Sophos End-User Agreement for Software as a Service

Please read the following terms and conditions carefully. By clicking the “accept” option, downloading or installing the Software, paying for or using the Service, you accept that these terms and conditions will form a legally binding agreement (“Agreement”) between you and us. Please print or save a copy of this Agreement for your records.

If you do not agree with the terms and conditions below, please click the “do not accept” option and do not download or install the Software, pay for or use the Service. If you do not agree with these terms and conditions, you are not authorised to use the the Service for any purpose whatsoever.

If you are an employee, reseller, service provider, consultant, contractor or other party who is installing the Software or obtaining the Service on behalf of another person or organisation, you will be deemed to have accepted the terms and conditions of this Agreement on behalf of that person or organisation.

If you use any of our software, read our legally binding agreement between Sophos and all end users of Sophos software products. If you wish to view this information in other languages (English, German, French or Japanese) then visit this page to download a PDF.

DEFINITIONS

The terms below have the following meanings when used in this Agreement:

‘Agreement’ means these terms and conditions and the Schedule.

“Device” means a device, usually electronic, that processes data according to a set of instructions, which may include but not be limited to workstations, personal computers, laptops, netbooks, personal digital assistants, tablets, and smartphones.

‘Documentation’ means any documentation provided to you by us (whether electronic or printed) which accompanies the Service.

‘Fee’ means the fee payable for the Service.

‘Internal Business Purpose’ has the meaning described in Clause 3.2.1 below.

‘Maintenance’ means collectively Upgrades and/or Updates (where applicable), and standard technical support (or enhanced technical support if you have paid an additional Support Fee, as identified on the Schedule).

‘Schedule’ means the schedule provided to you by us which details the Service that you have ordered and which forms part of this Agreement.

‘Server’ means a Device upon which the Software is installed AND from which other Devices receive or retrieve data PROVIDED THAT a Device is not a Server where it is a single Device from which other Devices receive or retrieve data AND such data is solely generated by the Software.

‘Server Licence’ means the maximum number of Servers (if any) that are permitted under the Schedule to run the Software at any time.

‘Service’ means the service you have purchased (as listed in the Schedule), together with accompanying Software and Documentation.

‘Software’ means any program or data file supplied to you by us or our resellers, distributors or dealers, including without limitation Upgrades and Updates (if any), but excluding Third Party Software.

‘we’ and ‘us’ means Sophos Limited and/or its subsidiaries, and ”our” means belonging to, pertaining to, or engaged by us.

‘Start Date’ means the date that you purchase the Service.

‘Support Fee’ means the sums payable by you for enhanced support services, if applicable.

‘Term’ means the term of this Agreement, as described in Clause 3.1 below.

‘Third Party Licensor’ has the meaning described in Clause 9 below.

‘Third Party Software’ has the meaning described in Clause 9 below.

‘Update’ means an update to the library of rules and/or identities made available to you by us; and/or other updates to the software filters, including but not limited to an update to the IP address reputation libraries made available to you by us.

‘Upgrade’ means any enhancement or improvement to the functionality of the Service (excluding Updates) made available to you by us at our sole discretion from time to time, but excluding any software, services and/or updates marketed, licensed or sold by us as a new version or new release.

‘User’ means an employee, consultant or other individual who uses a Device which benefits from the Service.

‘User Licences’ means the maximum number of Users or Devices, as specified in the Schedule, that are permitted to benefit from the Service. Sophos Mobile Control as a Service is licensed on a per Device basis.

‘you’ means you as an individual and the company or organisation on behalf of which you are using the Service, and ”your” means belonging to, pertaining to, or engaged by you.

ORDERING PROCESS

1.1 We may offer free trials of the Service on a limited basis for a maximum of 30 days, commencing on the date that your application for a free trial is accepted by us. The Service is provided “AS IS” during the free trial period and Clauses 3.2 and 5 below do not apply. Before your free trial period expires, we may contact you and invite you to purchase the Service via one of our appointed resellers. By subscribing to the free trial, you expressly acknowledge and agree that we may pass the contact details that you have provided to such reseller. If you wish to continue to receive the Service, please contact the reseller to arrange payment. If you do not purchase the Service, this Agreement will terminate upon expiry of the free trial period and you must (i) cease to use the Service, (ii) delete all copies of the Software and Documentation, (iii) remove all Service settings from your Servers and Devices, and (iv) remove all of your custom settings, software and data from our network.

1.2 Once you have purchased the Service via the appointed reseller, we will send you a Schedule confirming the Service to which you have subscribed and the duration of your subscription. If no duration is specified in the Schedule, the default subscription shall be twelve (12) months from the date of purchase.

2. COPYRIGHT AND OWNERSHIP

2.1 The Service including without limitation all know-how, concepts, logic and specifications are proprietary products belonging to us and our licensors, and are protected throughout the world by copyright and other intellectual property rights.

2.2 No licence, right or interest in our logos or trademarks is granted to you under this Agreement and you agree not to remove any product identification or notices of proprietary restrictions.

2.3 You acknowledge and agree that the right, title and interest in any modifications made by you to the Service, as provided for below in this Agreement, is retained by us.

3. RIGHTS AND RESTRICTIONS

3.1 Term. This Agreement is effective from the date of acceptance and shall remain in force until terminated as provided in Clause 12 below (the “Term”). The terms and conditions relating to our liability, intellectual property and confidential information shall survive termination of this Agreement for any reason.

3.2 Rights. In return for your continued payment of the Fee when due, we grant you a non-exclusive right to use the Service for the duration of the Term, subject to the terms and conditions contained within this Agreement. You are permitted to:

3.2.1 use the Service for your internal business purpose, relating specifically to the security and integrity of your systems, networks, documents, emails and other data (“Internal Business Purpose”), provided that your actual usage does not exceed the number of User Licences and Server Licences purchased (as specified in the Schedule). If the number of Servers on which you have deployed the Service exceeds twenty-five percent (25%) of the number of User Licences, you must purchase a Server Licence for each Server;

3.2.2 IF YOU ARE AN EDUCATIONAL, HEALTH OR GOVERNMENT ENTITY, THE RESTRICTION ON THE NUMBER OF USERS IN CLAUSE 3.2.1 DOES NOT APPLY TO YOU. Instead, the number of Devices on which you may use the Service for your Internal Business Purpose must not exceed the number of User Licences.

3.2.3 except as provided in Clause 3.2.4 below, which relates only to the Documentation, make one copy of the Software or any part thereof for backup purposes provided that you reproduce our proprietary notices on any such backup copy of the Software. Such restriction shall not prevent you from backing up or archiving your data;

3.2.4 use, copy, reproduce, adapt and modify the Documentation for your Internal Business Purpose only; and/or

3.2.5 transfer your rights under this Agreement on a permanent basis to another person or entity, provided that (i) you transfer all copies of the Software and Documentation; (ii) you uninstall or decommission the Service as applicable; (iii) you provide us with full contact details for the recipient prior to transfer; and (iv) the recipient confirms to us in writing prior to the transfer that the recipient agrees to be bound by the terms and conditions of this Agreement.

3.3 Restrictions. You are not permitted to:

3.3.1 use the Service for the provision of any service for the benefit of third parties unless you first acquire an application service provider licence from us;

3.3.2 modify or translate any part of the Service except (i) as necessary to configure the Service using the menus, options and tools provided for such purposes and contained in the Software; and (ii) in relation to the Documentation, as necessary to produce and adapt manuals and/or other documentation for your Internal Business Purpose;

3.3.3 reverse engineer, disassemble or decompile the Software or any part of it, or otherwise attempt to derive or determine the source code or the logic in the Software, except to the extent and for the express purposes authorised by applicable law;

3.3.4 sub-licence, rent, sell, lease, distribute or otherwise transfer the Service (in whole or in part) except as permitted under this Agreement unless you obtain a separate licence from us for such purpose (for example, you may not embed the Service (in whole or in part) into another application and then distribute such application to third parties unless you first acquire an OEM licence from us);

3.3.5 use the Service for the purposes of competing with us, including without limitation competitive intelligence.

4. MAINTENANCE

4.1 In return for your continued payment of the Fee when due, you will be entitled to receive Maintenance during the Term.

4.2 If you require technical support, you should contact your appointed reseller in the first instance. Your reseller may refer technical support requests to us if they are unable to resolve them.

4.3 We reserve the right to limit the number of Users who may contact our technical support team.

5. WARRANTIES AND INDEMNITY

5.1 We warrant that for a period of ninety (90) days from the Start Date (the “Warranty Period”): (i) the Software will perform substantially in accordance with the Documentation, provided that it is operated in accordance with the Documentation on the designated operating system(s); and (ii) the Documentation adequately describes the operation of the Software in all material respects. If you notify us in writing of a breach of the warranty in this Clause 5.1 during the Warranty Period, our entire liability and your sole remedy shall be (at our option): (i) to correct or replace the Software and/or Documentation within a reasonable time; or (ii) to terminate the Service and provide or authorise a refund of the Fee. Any replacement Software or Documentation will be warranted for the remainder of the original Warranty Period.

5.2 We warrant that we will provide the Service during the Term with reasonable skill, care and diligence. If you notify us in writing of a breach of the warranty in this Clause 5.2, our entire liability and your sole remedy shall be (at our option): (i) to correct or re-perform the affected Service; or (ii) to terminate the affected Service and provide or authorise a pro rata refund of the Fee paid in advance for the affected Service which relates to the period after the date of termination.

5.3 We shall indemnify you on demand from and against any and all losses, claims, damages, costs, charges, expenses and liabilities which arise from any claim or proceeding alleging that your use, possession or distribution of the Software in the country where your head office is located, in accordance with the terms and conditions of this Agreement, infringes any third party patent, trademark or copyright in such country (provided that such country is a party to the World Intellectual Property Organization (WIPO) treaties on patents, trademarks and copyrights). You shall not be entitled to the benefit of this indemnity if:-

5.3.1 you fail to notify us in writing within ten (10) days of any claim being made or proceedings being issued against you; or

5.3.2 you do not, upon written request from us, immediately cease to use or distribute the Software on any such claim being made; or

5.3.3 you have, without our prior written consent, acknowledged the validity of the third party claim or proceedings or taken any action which might impair our ability to contest the claim or proceedings, in which case, we shall be entitled to terminate this Agreement immediately by providing written notice to you.

5.4 We shall have no liability to you if the alleged infringement arises due to:-

5.4.1 modification of the Software by anyone other than us; or

5.4.2 use of the Software with any hardware, software or other item not provided by us; or

5.4.3 use of the Software other than in accordance with the Documentation.

5.5 In the event of a claim under clause 5.3, we shall have:

5.5.1 the absolute discretion to decide whether or not to take or defend any proceedings in relation to the claim;

5.5.2 the right to require you to join in any proceedings (at our cost) if we consider it necessary or desirable;

5.5.3 the right to require your full co-operation (at our expense) in defending the claim;

5.5.4 the right to procure a licence so that your use, possession and distribution of the Software in accordance with the terms and conditions of this Agreement does not infringe any third party patents, trademarks or copyrights;

5.5.5 the right to modify the Software so that it no longer infringes a third party’s patents, trademarks or copyrights; and

5.5.6 the right to terminate this Agreement immediately upon written notice to you if we cannot obtain a licence or modify the Software as described in Clauses 5.5.4 and 5.5.5 in a manner which we consider commercially practical, and in such event we will provide a pro rata refund of the Fee paid by you (if any) for the affected Service which relates to the period after the date of termination;

and you agree that in any event you will mitigate your losses as far as possible.

5.6 Clauses 5.3, 5.4 and 5.5 set out your sole remedy and our entire liability in the event that the Software or Service infringes the patents, trademarks or copyrights or other intellectual property rights of any third party.

5.7 You acknowledge and agree that you are responsible for all content sent from your Devices or Servers to us and you warrant that your use of the Service is in accordance with all applicable laws and regulations. You agree to indemnify and hold us harmless from any claims and/or losses arising from (i) your content, (ii) your use of the Service, or (iii) your breach of this Clause 5.7.

6. DISCLAIMER OF WARRANTIES

6.1 Except for the express warranties for the Software and the performance of the Service contained in Clause 5 above, we and our third-party licensors, suppliers and other contributors of certain included software make no warranties, conditions, undertakings or representations of any kind, either express or implied, statutory or otherwise in relation to the Service or any Third Party Software, including without limitation any implied warranties or conditions of merchantability, satisfactory quality, fitness for a particular purpose, non-infringement or arising from course of dealing, usage or trade.

6.2 In addition to Clause 6.1, we do not warrant or represent that: (i) the Service will meet your requirements; (ii) the operation of the Service will be error free or uninterrupted (including without limitation due to network outages or third party failures and/or delays); (iii) defects in the Service will be corrected; (iv) the Service will detect and/or correctly identify and/or disinfect all threats, applications (whether malicious or otherwise) or other components; (v) you are entitled to block or delete any third party applications; (vi) you are entitled to encrypt, decrypt, block or delete any third party information.

6.3 Some states/jurisdictions do not allow the exclusion of implied warranties, so the above exclusions may not apply to you and you may have other legal rights that vary from state to state or by jurisdictions.

7. LIMITATION OF LIABILITY

7.1 You agree that you use the Service at your own risk. Subject to Clause 7.4 and to the maximum extent permitted by applicable law, in no event shall we or any of our third-party licensors, suppliers or contributors of certain included software be liable to you (or to those claiming through you) for any loss of profits, loss of contracts, business interruptions, loss or damage related to any Third Party Software, indirect loss or damage, consequential loss or damage, incidental loss or damage, special loss or damage of any kind however caused and whether arising under contract or tort (including without limitation negligence) or otherwise, even if we have been advised of the possibility of such damages.

7.2 In addition to Clause 7.1 but subject to Clause 7.4, you acknowledge and agree that you are solely responsible for the proper back-up of all data and that you shall take appropriate measures to protect your data. We (and our third-party licensors, suppliers or contributors of certain included software) do not assume any liability or responsibility whatsoever for the loss and/or corruption of data.

7.3 Save for our liability under Clause 5.3, Clause 7.4 and any liability which cannot be limited by applicable law, (i) we shall only be liable to you for direct losses, and (ii) in no event shall our aggregate liability arising out of or in connection with this Agreement (from all causes of action and theories of liability) exceed a sum equal to the amounts paid or payable by you for the affected Service during a period of twelve (12) months.

7.4 We do not limit our liability in relation to (i) fraud, or (ii) death or personal injury.

8. PRIVACY AND SECURITY

8.1 You acknowledge and agree that we may directly and remotely communicate with the Devices for the purposes of, without limitation, (i) verifying your credentials; (ii) issuing reports and alerts such as automated support requests and alert messages; (iii) providing Maintenance; (iv) applying policy and configuration changes to the Devices; and (v) extracting usage information, service performance information, and infection logs. Such communications may include but not be limited to SMS text messages and other push notifications.

8.2 You acknowledge and agree that it may be necessary for us to collect and process certain information relating to you and the individual Users in order to perform the Service, and that such information may include proprietary, confidential and/or personal data, including without limitation (i) names, email addresses, telephone numbers and other contact details; (ii) account usernames; (iii) IP addresses; (iv) usage information; (v) lists of all software, files, paths and applications installed on the Device, (vi) details of changes or attempted changes to executable files, pathnames and scripts, (vii) logs of websites visited; (viii) infection logs; and (ix) files suspected of being infected with malware. Certain Services may also (at your sole option) enable you to configure the Service to (i) track and log the geographic location of Devices; (ii) block access to Devices; (iii) delete the content of Devices; (iv) store text and email messages that were sent and/or received by Devices. Such information may also be stored on the Device itself and accordingly we recommend that you encrypt your Devices.

8.3 You acknowledge and agree that we, and our group companies, subcontractors and third party licensors, may also use certain information collected from you for our business purposes. Business purposes may include but shall not be limited to, product support, product development and enhancement, statistical analysis, billing and reporting.

8.4 In the case of personal data processed on your behalf for the performance of the Service, Sophos acts as a Data Processor. In the case of personal data used for our business purposes under Clause 8.3, Sophos Ltd is the Data Controller. The terms “Data Processor” and “Data Controller” shall have the meanings defined in the EU Directive 95/46 EC. In each case, we will process your personal data in accordance with the terms of this Agreement, the provisions of the EU Directive 95/46 EC, and our data protection policy which is available at http://www.sophos.com/en-us/legal/sophos-group-privacy-policy.aspx.

8.5 As a global organisation, our group companies, subcontractors and third party licensors may be located anywhere in the world. If we transfer or export any personal data to another country, we will provide appropriate protection for such personal data.

8.6 If you select “Enable Partner Access” in the Settings tab of your Sophos Cloud portal, you acknowledge and agree that your designated third party partner or service provider will be able to access and administer the Service on your behalf. If you do not enable such access, your designated third party partner or service provider will only see high-level reporting information such as Services purchased and current usage information. You may revoke such access at any time by changing the permissions in the Settings tab.

8.7 You warrant that you have obtained all necessary permissions and provided the necessary notifications to share the information described in this Clause 8 with us for the purposes described. You also acknowledge and agree that it may be necessary under applicable law to inform and/or obtain consent from individuals before you intercept, access, monitor, log, store, transfer, export, block access to, and/or delete their communications. You are solely responsible for compliance with such laws.

8.8 Each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of personal data or its accidental loss, destruction or damage.

8.9 You agree to indemnify and hold us harmless from and against any liability that arises in relation to your failure to comply with this Clause 8.

9. THIRD PARTY SOFTWARE

The Service may operate or interface with software or other technology which is not proprietary to us and is licensed to us by third parties (“Third Party Licensors”), but which we have the necessary rights to licence to you (“Third Party Software”). You agree that (i) you will use such Third Party Software in accordance with this Agreement, (ii) no Third Party Licensor makes any warranties, conditions, undertakings or representations of any kind, either express or implied, to you concerning such Third Party Software or the Service itself, (iii) no Third Party Licensor will have any obligation or liability to you as a result of this Agreement or your use of such Third Party Software, (iv) such Third Party Software may be licensed under licence terms which grant you additional rights or contain additional restrictions in relation to such materials, beyond those set forth in this Agreement, and such additional licence rights and restrictions are described or linked to within the applicable Documentation, the relevant Sophos webpage, or within the Service itself.

10. U.S. GOVERNMENT RESTRICTED RIGHTS

If you are an agency or other part of the U.S. Government, the Software and the Documentation are commercial computer software and commercial computer software documentation and their use, duplication and disclosure are subject to the terms of this Agreement per FAR 12.212 or DFARS 227.7202-3, as amended.

11. EXPORT CONTROL REQUIREMENTS

11.1 You hereby agree that (i) you will use, disclose and/or transport the Service in accordance with any applicable export control laws and regulations; (ii) you will not re-export or re-transfer the Service to any destination subject to restrictive sanctions, measures or trade embargoes implemented at a national, regional or international level without the appropriate authorization; (iii) you are solely responsible for fulfilling any applicable governmental requirements in connection with your use, disclosure and/or transport of the Service and relating to any transfer under Clause 3.2.5 above.

11.2 You agree to indemnify and hold us harmless from and against any claim, loss, liability or damage suffered or incurred by us resulting from or related to your breach of Clause 11.1.

12. TERMINATION

12.1 This Agreement and your rights under it will terminate immediately if: (i) you fail to pay or we are unable to collect the Fee in accordance with the agreed payment terms; or (ii) you fail to comply with any of the terms and conditions of this Agreement; or (iii) you take or suffer any action on account of debt or you become insolvent; or (iv) your subscription to the Service expires; or (v) we are advised by the appointed reseller that your subscription to the Service has been terminated.

12.2 In addition to our rights under Clause 12.1, we may suspend our performance of the Service immediately at any time if we reasonably believe that your use may represent a threat to the security of the Service.

12.3 On termination of this Agreement, you must (i) cease to use the Service, (ii) delete all copies of the Software and Documentation, (iii) remove all Service settings from your Servers and Devices, and (iv) remove all of your custom settings, software and data from our network. Within one month after the date of termination of this Agreement, you must supply written certification to us that you have complied with this requirement. On termination of this Agreement we may also (i) remotely disable the Service (including without limitation any Software that you have installed), and (ii) delete all of your custom settings, software and data from our systems.

12.4 All Fees paid or payable are non-refundable to the extent allowed by applicable law.

13. CONFIDENTIALITY

13.1 The Service may include confidential information that is secret and valuable to us and our licensors. You are not entitled to use or disclose that confidential information other than strictly in accordance with the terms and conditions of this Agreement. We reserve the right to disclose details of the Agreement to third parties for publicity and promotional purposes and:

13.1.1 You expressly give us permission to include and publish your name and logo on lists of our customers; and

13.1.2 You agree that we may send emails to you to provide information, goods and services to you, and to let you know about other goods and services in which you may be interested.

13.2 If you do not want to give us permission under Clause 13.1.1 and/or Clause 13.1.2, you may notify us at any time, specifying which permission is not granted.

14. GENERAL

14.1 Any reseller, distributor or dealer from whom you may have purchased the Service is not appointed or authorised by us as our servant or agent. No such person has any authority, either express or implied, to: (i) modify this Agreement; (ii) enter into any contract on our behalf; (iii) provide you with any representation, warranty or guarantee on our behalf; or (iv) otherwise bind us in any way whatsoever.

14.2 You agree to pay the Fee in full in accordance with our invoice, or the invoice from the appointed reseller (as applicable). Unless otherwise stated, the Fee is exclusive of all taxes and duties. You agree to pay such taxes and duties, or where applicable to provide a suitable exemption certificate. Invoices may provide for interest to be paid on any sums not paid by the due date.

14.3 You agree that we may audit your actual number of Users, Devices and/or Servers remotely, at any time, in order to verify your payment of all applicable Fees. In addition, but not more than once in each calendar year, we (or our independent certified accountant) may access your premises and records on prior written notice and during normal business hours, for the purpose of auditing your compliance with the terms and conditions of this Agreement, including without limitation your payment of all applicable Fees. If a remote or physical audit reveals that you have underpaid Fees, we will invoice you for an amount equal to the shortfall between the Fees due and those actually paid by you. You agree to pay us for such shortfall within 30 days of the date of invoice. If the amount of the shortfall exceeds 5% of the Fees due, or the audit reveals that you have breached any of the terms and conditions of this Agreement, then without prejudice to our other rights and remedies, you agree that you will also pay our reasonable costs of conducting the audit.

14.4 You agree that we may, at our sole discretion, assign, transfer or subcontract any of our rights or obligations under this Agreement to any of our subsidiaries and other group companies, resellers, distributors or dealers.

14.5 We may amend the terms and conditions of this Agreement at any time by reasonable notice, including without limitation by posting revised terms and conditions on our website at the URL http://www.sophos.com/legal/. You agree that the amended terms and conditions shall be binding upon you.

14.6 Our failure to enforce any particular term of this Agreement shall not be deemed a waiver of any of our rights under it.

14.7 The illegality, invalidity or unenforceability of any part of this Agreement will not affect the legality, validity or enforceability of the remainder of the Agreement.

14.8 If you have signed a separate written agreement with us covering the use of the Service, the terms and conditions of such signed agreement shall take precedence over any conflicting terms and conditions of this Agreement. Otherwise, this Agreement constitutes the entire agreement between you and us in relation to the Service and supersedes any other oral or written communications, agreements or representations with respect to the Service, save for any oral or written communications, agreements or representations made fraudulently.

14.9 If there are any inconsistencies between the English language version of this Agreement and any translated version, then the English language version shall prevail.

14.10 A person who is not a party to this Agreement has no right to enforce any term of this Agreement under applicable legislation, and the parties to this Agreement do not intend that any third party rights are created by this Agreement.

14.11 In the event that your head office is located in:

THE UNITED STATES OF AMERICA, CANADA, OR LATIN AMERICA, this Agreement shall be governed by and construed in accordance with the laws of the Commonwealth of Massachusetts and the courts of the Commonwealth of Massachusetts shall have non-exclusive jurisdiction to determine any disputes, which may arise out of, under, or in connection with this Agreement; and

ANY OTHER LOCATION, this Agreement shall be governed by and construed in accordance with the laws of England and Wales and the courts of England and Wales shall have non-exclusive jurisdiction to determine any disputes, which may arise out of, under, or in connection with this Agreement.

Any notices for us or any questions concerning this Agreement should be addressed to: The Company Secretary, Sophos Limited, The Pentagon, Abingdon, OX14 3YP, United Kingdom.