These are the general terms and conditions of SecurityHive B.V., having its principal office located at Lange Kleiweg 14 (2288GK) in Rijswijk, the Netherlands and registered with the Dutch Chamber of Commerce under registration no. 73033502 (“SecurityHive”). These general terms and conditions including, without limitation, SecurityHive’s offer or quotation, constitute the entire agreement (“Agreement”) between you, as the authorized representative of the entity using de Software (“User”), or you, as an authorized end user of the Software (“Authorised User”)(collectively “the Client”) and SecurityHive.
The SecurityHive software is provided as a Software-as-a-Service solution (“Software”) enabling the Client to minimize the risks and damage of cyber security incidents, as further explained on www.securityhive.nl (“Website”). The Software is made available online to User on the Website or is provided to Authorised User pursuant a separate agreement (“Customer Agreement”) between the Authorised User and one of SecurityHive’s business partners (“Business Partner”). If Business Partner purchases a license for the Software on the Website, it is also considered as a User in these general terms and conditions.
These general terms and conditions do not affect any rights or obligations of the Authorised User pursuant to the Customer Agreement concluded with Business Partner.
SecurityHive may modify these general terms and conditions from time to time, subject to the terms set out these general terms and conditions.
Article 1.
License Scope
1.1.
These general terms and conditions apply to all Agreements entered into between the parties, even if – in the event of a future quotation or offer – these general terms and conditions are not made available to the Client again.
1.2.
The Agreement is concluded when the User purchases a license for the Software on the Website, or when the Authorised User is granted access to the Software by Business Partner.
1.3.
Provided the Client complies with the terms of the Agreement and/or the Customer Agreement, SecurityHive hereby grants the Client a limited right to use the Software. This license is non-exclusive and non-transferable.
1.4.
SecurityHive’s obligation to provide a license and the Client's right of use shall solely extend to the so-called object code of the Software. The Client’s right of use shall not extend to the source code of the Software. The Software source code and the technical documentation produced during the development of the Software shall not be made available to the Client under any circumstances.
1.5.
The Client is expressly not allowed to:
a. reverse engineer the source code of the Software or to decompile the Software, except to the extent permitted by mandatory law;
b. provide copies of the Software to third parties;
c. sublicense the Software or otherwise make available the Software to third parties (such third parties not being understood as the Authorized Users which the Business Partner appoints in accordance with the Customer Agreement), including by rental, lease, Software-as-a-Service models or otherwise;
d. modify the Software, except to the extent permitted by mandatory law;
e. remove indications of SecurityHive as copyright holder of the Software or to remove or render illegible any part thereof.
Article 2.
Account
2.1.
Before using the Software, the Client will need to login to an account. Login credentials for User’s account shall be provided to User via email. Authorised Users should contact SecurityHive’s Business Partner if they need access to the Software and do not yet have an account. In order to create an account, SecurityHive’s Business Partner will need certain personal information (such as your email address).
2.2.
The Client is responsible for keeping the login credentials secure. Accounts are personal and may not be used by multiple people. You are aware that the loss or leakage of your password may lead to unauthorized use of the Software. SecurityHive cannot be held liable for any damage caused by such unauthorized use.
2.3.
If your password is accidentally disclosed or otherwise becomes known to a third party, Users and/or Authorized Users shall immediately inform SecurityHive’s Business Partner, as well as SecurityHive, and take all measures to prevent misuse of the account. All actions undertaken from the account will be regarded as taking place under your responsibility and risk.
Article 3.
Terms of use
3.1.
The (online) documentation will provide recommended requirements for the hardware and software environment. The Client is solely responsible for its use of the Software, as well as any actions and decisions it takes on the basis of the alerts, advice, predictions, results, reports or other output generated by the Software. The Client is and remains at all times responsible for the verification of the alerts, advice, predictions, results, reports or other output generated by the Software. Upon request, SecurityHive can provide the Client with training sessions on usage of Software in relation to maintenance or to develop the skills in order to prevent and mitigate risks. SecurityHive may charge additional costs for these training sessions.
3.2.
Except as expressly provided otherwise by means of a separate written agreement, the Software and the documentation are provided without technical or other integration support and SecurityHive shall therefore not be responsible for: (i) integrating, connecting and/or configuring the Software with any (third-party) hardware and/or software of the Client, (ii) file or data conversions, (iii) maintenance or support for software and/or hardware not provided by SecurityHive, and/or (iv) file repairs.
3.3.
It is not permitted to use the Software for any purpose that violates applicable laws and regulations or rights of third parties. This includes - amongst other things - the storage or transmission of data using the Software that is slanderous, libelous or racist. In particular, it is not permitted to use the Software in a manner that causes a nuisance or hindrance for other users. This includes - amongst other things - the use of personal scripts or programs for up- or downloading large amounts of data or excessively often accessing the Software. The Software is intended to be used solely for business purposes and not for private purposes.
3.4.
If, in the opinion of SecurityHive, the continued functioning of the Software, the computer systems or network of SecurityHive or third parties is (potentially) under threat of being damaged or jeopardized, for example through excessive transmission of data, leaks of personal data or virus activity, SecurityHive may take all steps it deems reasonably necessary to end or avert such damage or jeopardy.
3.5.
SecurityHive is at all times entitled to file a criminal complaint for any offenses committed through or by using the Software. In addition, SecurityHive is entitled to supply Client’s name, address, IP-address and other identifying data to a third party alleging that Client violates its rights or these terms of use, provided that the applicable legal and/or judicial requirements for this have been met.
Article 4.
Intellectual property rights
4.1.
As used herein, “Intellectual Property Rights” means any and all intellectual property rights and related rights, including but not limited to copyrights (including future copy rights), database rights, domain name rights, trademark rights, brand rights, model rights, neighboring rights, patent rights and rights to know-how.
4.2.
SecurityHive and/or its licensors shall own and shall continue to own the Intellectual Property Rights subsisting in and/or arising in connection with the analyses, designs, documentation, look-and-feel, interfaces, lay-out, recommendations, reports, and/or the Software made available to the Client under the Agreement. Except as licensed to the Client under and in accordance with the terms of the Agreement, the Client shall not acquire any rights to those Intellectual Property Rights, whether pre-existing or created during the term of the Agreement. As a result, all improvements to the Software and any new Software developed to satisfy specific Client requirements or in response to suggestions provided by the Client shall belong exclusively to SecurityHive.
Article 5.
Availability and maintenance of the Software
5.1.
The Client accepts that the Software only contains the functionality and other characteristics as encountered by the Client in the Software at the moment of delivery ("as-is" and “as-available”), i.e. including all visible and invisible errors and defects. Consequently, SecurityHive does not guarantee that the Software will be free from disruptions or defects.
5.2.
The Client should immediately report any identified disruptions or defects to the helpdesk. SecurityHive will endeavour to correct such disruptions or defects as soon as possible. However, the time SecurityHive needs for this will depend on the nature of the disruptions or defects. SecurityHive is therefore unable to make any explicit commitments in this regard.
5.3.
SecurityHive will endeavor to keep the Software available as much as possible but cannot guarantee uninterrupted availability. SecurityHive makes no promises or guarantees as to security, availability and integrity of data (transfers) while making use of the Software, unless expressly agreed otherwise in writing.
5.4.
SecurityHive has the right to change the (functionality of the) Software. Feedback and suggestions from the Client are welcome, but SecurityHive itself makes the final decision on which changes it will or will not implement.
5.5.
SecurityHive actively maintains the Software. Maintenance causing impact to the availability of the Software will be, where possible, be carried out when use of the Software is averagely low. Emergency maintenance however can be carried out at any moment and without prior notice.
5.6.
SecurityHive shall release updates to the Software that address bugs or add new features. SecurityHive shall make such updates available to the Client as soon as practicable
Article 6.
Support
6.1.
The Client is requested to consult the online documentation regarding the Software via the Website before submitting a support request by e-mail or phone.
6.2.
If the online documentation does not facilitate a solution, the User may contact the SecurityHive helpdesk by e-mail or by phone. Availability and up-to-date contact details are available on the Website. SecurityHive endeavors to respond to helpdesk requests as soon as possible.
6.3.
Business Partner provides first line support to Authorised Users of the Platform. Where required, SecurityHive will provide second line support to the Business Partner's employees. If Business Partner is unable to provide support to Authorised Users, they may contact the SecurityHive helpdesk by e-mail or phone.
Article 7.
User Limits
7.1.
SecurityHive may impose a limit on the capacity the Client may or can use within the framework of the Software on a monthly basis. Examples include a maximum number of accounts or a maximum quantity of data storage or network traffic.
7.2.
If the usage limits are exceeded, SecurityHive may charge additional costs, or (after providing a written warning) limit the use of the Software to the permitted capacity.
7.3.
Any credit awarded to the Client cannot be transferred to a subsequent month, another agreement or another SecurityHive customer.
7.4.
If no limit has been set for the capacity, a fair use policy will apply to the Software concerned. This must be understood to mean that the Client may use a maximum of twice the capacity used by other SecurityHive customers under similar circumstances.
7.5.
SecurityHive is not liable for the consequences of the Software not functioning properly if the Client exceeds the applicable usage limit, whether or not based on fair use.
Article 8.
Liability
8.1.
SecurityHive and Business Partner have made agreements regarding liability for (the use of) the Software by Authorized Users. Authorized Users should contact Business Partner if they experience any problems using the Software. If the User has purchased a license for the Software directly from the Website, the following provisions of this article apply.
8.2.
Except in cases of intentional misconduct or deliberate recklessness and any other matter for which it is unlawful to limit or exclude liability, the liability of SecurityHive for attributable damages in connection with the (use of) the Software is limited to an amount equal the amount paid by the User under the Agreement in the three (3) months prior to the damage-causing incident occurred but shall in any event not exceed the amount of € 5,000 per year.
8.3.
SecurityHive's liability for consequential damage, consequential loss, lost profits, lost savings, loss of goodwill, damage through business interruptions, damage ensuing from claims by the User's customers, mutilation or loss of data, damage relating to the use of objects, damage relating to engagement of suppliers prescribed by the User, shall be excluded. The liability of SecurityHive due to the scrambling, destruction or loss of data or documents, as well as damage caused by an infringement by third parties to security of the User's systems through hacking or social engineering shall also be excluded.
8.4.
Except where performance by SecurityHive is permanently impossible, SecurityHive shall only be liable as a result of an attributable failure to perform the Agreement if the User gives SecurityHive immediate notice of default in writing, setting a reasonable term in which the breach can be remedied, and SecurityHive still attributably fails to meet its obligations after this period. The notice of default must contain as comprehensive and detailed a description of the breach as possible, in order to ensure that SecurityHive has the opportunity to respond adequately.
8.5.
SecurityHive shall not be responsible or liable for failure to deliver or comply with any provision of the Agreement if such non-performance is due to causes beyond its reasonable control such as, but not limited to, acts of God, government restriction, fire, floods or explosions, acts of terrorism, war, weather, power outages, Internet failures, telecommunication infrastructure failures, network attacks (including D(DoS) attacks), attacks by malware or other harmful software. In such event, the time for performance hereunder shall be extended by the period of time attributable to the delay.
Article 9.
Confidentiality
9.1.
Both parties shall refrain from disclosing or using for any other purpose than within the scope of the Agreement, any trade secrets and other information of the other party that has been designated as confidential or the confidential nature of which is known or can reasonably be deemed to be known by the other party.
9.2.
In addition, the parties accept the duty to observe strict secrecy with respect to all information regarding the activities and organization of the other party, except in as far as such information was already part of the public domain without any involvement of the other party.
Article 10.
Fees
10.1.
If the User has purchased a license for the Software directly from the Website, the following provisions of this article apply.
10.2.
Unless agreed upon differently through a written contract with SecurityHive, a license for the Software can only be obtained through the Website. Prices and payment details are specified on the Website and/or in the Software. Certain services are available for a limited period at no charge. After this period a full license with a well-defined period of validity is due. This will be indicated on the Website and/or in the Software.
10.3.
Prices are shown in the currency mentioned on the Website, and are shown exclusive of VAT, import duties and other government imposed taxes, duties and levies.
10.4.
SecurityHive will send an invoice for all amounts due and is entitled to invoice electronically. All invoices must be paid within 14 days of the invoice date. If the User fails to pay an invoice, or pay it in full, within the payment term, it will be in default by operation of law. In such case, SecurityHive is entitled (i) to charge the User the statutory interest for commercial transactions on the outstanding amount, and (ii) to suspend provision of all or part of the Software until the User has paid the outstanding amount in full.
10.5.
If the User continues to fail to pay an invoice following a demand for payment or a notice of default, SecurityHive will be entitled to refer the claim for collection. Any extrajudicial costs and legal expenses incurred by SecurityHive, including the costs of legal experts, lawyer's fees, bailiff costs and the costs of debt collection agencies, will in such a case be completely at the User’s expense.
10.6.
SecurityHive is authorised to adjust its rates on an annual basis on the basis of the CBS (“Centraal Bureau voor de Statistiek”) consumer price index (all households), series 2015=100, for January relative to January of the preceding year. In such case, the User is not entitled to terminate the Agreement, unless the price increase amounts to more than 5 percent.
Article 11.
Duration and termination
11.1.
If the User has purchased a license for the Software directly from the Website, the following provisions of this article apply.
11.2.
The Agreement is entered into for the (subscription) period stated on the Website or as stated elsewhere (hereinafter: “the Contract Period”). If the Contract Period is not stipulated, it shall be deemed to have been entered into for a Contract Period of one (1) month. Unless agreed to the contrary, the Agreement, in the absence of termination through the Software before the end of the Contract Period, shall always be tacitly extended by the same Contract Period. SecurityHive will send User a notice for the extension of licenses and payments that may be due in that regard.
11.3.
The Agreement terminates automatically and immediately in case the User enters into bankruptcy, the User applies for a suspension of payments, the assets of the User are seized, the User passes away, or in case the User enters into liquidation, legal dissolution or winding-up.
11.4.
After termination of the Agreement, regardless of the reason, User must cease all use of the Software. In addition, the User must remove all copies (including backup copies) of the Software from all computer systems under control of User.
Article 12.
User Data and privacy
12.1.
SecurityHive will make every effort to secure the Software against misuse and unauthorised access to any data stored by the User with the Software, or otherwise made available to SecurityHive by the User in the context of the Agreement (“User Data”).
12.2.
All rights to the User Data shall remain with the User. SecurityHive will only use the User Data to the extent necessary for the provision of the Software.
12.3.
If and in so far as the User Data consists of personal data within the meaning of the General Data Protection Regulation (‘GDPR’), User and SecurityHive shall enter into a data processing agreement before the Software is provided to the User. This is attached to the Agreement as an annex.
12.4.
If the Agreement is terminated, regardless of the reason for such termination, SecurityHive will destroy or delete the User Data as soon as possible.
Article 13.
Changes to the general terms and conditions
13.1.
If the User has purchased a license for the Software directly from the Website, the following provisions of this article apply.
13.2.
SecurityHive may update or modify these general terms and conditions from time to time, including any referenced policies and other documents. If a revision meaningfully reduces User’s rights, SecurityHive will use reasonable efforts to notify the User (by, for example, sending an e-mail to the billing or technical contact you designate in the applicable order, or in the Software itself) at least thirty (30) days before the updates or modifications become effective.
13.3.
If SecurityHive modifies these general terms and conditions during license term and/or subscription term, the modified version will be effective upon your next renewal of a license term, and/or subscription term, whichever applies. In this case, if User objects to the updated general terms and conditions, as your exclusive remedy, you may choose not to renew, including cancelling any terms set to auto-renew.
13.4.
With respect to Software, accepting the updated general terms and conditions is required for you to continue using that Software. You may be required to click through the updated general terms and conditions to show your acceptance. If you do not agree to the updated general terms and conditions after it becomes effective, you will no longer have a right to such Software. For the avoidance of doubt, any order is subject to the version of the general terms and conditions in effect at the time of the order. Changes to the general terms and conditions resulting from mandatory law may be implemented at any time without notification being required and without the User being entitled to terminate the Agreement.
Article 14.
Miscellaneous terms
14.1.
If the User has purchased a license for the Software directly from the Website, the following provisions of this article apply.
14.2.
Dutch law applies to the Agreement. Unless dictated otherwise by mandatory law, all disputes arising in connection with the Agreement shall be brought before the competent Dutch court for the principal place of business of SecurityHive.
14.3.
A finding that any particular provision of the Agreement is legally void or unenforceable shall not affect the validity of the entire Agreement. In such a case the parties shall determine a replacement provision that is legally valid and approximates the intent of the relevant provision as much as possible.
14.4.
The parties can only transfer the rights and obligations arising from the Agreement to a third party with the written permission of the other party. SecurityHive will, however, be authorised to transfer the Agreement, without User's prior permission or cooperation to a parent company, sister company or subsidiary, or to a third party in the event of a merger or acquisition. SecurityHive will inform User as soon as possible, in writing, after such a transfer has taken place.
Article 1.
General provisions
1.1.
When executing the Agreement, SecurityHive can process personal data on behalf of Client. Unless otherwise agreed, in such a case this Appendix shall serve as a (sub)processor agreement. If a separate (sub)processor's agreement is concluded between the parties, it shall take the place of this appendix.
1.2.
This Annex is inextricably linked to the General Terms and Conditions. All definitions from the general terms and conditions have the same meaning in this Appendix. The legal preconditions from the general terms and conditions (for example within the framework of liability) shall therefore apply in full. In the event of contradictions, the provisions of this Appendix shall prevail.
1.3.
If personal data is processed in the execution of the Agreement, Client must be considered a controller if it determines the purpose and means of the processing. SecurityHive should be considered a (sub)processor.
1.4.
The terms relating to the processing of personal data (including but not limited to personal data, data subject, processing, controller, processor and personal data breach) as used throughout this Data Processing Agreement will have the same meaning as laid down in the General Data Protection Regulation (hereinafter: “GDPR”).
Article 2.
Processing of personal data
2.1.
SecurityHive shall only process the personal data for the execution of the Agreement, plus those purposes that are reasonably related to it or determined with that further agreement of Client. SecurityHive is permitted to use the data in anonymized form for analysis and quality purposes.
2.2.
The purposes of the processing, as well as the categories of data subjects and the types of personal data processed in the provision of the Services, are further described in the Agreement.
2.3.
SecurityHive has no independent control over the purpose and means of processing personal data. SecurityHive does not take independent decisions on the receipt and use of the personal data, the disclosure to third parties and the duration of storage of personal data.
Article 3.
Obligations of parties
3.1.
The parties will each ensure compliance with the applicable laws and regulations regarding the protection of personal data, including in any case the GDPR.
3.2.
SecurityHive shall inform Client, upon Client's explicit request, of the measures it has taken regarding compliance with the obligations of this Annex.
3.3.
SecurityHive's obligations under this Annex also apply to persons processing personal data under the authority of SecurityHive, including employees in the broadest sense of the word.
3.4.
Client guarantees that the content, the use and the order to process the personal data are not unlawful and do not violate any right of third parties and indemnifies SecurityHive against all claims of third parties related to this.
3.5.
SecurityHive will support Client in performing a Data Protection Impact Assessment (hereinafter: “DPIA") or prior regulatory consultation, should this be required by law. The associated costs shall be borne by Client.
3.6.
SecurityHive shall promptly inform Client if, in SecurityHive's opinion, an instruction from Client violates the GDPR.
Article 4.
Transfer of personal data
4.1.
SecurityHive may process personal data in countries within the European Economic Area (hereinafter: "EEA"). Transfer to countries outside the EEA is also permitted, provided that the regulations of the GDPR are observed.
4.2.
SecurityHive will inform Client, upon Client's explicit request, of the country or countries in which personal data are processed.
Article 5.
Involvement of Subprocessors
5.1.
Client authorizes SecurityHive to involve the third parties (hereinafter “Subprocessors”) when processing personal data, in compliance with the GDPR and other applicable laws and regulations.
5.2.
If SecurityHive intends to engage a new sub-processor, it shall inform Client in writing. Client has the right to object to the engagement of new sub-processor(s) in writing with reasons within two (2) weeks after notification. If Client does not object within this period, it will be deemed to agree to the engagement of the new subprocessor(s).
5.3.
If Client objects to engaging a subprocessor, SecurityHive may not be able to (continue to) provide the services in full. In such a case, the parties will consult to find a suitable solution. If parties cannot find a solution, SecurityHive has the right to still engage the subprocessor and Client has the right to terminate the Agreement by and at the latest until the date on which the new subprocessor is engaged.
3.4.
Client guarantees that the content, the use and the order to process the personal data are not unlawful and do not violate any right of third parties and indemnifies SecurityHive against all claims of third parties related to this.
5.4.
SecurityHive shall ensure that sub-processors engaged take on the same or similar obligations as agreed between Client and SecurityHive in this Annex. In case of noncompliance with these obligations, SecurityHive itself shall be liable to Client as if it had committed the errors itself.
Article 6.
Security
6.1.
SecurityHive will take appropriate technical and organizational measures with regard to the processing of personal data to be carried out in order to protect them against loss or against any form of unlawful processing (such as unauthorized access, impairment, modification, or provision of personal data).
6.2.
Client only makes personal data available to SecurityHive if it has ensured that appropriate security measures have been taken.
6.3.
Although SecurityHive makes every effort to prevent loss or unlawful processing of personal data, SecurityHive cannot guarantee that the security measures taken are effective under all circumstances.
Article 7.
Personal data breaches
7.1.
Client is itself responsible for reporting a personal data breach (as referred to in Article 4 (12) of the GDPR, also called "personal data breach") to the relevant regulator and, in the case of a high risk, to the data subjects whose personal data has been leaked. In order to enable Client to comply with this legal obligation, SecurityHive shall notify Client without unreasonable delay in the event of a data breach.
7.2.
SecurityHive's obligation to report to Client includes in any case reporting the fact that there has been a data breach as well as, as far as known to SecurityHive, the information referred to in article 33 section 3 GDPR. If SecurityHive does not have all the information referred to in this article, it shall still collect it as soon as possible and make it available to Client.
7.3.
If required by law and regulations, SecurityHive will cooperate in informing the relevant supervisors and the persons concerned whose personal data has been leaked.
Article 8.
Rights of data subjects
8.1.
In the event that a data subject wishes to exercise one of his or her legal rights and addresses the request to SecurityHive, SecurityHive will forward this request to Client. Client will then take care of handling the request. SecurityHive may inform the data subject of the forwarding of the request.
8.2.
In the event that a data subject makes a request to exercise one of his or her legal rights to Client, SecurityHive shall, if Client so requests, provide reasonable cooperation if Client cannot handle the request independently. Any associated costs shall be borne by Client.
Article 9.
Confidentiality
9.1.
All personal data that SecurityHive receives from Client or that SecurityHive itself collects within the framework of the Agreement, is subject to a duty of confidentiality towards third parties.
9.2.
The confidentiality obligation referred to in the previous paragraph shall not apply to the extent that Client has given express consent to provide the personal data to third parties, if providing the personal data to third parties is necessary in the context of implementing the Agreement or this Annex, or if there is a legal obligation or court order to provide the personal data to a third party.
Article 10.
Audits
10.1.
Client shall have the right to have audits performed by an independent expert third party bound by secrecy to verify compliance with SecurityHive's obligations under this Annex. The costs for this, including the reasonable costs incurred by SecurityHive during the audit, shall be borne by Client.
10.2.
The audit referred to in the previous paragraph will only go ahead if Client has requested the possible similar audit reports already present at SecurityHive, assessed them and comes up with reasonable arguments that still justify an audit initiated by Client. An audit will be justified if the reports present at SecurityHive do not or insufficiently provide conclusive information about SecurityHive's compliance with this Annex.
10.3.
SecurityHive shall cooperate with the audit and provide all information reasonably relevant to the audit, including supporting data such as system logs, and employees as timely as possible and in any event within a reasonable period of time.
10.4.
The audit initiated by Client shall take place no earlier than at least two (2) weeks after announcement by Client. The parties will agree on the exact date and time of the audit.
10.5.
Client may audit SecurityHive no more than once per year unless there is a concrete and demonstrable suspicion of non-compliance by SecurityHive with the agreements in this Annex.
10.6.
The findings as a result of the audit conducted will be reviewed by the parties in mutual consultation and, as a result, may or may not be implemented by one of the parties or by the parties jointly.
Article 11.
Duration and termination
11.1.
In the event of termination of the Agreement, SecurityHive shall, without unreasonable delay, at the request and expense of Client, unless any legal obligation opposes this, return to Client the personal data of Client stored on the systems of SecurityHive, or delete them as soon as possible.