ notices to Customer for Services issues, fee/rate changes and legal notices must be given to Customer’s primary account contact at the email address on CyberFortress account records.
11.2 Legal Issues. If Customer sends a notice of breach of the Agreement, a legal dispute, a legal claim, or other legal matter, Customer must give notice in the manner required for Services Issues and also send a copy of the Customer’s notice via email to [email protected] and also send a copy of the notice via registered mail to CyberFortress’ physical address appearing on its website on the day the notice is transmitted electronically.
11.3 General. Notices are deemed given, received and effective as of the time transmitted by electronic mail, or if that time does not fall on a business day in the country of the recipient, as of the beginning of the first business day following the time transmitted. Notices must be given in the English language.
12. GENERAL TERMS
12.1 Feedback. CyberFortress may use any feedback or suggestions that Customer may provide regarding the Services or CyberFortress Technology as part of its general services offerings without payment of any compensation to Customer.
12.2 Anti-Corruption. Each party represents that it has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from the other’s employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If either party learns of any violation of the above restriction, it will promptly notify the other party. Each party represents and warrants as of the effective date of each Order and for the Term of the Agreement that it is in compliance with applicable anti-corruption laws.
12.3 Force Majeure. Except for Customer’s payment obligations, neither party is in violation of the Agreement if the failure to perform is due to an event beyond that party’s reasonable control, such as a significant failure of the power grid or Internet, denial of service attacks, natural disaster, war, riot, insurrection, epidemic, strikes or other organized labor action, terrorism, or other acts or events for which precautions are not generally taken in the industry.
12.4 Assignment. Neither party may assign any of its rights or obligations under the Agreement whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety (including all Orders), without the other party’s consent to its affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.
12.5 Publicity. Each party will consider the other’s requests to participate in the development of product whitepapers, testimonials for Web publication, and other like materials for publication, provided that neither party may issue any press release or other publicity regarding the Agreement or the relationship or transactions contemplated by this Agreement without the prior review and consent of the other party. Customer agrees that CyberFortress may identify Customer as its customer on its sales presentations and its website where it identifies its customers generally, and CyberFortress agrees that Customer may identify it as Customer’s service provider on Customer’s website. Each party may use the other party’s trade or service marks in connection with authorised use of its name and other approved activities. Each party shall use the other’s trademarks subject to the other party’s reasonable trademark usage guidelines that are communicated to the party from time to time.
12.6 Pass Through Legal Terms. The Amazon Web Services standard legal terms available on the AWS website, such as those as https://aws.amazon.com/service-terms/, are applicable to Customer’s use of any AWS services purchased from CyberFortress as an AWS reseller. If and to the extent Customer asks CyberFortress to manage AWS services it has purchased directly from AWS, AWS solution provider terms are applicable, such as those published at https://s3-us-west-2.amazonaws.com/solution-provider-program-legal-documents/AWS+Solution+Provider+Program+-+Program+Guide+for+End+Customers.pdf. Standard terms of service for Google services that are available on the Google website (such as those published at https://cloud.google.com/terms/service-terms) apply to any Google services Customer purchases through CyberFortress as a Google reseller or that Customer purchases directly from Google but asks CyberFortress to manage. Unless Customer has a different agreement with the provider of any Veeam, Ashigra, or Ahsay software, the standard licensing terms published on their websites are applicable to Customer’s use of the software as part of the Services provided by CyberFortress.
12.7 Relationship of the Parties. The parties are independent contractors. Neither party is the agent of the other, and neither party is authorised to make any representations, contract, or commitment on behalf of the other. The use of the words “partner” or “partnership” in this Agreement or otherwise refers only to an arms-length business relationship, and does not create or reflect any legal partnership, joint venture, or other fiduciary or other special relationship between the persons described as partners. The parties do not agree to any exclusivity in regards to the subject matter of this Agreement and each party is free to contract with third parties, including competitors of the other party, for transactions of the type covered by this Agreement in any market, worldwide.
12.8 Interpretations. In calculating any period of time under this Agreement, the day of the act, event or default from which the designated period of time begins to run is not be included. The term “person” refers to any legal person, and may mean a natural person (individual), a legally created person (such as an entity, trustee, or executor), or an entity (such as a corporation, partnership, or limited liability company). The word “personnel” refers to a person’s employees and individual contractors who are under the person’s direct supervision. The word “affiliate” refers to an individual or entity that controls, is controlled by, or is under common control with the person referred to, where control means ownership of the majority of voting interests of an entity or the right to control the policies of the entity by means of a controlling number of seats on the entity’s governing body. The use of the word “including” should be read to mean “including, without limitation.” The term “party” or “parties,” either in lower- or upper-case form, refers to CyberFortress and Customer unless expressly stated as a “third party.” . A reference to “day” shall mean a calendar day, unless expressly designated as a “business” day. All software and other technology provided for Customer’s use is licensed and not sold; any references to a sale or purchase of software or other technology means the sale or purchase of a subscription service. Any requirement in this Agreement that a statement be written, in writing, or a like requirement is satisfied by an email or other digital form of writing unless expressly stated otherwise. Nouns stated in the singular imply the plural as indicated by the context, and pronouns that are gender specific refer to either gender. The Section captions in this Agreement are for convenience only; they are not part of this Agreement and may not be used to interpret the terms of this Agreement. It is the express wish of the Parties that this agreement and all related documents be drawn up in English.
12.9 Third-Party Rights. . A person who is not a party to this Agreement may not enforce any of its provisions under the Contracts (Rights of Third Parties) Act 1999.
12.10 Severability. In the event one or more of the terms of this Agreement are adjudicated invalid, illegal, or unenforceable, the adjudicating body may either interpret this Agreement as if such terms had not been included, or may reform such terms to the limited extent necessary to make them valid, legal or enforceable, consistent with the economic and legal incentives underlying the Agreement.
12.11 Changes to the Services. Customer agrees that Customer’s purchases are not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by CyberFortress regarding future functionality or features. Customer acknowledges that CyberFortress may modify or suspend any of its Services offerings at any time, provided that CyberFortress shall give written notice reasonably in advance of a material change that could have an adverse impact on Customer’s use of the Services. If there is a change to the Services that has a material and adverse impact on Customer, Customer may, as Customer’s sole and exclusive remedy, terminate the applicable Order and receive a refund of any prepaid fees for unused services; provided that notice of termination is given no later than 30 days following the date of the change.
12.12 General Representations. Each party represents that it has validly entered into this Agreement and has the legal power to do so.
12.13 Changes to Agreement.
12.13.1 Online Forms. CyberFortress may amend any part of the Agreement that is published online (such as this MSA, the AUP, the SLA, etc.) any time in its sole discretion. Any amendment will become effective as to Customer’s Order: (i) thirty days following the date that CyberFortress has both published the modified version of the online form and either (a) posted a notice of the modification on the customer’s service portal or (b) given a notice of the amendment in accordance with Section 11 (Notices) unless Customer objects to the amendment by written notice within the 30 day period, in which case CyberFortress may terminate the Agreement without liability to CyberFortress or Customer except that CyberFortress shall refund Customer any prepaid fees for unused Services; or (ii) on the first renewal of the Order that follows the publication of the modified version online form by at least thirty days.
12.13.2 Orders. Except for changes to pricing or other Order terms as expressly permitted by this MSA, Orders may be amended only by an agreement that meets the requirements of an “Order” under Section 1 above.
12.14 Entire Agreement and Order of Precedence. This Agreement is the entire agreement between Customer and CyberFortress regarding Customer’s use of Services and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. Each party acknowledges that, in entering into this Agreement and the relevant Order, it has not relied upon any oral or written statements, collateral or other warranties, assurances, undertakings or representations which were made by or on behalf of the other party in relation to the subject-matter of this Agreement or the relevant Order at any time before their respective signature (together, “Pre-Contractual Statements“), other than those which are set out expressly in this Agreement or the relevant Order. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on, and hereby waives all rights and remedies which might otherwise be available to it in relation to, any Pre-Contractual Statements. Nothing in this clause shall limit or exclude the liability of either party arising out of any pre-contractual fraudulent misrepresentation or fraudulent concealment. No modification, amendment, or waiver of any provision of the Agreement will be effective unless in writing and signed by the party against whom the modification, amendment or waiver is to be asserted. Customer agrees that any preprinted term or condition stated in Customer’s purchase order or other business form is void. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) the applicable Order, (2) the DPA, (3) any applicable Product Specific Terms, (4) this MSA, (5) the AUP, and (6) the SLA.