1. Definitions For the purpose of these Conditions:
Agreement means the Order and the Supplier’s acceptance of the Order;
Background Intellectual Property Rights means any Intellectual Property Rights, other than Foreground Intellectual Property Rights (as defined below), which are used by either party under or in relation to this Agreement.
Conditions means these terms and conditions;
Confidential Information means the Order and any confidential or proprietary information that is clearly marked confidential or that a reasonable person would deem to be non-public, proprietary and/or confidential, whether disclosed orally, visually or in writing prior to or after the Effective Date, which includes but is not limited to documentation, business or financial affairs, trade secrets, technology, research and development, pricing, product descriptions product plans and roadmaps, marketing plans, customer/prospect lists and contact details and the terms or existence of this Agreement.
Foreground Intellectual Property Rights means any Intellectual Property Rights that arise or are obtained or developed by, or on behalf of, either party in the course of or in connection with this Agreement.
Intellectual Property means patents, utility models, rights to inventions, copyright and related rights, moral rights, trademarks and service marks, business names and domain names, rights in get-up, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including but not limited to know-how and trade secrets), semiconductor topography rights, and all other intellectual property rights, in each case whether registered or unregistered and including without limitation all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
Products means any product to be purchased by Sophos from the Supplier (including any part or parts of them);
Order means Sophos’s written instruction for the Supplier to supply the Products or Services, incorporating these Conditions;
Sanctions and Export Control Laws means any law, regulation, statute, prohibition, or similar measure applicable to either party and/or to any performance under this Agreement relating to the adoption, application, implementation and enforcement of economic sanctions, export controls, trade embargoes or any other restrictive measures, including, but not limited to, those administered and enforced by the European Union, the United Kingdom, and the United States, each of which shall be considered applicable to the Agreement.
Services means any service to be purchased by Sophos from the Supplier;
Sophos means the member of the Sophos Group that places the Order.
Sophos Group means any entity which controls, is controlled by or is under common control with Sophos Ltd.
Supplier means the person, firm or company who accepts the Order.
2. Supplier's Conditions
The Order, which includes these Conditions constitutes the entire agreement and understanding between the Supplier and Sophos and supersedes any and all prior discussions and negotiations between them. No terms or conditions endorsed, provided with or otherwise contained or referred to in the Supplier’s quotation, or in the Supplier’s acknowledgement or acceptance of the Order shall be binding on Sophos if in conflict with or in addition to any of the provisions of the Order (including but not limited to delivery schedule, price, quantity, specification and terms and conditions) unless expressly agreed to in writing by Sophos at the time of the Agreement.
3. Deliveries
3.1 The agreed “Delivery Date” shall be the date specified on the Order. A delivery shall be deemed to be an “On Time Delivery” where the Products are delivered as FOB (where applicable) to the specified forwarder on or before the Estimated Time of Departure (ETD).
3.2 The Products shall be delivered, carriage, insurance and duties paid, to Sophos’s place of business or to such other place of delivery as is agreed by Sophos in writing prior to delivery of the Products. The Supplier shall off-load the Products at its own risk as directed by the Sophos. All export and import requirements shall be the responsibility of the Supplier.
3.3 The Supplier shall ensure that each delivery is accompanied by a delivery note which shall include but not be limited to; the Order number, date of Order, number of packages and contents and, in the case of part delivery, the outstanding balance remaining to be delivered.
3.4 Partial delivery shall not be considered On Time Delivery and is not permitted unless expressly agreed in writing by the parties prior to the Delivery Date.
3.5 If the Products are not delivered on the Delivery Date, or do not comply with the Order then, without limiting any of its other rights or remedies, Purchaser shall have the right to any one or more of the following remedies, whether or not it has accepted the Products:
(a) to terminate the Contract;
(b) to reject the Products (in whole or in part) and return them to the Supplier at the Supplier's own risk and expense;
(c) to require the Supplier to repair or replace the rejected Products, or to provide a full refund of the price of the rejected Products;
(d) to refuse to accept any subsequent delivery of the Products which the Supplier attempts to make;
(e) to recover from the Supplier any costs incurred by Sophos in obtaining substitute goods from a third party; and
(f) to claim damages for any other costs, loss or expenses incurred by Sophos which are in any way attributable to the Supplier's failure to carry out its obligations under the Contract.
3.6 In addition to any statutory rights or rights given at clause 1.4, where Supplier fails to deliver the Products in accordance with the Order, and unless agreed in writing with Sophos, Sophos shall be entitled to demand payment of damages amounting to 0.5% of the value of the Products per started week of delay, up to a maximum of 5% of the entire value of the Order.
3.7 Sophos shall not be deemed to have accepted the Products until it has had a reasonable period to inspect them following delivery. Sophos shall also have the right within a reasonable time to reject the Products as though they had not been accepted should any latent defect in the Products become apparent.
3.8 The Products shall remain at the risk and ownership of the Supplier until delivery to Sophos is complete (including off-loading and stacking) at which time the risk and ownership of the Products shall pass to Sophos.
3.9 Should the Supplier become aware of any circumstance that might prevent him from delivery in accordance with the Order, Supplier should immediately inform Sophos.
4. Prices
4.1 The price of the Products/Services shall be stated in the Order and unless otherwise agreed in writing by Sophos shall be inclusive of value added tax (or its equivalent in the relevant jurisdiction) and all other charges.
4.2 No variation in the price nor extra charges shall be accepted by Sophos.
5. Payment and Invoicing
5.1 Invoices shall be raised in accordance with the relevant Order. If no invoicing frequency is specified in the Order then invoices shall be issued (i) upon delivery in accordance with clause 3 in respect of fees for Products and (ii) upon completion in respect of fees for Services.
5.2 Sophos shall pay the price of the Products/Services delivered and accepted in accordance with the Agreement within 30 days of the date a valid invoice is received from the Supplier. Sophos may withhold payment of an invoice in the event of a bona fide dispute with regard to the fees or a material error on such invoice. Invoices must include the Order details and should be submitted to accountspayable@sophos.com.
5.3 Without prejudice to any other right or remedy, Sophos reserves the right to set off any amount owing at any time from the Supplier to Sophos against any amount payable by Sophos to the Supplier under the Agreement.
6. Intellectual Property Rights
6.1 All Intellectual Property Rights in or relating to the Products are and shall remain the property of the Supplier.
6.2 The Supplier hereby assigns to Sophos all Intellectual Property Rights owned by the Supplier in any material which is generated by the Supplier and delivered to Sophos in the performance of the Services and shall waive all rights relating to such material. The Supplier shall not reproduce, publish or supply any such material to any person other than Sophos without prior written consent.
6.3 Any Background Intellectual Property Rights belonging to Sophos (and its third party licensors as applicable) shall remain the sole and exclusive property of Sophos (and such third party licensors), and the Supplier shall not acquire any rights therein. Where necessary, the Supplier is granted a non-exclusive, non-transferable, non-assignable right to use such Background Intellectual Property Rights solely to the extent required for providing the Services and Products under this Agreement.
6.4 All Foreground Intellectual Property Rights shall be the property of Sophos. The Supplier hereby transfers (including by way of present assignment of future rights) all such Foreground Intellectual Property Rights to Sophos with full title guarantee. The Supplier irrevocably and unconditionally waives all moral rights in relation to such Foreground Intellectual Property Rights. If requested by Sophos, the Supplier shall (at Sophos’s expense) do everything necessary to vest such Foreground Intellectual Property Rights in Sophos.
6.5 The Supplier shall indemnify and hold Sophos harmless from any losses, damages and costs Sophos (including without limitation any Sophos Group company) incurs as a result of any claim or action alleging that the Services and/or Products infringe the Intellectual Property Rights of a third party.
6.6 The provisions of this Clause shall survive the termination of the Order.
7. Confidentiality
7.1 The parties shall:
i) Treat the Confidential Information as strictly confidential;
ii) Not disclose or use or allow any third party to disclose or use the Confidential Information except as expressly permitted by this Agreement or with the prior written consent of the relevant party on each occasion;
iii) Only use the Confidential Information for the performance of the Order;
iv) Not make any copies of, or in other way duplicate, any Confidential Information except as strictly necessary for the performance of the Order.
7.2 The restrictions in Clause 7.1 shall not apply to the extent that:
i) The Confidential Information is already lawfully known to the other party independently of this Agreement;
ii) The Confidential Information is in, or comes into, the public domain other than as a result of wrongful use or disclosure by the receiving party;
iii) Disclosure of Confidential Information is required by law or regulatory authority. In the case of disclosure under this Clause 7.2(iii), the disclosing shall (a) give the other party prior written notice of the need to disclose Confidential Information, (b) give all reasonable assistance (at the cost of the disclosing party) to challenge the requirement to disclose such Confidential Information, and (c) only disclose such Confidential Information that is strictly necessary to comply with the law or regulatory authority.
7.3 Sophos makes no express or implied warranty or representation as to the accuracy or completeness of the Confidential Information provided by Sophos and expressly disclaims any and all liability howsoever arising that may be based upon the Confidential Information, and any errors or omissions contained within it.
7.4 The rights and obligations in this Clause 7 shall continue for a period of five (5) years from the date of expiration or termination of this Agreement.
8. Data Protection
8.1 For the purposes of this Clause 8, (i) the terms “Controller”, “Data Subject”. “Personal Data”, “Personal Data Breach”, and “Processing” have the meanings given to them in the EU Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) and the term “Process” shall be construed accordingly; and (ii) “Data Protection Laws” shall mean the GDPR, the Data Protection Act 2018, the Privacy And Electronic Communications Directive 2002/58/EC On Privacy And Electronic Communications and any replacing or amending statutes or regulations or similar local data protection or privacy regulations.
8.2 If the provision of the Services constitutes or includes, in whole or in part, any Processing of Personal Data by the Supplier, the Data Processing Terms for Suppliers as displayed at https://www.sophos.com/en-us/legal (“DPA”) shall be incorporated by reference into this Agreement. In the event of any conflict between the terms of the DPA and this Agreement, the terms of the DPA will take precedence with respect to processing of Personal Data only. Sophos may at any time request the Supplier to execute a separate copy of the DPA.
8.3 Where the Supplier supplies Personal Data to Sophos as part of the provision of marketing services (“Marketing Leads”) under this Agreement then such Marketing Leads may be used by Sophos for the purposes of advertising or sending marketing or any other communications relating to business-to-business Data Subjects, including, but not limited to, for direct marketing purposes. The Supplier warrants to Sophos that the collection and Processing of Marketing Leads by the Supplier and the transfer to Sophos of the same is, and has been, in strict compliance with all applicable Data Protection Laws, regulations and similar requirements, and that Supplier has obtained all consents, approvals, and licenses necessary for the sharing of such Marketing Leads with Sophos, and the proposed use of such Marketing Leads by Sophos in accordance with this Agreement. Upon request from Sophos, Supplier shall provide a written copy of any required Data Subject consents relating to the Marketing Leads.
8.4 The Supplier shall, when acting as a Controller, (i) take adequate and appropriate administrative, physical and technical measures to protect Personal Data against (a) unauthorized access, disclosure, modification and deletion, (b) misuse, (c) corruption, and (d) loss, in accordance with best industry practices; (ii) notify Sophos in writing promptly of any relevant request, notification, withdrawal of consent or complaint received by the Supplier from a Data Subject; (iii) notify Sophos in writing at dataprotection@sophos.com and security@sophos.com within forty-eight (48) hours of becoming aware of a Personal Data Breach, a breach of the Data Protection Laws, or a breach of this Clause 8; and (iv) permit Sophos to conduct audits of the Supplier’s Processing upon reasonable notice and during normal business hours to verify compliance by the Supplier with this Clause 8.
8.5 The rights and obligations in this Clause 8 shall survive termination or expiration of this Agreement.
8.6 ANY BREACH OF THIS SECTION 8 BY THE SUPPLIER SHALL BE A MATERIAL BREACH THAT ENTITLES SOPHOS TO TERMINATE THIS AGREEMENT UPON WRITTEN NOTICE TO THE SUPPLIER.
9.Assignment
9.1 The Supplier shall not be entitled to assign, transfer or subcontract the Agreement or any part of it without the prior written consent of Sophos. Sophos may assign, transfer or subcontract the Agreement or any part of it to any other third party.
10. Changes to Orders
10.1 An Order may only be amended by written agreement between Sophos and the Supplier.
11. Publicity, Promotion or Advertising
11.1 The Supplier shall not, without Sophos’s prior written consent, issue any news release, advertising, publicity or promotional material regarding the Order (including denial or confirmation thereof).
12. Force Majeure
12.1 Sophos reserves the right to defer the date of delivery or payment or to cancel the Agreement or reduce the volume or nature of the Products/Services ordered if it is prevented from or delayed in the carrying on of its business due to circumstances beyond the reasonable control of Sophos including, without limitation, acts of God, governmental actions, war or national emergency, acts of terrorism, protests, riot, civil commotion, fire, explosion, flood, epidemic, lock-outs, strikes or other labour disputes (whether or not relating to either party's workforce), or restraints or delays affecting carriers or inability or delay in obtaining supplies of adequate or suitable materials.
13 Remedies & Termination
13.1 Without prejudice to any other right or remedy which Sophos may have, if any Products and/or Services are not supplied in accordance with, or the Supplier fails to comply with, any of the terms of the Order Sophos shall be entitled to avail itself of any one or more of the following remedies at its discretion, whether or not any part of the Products and/or Services have been accepted by Sophos:
(i) to rescind the Order;
(ii) to reject the Services (for a full refund by the Supplier) and/or the Products (in whole or in part) and return the Products to the Supplier at the risk and cost of the Supplier on the basis that a full refund for the Products so returned shall be paid forthwith by the Supplier;
(iii) at Sophos’s option to give the Supplier the opportunity at the Supplier’s expense either to remedy any defect in the Services and/or the Products or to supply replacement Products and carry out any other necessary work to ensure that the terms of the Order are fulfilled;
(iv) to refuse to accept any further deliveries of the Products but without any liability to the Supplier;
(v) to carry out at the Supplier’s expense any work necessary to make the Products and/or Services comply with the Order; and
(vi) to claim such damages as may have been sustained in consequence of the Supplier’s breach or breaches of the Order.
13.2 Notwithstanding anything else contained herein, Sophos reserves the right to terminate an Order for Services, for convenience, at any time upon 14 days prior written notice to the Supplier.
13.3 Notwithstanding anything else contained herein, the Order may be terminated by either party forthwith on giving notice in writing to the other if
(i) the other party commits any material breach of any term of this Agreement and (in the case of a breach capable of being remedied) shall have failed, within 7 days after the receipt of a request in writing from the other party so to do, to remedy the breach; or
(ii) the other party shall have a receiver or administrative receiver appointed of it or over any part of its undertaking or assets or shall pass a resolution for winding up (otherwise than for the purpose of a bona fide scheme of solvent amalgamation or reconstruction) or a court of competent jurisdiction shall make an order to that effect or if the other party shall enter into any voluntary arrangement with its creditors or shall become subject to an administration order.
14 Effect of Termination on the Termination of the Order:
14.1 All the rights and obligations of the parties under the Order shall automatically terminate except for such rights of action as shall have accrued prior to such termination and any obligations which expressly or by implication are intended to come into or continue in force on or after such termination;
14.2 The Supplier shall at its own expense forthwith return to Sophos or otherwise dispose of as instructed all Confidential Information belonging to Sophos and all technical and promotional materials and other documents and papers whatsoever relating to the Products or the business of Sophos (other than correspondence between the parties).
15 Liability
15.1 The Supplier warrants to Sophos that: (i) the Products sold and Services provided to Sophos hereunder shall conform to the relevant Order and other product documentation or any other relevant specifications published by the Supplier, and will be fit for purpose and of satisfactory quality;
(ii) the Products and Services shall comply with all applicable laws and regulations relating to their manufacture, sale, maintenance and use;
(iii) Services shall be performed with reasonable care, skill and diligence and in a professional and workmanlike manner and in accordance with the requirements of the Order and Sophos’s instructions;
(iv) All information, data and materials provided by the Supplier pursuant to this Agreement will be accurate and complete in all material respects;
(v) The Supplier shall comply at all times with all applicable laws, rules and regulations;
(vi) The Supplier has obtained any and all requisite permits, licenses and third party consents to provide the Products and Services; and
(vii) The Products and Services shall not infringe upon any Intellectual Property Right or contractual right of any third party.
15.2 Sophos’s rights under these conditions are in addition to any statutory conditions implied in favour of Sophos by the Sale of Goods Act 1979 or any equivalent legislation in the relevant jurisdictions.
15.3 If any of the Products and/or Services fail to comply with the provisions set out in this Clause 15 Sophos shall be entitled to avail itself of any one or more remedies listed in Clauses 3 and 13.
15.4 Notwithstanding any other rights or remedies Sophos may have, if the Supplier shall be in breach of the said warranty in Clause 15(1) above it shall replace the Products and/or Services concerned (at the Supplier’s risk and expense) or, at Sophos’s option, refund the price paid by Sophos (subject to Sophos returning the defective Products to the Supplier at the Supplier’s risk and expense).
15.5 The Supplier shall have no liability to Sophos under sub-clauses (i) and (vii) above for any damage to or defects in any of the Products caused by fair wear and tear, improper use, maintenance or repair, negligent handling, failure to observe the instructions accompanying the Products or any alterations thereto.
15.6 The Supplier shall indemnify, defend and hold Sophos and any Sophos Group company, and their officers, directors, employees, attorneys, and agents harmless from and against any and all liabilities, loss, damages, injury, claims, costs and expenses (including reasonable legal and other professional fees and expenses) caused by or arising out of, or in connection with: (i) defective workmanship, quality or materials;
(ii) an infringement or alleged infringement of any Intellectual Property Rights caused by the use, manufacture or supply of the Products and Services;
(iii) any claim brought against Sophos by Supplier Personnel;
(iv) any claim, investigation or penalty caused by, or otherwise arising from or related to, the Supplier’s breach of (a) Clause 8, (b) any DPA between the parties, and (c) Data Protection Laws;
(v) any claim made against Sophos in respect of any liability, loss, damage, injury, cost or expense sustained by Sophos’s employees or agents or by any third party to the extent that such liability, loss, damage, injury, cost or expense was caused by, relates to or arises from the Products and/or Services as a consequence of a direct or indirect breach or negligent performance or failure or delay in performance of the terms of the Order by the Supplier.
15.7 Neither party excludes or limits liability for death or personal injury caused by that party’s breach of contract or negligence, fraud or any other liability that cannot be excluded or limited by law.
15.8 Subject to Clause 15.7, Sophos’s total aggregate liability to the Supplier, whether in contract, tort (including without limitation negligence) or otherwise, shall not exceed a sum equal to the amount paid or payable by Sophos to the Supplier under this Agreement.
16. Sophos Property
16.1 If personnel are present on Sophos premises or have access to Sophos property, the Supplier shall comply, and shall cause its personnel to comply, with all applicable Sophos acceptable use policies and procedures and all reasonable instructions or directions issued by Sophos.
16.2 Access to and use of Sophos Property is solely permitted for purposes directly required for the performance of the Agreement.
17. Compliance
17.1 As applicable, both parties shall at all times comply with (i) the U.S. Foreign Corrupt Practices Act, (ii) the UK Bribery Act 2010 and (iii) any equivalent applicable anti-bribery and anti-corruption legislation in the countries which each party operates. The Supplier warrants that (a) it has not offered or given, and shall not offer or give, any inducement with a view toward securing any business from Sophos, (b) it shall comply with the Sophos anti-bribery and anti-corruption policy at https://www.sophos.com/en-us/legal/sophos-antibribery-policy and (c) any person associated with the Supplier who is performing services or providing goods in connection with this Agreement does so only on the basis of a written contract with terms equivalent to this Clause 17.1.
17.2 As applicable, both parties shall comply with the UK Modern Slavery Act 2015, the California Transparency in Supply Chain Act, 2012, and any equivalent legislation in relevant countries. In addition, Supplier shall: (i) implement due diligence procedures to ensure that there is no forced labour, slavery or human trafficking or child labour, as described in International Labour Organisation (ILO) Minimum Age Convention no. 138 (1973), in its business or in its supply chains; (ii) the Supplier will complete and adhere to the Sophos’ Modern Slavery Code of Conduct to ensure that forced labour, slavery, human trafficking, child labour and the use of Conflict Minerals is not taking place in any of its supply chains or in any part of its business and upon Sophos written request complete a Human Trafficking Risk Template and Conflict Minerals Risk Template.
17.3 Both parties shall comply with Sanctions and Export Control Laws. Supplier represents and warrants that: (i) neither Supplier, nor any party that owns or controls or is owned or controlled by Supplier, is (a) ordinarily resident in, located in, or organised under the laws of any country or region subject to economic or financial sanctions or trade embargoes imposed, administered, or enforced by the European Union, the United Kingdom, or the United States; (b) an individual or entity on the Consolidated List of Persons, Groups, and Entities Subject to European Union Financial Sanctions; the U.S. Department of the Treasury's List of Specially Designated Nationals and Blocked Persons or Foreign Sanctions Evaders List; the U.S. Department of Commerce's Denied Persons List or Entity List; or any other sanctions or restricted persons lists maintained by the European Union, the United Kingdom, or the United States; or (c) otherwise the target or subject of any Sanctions and Export Laws. (ii) Supplier will not, directly or indirectly, import, export, re-export, transfer, procure, source, or otherwise make available (a) Deliverables, Services, Sophos Property, or other item provided under this Agreement or (b) any data, information, software programs and/or materials resulting from the Deliverables, Services, Sophos Property, or other item provided under this Agreement (or direct product thereof) to or from, directly or indirectly, any country, region, or person described in Clause 17.3(i) or in violation of, or for purposes prohibited by, Sanctions and Export Control Laws, including for proliferation-related end uses.
17.4 The Supplier shall certify in writing its compliance with this Clause 17 and provide evidence of such compliance upon reasonable request by Sophos. The Supplier shall promptly report any breach or suspected breach of this Clause 17.
18. General
18.1 Each right or remedy of a party under the Agreement is without prejudice to any other right or remedy of that party whether under the Agreement or not.
18.2 If any provision of the Agreement is found by any court, tribunal or administrative body of competent jurisdiction to be wholly or partly illegal, invalid, void, voidable, unenforceable or unreasonable it shall, to the extent of such illegality, invalidity, voidability, unenforceability or unreasonableness, be deemed severable and the remaining provisions of the Agreement and the remainder of such provision shall continue in full force and effect.
18.3 Failure or delay by a party in enforcing or partially enforcing any provision of the Agreement shall not be construed as a waiver of any of its rights under the Agreement.
18.4 The parties to the Agreement do not intend that any term of the Agreement shall be enforceable by any person that is not a party to it or by virtue of any law in the relevant jurisdiction, such as the Contracts (Rights of Third Parties) Act 1999.
18.5 Where a signed agreement exists between Sophos and a Supplier for the supply of goods and/or services covered by this Order then the details within the framework agreement shall take precedence over these Conditions.
18.6 Without the prior written consent of Sophos, the Supplier shall not (i) in any manner disclose, advertise or publish the fact that Sophos is a customer or (ii) use the name, trade name, or trademarks of Sophos in any manner in any of its advertising or marketing literature, customer lists, web sites, press releases or any other document or communication. The existence and terms of this Agreement are deemed Sophos Confidential Information.
18.7 Any notice under or in connection with this Agreement shall be in writing and shall be delivered by hand or sent by certified mail (or by overnight courier) to the addresses first set forth above or such other addresses of which a party may give written notice of from time to time. Notices for Sophos must be marked for the attention of the Legal Department and delivered to its registered office address, with a copy sent to legalnotices@sophos.com.
19. Governing Law and Jurisdiction
19.1 (i) This Agreement shall be governed by and construed in accordance with the laws of England. Subject to Clause 19.1 (ii) the parties irrevocably agree that the courts of England are to have exclusive jurisdiction for the purpose of hearing and determining any suit, action or proceedings and/or to settle any disputes arising out of or in any way relating to this Agreement or its formation or validity ("Proceedings") and for the purpose of enforcement of any judgment against its property or assets.
(ii) Nothing in this Clause 19 shall (or shall be construed so as to) limit the right Sophos to take Proceedings against the Supplier in the courts of any country in which either party has assets or in any other court of competent jurisdiction, nor shall the taking of Proceedings by Sophos in any one or more jurisdictions preclude the taking of Proceedings by Sophos in any other jurisdiction (whether concurrently or not) if and to the extent permitted by applicable law.