THESE TERMS AND CONDITIONS (THE “TERMS”) ARE ENTERED BETWEEN THE VENDOR OF THE SERVICES, BITDEFENDER (“BITDEFENDER’) AND CUSTOMER (”CUSTOMER”), WHERE THE CUSTOMER IS EITHER A DIRECT CUSTOMER OF BITDEFENDER OR A INDIRECT CUSTOMER HAVING A CONTRACTUAL RELATIONSHIP WITH AN AUTHORIZED BITDEFENDER RESELLER. THE PRESENT TERMS TOGETHER WITH THE STATEMENTS OF WORK SET FORTH THE TERMS AND CONDITIONS FOR THE PROVISION OF BITDEFENDER OFFENSIVE SECURITY AND CYBERSECURITY ADVISORY SERVICES, HEREINAFTER REFERENCED TOGETHER AS “THE AGREEMENT”.
The Parties may enter into one or more Statements of Work (SOWs), which will be governed by these Terms setting forth additional obligations between the Parties.
NOW, FOR GOOD AND VALUABLE CONSIDERATION, THE PARTIES AGREE AS FOLLOWS:
PLEASE READ THIS STATEMENT CAREFULLY. CUSTOMER REPRESENTS AND AGREES ON BEHALF OF HIS COMPANY THAT HE HAS THE CAPACITY AND AUTHORITY TO BIND HIS COMPANY AND THAT HE HAS READ, UNDERSTOOD, AND AGREED TO BE BOUND BY THE TERMS INCLUDED HEREINAFTER.
IF THE CUSTOMER DOES NOT AGREE TO THESE TERMS, THE CUSTOMER WILL NOT USE ANY BITDEFENDER OFFENSIVE SECURITY OR CYBERSECURITY ADVISORY SERVICES. BY CONTINUING OR BY USING OR BY INITIATING ANY SERVICE WITH BITDEFENDER IN ANY WAY, THE CUSTOMER (EITHER AN INDIVIDUAL OR AN ENTITY) IS INDICATING HIS COMPLETE UNDERSTANDING AND ACCEPTANCE OF THESE TERMS.
IF THE CUSTOMER DOES NOT AGREE TO ALL OF THESE TERMS, CUSTOMER MUST SEND AN EMAIL OF REFUSAL TO: LEGAL@BITDEFENDER.COM.
1. DEFINITIONS
“Access Credentials” means any username and password or other security credentials that Customer or User must provide when accessing the Services via encrypted platform.
“Affiliate” means any entity in which a party, as applicable, owns or controls, directly or indirectly, and any parent company that owns or controls, and any of the companies the parent company controls. For purposes of this definition, “control” means the direct or indirect beneficial ownership of over fifty percent (50%) of the voting interests (representing the right to vote for the election of directors or other managing authority) in an entity.
“Authorized User”/”User” means a person that Customer authorizes to administer the use of the Services.
“Bitdefender” means the Bitdefender entity that enters into this Agreement with Customer, as stated in the SOW and any other of its Affiliates involved in the provision of the Services.
“Bitdefender Offensive Security Services” means the following services provided by Bitdefender: Bitdefender Offensive Security Services - Red Team Services and Bitdefender Offensive Security Services - Penetration Testing Services as detailed herein or in the SoW or on the Bitdefender websites, and may include associated media, printed materials, and Documentation.
“Bitdefender Offensive Security Services - Red Team Services” shall have the meaning of an intelligence-led assessment that simulates real-life threat actors to demonstrate how attackers would attempt to compromise the critical functions and underlying systems of Customer’s organization. It identifies security vulnerabilities (physical and/or digital) in the organization to help security team improve detection and response capabilities. Compared to a typical penetration test assessment, red teaming is goal-oriented and aims to assess the organization holistically by using Techniques, Tactics and Procedures (TTPs) driven by the MITRE ATT&CK Framework. More details are presented in the SoW agreed by parties or on the Bitdefender websites.
“Bitdefender Offensive Security Services - Penetration Testing Services” means the process of testing a target for exploitable security weaknesses in the Customer's security controls. Such weaknesses may be in areas such as authentication, authorization, validation and the targets of the penetration testing activity can include, without limitation: web applications, mobile applications, web Application Programming Interface (APIs), network devices, thick client applications, and wireless networks. Testing methodology may span from "black box testing"(where no knowledge is shared of the target) to "white box testing" (where maximum details of the target is shared, including where applicable source code, architecture diagrams, etc.). More details are presented in the SoW agreed by parties or on the Bitdefender websites.
“Bitdefender Cybersecurity Advisory Services” means the following proactive consulting services provided by Bitdefender to support the management of cybersecurity risk which fall into three pillars: Strategy and Leadership, Risk and Compliance and/or Event Preparedness. The services are detailed in the SoW or on the Bitdefender websites, and may include associated media, printed materials, and Documentation.
“Confidential Information” means this Agreement, the Services, Bitdefender Technology, Bitdefender’s pricing information, Customer Data, Customer Materials, and any other information of a proprietary or confidential nature, trade secrets disclosed by one party (“Discloser”) to the other (“Recipient”) related to this Agreement, whether orally or in writing, and that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of the disclosure.
“Customer” means the company that purchased the Services and/or other related services or solutions from Bitdefender or its authorized resellers or distributors. An employee or other agent, including contractor, of this company, which accepts this Agreement and/or uses the Services must be a representative of the entity and must accept this Agreement on behalf of the company before the Services may be used. Please print this Agreement or save a copy electronically.
“Customer Materials” means any items, documents, software, data, or other materials provided to Bitdefender by Customer.
“Documentation” means the electronic documentation Bitdefender provides for use with the Services which may be amended from time to time, including the Technical Scoping of the Services as stated in the exhibit of the SoW.
“Intellectual Property Rights” means any patent, copyright, or trademark under the laws of the United States or the country where the Customer is headquartered.
“Personal Data” means Customer personal data as defined by GDPR, that is processed by Bitdefender for and on behalf of the Customer.
“Report” means the report and any documents, work products and related materials, provided by or on behalf of Bitdefender to Customer while performing the Services. For the avoidance of doubt, deliverables do not include fixes.
“Services” means, collectively, Bitdefender Offensive Security Services and Bitdefender Cybersecurity Advisory Services as detailed herein or in the SoWs or on the Bitdefender websites, and may include associated media, printed materials, and Documentation.
“Statement of Work”, “SOW” means a document executed by both parties that details the Services purchased by Customer, including the description of the Services, the quantities, start and end dates, associated fees, if direct Customer towards Bitdefender, and other related details. If multiple SoWs are executed related to this Agreement, each SoW will be governed by these Terms.
“SoW Term” means the Statement of Work validity period during which the Services are available to Customer, pursuant to the Statement of Work.
“Technical Data” means all electronic data stored on or transmitted by Customer to Bitdefender within the use of the Services such as any data or device information mainly, but not limited to data or device information related to threats, malicious websites and/or filenames, URLs, C&C Ips, hashes of various virus, malware threats which: (i) are collected from Customer by Bitdefender; (ii) are anonymized when knowing that such data may be deemed personal data, except for IPs, Mac addresses, computer names, command lines, filenames, URLs or the like (such that it is no longer personal data in accordance with applicable data protection law); (iii) cannot be linked to Personal Data; and (iv) are required by Bitdefender for the purposes of enhancing the security protection offered by Bitdefender solutions for the benefit of Customer and Bitdefender clients, and of improving and measuring the functionality or performance of Bitdefender technologies.
2. PROVISION OF SERVICES
2.1. Scope and Content of Services
Bitdefender shall provide the Services to Customer in accordance with the terms and conditions of this Agreement and of the applicable SoW signed by Parties, having all the details established in the Technical Scoping Exhibit of the SOW. Apart from documentation, manuals, and software directly acquired in conjunction with and necessary for the Services provided, no other materials shall be supplied under this Agreement.
The precise scope of Services to be provided by Bitdefender shall be defined in a Statement of Work.
The Customer or any of its Affiliates may enter into Statements of Work with Bitdefender under this Agreement.
Bitdefender’s ability to deliver the Services described in Statements of Work depends upon full and timely cooperation by Customer and Customer’s staff, as well as the accuracy and completeness of any information provided. Bitdefender may provide Customer additional assumptions in writing in the respective Statements of Work before providing any Services thereunder.
Bitdefender may provide some or all the Services to Customer via the encrypted platform. Further to this provision of Services via the encrypted platform, Customer may receive Access Credentials from Bitdefender.
Upon Bitdefender’ acceptance of Customer’s order as stated in the SoW and in consideration of the payment of the fee by Customer and receipt of the corresponding payment by Bitdefender or its authorized resellers or distributors, Bitdefender shall provide the Bitdefender Offensive Security Services and Cybersecurity Advisory Services that Customer ordered according to the respective SOW, solely for Customer’s internal business operations and subject to the terms of this Agreement. Customer may allow its Authorized Users to use Bitdefender Offensive Security and Cybersecurity Advisory Services for this purpose and Customer is responsible for their compliance with this Agreement with respect to such use.
Bitdefender will endeavor to confirm resources for the project as soon as a signed project confirmation sheet has been received and the Technical Scoping has been agreed. The dates will only be confirmed once written acceptance for these dates has been received. Once dates have been accepted, Bitdefender will ensure that resources are assigned and thereafter the late cancellation policy will come into effect.
The description of the Services is included in the Appendix A below. All Services shall be performed remotely by Bitdefender unless the Customer specifically requests for on-site performance by Bitdefender personnel and Bitdefender expressly agrees in writing with such Customer request. In case of on-site performance of the Services, the expenses incurred by Bitdefender personnel shall be paid by the Customer according to article 3.3. below.
Any other Services performed by Bitdefender to the Customer and described and agreed with Bitdefender in writing in the Technical Scoping and not expressly included in the Appendix A below, shall also be governed by this Agreement. Please be advised that, depending on the particularities or nature of such services, specific Service Levels and/or prerequisites may apply in lieu of or in addition to those mentioned in this Agreement and shall be included in the Technical Scoping.
2.2. Service Level. Bitdefender will make the Services available to the Customer in accordance with Service Levels hereto. Bitdefender may update the Services during the Term, however, at no time will an update materially diminish the function of the Services.
Bitdefender shall provide the following Service Levels:
● for Penetration Test Services: i) Final Report for the assessment to be provided within 5 (five) business days after the scheduled reporting day, ii) Final Report for the assessment to be updated within 5 (five) business days after the scheduled retest day.
● for Red Team Services: Final Report for the assessment to be provided within seven business days upon completion of the assessment.
These SLAs presented above are depending on the fulfillment of the prerequisites stated below.
2.3. Prerequisites: Before Bitdefender starts the delivery of the Services, meaning before the Start Date, Customer must obtain all necessary rights and permissions from all its Users and must fulfill the following:
2.3.1. Penetration Testing - Web Application Assessment prerequisites:
● Confirmation of in-scope URL;
● Provisioning of 2 sets of accounts for each User role;
● Each User account to be provisioned with sample test data;
● No infrastructure or code changes to be made during the assessment period;
● Whitelisting of Bitdefender’s external testing IP addresses, 13.76.47.44, 52.230.87.131 and 34.87.70.149 (for external assessments);
● Whitelisting of Bitdefender’s testing IP addresses from any WAF, IPS, or IDS systems;
● If the case for online assessment, logistics for onsite assessment to be provided during the time of testing (including tables, chairs, electricity, network connectivity, on-demand physical access, relevant authorization and permissions, etc);
● Temporary disable 2FA and CAPTCHA validation (if any) and enable it upon request;
● Technical point of contact for any queries during the assessment;
● Consultants’ mobile numbers to be tied to SMS 2FA mechanism (where applicable).
2.3.2. Penetration Testing – Web API Assessment prerequisites:
● Provisioning of full API project Postman/Swagger files;
● Full API documentation, with details on functions, parameters, and expected responses;
● Sample API request data for all in-scope API calls;
● Provisioning of 2 sets of credentials for each User role (where applicable);
● Each User account to be provisioned with sample test data;
● Provisioning of means to generate API authorization keys/tokens (where applicable);
● No infrastructure or code changes to be made during the assessment period;
● Whitelisting of Bitdefender’s external testing IP addresses, 13.76.47.44, 52.230.87.131 and 34.87.70.149 (for external assessments);
● Whitelisting of Bitdefender’s testing IP addresses from any WAF, IPS, or IDS systems;
● If the case, Logistics for onsite assessment to be provided during the time of testing (including tables, chairs, electricity, network connectivity, on-demand physical access, relevant authorization and permissions, etc);
● Temporarily disable 2FA and CAPTCHA validation and enable it upon request;
● Technical point of contact for any queries during the assessment.
2.3.3. Penetration Testing-External/Internal Network Assessment prerequisites:
● Confirmation of in-scope IP addresses;
● Provision of authentication credentials to log into the in-scope devices (For Grey-box only);
● Whitelisting of Bitdefender’s testing IPs on port 135,445 for Windows devices or port 22 SSH for Unix-based devices (For Grey-box only);
● No infrastructure changes to be made during the assessment period;
● Whitelisting of Bitdefender’s external testing IP addresses, 13.76.47.44, 52.230.87.131 and 34.87.70.149 (for external assessments);
● Whitelisting of Bitdefender’s testing IP addresses from any WAF, IPS, or IDS systems;
● Technical point of contact for any queries during the assessment.
2.3.4. Penetration Testing- Mobile Application Assessment prerequisites:
● Provisioning of 2 sets of accounts for each User role;
● Each User account to be provisioned with sample test data;
● Provisioning of Android APK and iOS IPA binaries, without security mechanisms in place, if present (root/jailbreak detection, SSL pinning, anti-debugging, etc.);
● Provisioning of Android APK and iOS IPA binaries, with security mechanisms in place, if present (root/jailbreak detection, SSL pinning, anti-debugging, etc.);
● No infrastructure or code changes to be made during the assessment period;
● Whitelisting of Bitdefender’s external testing IP addresses, 13.76.47.44, 52.230.87.131 and 34.87.70.149 (for external assessments);
● Bitdefender’s testing IP addresses to be whitelisted from any WAF, IPS, or IDS systems;
● Technical point of contact for any queries during the assessment.
2.3.5. Red Team (Adversarial Attack Simulation Exercise) Assessment prerequisites:
● Confirm the Red Team (Adversarial Attack Simulation Exercise) objectives.
● Customer to assign technical point of contact to:
1. Provide logistics and other information required, prior to commencement of the engagement.
2. Respond to any technical queries during the assessment.
3. Confirm out-of-scope elements e.g specific system or critical servers, specific departments or individuals for social engineering, phishing or any other attacks.
4. Provide a seeded access laptop for the Assume Breach phase and support to execute the payload, if required.
● As Bitdefender performs actions across the cyber kill chain, seeded access or information may be required to increase the efficacy of the engagement. It is advisable that Customer prepares the following information and resources to be provided to Bitdefender when it is necessary, including but not limited to:
1. Additional information such as network diagram, onboarding information as if a new employee, list of technologies used such as EDR, email security, SIEM, NAC, etc.
2. One or more standard build laptop, with domain-joined User accounts of varying privileges that are based on department or roles.
3. Access to the network via VPN or a jumphost.
4. The red team consultant mobile numbers to be tied to SMS 2FA mechanism for VPN, cloud applications, etc., if required.
● Letter of authorization from board of director / project sponsor and point of contact for potential escalations during physical assessment.
● Bitdefender and Customer to implement proper risk management strategy.
In case Red Team Service is delivered using a gated approach, Bitdefender may not be able to resume the Red Team exercise immediately upon request. The request will be served on the next earliest available time slot of the Red Team consultant. Bitdefender will maintain the Command and Control (C2) and phishing infrastructure for a maximum of two (2) months between stages. Thereafter, should the next stage not have been initiated, the project will be deemed to have been concluded.
2.3.6. Cybersecurity Advisory Services main prerequisites:
● Customer must provide Bitdefender with a main point of contact, with access to relevant stakeholders and documentation if required by the service.
2.4. Services Restrictions. Customer shall use the Services according to the agreed use cases and as agreed in the Technical Scoping Exhibit.
Customer shall neither directly nor indirectly: (i) interfere with or disrupt the integrity or performance of the Services or the data contained therein; (ii) attempt to gain unauthorized access to the Services or their related systems or networks; (iii) use the Services, or permit them to be used, for purposes of product benchmarking, competitive research, or other comparative analysis without Bitdefender's prior written consent; (iv) use the Services for a use other than as set forth in the Technical Scoping.
The Services are protected by know-how laws and international copyright treaties, as well as by other intellectual property laws and treaties. This Agreement only gives Customer some rights to use the Services.
2.5. Access and License to Customer Data. Customer grants Bitdefender a non-exclusive, worldwide, royalty-free, fully paid-up right and license to copy, access, transmit and otherwise process the Technical Data to provide the Services to Customer as set forth in this Agreement. Bitdefender will not access Customer Data except (i) to provide the Services and the associated support services; (ii) to prevent or address service, security or technical problems with the Services; (iii) to audit Customer’s use of the Services and to confirm Customer’s compliance with the Agreement; (iv) to aggregate de-identified information regarding Customer’s usage and configuration metrics of Services (which in no event shall include Customer Data) with that of other Bitdefender customers and use such aggregated customer services data as part of the Services; (v) as compelled by law; or (vi) as Customer expressly permits in writing.
2.6. Customer Responsibilities. Customer is responsible for the acts and omissions of all Users in connection with this Agreement, as well as any and all access to and use of the Service by any User or any other person logging in under a User ID registered under Customer’s account, even if a claim may not be enforceable directly against those Users, due to lack of power or authority, discharge, offset or defense. The Customer is responsible for the networking and hardware data security for the Services to the extent the Services are deployed on Customer controlled networks or hardware, including the legal and operational consequences of its configuration. Customer acknowledges that Customer’s access information, will be Customer’s “key” to the Services; accordingly, Customer will be responsible for maintaining the confidentiality of such access information. Customer will: (i) notify Bitdefender promptly of any unauthorized use of any password or account or any other known or suspected breach of security; (ii) not impersonate another Bitdefender user or provide false identity information to gain access to or use the Services.
2.7. Independence. The relationship between the Parties is that of independent contractors. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture or other form of joint enterprise, employment or fiduciary relationship between the Parties, and neither Party shall have authority to contract for or bind the other Party in any manner whatsoever. Bitdefender may use its own independent contractors to perform the Services, in which case Bitdefender will be responsible for the performance of such independent contractors.
Bitdefender hosts portions of the Services either directly or subcontracted through a third-party hosting provider; and some configurations of the Services may require Customer cooperation on Customer controlled hardware. Subject to the terms and limitations on relevant SoW, Bitdefender grants to Customer during the Term the worldwide, non-exclusive, revocable, limited, non-transferable, royalty-free right for the Authorized Users to access and use the Services and Documentation consistent with the Documentation and the SoW solely for its internal business purposes or as otherwise indicated in the applicable SoW.
2.8. Acceptance. The parties shall agree upon the acceptance criteria. Customer shall send a notice to Bitdefender if failure to confirm with the acceptance criteria within 7 (seven) days from completion of the Services. The Services are deemed to be accepted 2 (two) weeks following completion of the Services or if the Customer has made the payment. The respective Services or partial Services are furthermore always deemed accepted if the Services are used for productive purposes.
3. PAYMENT TERMS
3.1. Service Fees. Customer can pay Bitdefender the Services fees and any other amounts for Bitdefender’s Services ordered by Customer as stated in the SOW and agreed within the Technical Scoping of the Services, either directly or through the Bitdefender channel partner contracted (collectively, the “Service Fees”).
Unless otherwise agreed with the channel partner, all Service Fees will be invoiced in advance in accordance with the purchase order submitted to the channel partner. Unless otherwise set forth in the purchase orders, all Service Fees are due and payable Net 30 days after the date of the applicable invoice. All invoices that are not paid within 30 days, and all credit accounts that are delinquent shall be assessed a 1% late payment charge (or if this exceeds the legally permitted maximum, the highest legal rate under applicable law) for each month the invoice is not paid, or the account is delinquent. Customer will reimburse Bitdefender or its resellers for all reasonable costs (including reasonable attorneys’ fees) incurred by Bitdefender or its resellers in connection with collecting any overdue amounts. Except as otherwise specified in this Agreement, the payment obligations are non-cancelable and the Service Fees paid are non-refundable, and the purchased Services cannot be decreased or exchanged for alternative Services or subscriptions.
3.2. Taxes. All Service Fees are exclusive of all sales and use taxes, value-added taxes, excise taxes, levies, or duties which may be imposed by applicable national or federal, state/provincial or local municipalities relating to Customer’s purchase of subscriptions or use of the Services (the “Taxes”), and Customer will be responsible for payment of all such Taxes. Unless Customer provides Bitdefender or its resellers with evidence of its sales tax exemption, Customer shall pay Bitdefender all relevant taxes payable related to Customer’s purchases, excluding taxes based on Bitdefender’s net income. Customer will pay all Service Fees free and clear of, and without reduction for, any such Taxes, including withholding taxes imposed by any country. Customer will provide receipts issued by the appropriate taxing authority to establish that such Taxes have been paid.
3.3. Expenses. The Customer shall pay Bitdefender for all reasonable travel, out-of-pocket and living expenses (if any) incurred by Bitdefender personnel in connection with the on-site performance of the Services if such a performance was requested by the Customer and was prior agreed in writing by Bitdefender.
3.4. Cancellation. If all or part of the Services is to be canceled or postponed once booked and confirmed, Bitdefender requires at least 10 days prior notice. If Service is to be canceled/postponed less than 10 days prior to the agreed start date, the following charges will be incurred:
Timing of notification of cancellation or postponement | Fee payable |
>11 business days before the agreed Delivery Start Date | No cancellation fee |
Between 6 and 10 days before the agreed Start Delivery Date | 50% of the project fee |
<5 days before the agreed Start Delivery Date | 100% of the project fee |
4. INTELLECTUAL PROPERTY OWNERSHIP. FEEDBACK
4.1. Ownership
4.1.1. By Bitdefender. Bitdefender and its Affiliates retain ownership of the Services and all right, title, and interest in and to the Services, including all modifications, derivative works, developments, improvements, enhancements, translations made by or on behalf of Customer on the Services, as well as all deliverables provided by Bitdefender to Customer in connection with such Services and/or policy document(s) which shall (i) detail the actions that have taken place and/or have been witnessed by Bitdefender personnel; and (ii) comprise such findings, recommendations, documentation, adversary information, templates, know-how, ideas, inventions, techniques, models, flowcharts, diagrams, computer code, algorithms, work products, machine learning based upon metadata, Technical Data (and not Personal Data), including machine learning algorithms, and the results and output of such machine learning and other materials and information deemed relevant to be included by Bitdefender personnel and all intellectual property rights therein ( “Bitdefender IP”) while extending only the limited license rights as set forth in this Agreement and does not transfer any right, title, or interest to any such Bitdefender IP or any of Bitdefender’s intellectual property rights within the Report to Customer. Notwithstanding any use of terms such as “purchase”, “sale” or likewise hereunder, all Services are offered by Bitdefender on a license basis only.
4.1.2. By Customer. Customer retains all rights and ownership of pre-owned intellectual property rights including copyrights, trademarks and name and all rights, title, and interest therein, and all modifications, derivative works, developments, improvements, enhancements, translations and all intellectual property rights therein but excluding any Bitdefender IP created by or on behalf of Customer within the performance of the Services.
All rights not expressly set forth hereunder are property of or reserved by Bitdefender. No jointly owned intellectual property is created under or in connection with this Agreement.
Provided that Customer has fully paid all applicable Service Fees in relation to the relevant Report, Bitdefender hereby grants Customer a license to use all such rights on a non-exclusive, non-sublicensable, non-transferable, worldwide, royalty-free and perpetual basis to the extent necessary to enable Customer to internally use the Report, as described in the applicable Statement of Work.
Customer shall not: (i) rent, lease, modify the Report without the prior written consent of Bitdefender; ii) transfer licenses to, or sublicense, fixes and/or to the Report to any third party including the national governments.
Services may operate or interface with software or other technology that is licensed from third parties, which is not proprietary of Bitdefender. Customer agrees to use such third party software in accordance with this Agreement; no third party licensor makes any warranties, conditions, undertakings or representations of any kind, either express or implied, to Customer concerning such third party software or the products themselves; no third party licensor will have any obligation or liability to Customer as a result of this Agreement or Customer’s use of such third party software; such third party software may be licensed under license terms which grant Customer additional rights or contain additional restrictions in relation to such materials, beyond those set forth in this Agreement, and such additional license rights and restrictions are described or linked to in the applicable Documentation.
Any applicable Open-Source License Terms will be published within the documentation of the Services published by Bitdefender.
In respect of the open-source software, their stipulations shall apply to the extent expressly required by their licenses; the terms of relevant licenses (including, in particular, the scope of license as well as disclaimers of warranties and liabilities) shall apply to the respective third-party software in lieu of this Agreement. Such third-party license terms relating to respective software are located at the place as indicated in the software.
ANY OPEN-SOURCE SOFTWARE IS PROVIDED BY BITDEFENDER “AS IS, WITH ALL FAULTS, AS AVAILABLE” WITHOUT (AND BITDEFENDER SPECIFICALLY DISCLAIMS) ANY GUARANTEE, CONDITION, OR WARRANTY (EXPRESS, IMPLIED, OR OTHERWISE) OF ANY KIND OR NATURE, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, TITLE, AND/OR NON-INFRINGEMENT. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, AS IT RELATES TO ANY AND ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH OPEN-SOURCE SOFTWARE, BITDEFENDER SHALL HAVE NO LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, HOWSOEVER CAUSED AND/OR OTHERWISE BASED ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF OPEN- SOURCE SOFTWARE, EVEN IF BITDEFENDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
4.2. Feedback
4.2.1. Any feedback, comments, or suggestions, case study or testimonials that Customer may provide regarding Bitdefender IP (“Bitdefender’s Feedback”) is entirely voluntary, and Bitdefender will be free to use such Feedback as it deems fit and without any obligation to Customer. Such Feedback shall become the sole and exclusive property of Bitdefender and Customer shall be permitted to use it as licensed under the Agreement.
4.2.2. Any feedback, comments, or suggestions, that Bitdefender may provide regarding Customer IP (“Customer’s Feedback”) is entirely voluntary, and Customer will be free to use such Customer’s Feedback as it deems fit and without any obligation to Bitdefender. Such Feedback shall become the sole and exclusive property of Customer and Bitdefender shall be permitted to use it as licensed under the Agreement.
5. TERM.TERMINATION
5.1. Term. This Agreement begins on the Effective Date as stated in the SoW and, unless earlier terminated as set forth below or otherwise in this Agreement, will continue for the period mentioned in the SOW. Customer shall consume all the Services ordered within the Term specified in the SoW.
5.2. Termination. Either party may terminate this Agreement (or any relevant SoW) upon the other party’s material breach that remains uncured for thirty (30) days following written notice. Bitdefender may suspend or terminate this Agreement or the Services upon ten (10) days written notice if Customer fails to pay any undisputed amount within thirty (30) days of the date on which payment was due. Bitdefender reserves the right to modify or discontinue offering any portion or version of the Services effective as of the conclusion of Customer’s then-current SoW Term, provided however that Bitdefender has given Customer at least ninety (90) days’ prior written notice of such modification or discontinuance.
5.3. Effect of Termination. Survival. Upon expiration or termination of this Agreement (a) all rights to use or access the Services will cease and (b) Sections 1, 2.5, 2.6, 3.4, 4, 6, and 7 through 10, and 12 will survive.
Also, if the Customer does not continue to abide by the terms of this Agreement, Customer acknowledges that he has no right to use the Services and he agrees with the termination of the Agreement and to stop using the Services.
6. EVALUATION SERVICES
THE PROVISIONS OF THIS SECTION APPLY IN LIEU OF SECTION “WARRANTIES” WITH RESPECT TO ANY EVALUATION SERVICE OR SOLUTIONS.
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES USED FOR TRIAL PURPOSES OR EVALUTION SERVICES ARE PROVIDED TO CUSTOMER "AS IS" WITHOUT WARRANTIES OF ANY KIND.
EVALUATION DISCLAIMER:
THE EVALUATION SERVICES PROVIDED HEREUNDER ARE BELIEVED TO CONTAIN DEFECTS AND A PRIMARY PURPOSE OF THIS TESTING IS TO OBTAIN FEEDBACK ON PERFORMANCE AND THE IDENTIFICATION OF DEFECTS. CUSTOMER IS ADVISED TO SAFEGUARD IMPORTANT DATA, TO USE CAUTION AND NOT TO RELY IN ANY WAY ON THE CORRECT FUNCTIONING OR PERFORMANCE OF THE SERVICES AND/OR ACCOMPANYING MATERIALS.
WHERE LEGAL LIABILITY CANNOT BE EXCLUDED BY THIS DISCLAIMER, BUT MAY BE LIMITED, BITDEFENDER’S LIABILITY AND THAT OF ITS SUPPLIERS/LICENSORS/RESELLERS UNDER THIS AGREEMENT RELATED TO TEST SOFTWARE OR SERVICES AND ANY APPLIANCE ON WHICH THE TEST SOFTWARE IS DEPLOYED, SHALL BE LIMITED IN THE AGREEGATE TO THE SUM OF TEN DOLLARS (USD$10) OR THE EQUIVALENT IN LOCAL CURRENCY.
Customer’s right to use the Services ends when the Evaluation Period ends or if Customer violates any term of this Agreement. Upon termination of the Evaluation Period, Customer must delete or destroy all copies of the Services, including deliverables, and stop using the Service.
7. CONFIDENTIALITY
Each party acknowledges that in connection with this Agreement it may obtain Confidential Information of the other party. The receiving party (“Recipient”) shall not access or use, or permit the access or use of, the Confidential Information of the disclosing party (“Discloser”) other than as necessary to perform Recipient’s obligations or exercise its rights hereunder. The Receiving Party acknowledges that all Confidential Information, as defined herein, is the trade secret and exclusive property of the Disclosing Party.
Recipient may not knowingly disclose, or permit to be disclosed, Discloser’s Confidential Information to any third party without Discloser’s prior written consent, except that Recipient may disclose Discloser’s Confidential Information solely to Recipient’s employees, officers, directors, consultants, contractors, agents or advisors (“Representatives”) who have a need to know for purposes of the Recipients’ exercise of its rights or performance of its obligations under this Agreement and who are bound in writing to keep such information confidential consistent with this Agreement. Recipient acknowledges and agrees that it is responsible and liable for any breach by its Representatives of this section of this Agreement. Recipient agrees to exercise due care in protecting Discloser’s Confidential Information from unauthorized use and disclosure and will not use less than a reasonable degree of care. The foregoing will not apply to any information that: (i) was or becomes generally known by the public through no fault of Recipient or its Representatives; (ii) was known to Recipient, without restriction on disclosure, prior to disclosure by Discloser; (iii) was lawfully disclosed by a third party to Recipient, without restriction; (iv) Recipient independently develops without use of Discloser’s Confidential Information; or (v) is expressly permitted to be disclosed pursuant to the terms of this Agreement. If the Recipient or any of its Representatives is required pursuant to a judicial or other governmental order or proceeding to disclose any Confidential Information of Discloser, then, to the extent permitted by applicable law, the Recipient shall promptly notify the Discloser of such requirement prior to disclosure so that the Discloser can seek a protective order or other remedy.
Upon Discloser’s written request at any time and subject to any contrary obligations under this Agreement or applicable law, Recipient shall, at Discloser’s direction, promptly return or destroy and erase from all systems it uses or controls all or part of any originals and copies of documents, materials and other embodiments and expressions in any form or medium that contain, reflect, incorporate or are based on Discloser’s Confidential Information, in whole or in part, except to the extent required by applicable law or retained in backup systems until deleted in the ordinary course, provided that all such information and materials will remain subject to the confidentiality and security requirements set forth in this Agreement. The Recipient shall provide, upon request, a written statement to the Discloser certifying that it has complied with the requirements of this section. These obligations shall survive for 3 years after receiving the Information.
8. WARRANTIES. INDEMNIFICATION. LIMITATION OF LIABILITY
8.1. Warranties
8.1.1. Bitdefender represents and warrants to Customer that the Services will conform to the Documentation and with the Technical Scoping of the Services. Customer’s sole and exclusive remedy for breach of such representation and warranty is that Customer will have thirty (30) days following the delivery of the Services as mentioned in SoW to accept or reject the Services (“Warranty Period”). Bitdefender will have no obligation under this Agreement to correct, and Bitdefender makes no warranty with respect to, errors caused by or attributable to: (i) use of the Services in a manner inconsistent with the Documentation, Technical Scoping of the Services or this Agreement; or (ii) hardware or software misuse, modification, or malfunction (iii) improper installation or any modification, alteration, or addition thereto, or any problem or error in the operating system software with which the software is installed and is designed to operate; (iv) if any problem or error in delivering the Services has resulted from improper use, misapplication or misconfiguration, or the use of the Services with other programs or services that have similar functions or features which are incompatible with the Services; (v) if the Services are used as any evaluation, beta or trial version or for which Bitdefender does not charge a fee; or (vi) if Bitdefender does not receive notice of a non-conformity within the applicable Warranty period (vii) the issue has been caused by Customer’s failure to apply updates, or any other action or instruction recommended by Bitdefender, (viii) the issue results from any cause outside of Bitdefender’s reasonable control.
If Bitdefender is notified in writing of a breach of warranty during the Warranty Period, Bitdefender’s entire liability and Customer’s sole remedy shall be (at Bitdefender’s option): (i) to correct, repair or replace the Services within a reasonable time, or (ii) to authorize a refund of the prorate unused fees following return of accompanied by proof of purchase. Any reperformance of the Services shall be warranted for the remainder of the original Warranty Period.
Due to the continual development of new techniques for attacking endpoints, networks, systems, Bitdefender does not represent, warrant or guarantee: (1) that any Bitdefender Solutions or Services will detect, block, or completely remove, or clean any or all applications, routines, and files that are vulnerable, malicious, fraudulent or unwanted; or (2) that any product or any data, equipment, system or network on which a Bitdefender Service is used will be free of vulnerability to intrusion or attack. Customer agrees that protection of Customer’s endpoints, servers, cloud, networks, and data are dependent on factors solely under Customer control and responsibility, including, but not limited to: (a) the design, implementation, deployment, and use of hardware and software security tools in a coordinated effort to manage security threats; (b) the selection, implementation, and enforcement of appropriate internal security policies, procedures and controls regarding access, security, encryption, use, and transmission of data; (c) development of, and ongoing enforcement of, processes and procedures for the backup and recovery of any system, software, database, and any stored data; and (d) diligently and promptly downloading and installing all updates made available by Bitdefender.
EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, BITDEFENDER DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE PRODUCTS, SOFTWARE AND SERVICE, ENHANCEMENTS, MAINTENANCE OR SUPPORT RELATED THERETO, OR ANY OTHER MATERIALS (TANGIBLE OR INTANGIBLE) OR SERVICES SUPPLIED BY HIM. BITDEFENDER HEREBY EXPRESSLY DISCLAIMS ANY IMPLIED WARRANTIES AND CONDITIONS, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, LOSS OF DATA, FALSE POSITIVES OR FALSE NEGATIVES, DEVICE FAILURE OR MALFUNCTION FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INTERFERENCE, ACCURACY OF DATA, ACCURACY OF INFORMATIONAL CONTENT, SYSTEM INTEGRATION, AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS BY FILTERING, DISABLING, OR REMOVING SUCH THIRD PARTY’S SOFTWARE, SPYWARE, ADWARE, COOKIES, EMAILS, DOCUMENTS, ADVERTISEMENTS NOR THAT BITDEFENDER SOLUTIONS AND SERVICES WILL DETECT ANY OR ALL SECURITY OR MALICIOUS CODE THREATS OR USE OF BITDEFENDER SOLUTIONS AND SERVICES WILL KEEP CUSTOMER’S NETWORKS, CLOUD OR ENDPOINTS OR ANY SYSTEMS AND DEVICES FREE FROM ALL VIRUSES OR OTHER MALICIOUS OR UNWANTED CONTENT OR SAFE FROM INTRUSIONS OR OTHER SECURITY ATTACKS/BREACHES OR WHETHER ARISING BY STATUTE, LAW, COURSE OF DEALING, CUSTOM AND PRACTICE, OR TRADE USAGE.
CUSTOMER SHALL BE SOLELY RESPONSIBLE FOR PROPER BACK-UP OF ALL DATA AND CUSTOMER SHALL TAKE APPROPRIATE MEASURES TO PROTECT SUCH DATA. BITDEFENDER ASSUMES NO LIABILITY OR RESPONSIBILITY WHATSOEVER IF DATA IS LOST OR CORRUPTED. FURTHERMORE, BITDEFENDER DOES NOT PROVIDE ANY WARRANTY, GUARANTEE, CONDITION, OR ASSURANCE OR LEGAL ADVICE IN REGARD OF DIFFERENT LAWS, REGULATIONS, CERTIFICATIONS, POLICIES OR STANDARDS IMPLEMENTATION.
THE WARRANTIES SPECIFIED HEREIN ARE LIMITED WARRANTIES, AND EXCEPT FOR THE EXPRESS WARRANTIES STATED HEREIN, THE SERVICES AND REPORTS AS WELL AS ALL DELIVERABLES UNDER THIS AGREEMENT ARE PROVIDED “AS IS” AND “WITH ALL FAULTS” AND, TO THE MAXIMUM EXTENT PERMITTED BY LAW, BITDEFENDER DISCLAIMS ALL OTHER WARRANTIES, OF ANY KIND, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, NON-INTERFERENCE, ACCURACY OF DATA, ACCURACY OF INFORMATIONAL CONTENT, SYSTEM INTEGRATION, SATISFACTORY QUALITY AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS OF PRIVACY AND PUBLICITY BY FILTERING, DISABLING OR REMOVING SUCH THIRD PARTY’S SOFTWARE, SPYWARE, ADWARE, PROGRAMMING, COOKIES, EMAILS, ADVERTISEMENTS OR THE LIKE.
BITDEFENDER DOES NOT WARRANT THAT THE SERVICES AND REPORTS WILL MEET CUSTOMER’S REQUIREMENTS OR WILL OPERATE IN THE COMBINATIONS WHICH MAY BE SELECTED BY CUSTOMER (NOT SUPPORTED BY BITDEFENDER) OR THAT THE CUSTOMER’S SYSTEMS WILL BE SECURE, ERROR-FREE, OR UNINTERRUPTED, COMPLIANT, AND BITDEFENDER HEREBY DISCLAIMS ANY AND ALL LIABILITY RELATED THERETO TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW.
THE SERVICES ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. THE SERVICES ARE NOT FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, OR COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY OR PROPERTY/ENVIRONMENTAL DAMAGES.
8.1.2. Customer represents and warrants to Bitdefender that it: a) has full right and power to authorize Bitdefender to provide the Services above; ii) owns the systems to be tested and/or has obtained or will obtain all necessary third-party authorization for Bitdefender to provide the Services; iii) understands that the Services may constitute crimes under, inter alia, the criminal code or other local legislation unless expressly authorized by Customer; and iv) has created or will create a full backup of all systems to be tested and has verified that the backup procedure will enable Customer to restore all such systems to their pre- Services state;
Customer represents and warrants that Customer has full right, power and authority to grant the consent to Bitdefender to scan for vulnerabilities the IP address and/or URL and/or domain names identified to Bitdefender by Customer for scanning, whether electronically or by any other means.
Customer hereby irrevocably releases, waives, and discharges Bitdefender and its contractors and personnel from any and all actions arising from or in connection with the Services to be performed. Bitdefender shall not be liable for any loss, damage, penalties, costs, expenses, and fees that may be incurred, suffered or expended by Customer arising from or in connection with the Service to be performed.
8.2. Indemnification
8.2.1. Subject to article 8.1.2., Bitdefender shall indemnify and keep Customer harmless from any claim by a third party that use of the Services in accordance with the terms and conditions of this Agreement infringes any third-party patent, trademark or copyright.
The foregoing obligation of Bitdefender does not apply with respect to software, services or portions or components thereof: (i) not supplied by Bitdefender; (ii) used in a manner not expressly authorized by this Agreement or the accompanying Documentation (iii) made in accordance with Customer specifications; (iv) modified by anyone other than Bitdefender, if the alleged infringement relates to such modification; (v) combined with other products, processes or materials where the alleged infringement would not exist but for such combination; (vi) for any evaluation or trial version or (vii) where Customer continue the allegedly infringing activity after being notified thereof and provided with modifications that would have avoided the alleged infringement, vii) breach of Customer’s warranties under article 8.1.2.
In the event the Services are held by a court of competent jurisdiction to constitute an infringement of third party rights of patent, trademark or copyright Bitdefender shall, at its sole option, do one of the following: (i) procure the right to continued use; (ii) modify the Services so that their use becomes non-infringing; (iii) replace the Services with substantially similar services in functionality and performance; or (iv) if none of the foregoing alternatives is reasonably available to Bitdefender, Bitdefender shall refund the pro-rata unused portion of the Services Fees paid by the Customer for Services.
8.2.2. Customer will defend Bitdefender against any claim made or brought against Bitdefender by a third-party alleging the breach of any third-party rights under applicable laws, and will indemnify and hold harmless Bitdefender from any damages, attorney fees and costs finally awarded to such third-parties as a result of breach of the Customer warranties mentioned in article 8.1.2., or for any amounts paid by Bitdefender under a settlement of such claim.
The Parties may request indemnification under this section, provided they: (a) give notice within ten (10) days of any claim being made or proceedings being issued against; (b) give sole control of the defense and settlement to the indemnifying party (provided any settlement relieves the indemnified party of all liability in the matter); (c) provide all available information and reasonable assistance; and (d) have not previously compromised or settled such claim.
THIS SECTION STATES BITDEFENDER’S ENTIRE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR INFRINGEMENT AND MISAPPROPRIATION CLAIMS.
8.3. Limitation of liability
Bitdefender is acting on behalf of its partners for the purpose of disclaiming, excluding and/or limiting obligations, warranties and liability as provided in this Agreement. The foregoing provisions shall be enforceable to the maximum extent permitted by applicable law.
BITDEFENDER SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, SYSTEM FAILURE OR DATA USE OR DAMAGES THAT WERE REASONABLY FORESEEABLE BY BOTH PARTIES BUT COULD HAVE BEEN PREVENTED SUCH AS, FOR EXAMPLE, LOSSES CAUSED BY VIRUSES, MALWARE, OR OTHER MALICIOUS PROGRAMS, OR LOSS OF OR DAMAGE TO CUSTOMER DATA OR SYSTEMS. BITDEFENDER’S MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT OR TO THE CUSTOMER ORDER, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, AND SHALL BE LIMITED TO THE SERVICE FEES CUSTOMER HAS PAID TO BITDEFENDER FOR THE DEFICIENT SERVICES IN THE LAST 12 (TWELVE) MONTHS UNDER THIS AGREEMENT. SOME STATES DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO CUSTOMER.
NOTWITHSTANDING BITDEFENDER DOES NOT LIMIT OR EXCLUDE ITS LIABILITY FOR (i) DEATH OR PERSONAL INJURY CAUSED BY GROSS NEGLIGENCE DIRECTLY ATTRIBUTABLE TO BITDEFENDER, (ii) FRAUDULENT MISREPRESENTATION, OR (iii) ANY OTHER LIABILITY TO THE EXTENT THAT SUCH LIABILITY CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW.
Each Party recognizes and agrees that the waivers, warranty limitations, as well as disclaimers and exclusions from and limitations of liability and/or remedies in this Agreement are a material and essential basis of this Agreement; reflect a reasonable allocation of risk between the Parties; are fair, reasonable, and a fundamental part of this agreement; and each has been taken into account and reflected in determining the consideration to be given by each Party under this Agreement and in the decision by each Party to enter into this Agreement. The Parties acknowledge and agree that absent any of such waivers, disclaimers, exclusions, and/or limitations of liability/remedies, the provisions of this Agreement, including the economic terms, would be substantially different, or in the alternative, this Agreement would not have been consummated.
9. ELECTRONIC COMMUNICATIONS
Bitdefender may send to the Customer legal notices and other communications about the Services or the use of the information the Customer provides Bitdefender. Bitdefender will send Communications via email to the primary User's registered email address or will post Communications on its Sites. The legal basis for sending these communications is this Agreement (for the transactional communications) and the legitimate interest for marketing with the current customers (for the commercial communications).
Notwithstanding, Customer agrees that Bitdefender may send Customer required legal notices and other communications about Bitdefender solutions (including updates), other and/or new Bitdefender solutions and services, special offers and pricing or other similar information, customer surveys, and other requests for feedback (collectively “Communications”). Bitdefender may provide Communications via (among other methods): (a) in-person contacts by Bitdefender and/or Reseller personnel; (b) email to registered email addresses of named contacts; and/or (c) posted Communications on its Websites. With respect to email notices, any such email notice to Customer will be sent by Bitdefender to the account administrator(s) named by Customer during registration. Customer is responsible for ensuring that the email address for the account administrator is accurate. Any email notice that Bitdefender sends to the then-current email address will be effective when sent, whether or not Customer actually receives the email. By accepting this Agreement, Customer consents to receive all Communications through these means.
10. DATA PROTECTION
Bitdefender acts as a data processor in relation to Personal Data collected through the Services for the purposes of Customer’s internal security management. The Customer acts as data controller in relation to the collected Personal Data by providing instructions when configuring the Services under the SoW and Documentation. The Customer is strictly responsible for complying with the data protection laws including GDPR provisions, complying with lawful processing of personal data, informing Users about the use of their personal data, the security of personal data and ensuring data subjects can exercise their rights, according to the Data Processing Agreement between Bitdefender and Customer available here: https://www.bitdefender.com/site/view/data-processing-agreement.html.
11. TECHNOLOGIES
Bitdefender informs Customer that in the course of providing the Services, certain programs or solutions may use data collection technology to collect technical information (including suspect files).
Bitdefender reserves the right to collect certain information from the User activity, depending on the modules and services that Customer has solicited under the Services. As such, Customer agrees that certain modules, services and components may collect pieces of data from Customer’s systems for the purpose of evaluating and improving the ability of Bitdefender’s products to detect malicious behavior, potentially fraudulent websites and other Internet security risks.
Customer acknowledges that the Services may utilize automatic data processing and analysis technologies, which may include automated techniques, and which may rely on heuristics and other similar techniques, the accuracy and efficiency of which may vary or be affected by variables beyond Bitdefender’s knowledge or control, and accordingly while Bitdefender will do all things that are reasonably required to maximize the accuracy and efficiency of the Services, technically or otherwise, Customer acknowledges that: i) the output of the Services may contain errors and inaccuracies from time to time; ii) the Services are not designed to be used in isolation, and Customer must employ techniques independent of the Services, including manual analysis and verification of the output of the Services, to verify or contradict the accuracy of the output of the Services; and Iii) the technology that enables the Services may, from time to time, be updated, amended, and/or modified by Bitdefender, and the accuracy and efficiency of the Services may vary from time to time.
12. AUDIT RIGHTS
Bitdefender may audit the use of the Services to verify that Customer’s usage complies with the terms of this Agreement and with applicable Documentation. An audit will be done upon reasonable notice and during normal business hours, but not more often than once each year unless a material discrepancy was identified during the course of a prior review. Customer agrees to implement internal safeguards to prevent any unauthorized copying, distribution, installation, or use of, or access to, the Services. Customer further agrees to keep records sufficient to certify Customer’s compliance with this Agreement, and, upon request of Bitdefender, shall provide and certify metrics and/or reports based upon such records and accounting for both numbers of copies (by product and version) and network architectures as they may reasonably relate to Customer’s deployment of the Services. If an audit reveals any deployment or use of the solutions that is in excess of the subscriptions conditions or is otherwise out of compliance with this Agreement, then Customer agrees to promptly correct such non-compliance. If the usages for any unlicensed or excess utilization of all solutions audited hereunder is greater than, in the aggregate, ten percent (10%) of the actual licensed use for solutions purchased by Customer, Customer agrees to reimburse Bitdefender for its reasonable costs incurred in performing the audit.
13. FORCE MAJEURE
Neither Party shall be in breach of the Agreement in the event it is unable to perform its obligations as a result of natural disaster, war, emergency conditions, labor strike, acts of terrorism, the substantial inoperability of the Internet, the inability to obtain supplies, or any other reason or condition beyond its reasonable control; provided, however, if such reasons or conditions remain in effect for a period of more than thirty (30) calendar days, either Party may terminate the Agreement affected by such force majeure following the written notice to the other Party. Notwithstanding the aforementioned, the Parties agree that payment obligations derived from this Agreement as well as the protection of Intellectual Property Rights shall not be delayed for any reason.
14. GENERAL
If Customer is located in the United States or Canada, this Agreement is governed by the laws of the State of Florida, USA, with the venue in Broward County. If Customer is located in UK, APAC, Australia and New Zealand, this Agreement will be governed by the laws of UK, with the venue in Reading. If Customer is located in Singapore and Indonesia, this Agreement will be governed by the laws of Singapore, with the venue in Singapore. If Customer is located in the Netherlands, Belgium, Denmark, Finland, Iceland, Norway, and Sweden, this Agreement is governed by the Dutch Laws with the venue in the Hague. If Customer is located in Germany and Austria, this Agreement is governed by the German Laws with the venue in München. If Customer are located in rest of Europe, Africa, Middle East and Asia, this Agreement will be governed by the laws of Romanian with the venue in the courts of Bucharest.
In the event of invalidity of any provision of this Agreement, the invalidity shall not affect the validity of the remaining portions of this Agreement.
This Agreement describes certain legal rights. Customer may have other rights under the laws of Customer’s state or country. Customer may also have rights with respect to the party from whom Customer purchased the Services. This Agreement does not change Customer’s rights or obligations under the laws of his state or country if the laws of Customer’s state or country do not permit to do so.
Bitdefender reserves the right to cooperate with any legal process and any law enforcement or other government inquiry related to Customer’s use of the Services. This means that Bitdefender may provide documents and information relevant to a court subpoena or to a law enforcement or other government investigation according to applicable law after taking reasonable measures to protect it.
Either party represents and warrants that (i) in connection with this Agreement, it has not and will not make any payments or gifts or any offers or promises of payments or gifts of any kind, directly or indirectly, to any official of any foreign government or any agency or instrumentality thereof and (ii) it will comply in all respects with the Foreign Corrupt Practices Act and any other applicable laws and (iii) it will comply with the export compliance laws applicable to each party fulfillment its obligation under this Agreement.
The Services are subject to U.S. and foreign export control laws. Customer agrees to comply with all laws and regulations of the United States and other countries where the Services are used by Customer and Customer’s Users to ensure that they are not exported, directly or indirectly, in violation of such laws.
To the maximum extent permissible by written waiver, disclaimer, limitation, and/or exclusion under Applicable Laws, this Agreement is entered into solely between and for the benefit of, and may be enforced only by, the Parties hereto and no third party shall have any right/benefit hereunder, whether arising hereunder, under any statute now or hereafter enacted (such as Contracts (Rights of Third Parties) Act of 1999 in the UK and similar laws enacted in Ireland, Singapore, New Zealand, Hong Kong S.A.R., and certain states of Australia, the application of each of which is hereby barred and disclaimed), or otherwise. This Agreement does not, and shall not be deemed to, create any express or implied rights, remedies, benefits, claims, or causes of action (legal, equitable or otherwise) in or on behalf of any third parties including employees, independent consultants, agents, and Affiliates of a Party, or otherwise create any obligation or duty to any third party; provided, however, notwithstanding anything contained herein this Agreement to the contrary, Bitdefender’s hardware suppliers, software licensors, and Resellers shall be intended third party beneficiaries for the exclusions, limitations, and disclaimers with respect to Bitdefender Solutions as stated in this Agreement.
Bitdefender and Bitdefender logos are trademarks of Bitdefender. All other trademarks used in the product or in associated materials are the property of their respective owners.
Bitdefender retains the right to assign this Agreement in its sole discretion. Customer may not assign this Agreement without the prior written permission of Bitdefender.
Publicity. Bitdefender may use the Customer’s name and logo on its website or in any of its advertising, publicity, or promotional material, without referencing the content of the services provided and Bitdefender will use its best efforts to coordinate such advertising or promotion with Customer.
Nothing in this Agreement shall be construed as precluding or limiting in any way the right of Bitdefender to provide consulting, development, or other services of any kind to any individual or entity (including without limitation performing services or developing materials which are similar to and/or competitive with the Services and/or deliverables hereunder).
Bitdefender may revise these Terms at any time and the revised terms shall automatically apply to the corresponding Services performed under the revised terms. If any part of the Agreement is found void and unenforceable, it will not affect the validity of rest of the Terms, which shall remain valid and enforceable. In case of controversy or inconsistency between translations of the Agreement to other languages, the English version issued by Bitdefender shall prevail.
This Agreement and all related SoWs and Addenda form the entire agreement between Customer and Bitdefender regarding the subject matter hereof. Any conflict between this Agreement and the terms of any SOW, any Order Form, or other exhibit hereto, will be resolved in the following order: (a) any SoW in date order with the most recent SoW being of highest precedence; and (b) this Agreement. This Agreement supersedes all prior or contemporaneous negotiations or agreements, both oral and written, between the parties regarding its subject matter. Any preprinted terms on any Customer purchase order will have no effect on the terms of this Agreement and are hereby rejected. Headings are for reference purposes. Any additional, conflicting, or different terms or conditions proposed by Customer in any of its issued document (such as an SOW or Order or other document), are hereby rejected by Bitdefender and excluded here from.
Contact BITDEFENDER, at 15 A Orhideelor Street, Orhideea Towers Building, 11th floor, District 6, Bucharest, 060071, Romania; tel +40 212 063 470; fax +40 212 641 799, e-mail address: office@bitdefender.com.
Appendix A
Description of Offensive Security Services and Cybersecurity Advisory Services
A.1. BITDEFENDER OFFENSIVE SECURITY SERVICES:
Penetration Testing- Web Application:
Bitdefender will perform a time limited web application penetration test against the application(s).
Penetration Testing – Web API:
Bitdefender will perform a time limited web API penetration test against the web APIs.
Penetration Testing-External/Internal Network:
Bitdefender will perform a network security assessment against the in-scope IP addresses.
Penetration Testing- Mobile Application:
Bitdefender will perform a mobile application security assessment against the application(s) Android and iOS operating systems.
Red Team (Adversarial Attack Simulation Exercise):
Bitdefender will perform red team attack simulation service, which is a threat-focused, objective-based assessment with the goal of stress-testing the detection and response capabilities from simulated real-life, advanced, and targeted threats.
This will be delivered using a phased approach. The following is a high-level overview of the sequence of events:
1. Project Initiation Phase (Pre-Commencement): Confirmation of engagement objectives, project working group, risk management framework, and project cadence.
2. Initial Access Phase (Start of the Engagement): Bitdefender utilizes the pre-planned scenarios (i.e., email phishing) in an attempt to obtain initial access into the client network.
3. Breach/Assume Breach Phase: i. Access into client network is seeded/provided by client if Initial Access attempts were unsuccessful; ii. Utilizing access achieved/provided, Bitdefender will attempt to achieve pre-agreed objectives to demonstrate impact to the client.
4. Attack Disclosure Phase: i. Within the last week of the Breach/Assume Breach Phase, if Bitdefender remains undetected, the client’s security/response team will be notified; ii. Metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) can be measured at this phase.
5. Reporting Phase: Bitdefender will document, quality assure and finalize the engagement report which will detail all findings and recommendations.
6. Management Presentation (End of Engagement): Bitdefender will conduct a formal presentation of findings to the client’s management/technology stakeholders.
If a request has been made for this to be delivered using a gated approach, each phase of the red team engagement will only commence upon receiving an email approval*. This will be after the Initial Access Phase completion and Bitdefender Red Team will resume either the Assume Breach or Breach Phase depending on the outcome of Initial Access phase. These will be defined in the Technical Scoping Exhibit.
Host Configuration Review
Bitdefender will perform a configuration review against the in-scope hosts.
The total number of host(s) in scope shall be included in the Technical Scoping.
Phishing Simulation
Bitdefender will perform a simulated phishing attack against the chosen organization.
Cloud Security Assessment
Bitdefender will perform Cloud Security Assessment against the in-scope Cloud infrastructure.
The total number of cloud accounts in scope shall be included in the Technical Scoping.
Smart Contract Audit
Vendor will perform a Smart Contract audit service on a specific number of lines of code that will be included in the Technical Scoping.
A.2. CYBERSECURITY ADVISORY SERVICES:
Cybersecurity Advisory Retainer:
Cybersecurity Advisory Retainer is a flexible, scalable and retainer-based solution allowing organizations undergoing digital transformation to build security and compliance capabilities using our experienced cyber strategists in a flexible way.
Cyber Security Review:
An assessment that reviews an organization against a holistic and industry recognized cyber security framework such as ISO27001, NIST CSF or CIS. Understanding how cyber security is managed across Customer organization is critical to understanding where to prioritize investment and resources to ultimately reduce risk.
Cyber Security Strategy:
Definition or review of an organization’s Cyber Security Strategy to help drive the direction of Cyber Security risk management.
Training and Awareness:
Bitdefender tailored training and awareness programs equip board members and employees with the knowledge and skills to manage, recognize, prevent, and respond to cybersecurity risks through better awareness and understanding. Through topic specific training or broader cyber security awareness, we cultivate a culture of heightened awareness, reducing the likelihood of human error.
Reporting and Dashboarding:
Cyber security is another business risk and managing it effectively is critical to operating a business. The ability to showcase a positive ROI is often hard given silence is positive. We are able to support the definition of or review organizations existing KPIs, metrics or wider reporting and dashboarding capability to report on the ROI of security investment.
Risk Assessment:
Cyber security is another business risk and managing it effectively is critical to operating a business. An assessment of an organization’s risk profile (by identifying the top threats and vulnerabilities facing Customer organization), or the risk associated with a specific project, application or asset using industry recognized methodologies such as IRAM2, NIST RMF, ISO27005.
Compliance Support:
Compliance services against well-known industry standards such as ISO27001 or PDPA, to support Customer organization identify gaps in compliance and provide recommendations or support with accreditation. Our report will document all non-conformities or non-compliance with the chosen standard or framework.
Supply Chain/Third Party Risk Management:
Defining and implementing a third-party risk management framework to consistently manage third parties. This would include the option for organizations to outsource the management of third parties to Bitdefender to perform. Organizations can tailor the service to include only critical and high suppliers or however they need to supplement their existing team capabilities.
Information Security Policy Framework Development:
Our team will collaboratively craft comprehensive policies tailored to Customer specific needs, ensuring alignment with relevant industry standards and compliance mandates. Through meticulous procedure development, we establish clear guidelines for the management of cyber security risk bolstering Customer resilience against cyber threats.
Incident Response Tabletop Exercises:
A simulated scenario designed to evaluate Customer organization's readiness against potential cyber threats. Participants will navigate through a number of hypothetical security breaches with our team of experts, testing their decision-making, communication, and collaboration skills. This hands-on exercise provides a risk-free environment to identify gaps in Customer response strategy, refine procedures, and enhance overall cybersecurity resilience.
Project Management for Security Transformation:
Provide project management support for large complex transformation programs with multiple workstreams operating concurrently.