MORPHISEC SUBSCRIPTION AGREEMENT
Morphisec grants you a right and license to use and access the Solution, subject to the terms of this subscription agreement, and only upon the condition that you accept the terms contained in this subscription agreement (the "Agreement"). This Agreement and its Exhibits, including any sales orders placed by you hereunder, shall govern your use of the Solution, and shall constitute a legally binding agreement between Morphisec and you.
Please read the terms and conditions of this Agreement carefully before clicking on the “accept” button, in which case you will be bound by this Agreement. By clicking the "accept" button you also waive any rights or requirements under any laws or regulations in any jurisdiction which require an original (non-electronic) signature or delivery or retention of non-electronic records, to the extent permitted under applicable law. Additionally, download or installation of any component of the Solution, as well as the use of the Solution or payment of any license fees by you, shall also constitute an acknowledgment and acceptance of the terms and conditions of this Agreement, and your agreement to be bound thereby. If you do not agree to the terms of this Agreement, please do not use the Solution or any part thereof.
The terms and conditions of this Agreement are entered into as of the date you have first accepted this Agreement in any of the manners specified above (the "Effective Date"), by and between Morphisec and You.
In consideration of the foregoing and the mutual promises contained in this Agreement, the adequacy of which consideration is hereby acknowledged, the parties agree as follows:
“Customer” (or "You") means the person and/or the legal entity who's being licensed to install, access, and use the Solution under this Agreement.
“Customer Servers” means Customer’s internal servers, or third party's external servers, clouds, or other platforms operated by Customer.
“End point” means, desktops, laptops, servers or other end point workstations of a Customer, all as authorized under the Sales Order.
“End Point Software” means the software(s), installed on Customer’s End-Points as part of the Solution.
“Management Security Center” means the back-end management security center software provided as a cloud service, that enables the management of all End Point Software as part of the Solution (such component is located on Morphisec Servers), to which Customer will receive access hereunder if Customer is purchasing a SAAS License.
“Management Back End Software” means the back-end management console software that manages the Solution of all End Points installed on Customer Servers, for which Customer will receive a license hereunder if Customer is purchasing an On Prem License.
“Morphisec” means the contracting entity hereunder, which: (a) if Customer at the time of purchase is located or established (if Customer is a corporation) in North America, shall be Morphisec Inc.; and otherwise, shall be Morphisec Information Security 2014 Ltd.
“Morphisec Servers” means Morphisec’s internal servers, or third party's external servers, clouds, or other platforms operated by Morphisec, on which Morphisec’s systems operate.
“On Prem License” means a grant of license to the Solution hereunder, which includes amongst others a right to download the Management Back End Software, but does not include access to the Management Security Center.
“SAAS License” means a grant of license to the Solution hereunder, which includes amongst others access to the Management Security Center, but does not include a right to download the Management Back End Software.
“Sales Order” means an order placed by Customer to Morphisec (or, if Customer purchase the Solution from an Authorized Partner, an order placed by Customer to an Authorized Partner) for the Solution and/or Services pursuant to this Agreement, which such Sales Order shall specify, amongst others, the products and services purchased, the type of Customer’s license (whether On Prem or SAAS), and the number of Customer's authorized End Points. Morphisec has the right to accept or reject (in full or in part) any Sales Order placed. Other than as explicitly specified herein, accepted Sales Orders are non-cancellable and non-refundable.
“Services” means any maintenance and support services and/or any professional services regarding the Solution that may be provided from time to time by Morphisec as identified in the applicable Sales Order, subject to the terms of this Agreement and the terms of Morphisec's standard Maintenance and Support Policy and/or separate professional services agreement to be entered between the parties (as applicable), in each case as in effect from time to time.
“Solution” means the product identified in the applicable Sales Order, including without limitation, the End Point Software and the Management Security Center (in the case the license provided is a SAAS License) or the Management Back End Software (in the case the license provided is an On Prem License), as well as any (i) application programming interfaces included in such software/services or generated by such software/services, which define or provide the external programming requirements or code necessary to interface between such software/services and other networks, software, code or operating systems; (ii) documentation and other materials related to such software/services and provided to Customer (iii) know-how, inventions, algorithms, procedures, techniques, technologies and solutions, reflected or embedded in such software/services; and (iv) improvements, derivative products, updates, upgrades, error-corrections, specifications, customizations or other modifications of such software/services (to the extent provided hereunder), and any work products thereof.
2. GRANT OF RIGHTS AND LICENSE.
2.1 Grant of Rights and License. Subject to Customer’s compliance with the terms and conditions of this Agreement, including without limitation the payment of applicable Fees (as defined below), Morphisec hereby grants to Customer, during the applicable Subscription Term (as defined below), a non-exclusive, non-transferable, non-sublicensable, revocable and limited license to install and use the End Point Software and either access and use the Management Security Center or download and use the Management Back End Software (as applicable) in order to enjoy the use of the Solution, all for its internal use only, all solely for the number of End Points, and subject to any other restrictions as set in the applicable Sales Order. All rights not expressly granted in this Section 2.1 are hereby reserved.
2.2 Restrictions. Customer shall not, and shall not assist, cause or allow any third party to: (i) decompile, disassemble or reverse-engineer the Solution or any of its components; or create or recreate the source code for the Solution or any of its components; (ii) remove, erase, obscure, or tamper with any copyright notice or any other product identification or proprietary rights notices, seal, or instructional label printed or stamped on, affixed to, or encoded or recorded in or on the Solution or any of its components or its related documentation; or fail to preserve all copyright and other proprietary notices in all copies of the Solution or any of its components and related documentation made by Customer; (iii) lease, lend or use the Solution or any of its components for timesharing or service bureau purposes; sell, market, license, sublicense, distribute, transfer of upload to any third party's platform or otherwise grant to any person or entity any right to use the Solution or any of its components except to the extent expressly permitted in this Agreement; or use the Solution or any of its components to provide, alone or in combination with any other product or service, any product or service to any person or entity, whether on a fee basis or otherwise; (iv) copy, modify, adapt, tamper with, translate, or create derivative works of the Solution or any of its components or its related documentation; or refer to or otherwise use the Solution or any of its components as part of any effort to develop software or services (including, without limitation, any routine, script, code, or program) having any functional attributes, visual expressions, or other features similar to those of the Solution or any of its components or to compete with Morphisec; (v) except with Morphisec’s prior written permission, publish any performance or benchmark tests or analysis relating to the Solution or any of its components; (vi) obtain unauthorized access to the Solution or any of its components; (vii) use any automated systems or other methods, such as "robots" or "spiders", that are intended to flood the Solution or any of its components with requests or communications or otherwise overburden the Solution or the infrastructure on which it operates; (viii) use or launch any data mining or similar data gathering and extraction tools in connection with the Solution or any of its components; (ix) use the Solution or any of its components in any manner that is in violation of this Agreement or any applicable law or regulation; (x) run or operate the End Point Software or Management Back End Software on a cloud, Internet-based computing, or similar on-demand computing environment unless your Sales Order specifically provides for such use; or (xi) attempt to do any of the foregoing.
2.3 Usage Limitation. The Customer’s use of the Solution may be subject to usage limits as specified in the Sales Order, including, for example, the quantities of End Points or the type of product. If Customer exceeds a contractual usage limit, based on Morphisec’s audit of active users and activities of the users, Morphisec will be entitled to bill the Customer for any such excess usage.
2.4 Purchase through Authorized Partner(s). This Agreement applies whether Customer purchases the Solution directly from Morphisec or through Morphisec's authorized resellers, distributors, or other sales channels (“Authorized Partner(s)”), except that in the event that Customer purchases the Solution from an Authorized Partner, fees will be paid by Customer to the Authorized Partner in accordance with the terms agreed between them. Customer hereby acknowledges that Authorized Partners are not authorized to make any promises, commitments, or warranties on behalf of Morphisec, and Morphisec is not bound by any obligations to Customer other than as expressly specified in this Agreement.
3. REGISTRATION. Customer acknowledges that certain functionalities of the Solution may require registration in order to be able to enjoy such functionalities. Morphisec reserves the right to decide which functionalities now require or in the future will require registration. The registration process may require Customer to provide information regarding (but not limited to) its or its organization’s name, e-mail address, phone number, country of origin and other information. By performing the registration, Customer represents and warrants that all registration information it submits is accurate and truthful and that it agrees to update and maintain the accuracy of such information.
4. VULNERABILITY MANAGEMENT TOOL. If Customer is given access to Morphisec’s vulnerability management tool as part of the Solution, then this Section 4 shall apply as well. For the purpose of providing the vulnerability management tool, the Customer specifically allows Morphisec to monitor the use by its applicable End Points of certain applications. Furthermore, Customer acknowledges that: (i) Morphisec does not assume responsibility to update and maintain Customer’s various applications; (ii) Morphisec makes use of vulnerability lists published by third parties in order to provide the reference vulnerabilities specified in such tool with respect to each application, and assumes no liability as to such information, including for its accuracy and for any recommendations relying thereon; and (iii) any prioritization suggested is a recommendation only, which is based on criteria and considerations which Morphisec’s may decide at its discretion – in accordance, Morphisec makes no assurances that the implementation of such recommendations will achieve any certain results, and Customer alone shall be responsible for deciding whether to act upon such recommendation and for the implementation of such recommendations.
5. EVALUATION USE AND BETA FEATURES. This entire Section 5 shall only apply if the Customer has obtained a trial or evaluation version of the Solution as part of an approved evaluation (unless Morphisec has explicitly approved in advance and in writing that the Solution has been provided as part of an evaluation, the Solution shall NOT be deemed to be provided as part of an evaluation and this Section shall not apply), or if Customer is using features of the Solution designated as ‘beta’, ‘pre-release’ or other similar designations (“Beta Features”).
5.1 If Customer has obtained the Solution for evaluation use, the Customer can use it for up to the evaluation period agreed in writing with Morphisec, and if none was agreed in writing, 30 days (the applicable period shall be referred to as the “Evaluation Period”) for internal use at Customer’s premises with respect to no more than five distinct End Points (unless explicitly agreed otherwise in writing with Morphisec), and for the sole purpose of evaluation and determining whether it meets Customer’s requirements, subject to the provisions set forth herein. THE SOLUTION PROVIDED HEREUNDER IS NOT FREE. At the end of the Evaluation Period, Customer must either purchase a full, non-evaluation license to the Solution and pay all applicable Fees in respect thereto or discontinue using the Solution by immediately erasing it and any of its components from Customer’s systems. Using the Solution after the Evaluation Period shall be deemed to be your consent to purchase a full, non-evaluation license to the Solution, and to pay any applicable Fee in accordance with this Agreement. Using the Solution after the Evaluation Period without payment of the applicable Fees is strictly prohibited and shall constitute a violation of Morphisec's rights hereunder. Furthermore, if Customer executes a Sales Order for paid use of the Solution prior to the end of the Evaluation Period, the Evaluation Period shall automatically terminate upon such execution date.
5.2 Morphisec may, at Morphisec’s sole discretion offer Customer the opportunity to use new Beta Features from time to time (as integrated features of the Solution). Morphisec shall further have sole discretion to determine the availability period of any Beta Feature, and does not provide any guarantee with respect to the continuation of availability of any Beta Feature (or that such Beta Feature will later be offered for non-beta use). Customer can opt-out of generally using any Beta Features or decline the use of a specific Beta Feature by changing the Customer’s preferences in the Management Security Center or the Management Back End Software (as applicable).
5.3 Morphisec shall have no liability and provides no warranty of any kind whatsoever for any use by Customer of the trial or evaluation version of the Solution during the Evaluation Period or for the use of the Beta Features, and accordingly, Sections 6 and 14 hereunder shall not apply with respect thereto. AS THE CUSTOMER DOES NOT MAKE ANY PAYMENTS DURING THE EVALUATION PERIOD AND/OR WITH RESPECT TO THE BETA FEATURES, MORPHISEC SHALL NOT HAVE ANY LIABILITY WITH RESPECT TO SUCH USE AND CUSTOMER’S SOLE REMEDY WITH RESPECT TO USE OF THE SOLUTION DURING THE EVALUATION PERIOD OR ANY USE WHATSOEVER OF BETA FEATURES WILL BE TO TERMINATE THE EVALUATION PERIOD AND CEASE USE OF THE SOLUTION OR THE APPLICABLE BETA FEATURE.
6. SERVICES. Customer will provide all cooperation and assistance reasonably requested by Morphisec to perform any Services.
6.1 Maintenance and Support; Availability. Morphisec's standard Maintenance and Support Policy (as in effect from time to time, which can be found at https://www.morphisec.com/maintenance-and-support) shall apply with respect to any maintenance and support Services provided (as such are defined in such policy), as well as with respect to Morphisec’s warranty regarding the availability of access to the Management Security Center.
6.2 Professional Services. Unless Customer has purchased professional services, according to a separate professional services agreement entered between the parties, and paid the applicable fees, Morphisec has no obligation to provide Customer with any professional Services in connection with the Solution, including, without limitation, any implementation and/or training services.
7. OWNERSHIP. As between the parties, Morphisec owns and shall retain at all times all right, title and interest, including without limitation all patents, copyrights, trade secrets, trademarks, and other intellectual property and proprietary rights in and to the Solution (or any part thereof).
8. OPEN SOURCE. Certain items of software included within the Solution are subject to third parties’ “open source” or “free software” licenses (“Open Source Software”). A list of such Open Source Software is accessible from the Solution. Some of the Open Source Software is owned by third parties. The Open Source Software is not subject to the terms and conditions of this Agreement. Instead, each item of Open Source Software is licensed under the terms of the end user license that accompanies such Open Source Software, as set forth in the list of Open Source Software accessible from the Solution as aforesaid. Nothing in this Agreement limits Customer's rights under, or grants Customer rights that supersede, the terms and conditions of any applicable end user license for the Open Source Software.
9.1 Payments. Customer will pay to Morphisec any applicable fees set forth in the applicable Sales Order as a preliminary condition to any use of the Solution and receipt of any Services (“Fees”). Fees shall be paid by Customer to the Authorized Partner in accordance with the terms agreed between them or to Morphisec in accordance with the terms agreed in each Sales Order as may be the case. Regardless of the Fees agreed for the Initial Subscription Term or any Renewal Term, Morphisec reserves the right to increase the Fees which apply with respect to any following Renewal Subscription Term (as defined below), subject to provision of a written notice to Customer by no later than 45 days’ prior to the commencement date of such Renewal Subscription Term.
9.2 Taxes. All Fees payable under this Agreement are net amounts, exclusive of any sales, value added, and other similar taxes. Customer shall exclusively bear all national, state, or local excise, sales, use, withholding, value-added, or other taxes or duties (except for taxes based on Morphisec’s net income) arising out of this Agreement.
9.3 Except where expressly specified otherwise herein, all Fees payable under this Agreement are non-cancellable and non-refundable.
10. DATA COLLECTION AND USE; PRIVACY.
10.1 Morphisec informs Customer that for the purposes specified herein Morphisec may from time to time collect, and the Solution automatically collects, data and other information from Customer's systems (which may also be transmitted in turn to Morphisec Servers) or from Morphisec Servers directly, including without limitation (i) information about Customer’s deployments and scope of use, attack logs/files, IOCs, and other attack information, suspicious files names, software in use, and other related information and data (collectively, “Log Data”), as well as (ii) other information collected or received from Customer in its use of the Solution, as part of support processes, or in the registration process (alongside Log Data, “Customer Data”). Morphisec will use and transfer Customer Data solely for the purposes of (a) detecting, analyzing, preventing and reporting threats, (b) solving bugs, (c) providing support and maintenance, (d) improving its existing products and services, or creating new offerings, (e) generating internal studies as well as using and publishing insights and reports attained from analysis of Log Data (in aggregated anonymized form, alongside the Log Data of others), (f) quality assurance, (g) verifying the compliance of users with this Agreement, or as otherwise explicitly permitted herein.
10.2 As between the parties, Customer retains all of its title and interest in and to its Customer Data. Customer agrees however that Morphisec may, without limitation of time (including after termination of the Agreement) use and disclose Log Data in aggregated anonymized form for the purposes specified herein.
10.3 To the extent Customer Data contains personally identifying information under applicable privacy and data protection laws and regulations (Log Data is not expected to contain personally identifying information, but it may), Morphisec will process such personally identifying information in accordance with the Data Processing Addendum attached hereto as Exhibit A.
11.1 The parties acknowledge that, in connection with the performance of this Agreement, they may receive or be exposed to certain confidential or proprietary technical and business information and materials of the other party (“Confidential Information”). Without limitation, non-public information relating to Morphisec’s products, services, technology, know-how, specifications, designs, formulations, software, equipment, developments, and/or working methods shall be considered Confidential Information of Morphisec, and Customer Data shall be considered Confidential Information of Customer.
11.2 Both parties shall: (i) hold and maintain in strict confidence all Confidential Information of the other; and (ii) not use any Confidential Information except as permitted by this Agreement or as may be necessary to perform its obligations under this Agreement. The parties will use at least the same degree of care to protect the Confidential Information as it uses to protect its own Confidential Information of like importance, and in no event less than reasonable care. A party may provide Confidential Information only to those employees and contractors and other third parties who have a need to know hereunder, or as otherwise explicitly permitted hereunder, and in all cases provided such are bound by confidentiality obligations no less strict than those herein.
11.3 Notwithstanding the foregoing, Confidential Information will not include any information that: (i) is or becomes generally known or is or becomes part of the public domain through no fault of the receiving party; (ii) the disclosing party authorizes in writing shall not be deemed Confidential Information; (iii) is rightfully received by a receiving party from a third party without restriction on disclosure and without breach of this Agreement; or (iv) is known to the receiving party on the Effective Date from a source other than the disclosing party, and provided such source is not subject to the confidentiality obligation to the disclosing party.
12. CUSTOMER INFRASTRUCTURE. Customer acknowledges that the proper operation of the Solution requires the use by Customer of certain systems and infrastructure, including without limitation internet, network and telecommunication infrastructure, as specified in the Solution documentation or as otherwise provided by Morphisec from time to time, and Customer alone shall be required to ensure its compliance with such requirements for use of the Solution. Morphisec shall have no liability whatsoever for Customer’s failure to comply with such requirements.
13. THIRD PARTY HOSTING INFRASTRUCTURE. Customer acknowledges that Morphisec uses third party cloud infrastructure and related third party services and resources (collectively “Third Party Hosting Services”) in order to provide the use of the Solution under a SAAS License. Notwithstanding anything to the contrary herein, Morphisec makes no representations or warranties with respect to Third Party Hosting Services, and Morphisec shall have no responsibility whatsoever with respect to Third Party Hosting Services, including without limitation with respect to lack of availability, performance failures, or security breaches of such Third Party Hosting Services. Without derogating from the generality of the above, Morphisec shall have no liability whatsoever for any loss, damage or expense (including without limitation for loss of data), which may be incurred by the Customer due to such Third Party Hosting Services (even, for avoidance of doubt, if Customer would not have incurred such loss, damage or expense had it not used the Solution or had the Solution not relied upon such Third Party Hosting Services).
14. WARRANTY; DISCLAIMERS; SOLE REMEDY.
14.1 Warranty. Morphisec represents and warrants that for 90 days after the Effective Date of this Agreement, the Solution will materially comply with the written documentation provided by Morphisec.
14.2 Disclaimer. EXCEPT AS PROVIDED SPECIFICALLY IN SECTION 14.1 ABOVE, MORPHISEC PROVIDES THE SOLUTION “AS IS”, WITHOUT ANY WARRANTY OF ANY KIND WHATSOEVER. MORPHISEC DISCLAIMS, TO THE FULLEST EXTENT PERMITTED BY LAW, ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF ANY INTELLECTUAL PROPERTY, PATENTS OR OTHER THIRD PARTY RIGHT, AS WELL AS ANY WARRANTIES REGARDING SUITABILITY FOR USE WITH THIRD PARTY PRODUCTS OR PERFORMANCE OF THE SOLUTION. MORPHISEC DOES NOT WARRANT THAT THE SOLUTION WILL OPERATE WITHOUT INTERRUPTION OR ERROR FREE. CUSTOMER FURTHER UNDERSTANDS THAT NO CYBER SOLUTION CAN DETECT ALL THREATS, AND MORPHSIEC CANNOT ASSURE THAT THE SOLUTION WILL DETECT ALL THREATS OR MAKE ALL INTELLIGENCE FINDINGS THAT APPLY TO THE CUSTOMER.
14.3 Sole Remedy. FOR ANY CLAIM BROUGHT UNDER THIS SECTION 14 (OR OTHERWISE UNDER THIS AGREEMENT), MORPHISEC’S SOLE AND EXCLUSIVE OBLIGATION AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WILL BE FOR MORPHISEC, AT ITS SOLE OPTION AND EXPENSE, TO REPAIR OR REPLACE THE APPLICABLE COMPONENT OF THE SOLUTION SO THAT IT COMPLIES WITH THE WARRANTY IN SECTION 14.1. IF MORPHISEC DETERMINES, AT ITS SOLE DISCRETION, THAT NEITHER OF THOSE ALTERNATIVES IS PRACTICAL OR OTHERWISE REASONABLY AVAILABLE, CUSTOMER WILL DELETE THE END POINT SOFTWARE, TERMINATE ITS ACCESS TO THE MANAGEMENT SECURITY CENTER OR THE MANAGEMENT BACK END SOFTWARE AND CEASE USING THE SOLUTION, AND MORPHISEC WILL REFUND TO CUSTOMER OR TO THE RELEVANT AUTHORIZED PARTNER, AS APPLICABLE, THE RESPECTIVE PORTION OF THE FEES PAID TO MORPHISEC FOR THE SOLUTION.
15. LIMITATION ON LIABILITY. IN NO EVENT WILL MORPHISEC BE LIABLE FOR CONSEQUENTIAL DAMAGES OF ANY KIND, INCLUDING, WITHOUT LIMITATION, INDIRECT, INCIDENTAL, PUNITIVE, EXEMPLARY OR SPECIAL DAMAGES (INCLUDING LOSS OF USE, DATA, BUSINESS OR PROFITS) ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE USE OF OR INABILITY TO USE OR ACCESS THE SOLUTION OR ANY OF ITS COMPONENTS OR FOR ANY ERROR OR DEFECT IN THE SOLUTION OR ANY OF ITS COMPONENTS, WHETHER SUCH LIABILITY ARISES FROM A CLAIM BASED UPON CONTRACT, TORT OR OTHERWISE, AND WHETHER OR NOT EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. IN NO EVENT WILL MORPHISEC’S LIABILITY TO CUSTOMER FOR ALL CLAIMS ARISING FROM THIS AGREEMENT (IN THE AGGREGATE) EXCEED THE AMOUNTS ACTUALLY PAID HEREUNDER TO MORPHISEC WITHIN THE SIX MONTHS PERIOD PRECEDING THE FIRST EVENT LEADING TO LIABILITY HEREUNDER. THE PARTIES HAVE AGREED THAT THESE LIMITATIONS WILL APPLY EVEN IF ANY WARRANTY SPECIFIED IN THIS AGREEMENT FAILS OF ITS ESSENTIAL PURPOSE.
16. TERM AND TERMINATION.
16.1 Term. This Agreement will commence on the Effective Date and will continue for as long as there is an active license to the Customer (the “Term”). Customer’s license to the Solution shall be for the duration stated in the applicable Sales Order (the “Initial Subscription Term”), and thereafter such license shall renew for additional successive periods identical in length to the Initial Subscription Term (each a “Renewal Subscription Term”; and collectively with the Initial Subscription Term, the “Subscription Term”), unless either Party notifies the other in writing no less than thirty (30) days prior to the end of the Initial Subscription Term or the then current Renewal Subscription Term (as applicable) of its intention not to renew.
16.2 Termination. Without derogating from any other remedy that Morphisec may be entitled to under any applicable law, Morphisec may immediately terminate this Agreement and the licenses granted hereunder and/or immediately repossess components of the Solution not already in its possession, and/or disable, suspend or terminate Customer’s access to the Solution, all without any liability towards Customer, if Customer breaches this Agreement, including but not limited by failing to pay any Fees hereunder when due, and fails to cure such breach within 7 days’ written notice.
16.3 Effect of Termination. Upon any termination or expiration of this Agreement, the rights and licenses granted to Customer under this Agreement will automatically terminate, the Solution shall cease being available to Customer, and all outstanding Fees will immediately become due and payable. Upon such termination, Customer shall immediately cease using any components of the Solution residing on its systems, and will promptly erase them, and certify in writing to Morphisec that such components and all related materials (including any Confidential Information of Morphisec) have been destroyed and are no longer in its use. The provisions of Sections 4, 5, 7, 9-11, 14.3, and 15, and any other right, obligation, or provision under this Agreement that, by its nature, should survive termination, will survive any termination or expiration of this Agreement.
17. Compliance with Export Control Laws. Customer acknowledges that the Solution may be subject to the export control laws and regulations of Israel and the United States, and agrees to abide by any such laws and regulations as such may apply from time to time.
18.1 Entire Agreement. This Agreement is the entire and exclusive agreement of the parties with respect to the subject matter hereof, supersedes all prior written or oral understandings relating thereto, and shall survive the expiration or termination of any other agreement between the parties. This Agreement may not be modified except by a written instrument signed by a duly authorized representative of each party hereto.
18.2 In the event of invalidity of any provision of this Agreement, the parties agree that such invalidity shall not affect the validity of the remaining portions of this Agreement, and further agree to substitute for such invalid provision a valid provision that most closely approximates the intent and effect of the invalid provision. Any failure to enforce any provision of this Agreement shall not constitute a waiver of any term hereof.
18.3 Authorization; Compliance with Laws. The parties represent and warrant that each party has all requisite corporate power and authority to enter into
this Agreement and perform its obligations hereunder. Each party will comply with all laws and regulations applicable to its activities under this Agreement.
18.4 Independent Contractors. The parties expressly agree that they are independent contractors and do not intend for this Agreement to be interpreted as an agency, joint venture, or partnership relationship between the parties. Neither party’s waiver of the breach of any provision shall constitute a waiver of the provision in that or any other instance.
18.5 Assignment. Neither party may assign this Agreement, in whole or in part, without the other party’s prior written consent; provided however that, Morphisec shall be entitled to assign this Agreement at any time without such consent in case of an assignment (i) by operation of law or otherwise, in connection with a merger, consolidation, or the sale of all or substantially all of its applicable assets, or business, or (ii) to an affiliate of Morphisec.
18.6 Publicity. Morphisec may use Customer’s logo to identify Customer as a customer of Morphisec in Morphisec’s promotional materials and website. Customer further agrees to collaborate with Morphisec on developing joint marketing materials, such as case-study or press releases, provided that any marketing content will be mutually decided and agreed upon.
18.7 Cooperation and Feedback. Morphisec shall be free to use any feedback or input provided by the Customer with respect to the Solution or any Beta Features, without any obligation to the Customer.
18.8 Equitable Relief. Each party acknowledges that a breach by the other party of Sections 2, 7 or 11 of this Agreement would cause the non-breaching party irreparable harm, for which the award of damages would not be adequate compensation. Consequently, the non-breaching party may institute an action to enjoin the breaching party from any and all acts in violation of those provisions, which remedy shall be cumulative and not exclusive, and either party may obtain an injunction enjoining any breach or threatened breach of those provisions, in addition to any other relief to which the non-breaching party may be entitled at law or in equity.
18.9 Governing Law and Jurisdiction. This Agreement shall be governed by and construed in accordance with the following: (a) if Customer at the time of purchase is located or established (if Customer is a corporation) in the USA, South America or Canada, this Agreement shall be governed by, subject to and construed in accordance with the laws of the State of New York, excluding its conflict of laws provisions and the parties unconditionally and irrevocably consent to the exclusive jurisdiction of the courts located in New York City, New York, or (b) if Customer at the time of purchase is located or established (if Customer is a corporation) in European Union, Norway, Switzerland, Japan, India, New Zealand or Australia this Agreement shall be governed by, subject to and construed in accordance with the laws of England and Wales and the parties unconditionally and irrevocably consent to the exclusive jurisdiction of the courts located in London, England, or (c) otherwise, this Agreement shall be governed by, and construed in accordance with, the laws of the State of Israel and the parties unconditionally and irrevocably consent to the exclusive jurisdiction of the courts located in Tel-Aviv, Israel.
18.10 Notices. Any notice required or permitted to be sent under this Agreement shall be in writing and shall either be (i) personally delivered or sent by certified mail, return receipt requested, postage prepaid, to the addresses set forth above or to such other address as provided in writing, and shall be deemed to have been received upon the earlier of actual receipt or 5 days after deposit in the mail; or (ii) sent by facsimile or email and deemed to have been received on the date of the facsimile or email confirmation.
18.11 Force Majeure. Except for the obligations to pay Fees due in connection with the subscription, neither party will be responsible for any failure to perform or delay in performance attributable in whole or in part to any cause beyond its reasonable control, including but not limited to acts of God (fire, storm, floods, earthquakes, etc.), civil disturbances, disruption of telecommunications, disruption of power or other essential services, interruption or termination of service provided by any service providers being used by Morphisec, labor disturbances, vandalism or any malicious or unlawful acts of any third party.
Exhibit A – Data Processing Addendum
1. GENERAL. This Addendum applies to the processing of personal data through the Solution, in the scope of the Agreement. The term “Data Protection Law” shall mean all applicable worldwide legislation relating to data protection and privacy that applies to the respective party in the role of Processing Personal Data including the GDPR, CCPA, and the Privacy Protection Law and Regulations of Israel. Other terms used in this Addendum not otherwise defined in this Addendum or the Agreement shall have meanings ascribed to them in GDPR.
2. DATA CONTROLLER AND DATA PROCESSOR.
2.1. The Customer (the “Data Controller”, “Controller”, or “Customer”) will determine the scope, purposes, and manner by which the Personal Data may be accessed or processed by Morphisec. Morphisec (the “Data Processor” or “Morphisec”) will process the Personal Data only as outlined in Customer’s written instructions, to the extent that this is required for the provision of the Services including, as outlined in this Addendum, or required to comply with a legal obligation to which Morphisec is subject. Morphisec shall immediately notify the Customer if, in its opinion, an instruction infringes Data Protection Laws. Such notification will not constitute a general obligation on the part of Morphisec to monitor or interpret the laws applicable to the Data Controller, and such notification will not constitute legal advice to the Customer.
2.2. Morphisec shall be allowed to exercise its own discretion in the selection and use of such means as it considers necessary to pursue the Customer’s purposes. Customer warrants that it has all necessary rights to provide the Personal Data to Morphisec for the Processing to be performed in relation to the Services, and that one or more lawful bases set forth in the relevant Data Protection Law support the lawfulness of the Processing. To the extent required by Data Protection Law, the Customer is responsible for ensuring that all necessary privacy notices are provided to data subjects.
3. CONFIDENTIALITY. Morphisec shall ensure that all personnel engaged in processing Personal Data have signed an appropriate confidentiality agreement.
4. SECURITY AND AUDIT.
4.1. Considering the state of the art, the costs of implementation, and the nature, scope, context, purposes of the processing, and risk, Customer and Morphisec shall implement appropriate technical and organizational measures to ensure a level of security of the processing of Personal Data appropriate to the risk.
4.2. At the request of the Customer, Morphisec shall demonstrate the security measures it has taken and shall allow the Customer to audit and test such measures and provide access to any information relating to the Processing of Personal Data. The Customer shall be entitled on giving at least 30 days’ notice to Morphisec to carry out or have carried out by a third party (which shall not be a competitor of Morphisec) audits of Morphisec’s premises and operations as these relate to the Personal Data. Customer and/or auditor shall maintain the Audit Information strictly confidential. If such audits entail material costs or expenses to Morphisec, the Customer shall reimburse Morphisec for such costs and expenses.
4.3. Morphisec shall be entitled to provide the Customer a copy of an annual audit report from an independent reputable third party regarding Morphisec’s data processing and data protection measures, as a substitute for the audit detailed above.
5. DATA TRANSFERS.
5.1. Customer acknowledges and agrees that Morphisec may access and Process Personal Data on a global basis as necessary to provide the Solution in accordance with the Subscription Agreement. Annex 1 provides a list of transfers for which the Customer grants its authorization upon the conclusion of this Addendum.
5.2. Personal Data may be transferred from the EEA or the UK to countries that offer an adequate level of data protection pursuant to the adequacy decisions, without any further safeguard being necessary. If the processing of Personal Data includes transfers from the EEA or the UK to countries outside the EEA or the UK which have not been subject to an adequacy decision, the Parties shall execute Standard Contractual Clauses adopted by the relevant authority or comply with any of the other mechanisms provided for in the applicable Data Protection Law. It is acknowledged that if Customer explicitly chooses to transfer Personal Data to non-adequate jurisdictions through the Solution, Morphisec shall have no liability whatsoever in connection with such transfers and Customer shall indemnify Morphisec for any claim or loss in connection therewith.
5.3. For clarification purposes, any transfer of Personal Information is permitted in connection with an assignment of the Agreement, provided that the assignee shall be subject to the terms of this Addendum or obligations at least equivalent to such.
6. INFORMATION OBLIGATIONS AND INCIDENT MANAGEMENT. When Morphisec becomes aware of a Personal Data Breach it shall promptly notify the Customer about the incident, shall cooperate with the Customer, and shall follow the Customer’s instructions with regard to such incidents. Customer acknowledges that when information about the incident is not available to Morphisec, it will be provided in phases in accordance with its availability to Morphisec. Customer and Morphisec will cooperate in good faith on issuing any statements or notices regarding such Personal Data incidents, to relevant supervisory authorities and Data Subjects; however, it is clarified that Customer remains responsible for the submission of such notifications.
7. CONTRACTING WITH SUB-PROCESSORS.
7.1. Customer hereby authorizes Morphisec to engage Sub-processors listed in Annex 1 for the Solution-related Data Processing activities. Morphisec may add any new or substitute Sub-processor to this Annex, by providing notice to the Customer at least seven (7) days in advance, in which case the Customer shall have the right to object, on reasoned grounds (related to Data Protection Laws). Failure to object in writing within seven (7) days following the notice shall be deemed as acceptance of the new Sub-processors.
7.2. Morphisec shall ensure that each of its Sub-processors is bound by data protection obligations compatible with those of Morphisec under this Addendum.
8. RETURNING OR DESTRUCTION OF PERSONAL DATA. Upon termination of the Agreement, upon the Customer’s written request, Morphisec shall, either delete, destroy or return all Personal Data to the Customer. To the extent required, Morphisec may retain one copy of the Personal Data for evidence purposes and/or for the defense of legal claims and/or to comply with applicable laws and regulations.
9. ASSISTANCE TO DATA CONTROLLER. Morphisec shall reasonably assist the Customer, given the nature of processing and the information available to Morphisec, with its obligations under applicable Data Protection Law insofar as this is possible, at the Customer’s cost. Morphisec shall reasonably assist the Customer with responding to requests from data subjects concerning their data subject rights. If data subjects request is made directly to Morphisec, Morphisec shall inform the requestor that it is not authorized to respond and recommend the requestor to reach out to the Customer. It is acknowledged that to the extent that the Solution provides for self-service access, rectification and deletion functions with respect to Personal Data processed by Morphisec, as set forth in the documentation, such functions shall constitute the full and final assistance provided by Morphisec to the Customer.
10. LIABILITY AND INDEMNITY.
10.1. Customer indemnifies Morphisec and holds Morphisec harmless against all claims, actions, third party claims, losses, damages, and expenses incurred by Morphisec as a Data Processor arising out of a breach of this Data Processing Agreement.
10.2. The liability of each party and each party’s Affiliates for any claims brought by a party or its Affiliates under this Addendum, whether in contract, tort or under any other theory of liability, shall be subject to the exclusions and limitations of liability set out in the Agreement and such provisions of the Agreement shall not be modified by this Addendum.
11. DURATION AND TERMINATION. Morphisec shall process Personal Data until the date of expiration or termination of the Agreement, unless instructed otherwise by Customer, or until such data is returned or destroyed on the instruction of the Customer.
12.1. In the event of any inconsistency between the provisions of this Addendum and the provisions of the Agreement, the provisions of this Addendum shall prevail.
12.2. All miscellaneous provisions set out in the Agreement shall apply to this Addendum as well.
13. CALIFORNIA CONSUMER PRIVACY ACT.
13.1. This Section 13 applies to the extent that the Service involves processing personal information governed by the California Consumer Privacy Act of 2018 (“CCPA”) (Cal. Civ. Code §1798.100 et seq.), as may be amended or superseded from time-to-time, and any accompanying legally binding regulations that are promulgated to address provisions in the law.
13.2. The following terms shall have the meaning attributed to under the CCPA: “consumer”, “personal information”, “processing”, “sell”, and “service provider”.
13.3. Morphisec will not sell any Consumer Personal Information received from the Customer.
13.4. Morphisec shall not retain, use, or disclose Customer’s personal information for: (i) any purpose other than properly operate the Solution for Customer or as reasonably necessary to provide the Solution to Customer; (ii) ‘selling’ Customer’s personal information; or (iii) retaining, using, or disclosing the Customer’s personal information outside of the direct business relationship between the parties.
Morphisec certifies that it understands the restriction specified in this article and will comply with it. Notwithstanding the foregoing, Morphisec may use, disclose, or retain Customer personal information to: (i) transfer the personal information to other Morphisec’s entities (including, without limitation, affiliates and subsidiaries), service providers, third parties and vendors, in order to provide the Morphisec Service to Customer; (ii) to comply with applicable laws; (iii) to defend legal claims or comply with a law enforcement investigation; (iv) for internal use by Morphisec to build or improve the quality of its services and/or for any other purpose permitted under the CCPA; (v) to detect data security incidents or protect against fraudulent or illegal activity; or (vi) to collect and analyze anonymous information.
Annex 1: Sub-processors
APPROVED SUB-PROCESSORS. The Customer agrees that general written authorization shall apply to Morphisec processing of personal data using Sub-processors and that the list of Sub-processors set out is agreed. The list of agreed Sub-processors shall apply for the duration of the Service provision, and such list may be updated in accordance with the written procedure agreed between the parties.
|NAME OF SUB-PROCESSOR||LOCATION||DESCRIPTION OF PROCESSING|
** The storage default will be local, unless otherwise explicitly requested by the Customer or is not reasonably feasible without any burden cost to Morphisec.
|Hosting services for the SAAS License|
|Pendo.io||EU||Product usage analytics|
|DataDog (for Morphisec Security Console 2)||US||System logs and monitoring|
|MongoDB (for Morphisec Security Console 2)*||
|Data storage and management|
|FrontEgg (for Morphisec Security Console 3)*||EU
|User management component|
|Elastic (for Morphisec Security Console 3)*||EU
|Data storage and management|
|Redis (for Morphisec Security Console 3)*||EU
|Short term data storage and management|
*Per to chosen location of AWS, to the extent applicable.
The Customer shall on the commencement of the Addendum authorize the use of the abovementioned Sub-processors for the processing described for that party.