HomeMy WebLinkAbout20-056 - DrackTrace - Network SecurityDocuSign Envelope D: 6746B755-0183-4FF6-B485-B1410B66DD40
20-056
Council Approval N/A
PRODUCTORDER FORM
Customer Name:
Shipping Address:
Invoice Address:
Attn:
Ernst
••• • ;,,'" '11"1,'''' • 'T I r Pr Pr ro go' 1,F14.11-910:/rril, Prill'orf 1,1f mismicir lininiirtic • IN/ ''rvy 7,1 rbr 4
City of "Tukwila
6300 Southcenter 8vd. 0202 Tulnvlia, WA 98188
6300 Southcenter 8tvd, 0202 Tukwila, WA 98138
City of Tukwila
Joseph.Todd@TuicwIlaWAgov
Product Order Form Ref: 32692-20200427-624065-5S
Date Prepared: 2020/05/04
Expiry Dee: 2020/05/08
;,gonvyq,e0s.,,,
cornprie
Medium Appliance -
Mena Network Swint
Milt -ANTI 1
eing 11 May 2020 (tommencerrient bete)
Installation Services
Standard Support Services Inclu Mg;
Threat intik**. lieporte (Quarterly)
2 tatJatiter, VIntral irtetrutter
41.
1301P--TVOT
included
t.ndc�lldltME
By signing this litrorluct Order Form Pot Order Form"), (taming 4 purchase order referencing this Product Order Font' or otherwise messing or using
the Offering, the CUIliarrmlei WO* of the Offering she be tuba to the barictrace Muter Ctletomer Agreement included In the Appliance, which osx alto
be found et; hreas:iiwww,derklrestortmeresourcesilegal-ortilnittenlmhd! r Agtelithenil,
The Applience(a) ere kr use with respect to th Custcm width throughput, number of COMMOCtild devices end connection. per minute
ea est out in the applicable Product Data Sheet (thkeliderictrececorntremates/contrect.detaiheete.tip), The Software le limited to one thoutimd *
hundred (1,600) Devices in use on the Customer netwodt (the Vevice Limit"). For the purposes of this calculation 4 'Devia4" is is unique IMernet Prot000l
ad**, (IP address), tied to e piece V equipment, apperetus, Cr instrument virtual or phyelcel; that le monitored, modelled end visible in the Threat
i
,
i yn*t tas Hi. 0. '
4
rat WrIqUU'S$*uthU,Dmstb$t$tt ec$t0e, r , , , , ttsnot
1 d, vat .
8
ACM Froduot M*m ,Es SI11h.ds terms gnew pdit.mso
Order Form end ths A *whom will be the b . Any in . .
r d s net bsos it of ths Amsmsnt In . , ,
, ,
executed totjsthe sh*fl onittuts ans and ths ssrn. agreement. Transmit'
tountemert of this Product , by PPP, JP esd o eh,
/
ri Csonsiderittion rev this we ores Appliellet svw theisnes gr.Ksn, i thi periviRteo to t icientny ne
Customer as s customer and to ute he Customer's mime connection wth propose* to pro play Customer's logo on
Derktrace's web sits, end (a) othervNee refer to Customer in print or electronic form solely for marketing or referenceptopteee, Including In it kint press
reletee(6), Customer ergo agrees to (d) particketain a csee study for the Fs/moose of marketing and promotion, (o)haft1418eem and Nilillic * 1*** of*
Derktrace seminar, dirtier, or roundtable event, (f) speak to 24 Otrictrece referred journalist per year, and (9) provide a reasonable number of reference
calla on demand,
Accepted By Customer
6:->fe6.14,e,
By:
Title; Mayor
Effective Date; 05/04/2020
Directorinitials
By:
TitI Financial Di rector
paw 5/28/2020
s—joittA4
Jones
Dettrace Limited, Maurice Wilkes Ittliding,3t Johns Innovation Park, Cowley Road, Cambridge C84 003, UK
Pselstesd Ne,: 9803562035„ VAT No, 08290 0399 03
(Of'po
DARK
INVOICE
To:
City of Tukwila
6300 Southcenter Blvd #202
Tukwila
WA
98118
USA
Darktrace Limited
Maurice Wilkes Building
St John's Innovation Park
Cowley Road
Cambridge
CB4 ODS
UK
Telephone: +44(0) 1223 394 100
Email: fingroup@darktrace.com
VAT Reg No: GB 290 0399 03
Invoice Details
Customer VAT Number:
Invoice No
100210
Invoice Date
31 May 2020
PO Number
Terms
30 Days
Reference
Payment Due
30 Jun 2020
Description
Unit Price Quantity Net Amt Tax % Tax Gross
Darktrace Enterprise Immune System
Invoiced annually in advance
11 May 2020 to 10 May 2021
Invoice 1 of 2
19,900.00
1.00
19,900.00
APPROVED
By Mike Marcum at 9:08 am, Jun 03„ 202
000.12.518.880.49.00
OK TO PAY
Mike MaKpae
APPROVAL
0.000 0.00 19,900.00
PLEASE NOTE: Please send payment electronically prior to the due date shown above to the bank
details provided below. If you wish to pay by cheque, please write our account
number on the back and post it to the below bank address.
Please remit to: -
Account Name: Darktrace Limited
Account No: 3301332479
Routing No: 121140399
Bank: Silicon Valley Bank
3003 Tasman Drive
Santa Clara
CA 95054
Total Net Amount
Total Tax Amount
Invoice Total USD 19,900.00
USD
USD
19,900.00
0.00
Registered in the UK; registered number 08562035; registered address: Maurice Wilkes Building, St John's Innovation Park, Cowley Road, Cambridge, CB4 ODS
DARK
DARKTRACE MASTER CUSTOMER AGREEMENT
IMPORTANT- READ CAREFULLY:
Please read the following legally binding Darktrace Master Customer Agreement ("Agreement") between Darktrace Limited
("Darktrace") and the person or entity that has been granted rights under this Agreement ("Customer") carefully. THIS
AGREEMENT WILL APPLY TO ANY QUOTE, PRODUCT ORDER FORM, ORDER ACKNOWLEDGEMENT, AND INVOICE, AND ANY SALE,
LICENCE, OR DELIVERY OF ANY APPLIANCES OR SERVICES BY DARKTRACE. By selecting the 'accept' option, installing or otherwise
accessing or using the Offering (as defined herein), Customer acknowledges that Customer has read, understands and agrees to
be bound by the terms and conditions of this Agreement. Where a reseller, service provider, consultant, contractor or other
permitted third party downloads, installs or otherwise uses the Appliance on Customer's behalf, such party will be deemed to
be Customer's agent and Customer will be deemed to have accepted all of the terms and conditions of this Agreement as if
Customer had directly downloaded, installed or used the Appliance.
If Customer does not agree with the terms and conditions of this Agreement, Customer is not authorised to install the Appliance
or otherwise use the Offering for any purpose whatsoever. If Customer returns the unused Appliance and all accompanying
items in their original condition and packaging within twenty-one (21) calendar days of delivery by Darktrace, together with proof
of purchase, Customer may receive a full refund of any Fees paid.
Darktrace and Customer may be collectively referred to as the "Parties" or individually as a "Party".
RECITALS
Whereas, Darktrace is the supplier of the Offering that is more fully described in the applicable quotation, ordering document,
or commercial terms schedule provided by Darktrace or its authorised reseller, as applicable, and accepted by Darktrace, which
identifies the Appliances and any Services ordered by Customer from Darktrace or its authorised reseller, as applicable, the term,
the respective quantities, the applicable fees, together with any other specifications or requirements and any other restrictions
(if any) ("Product Order Form").
Whereas, Customer is interested in using the Offering for its internal use and Darktrace has agreed to Customer's use of the
Offering on the terms of this Agreement.
Now therefore, in consideration of the mutual covenants and the payment of Fees described herein, the Parties agree as follows:
1. DEFINITIONS
Certain capitalised terms used but not defined herein are as set forth in Appendix 1 to this Agreement.
2. EVALUATIONS AND BETA TESTING
The following terms in this Clause 2 apply to a Darktrace proof of value or technical preview of the Offering.
2.1. If Darktrace permits Customer to conduct a proof of value of the Offering (the "Evaluation"), Customer shall be granted a non-
exclusive, non -transferable, non-sublicensable licence to use the Appliance free of charge for evaluation purposes only for a
maximum of four (4) weeks, or such other duration as specified by Darktrace in writing at its sole discretion (the "Evaluation
Period"). Except for the foregoing, Darktrace does not grant Customer any rights, implied or otherwise in or to the Offering
in respect of an Evaluation. Customer must keep the Appliance free from liens, will be responsible for any damage to such
Appliance during the Evaluation Period (reasonable wear and tear excepted) and will carry insurance coverage (all risks) in an
amount equal to the full replacement value of the Appliance. On the expiry of the Evaluation Period, and unless the Parties
agree to a subsequent purchase of the Offering, Customer shall return the Appliance to Darktrace securely and properly
packaged, with carriage (and insurance at Customer's option) and this Agreement will terminate.
2.2. If Darktrace provides Customer with a new product or new version of the Offering for technical preview or beta testing
purposes (a "Preview Product"), Customer may use the Preview Product for evaluation purposes, in a non -production test
environment only, for the period specified by Darktrace (the "Test Period"). Customer will test the Preview Product in
accordance with any conditions specified in the readme file for the software or any accompanying Documentation and will
gather and report test data, feedback, comments and suggestions to Darktrace. Customer's right to use the Preview Product
will terminate upon expiry of the Test Period. Darktrace does not warrant that it will release a commercial version of the
Preview Product, or that a commercial version will contain the same or similar features as the Preview Product.
V01.04.2020 MCA SHRINKWRAP 1
DARKT
c
2.3. Clause 9 and Clause 12 will not apply to Evaluations or Preview Products. APPLIANCES PROVIDED FOR THE PURPOSES OF
EVALUATION ("EVALUATION PRODUCTS") AND PREVIEW PRODUCTS ARE PROVIDED "AS IS" AND, TO THE MAXIMUM EXTENT
PERMITTED BY APPLICABLE LAW: (i) DARKTRACE MAKES NO WARRANTIES, CONDITIONS, REPRESENTATIONS OR
UNDERTAKINGS OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE WITH RELATION TO SUCH
EVALUATION PRODUCTS OR PREVIEW PRODUCTS; AND (ii) IN NO EVENT SHALL DARKTRACE BE LIABLE TO CUSTOMER OR TO
THOSE CLAIMING THROUGH CUSTOMER FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR SPECIAL DAMAGE OR
LOSS OF ANY KIND, OR ANY LOSS OF PROFITS, LOSS OF CONTRACTS, BUSINESS INTERRUPTIONS, LOSS OF OR CORRUPTION OF
INFORMATION OR DATA HOWEVER CAUSED AND WHETHER ARISING UNDER CONTRACT OR TORT (INCLUDING WITHOUT
LIMITATION NEGLIGENCE), EVEN IF DARKTRACE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
2.4. IF ANY LIMITATION, EXCLUSION, DISCLAIMER OR OTHER PROVISION CONTAINED IN CLAUSE 2.3 ABOVE IS HELD TO BE INVALID
FOR ANY REASON BY A COURT OF COMPETENT JURISDICTION AND DARKTRACE BECOMES LIABLE THEREBY FOR LOSS OR
DAMAGE THAT MAY LAWFULLY BE LIMITED, SUCH LIABILITY WHETHER IN CONTRACT, TORT OR OTHERWISE, SHALL NOT
EXCEED TEN THOUSAND POUNDS STERLING (£10,000).
3. OFFERING; ORDER PROCESS
3.1. Darktrace agrees to provide to Customer: (i) the number and type of Appliances; (ii) the Support Services; and (iii) the training
to be provided to Customer, if any, each as set out in the Product Order Form. The Product Order Form must be in writing and
reference this Agreement to be valid. The Product Order Form will be governed by this Agreement and any different or
additional terms presented with or in any communication, including but not limited to, Customer's purchase order, are
deemed null and void and of no effect unless the additional terms are agreed upon by the Parties in writing prior to acceptance
of that Product Order Form.
4. HARDWARE
4.1. Hardware Products. Excluding Evaluations and Preview Products, and subject to Clause 4.3, Darktrace, or its authorised
reseller, will sell to Customer, and Customer will purchase, the Hardware element of the Appliance in accordance with the
terms of this Agreement. Unless otherwise agreed in the Product Order Form, the cost of the Hardware is included in the
Fees. Customer acknowledges that, with respect to the Software that is delivered on Hardware, the Hardware is provided
solely as the medium for delivery and operation of the Software. Customer will be granted a licence to the Software on the
terms of Clause 5 below.
4.2. Delivery. Darktrace will use commercially reasonable efforts to ship the Appliance(s) on the agreed delivery dates (in partial
or full shipments); provided, however, that Darktrace will in no event be liable for any delay in delivery or for failure to give
notice of delay. Darktrace may withhold or delay shipment of any order if Customer is late in payment or is otherwise in
default under this Agreement. Darktrace will deliver the Hardware FCA (Incoterms 2010) to the agreed Sites. In the absence
of specific shipping instructions from Customer, Darktrace will ship by the method of its choice. Unless otherwise agreed,
Customer will pay and be exclusively liable for all costs associated with shipping and delivery including without limitation,
freight, shipping, customs charges and expenses, cost of special packaging or handling and insurance premiums incurred by
Darktrace in connection with the shipment of the Appliance(s) to Customer. Darktrace will identify itself in all documents
related to the shipment of the Appliance(s) as the exporter of record from the applicable jurisdiction of export, and Customer
(or its agent, as applicable) as the importer of record into the country of delivery.
4.3. Title to Hardware. Save where otherwise stated in the Product Order Form, title to the Hardware will remain with Darktrace
during the first twenty-four (24) month period of the Term. Following such initial twenty-four (24) month period and
provided Customer is current in all payment obligations to Darktrace, title in the Hardware will pass to Customer. Upon
termination for any reason during the first twenty-four (24) month period of the Term (or if the Term is less than twenty-
four (24) months in duration, on expiration of the Term), Customer shall return the Hardware to Darktrace, securely and
properly packaged, with carriage (and insurance at Customer's option) prepaid. During such initial twenty-four (24) month
period, Customer must (a) clearly designate the Hardware as Darktrace's property; (b) hold the Hardware on a fiduciary basis
as Darktrace's bailee; (c) store and use the Hardware in a proper manner in conditions which adequately protect and preserve
the Hardware; (d) insure the Hardware against all risks to its full replacement value; and (e) not sell, charge, pledge, mortgage
or otherwise dispose of the Hardware or any part of it or permit any lien to arise over the Hardware (or part thereof) and
keep the Hardware free from distress, execution and other legal process.
5. LICENCE GRANT FOR THE SOFTWARE AND RESTRICTIONS
5.1. Licence Grant for Software. In consideration of the Fees paid by Customer to Darktrace, and subject to the terms and
V01,04.2020 MCA SHRINKWRAP 2
��U�U�
��N�N�
conditions of this Agreement and the Product Order Form, Darktrace grants to Customer a non-exclusive, non -transferable,
non-sublicensable licence for the Term to: (i) install and use the Appliance on the Site(s) or an Outsource Provider's shp(s)fo/
Customer's orits Affiliate's internal business purposes (provided that neither Customer nor its Affiliates may use the Appliance
or the Services as a commercial product or for the benefit of an unaffiliated third party); (ii) make acommercially reasonable
number ofcopies nfthe Documentation; provided however, that Customer must reproduce and include all ofDarktrace'sand
its suppliers' copyright notices and proprietary legends on each such copy; and (iii) use Reports, and reproduce and distribute
such Reports, internally solely for Customer's urits Affiliate's own business purposes.
5.2. Licence Restrictions. All Software is licensed, not sold. The restrictions in this Agreement represent conditions of Customer's
licence. Unless otherwise specified in the Product Order Form or the Documentation, the Software is pre -installed on the
Hardware and Customer agrees to use the Software solely in conjunction with such Hardware and notseparately or apart from
the Hardware. Customer specifically agrees not to: (i) sub -licence, rent, sell, lease, distribute orotherwise transferthe Software
or any part thereof or use the Offering, or allow the Offering to be used, for timesharing orservice bureau purposes or
otherwise use or allow others to use for the benefit of any third party (otherthan Customer's Affiliates); (ii) attempt to reverse
engineer, decompile, disassemble, or attempt to derive the source code or underlying ideas or algorithms of the Software or
Third Party Software (other than the GPL Software) or any portion thereof, except as required to be permitted by applicable
law; (iii) modify, port translate, |ocaUse or create derivative works of the Software, the Third Party Software, the
Documentation or Reports (save as expressly permitted by Clause 5.1 above); (iv) use the Offering: (a) in violation of any law,
statute, ordinance or regulation applicable to Customer (including but not limited to the laws and regulations governing
publicity or privacy, export/import control, federal, state and local laws and regulations governing the use of network scanners
and related software in all jurisdictions in which systems are scanned or scanning is controlled, or anti -discrimination, in each
case that are applicable to[ustomer);or (b) negligently, intentionally or wilfully propagate any virus, worms, Trojan horses
or other programming routine intended to damage any system or data; (v) remove or modify any acknowledge me nts, credits
or legal notices contained on the Appliance orany part thereof; (vi) install or run on the Hardware on any software applications
other than the Software and Third Party Software installed by Darktrace on such Hardware; (vii) collect any information from
or through the Offering using any automated means (other than Darktrace approved APIs), including without limitation any
script, spider, "screen scraping," or "database scraping" application or gain or attempt to gain non -permitted access by any
means to any Darktrace computer system, network, or database; and (viii) file copyright or patent applications that include
the Offering orany portion thereof.
5.3. Affiliate Use. Darktrace acknowledges and agrees that the Offering may be used for the benefit ofCustomer Affiliates
incorporated onorbefore the Effective Date ofthe Product Order Form. Such Customer Affiliates will beentitled tnutilise
the Offering inthe same way asCustomer under the terms ofthis Agreement. Tothe extent that any such Customer Affiliate
utilises the Offering in accordance with this Clause 53 Customer (acting as agent and trustee of the relevant Customer
Affiliate) will be entitled to enforce any term of this Agreement and recover all losses suffered by such Customer Affiliate
pursuant to this Agreement as though Customer had suffered such loss itself, provided that in no event may Customer make
multiple recoveries inrespect ofthe same loss.
s.^. Ovtsowrce Provider. In the event that Customer contracts with any third party service provider(s) such as an ovtsouoer,
hosting' managed service, or collocation service provider or other information technology service provider for the
performance of information technology functions (each' an ^Outsource Provider"), Customer may permit such 0ursoune
Provider tnexercise all orany portion cfthe rights granted inClause 5.1above solely nnCustomer's orits Affiliates' behalf,
provided that, (i)the Outanurce Provider will only use oroperate the Offering for Customer's use subject to terms and
conditions that are consistent with the rights and limitations set out in this Agreement; and (ii) Customer will remain liable
for the acts and omissions nfthe OutsouoeProvider under this Agreement.
sa. Third Party Software/ Open Source Software. Customer acknowledges that the Software may contain orbeaccompanied by
cenainthind'partYhardvvaneandsoftwanepmductsorcomponents(^ThirdPartvPmducts^)indvdingOpen5ource3oftvvane.
Any Open Source Software provided to Customer as part of the Offering is copyrighted and is licensed to Customer under
the GPL/LGPL and other Open Source Software licences. Copies of, or references to, those licences may be set out in a Product
Order Form, the Third Party Product packaging or in a text file, installation file orfolder accompanying the Software. If
delivery of Open Source Software source code is required by the applicable licence, Customer may obtain the complete
corresponding Open Source Software source code for a period of three years after Darktrace's last shipment of the Software
bysending arequest to: Attn: Legal Department Open Source Software Request, Da,ktmceLimited, Maurice Wilkes Building,
Cowley Road, Cambridge CB4ODS,United Kingdom.
6. SERVICES
vozu4.zuznMCA s*mwnWnAp 3
DARKT
c
6.1. Installation. Darktrace will conduct its standard installation and test procedures to confirm completion of the installation of
the Appliance on Customer's or its Outsource Provider's site ("Installation Services").
6.2. Support Services. Darktrace will provide the Standard Support Services for the Term and any Support Service Options
specified in the Product Order Form (collectively, the "Support Services"). Darktrace's Support Services are further described
in the Support Services Data Sheet, which details Darktrace's Standard Support Services and Support Service Options, and
their respective eligibility requirements, service limitations and Customer responsibilities.
6.3. Call Home. Darktrace's Call Home feature is critical for certain Support Services. Darktrace will limit its access solely to the
extent relevant to Darktrace's provision of the Support Services, and such remote access will be subject to Customer's
reasonable policies and procedures provided to Darktrace in writing in advance. The Call Home connection remains within
Customer's complete control and is initiated by the onsite Appliance. It can be initiated and terminated at any time by
Customer.
6.4. DISCLAIMER. UNLESS EXPRESSLY AGREED, THE SERVICES DO NOT INCLUDE THE MONITORING, INTERPRETATION OR
CORRECTIVE ACTION WITH RESPECT TO ANY ALERTS GENERATED BY THE OFFERING. NO ADVICE, REPORT, OR INFORMATION,
WHETHER ORAL OR WRITTEN, OBTAINED BY CUSTOMER FROM DARKTRACE OR THROUGH OR FROM THE SERVICES SHALL
CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT. CUSTOMER UNDERSTANDSTHAT: (A) ANY OUTCOME
OF THE SERVICES INVOLVING SECURITY ASSESSMENT IS LIMITED TO A POINT -IN -TIME EXAMINATION OF CUSTOMER'S
SECURITY STATUS; AND (B) THE SERVICES DO NOT CONSTITUTE ANY FORM OF REPRESENTATION, WARRANTY OR
GUARANTEE THAT CUSTOMER'S SYSTEMS ARE SECURE FROM EVERY FORM OF ATTACK, EVEN IF FULLY IMPLEMENTED.
CUSTOMER UNDERSTANDS AND ACKNOWLEDGES THAT NOT ALL ANOMALIES / INTRUSIONS MAY BE REPORTED OR
PREVENTED.
7. FEES, PAYMENT AND TAXES
7.1. Fees. Fees are stated in the Product Order Form. No refunds will be made except as provided in Clause 9 and Clause 10.3
of this Agreement. Unless otherwise explicitly agreed in writing, fees are: (i) exclusive of sales and use taxes assessed by any
taxing authority in the jurisdiction(s) in which Customer is physically located and takes delivery of the Appliance or Services;
and (ii) exclusive of duties and shipping and handling fees, which unless otherwise agreed will be the responsibility of
Customer. Should Customer be required under any law or regulation of any governmental entity or authority outside of the
United Kingdom to withhold or deduct any portion of the payments due to Darktrace, then Customer will increase the sum
payable to Darktrace by the amount necessary to yield to Darktrace an amount equal to the sum Darktrace would have
received had no withholdings or deductions been made. Darktrace may also charge for hardware replacement costs not
provided under the Support Services.
7.2. Invoices and Payment. Unless otherwise stated in the Product Order Form, Customer will be invoiced the Fees from the
commencement date specified in the Product Order Form (the "Commencement Date"). Any other charges, such as out of
pocket expenses will be invoiced monthly in arrears. Invoicing will occur via email. Unless otherwise agreed in the Product
Order Form, Customer agrees to pay all undisputed amounts within thirty (30) days of Customer's receipt of the applicable
invoice by direct bank or wire transfer in accordance with the instructions on the invoice, and any bank charges assessed on
Customer by Customer's bank. UNLESS PAYMENTS ARE MADE BY BANK OR WIRE TRANSFER, THEY MUST BE MADE
ANNUALLY IN ADVANCE. Darktrace may suspend or cancel performance of open orders or Services if Customer fails to make
payments when due, reserving all other rights and remedies as may be provided by law. Darktrace may impose late charges
on overdue payments at a rate equal to two percent (2%) per annum above the official dealing rate of the Bank of England,
calculated from the date payment was due until the date payment is made, and all reasonable expenses incurred in collection,
including legal fees.
7.3. Lapsed Fees. If Customer has lapsed in the payment of Fees due hereunder, Darktrace may suspend the provision of
Services and prior to recommencement of the Services by Darktrace, Customer will be responsible for paying all fees
associated with the Offering from the date such Services were stopped through to the then -current date.
7.4. Clause 7 shall not apply where Customer has purchased the Offering through a Darktrace authorised reseller.
8. INTELLECTUAL PROPERTY; OWNERSHIP
8.1. Intellectual Property. Except as expressly set forth herein: (i) this Agreement does not grant either Party any rights, implied
or otherwise, to the other's Intellectual Property; and (ii) Darktrace, its suppliers and licensors, retain all right, title and
interest in and to the Offering, and the Documentation and all copies thereof, including all enhancements, error correction,
V01.04.2020 MCA SHRINKWRAP 4
new releases, updates, derivations, and modifications thereto (collectively, "Dadtrace |meUeouo| Property"). Customer
agrees to inform Darktrace promptly of any infringement or other improper action with respectuzDadktnaoeintellectual
Property that comes toCustomer's attention.
9. WARRANTIES
9.1. Hardware Warranty. Darktrace warrants to Customer that during the three (3) year period from the date of delivery of the
Appliance, the Hardware will perform materially in accordance with the applicable Datasheet.
9.2. Software Warranty. Darktrace warrants to Customer that during a period of ninety (90) days from the date of delivery of
the Appliance, the Software will perform materially in accordance with the applicable Datasheet.
o.» Services Warranty. Dadt,acewarrants toCustomer that all Services will beperformed with all reasonable care, skill and
diligence in accordance with generally recognised commercial practices and standards.
9.4 Exceptions. The warranties contained in Clause 9.1 and Clause 9.2 above will not apply if: (i) Customer's use of the Offering
isnot inaccordance with this Agreement; (ii) Customer fails tofollow Darktr ce'senvimnmenta|'ingaUaUon'opemtionor
maintenance instructions or procedures in the Documentation; (iii) the Appliance has been subject to Customer's (or its
agent's) abuse' negligence, improper storage, servicing oroperation (including without limitation use with incompatible
equipment), reasonable wear and tear excepted; (iv) the Appliance has been modified, repaired or improperly installed
other than by Darktn,ce or any contractor or subcontractor of Darktrace; (v) Customer (or its agent) has failed to
implement, or to allow Darktrace or its agents to implement, any corrections or modifications to the Appliance made
available toCustomer by Darktrace; or(vi) Customer (or its agent) has combined the Appliance with other software,
services, or products that are not provided by Darktrace or not otherwise specified in the Documentation, and, but for such
combination, the breach nfwarranty would have been avoided.
*s Remedies. If during the applicable warranty period contained in Clause 9.1 or Clause 9.2 above: (i) Darktrace is notified
promptly in writing upon discovery of an error in any of the Appliance, including a detailed description of such alleged error;
and (ii) Darktrace's inspections and tests determine that the Appliance contains an error and it is not subject toany nfthe
exceptions set out in Clause 9.4, then, as Da,ktmce's entire liability and Customer's sole remedy for such breach of
warranty, Darkt,ace will (at Darktoce's option and sole expense) correct, repair or replace the Appliance within a
reasonable time orprovide orauthorise arefund ofthe unused portion nf the Fees Customer has paid for the offering
following the return of the Appliance to Darktrace and the Agreement will terminate. Any items provided asreplacement
under the terms of the applicable warranty will be warranted for the remainder of such original warranty period. Da,ktece
will pay for, and will bear all risk of loss of or damage to, the return shipment of the Appliance to Darktrace and the shipment
nfrepaired o,replaced the Appliance toCustomer. Customer agrees toprovide prompt notice ofany failure under Clause
9.]and Darktracewill re -perform any Service that fails tomeet the warranted standard.
s.s DISCLAIMER. EXCEPT FOR THE EXPRESS WARRANTIES SET OUT IN THIS AGREEMENT, AND TOTHE FULLEST sxTsmT
PERMITTED BY LAVV, NEITHER DARKTRA[E NOR ANY OF ITS THIRD PARTY LICENSORS OR SUPPLIERS MAKE ANY
WARRANTIES, CONDITIONS, UNDERTAKINGS OR nEPnsSsmTxT|0w5 OF ANY KIND, EITHER EXPRESS OR IMPLIED,
STATUTORY OR OTHERWISE IN RELATION TO ANY SUBJECT MATTER OF THIS AGREEMENT, INCLUDING WITHOUT
LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A
PARTICULAR PURPOSE, NON -INFRINGEMENT OR ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE..
DARKTRACE DOES NOT WARRANT THAT THE OPERATION OF THE OFFERING WILL BE ERROR -FREE OR UNINTERRUPTED.
zu INTELLECTUAL PROPERTY RIGHTS INFRINGEMENT INDEMNITY
u\A.oarktraceindemnity. Darktrace will indemnify Customer, Customer's Affiliates, and their respective officers, directors, and
employees (and any successors and assigns of the foregoing) (collectively, the ^[ugona, |ndemnioees^) against all
liabilities, damages, and costs (including settlement costs and reasonable attorneys' fees) arising out of a third party claim
that the Software provided or made available by Darktrace under this Agreement , or its receipt, possessiono,usehyanv
Customer Indemnitee, infringes a European or U.S. patent, any copyright, or misappropriates any third party trade secrets.
The indemnification obligations of Darktqce will be subject to Customer: (i) notifying Dorktece in writing within twenty
(20) days of receiving notice of any threat or claim of such action; (ii) giving Darktrace exclusive control and authority over
the defence or settlement of such action (provided that: (A) any settlement will not entail an admission of fault or guilt by
any Customer Inclemnitee; and (B) the settlement includes, as an unconditional term, the claimant's or the plaintiff's release
of Customer Indemnitees from all liability in respect of the claim); (iii) not entering into any settlement or compromise of
any such action without Darktrace's prior written consent; and (iv) providing reasonable assistance requested by Darktrace
vnzxw.aozoMCA sxmmxwwxp 5
(DARKT
at Darktrace's expense. . Customer will be obliged to mitigate its losses insofar as is reasonable in the circumstances.
10.2. Exclusions. The obligations set out in Clause 10.1 do not apply to the extent that a third party claim is caused by, or results
from: (a) Customer's combination or use of the Software that is the subject of the claim with other software, services, or
products that are not provided or authorised by Darktrace in writing, if the claim would have been avoided by the non -
combined or independent use of the Software that is the subject of the claim; (b) modification of the Software that is the
subject of the claim by anyone other than Darktrace or any contractor or subcontractor of Darktrace, if the third party claim
would have been avoided by use of the unmodified Offering or other intellectual property that is the subject of the claim;
(c) Customer's continued allegedly infringing activity after being notified thereof and being provided with modifications
that would have avoided the alleged infringement (which in implementing such modifications, Darktrace will use
commercially reasonable efforts to have substantially preserve the utility and functionality of the Offering or other
intellectual property that is the subject of the claim); (d) Customer's use of the Software that is the subject of the claim in
a manner not in accordance with this Agreement or the Documentation; (e) use of other than Darktrace's most current
release of the Software that is the subject of the claim if the third party claim would have been avoided by use of the most
current release or revision release or revision.
10.3. Remedies. If Darktrace reasonably believes the Software infringes a third party's Intellectual Property Rights, then
Darktrace will, at its option and at no additional cost to Customer: (a) procure for Customer the right to continue to use the
Software; (b) replace the Software; or (c) modify the Software to avoid the alleged infringement. If none of the options in
the previous sentence are commercially reasonable, Darktrace may terminate the licence for the allegedly infringing
Software and refund a pro rata refund of the Fees paid by Customer from the date a third party claim arose for the allegedly
infringing Software to the then -current date, whereupon this Agreement will automatically terminate.
10.4. THIS CLAUSE 10 IS A COMPLETE STATEMENT OF THE CUSTOMER'S REMEDIES FOR THIRD PARTY CLAIMS FOR INFRINGEMENT
AS DESCRIBED IN CLAUSE 10.1.
11. CUSTOMER DATA; CUSTOMER UNDERTAKINGS AND INDEMNITY
11.1. Customer Data; Licence Grant. Customer will own all right, title and interest in and to the Customer Data and to the extent
such Customer Data is included in a Report, the actual content of such Report. For any Customer Data stored on the
Appliance, to the extent required to provide the Services, Customer grants to Darktrace a limited, and non-exclusive licence
to access and use the Customer Data only to the extent necessary for Darktrace to perform the Services. Customer agrees
Darktrace may utilise the details of any Alerts occurring in Customer's network and any connected data source to develop
the Offering on an anonymised basis and excluding any Customer Confidential Information.
11.2. Customer Security Obligations. In using the Offering or authorising its Outsource Provider and third parties to use it on
Customer's behalf, Customer (and not Darktrace) will be responsible for establishing, monitoring, and implementing
security practices to control the physical access to and use of the Offering and all Customer Data therein, including Personal
Data.
11.3. DATA DISCLAIMER; INDEMNITY. CUSTOMER IS SOLELY RESPONSIBLE FOR ITS USE OF THE OFFERING, THE ACTIVITIES OF ITS
USERS AND FOR THE ACCURACY, INTEGRITY, LEGALITY, RELIABILITY AND APPROPRIATENESS OF ALL CUSTOMER DATA.
CUSTOMER EXPRESSLY RECOGNISES THAT DARKTRACE DOES NOT CREATE OR ENDORSE ANY CUSTOMER DATA PROCESSED
BY OR USED IN CONJUNCTION WITH THE OFFERING. CUSTOMER FURTHER ACKNOWLEDGES THAT DARKTRACE AND ITS
AFFILIATES DO NOT PROVIDE BACKUP SERVICES FOR CUSTOMER DATA AND CUSTOMER UNDERTAKES THAT IT SHALL BE
SOLELY RESPONSIBLE FOR BACKUP OF ALL CUSTOMER DATA. Customer will, at Customer's own expense, indemnify, defend
and hold Darktrace, its Affiliates, and their respective officers, directors, and employees, ("Darktrace Indemnitees")
harmless from and against all liabilities, damages, and costs, including settlement costs and reasonable attorneys' fees,
incurred by reason of Darktrace's compliance with the instructions of Customer with respect to the ownership, custody,
processing or disposition of the Customer Data by Darktrace, as applicable.
12. LIMITATION OF LIABILITY
12.1. LIMITATION OF LIABILITY. SUBJECT TO THE REMAINDER OF THIS CLAUSE 12, EACH PARTY'S MAXIMUM LIABILITY TO THE
OTHER PARTY FOR ANY AND ALL CLAIMS, LOSS OR DAMAGE, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE),
BREACH OF STATUTORY DUTY, OR OTHERWISE, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT SHALL NOT
EXCEED, IN THE AGGREGATE, THE TOTAL AMOUNT OF ALL FEES PAID OR PAYABLE TO DARKTRACE FOR THE OFFERING
DURING THE THEN -APPLICABLE TERM, EXCEPT THAT IN RESPECT OF (I) CLAUSE 11.3 ("DATA DISCLAIMER; INDEMNITY")
AND CLAUSE 15 ("DATA PROTECTION") EACH PARTY'S LIABILITY TO THE OTHER FOR ALL SUCH BREACHES SHALL NOT
V01.04.2020 MCA SHRINKWRAP 6
.cEDARK
EXCEED, IN THE AGGREGATE , THE GREATER OF (A) THREE TIMES (3X) TOTAL FEES PAID OR PAYABLE TO DARKTRACE FOR
THE OFFERING DURING THE THEN -APPLICABLE TERM OR (B) TWO HUNDRED AND FIFTY THOUSAND POUNDS STERLING
(£250,000).
12.2. EXCLUSION OF CONSEQUENTIAL DAMAGES. SUBJECT TO CLAUSE 12.3 BELOW, NEITHER PARTY SHALL BE LIABLE TO THE
OTHER FOR ANY INDRECT OR CONSEQUENTIAL LOSS; OR ANY LOSS OF PROFITS; LOSS OF REVENUE OR BUSINESS; LOSS OF
GOODWILL OR REPUTATION; LOSS OF OR CORRUPTION OR DAMAGE TO DATA; LOSS OF MANAGEMENT TIME, HOWSOEVER
ARISING AND WHETHER OR NOT SUCH PARTY HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS, CORRUPTION OR
DAMAGE.
12.3. Exclusions from Limitation of Liability. Nothing in this Agreement will exclude or limit either Party's liability for: (i) for death
or personal injury due to negligence; (ii) fraud; (iii) breach of Clause 14 ("Confidentiality"); (iv) breach of Clause 5 ("Licence
Grant for the Software and Restrictions"), or (v) for any other matter in respect of which liability cannot lawfully be limited
or excluded.
13. TERM; TERMINATION
13.1. Term. This Agreement is effective from the Effective Date and will remain in force until: (i) expiry of the Evaluation Period
in accordance with Clause 2.1 above ; or (ii) the end of the term specified in a Product Order Form (as applicable the "Term").
In the event of extension or renewal of the Product Order Form, such extension or renewal shall be considered a new and
separate Term.
13.2. Expiration of the Term. Notwithstanding any provision of this Clause 13, Customer's right to use, and Customer's access
to, the Appliance will automatically terminate on expiry of the Term unless and until Customer renews or extends the Term
for the Appliance.
13.3. Termination for Breach. Either Party may terminate this Agreement if: (i) the other Party is in material breach of the
Agreement and fails to cure such breach within thirty (30) days after receipt of written notice; or (ii) the other Party ceases
its business operations or becomes subject to insolvency proceedings, which proceedings are not dismissed within thirty
(30) days.
13.4. Termination or Suspension by Darktrace. Without prejudice to any other right or remedy available to Darktrace:
13.4.1. Darktrace may restrict, suspend or terminate Customer's licence or use of the Offering without liability if a court or
other government authority issues an order prohibiting Darktrace from furnishing the Offering to Customer.
Customer's obligation to pay Fees during any period of suspension under this Clause 13.4.1 will also be suspended.
In the event the Offering is suspended pursuant to this Clause 13.4.1 then provided it is lawful to do so, Darktrace
will inform Customer of the reasons for the suspension and will work with Customer to resolve such issues and re-
instate the Offering.
13.4.2. Additionally, Darktrace may terminate, suspend or limit Customer's licence grant or use of the Offering without
liability if Darktrace provides Customer with written notice that it has a reasonable suspicion that Customer is using
the Offering: (i) in breach of Clause 5.1 or Clause 5.2; or (ii) in a manner that is otherwise unlawful, and in each case
Customer does not cure the condition identified in such notice within five (5) business days.
13.5. Effect of Termination. Upon termination or expiration of this Agreement:
13.5.1 the Term and all other rights and licences granted by one Party to the other, and any Services provided by
Darktrace to Customer, will cease immediately;
13.5.2 in the event that title to the Hardware has not transferred to Customer, Customer shall ensure all Customer Data is
removed from the Appliance and return the Appliance to Darktrace in accordance with Clause 4.3. If Customer wishes to
retain the Hardware, this will be chargeable at Darktrace's then -current list price. If Customer fails to return the Hardware,
Darktrace may invoice, and Customer will pay, for the Hardware at Darktrace's then -current list price. DARKTRACE WILL
NOT BE RESPONSIBLE FOR MAINTAINING OR PROTECTING ANY CONFIGURATION SETTINGS OR DATA FOUND ON THE
RETURNED HARDWARE OR COMPONENT PART OF THE HARDWARE AND IT IS CUSTOMER'S SOLE RESPONSIBILITY TO
DELETE ANY SUCH INFORMATION PRIOR TO RETURN;
13.5.3 if title to the Hardware has transferred to Customer pursuant to Clause 4.3, Customer must immediately
permanently delete the Software from the Hardware and certify erasure to Darktrace in writing or Darktrace will be
allowed (i) entry to the Site(s) as necessary to access the Appliance (on reasonable advance notice and subject to
V01.04.2020 MCA SHRINKWRAP 7
DARKT
C
Customer's applicable policies and procedures); or (ii) remote access to the Appliance, in each case in order to delete or
disable the Software from the Hardware; and;
13.5.4 all undisputed Fees owing to Darktrace at the date on which termination takes effect will become due and payable.
13.6. Survival. The following provisions will survive any termination of this Agreement: Clause 2 ("Evaluations and Beta
Testing")"; Clause 5 ("Licence Grant For the Software and Restrictions"); Clause 7 ("Fees, Payments and Taxes"); Clause 8
("Intellectual Property; Ownership"); Clause 9.6 ("Disclaimer"); Clause 10 ("Intellectual Property Rights Infringement
Indemnity"); Clause 11.3 ("Data Disclaimer; Indemnity"); Clause 12 ("Limitation of Liability"); Clause 13.5 ("Effect of
Termination"); Clause 13.6 ("Survival"); Clause 14 ("Confidentiality;"); Clause 15 ("Data Protection"); and Clause 16
("General Provisions").
14. CONFIDENTIALITY
14.1. Each party will treat the other party's Confidential Information as confidential. Confidential Information of one Party (the
"Disclosing Party") may only be used by the other Party (the "Receiving Party") for the purpose of fulfilling obligations or
exercising rights under this Agreement, and may only be shared with employees, agents or contractors of the Receiving
Party who have a need to know such information to support such purpose ("Representatives"). Each Party will procure
that any of its Representatives to whom Confidential Information is disclosed are bound by contractual obligations
equivalent to those in this Clause 14.1. Notwithstanding the foregoing, the Receiving Party shall remain liable for the acts
or omissions of its Representatives. Confidential Information will be protected using a reasonable degree of care to prevent
unauthorised use or disclosure for five (5) years from the date of receipt or (if longer) for such period as the information
remains confidential. These obligations do not cover information that: (i) was known or becomes known to the Receiving
Party on a non -confidential basis from a third party, provided that: (a) the Receiving Party has no knowledge that the third
party is subject to a confidentiality agreement with the Disclosing Party in respect of the information; and (b) such
information is not of a type or character that a reasonable person would have regarded it as confidential; (ii) is
independently developed by the Receiving Party without violating the Disclosing Party's rights; (iii) is or becomes publicly
known other than through disclosure by the Receiving Party or one if its Representatives in breach of this Agreement; (iv)
was lawfully in the possession of the Receiving Party before the information was disclosed by the Disclosing Party. A party
may disclose Confidential Information to the extent disclosure is required by law or a governmental agency provided that,
to the extent it is lawful to do so, the Receiving Party notifies the Disclosing Party of the request giving it reasonable
opportunity to respond, and cooperate with the Disclosing Party's reasonable, lawful efforts to resist, limit or delay
disclosure at the Disclosing Party's expense, and except for making such required disclosure, such information will
otherwise continue to be Confidential Information. On termination of the Agreement, each Party will promptly return or
destroy all Confidential Information of the other Party.
15. DATA PROTECTION
15.1. The Parties acknowledge that the Offering may be used to process Personal Data regulated by the Data Privacy Laws and the
Parties shall comply with the data processing requirements as set out in Appendix 2.
16. GENERAL PROVISIONS
16.1. Entire Agreement; Integration.
16.1.1. This Agreement, the appendices and any documents referenced herein, represent the entire agreement between
the Parties on the subject matter hereof and supersedes all prior discussions, agreements and understandings of
every kind and nature between the Parties and excludes, without limitation, any terms appearing on a purchase
order, invoice or other Customer paperwork or any other terms (in each case whether by way of conduct or
otherwise). No modification of this Agreement will be effective unless in writing and signed by both Parties. Each
Party acknowledges and agrees that, in connection with the Agreement, it has not been induced to enter into the
Agreement in reliance upon, and does not have any remedy in respect of, any representation or other promise of
any nature other than as expressly set out in this Agreement. Each Party signing this Agreement acknowledges that
it has had the opportunity to review this Agreement with legal counsel of its choice and there will be no
presumption that ambiguities will be construed or interpreted against the drafter.
16.1.2. Unless otherwise specifically agreed to in a writing signed by each of the Parties, in the event of any conflict or
inconsistency between this Agreement, an appendix hereto, any Product Order Form issued hereunder, and or any
document incorporated by reference, the order of precedence of the documents from highest to lowest is the
V01.04.2020 MCA SHRINKWRAP 8
Product Order Form, this Agreement, any appendix hereto and the documents incorporated by reference.
zaz. 5evembi|kv. The illegality or unenfooeabi|hyofany provision of this Agreement will not affect the validity and
enforceability ofany legal and enforceable provisions hereof.
zoa. FnoeK4aieure. Neither Party will be liable for any failure or delay in performing services or any other obligation under
this Agreement, nor for any damages suffered by the other or a Customer by reason of such failure or delay, which is,
indirectly ordirectly, caused by an event beyond such part/s reasonable control, riots, natural catastrophes, terrorist
acts' governmental intervention, refusal of licences by any government or other government agency, or other acts of god
(each'a"Force K4aieureEvent^)'and such non-pedbrmance'hindrance ordelay could not have been avoided bythe non-
performing Party through commercially reasonable precautions and cannot be overcome by the non -performing Party
through commercially reasonable substitute services, alternate sources, workarounds or other means. During the
continuation of a Force Majeure Event, the non -performing Party will use commercially reasonable efforts to overcome
the Force Majeure Event and, to the extent it is able, continue to perform its obligations under the Agreement.
16.*. Notices. Any notice will be delivered by hand or sent by recorded delivery, registered post or registered airmail and
satisfactory proof of such delivery must be retained by the sender. All notices will only become effective on actual receipt.
Any notices required to be given in writing to Darktrace or any questions concerning this Agreement should be addressed
to: Attn: Legal Department, Darktmce Limited' Maurice Wilkes Building, [n,v|ey Road, Cambridge Co4 0o5, United
Kingdom.
zos. Rights ofThird Parties. The provisions of this Agreement concerning restrictions on usage of the Offering and protection
of intellectual Property Rights are for the benefit of and may be enforced by each of Darktrace, any Darktrace Affiliate
and the Darktrace Inclemnitees. Except for the foregoing sentence, or as otherwise expressly set out in the Agreement,
this Agreement does not create any rights for any person who is not a party to it and no person who is not a party to this
Agreement may enforce any of its terms or rely on any exclusion or limitation contained herein.
16.6. Audit. Customer will permit Darktrace or an independent certified accountant appointed by Darktrace access, on written
notice, to Customer's premises and Customer's books of account and records at any time during normal business hours
for the purpose of inspecting, auditing, verifying or monitoring the manner and performance of Customer's obligations
under this Agreement. Darktrace will not be able to exercise this right more than twice in each calendar year.
zo�. Independent Contractors. The Parties are independent contractors. Nothing inthis Agreement will beconstrued tocreate
apartnership, joint venture, o,agency relationship between the Parties.
zox. Assignment. This Agreement may not be assigned by either Party without the written consent of the other Party.
Notwithstanding the foregoing, consent of the other Party will not be required for a transfer to an Affiliate of a Party or if
a Party undertakes an initial public offering, a sale of all or substantially all of its shares or assigns all or substantially all of
its business and assets to another entity that is not a direct competitor of the non -assigning Party. Any attempt to assign
this Agreement in violation of the foregoing will be null and void. This Agreement binds the Parties' their respective
Affiliates, successors and permitted assigns.
zo.% Governing Law. Any dispute or claim relating in any way to this Agreement will be governed by the Governing Law, and
adjudicated in the Governing Courts, as defined in the table below, and each Party consents tpthe exclusive jurisdiction
and venue thereof; save that (i)each party may enforce its o, its Affiliates' intellectual property rights in any court of
competent jurisdiction, including but not limited to equitable relief and (ii) Darktrace or its Affiliate may, bring suit for
payment in the country where the Customer Affiliate that placed the Product Order Form is located. Where arbitration
applies itshall beconducted inEnglish, under the Rules ofArbitration of the International Chamber ofCommerce (the
^|[[°)bvthree arbitrators inaccordance with Art lZnf said Rules. The award shall befinal and binding nnthe Parties.
Except to the extent entry of judgment and any subsequent enforcement may require disclosure, all matters relating to
the arbitration, including the award, shall be held in confidence. Customer and Darktrace agree that the United Nations
Convention on Contracts for the International Sale ofGoods will not apply.
Customer location (as stated in the
Product Order Form)
Governing Law
Governing Courts
United Kingdom
The laws nfEngland &Wales
The courts ofEngland &Wales
vnz.04.2ozoMCA s*mwxWnAp
9
DARK
United States of America
The laws of the state of
California
The state or Federal courts in San
Francisco, California
None of the above
The laws of England & Wales
Arbitration at the ICC in London
16.10. Export Restrictions. The Offering is for Customer's use and not for further commercialisation. Customer acknowledges
that the Offering may be classified and controlled as encryption items under the United Kingdom's Export Regulations
and other national regulations. Each Party will comply with all applicable laws regarding export -controlled items, and will
not export, re-export or import, directly or indirectly, any export -controlled items, or any direct product of them, nor
undertake any transaction hereunder in violation of any applicable export laws.
16.11. ITAR. Customer understands that employees of Darktrace and/or its suppliers may have access to native data to perform
the Support Services herein and represents that none of this data requires protection from access by foreign persons
because it contains technical information regarding defence articles or defence services within the meaning of the United
States International Traffic in Arms Regulations (22 CFR § 120) or technical data within the meaning of the United States
Export Administration Regulations (15 CFR §§ 730 - 774). If any of this data does contain any such information, Customer
will either lock down access to any such data and/or identify any folders containing such data as export -controlled
information and acknowledges that special service rates may apply thereto.
16.12. Government End -User Notice (applicable to United States government customers only). The Offering is commercial within
the meaning of the applicable civilian and military Federal acquisition regulations and any supplements thereto. If the
user of the Appliance is an agency, department, employee, or other entity of the United States Government, the use,
duplication, reproduction, release, modification, disclosure, or transfer of the Appliance, including technical data or
manuals, is governed by the terms, conditions and covenants contained in the Darktrace standard commercial licence
agreement, as contained herein.
16.13. Waiver. Each Party agrees that the failure of the other Party at any time to require performance by such Party of any of
the provisions herein will not operate as a waiver of the rights of such Party to request strict performance of the same or
like provisions, or any other provisions hereof, at a later time.
16.14. Headings. All headings used herein are for convenience of reference only and will not in any way affect the interpretation
of this Agreement.
16.15. Equitable Remedies. The Parties agree that with respect to a breach by a Party of Clauses 5, 8 or 14, monetary damages
may not be an adequate or sufficient remedy for a breach of this Agreement. Therefore, in addition to any applicable
monetary damages, a Party will also be entitled to apply for injunctive relief and other equitable relief to prevent breaches
of the Agreement, without proof of actual damage.
V01.04.2020 MCA SHRINKWRAP 10
Appendixz—mefinition
1. DEFINITIONS:
Defined Terms. Terms defined in this Appendix Iwill havethemeanings given below. Defined terms maybe used in the singular
o/plural depending nnthe context.
^Affi|iate"means any corporation orother business entity that directly or indirectly controls, is controlled by or is under
common control with a Party. Control means direct or indirect ownership of or other beneficial interest in fifty percent (50%)
or more of the voting stock, other vesting interest, or income of a corporation or other business entity;
"Alerts" means features of the Software that generates alerts of suspected malicious activity on a Customers network;
"Appliance(s)" means the Software, or Software combined with Hardware, as more fully described on the Product Order Form
"Call Home" means the secure and encrypted channel that connects the Appliance to Darktrace central management;
"Confidential Information" means any information' however conveyed or presented' that relates to the business, affairs,
operations, customers, suppliers, processes, budgets, pricing policies, product information, strategies, developments, trade
secrets, Intellectual Property, and know-how of Party, and any other information clearly designated by a Party as being
confidential to it(whether ornot it is marked "confidential"), and information that ought reasonably be considered to be
confidential, but inall circumstances excludes any Personal Data.
"Customer Data" means all data and information provided by Customer to, or accessible by, Darktrace under this Agreement
in connection with the performance of the Services (which may include information about network traffic on Customer's
network (metrics), log/metaclata collection, as well as the raw packet capture data from Customer's network);
"Datasheet" means the document providing the specification for the Hardware, Software or Services, as applicable and as
may beupdated byDarkt,axefrom time totime;
"Data PrivacV Laws" means the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive)
Regulations 2003, the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"), the California Consumer
Privacy Act of 2018 ("CCPA"), and laws of similar purpose or effect in any relevant jurisdiction, in each case as amended,
updated, re-enacted orreplaced from time totime;
^Documentation^means user manuals for the Appliance consisting ofthe applicable installation guides, Dat sheets;semice
descriptions, technical specifications andnn|inehe|p8ksprovidedbyDarktracecxavailableonDarktr ce'son|ineportaLas
may beupdated byDadktraefrom time mtime;
"Effective Date" means the Effective Date specified inthe Product Order Form;
"EU Model Clauses" means the standard contractual clauses forthe transfer of personal data to processors established in third
countries which do not ensure an adequate level of data protection under Directive 9$46/E[, pursuant to the European
Commission Decision of5February ZVzU;
"Fees"means all applicable fees asset out inthe Product Order Form;
"GPL Software" means third party software provided by Darktrace on the Hardware to support use of the Software that is
licensed directly to Customer and the relevant Customer Affiliates by the relevant rights holder on the terms of the version
included or provided with it of the GNU General Public Licence, GNU Lesser General Public Licence or other comparable
"Hardware" means any hardware device (including embedded firmware) shipped and installed as part of the Offering;
"Information Security Standards" means Darktr ce'sinfnrmationysuritycodeofcnnductasamendedfnontimetobmein
Dad¢race'asole discretion and available upon request;
"Intellectual Property" means patents, trademarks, service marks, rights (registered or unregistered) in any designs'
applications for any nfthe foregoing, trade or business names' copyright (including rights in computer software) and
topography rights, know-how and other proprietary knowledge and information, imemotdomain names, rights protecting
goodwill and reputation, database rights (including rights of extraction) and all rights and forms of protection of similar
nature to any of the foregoing or having equivalent effect anywhere in the world and all rights under licences and consents
in respect of any of the rights and forms of protection mentioned in this definition (and "Intellectual Property Rights" will be
construed accordingly);
vnz/w.onauMCA sxmmxWxxp zz
/ r
DARKT C
"Offering" means collectively the Appliance(s), Software, Services and the Documentation;
"Open Source Software" means third party software that Darktrace distributes with the Software pursuant to a licence that
requires, as a condition of use, modification or distribution of such software, that the software or other software combined
and/or distributed with it be: (i) disclosed or distributed in source code form; (ii) licensed for the purpose of making derivative
works; (iii) redistributable at no charge; or (iv) redistributable but subject to other limitations;
"Product Order Form" has the meaning set forth in the introductory paragraphs;
"Personal Data" means, generally, information relating to an identified or identifiable natural person, or other regulated
data types as defined by applicable Data Privacy Laws;
"Reports" means Threat Intelligence Reports as more fully described in the Support Services Data Sheet;
"Services" means the Darktrace Support Services, and any Installation Services, training or professional services which may be
provided by Darktrace as specified in the Product Order Form;
"Support Service Options" means the optional support services, if any, as specified in the Product Order Form and further
described in the Support Services Data Sheet;
"Site(s)" means the Customer's business location or its datacentre at the locations described in a Product Order Form;
"Software" means the Darktrace and the Third Party Software (in object code form) delivered to Customer as part of the
Offering or on a standalone basis, together with all enhancements, error corrections, and/or updates which are generally
made available by Darktrace as part of the Offering. The GPL Software does not form part of the Software and is licensed
to Customer and the Customer Affiliates directly on the terms of the applicable licences, provided that the GPL Software will
nevertheless be deemed to form part of the Software for the purposes of the Support Services, such that Darktrace will
support it as if it were part of the Software;
"Standard Support Services" means the standard support services provided by Darktrace as set out in the Darktrace Support
Services Data Sheet;
"Support Services Data Sheet" means the Documentation describing the terms of the Support Services.
"Third Party Licensors" means the suppliers of the Third Party Software to Darktrace; and
"Third Party Software" means: (i) any software or other technology that is licensed to Darktrace from Third Party Licensors for
the purpose of making the Offering available commercially; and (ii) Open Source Software.
1.2. Construction. In this Agreement (except where the context otherwise requires):
1.2.1. any reference to a clause or schedule is to the relevant clause or schedule of or to this Agreement and any reference
to a paragraph is to the relevant paragraph of the clause or schedule in which it appears;
1.2.2. the index and clause headings are included for convenience only and will not affect the interpretation of this Agreement;
1.2.3. use of the singular will include the plural and vice versa;
1.2.4. use of any gender will include any other gender;
1.2.5. any reference to persons includes natural persons, firms, partnerships, companies, corporations, associations,
organisations, governments, foundations and trust (in each case whether or not having separate legal personality);
1.2.6. any phrase introduced by the terms "including", "include", "in particular" or any similar expression will be construed as
illustrative and will not limit the sense of the words preceding those terms;
1.2.7. any reference to any other document is a reference to that other document as amended, varied, supplemented, or
novated (in each case, other than in breach of the provisions of this Agreement) at any time.
V01.04.2020 MCA SHRINKWRAP 12
�VODARKT
Appendix mData Protection Agreement
1. ocnwnnowS. For the purposes of this uw\ the u,nns defined in this Appendix shall have the meanings as set forth in the
Agreement. Any terms not specifically defined by this DPA or the Agreement shall have the meaning given by GDPR.
z SUBJECT MATTER oFTHE DATA PROCESSING AGREEMENT
2.1 This Data Processing xxeemen ("DPA") applies to the processing of Customer Personal Data under the Agreement.
2.2 Customer will be the Data Controller and Darktrace will be the Data Processor as defined under GDPR. Each Party agrees
that it shall comply with its obligations as a Data Controller and a Data Processor, respectively under the Data Privacy Laws
in exercising its rights and performing its obligations under this Agreement.
2.3 This opAi,anAppendix tothe Agreement.
3. mmmnE AND PURPOSE OrPROCESSING REGULATED DATA
3.1 The Data Processor shall process Personal Data inorder mprovide the Support Services aoset forth inthe Support
Serviesoa1ashe,t.
zz In the event that the Data Controller has purchased Antigena Email, the additional data protection provisions of the
xnigenaEmail Schedule shall apply and beincorporated into this opx.
4. TYPES AND CATEGORIES OF PERSONAL DATA
4.1 Categories of Data Subjects.
' Employees including volunteers, agents, temporary workers, independent contractors;
- contractors
Customer clients, prospects
' Suppliers, vendors
- Advisors, consultants and other professional experts
' Customer officers, directors
And any other categories ofData Subjects that may becontained inthe Data Controller's network.
^.z Types ofPersonal Data:
|padd,esses
Host names
File names
Email addresses
And any other types of Personal Data that may be contained in the Data Controller's network.
S. RIGHTS AND OBLIGATIONS opTHE CONTROLLER
5.1 The Data Controller hereby instructs the Data Processor totake such mero in the processing of Personal Data as are
reasonably necessary for the performance ofthe Data Processor's ob|igationsvnde,d`pxuneementandagreesthatsvch
instructions, comprising the terms of this DPA and the Agreement, constitute its full and complete instructions astvthe
means by which Personal Data shall be processed by the Data Processor.
a RIGHTS AND OBLIGATIONS oFTHE PROCESSOR
6.1 The Data Processor shall only process Personal Data inaccordance with the Data Controller's written instruction a,
specified herein and shall not use Personal Data except mdeliver the Offering and the Services as instructed by the
Agreement, unless such processing i,required bvlaw mwhich the Data Processor issubject, in which case the Data
Processor shall, to the extent permitted by law, inform the Data Controller of that legal requirement prior to carrying
out the applicable processing.
6.2 The Data Processor shall immediately inform the Data Controller if, in the Data Processor's reasonable opinion, an
instruction from the Data Controller infringes the Data Privacy Laws.
6.3 The Data Processor shall not transfer Personal Data outside the European Economic Area (,LEA") without the prior
written consent o[the Data Controller and not without procuring provision of adequate safeguards (as defined bythe
European Commission from time todme);
o.* In the event that the UK ceases to be a member of the European Union or ceases to be considered by the European
Commission to be an adequate country pursuant to Article 45 of GDPR, then the parties agree that Darktrace shall apply
the EU Model Clauses as set out at https://www.da rktrace.com/en/resou rces/legal -customer-model-cla uses. Of to any
relevant transfer n[data and such sUModel Clauses shall hedeemed incorporated from the date offirst transfer.
os The Data Processor shall take reasonable steps toensure the reliability ufits agents and employees who have access to
any Personal Data.
7. SECURITY
vo1u«.zozoMCA Sxmwxwnxp 13
E DARKT
c
7.1 Taking into account the nature, scope, context and purposes of processing, the Data Processor has implemented
and will maintain the administrative, physical, technical and organisational measures as described in the Darktrace
Information Security Policy to protect any Personal Data accessed or processed by it against unauthorised or unlawful
processing or accidental loss, destruction, damage or disclosure. The parties agree that for the purposes of the
processing hereunder, the measures contained within the Darktrace Information Security Policy are appropriate, given
the nature of the data to be processed and the harm that might result from such unauthorised or unlawful processing
or accidental loss, destruction, disclosure, access or damage.
8. PERSONAL DATA BREACH NOTIFICATION
8.1 In the event that the Data Processor suffers a Personal Data Breach, the Data Processor shall inform the Data Controller
within twenty-four (24) hours upon learning of the same and reasonably cooperate with the Data Controller to mitigate
the effects and to minimise any damage resulting therefrom. To the extent reasonably possible, the notification to the
Data Controller shall include: (i) a description of the nature of the incident, including where possible the categories and
approximate number of data subjects concerned and the categories and approximate number of Personal Data records
concerned; (ii) the name and contact details of the Data Processor's data protection officer or another contact point
where more information can be obtained; (iii) a description of the likely consequences of the incident; and (iv) a
description of the measures taken or proposed to be taken by the Data Processor to address the incident including,
where appropriate, measures to mitigate its possible adverse effects
9. SUBPROCESSORS
9.1 Save as expressly provided herein, the Data Processor will not use subprocessors for the processing of Personal Data.
For the purposes of providing Support Services alone: (i) The Data Controller hereby authorises the Data Processor to use
its affiliates specified in the Support Services Datasheet to process Personal Data (the "Affiliate Subprocessors"); (ii) The
Data Processor shall have in place with the Affiliate Subprocessors a written agreement equivalent to the terms contained
herein to protect Personal Data; and (iii) The EU Model Clauses shall apply to the extent the processing of Personal Data
by the Affiliate Subprocessors involves a transfer of Personal Data which originates in the EEA to a third country outside
of the EEA. For such purposes, the Data Controller hereby authorises the Data Processor to enter into the EU Model
Clauses with the Affiliate Subprocessors on the Data Controller's behalf.
9.2 Save for the foregoing, the Data Processor shall not engage any subprocessors without the prior written authorisation of
the Data Controller. In the event that the Data Controller authorises the use by the Data Processor of any other
Subprocessors, the Data Processor shall procure that such subprocessors enter into a written agreement containing
provisions no less stringent than this DPA.
9.3 The Data Processor shall be fully liable for any breach by the subprocessors of any data protection obligations set
out in this Clause.
10. ASSISTANCE WHEN HANDLING REQUESTS FROM DATA SUBJECTS
10.1 Taking into account the nature of processing and the information available to the Data Processor, the Data Processor will
provide reasonable support to the Data Controller: (i) in complying with any legally mandated request for access to or
correction of any Personal Data by a data subject under Chapter III GDPR (and where such request is submitted to the
Data Processor, the Data Processor will promptly notify the Data Controller of it); (ii) in responding to requests or
demands made to the Data Controller by any court or governmental authority responsible for enforcing privacy or data
protection laws; or (iii) in its preparation of a Data Protection Impact Assessment.
11. AUDIT
11.1
The Data Processor agrees to maintain ISO 27001 certification for the duration of the Term. The Data Processor will use
an external auditor to verify that its security measures meet ISO 27001 standards in accordance with the ISO certification
process. On the Data Controller's written request, and subject to appropriate confidentiality obligations, the Data
Processor will make available to the Data Controller: (i) a copy of the current certificate in relation to the ISO 27001
certification; and (ii) Information reasonably requested by the Data Controller in writing with regards to the Data
Processor's processing of Personal Data under this DPA. The Data Controller agrees to exercise any right it may have to
conduct an audit or inspection under GDPR (or the EU Model Clauses if they apply) by requesting the foregoing
information.
12. RETURN/DESTRUCTION OF PERSONAL DATA
12.1 Upon termination of the Agreement, the Data Processor shall delete or return all Personal Data in accordance with the
Data Controller's written instructions.
V01.04.2020 MCA SHRINKWRAP 14