Get that baseline of Security
We believe that we exist to secure the connected and grant the opportunity of a better online life. Penetration testing helps you achieve that.
We demonstrate this in the way we conduct our Penetration Testing. Just running a bunch of scripts from a Kali installed laptop is not pentesting. We us experience, skill, research and human intuition to provide the best penetration testing on the market.
Secure GI Master Agreement
IF YOU DO NOT WISH TO ACCEPT THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORISED TO DO SO PLEASE CLICK THE “REJECT” OR “DECLINE” OR OTHER SIMILAR BUTTON AND DO NOT PROCEED TO DOWNLOAD, INSTALL OR USE THIS PRODUCT.
SECURE GI MASTER AGREEMENT
This Master Agreement (this “Agreement”) is between Hedgehog Security (as defined below), and you, the party licensing Software and/or receiving Services (“You” or “Customer”) with an effective date as of the date You click to accept these terms (the “Effective Date”). Hereinafter each of Hedgehog and Customer may be referred to collectively as the “Parties” or individually as a “Party”.
(a) “Affiliate” means any entity that controls, is controlled by, or is under common control with a Party. “Control” shall mean: (1) ownership (either directly or indirectly) of greater than fifty percent (50%) of the voting equity or other controlling equity of another entity; or (2) power of one entity to direct the management or policies of another entity, by contract or otherwise.
(b) “Documentation” means the then-current official user manuals and/or documentation for the Products available.
(c) “Hosted Services” are a type of service offered through the hedgehogsecurity.gi, hedgehogsecurity.co.uk and hedgehogsecurity.com (SaaS) platforms and include Scans and access to and use of the hosted environment (the “Hosted Environment”).
(d) “Product(s)” means any of the products that Hedgehog offers, including Software, Hosted Services, Support Services and Professional Services.
(e) “Professional Services” means services purchased, including consulting services which are relevant to the implementation and configurations of Hedeghog Products as well as on-site or virtual training courses. Generally, Professional Services are defined either in a separate SOW or a Services Brief. Professional Services do not include the Hosted Services or Support Services.
(f) “Scan(s)” are a function performed by the Software and/or the Hosted Services on Scan Targets, which are conducted in order to provide data to Customer regarding its network security. “PCI Scans” are a specific type of Scan designed to assess compliance with the Payment Card Industry Data Security Standard. “Scan Data” is the resulting information created by the Scan. “Scan Target(s)” are the targets or subjects of a Scan.
(g) “Services Brief” means the document which outlines Hedgehog’s basic, pre-packaged, non-customized, installation, or training Professional Services offered under a Hedgehog SKU and which do not require a separate SOW. For the avoidance of doubt, Customer may purchase commercial off the shelf SKU-based Professional Services without executing a separate Statement of Work. A “SOW” or “Statement of Work” shall further describe Professional Services, the terms of which may be customized and which shall require execution by the Parties.
(h) “Software” means each software product made available by Hedgehog under this Agreement for download. Software includes patches, updates, improvements, additions, enhancements and other modifications or revised versions of the same that may be provided to Customer by Hedgehog from time to time.
(i) “Hedgehog” means: (i) Hedgehog Security Ltd., if Customer is a commercial entity or individual located in United Kingdom of Great Britain (Hedgehog Security Ltd. Company Number: 09866739 | VAT: GB236184507 | Registered: 11th November 2015. Governed by the CREST and registered in England and Wales. Our registered UK office is at The Lab, Teanford House, Teanford, Upper Tean, Staffordshire, ST10 4ES.); (ii) Hedgehog Security Ltd., if Customer is a commercial entity or individual located in Gibraltar (Company Number: 115136 | Registered: 20th November 2016. Governed by the CREST and registered in Gibraltar. Our registered address, is 1.02, Suite 256, World Trade Center, GX11 1AA, Gibraltar.
Orders and Transactions.
(a) Reseller Transactions. If Customer purchases Hedgehog Products through an authorized Hedgehog reseller (a “Reseller”), all terms related to pricing, billing, invoicing and payment (“Payment Terms”) set forth in this Agreement (if any) shall not apply. For the avoidance of doubt, all such Payment Terms shall be as agreed to between Customer and Reseller. To place an order, Customer shall provide the Reseller with a purchase order (or other similar document acceptable to Reseller) in response to a valid quote from such Reseller. Following Reseller’s receipt of such purchase order, Hedgehog shall issue a sales order confirmation or other similar order acceptance document (the “Ordering Document”). No order shall be deemed accepted by Hedgehog until Hedgehog issues the Ordering Document. The Ordering Document shall set forth all Products (and corresponding licensing metrics) purchased by Customer.
(b) Direct Transactions. If the Parties have agreed to transact directly, the following Payment Terms shall apply. Customer agrees to pay all amounts due as specified in a Hedgehog invoice. Fees for Hosted Services are charged for access to the Host Environment (as defined herein), not actual usage. Customer further agrees to pay for actual travel and living expenses for Professional Services where Hedgehog is conducting on-site work. Payment is due within thirty (30) days from the date of Hedgehog’s invoice to Customer. Customer will pay directly or reimburse Hedgehog for any taxes (including, sales or excise taxes, value added taxes, gross receipt taxes, landing fees, import duties and the like), however designated and whether foreign or domestic, imposed on or arising out of this Agreement. Notwithstanding the foregoing, Hedgehog will be solely responsible for its income tax obligations and all employer reporting and payment obligations with respect to its personnel. Customer agrees to pay Hedgehog without deducting any present or future taxes, withholdings or other charges except those deductions it is legally required to make. If Customer is legally required to make any deductions or withholding, Customer agrees to provide evidence of such withholding upon request. If a certificate of exemption or similar document or proceeding is necessary in order to exempt any transaction from a tax, Customer shall provide such certificate or document to Hedgehog.
(c) Delivery and Installation. Delivery of Hedgehog Products (“Delivery”) shall be deemed to occur on the date of availability for electronic download or electronic access. Hedgehog has no duty to provide installation services for Hedgehog Products unless installation services are purchased separately.
Term and Termination.
(a) Agreement Term. This Agreement shall commence upon the Effective Date and continue until terminated in accordance with the terms set forth herein.
(b) License Term and Renewals. The “License Term” is the term of the license or subscription for Products as set forth in the Ordering Document. If this Agreement has been signed by both Parties, then unless otherwise agreed to in writing, any renewal License Term shall be governed by the terms set forth herein. If this Agreement has been accepted via shrinkwrap or click-through, upon any renewal of the License Term, the terms then in effect, will come into effect and govern the term of such renewal. Customer agrees that use of the Products at the time of such renewal will be deemed full and adequate acceptance of the updated terms.
(c) Termination for Cause. Either Party may terminate this Agreement for cause if the other Party materially breaches this Agreement provided that such breaching Party has received written notice of such breach and failed to cure such breach within thirty (30) days. If this Agreement is terminated for cause by either Party, Customer shall cease to use any Software or Hosted Services purchased hereunder and shall certify to Hedgehog that it has returned or destroyed all copies of the Software. If this Agreement is terminated for cause by Hedgehog, Customer shall remain responsible for any outstanding payment obligations throughout the rest of the License Term.
(d) Termination for Convenience. Customer may terminate this Agreement for any lawful reason upon ninety (90) days prior written notice to Hedgehog. If Customer terminates for convenience, Customer shall not receive a refund and shall remain obligated to pay for Products for which it has previously entered into a transaction as well as any additional payment obligations agreed upon prior to the termination date.
(a) Product-Specific Terms. Pursuant to this Agreement, Customer may receive the right to use various Products. Terms related to Customer’s use of Software are described in Schedule A (Software). Terms related to Customer’s use of Hosted Services are described in Schedule B (Hosted Services). Terms related to the provision of Professional Services are described in Schedule C (Professional Services). For each Product, Customer will have the right to use the corresponding Documentation.
(b) Licensing Model. Product licenses shall be in accordance with the terms of the applicable licensing model as set forth in the Documentation and the Ordering Document, which may include limitations on Scan Targets, License Term, the number of users, seats, licenses and/or types of modules licensed. Product licenses shall commence upon Delivery and shall be either perpetual or subscription in nature. If Customer exceeds the license restrictions, Customer must purchase an upgraded license to allow for all actual or additional usage.
(c) Restrictions on Use. Customer shall not directly or indirectly: (i) decompile, disassemble, reverse engineer, or otherwise attempt to derive, obtain or modify the source code of the Products; (ii) reproduce, modify, translate or create derivative works of all or any part of the Products; (iii) remove, alter or obscure any proprietary notice, labels, or marks on the Products; (iv) without Hedgehog’s prior written consent use the Products in a service bureau, application service provider or similar capacity; or (v) use the Products to gather information from Nessus Home scanners. Customer may not use the Products to manage or gather information from Scan Targets not owned or hosted by Customer.
(d) Intellectual Property in Products. This Agreement does not transfer to Customer any title to or any ownership right or interest in the Products. Any rights in the Products not expressly granted in this Agreement are reserved by Hedgehog. If Customer provides Hedgehog with any comments, suggestions, or other feedback regarding the Product, Customer hereby assigns to Hedgehog all right, title and interest in and to such feedback.
(e) Customer System Requirements. In order to use the Products, Customer must meet or exceed the specifications found in the Hedgehog General Requirements document, available on request by contact the support team at [email protected]
(f) Product Features. Hedgehog reserves the right to withdraw features from future versions of the Products provided that: (i) the core functionality of the affected Product remains the same; or (ii) Customer is offered access to a product or service providing materially similar functionality as the functionality removed from the affected Product. The preceding remedies under this Section 4(f) are the sole remedies available if Hedgehog withdraws features from the Products.
(g) Telemetry. Customer agrees to provide certain necessary Scan information, which may include the number of Scan Targets managed with the Product for billing purposes, behavioural attributes such as whether or not certain features in the Product are utilized, or other relevant information (“Technical Data”). Hedgehog may use Technical Data for reasonable business purposes, including product support, license validation and research and development. Hedgehog agrees to only disclose Technical Data which has been properly anonymized.
(h) Additional Details on Use Restrictions for Hedgehog Security UK. The following shall only apply for transactions with Hedgehog Security UK. Notwithstanding anything in Section 4(c), decompiling the Product is permitted to the extent the laws of Customer’s jurisdiction give Customer the right to do so to obtain information necessary to render the Products interoperable with other software; provided, however, that Customer must first request such information from Hedgehog and Hedgehog may, in its discretion, either provide such information to Customer or impose reasonable conditions, including a reasonable fee, on such use of the Products to ensure that its proprietary rights in the Product are protected.
(a) Support Services. Hedgehog shall provide Customer with support services (the “Support Services”) in accordance with Hedgehog’s then-current Technical Support Plan and consistent with Hedgehog’s Product Lifecycle Policy. The Support Services include bug fixes, updates (including new vulnerability plug-ins), or enhancements that Hedgehog makes generally available to users of the Products. The Support Services also include the provision of new minor (Example: 1.1.x to 1.2.x, etc.) and major version releases of the Products (Example: 1.x to 2.x, etc.).
(b) Support Fees. Standard Support Services for Products licensed for a finite License Term will be provided at no additional charge beyond the license fee for the duration of the License Term. Support Services for Products licensed on a perpetual basis must be purchased separately in advance. In all cases, premium support may be purchased at an additional charge. If during the course of a perpetual license Customer terminates or fails to renew the Support Services, Customer may, at any time during the term of this Agreement, request that Hedgehog reinstate the Support Services provided that Customer pays for the lapsed Support Services in an amount equal to the total fees Customer would have paid for the Support Services between the time Customer’s Support Services lapsed and the then-current date.
(a) Definition. “Confidential Information” means information learned or disclosed by a Party under this Agreement that should reasonably be assumed to be confidential or proprietary, including the Products and the terms of this Agreement. Confidential Information will remain the property of the disclosing Party, and the receiving Party will not be deemed by virtue of this Agreement or any access to the Confidential Information to have acquired any right, title or interest in or to the Confidential Information.
(b) Obligations. Each Party agrees to only use the Confidential Information in connection with this Agreement or a purchase hereunder. The receiving Party agrees to hold the disclosing Party’s Confidential Information confidential and to use at least the same level of protection against unauthorized disclosure or use as the receiving Party normally uses to protect its own information of a similar character, but in no event, less than a reasonable degree of care. Each Party may share Confidential Information with its Affiliates or authorized contractors in the performance of its duties under this Agreement; provided, however, each Party shall be responsible to ensure that such Affiliate or authorized contractors are bound by obligations of confidentiality at least as stringent as those set forth in this Agreement.
(c) Exclusions. Confidential Information shall not include information that: (i) is already known to the receiving Party free of any confidentiality obligation; (ii) is or becomes publicly known through no wrongful act of the receiving Party; (iii) is rightfully received by the receiving Party from a third party without any restriction or confidentiality; /or (iv) is independently developed by the receiving Party without reference to the Confidential Information. Furthermore, if Customer intentionally or unintentionally requests or performs scans on third party Scan Targets, Customer agrees that Hedgehog may provide all relevant information to the owner of the Scan Targets of such unlawful or impermissible scanning as well as to relevant legal authorities, and such disclosure shall not be considered a breach of confidentiality.
(d) Information Not to be Disclosed. The Parties agree not to disclose to each other any sensitive, non-public, personally identifiable information (such as social security numbers, personal credit card information or health care data, etc.) which may be the subject of any data privacy regulations as well as any Personal Data of an EU Data Subject as such terms are defined under the European Union General Data Protection Regulation (together, hereinafter, “PII”). Hedgehog does not require the transmission or processing of any such PII in order to perform its duties under this Agreement or sell any Products hereunder. If Customer inadvertently or unintentionally discloses any PII to Hedgehog, Customer shall identify to Hedgehog that it has disclosed PII and Hedgehog shall promptly return and/or destroy such PII.
(e) Legal Disclosures; Remedies. The receiving Party may disclose Confidential Information if required to do so by law provided the receiving Party shall promptly notify the disclosing Party so that the disclosing Party may seek any appropriate protective order and/or take any other action to prevent or limit such disclosure. If required hereunder, the receiving Party shall furnish only that portion of the Confidential Information disclosure of which is legally required. The receiving Party acknowledges and agrees that the breach of any term, covenant or provision of this Agreement may cause irreparable harm to the disclosing Party and, accordingly, upon the threatened or actual breach by the receiving Party of any term, covenant or provision of this Agreement, the disclosing Party shall be entitled to seek injunctive relief, together with any other remedy available at law or in equity. The receiving Party will notify the disclosing Party promptly of any unauthorized use or disclosure of the disclosing Party’s Confidential Information.
Representations and Warranties; Disclaimer.
(a) Warranty of Authority. The Parties hereby represent and warrant that they have the full power and authority to enter into this Agreement.
(b) Products. Product warranties and associated warranty periods are set forth in the relevant Schedules.
(c) Antivirus Warranty. Hedgehog represents it has taken commercially reasonable efforts to ensure that the Products, at the time of Delivery, are free from any known and undisclosed virus, worm, trap door, back door, timer, clock, counter or other limiting routine, instruction or design that would erase data or programming or otherwise cause the Products to become inoperable or incapable of being used in the manner for which it was designed or in accordance with the Documentation.
(d) Warranty Disclaimer. EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT AND TO THE GREATEST EXTENT PERMITTED BY LAW, HEDGEHOG OFFERS ITS PRODUCTS “AS-IS” AND MAKES NO OTHER WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING ANY WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SECURITY, INTEGRATION, PERFORMANCE AND ACCURACY, AND ANY IMPLIED WARRANTIES ARISING FROM STATUTE, COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. THE WARRANTIES SET FORTH IN THIS AGREEMENT ARE MADE TO CUSTOMER FOR CUSTOMER’S BENEFIT ONLY. CUSTOMER’S USE OF THE PRODUCTS IS AT CUSTOMER’S OWN RISK. CUSTOMER UNDERSTANDS THAT ASSESSING NETWORK SECURITY IS A COMPLEX PROCEDURE, AND HEDGEHOG DOES NOT GUARANTEE THAT THE RESULTS OF THE PRODUCTS WILL BE ERROR-FREE OR PROVIDE A COMPLETE AND ACCURATE PICTURE OF CUSTOMER’S SECURITY FLAWS, AND CUSTOMER AGREES NOT TO RELY SOLELY ON SUCH PRODUCTS IN DEVELOPING ITS SECURITY STRATEGY. CUSTOMER ACKNOWLEDGES THAT THE PRODUCTS MAY RESULT IN LOSS OF SERVICE OR HAVE OTHER IMPACTS TO NETWORKS, ASSETS OR COMPUTERS (INCLUDING MODIFICATION OF SCAN TARGETS), AND CUSTOMER IS SOLELY RESPONSIBLE FOR ANY DAMAGES RELATING TO SUCH LOSS OR IMPACT.
Limitation of Liability.
(a) Direct Damages. The cumulative liability of one Party to the other for all claims arising from or relating to the Products or this Agreement (including without limitation, any cause of action sounding in contract, tort or strict liability) shall be limited to proven direct damages in an amount not to exceed, in the aggregate, the fees paid by Customer to Hedgehog for the Products over the twelve (12) months immediately prior to the event giving rise to the claim.
(b) Indirect Damages. Neither Party shall be liable to the other for any indirect, incidental, special, punitive, consequential or exemplary damages regardless of the nature of the claim. This prohibition on indirect damages shall include, but not be limited to, claims based on lost profits, cost of delay, any failure of delivery, business interruption, cost of lost or damaged data, or liabilities to any third parties even if such Party is advised of the possibility thereof.
(c) Carve Outs. The liability caps set forth in Sections 8(a) and 8(b) shall not apply to damages resulting from: (i) damage to real or personal property; (ii) personal injury or death; (iii) fraud or willful misconduct; (iv) indemnification obligations set forth in Section 9 (Indemnification); or (v) Customer’s breach of Section 4(c) (Restrictions on Use).
(d) Limitations; Time Period. Each of the limitations set forth in this Section 8 shall be enforced to the fullest extent of the law. Any laws preventing such limitations shall only apply to the extent required by law and the remaining unaffected terms shall apply in full. Unless expressly prohibited by law, each Party shall have a period of no greater than twelve (12) months from the date the cause of action accrues to bring a claim against the other Party for such cause of action.
(a) Indemnification Obligations. (i) By Hedgehog. Hedgehog shall (at its sole cost and expense): (i) defend and/or settle on behalf of Customer (including Customer’s officers, directors, employees, representatives and agents); and (ii) indemnify Customer for, any third party claims brought against Customer based upon a claim that Customer’s use of the Products in accordance with this Agreement infringes or misappropriates such third party’s intellectual property rights in a jurisdiction which is signatory to the Berne Convention. By Customer. Customer shall (at its sole cost and expense): (i) defend and/or settle on behalf of Hedgehog (including Hedgehog’s officers, directors, employees, representatives and agents) and (ii) indemnify Hedgehog for, any third party claims brought against Hedgehog arising out of or relating to Customer’s use of the Products to perform Scans on third party Scan Targets, except to the extent that any such claim or action is caused by a failure of the Products to materially comply with the Documentation.
(b) In Case of Infringement. If Customer’s use of the Products is, or in Hedgehog’s opinion is likely to be, the subject of an infringement claim, Hedgehog may, in its sole discretion and expense: (i) modify or replace the infringing Products as necessary to avoid infringement, provided that the replacement Products are substantially similar in functionality; (ii) procure the right for Customer to continue using the infringing Products; or (iii) terminate this Agreement and, upon Customer’s return or certified destruction of the infringing Product, provide Customer a pro-rata refund calculated as follows: (x) for infringing Products licensed on a subscription basis, the refund shall consist of any prepaid but unused fees for the remainder of the applicable License Term; or (y) for infringing Software licensed on a perpetual basis, the refund shall consist of a straight line depreciation of the license fee based on a three (3) year useful life. This Section 9 sets forth Hedgehog’s sole and exclusive liability and Customer’s sole and exclusive remedy with respect to any claim of intellectual property infringement.
(c) Exclusions. Hedgehog shall have no liability with respect to a third party intellectual property infringement claim arising out of: (i) modifications of the Product made to conform with Customer’s specifications; (ii) modifications of the Product made by anyone other than Hedgehog or a Hedgehog authorized third party; (iii) Customer’s use of the Product in combination with other products or services not provided by Hedgehog; (iv) Customer’s failure to use any updated versions of the Product made available by Hedgehog; or (v) Customer’s use of the Product in a manner not permitted by this Agreement or otherwise not in accordance with the Documentation.
(d) Requirements. The indemnitor shall only be responsible for the indemnification obligations set forth in this Section 9 if the indemnitee: (i) provides the indemnitor prompt written notice of such action or claim; (ii) gives the indemnitor the right to control and direct the investigation, defense, and/or settlement of such action or claim; (iii) reasonably cooperates with the indemnitor in the defense of such a claim (at the indemnitor’s expense); and (iv) is not in breach of this Agreement. Nothing herein shall prevent the indemnitee from engaging in defense of any such claim with its own legal representation, provided that this does not materially prejudice the indemnitor’s defense. The indemnitor may not settle any claim on behalf of the indemnitee without obtaining the indemnitee’s prior written consent; provided, however, the indemnitor shall not be required to obtain consent to settle a claim which settlement consists solely of: (x) discontinued use of infringing Products and/or (y) the payment of money for which the indemnitor has a duty to indemnify.
(a) Generally. The Products are intended solely for lawful purposes and use. Each party agrees to perform their respective obligations in a manner that complies with all applicable national, federal, district, regional, state and local laws, statutes, ordinances, regulations and codes (“Applicable Laws”) including, without limitation, the Computer Misuse Act (UK) and the Computer Fraud and Abuse Act (CFAA), 18 USC Sec. 1030 (USA).
(b) DPA. To the extent applicable, if Hedgehog is processing personal data on behalf of Customer as such terms are defined under the European Union’s General Data Protection Regulation 2016/679 then such processing shall be in accordance with Hedgehog’s Data Processing Addendum.
Governing Law; Venue.
(a) For transactions with Hedgehog Security Gibraltar, this Agreement shall be governed in all respects by the laws of the Gibraltar. The Parties hereby submit to the exclusive jurisdiction of the courts of Gibraltar, for any question or dispute arising out of or relating to this Agreement. You expressly agree with Hedgehog that this Agreement shall not be governed by the U.N. Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded. All Disputes arising out of or relating to this Agreement shall be subject to arbitration within the meaning of the Arbitration Act 2010 or any legislation amending or repealing that act and shall be an arbitration conducted in Gibraltar in the English language and shall be governed by the Arbitration Act 2010. Notwithstanding the foregoing, nothing in this Agreement shall limit the right of either party to seek any injunctive, equitable or other interlocutory relief as it may be entitled to in the Courts of Gibraltar.
(b) For transactions with Hedgehog Security UK, this Agreement and any issues, disputes or claims arising out of or in connection with it (“Disputes”) shall be governed by, and construed in accordance with, the laws of England. You expressly agree with Hedgehog that this Agreement shall not be governed by the U.N. Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded. All Disputes arising out of or relating to this Agreement shall be subject to arbitration within the meaning of the Arbitration Act 2010 or any legislation amending or repealing that act and shall be an arbitration conducted in Stoke on Trent, England in the English language and shall be governed by the Arbitration Act 2010. Notwithstanding the foregoing, nothing in this Agreement shall limit the right of either party to seek any injunctive, equitable or other interlocutory relief as it may be entitled to in the Courts of England.
Other Legal Clauses.
(a) Third Parties. Customer may permit a third party (“Customer’s Agent”) to use the Products to perform security services for and on behalf of Customer but solely for Customer’s benefit and solely for Customer’s internal business purposes. Customer shall be fully responsible for Customer’s Agent’s use of the Products including liability for any breaches of the Agreement or use beyond the licensed quantities set forth in the Ordering Document. If Customer elects to utilize a Customer’s Agent to perform Scans on its behalf, then only Customer’s Agent (and not Customer) will be permitted to contact Hedgehog Support Services. Hedgehog shall have the right to withdraw its consent to the use of any Customer’s Agent in its reasonable discretion.
(b) Notices. Any legal notices or other communication pursuant to this Agreement must be in writing, in English, and will be deemed to have been duly given when delivered if delivered personally or sent by recognized overnight express courier. All notices to Hedgehog must be sent to the address described in this Agreement to the attention of the Legal Department (unless otherwise specified by Hedgehog). All notices Hedgehog sends to Customer shall be at the physical address referenced in this Agreement (or otherwise provided to Hedgehog). Hedgehog may provide notices with regard to Products via the email address Customer provided during Product registration and Customer hereby consents to receive such communications from Hedgehog in an electronic form.
(c) Assignment. Neither Party may assign or otherwise transfer this Agreement without the other Party’s prior written consent, which will not be unreasonably withheld; provided, however, either Party may transfer this Agreement to an Affiliate or in connection with a merger or sale of all (or substantially all) of the stock or other ownership units of such Party.
(d) Force Majeure. With the exception of payment, neither Party shall be liable for any loss or delay (including failure to meet the service level commitment) resulting from any force majeure event, including, but not limited to, acts of God, fire, natural disaster, terrorism, labor stoppage, Internet service provider failures or delays, civil unrest, war or military hostilities, or criminal acts of third parties, and any delivery date shall be extended to the extent of any resulting delay.
(e) Language. The language of this Agreement is English and all invoices and other documents given under this Agreement must be in English to be effective. No translation, if any, of this Agreement or any notice will be of any effect in the interpretation of this Agreement or in determining the intent of the parties. The Parties have expressly agreed that all invoices and related documents be drafted in English.
Evaluations and NFR Licenses.
(a) Evaluations. If Customer wants to conduct an evaluation, proof of value or other similar trial of Hedgehog Products (“Evaluation Products”), Hedgehog may (in its sole discretion) provide evaluation licenses for such Evaluation Products in accordance with the following: (i) Customer shall have no obligation to make payment for such Evaluation Product for such evaluation usage; (ii) the license term will expire at the end of the agreed-upon evaluation period, at which time Customer must either return or destroy the Software and cease access to the Hosted Services; and (iii) Hedgehog shall have no obligation to provide Support Services. Customers may not use the Evaluation Products to scan third party Scan Targets or provide a service to Customer’s clients.
(b) Technology Partners. Hedgehog in its sole discretion may allow Customers who are technology partners (a “Technology Partner”) to obtain an Evaluation license and use such evaluation license to create a interoperability (“Interoperability”) between Hedgehog Products and their own products. At the conclusion of the Evaluation Term, Customer may apply for an NFR license at which time Hedgehog may convert the Evaluation license to an NFR license. Hedgehog’s conversion to an NFR license shall be Hedgehog’s sole discretion and may require Interoperability validation by Hedgehog. Customer may not use Hedgehog’s name or logo without prior written consent and in accordance with Hedgehogs guidelines.
(c) NFR. If Customer is a sales partner or Technology Partner to whom a “Not For Resale” or “NFR” license has been granted, Customer’s license to the Product will commence upon delivery and continue for a period of one year (unless the Ordering Document sets forth a different term) and shall automatically renew for consecutive one (1) year terms unless either Party provides the other Party with written notice of its non-renewal of the NFR license at least thirty (30) days before the expiration of the then-current term. Notwithstanding the foregoing, Hedgehog may terminate Customer’s NFR license for its convenience upon thirty (30) days’ notice, or immediately should Customer breach any obligations under this Agreement.
(d) NFR Customer Prohibitions. Customer shall not purport to take on any obligation or responsibility, or make any representations, warranties, guarantees or endorsements to anyone on behalf of Hedgehog, including without limitation, relating to Hedgehog products, software, or services. Except as specifically permitted in this Agreement, Customer shall not state or imply that any of Customer’s products have been endorsed, reviewed, certified or otherwise approved by Hedgehog.
(e) NFR Customer Representations. Customer hereby represent and warrant to Hedgehog that: (i) Customer will not intentionally harm the reputation or goodwill of Hedgehog through any act or omission, and (ii) Customer have used commercially reasonable efforts to ensure that any software, code, algorithm, API, etc., transferred to Hedgehog is free from any time bomb, virus, drop dead device, worm, Trojan horse, or trap door that is designed to delete, disable, deactivate, interfere with, or otherwise harm hardware, data, or other programs or that is intended to provide access or produce modifications not authorized by Hedgehog.
(f) NFR Customer Responsibilities. Customer shall, at its sole cost and expense, defend (or at its option, settle) and indemnify Hedgehog and Hedgehog’s subsidiaries and affiliates, and their officers, directors, employees, representatives and agents, from and against any and all third party claims brought against Hedgehog based upon a claim that use of Customer’s software or Customer’s product in accordance with this Agreement infringes such third party’s patent, copyright or trademark or misappropriates any trade secret, and shall pay all settlements entered into and damages awarded to the extent based on such claim or action.
This Agreement constitutes the entire agreement between the Parties, and supersedes all other prior or contemporaneous communications between the Parties (whether written or oral) relating to the subject matter of this Agreement. No Customer document or purchase order shall modify, supersede, or become part of this Agreement, or otherwise contractually bind Hedgehog unless signed by Hedgehog. The provisions of this Agreement will be deemed severable, and the unenforceability of any one or more provisions will not affect the enforceability of any other provisions. If any provision of this Agreement, for any reason, is declared to be unenforceable, the Parties will substitute an enforceable provision that, to the maximum extent possible under applicable law, preserves the original intentions and economic positions of the Parties. Section headings are for convenience only and shall not be considered in the interpretation of this Agreement. Customer agrees that Hedgehog may use Customer’s name or logo in a customer list. Customer may not use Hedgehog’s name or logo without prior written consent and in accordance with Hedgehog’s guidelines. No failure or delay by a Party in exercising any right, power or remedy will operate as a waiver of that right, power or remedy, and no waiver will be effective unless it is in writing and signed by the waiving Party. If a Party waives any right, power or remedy, the waiver will not waive any successive or other right, power or remedy the Party may have under this Agreement. The Parties are independent contractors and this Agreement will not establish any relationship of partnership, joint venture, employment, franchise or agency between the Parties. This Agreement is not intended nor will it be interpreted to confer any benefit, right or privilege in any person or entity not a party to this Agreement. Any party who is not a party to this Agreement has no right under any law to enforce any term of this Agreement. Any provision of this Agreement that imposes or contemplates continuing obligations on a party and any section which by its nature is intended to survive will survive the expiration or termination of this Agreement, including Sections 3, 4, 8, 9 and 11.
SCHEDULE A: SOFTWARE
This Schedule for Hedgehog Software (this “Schedule”) is subject to and made part of the Agreement.
- General. This Schedule governs Customer’s license of Software.
- License; Right to Use. Subject to the terms of the Agreement and payment of the applicable license fees, Hedgehog grants Customer for the duration of the License Term a non-exclusive, non-transferable, non-sublicensable license to use the Software (in object code form only) solely for Customer’s own internal business purposes. Customer’s right to install such Software is limited to use with the computers or machines for which the Software is registered for use. Customer is permitted to make one copy of the Software for backup or archival purposes.
- Warranty. Hedgehog warrants that the Software shall materially conform to the Documentation for a period of thirty (30) days after Delivery. Customer’s sole and exclusive remedy for breach of this warranty shall be for Hedgehog to, at its sole option: (i) use commercially reasonable efforts to modify or correct the Software such that in all material respects it conforms to the functionality described in the Documentation; or (ii) if Hedgehog is unable to restore such functionality within a reasonable period of time, Customer shall be entitled to a refund for the non-confirming Software.
- Open Source and Third Party Software. Any code or other intellectual property included as part of the Software that was licensed to Hedgehog by third parties that is not marked as copyrighted by Hedgehog is subject to other license terms. Customer agrees to be bound by such other license terms.
- Audit Rights. Hedgehog may, by itself or through a third party independent auditor, audit Customer’s usage of the Software to confirm compliance with this Agreement or the applicable Ordering Document. Hedgehog shall: (i) provide Customer with reasonable advance notice of the audit; (ii) not request such audit more than once per year; and (iii) not unreasonably interfere with Customer’s business activities when conducting the audit.
- MSSPs. Customers may Scan third party Scan Targets without Hedgehog’s prior written consent if all of the following conditions are met: (i) Customer has received appropriate authorization from the owner of the network to Scan such network; (ii) If Customer provides this service to multiple customers on the same console, the Customer has created separate repositories for each customer; (iii) Customer is solely responsible for securing and segregating the resulting Scan Data; (iv) Customer must provide Customer’s own portal or delivery mechanism, and may not allow their customers to access their console; (v) Customer must inform Hedgehog in advance regarding any Software that will be shipped, downloaded, or otherwise transferred to any country other than within Europe or Customer’s home country; (vi) Customer must provide a monthly report showing the location of each installation of the Software; (vii) Customer must use a supported version of the Software; (viii) Hedgehog has no obligation to provide Support Services to Customer’s customers; and (ix) Customer agrees that Hedgehog will have no liability to Customer’s customers.
SCHEDULE B: HOSTED SERVICES
This Schedule for Hedgehog Hosted Services (this “Schedule”) is subject to and made part of the Agreement.
- General. This Schedule governs Customer’s purchase and use of the Hosted Services.
- License; Right to Use. Subject to the terms of the Agreement and payment of the applicable license fees, Hedgehog grants Customer for the duration of the License Term a non-exclusive, non-transferable, non-sublicensable right to access the Hosted Environment and use those modules of the Hosted Services set forth on a valid Ordering Document solely for Customer’s own internal business purposes.
- Warranty. Hedgehog warrants that the Hosted Services will materially comply with the functionality described in the Documentation. Customer’s sole and exclusive remedy for breach of this warranty shall be for Hedgehog to use commercially reasonable efforts to modify the Hosted Services to provide in all material respects the functionality described in the Documentation. If Hedgehog is unable to restore such functionality within sixty (60) days, Customer shall be entitled to terminate the Agreement and receive a pro-rata refund of any prepaid but unused fees for the nonconforming Hosted Services. Hedgehog shall have no obligation with respect to a warranty claim hereunder unless Customer notifies Hedgehog of such claim within thirty (30) days of the date the underlying condition first arose. This warranty shall only apply if the applicable Hosted Service has been utilized in accordance with the Agreement and the Documentation.
- Acknowledgements. Customer authorises Hedgehog to perform the Scans, including accessing the Scan Targets in the context of the Scans. Customer understands and acknowledges that the Scans may originate or appear to originate from a Hedgehog URL which could cause Customer (or the owner of the Scan Targets) to believe they are under attack. Customer agrees not to pursue any claims against Hedgehog as a result of any access to Scan Targets when such access was made in connection with an authorized Scan unless such a claim is based on the gross negligence or willful misconduct of Hedgehog.
- Usage Requirements. Customer must provide current and accurate information in all submissions made in connection with the Hosted Services, including registration information and the location of the Scan Targets to be Scanned. Hedgehog may, in its reasonable discretion, prohibit or suspend access of certain users of the Hosted Services. Customer agrees to safeguard and maintain the confidentiality of all user names and passwords. Customer further agrees to use best efforts to ensure that no unauthorized parties have access to the Hosted Services through Customer’s account and/or log-in credentials. Customer will promptly notify Hedgehog of any unauthorized access of which Customer is aware or reasonably suspects. Customer is responsible for compliance with this Agreement and all use of the Hosted Services through Customer’s account.
- PCI Scans. Hedgehog makes no guarantee that a successful completion of a PCI Scan will make Customer compliant with the Payment Card Industry Data Security Standard.
- Data Retention Policy. Hedgehog will maintain Customer Scan data stored in the Hosted Environment for a period of not less than one year from the Scan date. Customer acknowledges that Hedgehog is in no way responsible for any of Customer’s data retention compliance requirements. Hedgehog’s data retention policy with respect to PCI Scans will match then-current requirements set forth by the PCI Security Standards Council.
- Service Level Agreement. Hedgehog commits to make access to the Hosted Environment available in accordance with Hedgehog’s then-current service level agreement.
SCHEDULE C: PROFESSIONAL SERVICES
This Schedule for Hedgehog Professional Services (this “Schedule”) is subject to and made part of the Agreement.
- General. The Parties may agree, from time to time, on the purchase and sale of Hedgehog Professional Services. Professional Services shall be as further described in a separate SOW or Services Brief. No SOW shall be binding upon the Parties until it has been executed by both Parties. Except as otherwise agreed to by the Parties in writing, all Services Briefs or signed SOWs will be governed by this Agreement. In the event of inconsistency between the Agreement and a signed SOW, the signed SOW shall govern.
- Type of Services. Hedgehog offers a range of Professional Services; provided, however, unless otherwise agreed upon in writing, Hedgehog does not offer creation of custom intellectual property. Hedgehog is not obligated to provide any Professional Services except as mutually agreed in a Services Brief or SOW.
- Deliverables. “Deliverable(s)” means the reports, analysis, codes, scripts slides, documents, examples and other written materials or work results provided as part of the Professional Services.
- Intellectual Property Rights.
(a) Grant of License in Deliverables. Hedgehog grants Customer a non-exclusive, non-transferable, irrevocable (except in case of breach of the Agreement or SOW) perpetual right to use, copy and create derivative works from the Deliverables (without the right to sublicense) for Customer’s internal business operations, as contemplated by the applicable SOW or Services Brief.
(b) Reservation of Rights. Except for the rights expressly granted herein to Customer, Hedgehog expressly reserve all other rights in and to the Professional Services and Deliverables. Notwithstanding anything to the contrary in this Schedule, nothing shall prevent Hedgehog from providing similar Professional Services to other customers and nothing in this Schedule shall be construed to provide any intellectual property rights whatsoever in the Products (or any modifications or enhancements thereto) that Hedgehog develops or makes generally available for sale to its customers.
(c) Pre-Existing Materials. Any pre-existing materials, proprietary item or intellectual property rights of either Party which is disclosed or used in performing the Professional Services shall remain fully vested in such Party. Nothing in this Schedule shall transfer any rights whatsoever in Hedgehog’s Products. Customer hereby grants to Hedgehog the intellectual property rights (if any) required for Hedgehog to perform the Professional Services.
5 Warranty. Hedgehog warrants that all Professional Services shall be performed in a professional manner and in accordance with industry standards. Hedgehog further warrants for a period of ten (10) days from the service completion date that the Professional Services shall materially conform to with the applicable SOW or Services Brief. If Customer provides written notice of a non-conformity during this warranty period, Hedgehog shall promptly confirm the non-conformity and upon confirmation, Hedgehog’s entire liability and Customer’s exclusive remedy shall be for Hedgehog to use commercially reasonable efforts to re-perform the Professional Services within a reasonable amount of time. If Hedgehog is unable to re-perform the Professional Services, then Hedgehog may elect to refund amounts paid by Customer for the non-conforming Professional Services.
6 Scheduling; Cancellation. Professional Services must be scheduled within three (3) months of the date of the Ordering Document under which such Professional Services were purchased and completed within six (6) months of the of the Ordering Document. If Customer does not schedule the Professional Services within this time frame, Hedgehog shall have no obligation to perform the Professional Services or provide a refund. Hedgehog shall have no obligation to perform the Professional Services or provide a refund if Customer or Customer’s designated attendees do not attend a scheduled training session or cancel a Professional Services engagement without providing proper notice. Customer must provide Hedgehog at least ten (10) business days’ notice to reschedule any Professional Services.
- Customer Responsibilities. For Professional Services occurring on Customer’s site, Hedgehog agrees to comply with applicable and reasonable security procedures provided Customer provides Hedgehog with such written procedures in advance. Some of the Professional Services may require Customer to have specialized knowledge or meet particular software or hardware requirements (for example, appropriate computers or appliances, stable Internet connection or up-to-date web browsers or operating system, etc.). If technical issues arise during the Professional Services, Hedgehog will use commercially reasonable efforts to resolve such issues, but will have no liability based on Customer’s failure to meet technical requirements. Hedgehog will not provide any refund based on Customer’s failure to meet these prerequisites.
- Changes. Either party may request that a change be made to the Professional Services. Hedgehog reserves the right to charge a fee for any material changes to the Professional Services. No changes shall be binding unless executed by both Parties.
- Non-Solicitation. During the term that Professional Services are being provided and for a period of one (1) year after their completion, Customers will not, either directly or indirectly, solicit for employment any person employed by Hedgehog or any of its Affiliates that have provided Customer Professional Services under this Agreement. For the avoidance of doubt, this restriction shall not prevent Customer from hiring based on a response to Customer’s advertising in good faith to the general public a position or vacancy to which an employee or worker of Hedgehog responds, provided that no such advertisement shall be intended to specifically target Hedgehog personnel.