Sophos Partner Agreement
ONLY AN AUTHORIZED OFFICER CAN CLICK ‘ACCEPT’ ON BEHALF OF THE PARTNER. ACCEPTANCE: BY SUBMITTING THE SOPHOS PARTNER APPLICATION, PARTICIPATING IN THE SOPHOS PARTNER PROGRAM, REQUESTING A QUOTE OR PLACING AN ORDER FOR THE PRODUCTS, OR BY CLICKING THE ‘ACCEPT’ OR SIMILAR OPTION IN THE REGISTRATION PROCESS, YOU AND ANY COMPANY OR ENTITY THAT YOU ARE ACTING FOR AGREE TO BE BOUND BY AND ACCEPT THESE SOPHOS PARTNER (RESELLER) TERMS & CONDITIONS (THIS “PARTNER AGREEMENT” OR THE “AGREEMENT”). THE PARTNER WARRANTS THAT IT HAS FULL CORPORATE POWER ANDAUTHORITY TO ENTER INTO THIS AGREEMENTAND DO ALLTHINGS NECESSARY IN THE PERFORMANCE OF THIS AGREEMENT. WHEN YOU HAVE ACCEPTED THESE TERMS AND YOU HAVE BEEN APPROVED AS A PARTNER IN THE SOPHOS PARTNER PROGRAM, YOU WILL BE A SOPHOS PARTNER.
No order will be accepted by Sophos or Secureworks (as defined below) unless you accept this Agreement and have been accepted as Partner in the Sophos Partner Program. This Agreement supersedes all prior versions of partner agreements between Partner and Sophos, including previous versions of the Sophos Partner (Reseller) Terms and Conditions and all prior versions of partner agreements between Partner and Secureworks.
If you do not agree with any of the terms or conditions of this Agreement, no agreement is formed between you and Sophos or Secureworks and (i) you will not have the status of a Sophos Partner and (ii) you may not sell the Products for any purpose.
1 DEFINITIONS
In these terms and conditions:
“Affiliate” means an entity that controls, is controlled by, or is under common control, directly or indirectly, with such party. For the purposes of this definition, “control” means the beneficial ownership of more than fifty percent (50%) of the voting power or equity in an entity.
"Agreement" means this Partner Agreement, as supplemented by the applicable Commercial Terms, which together govern all orders by Partner.
"Applicable Law(s)" means, with respect to each party, all laws and regulations, judgments, or any provisions of the same nature, including general principles of common and civil law, which are legally binding on such party with respect to its business and operation, and the performance of its rights and obligations under the Agreement. Applicable Laws include (but are not limited to) the Data Protection Laws and Regulations, the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act, the UK Modern Slavery Act 2015.
"Commercial Terms" means the commercial stipulations applicable to the Partner Program as updated from time to time, as may be provided by Sophos or as may appear on the Partner Portal. The Commercial Terms include the Price List for the Products and any applicable discounts.
"Confidential Information" means any non-public, confidential, or proprietary information of the disclosing party that is clearly marked confidential or reasonably should be assumed to be confidential given the nature of the information and the circumstances of disclosure, including any pricing, Products, know-how or trade secrets of Sophos, as well as the account information and credentials provided to Partner and Customer to access and use the Products.
“Customer” means an unaffiliated, third-party end user customer of the Partner to whom the Products are sold and who is a party to the Sophos ToU for Sophos Products and/or Secureworks CRA for Secureworks Products.
“Data Protection Laws and Regulations” means all laws and regulations applicable to the Processing of Personal Data under the Agreement (as modified from time to time), including where applicable laws in the EEA, the United Kingdom, Switzerland and the United States (including, but not limited to, the CCPA) and its respective states, and equivalent data protection laws and regulations.
"Discount" means the percentage off the current Price List as stated in the Commercial Terms or such quote that Sophos may provide.
"Distributor" means a third-party distributor authorized to distribute the Products in the Territory.
“Documentation” means any technical specifications, online help content, user manuals, or similar materials pertaining to the implementation, operation, access, and use of the Products that are made available by Sophos, as may be revised by Sophos from time to time.
“Hardware” means any appliance or physical computing components (whether new or refurbished, and whether or not subject to payment of a fee) supplied and licensed by Sophos on which Sophos software operates, and any related components or peripherals (including power cords, fans, power supply modules, drives, carries, ship kits, and rack mount kits) listed in the Price List.
“Partner” means the entity that accepts the terms of this Agreement and has been accepted by Sophos as a participant in the Sophos Partner Program.
“Partner Portal” means the website for the Partner Program at https://partnerportal.sophos.com (or such other URL as Sophos may advise from time to time).
"Partner Program” means the program provided by Sophos for its partners, as amended by Sophos from time to time.
“Personal Data” means any information relating to an identified or identifiable individual that is otherwise defined as “personal data,” “personal information” or “personally identifiable information” under applicable Data Protection Laws and Regulations.
"Price List" means the then current published Products’ price list applicable to the Territory, as posted by Sophos on the Partner Portal and amended by Sophos from time to time.
"Product Description" means the description of the features and functionalities of the Products as supplied by Sophos to the Partner from time to time.
"Products" means the Hardware, Software and/or Services of Sophos or Secureworks, as listed in the Price List or described in a statement of work for professional services, together with the Product Documentation and any of the Upgrades and Updates that Customer is authorized to access and use (i) in accordance with Sophos's ToU in the case of the Sophos Products and (ii) in accordance with the Secureworks CRA in the case of the Secureworks Products.
“Sanctions and Export Control Laws” means any law, regulation, statute, prohibition, or similar measure applicable to the Products and/or to either party relating to the adoption, application, implementation and enforcement of economic sanctions, export controls, trade embargoes or any other restrictive measures, including but not limited to those administered and enforced by the European Union, the United Kingdom, and the United States, each of which shall be considered Applicable Law with respect to the party it applies to.
“Secureworks” means the Secureworks entity, which is part of the Sophos group of companies, contracting with Partner, as indicated in a quote issued to Partner by Secureworks.
“Secureworks CRA” means Secureworks’ then-current Customer Relationship Agreement for Indirect Purchases as at the time of the Customer’s purchase of, or subscription to, the Products, (at https://www.secureworks.com/eula, or such other link communicated by Sophos), governing Customer’s use of the Secureworks Products: including the Secureworks Service Descriptions, the Secureworks Data Processing Addendum, and any other applicable additional addenda as set out in section 6.3 of the Secureworks CRA.
“Services” means the managed security services, professional risk consulting services, including incident response services, and cloud-enabled security services of either Sophos or Secureworks that Customer is authorized to access or use under the Sophos’ ToU as to Sophos Services or under the Secureworks CRA as to Secureworks Services.
“Software” means Sophos or Secureworks computer programs including Updates, Upgrades, firmware, including any software embedded in Hardware and any Software made available by Sophos or Secureworks for Customer's use in connection with the Services, and the applicable Products Documentation.
“Sophos” means Sophos Limited and its Affiliates, including Secureworks, except where specified as only applicable to either Sophos or Secureworks; except where the context would indicate a different construction, all references to “Sophos” in the Agreement shall be read and interpreted as references to “Secureworks” as well, and all related terms shall be construed, interpreted and read as referring to Sophos or Secureworks, such as, but not limited to, “Products”, “Software”, “Services”, “Documentation”.
"Sophos Ltd." means Sophos Limited, a company registered in England and Wales under number02096520.
“Sophos ToU” means Sophos Ltd.’s then-current End User Terms of Use as at the time of the Customer’s purchase of, or subscription to, the Products (at https://www.sophos.com/en-us/legal/sophos-end-user-terms-of-use, or such other link communicated by Sophos), governing Customer’s use of the Sophos Products: including the Data Processing Addendum (“DPA”) and, as applicable, the Service Description, Hardware Terms, and the Licensing Guidelines. Capitalised terms in this definition not otherwise defined in these terms shall have the meaning given to them in the Sophos ToU.
"Start Date" means the date you have accepted the Terms.
"Territory" means the geographic area to which this Agreement and the appointment of the Partner apply.If the Partner’s registered/principal office is located in one of the EU Single Market, the Territory will be the EU Single Market; otherwise, the Territory will be the country in which the Partner’s registered/principal office is located, unless otherwise agreed or notified by Sophos in writing.
"Trade Marks" means any trade mark and service mark application or registration, trade names, unregistered trade marks or other commercial symbols which Sophos now or hereafteris authorized to use and does use, or authorizes others to use, to identify its Products.
"Update" an update to the library of rules and/or identities and/or other updates to the detection data or software (excluding Upgrades) made available to Customers by Sophos at its sole discretion from time to time automatically or otherwise, but excluding any updates marketed and licensed by Sophos for a separate fee.
"Upgrade" means any enhancement or improvement to the functionality of the Product, Product version or Product feature made available to the Customer by Sophos at its sole discretion from time to time automatically or otherwise, but excluding any software and/or upgrades marketed and licensed by Sophos for a separate fee.
2 SCOPE AND TERM
2.1 Non-Exclusive License to Market and Resell. Subject to Partner’s acceptance into the Partner Program and the terms and conditions of this Agreement, Sophos grants to Partner during the term of the Agreement a non-exclusive, nontransferable, revocable right and license in the Territory to: (i) resell the Products directly to the Customers in the Territory; (ii) perform demonstrations and marketing to potential and current Customers, and (iii) for training for Partner’s employees on a need to know basis and Customer support, provided that Partner shall not use the Products in a production environment or upload production data or any Personal Data to the Products. Partner may not use the Products for Partner’s own internal end-use or to test a competitive product or to provide managed services. Partner acknowledges that(i) its appointment under this Agreement is non-exclusive and (ii) nothing in this Agreement shall limit in any manner Sophos’s marketing, distribution or sales activities or its rights to market, distribute or sell, directly or indirectly, or appoint any other person or company as a dealer, distributor, reseller, licensee or agent for the Products, within or outside the Territory.
2.2 Additional Partner Requirements. Partner’s eligibility to resell certain Products may be subject to additional obligations or conditions, including additional training, specialization requirements, contractual agreements, deal registration requirements, and other conditions further described on the Partner Portal.
2.3 Term. This Agreement will commence on the Start Date and continue for an initial term of twelve (12) months (the “Initial Term”). Thereafter this Agreement will automatically renew for one-year periods (each a “Renewal Term” and together with the Initial Term, the “Term”) unless and until either party terminates this Agreement.
2.4 Updating the Partner Agreement. SOPHOS RESERVES THE RIGHT TO UNILATERALLY REVISE THE PRODUCTS, THE PRICE LIST AND THE TERMS AND CONDITIONS OF THIS AGREEMENT AND ALL APPLICABLE TERMS REFERENCED IN THIS AGREEMENT (INCLUDING WITHOUT LIMITATION THE COMMERCIAL TERMS) AT ANY TIME BY NOTICE. Notice includes, but is not limited to, posting details on the Partner Portal and/or email announcements sent to Partner. Notice will take effect immediately upon posting or notification (whichever is soonest). Following receipt of such posting or notification, the Partner may terminate the Agreement within thirty (30) calendar days if the Partner objects to the changes. Failure to terminate within such period will be deemed Partner’s unreserved acceptance of such changes.
2.5 Termination. Either party may terminate this Agreement for any reason on no less than thirty (30) days’ written notice. Either party may terminate this Agreement immediately on written notice (I) if the other party materially breaches this Agreement and fails to correct the breach within ten (10) days following written notice from the other party specifying the breach in reasonable detail and requiring the breach to be remedied or (II)upon delivery of written notice by a party to the other party on: (i) the institution of insolvency, receivership or bankruptcy proceedings or any other proceedings for the settlement of debts of the other party; (ii) the making of an assignment for the benefit of creditors by the other party; or (iii) upon the dissolution of the other party. Sophos may terminate this Agreement immediately on written notice if Partner breaches Sections 8 and 13 of the Agreement or misappropriates Sophos or its licensors’ or suppliers’ intellectual property.
3 SUPPLY OF PRODUCTS. PAYMENTS
3.1 Sophos will license or make available Sophos Products in accordance with this Agreement and the Sophos ToU . Secureworks will license or make available Secureworks Products in accordance with this Agreement and the Secureworks CRA. Partner acknowledges that Sophos may (i) subject to Section 3.3, activate the Products for immediate use by the Customer and/or (ii) contact and communicate with the Customer directly with respect to Sophos’s obligations and the Customer’s ongoing use of the Products, both during and after termination or expiration of this Agreement.
3.2 Partner is free to determine and set Partner’s resale pricing of the Products. If Partner purchases from a Distributor, final terms of pricing, invoicing, payment, order, and shipment will be as agreed between Partner and Distributor, and the terms that correspond to those topics in this Agreement do not apply as between Partner and Sophos. Section 3.3, all of section 4, section 12.1 and section 13.2.1 only apply if the Partner has been authorised by Sophos in writing to purchase from Sophos directly. In all other cases, Partner shall purchase via a Distributor.
3.3 Partner Purchasing Directly from Sophos
3.3.1 Sophos will provide the Products to the Partner in accordance with orders placed by the Partner in accordance with the terms of this Agreement. Unless a statement of work has been signed for professional services, Partner shall provide Sophos with an order. Sophos will not be bound by any order until Sophos has accepted the order or shipped the Products. Any additional terms contained in an order will not bind the parties unless expressly agreed by Sophos. All orders shall be governed by and subject to the terms and conditions of this Agreement.
3.3.2 The fees Sophos charges to the Partner for the Products will be based on the current Price List at the time of the order, minus any discounts offered with the order. Quotes are not binding. Sophos reserves the right to amend quotes at any time. Partner acknowledges and agrees that, notwithstanding any additional discount that may appear in a quote, the Discount is meant to compensate Partner for its material effort in selling the Products to Customer(s). Sophos may amend any discounts given to the Partner at any time and for any reason including without limitation if the Partner fails to meet the payment terms.
3.3.3 All fees, payments and amounts stated hereunder and amounts payable shall be in the currency set forth in a quote. Unless stated otherwise in the Price List or in the Commercial Terms, prices do not include taxes (e.g. value added taxes or similar taxes) or the cost of handling, carriage and insurance, all of which shall be borne exclusively by the Partner. If the Partner is required to pay Sophos a lower amount under this Agreement because of any withholding or tax, Partner shall pay to Sophos such grossed-up amount as would be necessary to provide Sophos the full amount of the payment due after the deduction of any such withholding or tax imposed.
3.3.4 Where the Partner has placed an order and it has been accepted by Sophos, the Partner shall be liable for payment, regardless of whether Customer has paid the Partner.
3.3.5 Subject to receipt of satisfactory credit references and relevant financial information, Sophos may establish a credit account and a credit limit for the Partner. Due to credit card fees, payments may only be made via a credit card for invoices of up to USD $5,000 (or the equivalent in local currency).Until the Partner receives written confirmation from Sophos that a credit account has been established, all orders must be prepaid. For the avoidance of doubt, if Sophos agrees to establish a credit account, the payment terms for all orders are thirty (30) days from the date of invoice, unless otherwise agreed in writing. Sophos may refuse orders from the Partner based on such Partner’s credit limits, as Sophos may determine from time to time in its reasonable discretion.
3.3.6 If the Partner fails to make full payment when due, Sophos may suspend or terminate the provision to the Partner and/or Customers of the Products, as well as limit Partner’s access to Partner Program benefits (all at Sophos’s sole discretion). Sophos will not incur any liability to Partner or Customer(s) for such suspension, termination or non-acceptance of Orders. If permitted by Applicable Law, any delay in making payment shall automatically entitle Sophos to charge interest at1 percent per month from the date when payment is due until the date when payment is received. Partner will be responsible for billing Customers for their use of the Products and all other fees and expenses related to the Products and for collecting any amounts due from Customers.
3.3.7 For the avoidance of doubt Sophos will not offer refunds if a Customer’s License is suspended or terminated early for any reason, or offer refunds and/or credits if any Customer fails to pay the Partner.
3.3.8 Notwithstanding anything herein to the contrary, Sophos reserves the right to refuse to provide any Products to any Customer if Sophos: (i) is required by law to do so; or (ii) determines in its sole discretion that (a) it would be commercially unreasonable for it to provide Products to such Customer from a regulatory, financial or tax perspective or because the Customer poses a reputational or credit risk to Sophos, or (b) it comes to Sophos’ attention that the terms and conditions in the Customer Agreement or proposed by Partner or Customer are commercially unreasonable. Sophos will provide prompt notice to Partner of such refusal to provide Products to a Customer, and Partner is responsible for any and all liability arising out of Sophos’ refusal to provide Products to a Customer made pursuant to this section 3.3.8.
3.3.9 Any term contained in a purchase order(s) will not bind the parties unless expressly accepted and agreed by Sophos. Sophos may issue an invoice and collect payment without a corresponding purchase order.
3.4 Work on Customer Premises. If and to the extent that the professional services require Sophos to be present at the Customer’s premises, Sophos shall notify the Partner, and Partner shall invoice Customer and reimburse Sophos for all reasonable, actual out-of-pocket expenses, including but not limited to shipping, travel expense, hotel and meals, incurred in connection with the implementation, performance or delivery of the professional services.
3.5 Right to Terminate Provision of Products in Certain Jurisdictions. Sophos shall have the right to terminate the provision of Products to a Customer upon written notice to Customer with immediate effect in regard to any specific country or jurisdiction in the event that the specific country or jurisdiction demands access to any Sophos proprietary or confidential data, information, software or other material, including, without limitation, information relating to Customer or other Sophos customers, Sophos intellectual property, technology, code, cryptographic keys or access to encrypted material, trade secrets or security process secrets. Sophos and Partner shall negotiate toward an agreement on reduction of future payments due to reduction in these Products. This Agreement and other Products shall continue in jurisdictions unaffected by Sophos’s exercise of this right. This Section 2.7 shall not apply to jurisdictions where Sophos Ltd. or its Affiliates are incorporated.
3.6 Automatically Renewing Quotes for Secureworks Products. For Secureworks Products only, the term of the Products listed in a quote (“Services Term”) will be as specified in the quote. Except for any onboarding or enablement services that are provided on a one-time basis, the Services Term for the Secureworks SaaS Solutions (defined as cloud-enabled security services on the Secureworks Taegis™ platform) (the “SaaS Solutions”) shall, upon expiration, automatically renew for successive periods of twelve months (each, a “Quote Renewal Term”) unless either party provides at least 60 days prior written notice to the other party of its election not to renew. Upon each Quote Renewal Term, the fees associated for the SaaS Solutions shall automatically increase by the Consumer Price Index for All Urban Consumers (CPI-U), for the prior twelve months in effect on the first calendar day of the Quote Renewal Term, as published by the U.S. Department of Labor Bureau of Labor Statistics. If the Bureau of Labor Statistics stops publishing this index or substantially changes its content, Secureworks and Partner will substitute another mutually acceptable cost index.
4 SUPPLY OF HARDWARE
In addition to section 3.3 above, the following terms shall apply to Partner for the sale of Hardware:
4.1 Subject to availability, Sophos will prepare the Hardware and make it available for pickup to partner’s carrier for shipment to the address (within the Territory) provided by Partner on the order, typically within fourteen (14) days from receipt of such order. Notwithstanding the foregoing, Sophos may elect in its sole discretion to only ship to the Partner’s address, in which case Partner will be responsible for shipping Hardware into the Territory.
4.2 All shipments will be made in accordance with the shipping terms published on the Partner Portal.
4.3 Any onward shipment by Partner must comply with Sanctions and Export Control Laws as more fully described in section 13.3.
4.4 The Partner is not permitted to hold Hardware in stock unless agreed in writing with Sophos.
4.5 Certain Hardware may be available for a free trial for thirty (30) days, or such other duration as specified by Sophos in writing in its sole discretion (“Trial Period”), as set forth in the Secureworks CRA or the Sophos ToU, as applicable. IF THE PARTNER REQUESTS HARDWARE FOR a free trial FOR A CUSTOMER, AND SUCH CUSTOMER fails to return THE HARDWARE after the trial period has expired, Sophos shall issue an invoice to PARTNER FOR THE PURCHASE OF THE HARDWARE AT LIST PRICE (MINUS DISCOUNT) AND the Partner SHALL PAY SUCH AMOUNT TO SOPHOS.
4.6 If Partner returns Hardware to Sophos, either post-trial or where there is a valid warranty claim under the Sophos hardware warranty at https://www.sophos.com/en-us/legal/hardware-warranty-policy.aspx, Partner shall use appropriate packaging, insure and ship the Hardware by its own carrier or by using the pre-paid airway bill provided by Sophos, if any.
5 PARTNER'S OBLIGATIONS
During the term of this Agreement, the Partner will:
5.1 use commercially reasonable efforts to diligently pursue potential opportunities to market and sell the Products to customers in the Territory in a timely, diligent and professional manner;
5.2 use reasonable endeavours to renew Sophos licenses and subscriptions in a timely fashion, and in particular (but without limitation) contact Customer(s) who have not renewed their Sophos licenses or subscriptions prior to their expiry;
5.3 refrain from making any promises or representations, or give any warranties, guarantees or indemnities in respect of the Products except those expressly authorised by Sophos in writing in the Sophos ToU or the Secureworks CRA. Only the terms of the Sophos ToU or the Secureworks CRA will govern Customer’s use of the Products, and any additional or conflicting terms in an agreement between Partner and Customer are Partner’s sole responsibility;
5.4 not hold itself out as having any authority whatsoever to agree to any change to the Sophos ToU or the Secureworks CRA;
5.5 use the Trade Marks relating to the Products solely in the registered form or style notified to the Partner in writing by Sophos and refrain from(i) using or registering the Trade Marks in connection with any other products or services or as part of the corporate or any trade name or any Internet domain name or any social media handle, of the Partner and (ii) altering, obscuring, removing, interfering with or adding to any of the Trade Marks, (iii) adding or affixing markings or notices to or in the Products and the Product Documentation delivered to the Partner;
5.6 refrain from duplicating or reproducing in any way any Sophos copyright material without the prior written consent of Sophos;
5.7 deal with any complaints, problems or other technical queries regarding the Products from Customers before contacting the Sophos support team;
5.8 refrain from(i) making or disseminating any disparaging comments and/or statements concerning the Products, Sophos, or Secureworks or (ii) marketing, distributing, licensing or selling the Products in a manner that is likely to cause harm to, or diminish the value of, the Sophos brand;
5.9 refrain from incorporating, combining or integrating the Products in, on or with any other hardware or software products without obtaining Sophos’s prior written consent and signing the appropriate MSP or OEM Agreement;
5.10 refrain from using the Products for the purpose of competing with Sophos, including without limitation the gathering of competitive intelligence;
5.11 provide Sophos and any authorized Distributor with all information required to process purchase orders, including without limitation complete and accurate Customer identification information such as the name of each Customer, Customer address inclusive of zip code, email address, the applicable Products purchased, and the quote number;
5.12 obtain all training and certification that Sophos may require for the distribution and resell of Products;
5.13 solely resell the Products under the Sophos ToU and / or the Secureworks CRA, as applicable, and require the Customer to expressly acknowledge and accept the Sophos ToU and / or the Secureworks CRA, as applicable. Upon Sophos’s request, Partner will provide templates and copies of orders, to allow Sophos to monitor Partner’s compliance with this obligation;
5.14 inform Customer that the Products are not fault-tolerant and are not designed or intended for use in, and not to use Products in, any hazardous environments requiring fail-safe performance or in any application in which the failure of the Products could lead directly to death, personal injury, or physical or property damage (collectively, “High-Risk Activities”); High-Risk Activities include the operation of nuclear facilities, aircraft navigation, air traffic control, emergency communications systems, life support machines, and weapons systems; Partner understands and agrees that Sophos makes no warranties or assurances that the Products are suitable for any High-Risk Activities and Partner shall defend and indemnify Sophos from any claims made by third parties resulting from any such High-Risk Activities;
5.15 not (i) appoint any other person, firm or entity as a sub-distributor or agent for the Products; (ii) sell, sublicense, assign, or transfer the Products, except as permitted under this Agreement; (iii) decompile, disassemble, or reverse engineer any Product; (iv) copy any Product; or (v) remove, alter, or obscure any proprietary rights notices contained in or affixed to the Product;
5.16 not, and will not permit any Customer to: (i) use any Product to operate in or as a time-sharing, outsourcing, service bureau, hosting, application service provider or managed service provider environment, (ii) alter or duplicate any aspect of any Product, except as expressly permitted under this Agreement; or (iii) assign, transfer, distribute, or otherwise provide access to any of the Products to any third party or otherwise use any Product with or for the benefit of any third party;
5.17 perform its obligations in accordance with the terms and conditions of this Agreement and market the Products in compliance with all Applicable Laws;
5.18 will defend, indemnify and hold harmless Sophos from and against (a) any claim by a third party (including Customers), and (b) any loss, liability or damage suffered or incurred by Sophos resulting from:(i) Partner’s use of the Trade Marks in any manner other than as permitted under this Agreement; (ii) Partner’s marketing, promotion or sale of the Products in a manner that is not authorized or permitted under this Agreement; (iii) Partner’s unauthorized modification of the Services, Software or Documentation or unauthorized combination of the Services, Software and Documentation with any hardware, software, products, data or other materials not specified or provided by Sophos; or related to Partner’s breach of Section 5.13 or of Section 13, and that a breach of such Section 5.3 or Section 13 may be considered cause for immediate termination of this Agreement, including claims arising after the expiry or termination of this Agreement if Partner’s acts or omissions occurred during the term of the Agreement;. and
5.19 PARTNER ACKNOWLEDGES AND AGREES THAT IF IT IS IN BREACH OF ANY OF ITS OBLIGATIONS SET OUT ABOVE IN THIS SECTION 5, SOPHOS MAY, AT ITS SOLE OPTION AND WITHOUT LIMITING ANY OTHER REMEDIES AVAILABLE TO IT, UPON NOTICE TO PARTNER: (i) TERMINATE THIS AGREEMENT; OR (ii) SUSPEND OR CEASE TO PERFORM ITS OBLIGATIONS HEREUNDER AND/OR (iii) REDUCE OR REMOVEPARTNER’S STATUS AND/OR REDUCEPARTNER’S DISCOUNT (if applicable).
6 SOPHOS’S OBLIGATIONS
During the term of this Agreement, Sophos will:
6.1 use reasonable commercial efforts to continue to develop, upgrade and enhance the Products to maintain their marketability and competitiveness;
6.2 maintain a telephone helpdesk offering technical support services for the Products, subject to Section 5.7. Such service will be generally available 24 hours each day;
6.3 track the Product license or subscription expiration dates and notify the Partner and/or the Customer.
7 INTELLECTUAL PROPERTY
7.1 Partner acknowledges that the Products constitute proprietary information and trade secrets which are the sole and exclusive property of Sophos or its licensors and that the Products are or may be protected by patent, copyright, trade secret and/or similar laws and certain international treaty provisions. Sophos Ltd. and/ or the Sophos group of companies retain all right, title, and interest, including all intellectual property rights, (e.g., copyright, confidential information, know-how, patents, designs, database rights and any other intellectual property rights in any country, whether registrable or not and whether registered or not)in and to the Products, including all improvements, enhancements, modifications, derivative works, logos, trade names and Trade Marks. Any and all goodwill in the Trade Marks shall inure to the sole benefit of and be on behalf of Sophos. This Agreement does not transfer or convey to Partner or any Customer or third party any right, title or interest in or to the Products or any associated intellectual property rights, but only a limited right of use revocable in accordance with the terms of this Agreement. Sophos reserves all rights in and to the Products that are not expressly granted under this Agreement. Except as expressly stated in this Agreement, no license or right is granted directly or by implication, inducement, estoppel, or otherwise.
8 CONFIDENTIALITY
8.1 Each party acknowledges that it and its Affiliates (“Receiving Party”) may have access to Confidential Information of the other party and its Affiliates (“Disclosing Party”) in connection with this Agreement. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own Confidential Information of like kind (but not less than reasonable care). The Receiving Party agrees to (i) not use any Confidential Information for any purpose other than to perform its obligations and exercise its rights under this Agreement, and (ii) restrict dissemination of Confidential Information only to individuals or third parties subject to a substantially similar duty of confidentiality who have a “need to know” such information. A Receiving Party may disclose the Disclosing Party’s Confidential Information in any legal proceeding or as required as a matter of applicable law or regulation (such as in response to a subpoena, warrant, court order, governmental request, or other legal process); provided, however, that to the extent permitted by applicable law, the Receiving Party will (1) promptly notify the Disclosing Party before disclosing the Confidential Information; (2) reasonably cooperate with and assist the Disclosing Party, at the Disclosing Party’s expense, in its efforts to contest the disclosure; and (3) disclose only that portion of the Confidential Information that is legally required to be disclosed.
8.2 Notwithstanding the above, a Disclosing Party’s Confidential Information will not include information that: (i) is or becomes a part of the public domain through no act or omission of the Receiving Party; (ii) was in the Receiving Party’s lawful possession prior to the disclosure by the Disclosing Party and had not been obtained by the Receiving Party either directly or indirectly from the Disclosing Party; (iii) is lawfully disclosed to the Receiving Party by a third party without restriction on the disclosure; or (iv) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information.
8.3 This section 8 shall continue in force for a period of five (5) years after and despite the expiration or termination of this Agreement.
9 DATA PROTECTION AND USE OF PERSONAL INFORMATION
9.1 In connection with the processing and sharing of Personal Data contemplated under this Agreement both parties acknowledge that they will act as independent controllers. Each party is responsible for compliance with its respective obligations under applicable Data Protection Laws.
9.2 Partner represents that Partner’s data protection policies and practices are, and will be maintained, at a minimum in accordance with the applicable Data Protection Laws.
9.3 Partner shall provide immediate written notice of any unauthorized access, use or disclosure of Personal Data or any security breach that could affect Sophos or Customers or could impact the activities to be performed under this Agreement. In such event, Partner shall immediately take remedial action as required by the applicable Data Protection Laws and as requested by Sophos.
9.4 Partner shall upon reasonable request provide appropriate evidence of Partner’s compliance with this section 9.
9.5 Partner understands and acknowledges (and shall ensure that its staff and Customer's staff understand and acknowledge) that, in order for Sophos to further its legitimate business interest in managing the Agreement and the relationship with Customers, Distributors and other business associates (including for Sophos to provide the Products, and resolve Customers’ issues), Sophos will process Personal Data relating to Partner’s staff and Customer’s staff and may disclose such Personal Data to relevant Distributors and other business associates.
10 PARTNER'S STATUS
10.1 Independent contractors. The Partner is appointed as an independent contractor and this Agreement will not constitute a joint venture or partnership between the parties and (other than expressly as provided in this Agreement) the Partner shall not hold itself out as Sophos’s agent. Nothing in this Agreement shall preclude the Partner from acting as an agent for the Customer, including (without limitation) accepting the Sophos ToU on the Customer's behalf where the Partner downloads and/or installs the Products on the Customer's behalf.
10.2 Publicity Authorization and Disclosures to Distributors. During the term of the Agreement, and notwithstanding section 8.1, Partner expressly authorises Sophos to disclose the Partner’s status as a Sophos Partner and to publish Partner’s name, logo, and other relevant information regarding Partner’s status as a Sophos Partner—including partner tier, specializations, certifications, and contact information—for publicity, promotional, and other legitimate business purposes, as well as to disclose directly to Partner’s selected Distributor(s) such information necessary to enable Partner’s purchase of Sophos Products from such Distributor(s) for resale in the Territory.
11 EFFECT OF TERMINATION
11.1 Termination of this Agreement by Sophos in accordance with its terms shall not give the Partner any right to compensation for direct or indirect damages, loss of revenue, loss of opportunity, loss of profits, or consequential losses of any kind or nature whatsoever, and in no circumstances shall the Partner acquire against Sophos, Sophos Ltd and its Affiliates, or their distributors and partners, any goodwill in respect of its appointment as Partner or in respect of the Products or their distribution or sale, or otherwise under or in respect of this Agreement.
11.2 Upon the expiry or termination of this Agreement, the rights granted to Partner hereunder will terminate and the Partner will immediately return to Sophos all promotional and commercial material, including any Products, evaluation copies, Product Documentation, Product Descriptions and all literature and other materials supplied free-of-charge or on loan or consignment to the Partner by (or for) Sophos(or irretrievably destroy those elements if it only received digital copies).
11.3 In the event the Agreement is terminated pursuant to Section 2.6, Sophos may contract directly with any and all of the Customer(s) or through another third party to provide any Products.
11.4 Any provision of this Agreement that expressly or by implication is intended to come into or continue in force on or after termination of this Agreement shall remain in full force and effect.
12 WARRANTIES AND LIABILITY
12.1 UNLESS OTHERWISE EXPRESSLY STATED IN THE AGREEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAWS, SOPHOS GIVES NO WARRANTY, UNDERTAKING, INDEMNITY OR OTHER COMFORT AND MAKES NO REPRESENTATION OF ANY KIND (WHETHER EXPRESS, IMPLIED, UNDER STATUTE, CUSTOM OR OTHERWISE) IN RELATION TO THE PARTNER PROGRAM OR THE PRODUCTS, INCLUDING WITHOUT LIMITATION:
12.2.1 AS TO THEIR MERCHANTABILITY, SATISFACTORY QUALITY OR FITNESS FOR A PARTICULAR PURPOSE OR AS TO NON-INFRINGEMENT;
12.2.2 THAT THE PRODUCTS WILL DETECT, IDENTIFY OR DISABLE ALL OR ANY SPECIFIC HARMFUL PROGRAMS, VIRUSES OR HARMFUL COMPONENTS;
12.2.3 THAT THE PRODUCTS WILL NOT GIVE FALSE POSITIVE RESULTS;
12.2.4 THAT UPDATES WILL BE PROVIDED FOR ALL HARMFUL PROGRAMS, VIRUSES, OR HARMFUL COMPONENTS;
12.2.5 THAT UPDATES WILL BE PROVIDED FOR ALL FORMS OF SPAM OR SPAM CAMPAIGNS;
12.2.6 THAT THE PRODUCTS WILL MEET THE PARTNER’S OR THE CUSTOMERS’ REQUIREMENTS; OR
12.2.7 THAT THE PRODUCTS WILL BE ERROR FREE AND/OR OPERATE WITHOUT INTERRUPTION.
12.3 SUBJECT TO SECTIONS 12.4 AND 12.5, AND TO THE EXTENT PERMITTED BY APPLICABLE LAWS, THE AGGREGATE LIABILITY OF SOPHOS AND ITS AFFILIATES TO THE PARTNER FOR ANY MATTER ARISING UNDER OR IN CONNECTION WITH THIS AGREEMENT OR THE PRODUCTS FOR ALL EVENTS IN ANY TWELVE MONTH PERIOD, WHETHER ARISING FROM CONTRACT, TORT, NEGLIGENCE OR OTHERWISE, SHALL BE LIMITED TO THE GREATER OF (i) TEN THOUSAND U.S. DOLLARS ($10,000 USD), OR THIS EQUIVALENT IN LOCAL CURRENCY, OR (ii) THE AMOUNTS PAID BY THE PARTNER TO SOPHOS UNDER THIS AGREEMENT FOR THE ORDER GIVING RISE TO THE LIABILITY DURING SUCH TWELVE MONTH PERIOD. ANY “TWELVE MONTH PERIOD” COMMENCES ON THE START DATE OR ANY OF ITS YEARLY ANNIVERSARIES.
12.4 SUBJECT TO SECTION 12.5, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, SOPHOS SHALL NOT BE LIABLE TO THE PARTNER FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, PUNITIVE OR SPECIAL DAMAGE OR LOSS OF ANY KIND, INCLUDING BUT NOT LIMITED TO, LOSS OF PROFITS, LOSS OF REVENUE, BUSINESS INTERRUPTIONS, COST OF SUBSTITUTE GOODS OR SERVICES, LOSS OF OR CORRUPTION OF DATA HOWEVER CAUSED AND WHETHER ARISING UNDER CONTRACT OR TORT (INCLUDING WITHOUT LIMITATION NEGLIGENCE), EVEN IF SOPHOS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR ANY CLAIMS MADE BY PARTNER AGAINST SOPHOS OR BY CUSTOMERS AGAINST THE PARTNER.
12.5 SOPHOS DOES NOT LIMIT OR EXCLUDE ITS LIABILITY FOR (i) DEATH OR PERSONAL INJURY CAUSED BY NEGLIGENCE, (ii) FRAUDULENT MISREPRESENTATION, OR (iii) ANY OTHER LIABILITY TO THE EXTENT THAT SUCH LIABILITY CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW.
12.6 The Parties acknowledge and agree that the Products are deployed to mitigate the risk of criminal cyber activity by alerting to potential suspicious activities within Customers’ network or information technology systems, where certain Products are deployed. As such, Sophos shall not be liable for any such breach of its confidentiality obligations towards Partner or their Customers, or data security obligations under section 8 of this Agreement or data security obligations under the applicable Data Processing Addendum, in each case resulting from a hack or intrusion by a third party into Customers’ network or information technology systems. This Section does not prohibit a Customer from pursuing or recovering damages arising out of a breach of Sophos’s other obligations under the Secureworks CRA or Sophos ToU.
12.7 This section 12 has continuing effect after termination of this Agreement.
13 COMPLIANCE
13.1 The Partner shall comply with all Applicable Laws and the terms and conditions of the Sophos Anti-Corruption Policy.
13.2 The Partner hereby:
13.2.1 agrees that it will be solely responsible for complying with and for applications, filings, registrations or certifications required under all Applicable Laws. Partner shall provide Sophos within a reasonable time all test reports, certificates of conformity, or similar verifications of regulatory certification obtained by Partner under this section.
13.2.2 agrees that it is solely responsible for fulfilling all Applicable Laws that require the disposal, recycling, or reporting of hazardous substances or electronic waste, including without limitation those that relate to the EC Directive on Waste Electrical and Electronic Equipment (“WEEE”) and The Restriction of the Use of Certain Hazardous Substances in Electrical and Electronic Equipment Regulations (“RoHS”), and similar local laws and regulators in connection with any use, transport or disposal of the Products.
13.3 The Partner hereby:
13.3.1 agrees that in connection with its resale and distribution of the Products it will comply, and will ensure that its relevant personnel comply with all Sanctions and Export Control Laws, including but not limited to its own written policy to properly identify its Customers;
13.3.2 represents and warrants that neither Partner nor any party that owns or controls, or is owned or controlled by, Partner, nor any of its employees, shareholders or directors, is (i) ordinarily resident in, located in, or organized under the laws of any country or region subject to economic or financial sanctions or trade embargoes imposed, administered, or enforced by the European Union, the United Kingdom, or the United States; (ii) an individual or entity on the Consolidated List of Persons, Groups, and Entities Subject to European Union Financial Sanctions; the U.S. Department of the Treasury's List of Specially Designated Nationals and Blocked Persons or Foreign Sanctions Evaders List; the U.S. Department of Commerce's Denied Persons List or Entity List; or any other sanctions or restricted persons lists maintained by the European Union, the United Kingdom, or the United States; or (iii) otherwise the target or subject of any Sanctions and Export Control Laws;
13.3.3 represents and warrants that it will not export, re-export, transfer, or otherwise make available the Products, directly or indirectly, to any country, region, individual or entity described in section 13.3.2 or in violation of, or for purposes prohibited by, Sanctions and Export Control Laws, including for proliferation-related end uses, and that it has adequate policies, procedures, and controls in place to comply with this section 13.3.3;
13.3.4 agrees that it will use its best efforts to ensure that all Customers comply with the requirements of section 13.3.3, including, but not limited to, by requiring all Customers to agree to comply with the requirements of section 13.3.3;
13.3.5 understands and agrees that Sophos shall have no obligation to provide any Product, Update, Upgrade or other service related to the Products where Sophos believes such provision could violate Sanctions and Export Control Laws;
13.3.6 agrees to notify Sophos immediately if it becomes aware that it, its Affiliates, its Customer or any of its directors, shareholders or personnel, may have breached any Sanctions and Export Control Laws in connection with its resale and distribution of the Products or if it becomes aware that any Product that it sold, directly or indirectly, to an Customer (or any Update, Upgrade or related service) has been exported, re-exported, transferred, or otherwise made available in violation of section 13.3.3;
13.3.7 agrees to provide notice to Sophos in a commercially reasonable timeframe and manner (unless otherwise specifically stated elsewhere in the Agreement) of any government action or communication that Partner receives or becomes aware of concerning Sanctions and Export Control Laws relating to the Products, unless prohibited by law or compulsory governmental process;
13.3.8 agrees that while information about the classification of the Products for export purposes is available at http://www.sophos.com/en-us/legal/export.aspx and Sophos will use reasonable efforts to maintain the information on such webpage, Partner is solely responsible for any product classification required under this section, for seeking its own legal advice and for ensuring its own compliance with all applicable Sanctions and Export Control Laws in assigning such product classification;
13.3.9 agrees that in the event that the sale, supply, export, re-export or transfer of all or part of the Products or any Update, Upgrade or related services is subject to Sophos obtaining or using an export license, it will promptly provide all assistance or documentation required by Sophos including, if required, an accurate Customer undertaking or consignee undertaking;
13.3.10 acknowledges that the Products are provided to Customers as “commercial items,” “commercial computer software,” “commercial computer software documentation,” and “technical data,” as defined in the US Federal Acquisition Regulation (FAR) and the US Defense Federal Acquisition Regulation Supplement (DFARS) and are provided with the same rights and restrictions generally applicable to the Products. Sophos does not warrant that the Products are provided in accordance with the provisions of the US Federal Acquisition Regulation (FAR), the US Defense Federal Acquisition Regulation Supplement (DFARS), Canadian Aviation Regulations (CARs), including SOR 96-433, or any other similar U.S. or foreign laws, rules or regulations. If a Customer is using the Products on behalf of the U.S., Canadian or other government and the Sophos ToU or Secureworks CRA, as the case may be, fail to meet the U.S., Canadian or other government’s needs or are inconsistent in any respect with U.S., Canadian or other governmental law, Partner will ensure that Customer immediately discontinues the use of the Products. For clarity, the Products have not received Federal Risk and Authorization Management Program (FedRAMP) authorization; and
13.3.11 acknowledges and will inform Customer that Products are not designed to process, store, or be used in connection with Excluded Data; Partner is responsible for reviewing data that will be provided to or accessed by Sophos to ensure that it does not contain Excluded Data; “Excluded Data” means: (i) data that is classified; (ii) technology or technical data designated as defense articles or defense services on the U.S. Munitions List of the International Traffic in Arms Regulations (“ITAR”), or listed on the Commerce Control List of the Export Administration Regulations (“EAR”); and (iii) personally identifiable information that is subject to heightened security requirements as a result of Partner’s or Customer’s internal policies or practices, industry-specific standards or by law.
13.4 Partner will maintain accurate records for a period of five (5) years from the date of any transaction and will provide Sophos with information reasonably requested by Sophos to review compliance with the terms of this section. Partner further agrees to provide Sophos with a certification as to its compliance with this section upon Sophos’s request. Failure to provide information/certification within thirty (30) days of Sophos’s request may be considered cause for immediate termination of this Agreement. Any such review and/or audit will be subject to the confidentiality provisions contained in this Agreement.
14 GENERAL
14.1 Remedies not exclusive. The rights and remedies contained in this Agreement are not exclusive of any other rights or remedies available at law.
14.2 No waiver. The failure to exercise or delay in exercising a right or remedy under this Agreement shall not constitute a waiver of such right or remedy, or a waiver of any other rights or remedies.
14.3 Notices. Any legal notice by Sophos to the Partner regarding this Agreement must be sent in writing to the Partner, and may include (a) any general notice on the Partner Portal or email announcements sent to the Partner representative’s email address on file with Sophos and/or (b) notice specific to the Partner, by electronic mail to the Partner e-mail address in Sophos’s records. Notices by Sophos to the Partner shall be effective upon the date the notice was published on the Partner Portal or the date the email was sent, whichever is earlier. Any legal notice by the Partner to Sophos concerning this Agreement must be sent in writing to The Legal Department, Sophos Limited, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom with a copy to legalnotices@sophos.com. Each Party is responsible for ensuring the other Party is notified of any changes to their electronic or physical contact information.
14.4 Severance. All parts of this Agreement apply to the maximum extent permitted by Applicable Law. If any provision of this Agreement is determined by any court or competent authority to be illegal, invalid and/or unenforceable, (i) Sophos will replace such provision with similar terms which are enforceable under Applicable Law and (ii) such determination shall not affect any other provision of this Agreement, all of which other provisions shall remain in full force and effect.
14.5 Further assurance. Each party shall do, execute and perform, and use all reasonable efforts at its own cost to cause any necessary third party to do, execute and perform, such further acts, things, deeds and documents as may from time to time be required to give full legal and practical effect to this Agreement.
14.6 Assignment. Partner may not sublicense, assign, or transfer its rights or obligations under the Agreement without Sophos’s prior written consent. Sophos may in its sole discretion assign, novate, subcontract, or otherwise transfer any of its rights or obligations hereunder.
14.7 Contracts (Rights of Third Parties) Act 1999. Notwithstanding any other provision in the Agreement, nothing in the Agreement shall create or confer (whether expressly or by implication) any rights or other benefits whether pursuant to the Contracts (Rights of Third Parties) Act 1999 or otherwise in favour of any person not a party hereto.
14.8 Language. Translations of those terms provided by Sophos are provided for information purposes only and not binding. If there is any inconsistency between the English language version of this Agreement and any translated version, then the English language version will apply.
14.9 Force Majeure. Neither party shall be liable for any delay or failure in the performance of its obligations for so long as and to the extent that such delay or failure results from events, circumstances or causes beyond its reasonable control, including but not limited to: acts of God; fire; explosions; vandalism; cable cuts; storms, hurricanes, floods or other similar occurrences; pandemic, epidemic or other public health crisis, including any government-imposed quarantines, restrictions or measures responding to the outbreak of infectious disease; any law, order regulation, direction, action or request of the United States Government, or of any other government, including state and local governments having or claiming jurisdiction over a party or of any department, agency, commission, bureau, corporation, or other instrumentality of any federal, state, or local government, or of any civil or military authority; national emergencies; unavailability of materials or rights-of-way; insurrections; riots; terrorism; wars; strikes, lock-outs, embargoes, or work stoppages; or other labor difficulties, supplier failures, shortages, breaches or delays, including widespread nation state or government-backed cyber activity. If the period of delay or non-performance continues for 30 days, the party not affected may terminate this agreement by giving no less than 10 days' written notice to the affected party.
14.10 Governing Law & Dispute Resolution. Any dispute arising out of or in connection with this Agreement, including any question regarding its existence, interpretation, validity or termination, shall be referred to and finally resolved by arbitration under the Rules of the LCIA, which Rules are deemed to be incorporated by reference into this Section. The seat of arbitration shall be Oxford, England. The language to be used in the arbitration shall be English. The governing law of the contract shall be the substantive law of England and Wales. In any action or proceeding to enforce rights under this Agreement, the prevailing party shall be entitled to recover costs and legal fees.
14.11 Entire Agreement. This Agreement completely and exclusively states the agreement between the parties in relation to its subject matter. This Agreement supersedes all prior or contemporaneous proposals, agreements, understandings, representations, warranties, or other communications between the Parties, oral or written, regarding such subject matter. All rights and obligations of Partner shall be read and interpreted as being rights and obligations of Partner undertaken towards Sophos when Partner orders Sophos Products and towards Secureworks when Partner orders Secureworks Products from Secureworks. Save as provided by section 2.5 above, this Agreement may only be revised in writing signed by an authorised representative of each of the parties. In the event of any inconsistency between this Agreement and the Commercial Terms, the provisions of the Commercial Terms shall prevail.
Partner Agreement (July 2025)