End User License Agreement

background-city

Preamble

As a reminder

The Editor (HarfangLab SAS – RCS n° 839 045 697) has developed software for the detection, investigation and remediation of cyber-attacks (the “Software“). The solution consists of software agents (the “Agents“) deployed on the terminals (servers and/or workstations) of the customer’s IT system. The Agents communicate with a central manager (the “Manager“) who sends orders and stores the data reported by the Agents. The Manager is used to operate the detection, investigation and remediation modules. Detection algorithms and engines, built into the Software and updated by the Editor, identify suspicious behaviour and artefacts and generate alerts where necessary. The Software also incorporates remediation functions to neutralise the threat and prevent it spreading. The Manager can interface with other software via connectors (APIs).

The Customer, having received all useful information relating to the Software, wishes to be able to use said Software and benefit from the various services provided by the Editor or by the Authorized Distributor. The Editor agrees to make the Software available to the Customer by granting the Customer a license to use the Software under the conditions set out herein and to provide the Customer with the associated services defined below in respect of its own obligations.

The Parties hereby agree as follows:


1.     Definitions

Terms beginning with a capital letter have either the definition given in the text or the following definition:

Customer: means the legal entity for whose benefit the Software is used and within which the Agents are installed, under the terms of this Agreement.

End User License Agreement (the “Agreement”): refers to these provisions, their appendices, any amendments and any purchase order that the Parties may subsequently formalise.

Authorised Distributor: Refers to the legal entity that has entered into a distribution contract with the Editor for the distribution of the Software via Partners.

Documentation: means the installation, use and administration manuals, whatever their medium, describing the operation and/or implementation of the Software, communicated or made available by the Editor and which may be updated by the Editor

Operator: means the legal entity in charge of operating the Software, i.e. either (i) the Authorized Distributor or the Partner, if either of them provides a CSIRT or SOC service in addition to distributing the Software, or (ii) the Customer, if the Customer operates the Software directly, or (iii) the Customer’s security service provider.

Software: means the Agents and the Manager in object code form and any patches, fixes, enhancements, updates or versions thereof provided by the Editor.

Maintenance: means the provision by the Editor of the correction of Anomalies and updates to the Software, the terms of which are specified herein.

Deployment Mode: means the environment on which the Manager is installed and the way in which the Software is deployed, i.e. (i) either from the Editor’s cloud or (ii) on-premises, whether in the infrastructure of the Partner, the Customer or a third-party service provider of the Customer.

Partner: means the legal entity that has entered into a partnership agreement with the Editor or with a Distributor Authorized by the Editor for the distribution of the Software.

Requirements: refers to the hardware, software and minimum connection configuration of the Customer’s information system and the information to be provided to the Editor that is necessary, in particular, for the installation, configuration and correct operation of the Software.

Fee: means the amount payable for the Software License, Maintenance and Support for a period of twelve (12) months.

Support: means the Editor’s technical assistance service, the purpose of which is to respond to problems encountered by Users when using the Software, to provide support and to supply a knowledge base, the terms of which are specified herein.

User: means the person(s) employed by the Operator who uses all or part of the Software as part of its supervision and/or incident response activities.


2.     Purpose of the Agreement

The Agreement defines the terms and conditions under which the Editor (i) grants the Customer a license to use the Software for SaaS or On-Premises deployment, (ii) provides Maintenance and Support, and (iii) where applicable, provides Hosting under the conditions defined below, in return for full payment by the Customer of the Royalty.


3.     Hierarchy and contractual prevalence

This Agreement governs exclusively the use of the Software provided by the Editor. However, certain specific provisions, namely those dealing with matters for which express reference is made to the Editor’s General Terms and Conditions in this Agreement (in: Editor’s Warranties, Support and Maintenance; Provision of the Software in the Cloud or on-premises; Delivery, Installation and Acceptance; Confidentiality; Personal Data) are governed by the Editor’s General Terms and Conditions (GTCs), available at the following address: https://harfanglab.io/fr/conditions-generales-de-lediteur/.

In any case, in the event of any contradiction between this Agreement and the GTCs:

  • For matters expressly referred to the GTCs, the latter will prevail;
  • In all other respects, the terms of this Agreement shall prevail over the GTCs.

The Customer acknowledges having read the GTCs and accepts that their application is limited to the aspects mentioned above, without prejudice to the rights and obligations arising from this Agreement.


4.     Rights granted, intellectual property and limits

License to Use: The Editor grants the Customer, on a non-exclusive, personal and non-transferable basis, a right to use the Software for internal use and for the scope and duration agreed in this Agreement. The Operator is authorized to access and use the Software on behalf of the Customer when it provides a supervision service (SOC) for the Customer under the conditions and according to the terms set out above. The Manager may be installed, depending on the Deployment Mode (i) either in the Editor’s Cloud, (ii) or On-premises.

Limitations: The Software Editor retains full intellectual property rights in the Software, including all copyrights, patents, trademarks and other intellectual property rights therein. The Customer acknowledges that the Editor does not grant any ownership rights in the Software, IPR or Open Source but only the right to use them in accordance with the License granted to them. The right to use Open Source derives from the open source license applicable to the software concerned. Information relating to Open Source may be supplied on written request by the Customer. Accordingly, the Customer undertakes not to infringe the relevant IPR and shall refrain from, without this list being exhaustive and unless it has obtained the Editor’s express authorization, the following conduct:

  • Decompile, disassemble or reverse engineer the Software, except for interoperability purposes and under the conditions set out in article L. 122-6-1 of the French Intellectual Property Code, only after first requesting the necessary information in writing from the Editor and only if the Editor refuses to provide such information.
  • Attempt to discover the structure of the source code or any other operational mechanism of the Software;
  • Reproduce the Software other than to make a single identical copy for backup purposes in accordance with the provisions of the French Intellectual Property Code;
  • Modify, correct, translate, arrange, adapt all or part of the Software or create derivative works from the Software or extract and re-use a qualitatively or quantitatively substantial part of the Software;
  • Market, sub-license, distribute, transfer, transmit the rights, rent, pledge, disseminate or make available the Software by any means whatsoever or copy all or part of the Software on any public or private network whatsoever other than in accordance with the terms of this agreement;
  • Remove or delete any notice relating to the Editor’s IPR on the Software or on any packaging or physical medium of the Software or Documentation or on any component of the Software;
  • Use the Software for any purpose other than those expressly authorised, on any system or operating location other than those agreed;
  • Reproduce the Documentation in more than the permitted number of copies, which by default is (1) copy.

The Customer acknowledges that any infringement of the Software Editor’s intellectual property rights or applicable open-source licenses may result in legal proceedings and penalties.

End of the rights granted: At the end of the term of the rights granted, set out in the contract (“Commitment Term”), the Customer may renew its License for use. In the absence of an order or renewal, the Customer undertakes to cease all access to and use of the Software, and to uninstall the Agents or have them uninstalled by the Operator. If the Software is hosted in the Editor Cloud, the Editor will deactivate the access rights enjoyed by the Operator within ten (10) working days of the expiry of the License. The Software will then become inaccessible to Users, and at the end of a period of one (1) month from the end of the License, the Editor will permanently delete the stored data. For other Deployment Modes, the Manager is uninstalled by the Customer or the Operator within fifteen (15) days of the end of the License. The Customer or the Operator undertakes to delete or have deleted any copy of the Software integrated into any other program or stored on any storage space and all information, in particular the Editor’s Confidential Information as defined in article 10, and to notify the Editor thereof.


5.     Duration and termination

This Agreement comes into force on the first day of the month following the date on which the Software is made available for the duration of the commitment of the order, whether the order is placed with a Partner or with the Editor directly (“Commitment Period“).

At the end of the Commitment Term, the Agreement may be extended by the issue of a new order to a Partner or to the Editor directly, one (1) month before the end of the Commitment Term, which will specify in particular the new Commitment Term, the number of Agents and any changes to the options subscribed to. If the order is not extended, the Agreement will expire at the end of the Commitment Period. In any event, the Agreement may not be tacitly renewed.

The Agreement may be terminated automatically by either Party in the event of the other Party failing to comply with its obligations, which has not been remedied, where possible, within thirty (30) days following formal notice to remedy, it being specified that the letter of formal notice must refer to this provision. The Customer’s obligations under this clause are as follows: (i) compliance with the conditions of access to and use of the Software, (ii) compliance with the Editor’s intellectual property rights and the terms of the license granted, (iii) compliance with the warranties and Prerequisites, (iv) compliance with the confidentiality undertakings and (v) payment of the sums due to the Editor, in accordance with the order or the signed quotation. In the event that the said breach cannot be remedied, the period of thirty (30) days shall operate as a notice period prior to termination. The User License will therefore be revoked under the conditions and with the consequences set out in Article 4.

Consequences of termination. The Customer shall confirm compliance with these undertakings in writing as soon as possible upon request by the Editor. The Editor may carry out all necessary verifications of the Customer’s compliance with these obligations, in particular by carrying out an audit in accordance with the conditions set out in the “Audit” clause herein. Should such checks reveal a breach, the costs thereof, including the time spent, shall be borne by the Customer. The Customer undertakes to ensure that Users comply with these terms and conditions, within the meaning of article 1204 of the French Civil Code.


6.     Availability of the Software in the Cloud or on-premises

6.1. Available in the Cloud

Editor’s liability. When the Editor provides the Customer with a hosting service for the Manager and data on its cloud environment. The Editor’s commitments in terms of service levels are specified in the Editor’s General Terms and Conditions.

Customer’s responsibility. Where the Editor provides the Customer with a hosting service for the Manager and the data on its cloud environment, insofar as the Software is accessible via the Internet, the Customer is solely responsible for the proper operation of its information system and the Internet connection which enable it and the Users to access the Software’s functionalities. The Customer is responsible for the means used to access the Software and for administering the Users’ rights (in particular defining the identifiers). The Customer is responsible for protecting access to the identifiers used to access the Software and for ensuring their confidentiality.


6.2. On-premises provision

Customer’s responsibility. The Manager and the data reported and generated by the Software are hosted either in the Customer’s environment or that of its third-party service provider. The Customer is solely responsible for the proper operation of its information system, which enables it and the Users to access the Software’s functions, and for administering the Users’ rights. The environment in which the Manager will be installed is specified in appendix 1 hereto or in any new order form.


6.3. Installation procedures

Once the Software has been delivered, the Customer or its Operator are solely responsible for deploying the Software on the Customer’s information system, i.e.:

  • Agents when the Software is deployed in the Cloud Editor ;
  • The Manager and Agents in all other cases.

The infrastructure on which the Software is deployed must meet the Requirements at all times. The Requirements are accessible on the Editor’s support portal and may be updated by the Editor at any time, in particular to take account of changes to the Software.


7.     Delivery, installation and acceptance

Delivery. The Software and Documentation are made available to the Customer under the conditions set out in the Editor’s General Terms and Conditions in accordance with the agreed Deployment Mode following receipt of a duly completed order from the Customer.

Acceptance. Acceptance of the Software is deemed to have taken place in the absence of reservations notified by the Customer to the Distributor or the Partner within two (2) working days after the date of delivery of the Software, even in the absence of a signed acceptance report.

Installation. Once the Software has been delivered, the Customer is responsible for installing it in the target environment in accordance with the provisions of Article 6.


8.     Editor warranties, support and maintenance

The Software is provided on an ‘as is’ and ‘as available’ basis. The Editor expressly excludes, to the fullest extent permitted by law, all non-mandatory warranties, including any warranty of fitness for a particular purpose or freedom from error. The Customer bears and assumes all risks associated with the results and performance of the platform and/or services and/or the use made thereof, or the reliance placed thereon.

The Editor provides the Customer with the warranties set out in the Editor’s General Terms and Conditions. The Editor’s General Terms and Conditions also specify the terms and conditions for the provision and implementation of Support and Maintenance.


9.     Customer’s warranties towards Editor

In using the Software, the Customer represents and warrants that, for the duration of use of the Software:

  • That it complies and will comply with any law applicable to it concerning the use of the Software, in particular the obligations incumbent upon it with regard to its staff in the context of the processing of their Personal Data, as defined below;
  • That it will comply with the Prerequisites and Documentation and refrain from using software packages, software or operating systems not identified as compatible with the Software;
  • That any elements supplied or collected by the Software do not infringe or violate any copyright, trademark or any other intellectual property or other right of any third party;
  • That the Customer acknowledges that the Software is not intended to be used to monitor staff activity, in particular during employee appraisals. The Editor may not be held liable for any decision taken by the Customer on the basis of information provided by the Software. Accordingly, any disputes between the Editor and employees or third parties arising from decisions taken on the basis of feedback provided by the Software shall be settled directly between the Customer, the parties concerned and the Partner, where applicable, and the Editor shall not be involved in the resolution of any such disputes.
  • In the case of the Customer, that it will inform Users that it is using the Software and that the feedback provided via the Agents installed on the workstations is likely to give access, for the sole purpose of managing the security of the information system, to all the information and documents contained on the workstations, including information, data, files or directories identified as personal by the Users or containing Personal Data.

10.  Confidentiality

The confidentiality obligations to which the Parties are subject under this Agreement are described in the Editor’s General Terms and Conditions.


11.  Personal data

Each of the Parties reciprocally undertakes to comply with the regulations in force relating to personal data as they result from Regulation (EU) 2016/679 of 27 April 2016 on data protection (“RGPD”), the French Data Protection Act no. 78-17 of 6 January 1978 in its updated version and any relevant recommendations of the CNIL relating to their activity (the “Data Privacy Regulations“). For the purposes of this article, the terms “Personal Data”, “Processing”, “Data Subject”, “Data Controller” and “Data Processor” have the meaning given to them by the Data Privacy Regulations.

The obligations of the Editor in its capacity as Processor of the Customer, or Data Controller where applicable, are described in the Editor’s General Terms and Conditions.


12.  Liability

The Editor may not be held liable in particular in the event of unavailability, interruptions or slowdowns of the Software, of any of the services or of errors preventing access to and use of the Software.

The Editor may not be held contractually liable for any damage suffered by the Customer, a User or a third party resulting directly or indirectly from the Customer’s, a User’s or a third party’s failure to comply with any of its obligations, from improper use of the Software or for purposes other than those for which it was intended, or from negligence.

The Editor may only be held liable in the event of proven fault or negligence and is limited to direct loss, to the exclusion of any indirect loss of any nature whatsoever, such as loss of opportunity, loss of profit or operating loss, loss of data, damage to image or reputation.

In any event, the total amount of compensation due by the Editor under the Agreement shall not exceed 50% of the Royalties paid to the Editor for the license concerned during the last twelve (12) months preceding the event giving rise to the claim.

The Parties acknowledge that the above limitations of liability do not deprive each of the Parties of their essential obligations, that they are consistent with the issues at stake in the Agreement and that they have been discussed in good faith. The Parties expressly exclude the application of articles 1221 to 1223 of the French Civil Code, which allow a judge to reduce the financial commitments or obligations of the Parties in the event of a breach of their obligations.


13.  Audit

The Customer agrees and undertakes to allow the Editor to check or have checked compliance with these terms and conditions and in particular the Software’s use in accordance with the Agreement, the GTCs and the Documentation, provided that the Editor gives the Customer five (5) working days’ prior notice, except in circumstances justifying urgent action. The Customer will provide the Editor, or the third party appointed by the Editor with all the assistance necessary for this purpose. In the event that it is established by the Editor that the terms of the license granted are not being complied with, the Editor reserves the right to invoice the Customer for the amount of the Royalty that the Customer should have paid in accordance with the actual use made of the Software. Should the checks reveal a breach, the costs associated with these checks, including the time spent, will be borne by the Customer.


14.  Insurance

The Customer declares that it has taken out an insurance policy with a solvent insurance company to cover the consequences of its professional civil liability arising from any damage resulting from the performance of these terms and conditions and, more generally, from its activities. Each Party undertakes to maintain this policy in force for the entire duration of the Agreement and to be able to provide proof thereof to the other Party on request.


15.  General provisions

Force majeure: The Parties shall not be liable in the event of delay or non-compliance with any of their obligations under the terms of the Agreement or its termination due to a cause or situation of force majeure as defined in article 1218 of the French Civil Code or recognized by case law. The Party concerned shall notify the other Party of the occurrence of such an event of force majeure without delay, specifying the nature of the event. If performance of the Agreement is prevented or limited for a continuous period of three (3) months, the Party that is not in default may terminate the Agreement immediately by giving written notice to the other Party.

Entire agreements and amendments: The Agreement replaces and cancels any previous oral or written undertaking relating to the subject matter of the Agreement and prevails over any previous agreement regardless of its form and any document issued by the Customer such as, in particular, any general terms and conditions of purchase of the Customer or commercial proposal. The Agreement may only be modified (i) automatically, when a new version of the End User License Agreement comes into force one month after the Editor notifies the Customer of the new version, (ii) by an amendment or (iii) with regard to the scope of the license, by an order form, which must be signed by a duly authorized representative of the Parties unless the Parties have agreed otherwise herein. In the event of any contradiction between these provisions and the annexes, the provisions of the Agreement shall prevail.

Non-waiver: Unless otherwise provided for herein, the fact that either Party does not claim the application of any of the provisions of the Agreement or acquiesces in its non-performance may not be interpreted as a waiver of the rights deriving from the said provision for the Party in question.

Independence of clauses: The invalidity or inapplicability of any of the provisions of the Agreement shall not invalidate the other provisions, which shall retain all their force and scope. In such a case, the Parties shall use their best efforts to renegotiate in good faith the invalidated provision with a provision having an effect as equivalent as possible to that of the invalidated provision.

Notification: Any notification required or permitted hereunder must be made in writing and is validly effected by hand-delivered letter, registered letter with acknowledgement of receipt, by email to the address appearing at the head of these presents or to any other address that may be communicated subsequently, it being understood that notifications by simple letter or email are admitted provided that the sender can establish receipt thereof, such proof being able in particular to result from a reply from the addressee or from an acknowledgement of receipt of the dispatch. In this case, the effective date for running the time limits set out herein is the date of this reply. In the case of registered mail or special mail with acknowledgement of receipt, the effective date is the date of first presentation. Regarding the notification of modification of the present Contract, when a new version comes into force, this will be done either directly by the Editor, or by the Partner or the Authorized Distributor.

Applicable law and competent courts: The Agreement is governed by French law. All disputes to which it may give rise in connection with its interpretation or application, or which may arise as a result or consequence thereof, shall be submitted, in the absence of an amicable agreement between the Parties materialized by the signing of a memorandum of understanding within thirty (30) days following notification by one of the Parties of the dispute describing the dispute and referring to this provision, to the exclusive jurisdiction of the Commercial Court of PARIS.

BY SIGNING THIS DOCUMENT OR ANY CONTRACTUAL DOCUMENT (SUCH AS AN ORDER OR QUOTE) EXPRESSLY REFERRING TO THIS DOCUMENT, THE CUSTOMER ACKNOWLEDGES THAT THEY HAVE READ AND UNDERSTOOD THIS LICENSE AGREEMENT, AND THAT THEY AGREE TO BE BOUND BY ITS CONTRACTUAL TERMS, UNCONDITIONNALLY. The Editor expresses his commitment by making the Software available, so that his signature is not required, to form part of the Contract and for the present Contract to be valid and enforceable against the Customer.

The Editor reserves the right to modify this End User License Agreement at any time. The new version will come into force one month after the Editor has notified the Customer directly or through the Partner or Distributor of the new version. The Parties have agreed to accept the new provisions unconditionally, after the notification period.