Legal

Boxphish License Agreement (August 18) 

1. Term & Usage 

A. This License Agreement is effective for the entire period of time that is stated on the applicable order, or if no period of time for the License Agreement is specified, for a period of (1) year from the date the software was delivered to the customer.

B.In consideration of the customer(s) payment of the Charges, Boxphish grants the customer a non-exclusive, non-transferable right and license to use the Service, subject to the terms and conditions of this License Agreement.

C. Unless otherwise stated on the order, the software license will automatically renew after its initial license agreement expires for 12 months. This will automatically be activated unless either party notices the other of its intention not to renewal to License Agreement at least ninety (90) days prior to the expiration of the then current License Agreement.

2. Provision of Software & Services:

The License Agreement applies for all the following solutions and services, and more detailed information can be found in the individual schedules.

a. Schedule 1: Boxphish Cyber Awareness

b. Schedule 2: Boxphish Cyber Awareness & Simulation

c. Schedule 3: Boxphihs SMS Sim:

d. Schedule 4: Boxphish Professional Services

e. Schedule 5: Boxphish Automated Services

f.  Schedule 6: Boxphish Evaluations

g. Schedule 7: Boxphish Partner Services

3. Fees & Payment 

a. Payment: An invoice for the license will be sent each month or year in accordance to what is stated on the order. Boxphish will continue to invoice the customer(s) until the agreement is terminated in accordance to the Term & Usage Clause (I).

b. Preferential Pricing: You may from time to time be offered preferential pricing or discounts for the licensing, which should at all times be not disclosed to anyone outside of the customer(s) organisation. Boxphish reserves the right to render invoices for the full (non-discounted) license fees due or suspend or terminate the use of the Service the event that any invoices for those license fees are not paid in full in accordance with the requirements set out in the Fee Schedule outlined in the order.

4. Termination

Each license agreement is effective for the entire period of time that is stated on the applicable order. If you breach any of these Terms, Boxphish will have the right to suspend or disable your Account or terminate the license agreement, at its sole discretion and without prior notice to you. In the event Boxphish terminates this agreement for your breach, you will remain liable for all amounts due.

5. Intellectual Property

a. All Intellectual Property Rights and IP vesting in the Solution and Service belong exclusively to Boxphish or its licensors.

b. The customer(s) will not sell, resell or distribute licenses or make the Solution and Service available to any other party through any means, unless agreed in the Boxphish Partner Agreement (Schedule 7) or has been provided with written consent.

c. The customer(s) acknowledge that Boxphish will provide documentation and templates which relate to simulation, training, features, technical knowledge and these will have a non-exclusive, non-transferable right to use, modify of display.

d. All Intellectual Property Rights in any Client Data shall belong to you or your licensors.

6. Privacy

See Boxphish’s Privacy Policy for information and notices concerning Boxphish’s collection and use of your personal information.

7. CUSTOMER DATA

a. Both parties will comply with all applicable requirements of the Data Protection Legislation including the Data Security Policies. This clause a is in addition to, and does not relieve, remove or replace, a party’s obligations under the Data Protection Legislation.

b.The parties acknowledge that: 

i. if Boxphish processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the Customer is the data controller and Boxphish is the data processor for the purposes of the Data Protection Legislation (where Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation).

ii. Schedule 4 & 5 sets out the scope, nature and purpose of processing by Boxphish, the duration of the processing and the types of personal data (as defined in the Data Protection Legislation, Personal Data) and categories of Data Subject.

iii. the personal data may be transferred or stored outside the EEA or the country where the Customer is located in order to carry out the Services and Boxphish ‘s other obligations under this agreement.

c. Without prejudice to the generality of clause a, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to Boxphish for the duration and purposes of this agreement so that Boxphish may lawfully use, process and transfer the Personal Data in accordance with this agreement on the Customer’s behalf.

d. Without prejudice to the generality of clause a, Boxphish shall, in relation to any Personal Data processed in connection with the performance by Boxphish of its obligations under this agreement:

i. process that Personal Data only on the written instructions of the Customer unless Boxphish is required by the laws of any member of the European Union or by the laws of the European Union applicable to Boxphish to process Personal Data (Applicable Laws). Where Boxphish is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, Boxphish shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit Boxphish from so notifying the Customer; 

  1. ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).

ii. ensure that it has in place appropriate technical and organisational measures, reviewed and approved by Boxphish, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).

iii. not transfer any Personal Data outside of the EEA unless the following conditions are fulfilled:

  1. the Customer or Boxphish has provided appropriate safeguards in relation to the transfer;

  2. the data subject has enforceable rights and effective legal remedies;

  3. Boxphish complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and

  4. Boxphish complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;

iv. assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

v. notify the Customer without undue delay on becoming aware of a Personal Data breach;

vi. at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the Personal Data; and

vii. maintain complete and accurate records and information to demonstrate its compliance with this clause 1.

e. The Customer consents to Boxphish’s use of third party service providers (such as Amazon Web Services) as third-party processors of Personal Data under this agreement. Boxphish confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this clause a. As between the Customer and Boxphish, Boxphish shall remain liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause a.

f. Either party may, at any time on not less than 30 days’ notice, revise this clause 5UPDATE FC by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this agreement).

g. Boxphish shall follow its archiving and security procedures for Customer Data.

h. Boxphish shall promptly notify the Customer in writing of any actual or suspected loss or damage to the Customer Data. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for Boxphish to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest backup of such Customer Data to be maintained by Boxphish or its service providers. Boxphish shall not be responsible for any loss, destruction, alteration or unauthorised access to or disclosure of Customer Data caused by any third party (except to the extent those third parties are sub-contracted by Boxphish to perform services related to Customer Data maintenance and back-up and who provide their own remedies).

i. If Boxphish receives compensation from third party service provider for data loss related to the Customer data then Boxphish shall hold that money on trust for the affected Boxphish customers and the Customer shall receive an interest in that compensation proportionate to the harm suffered by the Customer relative to the harm suffered by other Boxphish Customers. Boxphish shall use reasonable endeavours to recover any such amounts from a third-party service provider in the event it may be entitled to do so.

8. Indemnity:

You agree to indemnify Boxphish against all costs, claims, losses and expenses (including indirect and consequential losses) howsoever arising, from any claim brought against Liquid Accounts by any third party relating to any breach by you of your obligations under this license agreement.

9. Limitation of Liability

IN NO EVENT SHALL BOXPHISH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, OR DAMGES FOR LOSS OF PROFITS, REVENUE, DATA OR DATA USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE OF, THE SITE OR SERVICES PROVIDED.

10. Proprietary Right Notice

11. Force Majeure

a. Neither party shall have any liability to the other under this agreement if it is prevented from, or delayed in, performing its obligations under this agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, except to the extent that it could reasonably have avoided such circumstances by (in the case of Boxphish) fulfilling its obligations in accordance with clause c or otherwise exercising the level of diligence that could reasonably have been expected of it (having exercised Good Industry Practice), including strikes, lock-outs or other industrial disputes (including any industrial disputes involving the workforce of Boxphish), act of God, war, riot, civil commotion, compliance with any law or regulation, fire, flood or storm (each a Force Majeure Event), provided that:

i. he other party is notified of such an event and its expected duration; and

ii. it uses all reasonable endeavours to mitigate, overcome or minimise the effects of the Force Majeure Event concerned,

and that if the period of delay or non-performance continues for three consecutive months or more, the party not affected may terminate this agreement by giving not less than 14 days’ written notice to the other party.

b. If the Force Majeure Event results in the suspension of all or any part of the Services, then the Customer shall not be obliged to pay the relevant Fees until such time as the Force Majeure Event shall have ceased to have effect and the Services recommence in accordance with this license agreement.

c. Boxphish shall have in place an appropriate Disaster Recovery Plan to ensure that it is able to comply with its obligations under this agreement and shall maintain, update and test such Disaster Recovery Plan and notify full details of its then current Disaster Recovery Plan to the Customer no less frequently than every 12 months. If such Disaster Recovery Plan is invoked, the cost and expense of invoking and executing such Disaster Recovery Plan shall be borne by Boxphish.

12. General

a. This License Agreement constitutes the entire agreement between the customer and Boxphish in relation to the provision of the Service and supersedes any representations, communications and prior agreements (whether oral or written) related to the its subject matter other than fraudulent misrepresentation.

b. Boxphish may assign, sub-contract or otherwise deal with our rights or obligations under this Agreement without giving you any notice beforehand. You may not assign, sub-contract, sell or transfer your rights or obligations under this Agreement.

c. Any notice or communication required to be sent pursuant to these terms and conditions should be sent to Boxphish at legal@boxphish.com.

d. Except as expressly stated in these terms and conditions, no person who is not a party to the Subscription Agreement will derive any benefit from it, whether by virtue of the Contracts  (Rights of Third Parties) Act 1999 or otherwise.This Agreement will be governed and construed in accordance with the laws of England and you irrevocably submit to the exclusive jurisdiction of the English Courts.

13. Anti-Bribery and Slavery Policy

a. Boxphish shall:

i. comply with all applicable laws, statutes and regulations relating to anti-bribery and anti-corruption, including the Bribery Act 2010 (Relevant Requirements);

ii. not engage in any activity, practice or conduct that would constitute an offence under sections 1, 2 or 6 of the Bribery Act 2010 if such activity, practice or conduct had been carried out in the UK;

iii. have and maintain in place throughout the term of this agreement its own policies and procedures, including adequate procedures under the Bribery Act 2010, to ensure compliance with the Relevant Requirements, and clause 1.1(b), and shall enforce them where appropriate;

iv. promptly report to the Customer any request or demand for any undue financial or other advantage of any kind received by Boxphish in connection with the performance of this agreement;

v. immediately notify the Customer (in writing) if a foreign public official becomes an officer or employee of Boxphish or acquires a direct or indirect interest in Boxphish (and Boxphish warrants and represents that it has no foreign public officials as officers or employees or direct or indirect owners at the date of this agreement);

vi. On reasonable request Boxphish shall certify to the Customer in writing signed by an officer of Boxphish.

vii. comply with all applicable anti-slavery and human trafficking laws, statutes, regulations from time to time in force including but not limited to the Modern Slavery Act 2015;

viii. have and maintain throughout the term of this agreement its own policies and procedures to ensure its compliance; and

ix. not engage in any activity, practice or conduct that would constitute an offence under sections 1, 2 or 4, of the Modern Slavery Act 2015 if such activity, practice or conduct were carried out in the UK.

b. Breach of this clause a. shall be deemed a material breach under clause c.

c. For the purpose of this clause a., the meaning of adequate procedures and foreign public official and whether a person is associated with another person shall be determined in accordance with section 7(2) of the Bribery Act 2010 (and any guidance issued under section 9 of that Act), section 6(5) and (6) of that Act, and section 8 of that Act respectively. For the purposes of this clause a. a person associated with Boxphish also includes any sub-contractor of Boxphish.

 

14. Governing Law and Jurisdiction

a. This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.

b. Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims).