Terms & Conditions NCC GROUP ONLINE SERVICES - END USER LICENCE AGREEMENT RECITALS Important: please read this End User Licence Agreement (“EULA”) carefully. By using the Service (as defined below), you accept the terms of this EULA on behalf of yourself (if you are using the Service as an individual) or for and on behalf of your organisation (if you are using the service on behalf of your organisation), in either case referred to herein as “you” or the “Licensee”. This EULA is a legal contract between you and NCC Group Accumuli Security Limited (the "Service Operator") which sets out the terms and conditions in relation to your use of the Service and also the exclusions of liability that apply. If you do not agree to the terms of this EULA, you are not entitled to use the Service. If you have a separate written agreement with the Service Operator that the Service Operator has explicitly agreed will apply to your usage of the Service instead of this EULA, then that other agreement will apply to your usage of the Service and this EULA shall not apply. 1. DEFINITIONS 1.1 The following terms, when used in this EULA shall have the following meanings: “Affiliate” means in respect of a party any entity that directly or indirectly Controls or is Controlled by, or is under common Control with another entity; “Control” means the ability to direct the affairs of an entity, whether by virtue of the ownership of the majority of shares in that entity or the legal power to direct or cause the direction of the general management of that entity and Controls and Controlled shall be construed accordingly; "Documentation" means the operating documentation or manuals for the Service (or similar documents), which may be made available by Service Operator to its Service users (including documents and materials referred to within such documentation), whether in written or electronic form. “Effective Date” shall be the date on which the Service is first accessed by the Licensee. "Licensee Confidential Information" means data, information, documents, or communications, created or received by Licensee that are stored on or using the Service. "Licensee Confidential Information" does not include information which: (a) can be demonstrated with tangible evidence as already rightfully known by Service Operator; (b) is or becomes publicly known through publication or otherwise and through no wrongful act of Service Operator; (c) is, as far as the Service Operator is aware, received from a third party without similar restriction and without breach of any confidentiality obligation; or (d) is approved for release or use by written authorization of Licensee. “Primary Contract” means the contract (comprising a proposal, order form, or otherwise) between Service Operator and the Licensee’s organisation for purchase of the right to use the Service; "Service" means any or all of the online services offered by the Service Operator which the Licensee has a right to access including but not limited to: ASSIST or ASSISTLive; xStormLive or XstormLive; Domain Intel or DomainIntelLive; Piranha or PiranahLive; and/or; Domain Assured or DomainAssuredLive. "Service Operator Confidential Information" means the confidential, proprietary and valuable information of Service Operator which may be disclosed to the Licensee orally or in writing and which Service Operator treats as confidential to protect against disclosure to, or competitive use by, third parties, or such information which a reasonable person in the cyber security or software industries would expect to be treated as confidential. Service Operator Confidential Information includes, without limitation, the Service, Documentation and any confidential or proprietary information related to Service Operator including, without limitation, any patents, patent applications, copyrights, trademarks, trade secrets, inventions, research, development, know-how, experience, prices, costs, personnel and customer details. Service Operator Confidential Information does not include information which: (a) can be demonstrated with reasonable evidence as already rightfully known by Licensee when received from Service Operator (other than knowledge gained in connection with a prior agreement between Service Operator and Licensee); (b) is or becomes publicly known through publication or otherwise and through no wrongful act of the Licensee; (c) is, as far as the Service Operator is aware, received from a third party without similar restriction and without breach of any confidentiality obligation; or (d) is approved for release or use by written authorization of Service Operator. 2. LICENCE TO USE THE SERVICE 2.1 License Grant. Subject to the terms and conditions of this EULA, Service Operator grants to the Licensee a non-exclusive, non-transferable license to use the Service and the related Documentation (if any), subject to the following: Licensee agrees that, unless authorized by Service Operator, the Service shall be used only by Licensee’s employees and consultants and only for Licensee’s internal business purposes; Licensee shall use the Service only in accordance with the Documentation; Licensee shall not use the Service to process data on behalf of third parties except as authorised in writing by Service Operator; Licensee shall cease using the Service immediately upon termination or expiry of this EULA, howsoever caused; and the additional terms and conditions applicable to the relevant online Service set out at the end of this EULA agreement shall apply if the Licensee has purchased the relevant Service. 2.2 Licensee Restrictions. Licensee will not: rent, lease, sub-license, loan, translate, merge, adapt, vary or modify the Service or Documentation; other than where it cannot be prevented by law, not to attempt to reverse-engineer or create derivative works based on the whole or any part of the Service; remove, hide or mask any copyright, trademark or other proprietary notices of Service Operator from the Service or the Documentation; . exceed any maximum usage levels that have been agreed; 2.3 No Implied License. The Licensee acknowledges and agrees that this EULA in no way shall be construed to provide to Licensee, or any third party, any express or implied licence to use, copy or otherwise exploit the Service or any portion thereof, (including any intellectual property embodied therein) except as expressly set forth in Section 2.1. 2.4 Use of the Service. The Licensee shall: supervise and control use of the Service and ensure that the Service is used by the Licensee’s employees and representatives in accordance with the terms of this EULA; not provide or otherwise make available the Service in whole or in part in any form to any person other than the Licensee’s employees and representatives without prior written consent from Service Operator; comply with all applicable technology control or export laws and regulations; use the Service for lawful purposes only and in accordance with all applicable laws and having ensured that the Client has all necessary consents, authorisations or permissions; if it requires any of the Licensee’s trademarks to be used in connection with the Service, grant to NCC Group a non-exclusive, royalty free, licence to use such trademarks solely for the purposes of providing the Service; ensure that its access credentials for the Service are stored securely at all times and only used by those employees of the Licensee that are expressly authorised by the Licensee to access the Service and are not shared with any other person. The Licensee shall take all reasonable steps to prevent any unauthorised access to the Service and will immediately notify Service Operator if it becomes aware of any such access; comply with any Acceptable Usage Policy applicable to the Service that may be notified to it by the Service Operator from time to time. in instances where the Service involves the provision of any form of weakness, threat or vulnerability identification against defined targets, only direct the Service against targets owned by the Licensee or a third party where the Licensee has explicit authorisation from such third party to do so. 3. AUDIT 3.1 Audit. Licensee shall maintain complete and accurate records to support and document use of the Service pursuant to this EULA and shall retain such records for the term of this EULA and seven (7) years thereafter. Licensee shall, upon written request of Service Operator, allow Service Operator or its designee to audit such records of Licensee and access the Service. Such access shall be granted during normal business hours and no more frequently than once in each calendar year unless a discrepancy is discovered in the immediately prior audit, or the Service Operator has reasonable grounds to suspect that the Licensee is using the Service in breach of this EULA. 4. OWNERSHIP AND CONFIDENTIALITY 4.1 Service Operator Ownership Rights. All rights, title and interests, including, but not limited to, all worldwide patent, copyright, trademark, trade secret and any other rights in and to the Service, the Documentation and Service Operator Confidential Information are retained by Service Operator. The Licensee agrees that it shall not do, or cause to be done, any acts or things contesting or in any way impairing or tending to impair any portion of the right, title and interest of Service Operator in and to such intellectual property rights. 4.2 Licensee Nondisclosure and Use Restriction. The Licensee shall use reasonable diligence, and in no event less than that degree of care used by Licensee to protect its own confidential information and confidential data, to protect Service Operator Confidential Information from unauthorised use, disclosure or reproduction. Licensee will not use any Service Operator Confidential Information except as expressly permitted hereunder. Service Operator Confidential Information shall be examined by and disclosed to only such employees or representatives of Licensee as may have a need to know such information in the course of their duties and who are also bound by written obligations of confidentiality equivalent to those in this EULA. 4.3 Service Operator Nondisclosure and Use Restriction. Service Operator shall use reasonable diligence, in no event less than that degree of care used by Service Operator to protect its own confidential information and confidential data, to protect Licensee’s Confidential Information from unauthorised use, disclosure or reproduction. Service Operator will not use any Licensee Confidential Information except as expressly permitted hereunder. The Licensee Confidential Information shall be examined by and disclosed to only such employees of Service Operator as may have a need to know such information in the course of their duties (including but not limited to those described in Section 5.4 below) and who are also bound by written obligations of confidentiality equivalent to those in this EULA. 4.4 Anonymous Usage Statistics and Metrics. The Service Operator shall be entitled to collect and use general statistical information regarding the Licensee’s use of the Service for the purposes of maintaining and developing the Service for all its customers. Such general statistical information shall be subject to the Service Provider’s obligations of confidentiality stated hereunder (including but not limited to in the preceding Section 5.3), however, it may be disclosed by the Service Operator if necessary for the purposes of this Section 5.4 in an anonymous and aggregated form. 5. WARRANTIES 5.1 Service Warranty. Service Operator warrants the Service will perform substantially in accordance with the current Documentation. Service Operator does not warrant that the Service will operate at all times in an uninterrupted or error free fashion. In order to provide the highest level of service and security the system will need to be updated and upgraded on a regular basis. Any upgrade and update activities will be conducted during a reserved, defined, regular maintenance window. The maintenance window is defined in the system’s service description. Any upgrade or update will be communicated at least 24 hours prior to the opening of the change window a) via the system notification mechanism b) as an email message to the client’s main administrative user. Under certain circumstances NCC Group may need to take the system off line in order to perform important updates or upgrades and in these circumstances the upgrade or update will be communicated at least 2 hours prior to the change a) via the system notification mechanism. 5.2 Licensee Remedies. Licensee’s sole and exclusive remedy (at law or equity) and Service Operator’s sole and exclusive obligation under the limited warranty provided in Section 6.1 above shall be correction of any material failure of the Service so that it performs substantially as warranted. 5.3 Exclusions. THE LIMITED WARRANTY EXPRESSLY PROVIDED IN SECTIONS 6.1 and 6.2 IS THE ONLY WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, MADE BY SERVICE OPERATOR. SERVICE OPERATOR DISCLAIMS ANY AND ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, INTEROPERABILITY, AVAILABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Licensee shall be solely responsible for, and Service Operator shall have no obligation to honour, any promises or warranties that Licensee may provide to its customers or any third party with respect to the Service or any results provided to such parties as the result of the implementation of the Service. Licensee shall indemnify, defend and hold harmless Service Operator from and against any claim arising out of, related to or in connection with any such promises or warranties whether express, implied, statutory or otherwise and to pay any settlement or damages awarded to a third party as a result of any action based on such promise or warranty. 6. INDEMNIFICATION 6.1 Infringement. 6.1.1 Defence. In the event of a claim against Licensee for the infringement or misappropriation of a third party copyright, patent or trademark by reason of the use by Licensee of the Service as permitted hereunder, Service Operator shall, at its expense, defend such claim, and pay reasonable costs and expenses and damages actually awarded in connection therewith, including the reasonable fees and expenses of the lawyers engaged by Service Operator for such defense provided that (i) Licensee shall promptly notify Service Operator of such claim, (ii) Service Operator shall have the sole and exclusive authority to defend and/or settle any such claim (iii) Licensee does not make any admissions in relation to or compromise any claim without Service Operator’s prior written consent and (iv) Licensee reasonably cooperates with Service Operator in connection therewith. 6.1.2 Actions in Response to Potential Infringement. If the use of the Service by Licensee has become, or in Service Operator’s opinion is likely to become, the subject of any claim of infringement, Service Operator may at its option and expense (i) procure for Licensee the right to continue using the Service as set forth hereunder, (ii) replace or modify the Service to make it non-infringing, (iii) substitute an equivalent for the Service or, if options (i)-(iii) are not reasonably practicable, (iv) terminate this EULA. 6.1.3 Limitation on Infringement Indemnification. Service Operator shall have no liability or obligation under Section 7.1.1 or Section 7.1.2 with respect to any claim if such claim is caused in whole or in part by (i) compliance with designs, guidelines, plans or specifications of Licensee; (ii) use of the Service by Licensee in an application or environment other than as specified in applicable Documentation; (iii) modification of the Service by any party other than Service Operator; or (iv) the combination, operation or use of the Service with other applications, portions of applications, product(s) or services where the Service would not by itself be infringing. THIS SECTION 7 (SEVEN) IS SUBJECT TO SECTION 9 (NINE), AND STATES SERVICE OPERATOR’S ENTIRE AND EXCLUSIVE LIABILITY AND OBLIGATION, AND LICENSEE’S EXCLUSIVE REMEDY (AT LAW OR IN EQUITY), WHETHER STATUTORY, CONTRACTUAL, EXPRESS, IMPLIED OR OTHERWISE, FOR ANY CLAIM OF ANY NATURE RELATED TO INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY. 6.2 Indemnification by Licensee. Licensee shall indemnify, defend and hold harmless Service Operator against any and all claims, damages, losses, liabilities, costs and expenses (including reasonable lawyer's fees) directly or indirectly brought against Service Operator by any third party arising out of (i) Licensee’s products or services or (ii) Licensee’s use of the Service. Licensee shall have the sole and exclusive authority to defend any such claim or action, provided that (i) Service Operator shall promptly notify Licensee of such claim or action, (ii) Licensee shall have the sole and exclusive authority to defend and/or settle any such claim or action (so long as such defence or settlement does not admit any liability of Service Operator, require the payment of money by Service Operator or include an assent to a temporary or permanent agreement or order with respect to the use or operation of the Service) and (iii) Service Operator will reasonably cooperate with Licensee in connection therewith. 7. ULTRAHAZARDOUS ACTIVITIES 7.1 Ultrahazardous Activities. The Service is not fault-tolerant and is not designed, manufactured or intended for use in any environment in which the failure of the Service could lead to death, personal injury, or severe physical or environmental damage, including, without limitation, in the design or operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life support machines, or weapons systems or in the on-line control of equipment in any hazardous environment requiring fail-safe performance ("Ultrahazardous Activities"). Service Operator specifically disclaims any express or implied warranty of fitness for Ultrahazardous Activities. Licensee represents and warrants to Service Operator that Licensee will not use or otherwise provide the Service for such purposes. Licensee agrees and undertakes to indemnify, defend and hold harmless Service Operator from and against any and all losses, damages, liabilities, and expenses, as well as any claims or lawsuits, including reasonable lawyer’s fees, that arise or result from any breach by Licensee of this provision. 7.2 Security. The Service is not designed, manufactured or intended for use as a security device. Licensee is responsible for determining all security requirements necessary and appropriate for Licensee’s network and computer systems. Licensee agrees and undertakes to indemnify, defend and hold harmless Service Operator from and against any and all losses, damages, liabilities, and expenses, as well as any claims or lawsuits, including reasonable attorney’s fees, that arise or result from any breach by Licensee of this provision. 8. LIMITATION OF LIABILITY 8.1 THE LICENSEE ACKNOWLEDGES THAT THE SERVICE HAS NOT BEEN DEVELOPED TO MEET ITS INDIVIDUAL REQUIREMENTS, AND THAT IT IS THEREFORE ITS RESPONSIBILITY TO ENSURE THAT THE FACILITIES AND FUNCTIONS OF THE SERVICE AS DESCRIBED IN THE DOCUMENTATION MEET ITS REQUIREMENTS. 8.2 THE SERVICE AND DOCUMENTATION IS SUPPLIED FOR INTERNAL USE BY THE LICENSEE’S BUSINESS AND THE LICENSEE AGREES NOT TO USE THE SERVICE OR DOCUMENTATION FOR ANY RESALE PURPOSE. 8.3 SERVICE OPERATOR SHALL NOT IN ANY CIRCUMSTANCES WHATSOEVER BE LIABLE TO THE LICENSEE WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), BREACH OF STATUTORY DUTY, OR OTHERWISE ARISING UNDER OR IN CONNECTION WITH THIS AGREEMENT FOR: LOSS OF PROFITS, SALES, BUSINESS OR REVENUE; BUSINESS INTERRUPTION; LOSS OF ANTICIPATED SAVINGS; LOSS OR CORRUPTION OF DATA OR INFORMATION; LOSS OF BUSINESS OPPORTUNITY GOODWILL OR REPUTATION; or ANY INDIRECT OR CONSEQUENTIAL LOSSOR DAMAGE. LOSS OF PROFITS, SALES, BUSINESS OR REVENUE; 8.4 OTHER THAN THE LOSSES SET OUT IN SECTION 9.3 (FOR WHICH SERVICE OPERATOR IS NOT LIABLE), SERVICE OPERATOR’S MAXIMUM AGGREGATE LIABILITY UNDER OR IN CONNECTION WITH THIS AGREEMENT WHETHER IN CONTRACT, TORT, (INCLUDING NEGLIGENCE) OR OTHERWISE, SHALL IN ALL CIRCUMSTANCES BE LIMITED TO £5000. THIS MAXIMUM CAP DOES NOT APPLY TO SECTION 9.5. 8.5 NOTHING IN THIS AGREEMENT SHALL LIMIT OR EXCLUDE SERVICE OPERATOR’S LIABILITY FOR: DEATH OR PERSONAL INJURY RESULTING FROM SERVICE OPERATOR’S NEGLIGENCE; FRAUD OR FRAUDULENT MISREPRESENTATION; ANY OTHER LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED BY LAW 8.6 THIS EULA SETS OUT THE FULL EXTENT OF SERVICE OPERATOR’S OBLIGATIONS IN RESPECT OF THE SUPPLY OF THE SERVICE AND DOCUMENTATION. EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT THERE ARE NO CONDITIONS, WARRANTIES, REPRESENTATIONS, OR OTHER TERMS EXPRESS OR IMPLIED THAT ARE BINDING ON SERVICE OPERATOR. ANY CONDITION WARRANTY REPRESENTATION OR OTHER TERM CONCERNING THE SUPPLY OF THE SERVICE AND DOCUMENTATION WHICH MIGHT OTHERWISE BE IMPLIED INTO OR INCORPORATED IN THIS AGREEMENT WHETHER BY STATUTE COMMON LAW OR OTHERWISE IS EXCLUDED TO THE FULLEST EXTENT PERMITTED BY LAW. 8.7 NCC Group reserves the right to remove or replace the individual vulnerability scanning applications that are included in the service at any time and for any or no reason without notice. 9. TERMINATION 9.1 Term. The term of this EULA shall commence on the Effective Date and continue until the earlier of the date on which this EULA is terminated, or the date on which Primary Contract (if applicable) is terminated or expires, following which this EULA shall immediately terminate. 9.2 Termination. In addition to Service Operator’s right to terminate this EULA for non-payment, either party may terminate this EULA upon written notice in the event the other party (a) commits any material breach of this EULA and either (i) fails to provide an acceptable remedy of such breach within thirty (30) days after written notice of such breach from the non-breaching party; or (ii) such breach is irremediable or (b) ceases to carry on business as a going concern, becomes the object of the institution of voluntary or involuntary proceedings in bankruptcy or liquidation, or a receiver is appointed with respect to a substantial part of its assets or a similar or analogous event occurs in relation to such party in any jurisdiction. Without limiting the foregoing, Service Operator may terminate this EULA immediately in the event of a material breach by Licensee of its obligations under sections 2 or 5. 9.3 Licensee Obligations on Termination. Upon termination of this EULA all licenses granted hereunder and all obligations of Service Operator to provide the Service shall immediately terminate and Licensee shall destroy all Service Operator Confidential Information (including without limitation, the Documentation) in its possession or control. Sections 1, 2.2, 2.3, 2.4, 4, 5, 6.2, 6.3, 6.4, 7, 8, 9, 10.3, and 11 shall survive the termination or expiration of this EULA. 9.4 Force Majeure. Neither party shall be liable for any failure or delay in performance under this EULA (other than for delay in the payment of money due and payable hereunder) caused by any natural disaster (e.g., fire, flood, earthquake), terrorist act, war, government action, strike, equipment or facility shortage, equipment or facility relocation, connectivity failure or failure of networks or the internet or other cause beyond such parties reasonable control, provided that the party experiencing the difficulty gives the other party prompt written notice, with full details following the cause relied upon. Dates by which performance obligations are scheduled to be met will be extended for a period of time equal to the time lost due to any delay so caused. 10. GENERAL 10.1 Compliance with Laws. Licensee shall, at its own expense, be responsible for current and ongoing familiarity with, and shall at all times comply with all applicable laws, treaties, rules, regulations, orders and other requirements relating to this EULA. 10.2 Publicity. Neither party shall make any public statements including, without limitation, press releases or public announcements regarding this EULA unless agreed in writing. 10.3 No Assignment by Licensee. Licensee may not assign this EULA (or any of its rights hereunder), or delegate its obligations hereunder to any other party without the prior written consent of Service Operator. For purposes of this section, assignments shall include assignments by operation of law, including without limitation, merger and acquisition. 10.4 Amendment; Waiver. No amendment or modification to this EULA, nor any waiver of any rights hereunder, shall be effective unless assented to in writing by both parties. The waiver of any breach or default shall not constitute a waiver of any other right hereunder or any subsequent breach or default. 10.5 Relationship. Nothing contained herein shall in any way constitute any association, partnership, agency, employment or joint venture between the parties hereto, or be construed to evidence the intention of the parties to establish any such relationship. 10.6 Unenforceability. If a court of competent jurisdiction determines that any provision of this EULA is invalid, illegal, or otherwise unenforceable, such provision shall be enforced as nearly as possible in accordance with the stated intention of the parties, while the remainder of this EULA shall remain in full force and effect and bind the parties according to its terms. To the extent any provision cannot be enforced in accordance with the stated intentions of the parties, such provision shall be deemed not to be a part of this EULA. 10.7 Governing Law. This EULA shall be governed by the laws of the England. All disputes arising out of this EULA shall be subject to the exclusive jurisdiction of the English courts. 10.8 Notices. Any notice required or permitted to be given hereunder shall be given in writing to the Service Operator and addressed to its office at Manchester Technology Centre, Oxford Road, Manchester, M1 7EF, Attn: Head of Legal or to that party’s otherwise last known address by personal delivery, certified mail, return receipt requested, or by overnight delivery. 10.9 Entire Agreement. This EULA comprises the entire agreement between Licensee and Service Operator with respect to its subject matter, and supersedes all prior and contemporaneous proposals, statements and agreements (oral and written). No oral or written information or advice given by Service Operator, its Agents or employees shall create a warranty or in any way increase the scope of the warranties in this EULA. 10.10 Titles. All section titles herein are provided for general information and reference only. Thus, the subject matter in each section herein shall not be construed by reference to the title nor shall the scope of section be limited in any manner based on the title of that section. 10.11 Third Party Rights. No person or body who is not a party to this EULA has any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any terms of this EULA (but this does not affect any rights or remedies of a third party which exist or are available apart from that Act).