Terms of Service
These terms of service (the “Agreement“) is a legal agreement between you, a customer of Perception Point that subscribed to Perception Point’s Solution (defined below) by signing an Order Form (defined below) (“Customer”) and Perception Point Ltd. and Perception Point’s affiliates (together, “Perception Point”).
Perception Point and Customer shall be each referred to as “Party” and collectively as “Parties”
WHEREAS, Perception Point offers its customers advanced collaboration and communication cyber security solutions; and
WHEREAS, the Partieshave agreed that Perception Point will grant Customer with a limited license to access its said platform, in accordance with the terms and conditions set forth below;
NOW, THEREFORE, in consideration of the foregoing premises and the mutual covenants hereafter set forth, the Parties hereby agree as follows:
1. Definitions. For purposes of this Agreement, the Order Form and all Exhibits thereto, the following capitalized terms shall have the following meaning:
1.1 “Intellectual Property Rights” means all worldwide, whether registered or not (a) patents, patent applications and patent rights; (b) rights associated with works of authorship, including copyrights, copyright applications, copyright restrictions, mask work rights, mask work applications and mask work registrations; (c) trademarks, trade names, service marks, logos, domain names, goodwill, and trade dress; (d) trade secrets and confidential information; (e) rights analogous to those set forth herein and any other proprietary rights relating to intangible property; and (f) divisions, continuations, renewals, reissues and extensions of the foregoing (as applicable) now existing or hereafter filed, issued, or acquired.
1.2 “Solution” means any of Perception Point’s Advanced Collaboration Security solutions, as mentioned and further detailed under the Order Form.
1.3 “Affiliate” means, with respect to a Party, a person or entity that controls, is controlled by, or is under common control with, such Party.
1.4 “Order Form” means the order form provided by Perception Point to Customer for the licensing of the Solution in accordance with this Agreement.
2. License. Subject to and in accordance with all the terms and conditions of this Agreement, Perception Point hereby grants to Customer a limited, worldwide, non-assignable (except as otherwise provided in Section 11.3), non-exclusive, non-transferable, non-sublicensable right to use the Solution internally within the Customer’s, during the Term (as defined below) (the “License”).
3. Limitations on Use. Customer shall not: (i) directly or indirectly, take any action to contest Perception Point’s Intellectual Property Rights or infringe them in any way; (ii) access or use the Solution through any unauthorized means, services or tools, including, without limitation, any data mining, robots, or similar automated means or data gathering and extraction tools, including, without limitation, in order to extract for re-utilization of any parts of the Solution; (iii) penetrate or circumvent or attempt to penetrate or circumvent any technical restrictions or limitations included in the Solution or its servers; or (iv) use or register any trademarks, trade names, domain names or symbols similar to Perception Point’s registered trademarks and logos; (iv) circumvent, disable or otherwise interfere with security-related or technical features or protocols of the Perception Point Solution (such as usage monitoring features); (v) make a derivative work of the Perception Point Solution, or use the Perception Point Solution to develop any service or product that is the same as (or substantially similar to) the Perception Point Solution; (vi) export or re-export the Perception Point Solution or any component thereof or use the Perception Point Solution in any manner, prohibited by law, including without limitation in any manner in violation of any applicable export or import restrictions, laws and regulations; and (vii) develop any other products containing any of the concepts and ideas contained in Perception Point Confidential Information that are not readily apparent from normal use of the Perception Point Solution pursuant to the license(s) granted hereunder
The use of the Solution is subject to reasonable use which shall not impose an unreasonable or disproportionately large load on Perception Point’s infrastructure.
4. Undertakings. Each Party undertakes to comply with all applicable laws and regulations (including with limitation data privacy and the applicable data protection laws and regulation), including any registration requirements, and obtain all applicable licenses, permits, authorizations, approvals, and consents (including without limitation from a Party’s personnel) required under any applicable law for Perception Point to provide and for Customer to use the Solution in accordance therewith.
5. Warranties and Representations. Each Party warrants and represents to the other Party that it has the full corporate power and authority required to enter into this Agreement and to carry out its undertakings and obligations hereunder. Customer warrants that obtained it consent of any persons whose information is shared with Perception Point for the purpose of providing the Services. In addition, Perception Point warrants and represents to the Customer that Perception Point owns, or has obtained a license (as may be applicable) to, all rights in and to the Solution, and the License granted to Customer hereunder does not infringe the Intellectual Property Rights of any third party.
6. Service Levels and Support. During the Term, Perception Point shall provide Customer with support services and service levels in accordance with its Service Level and Support Policy, available at https://perception-point.io/service-level-and-support-description/.
7. Ownership. Perception Point or its licensors (as applicable) owns all right, title, and interest in and to the Solution, including without limitation any and all data, computer code, user interface, design and structure, and all modifications, enhancements and derivatives thereof and all Intellectual Property Rights related thereto (“Perception Point IPR“). Customer acknowledges that, except for the limited License to the Solution set forth in Section 2 above, Customer did not and shall not acquire any rights in any part of the Perception Point IPR. Customer owns all data which it provides or which Perception Point receives from Customer which is processed by or through the Solution, including, but not limited to all traffic sent or received by Customer, backup files, and other electronic files processed by the Solution as part of the services provided by Perception Point (“Customer Data”).
8. Fees.
8.1. Customer shall pay Perception Point all fees set forth in the Order Form in accordance with the timetables, subscription, and licensing plans set forth therein (“Fees“). The Fees are non-refundable.
8.2. Except as expressly provided in this Agreement, each Party shall bear its own expenses incurred in the course of its performance of this Agreement. All amounts due to Perception Point under this Agreement are set forth under the Order Form, and constitute the sole and exclusive consideration which Perception Point is entitled to receive with respect to this Agreement and the performance of all its obligations hereunder. All such amounts shall be paid in accordance with the payment instructions set forth in the Order Form to Perception Point’s account, free and clear from any deduction of any bank fees, tax (including VAT), duty or levy whatsoever, except as required under any applicable law. All payments are exclusive of all charges, taxes, and levies of any nature applicable to Customer under any applicable law and which shall be borne solely thereby.
8.3. Customer shall update Perception Point in the event usage of the Services exceeds the usage specified in the Order Form (the “Ordered Services”). Perception may increase the Fees should the Customer’s usage of the Services exceeds the Ordered Services by more than 15%.
9. Confidential Information and Privacy.
9.1. All data and information related to each Party, its affiliates, and its shareholders, employees, directors and agents, and/or to its business, products, and services are confidential information of the disclosing Party (“Confidential Information”). Except for Customer Data, which shall remain confidential at all times, “Confidential Information” does not include information: (i) that is or becomes part of the public domain through no act or omission of the receiving Party; (ii) that is lawfully received by the receiving Party from a third party without restriction on use or disclosure and without breach of this Agreement or any other agreement without knowledge by the receiving Party of any breach of fiduciary duty, or (iii) that the receiving Party lawfully had in its possession prior to the date of this Agreement.
The receiving Party agrees to protect the Confidential Information in accordance with good industry practices and keep confidential and not disclose, disseminate, allow access to or use any Confidential Information except as required for exercising its rights or fulfilling its obligations herein. Either Party shall restrict disclosure of Confidential Information to those of its employees and consultants with a reasonable need to know such information and which are bound by written confidentiality obligations no less restrictive than those set out herein. Without derogating from the foregoing, either Party may disclose this Agreement in connection with a merger, sale or issuance of all or substantially all of the shares or assets of such Party.
9.2. Customer acknowledges that all traffic sent and received by Customer will be processed and monitored by the Solution solely for the purpose of providing the service to Customer and in accordance with the Perception Point Privacy Policy available at: https://perception-point.io/privacy-policy/ and with the Data Processing Agreement attached hereto as Exhibit A. Customer shall, as and to the extent required by law, ensure that the users in its organization consent to the provision to and processing by Perception Point of their data as set forth herein.
10. Indemnification; Limitation of Liability.
10.1. Perception Point shall indemnify and hold Customer and its Affiliates and their respective stockholders, directors and officers, harmless against any and all claims, damages, losses, expenses and costs, finally awarded in judgment or settlement and arising out of a third party allegation that the Solution infringes its intellectual property rights. Perception Point’s indemnification obligation shall be subject to provision of the prompt written notice of the claim to Perception Point, rendering full control over the defense and settlement of the claim to Perception Point and that Customer shall provide reasonable assistance in the defense to Perception Point.
10.2. Customer shall indemnify and hold Perception Point and its Affiliates and their respective stockholders, directors, and officers, harmless against any and all claims, damages, losses, expenses, and costs, finally awarded in judgment or settlement and arising out of a third party connected to its negligence or willful misconduct connected to its obligations under this Agreement.
10.3. Eexcept for breaches under section 9 above and except for claims based on a Party’s wilful misconduct: (a) under no circumstances will either Party and its affiliates, and its and their shareholders, directors, agents, employees, licensors or suppliers be liable under any contract, strict liability, negligence or other legal or equitable theory, for any indirect, incidental or consequential damages in connection with this agreement and/or the solution even if advised of the possibility of such damages, including without limitation lost profits; and (b) either Party’s and its affiliates’ aggregate liability in connection with this agreement, the Solution or otherwise shall not exceed the payments made to Perception Point by Customer during the twelve (12) months preceding the event that gave rise to such claim.
11. Term and Termination.
11.1 Unless earlier terminated pursuant to Section 11.2 below, the term of the Agreement shall be as specified in the Order Form, (the “Initial Term”). The Initial Term shall be automatically renewed for periods of one year each, unless terminated by either Party upon a sixty (60) days prior written notice to the other Party prior to the then-current renewal term.
11.2. Either Party may terminate this Agreement as follows: (i) upon breach by the other Party of any of its obligations herein and the breaching Party’s failure to cure the breach within thirty (30) days from such Party’s written notice,; (ii) by delivering written notice to the other party upon the occurrence of any of the following events: (a) either receiver is appointed for a Party or its property; (b) either Party makes a general assignment for the benefit of its creditors; (c) either party commences, or has commenced against it, proceedings under any bankruptcy, insolvency or debtor’s relief law, which proceedings are not dismissed within thirty (30) days; or (d) either Party is liquidated or dissolved or has undertaken any measures to commence such liquidation or dissolution.
11.3. Upon expiration or termination of this Agreement for any reason all of Customer’s rights and licenses hereunder shall immediately terminate and Customer shall immediately cease using the Solution; (. The following Sections shall survive termination/expiration hereof: 1, 3, 4, 7-9, 10.3, 11 and any outstanding payment obligations accrued (in accordance with the terms of this Agreement) prior to expiration or termination hereof.
12. General. (12.1) Waiver; Remedies. Failure of a Party to insist upon the performance by the other Party of any term hereof shall not be deemed a waiver of the rights of the first-mentioned Party with respect thereto. All waivers must be in writing. (12.2) Notices. All notices and other communications required or desired to be communicated by one Party to the other shall be in writing and shall be deemed delivered immediately when sent by fax or e-mail (with confirmation of receipt), or delivered by hand or ten (10) days after mailing by registered mail to the respective addresses set forth at the head of the
Provided, however, that any notice of change of address shall be effective only upon receipt. (12.3) Assignment. Customer shall not assign or transfer any of its rights or obligations hereunder, whether by contract or by operation of law, except to a subsidiary or affiliate thereof or with as part of an assignment carried out as part of a merger, restructuring, or reorganization, or as a sale or transfer of all or substantially all of Customer’s assets or with Perception Point’s prior written consent. Perception Point may assign and transfer any rights and obligations under this Agreement at its sole discretion, provided that Perception Point shall notify Customer of such assignment and that such assignment shall not derogate from any of Customer’s rights hereunder. (12.4) Relationship of the Parties. The relationship established between Perception Point and Customer by this Agreement is solely that of independent contractors. Customer is not the agent or legal representative of Perception Point nor is Perception Point the agent or legal representative of Customer, and no employee of Customer shall be considered to be an employee of Perception Point for any purposes whatsoever and no employee of Perception Point shall be considered to be an employee of Customer for any purposes whatsoever. Except as set forth under this Agreement, neither Party shall be liable for any expenses incurred by the other Party which arise out of or in connection with the Agreement. (12.5) Entire Agreement. This Agreement, including the Order form and the Exhibits hereto, sets forth the entire agreement and understanding between the Parties hereto with respect to the subject matter hereof, and supersedes all prior discussions, agreements, representations and understandings between them. (12.6) Governing Law and Jurisdiction. This Agreement and any action related thereto shall be governed, controlled, interpreted and defined by and under the laws of the State of New York, US without regard to the conflict of law provisions thereof. The exclusive jurisdiction and venue of any action with respect to the subject matter of this Agreement shall be the competent courts of New York County, New York, and each of the Parties hereto submits itself to the exclusive jurisdiction and venue of such courts for the purpose of any such action. The United Nations Convention for the International Sale of Goods is expressly excluded from this Agreement. (12.7) Remedies. Notwithstanding Section 11.6 above, each party acknowledges that in the event of breach or threatened breach of any provision of this Agreement by the other party, such party could suffer significant and irreparable harm that could not be satisfactorily compensated in monetary terms, and that the remedies at law available to such party may otherwise be inadequate and such party shall be entitled, in addition to any other remedies to which it may be entitled to under law or in equity, to the immediate ex parte issuance of an equitable relief, including without limitation an injunctive relief, in any jurisdiction worldwide. (12.8) Severability. Any provision of this Agreement prohibited by, or unenforceable under, applicable law shall be ineffective and shall be replaced by an enforceable provision to the same or the nearest possible equivalent effect. Notwithstanding the foregoing, the other provisions hereof shall continue in effect. (12.9) Force Majeure. Neither Party shall be liable to the other for delays or failures in performance resulting from unforeseeable causes and which are beyond the reasonable control of that Party, including, but not limited to, acts of God, labour disputes or disturbances, material shortages or rationing, or riots. (12.10) No Third Party Beneficiaries. No provisions of this Agreement are intended or shall be construed to confer upon or give to any person or entity other than Customer (and its employees) and Perception Point any rights, remedies or other benefits under or by reason of this Agreement. (12.11) Publicity. Perception Point may use Customer’s name and logo as a user of the Solution on Perception Point’s website, press releases, and other marketing materials and presentations.
Exhibit A- DPA
Data Processing Addendum
This Data Processing Addendum (“DPA”) is incorporated by reference into the Terms of Service (“Agreement”) between the Customer (the “Controller”) and Perception Point (the “Processor”). All defined terms contained herein shall have the same meaning as the definitions set forth in the Agreement.
Processor shall comply with the following in respect of Personal Data (as defined under Regulation (EU) 2016/679 (General Data Protection Regulation) (“GDPR”), the California Consumer Privacy Act (Cal. Civ. Code §1798) (“CCPA”) and any other data protection or privacy laws, all as applicable:
1. Controller’s Compliance. Controller’s instructions for processing of Personal Data shall comply with all applicable privacy and data protection laws, including the GDPR. Controller shall have sole responsibility for the accuracy, quality and legality of Personal Data and the means by which Controller acquired Personal Data.
2. Details of Processing. Processor will process Personal Data only pursuant to Controller’s documented instructions unless processing is required by applicable laws to which Processor is subject, in which case Processor shall inform Controller of that legal requirement before the relevant processing of that Personal Data, unless prohibited from doing so by law. The details of the processing activities to be carried out by Processor in respect of the Services are specified in Appendix 1. For the avoidance of doubt, the duration of the processing is for the term of the services unless terminated earlier in writing.
3. Data Subjects Rights. Processor shall assist Controller, by using appropriate technical and organizational measures, in the fulfillment of Controller’s obligations to respond to requests by data subjects in exercising their rights under applicable laws.
4. Confidentiality. Processor shall ensure that its personnel engaged in the processing of Personal Data are bound by a confidentiality undertaking.
5. Data Breach. Processor will promptly notify Controller after becoming aware of any suspected or actual breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data (“Data Breach”).
6. Records. Processor will maintain up-to-date written records of its processing activities, including, inter alia, Processor’s and Controller’s contact details, details of data protection officers (where applicable), the categories of processing, transfers of Personal Data across borders and the technical and organizational security measures implemented by the Processor. Upon request, Processor will provide an up-to-date copy of these records to Controller.
7. Sub-Processors. Controller acknowledges and agrees that Processor may engage any of the third-party sub-processors in connection with the provision of the services, or to fulfil its contractual obligations under this DPA, or to provide certain services on its behalf, such as providing support services to Controller. A list of sub-processors used by Processor is available at https://perception-point.io/sub-processors-list (as may be updated by Processor from time to time in accordance with this DPA). Such sub-processors shall be bound by a written contract including terms which set data protection obligations no less protective than those in this DPA to the extent applicable to the nature of the Services provided by such sub-processor.
8. Assistance. Processor will assist Controller in ensuring compliance with Controller’s obligations related to the security of the processing, notification and communication of Data Breaches, conduct of data protection impact assessments and any inquiry, investigation or other request by a supervisory authority.
9. Possible Violation. Where Processor believes that an instruction would result in a violation of any applicable data protection laws, Processor shall notify the Controller thereof.
10. Information. Processor will make available to Controller, upon request, information necessary, and reasonably available to Processor, to demonstrate compliance with the obligations set forth in this DPA and GDPR obligations under Article 28.
11. Audits. Upon Controller’s request, Processor shall cooperate with audits and inspections of its compliance with the requirements and obligations herein and/or under applicable law. Such audits and inspections may be conducted by Controller or by any third party designated by Controller.
12. Technical and Organizational Measures.
12.1 Processor shall implement and maintain all technical and organizational measures that are required for protection of the Personal Data and ensure a level of security that is appropriate to for dealing with and protecting against any risks to the rights and freedoms of the data subjects, and as required in order to avoid accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or access to Personal Data and/or as otherwise required pursuant to the GDPR, including, inter alia, the measures set forth in Appendix 2. When complying with Section 12 hereof, Processor shall take into consideration the state of technological development existing at the time and the nature, scope, context and purposes of processing as well as the aforementioned risks.
12.2. Processor shall regularly monitor its compliance with this DPA and will provide Controller, upon request, with evidence that will enable verification of such monitoring activities. Processor shall promptly implement all changes to Appendix 2, as requested by Controller. Processor shall ensure that all persons acting under its authority or on its behalf and having access to the Personal Data, do not process the Personal Data except as instructed by Controller and permitted herein.
13. Transfer of Personal Data to Third Countries. Processor will not transfer Personal Data to a recipient located in a country that is not a Member State of the European Union or European Economic Area, unless that country is considered by the European Commission to have an adequate level of protection or pursuant to an EU standard contractual clauses (“SCCs”) for the transfer of personal data to processors established in third countries (Commission Decision (EU) 2021/914), before such transfer. For the purposes of the SCCs (https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN), Module Three: Transfer processor to processor shall apply, Controller is the ‘Data exporter’, processor is the ‘Data importer’; the ‘Data subjects’, ‘Categories of data’, ‘Frequency of the transfer’, ‘Nature of processing’, ‘Purpose’, ‘Retention period’ and ‘subject matter, nature and duration of the processing’ are as described in the Agreement. The ‘competent supervisory authority’ is the Republic of Ireland.
14. Return and Deletion of Personal Data. On the Controller’s request, Processor shall return or destroy Personal Data to the extent allowed by applicable law.
Appendix 1- Processing Details
1. Nature, purpose and subject matter of the Processing. The nature, purpose and subject matter of the Processing is the provision of the Services set forth in the Agreement.
2. Categories of Data Subjects. Email users, data subjects coincidentally identified in email content or in shared file (as applicable); contact person at Controller.
3. Types of Personal Data. Customer data scanned to find malicious content including emails content, emails metadata, email addresses and IP addresses, and Personal Data included in shared files (as applicable).
Appendix 2 - Technical and Security Measures
1. The encryption of Personal Data. All data is encrypted at rest and in transit using AES-256 and TLS 1.2.
2. A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
3. Privacy of Personal Data is ensured through service monitoring levels SLA signed by customer that define the level of Personal Data exposure allowed to security personnel in order to handle malicious incidents.
4. Clean emails/files are kept only for a very short period of up to 48 hours to allow review in case of reporting by end users. malicious content and all metadata are retained for a longer time, as needed for professional or legal purposes.
5. Access to Personal Data is restricted to approved personnel only, who needs to monitor the service, and this list is constantly reviewed. Personnel may access the content of emails only in case of review of suspicious emails.
6. Logging and monitoring. Systems are logged and monitored in order to detect unusual activity. Customer may access logs including any action taken place in regards to Customer data.
7. Business continuity. A formal Business Continuity plan is maintained. The plan is reviewed and a table read scenario is conducted at least annually.
8. Regular vulnerability scans and annual third-party penetration tests on relevant infrastructure is used to identify vulnerabilities. Results are evaluated by appropriate personnel and remediation actions are performed, where deemed appropriate.
9. Changes are tested by appropriate personnel for functionality and, where applicable, security prior to being implemented in production.
10. Physical security. Amazon Web Services is used as a subservice organization which is responsible for implementing and maintaining proper controls over its underlying system infrastructure (e.g., servers, storage devices, network devices, operating systems). This includes relevant controls over physical access.
11. Security awareness training is provided to all new employees upon hire, and to all company personnel at least once per calendar year and remedial training as deemed necessary, to help employees understand their obligations and responsibilities to comply with the company’s policies and procedures, including the identification and reporting of incidents.
