END USER LICENSE AGREEMENT

Download PDF

STANDARD TERMS AND CONDITIONS

THE LICENSOR, CYBERNATICS PTE LTD PROVIDES LICENSED SOFTWARE TO

LICENSEE (CUSTOMER) AS DEFINED IN CLAUSE 1 BELOW UNDER THIS END

USER LICENSE AGREEMENT (THE “AGREEMENT”). THIS AGREEMENT GOVERNS

LICENSEE’S INSTALLATION AND USE OF THE VERSION OF THE LICENSED

SOFTWARE IDENTIFIED IN THE APPLICABLE PURCHASE ORDER, OR IF NOT

ACQUIRED VIA A PURCHASE ORDER, LICENSEE’S INSTALLATION OR USE OF THE

LICENSED SOFTWARE CONSTITUTES ACCEPTANCE OF THIS AGREEMENT.

PLEASE READ THIS AGREEMENT CAREFULLY BEFORE PROCEEDING, AS IT MAY

CONTAIN RESTRICTIONS ON YOUR USE OF THE SOFTWARE. THIS AGREEMENT

SUPERSEDES AND CONTROLS OVER ANY OTHER TERMS PROVIDED TO

LICENSEE REGARDING LICENSEE’S USE OF THE LICENSED SOFTWARE,

WHETHER WRITTEN OR ORAL, AS PART OF A SIGNED AGREEMENT (INCLUDING,

BUT NOT LIMITED TO, MASTER AGREEMENTS AND PORTFOLIO TERMS, UNLESS

A DIFFERENT AGREEMENT IS EXPRESSLY REFERENCED IN A PURCHASE ORDER

OR EXECUTED BY LICENSOR AND LICENSEE SPECIFYING THAT IT APPLIES TO

THE VERSION OF THE LICENSED SOFTWARE TO WHICH THIS AGREEMENT

RELATES), A CLICK-WRAP AGREEMENT PROVIDED WITH THE LICENSED

SOFTWARE OR OTHERWISE (SUCH TERMS REFERRED TO AS THE “OTHER

AGREEMENT”), EVEN IF SUCH OTHER AGREEMENT WAS EMBEDDED WITHIN

PREVIOUSLY LICENSED SOFTWARE.

LICENSOR RESERVES THE RIGHT TO UPDATE, AMEND, AND/OR MODIFY THIS

AGREEMENT FROM TIME TO TIME, AND MAY INCLUDE SUCH UPDATED

AGREEMENT WITH OR EMBEDDED IN FUTURE VERSIONS OF THE LICENSED

SOFTWARE.

PLEASE DIRECT ANY QUESTIONS TO THE CYBERNATICS PTE LTD’S LEGAL

DEPARTMENT AT LEGAL@FOCUS.SG.

ENTERING INTO THIS AGREEMENT DOES NOT CONSTITUTE A SALES

TRANSACTION. THE SALE OF A LICENSE TO SOFTWARE PRODUCTS TAKES

PLACE UNDER PURCHASE ORDER(S) WHICH (UNLESS OTHERWISE STATED IN

THE PURCHASE ORDER) INCORPORATE THE TERMS OF THIS AGREEMENT.

1. Parties to this Agreement

1.1. “Cybernatics Pte Ltd”, “we”, “us” or “our” means Cybernatics Pte Ltd or its Affiliate(s)

who execute or assent to the Purchase Order. “You” or “your” means the Customer who is the

licensee who signs and agrees to the services specified in the Purchase Order (where

applicable) as defined in clause 1.2 below.

1.2. The specific cybersecurity software, software-as-a-service, hardware and/or services

for which you have contracted including but not limited to any security information and event

management or SIEM-related services (the “Cybersecurity Services”) will be identified in a

print or electronic document identified as Purchase Order or such other named form which

serves the same purpose as a Purchase Order (the “Purchase Order(s)”). Such Purchase Order,

where applicable, may identify each transaction’s contracting entities, pricing and related

provisions and may reference or link to supplemental terms, agreements or policies and

references to Purchase Order includes such documents. The Purchase Order, together with

these Cybersecurity Services Terms and Conditions (“Cybersecurity Terms and Conditions”),

form a single contract (the “Agreement”).

1.3 These Cybersecurity Terms and Conditions take precedence over any other terms in the

Agreement with regards to Cybersecurity Services and any conflicts shall be resolved in favour

of these Cybersecurity Terms and Conditions.

1.4 For purposes of these Cybersecurity Terms and Conditions, an “Event” means any act

or attempt to disrupt, misuse, or gain unauthorised access to any system or electronic facilities

or operations that results in a loss, alteration or disclosure of data, system downtime or

degradation or loss of operation or services relating to the Cybersecurity Services.

2. Grant of License

2.1 Subject to the terms and conditions of this Agreement, the Licensor hereby grants you,

the Licensee a non-exclusive, non-transferable right to access and use the Cybersecurity

Services as provided by the Licensor under the Purchase Order. This license is solely for the

Licensee’s internal use and is limited to the duration of the subscription or service period

specified in the Purchase Order.

2.2 You as the Licensee, agree not to:

a. Copy, reproduce, modify, distribute, or create derivative works based on the software

application, except as expressly authorised by the Licensor;

b. Reverse engineer, decompile, disassemble, or attempt to derive the source code of the

software application:

c. Use the software application in any manner that violates applicable laws, regulations, or the

rights of third parties;

d. Share, transfer, sublicense, or assign the license or access to the software application without

prior written consent from the Licensor.

Shared Responsibility, Remedy, and Warranties.

 3.1 You acknowledge and agree that Cybernatics Pte Ltd provides professional judgment,

technical expertise, and advice to you regarding your cyber risk management program. You

acknowledge and agree that you recognise your own responsibility (as further detailed below

in 3.3 of this Agreement) with respect to your cyber risk management program and that

Cybernatics Pte Ltd provides highly integrated Cybersecurity Services to you. As ultimate

system performance and security are subject to multiple factors outside of our control, we do

not warrant or guarantee the Cybersecurity Services will prevent or mitigate every Event. You

agree and understand that we cannot and do not prevent Events (either actual or attempted), or

that by working with us, you will not experience such actual or attempted Events. Instead, you

agree and expressly acknowledge that you must participate in your own defence and work with

us to create a prioritised, flexible, repeatable, performance-based, and cost-effective approach

to establish an ongoing process to identify, assess, and manage cyber risk throughout your

enterprise. Though this Agreement specifies certain responsibilities that you must accept, any

such list should not be considered absolute. Our sole liability and your exclusive remedy in

respect of an Event is: (a) if the Event was caused by defective products or services

provided by us, replacement or repair of defective products, or re-performance of

defective services under the applicable warranty in the Agreement.

Cybernatics Pte Ltd’s Representations and Warranties

3.2 Cybernatics Pte Ltd represents and warrants (i) that it will perform the Cybersecurity

Services using personnel of required skill, experience and qualifications in a professional

manner leveraging generally recognised industry standards for similar services and will devote

adequate resources to meet its obligations under this Schedule; and (ii) that the Cybersecurity

Services will be made available and performed on a professional, best effort basis. Cybernatics

Pte Ltd makes no guarantees regarding the effectiveness of the Cybersecurity Services with

respect to your overall cybersecurity program due to Cybernatics Pte Ltd’s lack of control over

numerous aspects of your operations, personnel, and Information Systems. Cybernatics Pte Ltd

is thus not responsible or liable for any issues, problems, unavailability, delay, or Events arising

from or related to: (i) force majeure events as described below; (ii) the public internet and

communications networks; (iii) data, software, hardware, services, telecommunications,

infrastructure, or networking equipment not provided by us or acts or omissions of third parties

you retain; (iv) your negligence or failure to use the latest version or follow published

documentation; (v) modifications or alterations not made by us or services we do not perform;

(vi) breach, loss or corruption of data; (vii) unauthorised access via your credentials; or (viii)

your failure to use commercially reasonable administrative, physical and technical safeguards

to protect your systems, facilities, operations or data or follow industry-standard or other

mutually agreed upon security practices.

Your Representations and Warranties.

3.3 You represent and warrant that you will (i) use commercially reasonable administrative,

physical and technical safeguards to protect your systems, facilities, operations or data or

follow industry-standard or other mutually agreed upon security practices; (ii) update to the

latest version of relevant software and follow the current documentation for the same; (iii)

make no modifications or alterations to any hardware or software comprising the Cybersecurity

Services without our express written permission; (iv) designate two (2) or more employees,

executives, or agents (the “Contact Person(s)”) who you guarantee will respond to any Events

and take recommended actions to mitigate harm to your network; (v) develop and adopt a

written governance, risk and compliance policy or policies, approved by a senior officer or

your board of directors (or an appropriate committee thereof) or equivalent Singapore body,

setting forth your policies and procedures for the protection of its information systems and non-

public information stored on those information systems (the “Cybersecurity Policy”); (vi)

develop and adopt written incident response plan (“IRP”) that is exercised and/or practiced

with key scenario driven evaluations on at least an annual basis; and (vii) provide us with copies

of your Cybersecurity Policy, IRP, and business continuity or disaster recovery plans upon our

request.

4. Third-Party Products.

To the extent that we provide, use and deploy third-party products, software, hardware, or

services (“Third- Party Products”) as notified to you and agreed by you in relation to the

Cybersecurity Services, then notwithstanding any other terms agreed to between us, you agree

that all Third-Party Products are provided subject to the Third-Party Product supplier’s terms

and conditions (including any applicable software license terms) in effect at the time such

Third-Party Products are delivered to you. We have no liability with respect to the

performance or non-performance of such Third-Party Products, including but not

limited to any liability arising out of any Events caused by defects or failures of such

Third-Party Products.

5. Indemnification

Cybernatics Pte Ltd shall defend, indemnify, and hold you harmless from and against any and

all losses, damages and costs (including reasonable attorneys’ fees) incurred in connection with

any third-party claim, action, suit, or proceeding (each a “Claim”) made or brought against you

arising out of or related to any claim that the Cybersecurity Services, when used in accordance

with this Agreement and documentation, infringes any valid patent, copyright, or trademark of

a third-party. Cybernatics Pte Ltd shall have no indemnification obligation whatsoever that

arises out of or is related to any claims arising from the combination or use of the Cybersecurity

Services with any other software, products, hardware, materials, and/or processes not provided

by Cybernatics Pte Ltd and/or your failure to adhere to and comply with all documentation and

other specifications and instructions; and/or your modification of any component of the

Cybersecurity Services, or any other unauthorised or unapproved use of the Cybersecurity

Services. If any aspect of the Cybersecurity Service becomes, or in Cybernatics Pte Ltd’s

opinion may become, subject to a Claim, Cybernatics Pte Ltd shall at its option and at its own

expense: (a) procure for you the right to continue using the Service; (b) replace or modify the

relevant component of the Cybersecurity Service with a functionally equivalent non-infringing

substitute service; or (c) modify the Cybersecurity Services so they become non-infringing

while remaining functionally equivalent. THIS CLAUSE 5 SETS FORTH CYBERNATICS

PTE LTD’S SOLE LIABILITY, AND CUSTOMER’S EXCLUSIVE REMEDY, FOR

INTELLECTUAL PROPERTY INFRINGEMENT RELATED TO THE CYBERSECURITY

SERVICES. THIS SHALL BE THE SOLE INDEMNIFICATION OBLIGATION FOR THE

CYBERSECURITY SERVICES REGARDLESS OF ANY ADDITIONAL OR SEPARATE

AGREEMENTS BETWEEN YOU AND CYBERNATICS PTE LTD.

6. Limitation of Liability

WITH RESPECT TO ALL CYBERSECURITY SERVICES(S) AND EVENTS, WE ARE

NOT LIABLE FOR INDIRECT, INCIDENTAL, EXEMPLARY, PUNITIVE, SPECIAL OR

CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS AND REVENUES. OUR

CUMULATIVE AND AGGREGATE LIABILITY TO YOU WITH RESPECT TO ALL

CYBERSECURITY SERVICES AND ANY CYBERSECURITY EVENT IS LIMITED TO

DIRECT DAMAGES IN AN AMOUNT NOT TO EXCEED TO THE CONTRACTED

AMOUNT OF THE CYBERSECURITY SERVICES IN QUESTION. THE LIMITATIONS

AND EXCLUSIONS APPLY TO ALL CLAIMS AND CAUSES OF ACTION ARISING

OUT OF OR IN RELATION TO THE AGREEMENT REGARDLESS OF FORM. THIS CAP

SHALL APPLY TO A BREACH OF YOUR CONFIDENTIAL INFORMATION CAUSED

BY LOSS, CORRUPTION, OR ACCESS TO YOUR DATA.

7. Data

You retain all ownership or other rights over data that you or persons acting on your behalf

input, upload, transfer, or make available in relation to, or which is collected from, your devices

or equipment (“Input Data”). We have the right to duplicate, analyse, transfer, modify, and

otherwise use Input Data to provide, improve, or develop our offerings. Input Data may also

be used by us in connection with your use of the portal. You have sole responsibility for

obtaining all consents and permissions (including providing notices to Users or third parties)

and satisfying all requirements necessary to permit our use of Input Data. You will, at your

cost and expense, defend, indemnify and hold harmless us and our Affiliates, subcontractors,

and licensors from and against all losses, awards, and damages (including lawyers’ fees) arising

out of claims by third parties related to our possession, processing, or use of Input Data in

accordance with the Agreement or you or Users’ infringement, misappropriation, or violation

of our or a third party’s IPR. Unless agreed in writing, we do not archive Input Data for your

future use. You acknowledge and agree that your Input Data may be transferred outside the

country or territory.

8. Intellectual Property Rights

All right, title, and interest, including, but not limited to, all intellectual property rights

(including copyrights, trademarks, and patents), proprietary rights (including trade secrets and

know-how), throughout the world (“IPR”) and all derivative works, modifications, and

improvements, are retained by us and are our confidential information. We shall own all IPR

that is: (i) developed by us or our Affiliates by processing or analysis of Input Data (excluding

Input Data itself but including derived data that is sufficiently different from Input Data so that

Input Data cannot be identified from analysis or further processing of such derived data); or

(ii) generated through support, monitoring, or other observation of your and your Users’ use of

the Cybersecurity services.

9. Licenses

We may use open-source software (“OSS”) and to the extent required by the licenses covering

OSS, the terms of such licenses will apply to OSS in lieu of this Agreement. To the extent the

licenses applicable to OSS: (i) prohibit any restriction with respect to such OSS, such restriction

will not apply to such OSS; and (ii) require us to make an offer to provide source code or related

information in connection with the OSS, such offer is hereby made. If required by our written

contract with them, certain of our licensors are third-party beneficiaries of the Agreement.

10. Warranty and Disclaimer

EXCEPT AS OTHERWISE EXPRESSLY SET FORTH IN THE AGREEMENT, SIEM, THE

PORTAL, AND SUPPORT ARE PROVIDED WITH NO WARRANTIES OR

REPRESENTATIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR

STATUTORY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE EXPRESSLY

DISCLAIM ALL WARRANTIES AND REPRESENTATIONS INCLUDING

MERCHANTABILITY AND FITNESS FOR PURPOSE. WE DO NOT WARRANT THAT

SIEM WILL MEET YOUR REQUIREMENTS, OR THAT IT WILL OPERATE WITHOUT

INTERRUPTION, OR BE ERROR FREE.

11. Handling and Protection of Personal Data

11.1 Compliance with PDPA. We shall comply with all our obligations under the Personal

Data Protection Act 2012 in relation to you and under this Clause 11 only if we have access to

and are in control of any Customer’s personal data that are provided to us at the Customer’s

written request.

11.2 Process, Use and Disclosure. We shall only process, use or disclose the Customer’s

Personal Data:

a) strictly for the purposes of fulfilling its obligations and providing the services required

under this Agreement;

b) with the Customer’s prior written consent; or

c) when required by law or an order of court, but shall notify the Customer as soon as

practicable before complying with such law or order of court at its own costs.

11.3 Transfer of personal data outside Singapore. We shall not transfer Customer’s Personal

Data to a place outside Singapore without the Customer’s prior written consent. If the Customer

provides consent, we shall provide a written undertaking to the Customer that the Customer’s

Personal Data transferred outside Singapore will be protected at a standard that is comparable

to that under the PDPA. If we transfer Customer’s Personal Data to any third party overseas,

we shall procure the same written undertaking from such third party.

11.4 Security Measures

11.4.1 We shall protect Customer’s Personal Data in our control or possession by making

reasonable security arrangements(including, where appropriate, physical, administrative,

procedural and information & communications technology measures) to prevent:

a) unauthorised or accidental access, collection, use, disclosure, copying, modification,

disposal or destruction of Customer’s Personal Data, or other similar risks; and

b) the loss of any storage medium or device on which personal data is stored.

For the purposes of this Agreement, “reasonable security arrangements” include arrangements

set out below which shall not be varied without the Customer’s prior written consent:

• Operating Systems to be hardened to CIS standards;
• Communications between agent and manager are encrypted;
• Network VAPT will be conducted on the implementation and final solution

          before going live.

11.4.2 We shall only permit the authorised personnel to access Customer’s Personal Data on a

need to know basis.

11.5 Access to Personal Data. We shall provide the Customer with access to the Customer’s

Personal Data that we have in our possession or control, as soon as practicable upon

Customer’s written request.

11.6 Accuracy and Correction of Personal Data. Where the Customer provides Customer’s

Personal Data to us, the Customer shall make reasonable effort to ensure that the

Customer’s Personal Data is accurate and complete before providing the same to us.

We shall put in place adequate measures to ensure that the Customer’s Personal Data in

our possession or control remain or is otherwise accurate and complete. In any case, we

shall take steps to correct any errors in the Customer’s Personal Data, as soon as

practicable upon the Customer’s written request.

11.7 Retention of Personal Data.

11.7.1 We shall not retain Customer’s Personal Data (or any documents or records

containing Customer’s Personal Data, electronic or other wise) for any period of time

longer than is necessary to serve the purposes of this Agreement.

11.7.2 We shall, upon the request of the Customer:

• return to the Customer, all Customer’s Personal Data; or
• delete all Customer’s Personal Data in its possession,

          and, after returning or deleting all Customer’s Personal Data, provide the Customer with

written confirmation that it no longer possesses any Customer’s Personal Data. Where

applicable, we shall also instruct all third parties to whom it has disclosed Customer’s Personal

Data for the purposes of this Agreement to return to us or delete, such Customer’s Personal

Data.

11.8 Notification of Breach. We shall immediately notify the Customer when we become aware

of a breach of any of its obligations in Clauses 11.2 to 11.7.

12    General Terms and Conditions

12.1 Notices and Correspondence

All notices and communications by us to you may be sent or despatched to you by delivery,

post, e-mail or facsimile transmission or any other means deemed appropriate by us to your

e-mail or other address or facsimile number appearing in any of your record maintained by

us or from which any communication by you to us was despatched or issued or otherwise last

known to us. Any such notice, demand or communication addressed and so despatched to

you shall be deemed to have been received by you:

12.1.1 in the case of despatch by e-mail or facsimile transmission or other instantaneous

electronic communications, immediately upon transmission by us;

12.1.2 in the case of despatch by delivery to the address, on the date and at the time it

was so delivered or left at that address; and

12.1.3 in the case of despatch by post:

(a) to any address in Singapore, on the next day after it was posted by us; or

(b) to any address outside Singapore, on the seventh (7th) day after it was posted by us.

12.2 All notices and requests from you to us shall be in writing unless we specify to

you otherwise. We shall be entitled to regard as ineffective and invalid any notice or request

from you the receipt of which by us has not been confirmed by us to you.

12.3.   Severability

Any part of this Agreement that is invalid, unenforceable or illegal shall be enforced as nearly

as possible in accordance with its terms but shall otherwise be deemed severed and shall not

affect the validity, enforceability or legality of any other part of this Agreement, which shall

continue to be valid, enforceable and legal to the fullest extent permitted by applicable Law.

12.4.  Third Party Rights

Save for legal entities related to us (which shall be entitled to rely on and enforce this

Agreement), no person who is not a party to this Agreement has any right under the Contracts

(Rights of Third Parties) Act, Chapter 53B of Singapore to enforce any term of this

Agreement.

12.5.   Entire Agreement

This Agreement constitutes the entire understanding and agreement between us and you

concerning its subject matter and supersedes and replaces any prior oral or written statements,

representations, agreements or understandings between the parties relating to that subject

matter.

12.6.   Force Majeure

We shall not be liable or responsible to you, nor be deemed to have defaulted or breached this

Agreement, for any failure or delay in fulfilling or performing any term of this Agreement when

and to the extent such failure or delay is caused by or results from acts or circumstances beyond

our reasonable control including, without limitation, acts of God, flood, fire, earthquake, explosion,

governmental actions, war, invasion or hostilities (whether war is declared or not), terrorist threats

or acts, riot, or other civil unrest, national emergency, revolution, insurrection, epidemic, lock-outs,

strikes or other labour disputes (whether or not relating to either party’s workforce), or restraints or

delays affecting carriers or inability or delay in obtaining supplies of adequate or suitable materials,

materials or telecommunication breakdown or power outage, provided that, if the event in question

continues for a continuous period in excess of 60 days, Customer shall be entitled to give notice in

writing to us to terminate this Agreement.

12.7.   Changes to Agreement

Any additions or changes to these Cybersecurity Terms and Conditions must be in the form of a

mutually agreed document signed by both parties. We have the right to analyse, transfer (including

outside of your territory or country), and otherwise use your data to provide, improve and develop

our cyber security Services. For Cybersecurity Services sold on a subscription or periodic basis,

the Agreement commences on the effective date of, and continues for the duration in the Purchase

Order. Upon termination or expiry, you must pay all amounts due under the Order Form. Your purchase

orders are identified only to authorise payment and any terms or conditions in any purchase order are

not a part of the Agreement or controlling.

12.8.  Governing Law and Dispute Resolution

12.8.1 This Agreement is governed by Singapore Law.