Field Effect Cyber Range™
Terms of use
These terms of use (“Terms of Use”) govern the use of the Cyber Range software (as defined below) and associated materials to be delivered to Customer by Field Effect (as defined below) and as specified in an Order Form. By executing an Order Form referencing these Terms of Use and/or by using Cyber Range and the Field Effect Content Library, as permitted under these Terms of Use, Customer agrees to be bound by these Terms of Use, the Privacy Policy (as defined below) and any additional terms that may be incorporated by reference (collectively, the “Agreement”).
1. Definitions
1.1 “Account” is defined in Section 2.5.1;
1.2 “Business Day” means any day other than a Saturday, Sunday, or statutory holiday in the Province of Ontario;
1.3 “Confidential Information” means any data, documentation, or other information of a proprietary or confidential nature, whether or not identified as being confidential or proprietary, which is disclosed or made available by a party to the other party in connection with this Agreement. With the exception of Personal Information, Confidential Information does not include information that the receiving party can establish, with reasonable evidence, that: (i) the receiving party already knew; (ii) becomes public through no fault of the receiving party; (iii) was independently developed by the receiving party without use of or reference to the disclosing party’s confidential information; or (iv) was rightfully given to the receiving party by a third party without any obligation of confidentiality.
1.4 “Custom Content” means any course, assessment or scenario authored by or specifically for Customer using Cyber Range;
1.5 “Customer” means the customer identified in the applicable Order Form, including, as applicable, Users who gain access to Cyber Range and the Field Effect Content Library through Customer;
1.6 “Customer Data” means any data or other information provided, transmitted, displayed or made available to Field Effect by Customer or Users by or through the use of the Hosted Model of Cyber Range or the Field Effect Content Library;
1.7 “Cyber Range” means Field Effect’s Cyber Range software that is made available to Customer under either the Licensed Model or the Hosted Model, as specified in the Order Form;
1.8 “Effective Date”means the “Effective Date” specified in an Order Form or, if no “Effective Date” is specified, then the date that Customers signs an Order Form;
1.9 “Fees” means the fees and charges specified in the Order Form;
1.10 “Field Effect” means Field Effect Software Inc., 207-825 Exhibition Way, Ontario, Canada K1S 5J3, except as otherwise provided in Section 12.9;
1.11 “Field Effect Content Library” means any course, assessment, scenario or event provided by Field Effect to Customer for use with Cyber Range.
1.12 “High Risk Activity”means activities with a likelihood of injury or death, including but not limited to, controlling aircraft or other modes of human mass transportation, nuclear or chemical facilities, life support systems, weaponry systems or any similar scenario where failure could lead to personal injury, death or environmental damage;
1.13 “Hosted Model” means access to Cyber Range by Customer and its Users from an installation hosted by Field Effect, in accordance with the terms and conditions herein;
1.14 “Intellectual Property Rights” means any right that is or may be granted or recognized under any Canadian or foreign legislation regarding patents, copyrights, neighbouring rights, moral rights, trade-marks, trade names, service marks, industrial designs, mask work, integrated circuit typography, privacy, publicity, celebrity or personality rights and any other statutory provision or common or civil law principle regarding intellectual and industrial property, whether registered or unregistered, and including rights in any application for any of the foregoing;
1.15 “Licensed Model” means the right for Customer to install, using a license key provided by Field Effect, Cyber Range and the Field Effect Content Library on its network, in accordance with the terms and conditions herein;
1.16 “Order Form” means an order form for Cyber Range entered into between Field Effect and Customer, and which incorporates these Terms of Use by reference;
1.17 “Personal Information” means information about an identifiable individual as contemplated under applicable privacy laws;
1.18 “Support Services” means the support services for Cyber Range described in Section 2.6.2;
1.19 “Third Party Materials” means data, services, content, software, hardware, add-ons and applications provided by a third party that interoperate with or are complimentary to Cyber Range and the Field Effect Content Library. Third Party Materials may include an application that is listed in a catalog or package offered by Field Effect; and
1.20 “User” means any individual who uses or gains access to Cyber Range either through Customer’s Account or through access provided by Customer.
2. Use of Cyber Range and Field Effect Content Library
2.1 Customer may only receive or access and use Cyber Range and the Field Effect Content Library: (i) during the Term; (ii) for the business purposes identified in the Order Form; (iii) in accordance with this Agreement; and (iv) subject to any restrictions or limits on the number of Users or other usage limits set out in the Order Form. Customer is responsible for ensuring that all Users comply with Customer’s obligations under this Agreement. If Customer does not understand these Terms of Use or any part of this Agreement or does not agree to any of these Terms of Use or the Agreement, Customer must not use Cyber Range and the Field Effect Content Library.
2.2 As part of or through Customer’s use of Cyber Range and the Field Effect Content Library, Customer may receive or have access to Third Party Materials. Customer is responsible for complying with any terms or conditions applicable to such Third Party Materials. Except as may be expressly provided, Third Party Materials are available “AS IS” without indemnification, support, or warranty or condition of any kind from Field Effect.
2.3 Field Effect may provide Cyber Range and the Field Effect Content Library with the assistance of its affiliates, subcontractors, or suppliers. Notwithstanding the foregoing, Field Effect will remain responsible to Customer for delivery of Cyber Range and the Field Effect Content Library.
2.4 Customer and Users must comply with all laws, rules, and regulations applicable to their use of Cyber Range and the Field Effect Content Library and to any Custom Content or Customer Data, including but not limited to import and export controls and economic sanctions. Customer and Users agree that the sale, supply, delivery, servicing, export, re-export and/or use of Cyber Range and the Field Effect Content Library is subject to applicable export controls, economic sanctions, customs, import, and export laws and regulations promulgated and enforced by Canada, the United States, the United Kingdom, European Union, Australia, Customer’s and Users’ country of residence and any other governmental body having jurisdiction over the parties to this Agreement (“Trade Controls”). Customer and/or User agree not to sell, supply, deliver, export, re-export, use, transfer or disclose any portion of Cyber Range or the Field Effect Content Library or any related technical information or materials, directly or indirectly, in violation of any applicable Trade Controls. Customer represents and warrants that neither it nor its shareholders, members, partners, or other owners are listed on, or ultimately own more than 50% or more, collectively or individually by anyone listed on a restricted or designated entity and/or persons list maintained by the United Nations, Canada, the United States, the United Kingdom, European Union, Australia or other local restricted or designated entity and/or persons list. Customer and/or User is responsible to obtain all necessary approvals and authorizations to import, export, or re-export Cyber Range or the Field Effect Content Library or any portion thereof or any related technical information or materials, directly or indirectly. Field Effect will not be liable to Customer or User for any loss or expense if Customer fails to comply with any Trade Controls. Customer shall indemnify and hold Field Effect and its affiliates and each of their directors, officers, employees, agents, subcontractors, successors and permitted assigns (collectively, the “FES Parties”) harmless from any claims, fees, expenses or damages related to Customer’s violation of any Trade Controls or this Section 2.4. Upon request, Customer will complete and provide an end use certificate in the form requested by Field Effect. Field Effect may suspend and/or cancel the sale, supply, delivery, servicing, export, and/or re-export of Cyber Range and the Field Effect Content Library, if: (i) Field Effect has not received requested end-user certifications; (ii) the parties have not received required government approvals to comply with Trade Controls; or (iii) Field Effect believes that any sale, supply, delivery, servicing, export, re-export and/or use of Cyber Range and the Field Effect Content Library may violate any Trade Controls. If Cyber Range and/or the Content Library are resold or transferred in violation of any Trade Controls or the provision of this Agreement, Field Effect shall not be obligated to undertake any further activities related to Cyber Range or the Field Effect Content Library.
2.5 Cyber Range and the Field Effect Content Library are licensed, not sold. Field Effect and its licensors own and shall retain all right, title and interest (including without limitation all Intellectual Property Rights) in and to Cyber Range and the Field Effect Content Library and any corrections, bug fixed, enhancements, modifications or new versions thereof, all of which shall be deemed part of Cyber Range and the Field Effect Content Library and subject to all the provisions of this Agreement. As between Field Effect and Customer, Field Effect owns all Intellectual Property Rights in Cyber Range and the Field Effect Content Library.
2.6 Field Effect may update and otherwise modify the Cyber Range and Field Effect Content Library, at its sole discretion, provided such changes to not materially diminish the quality or level of Cyber Range and the Field Effect Content Library.
2.7 Hosted Model – Specific Terms. If Customer has purchased the Hosted Model:
2.7.1 Account - Customer must have an account (“Account”) and is responsible for the information provided to create that Account, the security and passwords for that Account, and for any use (or User’s use) of that Account. Customer must keep login credentials confidential. If Customer believes its Account has been compromised, or if Customer becomes aware of any unauthorized use of its Account, Customer will notify Field Effect by e-mail as promptly as possible at security@fieldeffect.com;
2.7.2 Compliance and Monitoring - Field Effect may monitor use of Cyber Range and the Field Effect Content Library to verify Customer’s and Users’ compliance with this Agreement. Monitoring for compliance may include the collection of configuration, performance, usage, and consumption data, in order to: (i) facilitate or improve Cyber Range and the Field Effect Content Library; and (ii) improve Field Effect’s products and services. Field Effect will not access any Customer Data except for these reasons. Field Effect may request information from Customer to assist with such verification, and Customer shall provide such information to Field Effect. If Field Effect reasonably believes that a problem with Cyber Range or the Field Effect Content Library may result from Customer Data or the use of Cyber Range and the Field Effect Content Library by Customer or Users, Customer will cooperate with Field Effect to identify and resolve the problem; and
2.7.3 Connectivity - Customer is responsible for maintaining a suitable connection to Cyber Range and the Field Effect Content Library and for ensuring that Customer contacts identified in the Order Form are available and responsive when contacted by Field Effect to address and resolve access-related incidents, and to permit Field Effect to carry out support or other services or tasks.
2.8 Licensed Model – Specific Terms. If Customer has purchased the Licensed Model:
2.8.1 Scope of License - Subject to the terms and conditions of this Agreement, Field Effect grants to Customer, during the Term, a limited, non-exclusive, non-transferable, non-assignable, revocable and royalty-free license to install, access and use Cyber Range and the Field Effect Content Library on its network (which includes, for greater certainty, secure space within a third party hosted environment) solely for Customer’s internal business purposes as described in an Order Form. Such license grant will be subject to any restrictions or limits on the number of Users, or other usage limits set out in an Order Form. Customer shall not, except with prior written approval of Field Effect, use Cyber Range or the Field Effect Content Library for the benefit of, or disclose the Cyber Range or Field Effect Content Library to, any other agency, department, perso, company or other entity. Nothing in this Agreement constitutes a transfer of any Intellectual Property Rights in the Cyber Range or the Field Effect Content Library.
2.8.2 Support Services - Field Effect support hours for core technical support, such as basic troubleshooting and configuration guidance are currently 9:00 a.m.- 5:00 p.m. in Customer’s time zone. Support is available for business impacting issues occurring outside of standard support hours as set out in the chart below. During those hours, Field Effect technical staff are available to directly assist Customer with support requests. Support is available through the following methods:
Phone
Canada and the United States: +1-800-299-8986
Email
support@fieldeffect.com
Support tickets will be viewed and acknowledged by Field Effect within the applicale time limits, using commercially reasonable efforts, based on issue priority as set out in the chart below:
Issue severity |
Description |
First Response Time |
Availability |
1 - Urgent |
Cyber Range is exhibiting a business impacting issue that is severely impacting the use of Cyber Range and impacting live training or exercises. |
1 hour |
24x7 |
2 - High |
Cyber Range is exhibiting a business impacting issue and some training or exercises are impacted. |
8 hours |
12x5 |
3 - Medium |
Cyber Range is exhibiting an issue, but training and exercises are minimally impacted. |
2 Business days |
12x5 |
4 - Low |
Routine questions about product use and feature requests. |
5 Business days |
12x5 |
Field Effect, in its sole discretion, reserves the right to modify the severity level of a support ticket submitted by Customer.
The Technical Contact listed on the Order Form will be contacted during Support Hours for questions related to Customer’s support ticket.
Updates and Upgrades. During the Term, Field Effect will make available to Customer updates and upgrades to Cyber Range and the Field Effect Content Library. Field Effect reserves the right not to support versions of Cyber Range that Customer has elected not to install.
2.9 Modification of Cyber Range and Field Effect Content Library. Field Effect may, from time to time: (i) change, update or upgrade (a) Cyber Range and the Field Effect Content Library, (b) the terms governing Customer’s use of Cyber Range or the Field Effect Content Library (including the Privacy Policy), or (c) any portion of the documentation relating to Cyber Range or the Field Effect Content Library; or (ii) elect to cease providing any aspect of Cyber Range or the Field Effect Content Library. Field Effect will give Customer prior notice of any such changes, and the effective dates of such changes, by posting a notice at https://support.fieldeffect.com, or via email or other communications Field Effect typically uses to notify Customer of changes. The modifications will become effective on the date specified in such notice. Customer’s continued use of Cyber Range or the Field Effect Content Library after such effective date will be deemed acceptance of the modified terms. If Field Effect makes a material or detrimental change to Cyber Range and the Field Effect Content Library, the terms governing Customer’s use of Cyber Range and the Field Effect Content Library, or to any part of the Cyber Range and Field Effect Content Library documentation that affects Customer’s use or ability to use Cyber Range or the Field Effect Content Library, Customer may terminate this Agreement by notifying Field Effect no later than thirty (30) days after the effective date of the change. If Customer terminates this Agreement pursuant to this Section 2.7, the termination will be effective as of: (i) the date Field Effect receives Customer’s notice, or (ii) any later date specified in such notice. Customer will be responsible for all Fees incurred up to and including the effective date of any termination pursuant to this Section 2.7.
2.10 Training. Field Effect will provide the training purchased by Customer as set out in the applicable Order Form. Customer may purchase additional training at Field Effect’s standard rates by submitting a request to Field Effect and which may require an additional Order Form.
2.11 Custom Content. Customer may request, and Field Effect may provide, consulting services for the development of Custom Content. Such services shall be delivered pursuant to a statement of work as agreed upon by the parties.
3. Customer Obligations and Restrictions on Use
3.1 Customer and Users must not: (i) resell, sublicense, or distribute any aspect of Cyber Range or the Field Effect Content Library; (ii) copy, modify, or create derivative works of, reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract any source code of Cyber Range, except to the extent permitted by applicable law; (iii) use Cyber Range or the Field Effect Content Library to directly or indirectly create, train, or improve a substantially similar service or product; (iv) use Cyber Range in connection with any High Risk Activity; (v) access Cyber Range and the Field Effect Content Library in a manner intended to avoid incurring Fees or accepting this Agreement or any other applicable terms; (vi) engage in, promote or encourage illegal activity; (vii) use Cyber Range for any unlawful, invasive, infringing, defamatory or fraudulent purpose (e.g., phishing); (viii) use Cyber Range to intentionally distribute viruses, worms, Trojan horses, corrupted files, hoaxes, or other items of a destructive or deceptive nature; (ix) disable, interfere with or circumvent any aspect of Cyber Range or the Field Effect Content Library; (x) use Cyber Range for purposes of benchmarking or other competitive analysis; (xi) remove any trademarks, copyright notices, restricted rights legends or proprietary markings on the copy of Cyber Range or the Field Effect Content Library originally provided to Customer; or (xii) use Cyber Range or any interfaces provided by or through Cyber Range in any manner or for any purpose not authorized by this Agreement or to access any other Field Effect product or service in a manner that violates or avoids the terms with respect to such other Field Effect product or service.
3.2 If Customer becomes aware of any actual or suspected violation of Section 3.1, Customer must take prompt action to remove applicable Customer Data and/or Custom Content, and/or suspend use of Cyber Range or the Field Effect Content Library. Field Effect may require that Customer take the foregoing or other actions within a specified period of time. If Customer fails to comply with any such request, Field Effect may take steps to suspend or terminate Customer’s use of Cyber Range and the Field Effect Content Library pursuant to Sections 7 or 8.
4. Payment Terms
4.1 Customer will be responsible for paying the applicable Fees for Cyber Range and the Field Effect Content Library as set out in an Order Form. Fees do not include any applicable commodity taxes, or other taxes levied or assessed by any local and/or government authority, as well as surcharges for foreign taxes or those imposed by third-party providers, and any applicable withholding tax (collectively “Taxes”) and Customer will be responsible for paying such Taxes. Field Effect will invoice Customer in advance for Fees and Taxes as specified in the Order Form. Unless otherwise expressly set out in an Order Form, payment obligations are non-cancellable and all Fees are non-refundable. If Customer exceeds applicable limits on the number of licenses or Users, or other usage limits set out in the Order Form, then such overage will be treated as an additional order for such additional licenses, Users, or other usage permissions for the balance of the Term, as determined by Field Effect in its sole discretion, and shall be charged to Customer in accordance with the Fees set out in the Order Form.
4.2 Payment. Payment may be made by credit card, cheque, electronic funds transfer or wire transfer. Field Effect, in its sole discretion, reserves the right to change acceptable methods of payment upon prior notice to Customer. Customer must pay all Fees owing to Field Effect, in the amount and currency, and on the date specified, in the applicable invoice. Payment shall be due no later than thirty (30) days from the date of the invoice. If any legislation authorizes Customer to purchase Cyber Range or other Field Effect products without payment of commodity taxes, Customer must supply Field Effect, in advance, with sufficient documentary evidence of such authorization. Fees and Taxes are subject to a late payment charge at the rate specified in the invoice, which rate may vary from time to time, calculated from the invoice date, if Fees and Taxes are not paid when due.
4.3 Disputed Charges.Customer shall notify Field Effect within thirty (30) days of the date of the applicable invoice of any charges that Customer disputes and Customer shall provide Field Effect with sufficient detail supporting the basis of the dispute. If Field Effect determines that the basis for the dispute is correct, Field Effect will, at its option, either issue a corrected invoice or a credit memo for the incorrect amount.
5. Proprietary Rights, Access and Privacy
5.1 Ownership of Cyber Range and Field Effect Content Library. As between the parties, Field Effect owns and retains all right, title and interest, and all Intellectual Property Rights in and to, Cyber Range and the Field Effect Content Library, including all improvements, enhancements, and modifications thereto or thereof. This includes any information (other than Customer Data and Custom Content) that Field Effect collects and analyzes in connection with Cyber Range, any reports generated by Field Effect, and any suggestions, comments or ideas that Customer contributes to or discloses to Field Effect with respect to Cyber Range and the Field Effect Content Library. Customer’s rights to use Cyber Range and the Field Effect Content Library are limited to those expressly granted in this Agreement. No other rights with respect to Cyber Range or any related Intellectual Property Rights in the Field Effect Content Library are granted or implied.
5.2 Data Ownership. As between the parties, Customer retains all right, title and interest in and to any Customer Data and Custom Content that it develops, and all Intellectual Property Rights in such Customer Data and Custom Content except that any Field Effect content used in the Custom Content will remain owned by Field Effect, including all associated Intellectual Property Rights. Field Effect’s rights to access and use Customer Data are limited to those set out in this Agreement. Customer will own Custom Content created by it, subject to the restrictions in this Agreement and unless otherwise specified in an agreed statement of work that governs the creation of that Custom Content.
5.3 Field Effect may collect, use, process, transfer, store and disclose Customer Data, including Personal Information, as required to provide Cyber Range and the Field Effect Content Library, and in accordance with applicable privacy laws, Section 2 herein and Field Effect’s privacy policy, found at https://fieldeffect.com/terms-privacy (“Privacy Policy”). Customer warrants and represents that it has obtained all required consents and/or provided all required notifications, including from Users, to allow Field Effect to collect, use, process, transfer and disclose Customer Data, including Personal Information, as contemplated by and under this Agreement and the Privacy Policy.
5.4 Customer is responsible for ensuring that the security of Cyber Range and the Field Effect Content Library is appropriate for Customer’s intended use. Customer is responsible for taking and maintaining appropriate steps to protect the confidentiality, integrity and security of all Customer Data, where applicable, from unauthorized access, use, loss or destruction. Those steps include, but are not limited to: (i) implementing any Field Effect guidance on deployment conditions; (ii) controlling the access that Customer provides to Users; (iii) configuring Cyber Range appropriately; (iv) ensuring the security of Customer Data while it is in transit to and from Cyber Range (if applicable); (v) using encryption technology to protect Customer Data; and (vi) backing up Customer Data. Customer is responsible for providing any necessary notices to Users and obtaining any legally required authorizations or consents from Users regarding their use of Cyber Range and the Field Effect Content Library.
6. Confidential Information
6.1 Each party will: (i) protect the other party’s Confidential Information with the same standard of care it uses to protect its own Confidential Information of similar nature (but in no event less than a reasonable standard of care); and (ii) not disclose Confidential Information, except to employees, contractors and agents who bound by confidentiality obligations, on a need-to-know basis. Each party (and any employees, contractors and agents to whom it has disclosed Confidential Information) may use such Confidential Information only to exercise rights and fulfill obligations under this Agreement. Each party is responsible for any actions of its employees and agents in violation of this Section 6.1. Subject to section 5.3, upon termination of this Agreement, the parties will promptly either return or destroy all Confidential Information, and, upon request, provide written certification of compliance with this Section 6.1. Notwithstanding the foregoing, the parties agree that this Section 6.1 does not operate to prevent the parties from retaining the other party’s business contact information (including business email addresses) after termination of this Agreement and in accordance with applicable laws.
6.2 If the receiving party is compelled by law to disclose Confidential Information of the disclosing party, the receiving party shall provide the disclosing party with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the disclosing party’s cost, if the disclosing party wishes to contest the disclosure.
6.3 If the receiving party discloses or uses (or threatens to disclose or use) any Confidential Information of the disclosing party in breach of this Section 6, the disclosing party will have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts, it being specifically acknowledged by the parties that any other available remedies are inadequate.
6.4 Neither party will issue any press release, public announcement, or public statement regarding the existence or content of this Agreement without the other party’s prior written approval, provided that Field Effect may include Customer’s name and logo online or in promotional materials. Customer may revoke Field Effect’s right to use Customer’s name and logo under this Section 6.4 with written notice to Field Effect and a reasonable period to stop such use.
7. Suspension
Field Effect may suspend Customer’s use of Cyber Range and the Field Effect Content Library if (i) Field Effect has not received payment for Cyber Range and the Field Effect Content Library within thirty (30) days after the date on which payment is due; (ii) Customer is in breach of a material term of the Agreement; (iii) Customer’s use of Cyber Range poses a security risk to the intended operation of Cyber Range or to other users of Cyber Range; or (iv) suspension is required pursuant to a court order or other legal requirement. Field Effect will give Customer notice before suspending Customer’s use of Cyber Range or the Field Effect Content Library if permitted by applicable law or unless Field Effect determines that providing notice presents a risk of harm to Cyber Range, to other users of Cyber Range, or to any person or property, in which case Field Effect will notify Customer as soon as feasible or permitted. Customer will remain responsible for all Fees incurred before or during any suspension.
8. Term and Termination
8.1 Term. This Agreement commences on the Effective Date and, unless terminated earlier as provided herein, will remain in effect for the Agreement Term specified in an Order Form (the “Term”).
8.2 Termination for Cause. This Agreement may be terminated at any time by:
(a) either party, effective on written notice to the other party, if the other party materially breaches this Agreement, and such breach is: (i) incapable of cure; or (ii) being capable of cure, remains uncured thirty (30) days after receiving written notice of the breach;
(b) either party, effective immediately, if the other party enters into a compulsory or voluntary liquidation, or convenes a meeting of its creditors or has a receiver appointed over any part of its assets or takes or suffers any similar action in consequence of a debt, or ceases for any reason to carry on business;
(c) Field Effect, if Customer does not resolve the underlying cause resulting in a suspension pursuant to Section 7 within ten (10) days after such suspension; and
(d) Field Effect, effective on written notice to the Customer, if Customer fails to pay any undisputed Fees, taxes or other amounts when due under this Agreement.
8.3 Termination for Convenience. Subject to any early termination fees specified in an Order Form, either party may terminate this Agreement for any reason by providing the other party with at least sixty (60) days’ advance written notice.
8.4 Effect of Termination. Upon the expiry or termination of this Agreement for any reason, all rights granted to Customer under this Agreement, including Customer’s right to use Cyber Range and the Field Effect Content Library, will immediately terminate and Customer must: (i) stop all use of Cyber Range and the Field Effect Content Library, (ii) return or, if Field Effect requests, destroy any Confidential Information of Field Effect, and (iii) within thirty (30) days destroy all versions of Cyber Range and the Field Effect Content Library within Customer’s and its Users’ possession or control; and (iv) pay all Fees owing as of the termination date, including any early termination fees specified in an Order Form. As between Customer and Field Effect, Customer is responsible for ensuring that Customer has necessary copies of all Customer Data prior to the date of expiry or termination. Except to the extent permitted under Section 8.2(a) in the case of a breach by Field Effect or Section 10.3 due to a breach by Field Effect, termination of this Agreement will not entitle Customer to any refunds, credits or exchanges.
8.5 Survival. Any provision that, by its nature and context is intended to survive termination or expiration of this Agreement, including Sections 1, 4, 5, 6, 8, 9, 10, and 11 will survive.
9. Warranty and Disclaimer
FIELD EFFECT DOES NOT WARRANT THAT THE OPERATION OF CYBER RANGE AND THE FIELD EFFECT CONTENT LIBRARY WILL BE UNINTERRUPTED OR ERROR FREE, OR THAT CYBER RANGE AND THE FIELD EFFECT CONTENT LIBRARY WILL MEET (OR IS DESIGNED TO MEET) CUSTOMER’S BUSINESS REQUIREMENTS. SUBJECT TO SECTION 11.3, FIELD EFFECT IS NOT RESPONSIBLE OR LIABLE FOR THE DELETION OF OR FAILURE TO STORE ANY CUSTOMER DATA OR THE DISABLING OF OTHER COMMUNICATIONS MAINTAINED OR TRANSMITTED THROUGH CUSTOMER’S USE OF CYBER RANGE AND THE FIELD EFFECT CONTENT LIBRARY. CUSTOMER, AND ITS USERS, AS APPLICABLE, ARE SOLELY RESPONSIBLE FOR SECURING AND BACKING UP CUSTOMER DATA AT ALL TIMES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, FIELD EFFECT DOES NOT MAKE ANY WARRANTIES OR CONDITIONS OF ANY KIND RELATED TO CYBER RANGE AND THE FIELD EFFECT CONTENT LIBRARY, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR RELIABILITY.
10. Indemnification
10.1 Indemnification by Customer. If Field Effect or any FES Parties are subject to any third party claim or demand concerning: (i) any Customer Data; (ii) any infringement or misappropriation of any Intellectual Property Rights by Customer or any Users in connection with the use of Cyber Range, the Field Effect Content Library or Custom Content; (iii) any violation of law by Customer or any Users in connection with the use of Cyber Range, the Field Effect Content Library or Custom Content; (iv) Customer’s or Users’ use of Cyber Range and the Field Effect Content Library in violation of this Agreement; (v) unauthorized disclosure of Customer Data to Field Effect or any FES Parties; or (vi) Customer’s or Users’ use of any Third Party Materials (collectively, “Claims”), Customer will defend, indemnify and hold Field Effect and the FES Parties harmless from and against any such Claims and any and all fines, losses, damages or other costs arising out of or otherwise relating to the Claims, including reasonable legal fees, disbursements and charges and costs of enforcing any right to indemnification hereunder, or agreed to in settlement of the Claims. Field Effect will: (i) notify Customer as soon as possible, in writing, of any Claim; (ii) give Customer control over the defence regarding any Claim; and (iii) reasonably cooperate in response to Customer’s requests for assistance. Subject to the foregoing, Field Effect may participate in the defence or settlement of the Claim, at its own expense. Customer will not settle any Claims, without Field Effect’s prior written consent, not to be unreasonably withheld.
10.2 Indemnification by Field Effect. Field Effect agrees to defend, indemnify and hold Customer harmless against any third party claims alleging that Cyber Range and the Field Effect Content Library or use of Cyber Range and the Field Effect Content Library for purposes authorized in this Agreement infringes any Intellectual Property Rights or other proprietary right of such third party or constitutes misuse or misappropriation of a trade secret of a third party (an “Infringement Claim”). Customer will: (i) notify Field Effect as soon as possible in writing of any Infringement Claim; (ii) give Field Effect control over the defence regarding the Infringement Claim; and (iii) reasonably cooperate in response to Field Effect’s requests for assistance. Field Effect will pay all damages finally awarded against and reasonable legal expenses incurred by Customer.
10.3 If Cyber Range and/or the Field Effect Content Library become or, in Field Effect’s opinion, is likely to become the subject of an Infringement Claim, Field Effect will, at Field Effect’s option and expense: (i) procure the rights necessary for Customer to keep using Cyber Range and the Field Effect Content Library; (ii) modify or replace Cyber Range and/or the Field Effect Content Library to make it non-infringing; or (iii) terminate this Agreement and refund any prepaid Fees for the remaining portion of the Term.
10.4 Field Effect will have no obligation under Section 10.2 or otherwise with respect to any Infringement Claim based on: (i) Third Party Materials; (ii) any combination of Field Effect products and services with non-Field Effect products or services, including any Third Party Materials; (iii) use of Cyber Range and the Field Effect Content Library for a purpose or in a manner not permitted by this Agreement; (iv) any modification to Cyber Range and the Field Effect Content Library made without Field Effect’s express written consent or as permitted by this Agreement; (v) the creation and use of Custom Content; or (vi) any aspect of Cyber Range provided on a no-charge, trial, beta or evaluation basis.
10.5 This Section 10 sets out Customer’s sole remedies and Field Effect’s sole liability and obligation for any actual, threatened or alleged claims that Cyber Range or the Field Effect Content Library infringe, misappropriate, or otherwise violate any Intellectual Property Rights of any third party.
11. Limitation of liability
11.1 LIABILITY FOR DAMAGES. THE TOTAL, CUMULATIVE, AGGREGATE LIABILITY OF FIELD EFFECT AND THE FES PARTIES TO CUSTOMER FOR DAMAGES, EXPENSES, COSTS, LIABILITY, CLAIMS OR LOSSES (COLLECTIVELY “DAMAGES”) ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE PROVISION OF CYBER RANGE AND THE FIELD EFFECT CONTENT LIBRARY HEREUNDER, WHETHER ARISING IN NEGLIGENCE, TORT, STATUTE, EQUITY, CONTRACT, COMMON LAW, OR ANY OTHER CAUSE OF ACTION OR LEGAL THEORY EVEN IF FIELD EFFECT OR THE FES PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES, IS LIMITED TO DIRECT, ACTUAL, PROVABLE DAMAGES AND WILL IN NO EVENT EXCEED AN AMOUNT EQUAL TO THE TOTAL AGGREGATE MONTHLY FEES PAID BY CUSTOMER FOR CYBER RANGE AND THE FIELD EFFECT CONTENT LIBRARY DURING THE TWELVE (12) MONTH PERIOD BEFORE THE EVENT GIVING RISE TO THE DAMAGES. THE LIMITATIONS SET OUT IN THIS SECTION 11 WILL SURVIVE AND APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.
11.2 NO LIABILITY FOR CERTAIN DAMAGES. IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY LOST BUSINESS REVENUE, LOSS OF PROFITS, OR FAILURE TO REALIZE EXPECTED PROFITS OR SAVINGS OR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE LOSSES OR DAMAGES REGARDLESS OF THE FORM IN WHICH ANY ACTION IS BROUGHT, WHETHER ARISING IN NEGLIGENCE, TORT, STATUTE, EQUITY, CONTRACT, COMMON LAW, OR ANY OTHER CAUSE OF ACTION OR LEGAL THEORY EVEN IF SUCH PARTY HAS BEEN ADVISED OF OR HAD KNOWLEDGE OF THE POSSIBILITY OF SUCH DAMAGES OR SUCH DAMAGES WERE OTHERWISE FORESEEABLE. FIELD EFFECT AND THE FES PARTIES WILL NOT BE LIABLE FOR ANY DAMAGES WHATSOEVER FOR DAMAGE TO CUSTOMER NETWORKS OR THE NETWORK OF ANY THIRD PARTY AS A RESULT OF THE DELIVERY OF CYBER RANGE AND THE FIELD EFFECT CONTENT LIBRARY, INCLUDING ACCESS TO CUSTOMER NETWORKS AND CUSTOMER DATA.
11.3 NOTWITHSTANDING ANYTHING IN THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO THIS SECTION 11, IF ANY CUSTOMER DATA IS LOST, DAMAGED, OR CORRUPTED AS A RESULT OF FIELD EFFECT’S OR THE FES PARTIES’ GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, FIELD EFFECT’S AND THE FES PARTIES ONLY LIABILITY IS, AT FIELD EFFECT’S EXPENSE, TO RESTORE CUSTOMER DATA USING THE MOST RECENT BACK-UP KEPT BY CUSTOMER. CUSTOMER IS RESPONSIBLE FOR MAINTAINING AT ALL TIMES AN ADEQUATE BACK-UP OF CUSTOMER DATA.
11.4 Nothing in this Agreement is intended to exclude or limit in any way the liability of either party for death or personal injury resulting from such party’s negligence or its own fraud or fraudulent misrepresentation. The limitations set out in Section 11.1 and 11.2 shall not apply to any indemnification obligations of either Field Effect or Customer under this Agreement.
12. GENERAL
12.1 Assignment. Customer may not assign this Agreement, in whole or in part, without the prior written consent of Field Effect. Field Effect may, without the consent of Customer, assign any of its rights or delegate any of its duties under this Agreement if such assignment or delegation, or both, is to: (a) a FES Party. (b) a successor of Field Effect, by amalgamation or operation of law, (c) a purchaser of all or substantially all of Field Effect’s assets, or (d) a lender to Field Effect as collateral security. Upon the completion of a permitted assignment of rights and/or delegation of duties, obligations or liabilities by Field Effect under this Agreement, the assignee is deemed to be substituted for Field Effect as a party to this Agreement and Field Effect is released from all of its obligations and duties to perform under this Agreement. This Agreement shall bind and enure to the benefit of the parties and their respective successors and permitted assigns.
12.2 Notices. All notices and consents provided to Customer shall be given in writing and will be: (i) sent to the email address provided by Customer to Field Effect on an Order Form. All legal notices or other correspondence to Field Effect must be sent to legal@fieldeffect.com.
12.3 No waiver. No waiver of any provision of this Agreement shall bind a party unless consented to in writing by that party. No waiver of any provision of this Agreement shall be a waiver of any other provision, nor shall any waiver be a continuing waiver, unless otherwise expressly provided in the waiver.
12.4 Severability. If any provision of this Agreement is found by a court of competent jurisdiction to be invalid, illegal or unenforceable, the other provisions of this Agreement shall not be affected or impaired, and the offending provision shall automatically be modified to the least extent necessary in order to be valid, legal and enforceable.
12.5 Force Majeure. Field Effect will not be liable for any delay or failure to perform its obligations under this Agreement to the extent that the failure is caused by an Event of Force Majeure, provided that Field Effect provides notice to Customer and keeps Customer informed in such circumstances and reasonably endeavours to rectify the situation. “Event of Force Majeure” means any event beyond the reasonable control of Field Effect, including acts of God, labour issues (including disputes, walkouts and strikes), war (including civil war), acts of any state or government including promulgation of economic sanctions, acts of terrorism, fire, explosions, the elements, epidemics, pandemics, outbreak of disease or quarantine, blackout, embargo, or any delay or interruption in third party telecommunications services.
12.6 Entire Agreement. This Agreement (including the Privacy Policy) is the entire agreement between the parties with respect to the subject matter, and supersedes any and all other prior or contemporaneous discussions, negotiations, representations, agreements and understandings between the parties, whether written or oral, relating to the subject matter. In entering into this Agreement, neither party has relied on, and neither party will have any right or remedy based on any statement, representation or warranty, express or implied (including through course of dealing), except those expressly set out in this Agreement. The terms and conditions of any agreements (including purchase orders) supplied by Customer shall be void and not applicable.
12.7 Interpretation. The headings are for convenience of reference only and will not affect its construction or interpretation. The words “include” or “including” means “include without limitation” and “including without limitation,” respectively. In the event of any conflict or inconsistency between these Terms of Use and an Order Form, these Terms of Use will govern unless otherwise expressly provided for in writing in an Order Form.
12.8 No Partnership and Third-Party Beneficiaries. This Agreement shall not be construed to and does not create a relationship of agency, partnership, employment or joint venture. Nothing in this Agreement, express or implied, shall or is intended to confer on any other person, firm or enterprise, any rights, benefits, remedies, obligations or liabilities of this Agreement, other than the parties, their respective successors or permitted assigns.
12.9 Governing Law. If the Customer is located in Canada, this Agreement is governed by the laws of the Province of Ontario, Canada and the laws of Canada applicable therein, and the parties agree to submit exclusively to the jurisdiction of the courts in Ottawa, Ontario in respect of all matters arising out of or in connection with this Agreement. If the Customer is located in the United States, then the contracting entity is Field Effect Security, Inc. and this Agreement is governed by the laws of Delaware and the courts of the State of Delaware will have exclusive jurisdiction over all matters arising out of or in connection with this Agreement.
12.10 Language. The parties have requested that this Agreement and all correspondence and all documentation relating to this Agreement be written in the English language. Les parties aux présentes ont exigé que la présente entente, de même que toute la correspondance et la documentation relative à cette entente, soient rédigées en langue anglaise.
Field Effect Software Inc. Confidential
May 7, 2024 (v. 2.0)
SCHEDULE “A”
DATA SHARING AGREEMENT
CONTROLLER TO PROCESSOR
1. Definitions and interpretation
For purposes of this Schedule, the following definitions will apply.
“Data” shall mean the Personal Data, including any Special Personal Data, provided by Customer to the Service Provider pursuant to this Agreement or which is otherwise Processed by the Service Provider on behalf of Customer pursuant to this Agreement;
“Controller” shall have the meaning given to it in the Regulation;
“Data Subject” shall have the meaning given to it in the Regulation;
“Processor” shall have the meaning given to it in the Regulation;
“Personal Data” shall have the meaning given to it in the Regulation;
“Processing” shall have the meaning given to it in the Regulation;
“Regulation” means the regulations on the protection of natural persons with regard to the processing of personal data and on the free movement of such data known as the General Data Protection Regulation ((EU) 2016/679);
“Service Provider” means Field Effect Software Inc., whose registered office is at 207-825 Exhibition Way, Ottawa, Ontario, K1S 5J3 (Canada);
“Special Personal Data” shall mean the special categories of Personal Data as set out at Article 9(1) of the Regulation;
“Sub-Processor” means as set out at Clause 2.4.
2. Data protection
2.1. The parties acknowledge that Customer is a Controller and the Service Provider is a Processor in relation to the Data. The parties also acknowledge that, in relation to certain Processing of the Data, the Service Provider may also be a Controller and the Service Provider agrees, in relation to Data for which it is a Controller, to comply with its obligations under the Regulation.
2.2. To the extent not stated elsewhere in this Agreement, Exhibit 1 set outs the following information in relation to the Data:
- subject-matter of the Processing;
- duration of Processing;
- nature and purpose of the Processing;
- type of Data;
- categories of Data Subject; and
- processing instructions.
2.3. The Service Provider shall:
- Process the Data only on the documented instructions of Customer as set out in this Agreement and any changes agreed with Customer, to perform its obligations under this Agreement and ensure it takes steps to ensure that its personnel and those of its subcontractors only Process Data on instructions from Customer, unless required to do otherwise by applicable law. If the Service Provider is aware that or of the opinion that any instruction given by Customer breaches the Regulation or data protection law of any European Union Member State, the Service Provider shall inform Customer of this before processing, unless the law prohibits such information on important grounds of public interest;
- ensure that its personnel who are authorised to Process Data are under obligations of confidentiality;
- take the measures that are expressed to be obligations of the Processor in Article 32 of the Regulation in order to ensure the appropriate level of security for the Data;
- taking into account the nature of the Processing, assist Customer with its obligations to comply with Data Subjects’ requests and Data Subjects’ rights under Chapter III of the Regulation through the use of appropriate technical and organisational measures;
- taking into account the nature of processing and the information available to the Service Provider, assist Customer in ensuring compliance with Customer’s obligations in Articles 32-36 of the Regulation and in doing so shall (at no cost to Customer):
- promptly record and then refer all Data Subject Requests it receives to Customer within three days of receipt of the request;
- provide such information and cooperation and take such action as Customer reasonably requests in relation to each Data Subject Request, within the timescales reasonably required by Customer; and
- not respond to any Data Subject Request or Complaint without Customer’s prior written approval.
- provide such information, co-operation and other assistance to Customer as Customer reasonably requires (taking into account the nature of processing and the information available to the Service Provider) to ensure compliance with Customer’s obligations under Data Protection Laws, including with respect to:
- security of processing;
- data protection impact assessments (as such term is defined in Data Protection Laws);
- prior consultation with a Supervisory Authority regarding high risk processing; and
- any remedial action and/or notifications to be taken in response to any Personal Data Breach and/or Complaint, including (subject in each case to Customer’s prior written authorisation) regarding any notification of the Personal Data Breach to Supervisory Authorities and/or communication to any affected Data Subjects.
- at the written election of Customer, either:
- securely destroy the Data (including all copies of it); or
- return the Data (including all copies of it) to Customer in the format required by Customer which retains the integrity of the Data at any time upon request by Customer or promptly upon termination or expiry of this Agreement, unless the law requires storage of the Data, without prejudice to the right of the Service Provider to keep such information that may be useful to defend any court action as long as the applicable limitation period is not over;
- provide all information necessary to demonstrate the Service Provider’s compliance with this Clause 2 and allow Customer and its authorised representatives, upon reasonable prior written notice to the Service Provider, reasonable access during normal business hours to any relevant premises and documents to inspect the procedures and measures referred to in this Clause 2;
- not Process or transfer Data outside of the European Economic Area (or any country deemed adequate by the European Commission pursuant to Directive 95/46/EC or the Regulation) without putting in place adequate protection for the Data pursuant to Article 46 of the Regulation;
- at all times perform its obligations under this Agreement in such a manner as not to cause Customer in any way to be in breach of the Regulation; and
- perform its obligations under this Agreement (and any other agreement relating to the provision of the Services) in full compliance with the Regulation and all applicable guidelines, statutory orders, supplementary laws and codes of practice issued by relevant regulators pursuant to or in connection with the Regulation, including as may be issued by the Office of the Information Commissioner in the UK, data protection regulators of other European Union Member States or as may be issued by the European Commission or the Board (and “Board” shall have the meaning given at Article 68 the Regulation).
2.4. The Service Provider is authorised to appoint any third party, including consultant, sub-contractor, agent or professional adviser or other third party who may receive and/or have access to Data (“Sub-Processor“) provided that it informs Customer of any intended changes concerning the addition or replacement of any Sub-Processor, thereby giving Customer the opportunity to object to such changes.
2.5. In case of appointment of a Sub-Processor under Clause 2.4, the Service Provider shall put in place in writing with any Sub-Processor contractual obligations which are at least equivalent to the obligations imposed on the Service Provider pursuant to this Clause 2 including obligations which provide sufficient guarantees from the Sub-Processor that the processing meets the requirements of the Regulation. The Service Provider shall be liable to Customer for any failure of any such Sub-Processor to comply with such equivalent data protection obligations (including where the Service Provider is in breach of its obligation to put such obligations in writing with the Sub-Processor).
Exhibit 1
Data processing details
Subject-matter of processing:
cyber security monitoring of the Customer’s networks and systems.
Duration of the processing:
until expiry/termination of the Agreement, payment of all sums owed under the Agreement, settlement of all disputes under the Agreement and lapsing of any applicable limitation period; more specifically, while most Data will be erased upon the expiry/termination of the Agreement, the Data contained in the following media may be stored until the latest of the above:
- reports issued by the Service Provider under the Agreement;
- logins and diagnostics monitored under the Agreement.
Nature and purpose of the processing:
monitoring the Customer’s networks and systems for cyber security threats, vulnerabilities, and other information that could be used to compromise, degrade or otherwise negatively affect the Customer’s equipment, data and operations.
Type of Personal Data:
any Personal Data (identity, contact details, economic information, etc.) contained in the Customer’s networks and systems which is provided, transmitted, displayed or made available by or through the Service Provider’s managed cyber security monitoring service by Customer or Customer’s authorized users and which is necessary to perform the cyber security monitoring service; this may include Special Personal Data.
Categories of Data Subjects:
any individual (whether clients, employees, suppliers or others) whose Data is on Customer’s networks and systems.
Processing Instructions:
the Service Provider shall perform the services set out in the Agreement involving, a combination of network and endpoint sensor technology, processed by automated systems and augmented with human analysis as necessary.