World-class email and collaboration security

Free 30 day trial

Administrators know that more than 90% of cyberattacks start with email. Get started with Mimecast Email Security, Cloud Integrated in under 5 minutes — free for 30 days!

  • Block email-based and Microsoft Teams threats with AI-powered detection
  • Get real-time intelligence on attacks
  • Remediate with the click of a button
  • Try it for all employees or based on AD groups
  • Inspire a culture of awareness and launch phishing simulations


Trial Eligibility:
Company must be located in one of the countries listed in the FAQs and have their Mail Exchange (MX) pointing to Microsoft. M365 Admin credentials are required to activate trial.

First name required / Invalid char entered
Last name required / Invalid char entered
Invalid E-mail Address
A valid business email is necessary for the Trial.
Invalid telephone number/format. No spaces or symbols. Ex: 016175674321
Company name required / Invalid char entered
Please add the official registered company name
Email Users field is required
Country is required
State is required
Yes, I would like to receive communications regarding Mimecast products, services, and events. I can unsubscribe any time by clicking here. By agreeing, you consent to the processing of your personal data by Mimecast as described in the Privacy Statement.
Protected by reCAPTCHA. Google Privacy Policy and Terms of Service apply.
loading_animation.gif
We’re checking our records…
Hold tight – this will only take a second.
Hold tight – this will only take a second.
success_icon.svg

Success!

Check your inbox

 

You are less than 5 minutes away from starting your trial. Note that you must be able to receive emails from the onmimecast.com domain and you should check other folders in addition to your inbox.

warning_icon.svg

A valid business email is necessary for the Trial.

We’ll be in touch soon

 

Thanks for your interest in Mimecast Email Security, Cloud Integrated. The Mimecast Terms are required for starting the Trial.

We’ll be in touch soon

 

Thanks for signing up! Based on your organization's size, we'd like to have one of our representatives reach out to get more information about your email environment.

Your Account Manager will be in touch soon

 

Thanks for your interest in Mimecast Email Security, Cloud Integrated. Your Account Manager will be in touch soon.

Your Account Executive will be in touch soon

 

Thanks for your interest in Mimecast Email Security, Cloud Integrated. Your Account Executive will be in touch soon.

We’ll be in touch soon

 

Thanks for your interest in Mimecast Email Security, Cloud Integrated. We’ll reach out to discuss your needs.

We’ll be in touch soon

 

Thanks for your interest in Mimecast Email Security, Cloud Integrated. We’ll reach out to discuss your needs.

We’ll be in touch soon

 

Thanks for your interest in Mimecast Email Security, Cloud Integrated. We’ll reach out to discuss your needs.

Please reload the page and try again

 

Thanks for your interest in Mimecast Email Security, Cloud Integrated.

German
  • Select language...
  • German
  • English

Evaluation Agreement

 

This Evaluation Agreement (the “Agreement”) governs the use of the Mimecast Services for evaluation purposes unless a separate written agreement has been agreed with Mimecast for the purposes of evaluation of services, in which case such agreement will prevail. 

BY CLICKING ‘I ACCEPT’ YOU (i) AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT WHICH WILL FORM A BINDING CONTRACT BETWEEN MIMECAST AND THE CORPORATION, BUSINESS OR ENTITY YOU REPRESENT (THE “CUSTOMER”); AND (ii) YOU REPRESENT AND WARRANT THAT YOU HAVE THE POWER AND AUTHORITY TO BIND THE CUSTOMER TO THIS AGREEMENT. 

IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, OR YOU DO NOT HAVE THE POWER AND AUTHORITY TO ACT ON BEAHLF OF AND BIND THE CUSTOMER, DO NOT PROCEED TO ACCEPT THE TERMS OR CONTINUE WITH THIS EVALUATION.

Depending on which Services Customer orders, “Mimecast” refers to: 

• for Email Security, Cloud Integrated (and associated Services) → Mimecast Services Limited  

• for Email Security, Cloud Gateway and all other Services → Mimecast Germany GmbH. 

Hosting Jurisdiction” means the country where the Customer Data is stored.

 

1 EVALUATION SERVICES. Subject to Customer’s compliance with the terms of this Agreement, Mimecast will make the evaluation services (the “Evaluation Services”) available to Customer for a period of 30 days (the “Evaluation Period”). The Evaluation Period may be extended by Mimecast in writing (including email). The Evaluation Services will be provided in accordance with the applicable services documentation at https://community.mimecast.com/community/knowledge-base (“Documentation”). The specific Evaluation Services subject to this Agreement, the Hosting Jurisdiction and number of Permitted Users or domains will be agreed in writing (including email) by Mimecast (“Evaluation Order”). For certain Evaluation Services, Supplemental Terms as set out in Appendix 1 shall apply. Notwithstanding the foregoing, the terms and conditions set out herein shall continue to apply for the duration of time that Mimecast stores or processes Customer Data provided in connection with the Evaluation Services. “Permitted Users” means individuals employed by or otherwise under Customer’s control and permitted to use thee Evaluation Services.

 

2 EXISTING CUSTOMERS. If you are an existing Mimecast Customer and you have an agreement in place for the provision the Mimecast Services (“Existing Agreement”), the terms of the Existing Agreement shall apply except as set out below:

2.1 Where Customer is provided Evaluation Services by Mimecast for evaluation purposes only, access to the Evaluation Services will be terminated upon expiration of the Evaluation Period, unless Customer enters into a paid subscription for the Evaluation Services on a non-trial basis prior to expiration of the Evaluation Period. Notwithstanding any provision to the contrary herein, in respect of the Evaluation Services Customer acknowledges and agrees that: (i) Mimecast has no obligation to retain Customer Data related to the Evaluation Services after termination or expiration of the Evaluation Period; (ii) either party may terminate the Evaluation Period immediately and without liability upon written notice to the other party; (iii) Mimecast’s Service Levels and Support do not apply to the Evaluation Services; (iv) the Evaluation Services are provided “as is”, and (v) Mimecast shall have no indemnification obligations nor any liability of any type with respect to the Evaluation Services. Exclusion in 2.1 (v) shall not apply , in cases of liability for damages from injury to life, body or health, in the case of malice, intent or gross negligence on the part of Mimecast of its legal representatives or vicarious agents or to the extent as the Product Liability Act applies.

2.2 Capitalized terms used but not otherwise defined in Section 2.1, shall have the meaning given in the Existing Agreement. Acceptance of this Agreement shall serve as an amendment to the Existing Agreement for the purposes of the Evaluation Services. Except as modified above, all terms and conditions of the Existing Agreement shall remain in full force and effect. In the event of any inconsistencies between the terms set out in Section 2.1 and any terms and conditions of the Existing Agreement with regards to the Evaluation Services, Section 2.1 shall prevail.

2.3 With the exception of Section 13 (Sandbox Environments), the remainder of this Evaluation Agreement shall notapply to Existing Customers.

 

3 OWNERSHIP. Mimecast and its third-party licensors will retain all ownership interest in and to the Evaluation Services and its underlying systems. Customer’s rights in Evaluation Services are limited to those expressly stated in this Agreement. Notwithstanding any provision herein to the contrary, nothing in this Agreement is intended to limit Customer’s liability in the event of Customer’s violation of the intellectual property rights of Mimecast and any claim with respect to such violation will not be deemed governed by this Agreement. Evaluation Services must not be used or accessed for the purposes of (i) building a competitive service or comparative features; or (ii) comparative analysis (including but not limited to benchmarking) intended for use outside the Customer’s organization.

Agreement 01 Nov

 

4 TERMS OF USE – EVALUATION SERVICES.

4.1 Customer will: (i) use the Evaluation Services for its own internal business purposes; (ii) use the Evaluation Services as reasonably directed by Mimecast; (iii) allow only the agreed number of Permitted Users access and use the Evaluation Services; (iv) implement and maintain reasonable and appropriate controls to ensure that user accounts are used only by the Permitted Users to whom they are assigned and to manage and monitor Permitted Users, including designating one or more administrators responsible for access control; (v) obtain and maintain any Equipment needed to connect to, access, or otherwise use the software and software services (“Equipment” shall include equipment and ancillary service including, but not limited to, modems, hardware, services, software, operating systems, networking, web services, and the like); (vi) ensure the Evaluation Service meet Customer’s regulatory requirements including, without limitation, requirements and obligations with regards to data privacy and employment laws;  and (vii) obtain all necessary consents, permissions and authority from individuals or regulators in respect of all Customer Data, including, where applicable, Personal Data transferred, processed and/or analysed in the use of the Evaluation Services including the right for Mimecast to use such data in the preparation of reports and analysis. 

4.2 Customer will not: (i) transfer, resell, license or otherwise make available the Evaluation Services to third parties; (ii) use the Evaluation Services in any manner that violates any applicable law or regulation (including but not limited to where Customer is required to obtain permissions or authorizations to permit Mimecast to perform its obligations hereunder); (iii) use the Evaluation Services in a manner that violates any industry standards concerning unsolicited email; (iv) not share any user authentication information and/or any user password with any third party; (v) use the Evaluation Services in a manner that introduces any viruses, malicious code, or any other items of a harmful nature; (vi) engage in any activity that could reasonably be expected to interfere with or disrupt the Evaluation Services (for example, an activity that causes Mimecast to be blacklisted by any internet service provider), (vii). license, sell rent, lease, transfer, grant rights in, or access to the Evaluation Services for commercial gain; or (viii) copy disseminate, allow unauthorized access to, disassemble, reverse engineer, or decompile the Evaluation Services, or any components thereof.

4.3 Customer is solely responsible for the acts or omissions of any user or Permitted User who obtains access to the Evaluation Services through Customer or Customer’s systems. Customer will notify Mimecast promptly if it becomes aware of any unauthorized access or use. If applicable, Customer will be granted a “Super Administrator” role for Customer’s Mimecast account, which will allow Customer full access to the Customer Data and the ability to configure the relevant account. Customer may assign a role to Mimecast which will allow Mimecast to access the Customer Data. In the event that such delegated access is provided, Customer will ensure that all necessary consents and authorisations have been obtained.

4.4 Customer will defend, indemnify, and hold harmless Mimecast in the event of any third-party claim or regulatory

action arising out of (i) Customer’s breach (or alleged breach) of the terms of Section 4.1, 4.2 and 4.3 herein; and/or (ii) Mimecast’s compliance with any Instructions or directions provided by Customer.

4.5 If Mimecast is prevented from or delayed in the performance of its obligations by any act or omission of Customer

that is outside of Mimecast’s reasonable control, Mimecast shall not be deemed in breach of its obligations, but only to the extent that the basis for Mimecast’s breach arises directly or indirectly from such prevention or delay.

 

5. SUPPORT, SLA, AND IMPLEMENTATION SERVICES. Mimecast will provide support for Customer for installation and use of the Evaluation Services via telephone during normal business hours (“Support”). Mimecast will undertake commercially reasonable efforts to respond to all Customer inquiries promptly; however, Customer acknowledges and agrees that Mimecast’s service level agreement does not apply to Evaluation Services provided under this Agreement.

 

6. MIMECAST APPLICATIONS, APIs AND THIRD-PARTY SERVICES

6.1 Mimecast Applications. Mimecast may make applications available to use with the Evaluation Services via various online marketplaces. Mimecast applications are licensed, not sold, to Customer. Customer’s license to use the applications is subject to Customer’s compliance with this Agreement and any associated end user license agreement made available via the application/marketplace. The term of Customer’s license to use the application is coterminous with this Agreement. For the avoidance of doubt, where made available, Mimecast applications fall under the definition of Evaluation Services hereunder.

6.2 Application Program Interfaces (“API”). Customer can enable certain Mimecast APIs to enable the Evaluation Services to work in conjunction with certain third-party services, systems, and/or applications. The process to gain access to API’s will be made available to Customer upon request. Customer must register with Mimecast and provide the information requested. Customer is responsible for ensuring that the information provided to Mimecast to enable any API, is and remains accurate and up-to-date. Mimecast may revoke access to any API at any time without notice to Customer, if Mimecast, in its reasonable discretion believes necessary or appropriate. All access keys, authentication procedures, and data to which Customer gains access or which is provided to Customer in connection with Customer’s use of the API, excluding Customer Data, is the Confidential Information of Mimecast. If Customer chooses to transfer Customer Data via Mimecast APIs to third-parties, whether or not such third parties are Mimecast technology partners, Mimecast is not responsible for the security of the Customer Data upon the Customer Data leaving the Mimecast environment and such transfer is on Customer’s own volition and risk. To the extent Customer uses the Mimecast APIs the provisions of this Section 6.2 shall apply to such use as if such APIs were included in the Evaluation Services.

6.3 Third-Party Services. To the extent Customer Data is retrieved from or provided by Third Party Services, Mimecast will not be liable for the condition of such Customer Data, including, but in no way limited to any such Customer Data that is retrieved from or provided by Third Party Services that is incorrect, incomplete, corrupt, or missing. 

Third Party Services” means third party products, applications, APIs, web hooks, services, software, systems, directories, websites, databases and information which Customer may connect to, permit connection to (including without limitation, where such connection is necessary to enable the Services), or enable in conjunction with the Evaluation Services or Mimecast API connectors. Mimecast is not responsible for, and no representations or warranties are made regarding, Third Party Services.

 

7. DATA PROTECTION 

7.1 Customer Data. “Customer Data” means data provided by Customer for processing via the Evaluation Services including without limitation, the contents of the files, emails or messages sent by or to a Permitted User. “Personal Data” means Customer Data that relates to an identified or identifiable natural person. Except as otherwise set forth herein, Customer Data will be purged in accordance with Mimecast standard business practices following termination or expiration of this Agreement and Customer acknowledges that Mimecast has no obligation to retain Customer Data thereafter. Notwithstanding the foregoing, Customer Data does not include any data processed via the Services that is reasonably identified to be malicious, including, without limitation, data which may perpetuate data breaches, malware infections, cyberattacks or other threat activity (collectively, “Threat Data”). Threat Data is discussed further in Section 9(a).

7.2 Security. Mimecast will implement and maintain appropriate administrative, technical, organizational and physical

security measures for each of the Evaluation Services, which are designed to protect Customer Data against unauthorized access, disclosure or loss. Customer acknowledges and agrees that, in the course of providing the Evaluation Services, Professional Services, and Support to Customer, it may be necessary for Mimecast to access Customer Data to respond to technical problems or Customer queries and to ensure the proper working of the Evaluation Services; such access may originate from any jurisdiction where Mimecast maintains Support personnel. Additional information about Mimecast security, including the locations from which Support is provided and a list of Mimecast’s certifications, attestations and assessments, is available at https://www.mimecast.com/company/mimecasttrust-center/ (the “Trust Center”). Mimecast may update the Trust Center from time to time and shall notify Customer of material changes. 

7.3 Data Protection. As required by law or as otherwise agreed by the parties, additional data protection terms may be

outlined in a separate data processing agreement between the parties (referred herein as “Data Processing Terms”). The Data Processing Terms shall be incorporated into and form an addendum to this Agreement. If there is any conflict between Sections 7.1 to 7.3 of this Agreement and the Data Processing Terms, the Data Processing Terms shall prevail. With respect to any Personal Data contained in Customer Data, Customer shall act as the accountable organization, or the data controller and Mimecast shall act as the service provider or the data processor. Except as may be required by Applicable Data Protection Law, Mimecast will use and process the Personal Data solely in accordance with Customer’s Instructions. The “Instructions” are embodied in this Agreement and as may be additionally communicated by Customer to Mimecast in writing from time-to-time. Mimecast process the Customer Data in compliance with Applicable Data Protection Law. For the purposes of this Section 7.3, “Applicable Data Protection Law” means German Data Protection law and the General Data Protection Regulation (Regulation (EU) 2016/679) as applicable to the Processing of Personal Data by Mimecast under this Agreement. Customer acknowledges and agrees that Mimecast may process, transfer or copy Customer Data and Personal Data in the United States or other countries or jurisdictions outside of the country where it was collected , as described further at https://www.mimecast.com/company/mimecast-trust-center/ provided such transfer occurs under a valid transfer mechanism. Customer will comply with its obligations under all laws applicable to it as the accountable organization and/or data controller, including the responsibility for providing any requisite notice and obtaining any consent (if required) from Permitted Users for such processing and transfer of Personal Data, including international transfers.

 

8 CONFIDENTIALITY. “Confidential Information” means information designated by the party disclosing such information (“Disclosing Party”) as “confidential” or “proprietary” or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of the disclosure and includes information in whatever form (including written, oral, visual, or electronic form). If information is disclosed orally or visually, it must be identified by the Disclosing Party as confidential at the time of disclosure. Customer’s Confidential Information also includes Customer Data. Mimecast’s Confidential Information amongst includes, amongst other, all information related to the performance, functionality, and reliability of the Evaluation Services. Confidential Information does not include information that: (i) is or becomes generally known to the public through no fault of the party that receives such information from the Disclosing Party (“Receiving Party”); (ii) is in the Receiving Party’s possession prior to receipt from the Disclosing Party; (iii) is acquired by the Receiving Party from a third-party without breach of any confidentiality obligation to Disclosing Party; or (iv) is independently developed by Receiving Party without reference to the Disclosing Party’s Confidential Information. Confidential Information is and will remain the exclusive property of the Disclosing Party. In addition to any other obligations outlined in Section 7 herein, the Receiving Party will: (i) use Disclosing Party’s Confidential Information solely for the performance of the activities contemplated by this Agreement; (ii) disclose such information only to its employees, agents, and contractors who are bound by obligations of confidentiality at least as strict as those contained in this Section 8; (iii) protect Disclosing Party’s Confidential Information against unauthorized use or disclosure using the same degree of care it uses for its own Confidential Information, which in no event will be less than reasonable care; and (iv) upon written request, return (at Disclosing Party’s expense) or destroy all copies of the Disclosing Party’s Confidential Information that are in its possession or control. Notwithstanding any provision herein, if lawfully required by judicial or administrative order or otherwise, Receiving Party may disclose Confidential Information of Disclosing Party, provided, where lawfully permitted, Receiving Party provides reasonable prior written notice to Disclosing Party to permit Disclosing Party to seek a protective order. Receiving Party will reasonably cooperate in Disclosing Party’s activities in seeking such order, at Disclosing Party’s expense. Receiving Party will disclose only that information that is reasonably necessary to meet the applicable legal order or requirement.

 

9. THREAT DATA, MACHINE-LEARNING DATA AND AGGREGATED USAGE DATA.

The parties acknowledge and agree that Mimecast has no ownership rights to Customer Data. In accordance with this Agreement, Customer hereby grants to Mimecast all necessary rights and licenses to Process Customer Data, including Customer Data within Machine-Learning Data (as defined below), and Personal Data within Threat Data (as defined below) for the purposes of: (i) providing the Evaluation Services; (ii) improving threat detection, analysis, awareness, and prevention; and/or (iii) improving and developing the Mimecast services. 

a) Threat Data. As part of the Evaluation Services, Mimecast Processes certain data reasonably identified to be malicious,

including, without limitation, data which may perpetuate data breaches, malware infections, cyberattacks or other threat activity (collectively, “Threat Data”). Mimecast processes Threat Data primarily through automated processes and may share limited Threat Data with Third Parties within the cybersecurity ecosystem for the purpose of improving threat detection, analysis, awareness and prevention. In certain instances, Threat Data may include Personal Data.

b) Machine-Learning Data. Primarily through automated pattern recognition designed to develop and improve the

efficacy and accuracy of our machine learning algorithms within the Evaluation Services, Mimecast processes Machine-Learning Data that may include Customer Data and other data that describes and/or gives information about Customer Data, “Machine-Learning Data” includes, but is not limited to metadata, files, URLs, derived features and other data. These machine-learning algorithms are hosted by Mimecast and/or Third-Party Subcontractors. The output of these machine learning algorithms is owned by Mimecast, does not contain Customer Data or Personal Data, and is anonymized and irreversible. Mimecast does not share Machine-Learning Data with Third Parties. 

c) Aggregated Usage Data. Mimecast processes certain aggregated data derived from the Evaluation Services,

including usage data, such as utilization statistics, reports, logs and information regarding spam, viruses and/or other malware (“Aggregated Usage Data”). Mimecast owns all Aggregated Usage Data.

 

10. FEEDBACK. Customer agrees to provide Feedback as reasonably requested by Mimecast. Such Feedback will include tracking and reporting all errors, defects and incompatibilities encountered during the Evaluation Period. Mimecast has an unlimited right to use such Feedback in any present or future form, format or manner it deems appropriate, without monetary or other compensation to Customer. “Feedback” means any information, comments, criticisms, reports or other feedback, whether in oral or written form, that

Customer provides to Mimecast regarding the function, features and other characteristics of the Evaluation Services howsoever such Evaluation Services are provided, including without limitation where provided under a trial subscription, paid subscription, free of charge, early release, beta, pilot or general acquisition.

 

11 LIMITATION OF LIABILITY.

11.1 General. 

(a) Mimecast’s liability is unlimited to the extent such liability arises from Mimecast’s: (i) wilful misconduct; (ii) gross negligence; (iii) personal injury liability; or (iv) liability under the German Product Liability Act (Produkthaftungsgesetz), or a written assumption of a guarantee.

(b) Except for aforementioned Mimecast shall only be liable for damages caused by a breach of a “material contractual obligation”. Which shall be defined, as an obligation, that is essential for the agreed performance of the contract in the first place, the fulfilment of which the Customer can regularly rely on and which if breached may jeopardize the purpose of the contract being achieved. 

(c) In the event of Liability subject to section 11.1 (b) such liability shall be limited damages as one may typically expect to occur within the scope of the individual contract, but shall in no event exceed an amount equal to the greater of: (i) €85,000 or (ii) two times the fees paid by Customer to Mimecast (or Reseller) for the applicable Services during the twelve months immediately preceding the event giving rise to the claim. 

11.2 Exclusion.

Unless otherwise agreed, it is Customer’s responsibility to undertake proper and regular data back up and he shall be liable for damages caused by failure to do so. Mimecast's liability for loss of data shall be limited to the typical recovery effort that would have occurred if the data had been backed up regularly and at the appropriate risk.

11.3 Statute of Limitations.

Employee Liability. With respect to Section 11.1 (a) the statutory provisions of limitation in accordance with German Law shall apply. In all other cases, claims for damages shall be subject to a limitation period twelve (12) months, commencing with the date, that the damage occurred and the Customer becomes aware or should have become aware of its occurrence, but in no event later than three (3) years after the occurrence of the damage. 

To the extent that Mimecast's liability is excluded or limited under the foregoing provisions, this shall also apply for the benefit of Mimecast's employees in the event of direct claims by the customer against them.

 

12. TERMINATION. Either party may terminate this Agreement for convenience or cause, immediately on giving written notice to the other party. Mimecast may suspend the Evaluation Services in the event Customer’s account is the subject of denial of service attacks, hacking attempts or other malicious activities, or Customer’s activities reasonably appear to be in breach of this Agreement. Mimecast will provide advance notice to Customer of such suspension where reasonably practicable.

12.1 Restricted Party Screening. The parties acknowledge that Mimecast on a regular basis conducts a review of its customers to determine whether any restrictions or sanctions apply with regards to transacting with them, including but not limited to those also referred to in clause 14.8 - Export Restrictions ("Restricted Party Screening or "RPS"). If Mimecast considers, in its sole discretion, but acting reasonably based on its standard RPS process, that the results of the RPS in relation to Customer are unsatisfactory, Mimecast may terminate this Agreement and any Evaluation Order with immediate effect upon written notice to Customer. Upon termination pursuant to this 12.1 Section, Mimecast shall have no further obligations to Customer hereunder.

 

13. SANDBOX ENVIRONMENTS. Mimecast may provide access to the Mimecast environment to enable Customer to test the Archiving, Secure Email Gateway and other Evaluation Services from time-to-time (each a “Sandbox Environment”). In the event such access is provided, Customer acknowledges and agrees that the Sandbox Environment is a shared platform and any reports generated and/or Customer Data (including but not limited to, email metadata and content) sent to or from the Sandbox Environment, will be visible to all other users granted access for evaluation purposes. The terms and conditions of this Evaluation Agreement including but not limited to Section 4 (Terms of Use – Evaluation Services), or for existing Customers, the terms of the Existing Agreement, shall apply to Customer’s access to and use of the Sandbox Environments, however the Hosting Jurisdiction for Archive Sandbox may differ. Customer further acknowledges that Customer’s corporate name may be visible to other users of the Sandbox Environment and therefore Customer may be identified as evaluating the Mimecast Services. Customer agrees that accessing Sandbox Environment shall be deemed consent to such disclosure. Customer will not transfer Personal Data, Protected Health Information (as defined under the US Health Insurance Portability and Accountability Act of 1996 (HIPAA)), payment card information, or any other confidential or protected information. Customer will not transmit any content which is or may be considered offensive or violates the rights of another. Customer shall defend, indemnify and hold Mimecast harmless in the event of any third-party claim relating to Customer Data sent to or from the Sandbox Environment by Customer.

 

14. GENERAL.

14.1 The following Section will survive termination of this Agreement: Section 3 (Ownership); Section 4 (Terms of Use – Evaluation Services); Section 6 (Data Protection), Section 8 (Confidentiality); Section 9 (Threat Data, Machine -Learning Data, and Aggregated Usage Data); Section 10 (Feedback); Section 11 (Limitation of Liability); Section 14 (General); Section 15 (Governing Law); and Section 16 (Language). 

14.2 Neither party will be liable for any delay in performance or failure to perform its obligations under this Agreement

due to any cause or event outside its reasonable control including, acts of God, civil or military authority, acts of war, cyber warfare, pandemics, accidents, third-party computer or communications failures, natural disasters or catastrophes, strikes or other work stoppages or any other cause beyond the reasonable control of the affected party.

14.3 Customer may assign this Agreement in whole or in part to the acquirer of the business in the event of a sale or

merger of Customer. Otherwise, Customer shall only be entited to assign, pledge or otherwise dispose of claims to which it is entitled against Mimecast with Mimecast’s express written consent. The provision of § 354a Para. 1 HGB remains unaffected. This Agreement will be binding upon the parties hereto and any authorized assigns. 

14.4 Any business communications in connection with this Agreement may be provided by email. Any legal notices

relating to this Agreement may be provided by email to the receiving party with read receipt enabled. If (i) no confirmation of receipt is received for such notice, or (ii) the notice concerns the commencement of legal proceedings, notice must be sent to the receiving party in writing at the address provided or at the registered address of the receiving party by major commercial delivery courier service or mailed in a manner that requires signature by the recipient.

14.5 Each party hereby acknowledges that no reliance is placed on any representation not provided in this Agreement. No purchase order or other communication will add to or vary this Agreement. Except as expressly provided herein, any modification to this Agreement must be made in writing and signed by an authorized representative of each party. If any provision of this Agreement is held to be unenforceable, such provision will be reformed to the extent necessary to make it enforceable, and such holding will not impair the enforceability of the remaining provisions. Failure by a party to exercise any right hereunder or to insist upon or enforce strict performance of any provision of this Agreement will not waive such party's right to exercise that or any other right in the future.

14.6 This Agreement is entered into solely between, and may be enforced only by, Mimecast and Customer. This Agreement does not create any third-party rights or obligations thereto and any person who is not a party to this Agreement shall not have any rights or remedies under or in connection with it. Each party will be acting as an independent contractor, and nothing herein will be construed to create a partnership, joint venture or any type of agency relationship between Mimecast and Customer or any Permitted User. 

14.7 n/a 

14.8 Each party agrees to comply with all applicable laws and regulations with respect to the export and import of the

Services, including but not limited to the regulations of the United States Department of Commerce and the United States Export Administration Act. Customer hereby warrants that Customer will not procure or facilitate the use of the Evaluation Services or allow the export or re-export of anything related to the Evaluation Services, in any region that is the subject or target of any U.S. or other national government financial and economic sanctions or trade embargoes or otherwise identified on a list of prohibited, sanctioned, debarred, or denied parties, including those imposed, administered or enforced from time to time by the U.S. government through the Office of Foreign Assets Control (“OFAC”) of the U.S. Department of Treasury, the Bureau of Industry and Security (“BIS”) of the U.S. Department of Commerce, or the U.S. Department of State, the United Nationals Security Council, the European Union, or Her Majesty’s Treasury of the United Kingdom (collectively, “Sanctions”), without having first obtained any required license or other government authorization or in any manner which would result in a violation of Sanctions or regulations with respect to the export and import of the Evaluation Services, by Customer or Mimecast.

 

15. Governing Law

This Agreement and any disputes hereunder will be governed by the laws of the Federal Republic of Germany, without regard to its conflict of law principles, and any litigation concerning this Agreement shall be submitted to and resolved by a court of competent jurisdiction in Munich, Germany. Notwithstanding the foregoing, either party may seek equitable, injunctive, declaratory or other relief to enforce any of its intellectual property rights or rights in the Customer Data or Confidential Information in any court of appropriate jurisdiction.

 

16. Language. This Agreement may be used in a variety of languages. In the event of inconsistencies or lack of clarity between the German language and other language versions the English language version of this Agreement shall apply.

 

Appendix 1

Supplemental Terms

The Supplemental Terms set forth in this Appendix 1 are an addendum to and form part of the Agreement with Mimecast (the “Agreement”).

 

A. Awareness Training Evaluation Services 

1. Material. The Awareness Training Evaluation Services may include Material. “Material” includes collateral such as training materials, video training modules, user surveys, and user assessments made available to Customer by Mimecast hereunder. Mimecast and its third-party licensors will retain all ownership interest in and to the Material. 

2. Collateral. If Customer uploads Customer’s own written, photographic, and/or videographic collateral (“Collateral”) to Mimecast’s platform during the Awareness Training Evaluation Services, then Customer agrees that such Collateral: (i) will not infringe on the intellectual property rights or any rights related to publicity or the privacy of any third party; (ii) will not be defamatory, libelous, threatening or harassing in nature; and (iii) will not be in violation of applicable law (including those laws relating to obscenity or pornography). The requirements of this Section 2 are supplemental to, and not in replacement of, any other restrictions contained in these Supplemental Terms or the Agreement.

3. Customer Indemnification. Customer will defend, indemnify, and hold Mimecast harmless from any third-party claim relating to Customer’s breach of Section A.2 herein. Mimecast will provide prompt written notice of the applicable claim to Customer and cooperate in Customer’s defense, as reasonably requested by Customer and at Customer’s expense. Customer will not settle any such third-party claim in a manner which requires Mimecast to admit fault or pay any monetary amounts of any type without Mimecast’s express prior permission. Customer acknowledges and agrees that any liability caps included in the Agreement do not apply to Customer’s obligations under this Section A. 

 

B. Web Security Evaluation Services Supplemental Terms

1. Customer Data. Due to the nature of the Web Security Evaluation Services, Section 8 is not applicable to the Web Security Evaluation Services.

2. Restrictions. Customer will not disable or circumvent any access control, authentication process or security procedure established with respect to the Web Security Evaluation Services. The requirements of this Section 2 are supplemental to, and not in replacement of, any other restrictions contained in these Supplemental Terms or the Agreement.

3. Indemnification. Customer will defend, indemnify, and hold Mimecast harmless from any third party claim relating to Customer’s breach of Section B.2 herein. Mimecast will provide prompt written notice of the applicable claim to Customer and cooperate in Customer’s defense, as reasonably requested by Customer and at Customer’s expense. Customer will not settle any such third party claim in a manner which requires Mimecast to admit fault or pay any monetary amounts of any type without Mimecast’s express prior permission. Customer acknowledges and agrees that any liability caps included in the Agreement do not apply to Customer’s obligations under this Section B.3.

4. Suspension of Evaluation Services. In addition to the ability to suspend the Evaluation Services under Section 12, Mimecast may suspend the Evaluation Services in the event Customer’s account is in violation of acceptable use policies set forth in the Support Description or Service Levels. Mimecast will work with Customer to resolve such matters as soon as possible. In such circumstances, to protect Mimecast’s own systems, Customer acknowledges that Mimecast may be required to suspend the Web Security Evaluation Services until the issues are resolved. Mimecast will provide advance notice to Customer of such suspension where reasonably practicable

5. Additional Disclaimer. MIMECAST DOES NOT WARRANT THAT THE EVALUATION SERVICES WILL ALWAYS LOCATE OR BLOCK ACCESS TO OR TRANSMISSION OF ALL DESIRED ADDRESSES, EMAILS, MALWARE, APPLICATIONS AND/OR FILES, OR THAT ALL DATABASES WILL BE APPROPRIATELY CATEGORIZED OR THAT THE ALGORITHMS USED IN THE EVALUATION SERVICES WILL BE FULLY COMPLETE OR ACCURATE.

 

C. DMARC Analyzer Evaluation Services Supplemental Terms

1. Hosting Jurisdiction. DMARC Analyzer Evaluation Services are (i) hosted on a third-party platform that is located in Ireland and/or (ii) processes Customer Data, including Personal Data, in Ireland. Customer acknowledges that the certifications, attestations and assessments listed on Mimecast’s Trust Center may differ for the DMARC Analyzer Evaluation Services. Further, the DMARC Analyzer Evaluation Services will be conducted on a limited number of Customer domains. 

2. Customer Obligations. Customer is responsible for adding applicable domains to the DMARC Analyzer Evaluation Services and for publishing a DMARC record into the DNS for each such domain. Further, Customer must issue DNS updates as reasonably required by Mimecast.

 

D. Brand Exploit Protect Evaluation Services Supplemental Terms

1. BEP Services. The Brand Exploit Protect Evaluation Services (the “BEP Evaluation Services”) are designed to protect Customer’s domains (each, a “Domain”) from illegitimate use by a third-party to create and/or register an imposter website. Customer must identify each Domain to be protected in writing to Mimecast, up to the maximum number of Domains listed on the applicable Evaluation Order. It is Customer’s responsibility to inform Mimecast of any additional Domains to be protected. Additional Domains may be subject to additional fees. The Mimecast Brand Exploit Protect Service is hosted in Google GCP Belgium.

2. Takedowns. Customer acknowledges and agrees that Mimecast will monitor for replications of Customer’s Domains, and in the event of a discovered Domain replication Mimecast will seek confirmation from Customer that a discovered Domain is illegitimate and unauthorized by the Customer. With such confirmation, Mimecast will report the imposter Domain to third party blocking sites and approach third-party registrars to request that the imposter Domain be disabled or blocked (each, a “Takedown”). Customer shall be responsible for all confirmations provided to Mimecast with regards to Takedowns whether in writing or via confirmation within Customer’s account or Mimecast administrative console. Takedowns are treated as the Professional Services referenced in the Agreement and are limited to the number listed on the Evaluation Order. Due to the nature of the BEP Evaluation Services provided, personnel will be available 24/7 to provide Support for the BEP Evaluation Services. Takedowns will be charged per request received and not upon completion of a successful Takedown.

3. Web Scraping Tracker. The subscription fee for the BEP Evaluation Services includes a limited, non-exclusive, nontransferable usage license to a script that Customer may add to each Domain for Customer’s internal business purposes only during the Evaluation Period (each, a “Web Scraping Tracker”). Customer is solely responsible for deploying the Web Scraping Tracker to Customer’s website code. Customer’s rights are limited to those specifically granted to Customer herein. Mimecast reserves all right, title, interest and ownership of the Web Scraping Tracker, and Customer shall gain no right, title, interest or ownership in the Web Scraping Tracker as a result of these BEP Supplemental Terms, the Agreement or the provision of the BEP Evaluation Services.

4. Additional Restrictions. Customer will not (a) register any Domain with Mimecast for the BEP Evaluation Services, unless said Domain is owned or legally controlled by Customer; or (b) engage in any activity that could reasonably be expected to interfere with or disrupt the BEP Evaluation Services. In addition to any indemnification obligations contained in the Agreement, Customer will hold harmless, defend and indemnify Mimecast in the event of any third-party claim or regulatory action arising out of Customer’s breach (or alleged breach) of this Section D4.

5. Additional Disclaimer. USE OF THE WEB SCRAPING TRACKER IS AT CUSTOMER’S DISCRETION AND RISK AND CUSTOMER IS SOLELY RESPONSIBLE FOR ANY DAMAGE TO ANY DOMAIN CAUSED BY THE WEB SCRAPING TRACKER.

 

E. Cybergraph Evaluation Services Supplemental Terms

1. Cybergraph Services. CyberGraph Services (f/k/a MessageControl Codebreaker and Silencer), MessageControl Gatekeeper, Cybergraph Controlled Availability, Cybergraph for SEG, and Misaddressed Email Protect Services (the “Additional Services”)

2. The Additional Services are designed to help protect Customer from identity attacks by seeking to identify misaddressed emails and risks within email content and by intercepting embedded email trackers. Customer acknowledges that the certifications, attestations, and assessments listed on Mimecast’s Trust Center may differ for the Additional Services.

3. Additional Customer Responsibilities and Restrictions. Customer is responsible for (i) obtaining and maintaining any Equipment needed to connect to, access, or otherwise use the software and software services (“Equipment” shall include equipment and ancillary services including, but not limited to, modems, hardware, services, software operating systems, networking, web services, and the like); (ii) ensuring the Services meet Customer’s regulatory requirements including without limitation, requirements and obligations with regard to data privacy and employment laws; (iii) obtaining all necessary consents, permissions and authority from individuals or regulators in respect of all Customer Data, including, where applicable, Personal Data transferred, processed and/or analysed in the use of the Services, including the right for Mimecast to use such data in the preparation of reports and analyses. In addition to any indemnification obligations contained in the Agreement, Customer will hold harmless, defend and indemnify Mimecast in the event of any third-party claim or regulatory action arising out of (i) Customer’s breach (or alleged breach) of this Section 2; (ii) Mimecast’s compliance with any Instructions or directions provided by Customer.

4. Data Processing Agreement. If the Customer has not executed a DPA with Mimecast, Customer acknowledges and agrees that this is not required in accordance with Applicable Data Protection Laws for Customer’s use of the Service and/ or the Additional Services.

Evaluierungsvereinbarung

 

Die vorliegende Evaluierungsvereinbarung („Vereinbarung“) regelt die Nutzung der Mimecast Services zu Evaluierungszwecken, soweit dafür keine gesonderte schriftliche Vereinbarung mit Mimecast getroffen wurde; ist dies der Fall, ist die gesonderte Vereinbarung maßgeblich. 

 

Indem SIE auf 'AKZEPTIEREN' klicken, (i) erklären Sie sich mit der vorliegenden Vereinbarung einverstanden, und schließen einen rechtsverbindlichen Vertrag zwischen MIMECAST und dem von Ihnen vertretenen Unternehmen oder der von Ihnen vertretenen juristischen Person (dem "KUNDEN"). Sie versichern zudem, dass Sie zum Abschluss eines solchen rechtsverbindlichen Vertrags im Namen des Kunden befugt sind. 

 

Wenn Sie der vorliegenden Vereinbarung nicht zustimmen wollen oder nicht über die Befugnis zum Abschluss eines rechtsverbindlichen Vertrags oder zum Handeln im Namen des Kunden verfügen, dürfen Sie die vorliegende Vereinbarung nicht akzeptieren und nicht mit der Evaluierung fortfahren.

 

Abhängig davon, welche Services der Kunde bestellt, bezeichnet „Mimecast“ gemäß dieser Evaluierungsvereinbarung:

• für Email Security, Cloud Integrated (und damit verbundene zusätzliche Services) → Mimecast Services Limited

• für Email Security, Cloud Gateway und alle anderen Services → Mimecast Germany GmbH

 „Host-Land“ ist das Land, in dem die Kundendaten gespeichert werden.

 

1 EVALUIERUGNSDIENSTE. Sofern der Kunde die vorliegenden Bedingungen einhält, stellt Mimecast dem Kunden die Evaluierungsdienste („Evaluierungsdienste“) für einen Zeitraum von 30 Tagen (der „Evaluierungszeitraum“) zur Verfügung. Der Evaluierungszeitraum kann von Mimecast schriftlich (auch per E-Mail) verlängert werden. Die Evaluierungsdienste werden gemäß der entsprechenden Dokumentation bereitgestellt, die unter https://community.mimecast.com/community/knowledge-base eingesehen werden kann („Dokumentation“). Die konkreten Evaluierungsdienste, die Gegenstand dieser Vereinbarung sind, das Host-Land und die Anzahl der zugelassenen Nutzer oder Domains werden von Mimecast schriftlich (auch per E-Mail) festgelegt („Evaluierungsauftrag“). Für bestimmte Evaluierungsdienste gelten die in Anlage 1 aufgeführten Besonderen Bedingungen. Dessen ungeachtet gelten die vorliegenden Bedingungen für den Zeitraum, in dem Mimecast die im Zusammenhang mit den Evaluierungsdienste bereitgestellten Kundendaten speichert oder verarbeitet. „Zugelassene Nutzer“ sind Personen, die bei dem Kunden angestellt sind oder anderweitig seinen Weisungen unterliegen und zur Nutzung der Evaluierungsdienste befugt sind.

 

2 BESTANDSKUNDEN. Wenn Sie bereits Kunde von Mimecast sind und einen Vertrag für die Bereitstellung der Mimecast Services haben („Bestandsvertrag“), gelten die Bedingungen des Bestandsvertrags mit folgenden Ausnahmen:

2.1 Wenn dem Kunden die Evaluierungsdienste von Mimecast nur zu Evaluierungszwecken zur Verfügung gestellt

werden, wird der Zugang zu den Evaluierungsdiensten nach Ablauf des Evaluierungszeitraums beendet; dies gilt nicht, wenn der Kunde vor Ablauf des Evaluierungszeitraums ein kostenpflichtiges Abonnement für die Evaluierungsdienste abschließt, bei dem es sich nicht um ein Testabonnement handelt. Unbeschadet aller anders lautenden Bestimmungen in der vorliegenden Evaluierungsvereinbarung erklärt der Kunde in Bezug auf die Evaluierungsdienste, dass: (i) Mimecast nicht dazu verpflichtet ist, im Zusammenhang mit den Evaluierungsdiensten gespeicherte Kundendaten über die Beendigung bzw. den Ablauf des Evaluierungszeitraums hinaus zu speichern; (ii) jede Partei den Evaluierungszeitraum fristlos und ohne, dass ihr daraus eine Verpflichtung gegenüber der anderen Partei erwächst, durch schriftliche (Textform) Mitteilung an die andere Partei beenden kann; (iii) die von Mimecast zugesicherten Service Level und Support-Leistungen nicht für Evaluierungsdienste gelten; (iv) die Evaluierungsdienste “wie gesehen” erbracht werden; und (v) Mimecast daher keine Haftung oder Gewährleistung übernimmt. Der letztgenannte Haftungsausschluss gilt nicht bei Haftung für Schäden aus der Verletzung des Lebens, des Körpers oder der Gesundheit, bei Arglist, Vorsatz oder grober Fahrlässigkeit von Mimecast ihrer gesetzlichen Vertreter oder Erfüllungsgehilfen oder sofern das Produkthaftungsgesetz zur Anwendung kommt.

2.2 Großgeschriebene Begriffe, die in dieser Evaluierungsvereinbarung verwendet, aber in Ziffer 2.1 nicht anderweitig

definiert werden, haben die im Bestandsvertrag angegebene Bedeutung. Die Zustimmung zu dieser Evaluierungsvereinbarung gilt für die Zwecke der Evaluierungsdienste als Änderung des Bestandsvertrags. Mit Ausnahme der in dieser Evaluierungsvereinbarung vorgesehenen Änderungen bleiben alle Bestimmungen des Bestandsvertrags unverändert gültig. Bei Widersprüchen zwischen Ziffer 2.1 und den Vertragsbestimmungen in Bezug auf die Evaluierungsdienste ist Ziffer 2.1 maßgeblich.

2.3 Mit Ausnahme von Ziffer 13 (Testumgebungen) gelten die Bestimmungen dieser Evaluierungsvereinbarung nicht für Bestandskunden.

 

3 EIGENTUMSRECHTE. Mimecast und seine Lizenzgeber behalten sämtliche Eigentumsrechte an den Evaluierungsdiensten und den diesen zugrunde liegenden Systemen. Die Rechte des Kunden sind auf die Rechte beschränkt, die ihm in der vorliegenden Evaluierungsvereinbarung ausdrücklich eingeräumt werden. 

Unbeschadet anders lautender Bestimmungen in dieser Evaluierungsvereinbarung soll die Haftung des Kunden im Falle einer Verletzung der gewerblichen Schutzrechte von Mimecast durch den Kunden nicht beschränkt werden; sämtliche Ansprüche aus einer solchen Rechtsverletzung gelten als durch diese Evaluierungsvereinbarung geregelt. Die Evaluierungsdienste dürfen nicht genutzt oder aufgerufen werden, um (i) einen konkurrierenden Dienst oder vergleichbare Funktionen zu entwickeln oder (ii) vergleichende Analysen (insbesondere Benchmarking-Analysen) durchzuführen, die für die Nutzung außerhalb des Unternehmens bzw. der Organisation des Kunden bestimmt sind.

 

4 NUTZUNGSBEDINGUNGEN – EVALUIERUNGSDIENSTE.

4.1 Der Kunde verpflichtet sich dazu, (i) die Evaluierungsdienste nur für seine eigenen internen Geschäftszwecke zu nutzen; (ii) die Evaluierungsdienste nur gemäß den angemessenen Anweisungen von Mimecast zu nutzen; (iii) nur der vereinbarten Anzahl von zugelassenen Nutzern den Zugang zu den Evaluierungsdiensten und deren Nutzung zu gestatten; (iv) ausreichende und geeignete Kontrollen dauerhaft vorzusehen, um sicherzustellen, dass die Nutzerkonten nur von den zugelassenen Nutzern genutzt werden, denen die Konten zugeordnet sind, und um die zugelassenen Nutzer zu verwalten und zu überwachen; dies umfasst die Benennung eines oder mehrerer Administratoren, die für die Zugriffskontrolle verantwortlich sind; (v) alle Ausrüstungsgegenstände zu beschaffen und zu warten, die für die Verbindung mit der Software und den Softwarediensten, den Zugriff darauf oder die anderweitige Nutzung der Software und der Softwaredienste erforderlich sind (als „Ausrüstungsgegenstände“ gelten Ausrüstungen und Zusatzdienste/-leistungen, darunter Modems, Hardware, Services, Software, Betriebssysteme, Netzwerke, Webdienste und dergleichen); (vi) dafür zu sorgen, dass die Evaluierungsdienste die aufsichtsrechtlichen Anforderungen des Kunden erfüllen, und zwar insbesondere in Bezug auf den Datenschutz und das Arbeitsrecht; und (vii) alle erforderlichen Zustimmungen, Erlaubnisse und Befugnisse von Einzelpersonen oder Aufsichtsbehörden in Bezug auf sämtliche Kundendaten (darunter gegebenenfalls auch personenbezogene Daten, die bei der Nutzung der Evaluierungsdienste übertragen, verarbeitet und/oder analysiert werden) sowie das Recht von Mimecast, diese Daten für die Erstellung von Berichten und Analysen zu verwenden, einzuholen. 

4.2 Der Kunde verpflichtet sich ferner, (i) die Evaluierungsdienste nicht zu übertragen, weiterzuverkaufen, zu lizenzieren oder anderweitig Dritten zur Verfügung zu stellen; (ii) die Evaluierungsdienste nicht in einer Weise zu nutzen, die gegen geltendes Recht verstößt, und insbesondere alle für die Erfüllung der in dieser Evaluierungsvereinbarung niedergelegten Pflichten durch Mimecast erforderlichen Genehmigungen einzuholen; (iii) die für ihn anwendbare Gesetze oder vertragliche Vereinbarungen zu beachten, die eine Übermittlung von Informationen durch die Nutzung der Evaluierungsdienste untersagen oder einschränken (wie z.B. die wettbewerbsrechtlichen Regelungen und Einwilligungserfordernisse zu unerwünschter Werbung durch Email ); (iv) die Daten zur Nutzerauthentifizierung bzw. Nutzerpasswörter nicht an Dritte weiterzugeben; (v) die Evaluierungsdienste nicht in einer Art und Weise zu nutzen, durch die Viren, Malware oder andere Schadsoftware eingeschleust werden, oder (vi) sich in einer Weise zu betätigen, die mit hoher Wahrscheinlichkeit zur Störung oder Unterbrechung der Evaluierungsdienste führt (z. B. durch eine Tätigkeit, die dazu führt, dass Mimecast von einem Internet-Service-Provider auf die schwarze Liste gesetzt wird); (vii) die Evaluierungsdienste nicht zu vermieten, oder Dritten Nutzungsrechte an Ihnen zu gewähren oder sie mit kommerzieller Gewinnerzielungsabsicht zu verwenden oder; (viii) Evaluierungsdienste oder Teile davon zu kopieren, zu verbreiten, unbefugten Zugang zu gewähren, zurückzuentwickeln oder zu dekompilieren. .

4.3 Der Kunde ist allein für die Handlungen und Unterlassungen jedes Nutzers oder zugelassenen Nutzers verantwortlich, der über den Kunden oder dessen Systeme Zugriff auf die Evaluierungsdienste erlangt. Der Kunde informiert Mimecast unverzüglich, wenn er von einem unbefugten Zugriff oder einer unbefugten Nutzung Kenntnis erhält. Gegebenenfalls wird dem Kunden die Rolle eines „Super-Administrators“ für das Mimecast-Konto eingeräumt, so dass er uneingeschränkten Zugriff auf die Kundendaten hat und das Konto konfigurieren kann. Der Kunde kann Mimecast eine Rolle zuweisen, mit der Mimecast auf die Kundendaten zugreifen kann. Falls ein solcher delegierter Zugang gewährt wird, sorgt der Kunde dafür, dass alle dafür erforderlichen Zustimmungen und Genehmigungen vorliegen.

4.4 Der Kunde verteidigt und entschädigt Mimecast bei Schadensersatzforderungen Dritter oder aufsichtsrechtlichen Klagen, die sich (i) aus tatsächlichen oder mutmaßlichen Verstößen des Kunden gegen die Bestimmungen von Ziffer 4.1, 4.2 und 4.3 bzw. (ii) daraus ergeben, dass Mimecast Anweisungen des Kunden befolgt.

4.5 Wird Mimecast durch eine Handlung oder Unterlassung des Kunden, auf die Mimecast nach vernünftiger Einschätzung keinen Einfluss hat, an der Erfüllung seiner Pflichten gehindert oder wird die Pflichterfüllung dadurch verzögert, so gilt dies nicht als Pflichtverletzung von Mimecast, soweit die Pflichtverletzung direkt oder indirekt aus dem Hinderungs- oder Verzögerungsgrund entsteht. 

 

5. SUPPORT- UND IMPLEMENTIERUNGSLEISTUNGEN; SERVICE-LEVEL-VEREINBARUNG.

Mimecast unterstützt den Kunden während der üblichen Geschäftszeiten telefonisch bei der Installation und Nutzung der Evaluierungsdienste („Support“). Mimecast bemüht sich in wirtschaftlich vertretbarem Umfang darum, umgehend auf alle Kundenanfragen zu reagieren; der Kunde akzeptiert jedoch, dass die Service-Level-Vereinbarung mit Mimecast nicht für die im Rahmen dieser Evaluierungsvereinbarung bereitgestellten Evaluierungsdienste gilt.

 

6. MIMECAST ANWENDUNGEN (“Applications”), SCHNITTSTELLEN (“APIs”) UND SERVICES DRITTER

6.1 Mimecast Anwendungen. Mimecast stellt über verschiedene Online-Marktplätze Anwendungen zur Verfügung, die

mit den Evaluierungsdiensten genutzt werden können. Der Kunde erhält eine Lizenz für die Nutzung der Mimecast Anwendungen, erwirbt jedoch kein Eigentum an ihnen. Die Lizenz des Kunden zur Nutzung der Anwendungen gilt nur, soweit der Kunde die Bedingungen dieser Vereinbarung sowie alle damit zusammenhängenden Endbenutzer-Lizenzvereinbarungen einhält, die über die Anwendung/ den Marktplatz zur Verfügung gestellt werden. Die Lizenzlaufzeit endet mit dem Ende der vorliegenden Vereinbarung. Es wird ausdrücklich vereinbart, dass die Mimecast Anwendungen als Evaluierungsdienste im Sinne dieser Vereinbarung gelten.

6.2 Anwendungsprogramm-Schnittstellen („API“). Der Kunde kann bestimmte Mimecast-APIs aktivieren um die Evaluierungsdienste in Verbindung mit Services, Systemen oder Anwendungen von Dritten nutzen zu können. Auf Anfrage wird dem Kunden der entsprechende Prozess zur Aktivierung der APIs mitgeteilt. 

Der Kunde ist dafür verantwortlich, dass die Mimecast im Rahmen dieses Prozesses zur Verfügung gestellten Informationen aktuell sind und bleiben bzw. dass er sie gegebenenfalls aktualisiert. Mimecast kann den Zugriff zur API jederzeit ohne Benachrichtigung des Kunden widerrufen, wenn Mimecast vernünftigerweise davon ausgehen kann, dass dies notwendig und angemessen ist. Alle Zugangsschlüssel, Authentifizierungsverfahren und Daten, zu denen der Kunde Zugang erhält oder die dem Kunden im Zusammenhang mit der Nutzung der API zur Verfügung gestellt werden, mit Ausnahme der Kundendaten, gelten als vertrauliche Informationen von Mimecast. Falls der Kunde über Mimecast-APIs Kundendaten an Dritte übermittelt, unabhängig davon, ob es sich bei diesen Dritten um Technologiepartner von Mimecast handelt oder nicht, ist Mimecast nicht mehr für die Sicherheit der Kundendaten verantwortlich, sobald die Kundendaten die Mimecast-Umgebung verlassen haben. Eine derartige Datenübermittlung erfolgt auf eigenen Wunsch und eigenes Risiko des Kunden. Soweit der Kunde die Mimecast-APIs nutzt, gelten die Bestimmungen der vorliegenden Ziffer 4 für die Nutzung, als ob diese APIs in den Evaluierungsdiensten enthalten wären. 

6.3 Services Dritter. Soweit Kundendaten von Services Dritter abgerufen oder zur Verfügung gestellt werden, haftet Mimecast nicht für den Zustand dieser Kundendaten; dies gilt insbesondere für Kundendaten, die von Services Dritter abgerufen oder zur Verfügung gestellt werden und falsch, unvollständig oder beschädigt sind oder fehlen. „Services Dritter” sind in diesem Zusammenhang: Produkte, Anwendungen, APIs, Web-Hooks, Dienste, Software, Systeme, Verzeichnisse, Websites, Datenbanken und Informationen Dritter, deren der Kunde sich im Zusammenhang mit der Nutzung von Evaluierungsdiensten bedient oder die er über Mimecast Schnittstellen (“-API-Konnektoren”) anbindet, bzw. deren Anbindung er ermöglicht um den Evaluierungsdienst zu nutzen. Mimecast ist nicht für die Services Dritter verantwortlich und gibt keine Zusicherungen oder Gewährleistungen in Bezug auf die Services Dritter ab.

 

7. DATENSCHUTZ 

7.1 Kundendaten. „Kundendaten“ sind Daten, die der Kunde Mimecast im Rahmen der Evaluierungsdienste zur Verarbeitung zur Verfügung stellt; dazu zählen, ohne Anspruch auf Vollständigkeit, insbesondere die Inhalte von Dateien, E-Mails und Nachrichten, die von zugelassenen Nutzern empfangen bzw. an diese versendet wurden. Ungeachtet dessen beinhalten Kundendaten keine durch die Evaluierungsdienste verarbeiteten Daten, die nach vernünftigem Ermessen als böswillig identifiziert werden, wie zum Beispiel Daten, die zu Datenschutzverletzungen, Malware-Infektionen, Cyberangriffen oder anderen bedrohlichen Aktivitäten führen können (zusammenfassend "Bedrohungsdaten” oder “Threat Data”). Weitere Bestimmungen zu Bedrohungsdaten finden sich in Abschnitt 9.2. „Personenbezogene Daten“ sind Kundendaten, die sich auf eine identifizierte oder identifizierbare natürliche Person beziehen. Soweit hierin nicht anders geregelt, werden die Kundendaten nach Beendigung oder Ablauf dieser Vereinbarung gemäß der üblichen Geschäftspraxis von Mimecast gelöscht; der Kunde erkennt an, dass Mimecast nicht verpflichtet ist, die Kundendaten über das Ende der Vereinbarung hinaus aufzubewahren.

7.2 Sicherheit. Mimecast verpflichtet sich zur Umsetzung und Aufrechterhaltung von geeigneten administrativen, technischen, organisatorischen und physischen Sicherheitsvorkehrungen für jeden der Evaluierungsdienste, die geeignet sind um die Kundendaten vor unbefugtem Zugriff, Veröffentlichung oder Verlust zu schützen. Der Kunde akzeptiert, dass Mimecast im Rahmen der Bereitstellung der Evaluierungsdienste für den Kunden bei Bedarf Zugriff auf Kundendaten haben muss, um auf technische Probleme oder Kundenanfragen reagieren und die ordnungsgemäße Funktion der Evaluierungsdienste gewährleisten zu können; dieser Zugriff kann von jedem Ort aus erfolgen, an dem Mimecast Support-Personal vorhält. Nähere Informationen über die Sicherheitsvorkehrungen von Mimecast, insbesondere an den Orten, von denen aus Support-Leistungen erbracht werden, sowie eine Liste der Zertifikate, Bescheinigungen und Bewertungen von Mimecast stehen unter https://www.mimecast.com/company/mimecast-trust-center/ („Trust Center“) zur Verfügung. Mimecast ist dazu berechtigt, das Trust Center zu gegebener Zeit zu aktualisieren.

7.3 Datenschutzvorschriften. Sofern es das Gesetz erfordert oder die Parteien dies vereinbaren, werden zusätzliche Datenschutzbedingungen in einem separaten Datenverarbeitungsvertrag geregelt („Datenverarbeitungsbedingungen“). Diese Datenverarbeitungsbedingungen werden Bestandteil dieser Vereinbarung und werden dieser als Anlage beigefügt. Bei Widersprüchen zwischen den Bedingungen in den Abschnitten 7.1 bis 7.3 dieser Vereinbarung und der Datenverarbeitungsbedingungen, gelten die Datenverarbeitungsbedingungen vorrangig. In Bezug auf personenbezogene Kundendaten, gilt der Kunde als rechenschaftspflichtige Organisation bzw. Datenverantwortlicher, während Mimecast als Dienstleister bzw. Datenverarbeiter gilt. Soweit die Anwendbaren Datenschutzgesetze es nichts anderes vorsehen, verarbeitet Mimecast die personenbezogenen Daten ausschließlich gemäß den Anweisungen des Kunden. Die „Anweisungen“ sind in dieser Vereinbarung festgelegt und zusätzlich kann der Kunde bei Bedarf weitere Anweisungen in Schriftform an Mimecast übermitteln. Mimecast erhebt und schützt personenbezogene Daten gemäß der Anwendbaren Datenschutzgesetze. „Anwendbare Datenschutzgesetze“ umfassen eines oder mehrere der folgenden Datenschutzgesetze oder vorschriften, die auf die Verarbeitung von personenbezogenen Daten durch Mimecast im Rahmen dieses Vertrags anwendbar sind: (i) die Verordnung (EU) 2016/679 des Europäischen Parlaments und des Rates vom 27. April 2016 („DSGVO“); (ii) die DSGVO, wie sie durch den Data Protection Act 2018 in das Recht des Vereinigten Königreichs („UK“) übernommen und durch die Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU-Exit) Regulations 2019 („UK GDPR“) geändert wurde; und (iii) alle Gesetze, Verordnungen oder Anordnungen, durch die die vorstehenden Vorschriften umgesetzt werden. Sofern es nach geltendem Recht zulässig ist, kann Mimecast personenbezogene Daten in den Vereinigten Staaten oder anderen Ländern als dem Land, in dem sie erhoben wurden, verarbeiten, so wie es im Trust Center beschrieben wird. Der Kunde ist dazu verpflichtet, alle für die Verarbeitung und Übertragung (insbesondere ins Ausland) von personenbezogenen Daten ggf. erforderlichen Mitteilungen zu machen und die entsprechenden Einwilligungen einzuholen.

 

8. VERTRAULICHKEIT. „Vertrauliche Informationen“ sind Informationen, die von der Partei, die die Informationen veröffentlicht („offenlegende Partei“) als „vertraulich“ oder „urheberrechtlich geschützt“ ausgewiesen werden oder von denen vernünftigerweise angenommen werden kann, dass sie aufgrund ihrer Art und der Umstände, unter denen sie offengelegt werden, vertraulich sind, ungeachtet der Form ihrer Offenlegung (schriftlich, mündlich, visuell oder elektronisch). Soweit Informationen mündlich oder visuell mitgeteilt werden, muss zum Zeitpunkt der Offenlegung die Vertraulichkeit der Information klargestellt werden. Zu den vertraulichen Informationen des Kunden gehören auch Kundendaten. Als vertrauliche Informationen von Mimecast gelten alle Informationen, die sich auf die Leistung, Funktionalität oder Zuverlässigkeit der Evaluierungsdienste beziehen. Nicht als vertraulich gelten Informationen, die: (i) allgemein bekannt sind oder ohne Verschulden der Partei, die die Informationen von der offenlegenden Partei erhalten hat („Empfängerpartei“) allgemein bekannt werden; (ii) sich bereits vor der Offenlegung durch die offenlegende Partei im Besitz der Empfängerpartei befanden; (iii) die Empfängerpartei von einem Dritten erwirbt, ohne dabei gegen Geheimhaltungspflichten zu verstoßen, oder (iv) die von der Empfängerpartei unabhängig von den vertraulichen Informationen der offenlegenden Partei entwickelt werden. Die vertraulichen Informationen sind und bleiben ausschließliches Eigentum der offenlegenden Partei. Zusätzlich zu allen übrigen Pflichten die in dieser Ziffer 8 ausgeführt sind, verpflichtet sich die Empfängerpartei dazu, (i) die vertraulichen Informationen der offenlegenden Partei ausschließlich zur Ausführung der in dieser Evaluierungsvereinbarung genannten Tätigkeiten zu nutzen; (ii) diese Informationen nur an ihre Mitarbeiter, Beauftragten und Auftragnehmer weiterzugeben, die einer Geheimhaltungspflicht unterliegen, die mindestens so streng ist wie die Geheimhaltungspflicht in Ziffer 8 dieser Evaluierungsvereinbarung; und (iii) beim Schutz der vertraulichen Informationen der offenlegenden Partei mindestens den Grad an Umsicht und Sorgfalt walten zu lassen, den sie auch bei ihren eigenen vertraulichen Informationen an den Tag legt, mindestens jedoch den angemessenen Grad an Umsicht und Sorgfalt; und (iv) auf schriftliches Verlangen (und auf Kosten der offenlegenden Partei) alle Kopien der vertraulichen Informationen der offenlegenden Partei, die sich in ihrem Besitz oder Verantwortungsbereich befinden, zurückzugeben bzw. zu zerstören. Ungeachtet der vorliegenden Bestimmungen ist die Empfängerpartei zur Offenlegung von vertraulichen Informationen der offenlegenden Partei berechtigt, wenn dies von ihr rechtmäßig durch eine gerichtliche oder behördliche Anordnung verlangt wird. Soweit dies rechtlich zulässig ist, hat die Empfängerpartei die offenlegende Partei zuvor in angemessener Form schriftlich von der verlangten Offenlegung zu unterrichten, damit die offenlegende Partei eine Schutzanordnung beantragen kann. Die Empfängerpartei wirkt auf Kosten der offenlegenden Partei in zumutbarer Weise an den Maßnahmen der offenlegenden Partei zur Erwirkung einer solchen Schutzanordnung mit. Die Empfängerpartei legt nur die Daten offen, deren Offenlegung nach vernünftigem Ermessen notwendig ist, um die jeweiligen Verfügungen bzw. gesetzlichen Anforderungen zu erfüllen.

 

9. BEDROHUNGSDATEN, DATEN FÜR MASCHINELLES LERNEN UND AGGREGIERTE NUTZUNGSDATEN

Die Parteien erklären und vereinbaren, dass Mimecast kein Eigentum an den Kundendaten hat. Gemäß dieser Vereinbarung und dem vorliegenden Datenschutzvertrag gewährt der Kunde Mimecast hiermit alle notwendigen Nutzungsrechte zur Verarbeitung von Kundendaten, insbesondere bestimmter Kundendaten innerhalb von Daten für Maschinelles Lernen (wie unten definiert) sowie von Bedrohungsdaten um: (i) die Evaluierungsdienste bereitzustellen; (ii) die Erkennung, Analyse, Sensibilisierung und Prävention von Bedrohungen zu verbessern; und/oder (iii) die Evaluierungsdienste zu verbessern und weiterzuentwickeln.

9.2 Bedrohungsdaten. Im Rahmen der Evaluierungsdienste verarbeitet Mimecast Bedrohungsdaten (wie unter Abschnitt 7.1 definiert) vorrangig durch automatische Prozesse und teilt gegebenenfalls in begrenztem Umfang Bedrohungsdaten mit Dritten innerhalb des Cybersecurity-Ökosystems, um die Erkennung und Analyse von Bedrohungen sowie die Sensibilisierung für Bedrohungen zu verbessern. In bestimmten Fällen können Bedrohungsdaten personenbezogene Daten enthalten.

9.3 Daten für maschinelles Lernen. Vorrangig durch automatische Mustererkennung, die dazu dient, die Effizienz und Genauigkeit unserer Algorithmen für Maschinelles Lernen innerhalb der Evaluierungsdienste zu entwickeln und zu verbessern, verarbeitet Mimecast Daten für maschinelles Lernen , die Kundendaten sowie andere Daten, die Kundendaten beschreiben und/oder Informationen darüber liefern, enthalten können. “Daten für maschinelles Lernen” sind unter anderen Metadaten, Dateien, URLs, abgeleitete Merkmale und andere Daten. Diese maschinellen Lernalgorithmen werden von Mimecast und/oder Unterauftragnehmern gehostet. Das Ergebnis dieser maschinellen Lernalgorithmen ist Eigentum von Mimecast, enthält keine Kundendaten oder personenbezogenen Daten und ist anonymisiert und unumkehrbar. Mimecast gibt keine Daten für Maschinelles Lernen an Dritte weiter. 

9.4 Aggregierte Nutzungsdaten. Mimecast verarbeitet bestimmte zusammengefasste, aus den Evaluierungsdienste abgeleitete Daten, einschließlich Nutzungsdaten, wie beispielsweise Nutzungsstatistiken, Berichte, Protokolle und Informationen über Spam, Viren und/oder andere Malware („zusammengefasste Nutzungsdaten“). Mimecast ist Eigentümer aller zusammengefassten Nutzungsdaten.

 

10. FEEDBACK. Mimecast kann vom Kunden mitgeteiltes Feedback unabhängig vom Zeitpunkt der Mitteilung oder der Form, jederzeit nach eigenem Ermessen nutzen, ohne dass dem Kunden daraus ein Anspruch auf eine finanzielle oder sonstige Entschädigung entsteht. Als „Feedback“ gelten alle Mitteilungen oder Materialien, die Mimecast vom Kunden zur Verfügung gestellt werden und in denen Änderungen an den Evaluierungsdiensten vorgeschlagen oder empfohlen werden unabhängig davon, welche Art von Evaluierungsdienst dem Kunden bereitgestellt wird.

 

11 HAFTUNGSBESCHRÄNKUNG.

11.1 Allgemeines.

(a) Die Haftung von Mimecast ist unbeschränkt, sofern sie auf (i) vorsätzlichem Fehlverhalten, (ii) grober Fahrlässigkeit, (iii) Haftung für Personenschäden, (iv) Haftung nach dem Produkthaftungsgesetz oder (v) der schriftlichen Übernahme eine Garantie beruht.

(b) Mit Ausnahme des Vorgenannten haftet Mimecast nur für Schäden, die durch die Verletzung einer "wesentlichen

Vertragspflicht" verursacht wurden. Darunter ist eine Pflicht zu verstehen, deren Erfüllung die ordnungsgemäße Durchführung des Vertrages überhaupt erst ermöglicht, auf deren Einhaltung der Kunde regelmäßig vertrauen darf und deren Verletzung die Erreichung des Vertragszwecks gefährden kann. 

(c) Im Falle einer Haftung nach Ziffer 11.1 (b) ist diese Haftung auf den vertragstypischen Schaden begrenzt, maximal jedoch

auf den jeweils höheren der beiden folgenden Beträge (i) 85.000 € oder (ii) dem Zweifachen der Gebühren, die der Kunde an Mimecast (oder den Wiederverkäufer) für die entsprechenden Services während der zwölf Monate unmittelbar vor dem Ereignis, das den Anspruch begründet, gezahlt hat. 

11.2 Ausschluss. 

Sofern nicht anders vereinbart, liegt es in der Verantwortung des Kunden, eine ordnungsgemäße und regelmäßige Datensicherung vorzunehmen, und er haftet für Schäden, die durch die Unterlassung einer solchen Sicherung entstehen. Die Haftung von Mimecast für Datenverlust ist auf den typischen Wiederherstellungsaufwand beschränkt, der bei regelmäßiger und gefahrentsprechender Sicherung der Daten eingetreten wäre.

11.3 Verjährungsfrist.

Haftung der Mitarbeiter. Im Hinblick auf Ziffer 11.1 (a) gelten die gesetzlichen Verjährungsvorschriften nach deutschem Recht. In allen anderen Fällen verjähren Schadensersatzansprüche in zwölf (12) Monaten, beginnend mit dem Tag, an dem der Schaden eingetreten ist und der Kunde von seinem Eintritt Kenntnis erlangt hat oder hätte erlangen müssen, spätestens jedoch drei (3) Jahre nach Eintritt des Schadens. 

Soweit die Haftung von Mimecast nach den vorstehenden Bestimmungen ausgeschlossen oder beschränkt ist, gilt dies auch zugunsten der Mitarbeiter von Mimecast im Falle direkter Ansprüche des Kunden gegen diese.

 

12. BEENDIGUNG. Jede Partei kann diese Vereinbarung aus wichtigem Grund oder nach eigenem Ermessen fristlos durch schriftliche Mitteilung an die andere Partei kündigen. Mimecast kann die Bereitstellung der Evaluierungsdienste aussetzen, wenn das Konto des Kunden Gegenstand von Denial-of-Service-Angriffen, Hacking-Versuchen oder anderen böswilligen Aktivitäten ist oder die Aktivitäten des Kunden nach vernünftigem Ermessen gegen die vorliegende Evaluierungsvereinbarung verstoßen. Mimecast wird den Kunden nach Möglichkeit vorab über die Aussetzung der Evaluierungsdienste in Kenntnis setzen.

12.1 Kündigung aufgrund von Handelsbeschränkungen/Sanktionen. Die Parteien erkennen an, dass Mimecast zu Beginn der

Vertragsbeziehung und in regelmäßigen Abständen eine Überprüfung seiner Kunden dahingehend durchführt, ob Kunden von

Handelsbeschränkungen oder Sanktionen betroffen sind (wie z.B. die unter Ziffer 14.9 genannten) – ein sogenanntes “Restricted Party Screening oder "RPS". Sofern Mimecast im Rahmen eines solchen RPS und dessen Auswertung nach eigenem Ermessen, zu einem nicht zufriedenstellenden Ergebnis in Bezug auf den Kunden kommt, kann Mimecast diese Vereinbarung durch schriftliche Mitteilung an den Kunden mit sofortiger Wirkung kündigen, ohne weitere Verpflichtungen dem Kunden gegenüber.

 

13. TESTUMGEBUNGEN. Mimecast kann einen Zugang zu einer Testumgebung gewähren, damit der Kunde die Archivierung, das Secure Email Gateway und andere Evaluierungsdienste nach Bedarf testen kann (jeweils eine „Testumgebung“). Mit Gewährung des Zugangs zur Testumgebung durch Mimecast akzeptiert der Kunde, dass es sich bei der Testumgebung um eine gemeinsam genutzte Plattform handelt und dass alle erstellten Berichte und/oder Kundendaten (insbesondere E-Mail-Metadaten und -Inhalte), die an die oder von der Testumgebung gesendet werden, für alle anderen Nutzer sichtbar sind, denen zu Evaluierungszwecken ein Zugang zu der Testumgebung gewährt wird. Für den Zugang zur Testumgebung und deren Nutzung durch den Kunden gelten die Bedingungen dieser Evaluierungsvereinbarung (insbesondere Ziffer 4 (Nutzungsbedingungen – Evaluierungsdienste), bzw. bei Bestandskunden die Bedingungen des Bestandsvertrags, wobei das Hosting-Land für das Testarchiv ein anderes sein kann. Der Kunde erkennt ferner an, dass der Firmenname des Kunden für andere Nutzer der Testumgebung gegebenenfalls sichtbar ist und daher erkennbar ist, dass der Kunde die Mimecast Services testet. Mit dem Zugriff auf die Testumgebung erklärt sich der Kunde damit einverstanden, dass sein Firmenname für andere Nutzer der Testumgebung gegebenenfalls sichtbar ist. Der Kunde verpflichtet sich dazu, keine personenbezogenen Daten, geschützte Gesundheitsinformationen (wie im US Health Insurance Portability and Accountability Act von 1996 (HIPAA) definiert), Zahlkarteninformationen oder andere vertrauliche oder geschützte Daten zu übertragen. Der Kunde verpflichtet sich dazu, keine Inhalte zu übermitteln, die als beleidigend aufgefasst werden können oder die Rechte anderer verletzen. Der Kunde verpflichtet sich, Mimecast für Ansprüche Dritter in Bezug auf Kundendaten, die der Kunde in die Testumgebung übermittelt oder von dort abruft, zu entschädigen und schadlos zu halten.

 

14. ALLGEMEINES.

14.1 Die folgenden Ziffern gelten auch nach Beendigung dieser Evaluierungsvereinbarung fort: Ziffer 3 (Eigentumsrechte), Ziffer 4 (Nutzungsbedingungen – Evaluierungsdienste), Ziffer 7 (Datenschutz), Ziffer 8 (Vertraulichkeit), Ziffer 9 ( Bedrohungsdaten, Daten für Maschinelles Lernen und aggregierte Nutzungsdaten), Ziffer 10 (Feedback), Ziffer 11 (Haftungsbeschränkung), Ziffer 14 (Allgemeines), Ziffer 15 (Geltendes Recht) und Ziffer 16 (Sprache).

14.2 Ungeachtet anders lautender Bestimmungen in diesen Evaluierungsbedingungen dürfen die Kundendaten von Mimecast gespeichert und offengelegt werden, soweit das geltende Recht, gerichtliche Vorladungen oder Gerichtsbeschlüsse bzw. die Durchsetzung der Rechte aus diesen Evaluierungsbedingungen dies erfordern. Sofern dies gesetzlich zulässig ist, wird Mimecast den Kunden rechtzeitig und in Schriftform über eine bevorstehende Offenlegung informieren, damit der Kunde eine die vertraulichen Informationen schützende Verfügung beantragen kann; bei Bedarf unterstützt Mimecast den Kunden bei seinen Bemühungen gemäß dieser Ziffer auf Kosten des Kunden. Mimecast legt nur die Daten offen, deren Offenlegung nach vernünftigem Ermessen notwendig ist, um die jeweiligen Verfügungen bzw. gesetzlichen Anforderungen zu erfüllen.

14.3 Keine der Parteien haftet für die Spät- oder Nichterfüllung von Vertragspflichten, wenn der Verzögerungs- oder Hinderungsgrund sich ihrem Einfluss entzieht; dazu zählen insbesondere höhere Gewalt wie Maßnahmen von Behörden und Streitkräften, Kriegshandlungen, Unfälle, Ausfälle von Computern und Kommunikationsverbindungen bei Dritten, Natur- und andere Katastrophen, Streiks oder sonstige Betriebsunterbrechungen sowie alle weiteren Ereignisse bzw. Ursachen, die sich bei realistischer Beurteilung dem Einfluss der davon betroffenen Partei entziehen.

14.4 Der Kunde darf diese Evaluierungsbedingungen im Falle eines Verkaufs seines Geschäftsbetriebs oder eines Unternehmenszusammenschlusses ganz oder teilweise an den Erwerber abtreten. Ansonsten kann der Kunde Ansprüche gegen Mimecast nur nach ausdrücklicher schriftlicher Zustimmung von Mimecast abtreten, verpfänden oder anderweitig darüber verfügen. Die vorliegende Evaluierungsvereinbarung ist für die Parteien und deren Rechtsnachfolger rechtsverbindlich.. 

14.5 Alle geschäftlichen Mitteilungen im Zusammenhang mit dieser Evaluierungsvereinbarung können per E-Mail erfolgen. Alle rechtlich notwendigen Mitteilungen, die sich auf diese Evaluierungsvereinbarung beziehen, sind in Schriftform an der vom Empfänger angegebenen Mitteilungsanschrift zuzustellen. Alle Mitteilungen müssen durch einen namhaften Kurierdienst oder durch eine andere Form des Postversands, die eine Empfangsbestätigung durch den Empfänger vorsieht, übermittelt werden.

14.6 Beide Parteien akzeptieren, dass sie sich nicht auf Zusicherungen verlassen dürfen, die nicht in dieser Evaluierungsvereinbarung niedergelegt sind. Die vorliegende Evaluierungsvereinbarung kann durch eine Auftragsbestätigung oder eine sonstige Mitteilung nicht geändert oder ergänzt werden. Soweit in der vorliegenden Evaluierungsvereinbarung nicht ausdrücklich etwas anderes vorgesehen ist, bedürfen sämtliche Änderungen der Evaluierungsvereinbarung der Schriftform und sind von den jeweiligen Bevollmächtigten der Parteien zu unterzeichnen. Sollte sich eine der vorliegenden Bestimmungen als nicht durchsetzbar erweisen, so bleiben die übrigen Bestimmungen davon unberührt, und die nicht durchsetzbare Bestimmung wird so weit abgeändert, dass sie durchsetzbar ist. Sollte eine Partei ihre Rechte aus dieser Evaluierungsvereinbarung nicht geltend machen oder nicht auf der strengen Erfüllung der Bestimmungen bestehen bzw. diese nicht durchsetzen, so stellt dies keinen grundsätzlichen Verzicht auf das Recht dar, die betreffende Bestimmung oder andere aus dieser Evaluierungsvereinbarung resultierende Ansprüche künftig geltend zu machen.

14.7 Die vorliegende Evaluierungsvereinbarung wird ausschließlich zwischen Mimecast und dem Kunden geschlossen und kann auch nur von Mimecast bzw. dem Kunden durchgesetzt werden. Aus dieser Evaluierungsvereinbarung ergeben sich keine Rechte oder Pflichten Dritter. Jede Partei handelt als selbständige Vertragspartei und keine der vorliegenden Bestimmungen darf dergestalt ausgelegt werden, dass dadurch eine Partnerschaft, ein Joint-Venture oder ein Vertretungsverhältnis gleich welcher Art zwischen Mimecast und dem Kunden oder einem zugelassenen Nutzer begründet würde. 

14.8 Mimecast erkennt an, dass jede in dieser Evaluierungsvereinbarung festgelegte Haftungsbeschränkung nur im gesetzlich zulässigen Umfang gilt.

14.9 Jede Partei verpflichtet sich zur Einhaltung aller anwendbaren Vorschriften des US-Handelsministeriums, des USFinanzministeriums oder anderer US-amerikanischer oder ausländischer Agenturen oder Behörden, einschließlich des United States Export Administration Act in der jeweils gültigen Fassung, sowie aller geltenden Rechtsvorschriften anderer Länder, die sich auf die Ausfuhr und die Einfuhr der Evaluierungsdienste beziehen. Der Kunde gewährleistet , dass er die die zur Verfügung gestellten Evaluierungsdienste nicht nutzt oder anderen die Nutzung ermöglicht, ermöglicht oder den Export oder Re-export der mit dem Evaluierungsdienst zusammenhängt erlaubt ohne zuvor eine erforderliche Lizenz oder eine andere staatliche Genehmigung eingeholt zu haben in: a) in einer Region die Gegenstand oder Ziel von Finanz- und Wirtschaftssanktionen oder Handelsembargos der USA oder anderer nationaler Regierungen ist oder b) durch eine Partei, die Adressat einer entsprechenden Sanktion ist welche von den nachfolgend aufgeführten Behörden oder Institutionen erlassen, auferlegt oder durchgesetzt wurde: von i) der US-Regierung durch das Office of Foreign Assets Control (OFAC"); ii) das US-Finanzministeriums; das Bureau of Industry and Security (BIS"); iii) das USHandelsministeriums oder iv) das US-Außenministeriums; v) die US-Behörde für Wirtschaft und Finanzen (Bureau of Industry and Security); vi) der Nationale Sicherheitsrats der Vereinten Nationen, der Europäischen Union oder vii) das Finanzministeriums des Vereinigten Königreichs oder c) in einer anderen Weise, die zu einer Verletzung von Sanktionen oder Bestimmungen die den Import und Export von Evaluierungsdiensten betreffen, durch den Kunden oder Mimecast führen würde.

 

15 GELTENDES RECHT

Alle Ansprüche aus vertraglicher oder außervertraglicher Haftung unterliegen ausschließlich deutschem Recht unter Ausschluss des UN-Kaufrechts. Die Kollisionsnormen finden keine Anwendung. Der ausschließliche Gerichtsstand für alle Streitigkeiten aus und im Zusammenhang mit dieser Evaluierungsvereinbarung ist München, sofern der Kunde ein Kaufmann im Sinne von § 1 HGB, eine juristische Person des öffentlichen Rechts oder ein öffentlich-rechtliches Sondervermögen ist..Ungeachtet dessen hat jede Partei das Recht, bei jedem dafür zuständigen Gericht einstweiligen Rechtsschutz zu beantragen, Feststellungsklagen einzureichen oder sonstige Rechtsbehelfe zu beantragen, um ihre Rechte in Bezug auf geistiges Eigentum, Kundendaten oder vertrauliche Informationen durchzusetzen

 

16 SPRACHE

Die vorliegende Evaluierungsvereinbarung kann in mehreren Sprachen verwendet werden. Bei Unstimmigkeiten oder mangelnder Eindeutigkeit zwischen der deutschen Fassung und anderen Sprachfassungen ist die deutsche Fassung maßgeblich.

 

 

Anlage 1

Besondere Bedingungen

Die in diesem Anhang 1 dargelegten Besonderen Bedingungen sind ein Nachtrag zu der Vereinbarung mit Mimecast („Vereinbarung“) und gelten als Vertragsbestandteil.

A. Awareness Training für Evaluierungsdienste 

1. Material. Das Awareness Training für Evaluierungsdienste umfasst gegebenenfalls Material. Als „Material“ gelten Schulungsmaterialien, Video-Trainingsmodule, Nutzerumfragen und Nutzerbewertungen, die Mimecast dem Kunden gemäß dieser Vereinbarung zur Verfügung stellt. Mimecast und seine Lizenzgeber behalten sämtliche Eigentumsrechte an dem Material. 

2. Kundenmaterial. Lädt der Kunde während des Awareness Trainings für Evaluierungsdienste eigenes schriftliches, fotografisches und/oder videografisches Begleitmaterial („Kundenmaterial“) auf die Plattform von Mimecast hoch, so sichert er damit zu, dass das Kundenmaterial: (i) nicht gegen die Rechte Dritter an geistigem Eigentum oder die Rechte Dritter im Zusammenhang mit Öffentlichkeit oder Privatsphäre verstößt; (ii) nicht diffamierend oder verleumderisch ist und keine Drohung oder Belästigung darstellt; und (iii) nicht gegen geltendes Recht verstößt (insbesondere nicht gegen Vorschriften zu sittenwidrigen oder pornografischen Darstellungen). Die Anforderungen dieser Ziffer 2 gelten ergänzend zu und nicht als Ersatz für andere Beschränkungen, die in diesen Besonderen Bedingungen oder in der Vereinbarung enthalten sind.

3. Schadensersatz durch den Kunden. Der Kunde verpflichtet sich dazu, Mimecast gegen alle Ansprüche Dritter zu verteidigen, dafür zu entschädigen und von allen Ansprüchen Dritter freistellen, soweit sich die Ansprüche auf einen Verstoß des Kunden gegen Ziffer A.2 beziehen. Mimecast hat den Kunden auf zumutbares Verlangen und auf Kosten des Kunden unverzüglich in Schriftform über entsprechende Ansprüche in Kenntnis zu setzen und den Kunden nach angemessener Aufforderung durch den Kunden (auf Kosten vom Kunden) bei der Abwehr der Ansprüche zu unterstützen. Der Kunde regelt derartige Ansprüche Dritter nicht in einer Weise, die von Mimecast ohne ausdrückliche vorherige Zustimmung ein Schuldanerkenntnis oder die Zahlung von Geldbeträgen jeglicher Art erfordert. Der Kunde erklärt sich damit einverstanden, dass etwaige in der Vereinbarung vorgesehene Haftungsobergrenzen nicht für die Pflichten des Kunden aus dieser Ziffer A gelten. 

 

B. Besondere Bedingungen für Web Security Evaluierungsdienste

 

1. Kundendaten. Aufgrund der besonderen Merkmale der Web Security Evaluierungsdienste ist Ziffer 7 nicht darauf anwendbar.

2. Beschränkungen. Der Kunde verpflichtet sich dazu, for für die Web Security Evaluierungsdienste eingerichteten Zugriffskontrollen, Authentifizierungsprozesse und Sicherheitsverfahren weder zu deaktivieren noch zu umgehen. Die Anforderungen dieser Ziffer 2 gelten ergänzend zu und nicht als Ersatz für andere Beschränkungen, die in diesen Besonderen Bedingungen oder in der Vereinbarung enthalten sind.

3. Schadensersatz. Der Kunde verpflichtet sich dazu, Mimecast gegen alle Ansprüche Dritter zu verteidigen, dafür zu entschädigen und von allen Ansprüchen Dritter freistellen, soweit sich die Ansprüche auf einen Verstoß des Kunden gegen Ziffer B.2 beziehen. Mimecast hat den Kunden unverzüglich in Schriftform über entsprechende Ansprüche in Kenntnis zu setzen und den Kunden auf Verlangen und auf dessen Kosten in zumutbarem Umfang bei der Abwehr der Ansprüche zu unterstützen. Der Kunde regelt derartige Ansprüche Dritter nicht in einer Weise, die von Mimecast ohne ausdrückliche vorherige Zustimmung ein Schuldanerkenntnis oder die Zahlung von Geldbeträgen jeglicher Art erfordert. Der Kunde erklärt sich damit einverstanden, dass etwaige in der Vereinbarung vorgesehene Haftungsobergrenzen nicht für die Pflichten des Kunden aus dieser Ziffer B.3 gelten.

4. Aussetzung der Evaluierungsdienste. Zusätzlich zu der Möglichkeit, die Evaluierungsdienste gemäß Ziffer 12 auszusetzen, kann Mimecast die Evaluierungsdienste auch dann aussetzen, wenn das Kundenkonto gegen die in den Support-Leistungen oder Service-Levels festgelegten Richtlinien zur akzeptablen Nutzung (“Terms of Use”) verstößt. In einem solchen Fall arbeitet Mimecast mit dem Kunden gemeinsam an einer möglichst zügigen Bereinigung der Angelegenheit. Der Kunde erkennt an, dass Mimecast in einem solchen Fall die Web Security Evaluierungsdienste zum Schutz der eigenen Systeme so lange aussetzen darf, bis die Angelegenheit geklärt ist. Mimecast wird den Kunden nach Möglichkeit vorab über die Aussetzung der Evaluierungsdienste informieren.

5. Zusätzlicher Haftungsausschluss. MIMECAST SICHERT NICHT ZU, DASS DIE EVALUIERUNGSDIENSTE STETS ALLE GEWÜNSCHTEN ADRESSEN, E-MAILS, MALWARE-PROGRAMME, ANWENDUNGEN UND/ODER DATEIEN AUFSPÜREN ODER DEN ZUGRIFF DARAUS SPERREN ODER DASS ALLE DATENBANKEN SINNVOLL KATEGORISIERT WERDEN ODER DASS DIE IN DEN EVALUIERUNGSDIENSTEN VERWENDETEN ALGORITHMEN UNEINGESCHRÄNKT VOLLSTÄNDIG BZW. RICHTIG SIND.

 

C. Besondere Bedingungen für DMARC Analyzer Evaluierungsdienste

 

1. Host-Land. Die DMARC Analyzer Evaluierungsdienste werden (i) auf einer Plattform eines Drittanbieters gehostet, die sich in Irland befindet, und/oder (ii) verarbeiten Kundendaten, darunter personenbezogene Daten, in Irland. Der Kunde nimmt zur Kenntnis, dass die im Mimecast Trust Center aufgeführten Zertifizierungen, Bescheinigungen und Bewertungen für die DMARC Analyzer Evaluierungsdienste abweichen können. Darüber hinaus werden die DMARC Analyzer Evaluationsdienste nur für eine begrenzte Anzahl an Kundendomains angeboten.

2. Pflichten des Kunden. Der Kunde ist selbst dafür verantwortlich, alle gewünschten Domains zu den DMARC Analyzer Evaluierungsdiensten hinzuzufügen und für jede Domain einen DMARC-Eintrag im DNS zu veröffentlichen. Darüber hinaus hat der Kunde die von Mimecast verlangten DNS-Aktualisierungen vorzunehmen, soweit diese zumutbar sind.

 

D. Besondere Bedingungen für Brand Exploit Protect (BEP) Evaluierungsdienste

 

1. BEP-Dienste. Mithilfe der Brand Exploit Protect Evaluierungsdienste („BEP-Evaluierungsdienste“) sollen die Domains des

Kunden (jeweils eine „Domain“) davor geschützt werden, dass Dritte sie zur Erstellung und/oder Registrierung einer betrügerischen Website nutzen. Der Kunde muss jede zu schützende Domain gegenüber Mimecast schriftlich anzeigen; dabei kann der Kunde maximal die Anzahl von Domains schützen lassen, die in dem jeweiligen Evaluierungsauftrag angegeben ist. Es liegt in der Verantwortung des Kunden, Mimecast über alle Domains zu informieren, die zusätzlich zu schützen sind. Für zusätzliche Domains können zusätzliche Kosten anfallen. Der Mimecast Brand Exploit Protect Service wird in den Regionen Google GCP Belgien gehostet.

2. Deaktivierungen von Domains. Der Kunde erklärt sich damit einverstanden, dass Mimecast prüft, ob die Domains des Kunden unrechtmäßig und ohne Zustimmung des Kunden repliziert werden; bei einem Verdachtsfall lässt Mimecast sich vom Kunden bestätigen, dass es sich um eine unrechtmäßige und nicht vom Kunden autorisierte Replikation seiner Domain handelt. Auf der Grundlage dieser Bestätigung meldet Mimecast die gefälschte Domain zur Sperrung durch Fremddienstleister und wird an die Partei, die den Domain-Namen registriert hat, herantreten um die Deaktivierung oder Sperrung der gefälschten Domain (jeweils eine „Deaktivierung“) zu veranlassen. Die Verantwortung für alle Bestätigungen, die Mimecast vom Kunden in Bezug auf Deaktivierungen erhält, gleich ob schriftlich, über das Kundenkonto oder über die Mimecast-Administratorenkonsole, liegt beim Kunden. Für Deaktivierungen gelten die im Vertrag aufgeführten Regelungen für Professionelle Services. Die Anzahl von möglichen Deaktivierungen ergibt sich aus dem jeweiligen Serviceauftrag. Deaktivierungen werden per Eingang der jeweiligen Deaktivierungsanfrage gezählt und nicht erst nach erfolgreicher Durchführung der Deaktivierung. Mimecast stellt für BEP- Evaluierungsdienste rund um die Uhr Support zur Verfügung. 

3. Web Scraping Tracker. Im Entgelt für die BEP- Evaluierungsdienste ist ein beschränktes, nicht ausschließliches, nicht übertragbares Nutzungsrecht für ein Skript enthalten, das der Kunde während der vereinbarten Servicelaufzeit jeder Domain hinzufügen kann, sofern er diese Domain für seine internen Geschäftszwecke benutzt. („Web-Scraping Tracker“). Der Kunde ist allein für die Einbindung des Web Scraping Trackers in den Code der Kunden-Website verantwortlich. Die Rechte des Kunden sind auf die Rechte beschränkt, die ihm in diesen Evaluierungsbedingungen ausdrücklich eingeräumt werden. Mimecast behält sich alle Schutz- und Urheberrechte und das Eigentum an dem Web Scraping Tracker vor, und weder die vorliegende Vereinbarung, die Vertragsbedingungen noch die Erbringung der BEP- Evaluierungsdienste führen dazu, dass dem Kunden über das Nutzungsrecht hinaus gehende Rechte am Web Scraping Tracker eingeräumt werden. 

4. Zusätzliche Beschränkungen. Der Kunde verpflichtet sich dazu, (a) keine Domain bei Mimecast für die BEPEvaluierungsdienste registrieren zu lassen, es sei denn, diese Domain ist rechtmäßig im Besitz bzw. unter Kontrolle des Kunden, und (b) sich nicht an Maßnahmen zu beteiligen, von denen vernünftigerweise erwartet werden kann, dass sie zu einer Störung oder Unterbrechung der BEP-Evaluierungsdienste führen. Zusätzlich zu allen in der Vereinbarung vorgesehenen Schadensersatzpflichten stellt der Kunde Mimecast von allen Ansprüchen Dritter oder behördlichen Maßnahmen frei, die sich aus einem tatsächlichen oder mutmaßlichen Verstoß des Kunden gegen diese Ziffer D4 ergeben.

5. Zusätzlicher Haftungsausschluss. DIE NUTZUNG DES WEB SCRAPING TRACKERS ERFOLGT NACH EIGENEM ERMESSEN UND AUF EIGENES RISIKO DES KUNDEN, UND ALLEIN DER KUNDE IST FÜR ALLE DURCH DEN WEB SCRAPING TRACKER VERURSACHTEN SCHÄDEN AN DER DOMAIN VERANTWORTLICH.

 

 

E. Cybergraph Evaluierungsdienste - Ergänzende Bedingungen

 

1. Cybergraph Services. CyberGraph Services (auch bekannt als MessageControl Codebreaker und Silencer),

MessageControl Gatekeeper, Cybergraph Controlled Availability, Cybergraph für SEG und Misaddressed Email Protect Services (die

"Zusatzdienste”)

2. Die Zusatzdienste sollen dazu beitragen, den Kunden vor Identitätsangriffen zu schützen, indem sie versuchen, falsch adressierte E-Mails und Risiken innerhalb von E-Mail-Inhalten zu identifizieren und eingebettete E-Mail-Tracker abzufangen. Der Kunde erkennt an, dass die im Trust Center von Mimecast aufgeführten Zertifizierungen, Bescheinigungen und Bewertungen für die Zusatzdienste abweichen können.

3. Zusätzliche Verantwortlichkeiten und Einschränkungen. Der Kunde ist verantwortlich für (i) die Beschaffung und Wartung jeglicher Ausrüstung, die benötigt wird, um sich mit der jeweiligen Software und den Zusatzdiensten zu verbinden, auf sie zuzugreifen oder sie anderweitig zu nutzen ("Ausrüstung" umfasst Ausrüstung und weitere Hard-, Software und Services, einschließlich, aber nicht beschränkt auf Modems, Hardware, Dienste, Software-Betriebssysteme, Netzwerke, Webdienste und Ähnliches); (ii) Sicherstellung, dass die Zusatzdienste die regulatorischen Anforderungen des Kunden erfüllen, einschließlich, aber nicht beschränkt auf Anforderungen und Verpflichtungen in Bezug auf Datenschutz und Arbeitsrecht; (iii) Einholung aller erforderlichen Zustimmungen, Erlaubnisse und Befugnisse von Einzelpersonen oder Aufsichtsbehörden in Bezug auf alle Kundendaten, einschließlich, falls zutreffend, personenbezogener Daten, die bei der Nutzung der Zusatzdienste übertragen, verarbeitet und/oder analysiert werden, einschließlich des Rechts für Mimecast, diese Daten bei der Erstellung von Berichten und Analysen zu verwenden. Zusätzlich zu den in der Vereinbarung enthaltenen Entschädigungsverpflichtungen wird der Kunde Mimecast im Falle von Ansprüchen Dritter oder behördlichen Maßnahmen schadlos halten, verteidigen und entschädigen, die sich aus (i) der Verletzung (oder angeblichen Verletzung) dieses Abschnitts durch den Kunden ergeben; (ii) der Einhaltung von Anweisungen oder Weisungen des Kunden durch Mimecast.

4. Datenverarbeitungsvertrag. Wenn der Kunde keine DPA mit Mimecast abgeschlossen hat, erkennt er an und stimmt zu, dass dies in Übereinstimmung mit den Anwendbaren Datenschutzgesetzen für die Nutzung der Services und/oder der zusätzlichen Services durch den Kunden nicht erforderlich ist.

English
  • Select language...
  • English

Evaluation Agreement

 

This Evaluation Agreement (the “Agreement”) governs the use of the Mimecast Services for evaluation purposes unless a separate written agreement has been agreed with Mimecast for the purposes of evaluation of services, in which case such agreement will prevail. 

 

BY CLICKING ‘I ACCEPT’ YOU (i) AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT WHICH WILL FORM A BINDING CONTRACT BETWEEN MIMECAST AND THE CORPORATION, BUSINESS OR ENTITY YOU REPRESENT (THE “CUSTOMER”); AND (ii) REPRESENT AND WARRANT THAT YOU HAVE THE POWER AND AUTHORITY TO BIND THE CUSTOMER TO THIS AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, OR YOU DO NOT HAVE THE POWER AND AUTHORITY TO ACT ON BEAHLF OF AND BIND THE CUSTOMER, DO NOT PROCEED TO ACCEPT THE TERMS OR CONTINUE WITH THIS EVALUATION.

 

“Mimecast” means the Mimecast entity shown in the Evaluation Order (defined below) and “Hosting Jurisdiction” means the country where Customer Data is stored.

 

1 EVALUATION SERVICES. Subject to Customer’s compliance with the terms of this Agreement, Mimecast will make the evaluation services (the “Evaluation Services”) available to Customer for a period of 30 days (the “Evaluation Period”). The Evaluation Period may be extended by Mimecast in writing (including email). The Evaluation Services will be provided in accordance with the applicable services documentation at https://community.mimecast.com/community/knowledge-base (“Documentation”). The specific Evaluation Services subject to this Agreement, the Hosting Jurisdiction and number of Permitted Users or domains will be agreed in writing (including email) by Mimecast (“Evaluation Order”). For certain Evaluation Services, Supplemental Terms as set out in Appendix 1 shall apply. Notwithstanding the foregoing, the terms and conditions set out herein shall continue to apply for the duration of time that Mimecast stores or processes Customer Data provided in connection with the Evaluation Services. “Permitted Users” means individuals employed by or otherwise under Customer’s control and permitted to use the Evaluation Services.

 

2 EXISTING CUSTOMERS. If you are an existing Mimecast Customer and you have an agreement in place for the provision of the Mimecast Services (“Existing Agreement”), the terms of the Existing Agreement shall apply except as set out below:

2.1 Where Customer is provided Evaluation Services by Mimecast for evaluation purposes only, access to the Evaluation Services will be terminated upon expiration of the Evaluation Period, unless Customer enters into a paid subscription for the Evaluation Services on a non-trial basis prior to expiration of the Evaluation Period. Notwithstanding any provision to the contrary herein, in respect of the Evaluation Services Customer acknowledges and agrees that: (i) Mimecast has no obligation to retain Customer Data related to the Evaluation Services after termination or expiration of the Evaluation Period; (ii) either party may terminate the Evaluation Period immediately and without liability upon written notice to the other party; (iii) Mimecast’s service levels and support description do not apply to the Evaluation Services; (iv) the Evaluation Services are provided “as is”, and (v) notwithstanding anything included in this Agreement to the contrary, Mimecast shall have no indemnification obligations nor any liability of any type with respect to the Evaluation Services. 

2.2 Capitalized terms used but not otherwise defined in Section 2.1, shall have the meaning given in the Existing Agreement. Acceptance of this Agreement shall serve as an amendment to the Existing Agreement for the purposes of the Evaluation Services. Except as modified above, all terms and conditions of the Existing Agreement shall remain in full force and effect. In the event of any inconsistencies between the terms set out in Section 2.1 and any terms and conditions of the Existing Agreement with regards to the Evaluation Services, Section 2.1 shall prevail.

2.3 With the exception of Section 13 (Sandbox Environments), the remainder of this Evaluation Agreement shall not apply to Existing Customers.

 

3 OWNERSHIP. Mimecast and its third-party licensors will retain all ownership interest in and to the Evaluation Services and its underlying systems. Customer’s rights are limited to those expressly stated in this Agreement. Notwithstanding any provision herein to the contrary, nothing in this Agreement is intended to limit Customer’s liability in the event of Customer’s violation of the intellectual property rights of Mimecast and any claim with respect to such violation will not be deemed governed by this Agreement. Evaluation Services must not be used or accessed for the purposes of (i) building a competitive service or comparative features; or (ii) comparative analysis (including but not limited to benchmarking) intended for use outside the Customer’s organization.

 

4 TERMS OF USE – EVALUATION SERVICES.

4.1 Customer will: (i) use the Evaluation Services for its own internal business purposes; (ii) use the Evaluation Services as reasonably directed by Mimecast; (iii) allow only the agreed number of Permitted Users access and use of the Evaluation Services; (iv) implement and maintain reasonable and appropriate controls to ensure that user accounts are used only by the Permitted Users to whom they are assigned and to manage and monitor Permitted Users, including designating one or more administrators responsible for access control; (v) obtain and maintain any Equipment needed to connect to, access, or otherwise use the software and software services (“Equipment” shall include equipment and ancillary service including, but not limited to, modems, hardware, services, software, operating systems, networking, web services, and the like); (vi) ensure the Evaluation Services meet Customer’s regulatory requirements including, without limitation, requirements and obligations with regards to data privacy and employment laws; and (vii) obtain all necessary consents, permissions and authority from individuals or regulators in respect of all Customer Data, including, where applicable, Personal Data transferred, processed and/or analysed in the use of the Evaluation Services including the right for Mimecast Nov to use such data in the preparation of reports and analysis. 

4.2 Customer will not: (i) transfer, resell, license or otherwise make available the Evaluation Services to third parties; (ii) use the Evaluation Services in any manner that violates any applicable law or regulation (including but not limited to where Customer is required to obtain permissions or authorizations to permit Mimecast to perform its obligations hereunder); (iii) use the Evaluation Services in a manner that violates any industry standards concerning unsolicited email; (iv) not share any user authentication information and/or any user password with any third party; (v) use the Evaluation Services in a manner that introduces any viruses, malicious code, or any other items of a harmful nature; (vi) engage in any activity that could reasonably be expected to interfere with or disrupt the Evaluation Services (for example, an activity that causes Mimecast to be blacklisted by any internet service provider), (vii)license, sell rent, lease, transfer, grant rights in, or access to the Evaluation Services for commercial gain; or (viii) copy disseminate, allow unauthorized access to, disassemble, reverse engineer, or decompile the Evaluation Services, or any components thereof.

4.3 Customer is solely responsible for the acts or omissions of any user or Permitted User who obtains access to the Evaluation Services through Customer or Customer’s systems. Customer will notify Mimecast promptly if it becomes aware of any unauthorized access or use. If applicable, Customer will be granted a “Super Administrator” role for Customer’s Mimecast account, which will allow Customer full access to the Customer Data and the ability to configure the relevant account. Customer may assign a role to Mimecast which will allow Mimecast to access the Customer Data. In the event that such delegated access is provided, Customer will ensure that all necessary consents and authorisations have been obtained.

4.4 Customer will defend, indemnify, and hold harmless Mimecast in the event of any third-party claim or regulatory

action arising out of (i) Customer’s breach (or alleged breach) of the terms of Section 4.1, 4.2 and 4.3 herein; and/or (ii) Mimecast’s compliance with any Instructions or directions provided by Customer.

4.5 If Mimecast is prevented from or delayed in the performance of its obligations by any act or omission of Customer that is outside of Mimecast’s reasonable control, Mimecast shall not be deemed in breach of its obligations, but only to the extent that the basis for Mimecast’s breach arises directly or indirectly from such prevention or delay.

 

5. SUPPORT, SLA, AND IMPLEMENTATION SERVICES. Mimecast will provide support for Customer for installation and use of the Evaluation Services via telephone during normal business hours (“Support”). Mimecast will undertake commercially reasonable efforts to respond to all Customer inquiries promptly; however, Customer acknowledges and agrees that Mimecast’s service level agreement does not apply to Evaluation Services provided under this Agreement.

 

6. MIMECAST APPLICATIONS, APIs AND THIRD-PARTY SERVICES

6.1 Mimecast Applications. Mimecast may make applications available to use with the Evaluation Services via various

online marketplaces. Mimecast applications are licensed, not sold, to Customer. Customer’s license to use the applications is subject to Customer’s compliance with this Agreement and any associated end user license agreement made available via the application/marketplace. The term of Customer’s license to use the application is coterminous with this Agreement. For the avoidance of doubt, where made available, Mimecast applications fall under the definition of Evaluation Services hereunder.

6.2 Application Program Interfaces (“API”). Customer can enable certain Mimecast APIs to enable the Evaluation Services to work in conjunction with certain third-party services, systems, and/or applications. The process to gain access to an API’s will be made available to Customer upon request. Customer must register with Mimecast and provide the information requested. Customer is responsible for ensuring that the information provided to Mimecast to enable any API, is and remains accurate and up-todate. Mimecast may revoke access to any API at any time without notice to Customer if Mimecast, in its reasonable discretion believes necessary or appropriate. All access keys, authentication procedures, and data to which Customer gains access or which is provided to Customer in connection with Customer’s use of the API, excluding Customer Data, is the Confidential Information of Mimecast. If Customer chooses to transfer Customer Data via Mimecast APIs to third-parties, whether or not such third-parties are Mimecast technology partners, Mimecast is not responsible for the security of the Customer Data upon the Customer Data leaving the Mimecast environment and such transfer is on Customer’s own volition and risk. To the extent Customer uses the Mimecast APIs the provisions of this Section 6.2 shall apply to such use as if such APIs were included in the Evaluation Services.

6.3 Third-Party Services. To the extent Customer Data is retrieved from or provided by Third Party Services, Mimecast will not be liable for the condition of such Customer Data, including, but in no way limited to any such Customer Data that is retrieved from or provided by Third Party Services that is incorrect, incomplete, corrupt, or missing. “Third Party Services” means third party products, applications, APIs, web hooks, services, software, systems, directories, websites, databases and information which Customer may connect to, permit connection to (including without limitation, where such connection is necessary to enable the Services), or enable in conjunction with the Evaluation Services or Mimecast API connectors. Mimecast is not responsible for, and no representations or warranties are made regarding, Third Party Services.

 

7. DISCLAIMER. TO THE MAXIMUM EXTENT PERMITTED BY LAW AND WITHOUT LIMITING MIMECAST’S EXPRESS OBLIGATIONS UNDER THIS AGREEMENT, MIMECAST DISCLAIMS (TO THE EXTENT EXISTING IN LAW) ALL GUARANTEES, CONDITIONS, WARRANTIES AND REPRESENTATIONS, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE CONCERNING ANY SERVICES, SOFTWARE, DOCUMENTATION OR OTHER MATERIALS PROVIDED BY MIMECAST, INCLUDING BUT NOT LIMITED TO, THOSE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THE EVALUATION SERVICES DO NOT QUALIFY AS LEGAL OR EXPERT ADVICE. CUSTOMER SHOULD CONSIDER WHETHER THE EVALUATION SERVICES ARE APPROPRIATE FOR CUSTOMER’S NEEDS, AND WHERE APPROPRIATE, SEEK LEGAL OR EXPERT ADVICE. MIMECAST DOES NOT REPRESENT THAT THE EVALUATION SERVICES OR THE PROFESSIONAL SERVICES WILL ACHIEVE INTENDED RESULTS, BE UNINTERRUPTED OR ERROR FREE OR MEET CUSTOMER’S REQUIREMENTS. CUSTOMER ACKNOWLEDGES AND AGREES THAT REPORTS, GRAPHS, ANALYSES OR SIMILAR INFORMATION WHICH MAY BE PROVIDED AS PART OF THE SERVICES, ARE BASED ON INFORMATION KNOWN TO MIMECAST AT THE TIME AND PROVIDED FOR CUSTOMER’S INTERNAL BUSINESS PURPOSES ONLY. MIMECAST WILL USE REASONABLE EFFORTS TO PROVIDE ACCURATE AND UP-TO-DATE INFORMATION BUT MAKES NO GUARANTEE AS TO THE ACCURACY OR COMPLETENESS OF THE INFORMATION PROVIDED.

 

8. DATA PROTECTION 

8.1 Customer Data. “Customer Data” means the data provided by Customer for processing via the Evaluation Services including without limitation, the contents of the files, emails or messages sent by or to a Permitted User. “Personal Data” means Customer Data that relates to an identified or identifiable natural person. Except as otherwise set forth herein, Customer Data will be purged in accordance with Mimecast standard business practices following termination or expiration of this Agreement and Customer acknowledges that Mimecast has no obligation to retain Customer Data thereafter. Notwithstanding the foregoing, Customer Data does not Threat Data, as defined in Section 10.1, below.

8.2 Security. Mimecast will implement and maintain appropriate administrative, technical, organizational and physical security measures for each of the Evaluation Services, which are designed to protect Customer Data against unauthorized access, disclosure or loss. Customer acknowledges and agrees that, in the course of providing the Evaluation Services, Professional Services, and Support to Customer, it may be necessary for Mimecast to access Customer Data to respond to technical problems or Customer queries and to ensure the proper working of the Evaluation Services; such access may originate from any jurisdiction where Mimecast maintains Support personnel. Additional information about Mimecast security, including the locations from which Support is provided and a list of Mimecast’s certifications, attestations and assessments, is available at https://www.mimecast.com/company/mimecasttrust-center/ (the “Trust Center”). Mimecast may update the Trust Center from time to time.

8.3 Data Protection. As required by law or as otherwise agreed by the parties, additional data protection terms may be outlined in a separate data processing agreement between the parties (referred to herein as “Data Processing Terms”). The Data Processing Terms shall be incorporated into, and form an addendum to this Agreement. If there is any conflict between Sections 8.1 to 8.3 of this Agreement and the Data Processing Terms, the Data Processing Terms shall prevail. With respect to any Personal Data contained in Customer Data, Customer shall act as the accountable organization or the data controller and Mimecast shall act as the service provider or the data processor. Except as may be required by Applicable Data Protection Law, Mimecast will use and process the Personal Data solely in accordance with Customer’s Instructions. The “Instructions” are embodied in this Agreement and as may be additionally communicated by Customer to Mimecast in writing from time-to-time. Mimecast will process the Customer Data in compliance with Applicable Data Protection Law. For the purposes of this Section 8.3, “Applicable Data Protection Law” means one or more of the following data protection laws or regulations as applicable to the Processing of Personal Data by Mimecast under this Agreement: (i) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”); (ii) the United Kingdom (“UK”) Data Protection Act 2018 and the UK General Data Protection Regulation (“UK GDPR”); (iii) The (Singapore) Personal Data Protection Act 2012 (“PDPA”); (iv) the data protection regulations of the United States, including but not limited to, California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”); (v) the South Africa Protection of Personal Information Act (“POPIA”); (vi) the Australia Privacy Act No. 119 1988 (as amended), (vii) Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”); and (viii) any relevant law, statute, regulation, legislative enactment, order or other binding instrument that implements, supplements, or amends the foregoing. Where permitted by a lawful basis, Mimecast may process Personal Data in the United States or other countries or jurisdictions outside of the country where it was collected, as described on the Trust Center. Customer will comply with its obligations under all laws applicable to it as the accountable organization and/or data controller, including the responsibility for providing any requisite notice and obtaining any consent from Permitted Users for such processing and transfer of Personal Data, including international transfers.

 

9 CONFIDENTIALITY. “Confidential Information” means information designated by the party disclosing such information (“Disclosing Party”) as “confidential” or “proprietary” or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of the disclosure and includes information in whatever form (including written, oral, visual, or electronic form). If information is disclosed orally or visually, it must be identified by the Disclosing Party as confidential at the time of disclosure. Customer’s Confidential Information includes Customer Data. Mimecast’s Confidential Information includes, but is not limited to, all information related to the performance, functionality, and reliability of the Evaluation Services. Confidential Information does not include information that: (i) is or becomes generally known to the public through no fault of the party that receives such information from the Disclosing Party (“Receiving Party”); (ii) is in the Receiving Party’s possession prior to receipt from the Disclosing Party; (iii) is acquired by the Receiving Party from a third-party without breach of any confidentiality obligation to Disclosing Party; or (iv) is independently developed by Receiving Party without reference to the Disclosing Party’s Confidential Information. Confidential Information is and will remain the exclusive property of the Disclosing Party. In addition to any other obligations outlined in Section 8 herein, the Receiving Party will: (i) use Disclosing Party’s Confidential Information solely for the performance of the activities contemplated by this Agreement; (ii) disclose such information only to its employees, agents, and contractors who are bound by obligations of confidentiality at least as strict as those contained in this Section 9; (iii) protect Disclosing Party’s Confidential Information against unauthorized use or disclosure using the same degree of care it uses for its own Confidential Information, which in no event will be less than reasonable care; and (iv) upon written request, return (at Disclosing Party’s expense) or destroy all copies of the Disclosing Party’s Confidential Information that are in its possession or control. Notwithstanding any provision herein, if lawfully required by judicial or administrative order or otherwise, Receiving Party may disclose Confidential Information of Disclosing Party, provided, where lawfully permitted, Receiving Party provides reasonable prior written notice to Disclosing Party to permit Disclosing Party to seek a protective order. Receiving Party will reasonably cooperate in Disclosing Party’s activities in seeking such order, at Disclosing Party’s expense. Receiving Party will disclose only that information that is reasonably necessary to meet the applicable legal order or requirement.

 

10. THREAT DATA, MACHINE-LEARNING DATA AND AGGREGATED USAGE DATA.

The parties acknowledge and agree that Mimecast has no ownership rights to Customer Data. In accordance with this Agreement, Customer hereby grants to Mimecast all necessary rights and licenses to Process Customer Data, including Customer Data within Machine-Learning Data (as defined below), and Personal Data within Threat Data (as defined below) for the purposes of: (i) providing the Evaluation Services; (ii) improving threat detection, analysis, awareness, and prevention; and/or (iii) improving and developing the Mimecast services. 

10.1 Threat Data. As part of the Evaluation Services, Mimecast Processes certain Data reasonably identified to be

malicious, including, without limitation, data which may perpetuate data breaches, malware infections, cyberattacks or other threat activity (collectively, “Threat Data”). Mimecast processes Threat Data primarily through automated processes and may share limited Threat Data with Third Parties within the cybersecurity ecosystem for the purpose of improving threat detection, analysis, awareness and prevention. In certain instances, Threat Data may include Personal Data.

10.2 Machine-Learning Data. Primarily through automated pattern recognition designed to develop and improve the

efficacy and accuracy of our machine learning algorithms within the Evaluation Services, Mimecast processes Machine-Learning Data that may include Customer Data and other data that describes and/or gives information about Customer Data. “Machine-Learning Data” includes, but is not limited to metadata, files, URLs, derived features and other data. These machine-learning algorithms are hosted by Mimecast and/or Third-Party Subcontractors. The output of these machine learning algorithms is owned by Mimecast, does not contain Customer Data or Personal Data, and is anonymized and irreversible. Mimecast does not share Machine-Learning Data with third parties. 

10.3 Aggregated Usage Data. Mimecast processes certain aggregated data derived from the Evaluation Services,

including usage data, such as utilization statistics, reports, logs and information regarding spam, viruses and/or other malware (“Aggregated Usage Data”). Mimecast owns all Aggregated Usage Data.

 

11. FEEDBACK. Customer agrees to provide Feedback as reasonably requested by Mimecast. Such Feedback will include tracking and reporting all errors, defects and incompatibilities encountered during the Evaluation Period. Mimecast has an unlimited right to use such Feedback in any present or future form, format or manner it deems appropriate, without monetary or other compensation to Customer. “Feedback” means any information, comments, criticisms, reports or other feedback, whether in oral or written form, that Customer provides to Mimecast regarding the function, features and other characteristics of the Evaluation Services howsoever such Evaluation Services are provided, including without limitation where provided under a trial subscription, paid subscription, free of charge, early release, beta, pilot or general acquisition.

 

12 LIMITATION OF LIABILITY. 

12.1 Exclusion of Damages. EVALUATION SERVICES ARE PROVIDED “AS IS”. MIMECAST SHALL HAVE NO INDEMNIFICATION OBLIGATION, NOR ANY LIBAILITY OF ANY TYPE WITH RESPECT TO THE EVALUATION SERVICES..TO

THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY

WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), BREACH OF STATUTORY DUTY OR OTHERWISE FOR ANY 

INDIRECT, DAMAGES, INCLUDING, BUT NOT LIMITED TO (A) SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, (B) LOSS OF REVENUE OR PROFITS, (C) LOSS OF ANTICIPATED SAVINGS, (D) DAMAGE TO REPUTATION, (E) LOST MANAGEMENT TIME, (F) LOSS OR CORRUPTION OF DATA; OR (G) INCIDENTAL EXPENSES; OF ANY KIND WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR ANY OF THE EVALUATION SERVICES PROVIDED OR AGREED TO BE PROVIDED BY MIMECAST, EVEN IF THE PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR HAD OTHER REASON TO KNOW OR KNEW OF THE POSSIBILITY THEREOF. THIS SECTION 12 DOES NOT APPLY TO ANY AMOUNTS PAYABLE IN CONNECTION WITH THE INDEMNIFICATION OBLIGATIONS STATED HEREIN.

12.2 EXCLUSIONS. NOTWITHSTANDING THE TERMS OF ANY OTHER PROVISION OF THIS AGREEMENT, NEITHER PARTY'S LIABILITY IS EXCLUDED OR LIMITED BY THIS AGREEMENT IN THE EVENT OF: (A) DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE; (B) FRAUDULENT MISREPRESENTATION; OR (C) ANY OTHER LIABILITY WHICH MAY NOT LAWFULLY BE EXCLUDED OR LIMITED.

 

13. TERMINATION. Either party may terminate this Agreement for convenience or cause, immediately on giving written notice to the other party. Mimecast may suspend the Evaluation Services in the event Customer’s account is the subject of denial of service attacks, hacking attempts or other malicious activities, or Customer’s activities reasonably appear to be in breach of this Agreement. Mimecast will provide advance notice to Customer of such suspension where reasonably practicable. 

13.1 Restricted Party Screening. The parties acknowledge that Mimecast on a regular basis conducts a review of its customers to determine whether restrictions or sanctions apply with regards to transacting with them, including but not limited to, those referred to in Section 15.8, (“Restricted Party Screening” or “RPS”). If Mimecast considers, in its sole discretion, but acting reasonably based on its standard RPS process, that the results of the RPS in relation to Customer are unsatisfactory, Mimecast may terminate this Agreement and any Evaluation Order related hereto with immediate effect upon written notice to Customer. Upon termination pursuant to this Section 13.1, Mimecast shall have no further obligations to Customer hereunder.

 

14. SANDBOX ENVIRONMENTS. Mimecast may provide access to the Mimecast environment to enable Customer to test the Archiving, Secure Email Gateway and other Evaluation Services from time-to-time (each a “Sandbox Environment”). In the event such access is provided, Customer acknowledges and agrees that the Sandbox Environment is a shared platform and any reports generated and/or Customer Data (including but not limited to, email metadata and content) sent to or from the Sandbox Environment, will be visible to all other users granted access for evaluation purposes. The terms and conditions of this Evaluation Agreement including but not limited to Section 4 (Terms of Use – Evaluation Services), or for existing Customers, the terms of the Existing Agreement, shall apply to Customer’s access to and use of the Sandbox Environments, however the Hosting Jurisdiction for Archive Sandbox may differ. Customer further acknowledges that Customer’s corporate name may be visible to other users of the Sandbox Environment and therefore Customer may be identified as evaluating the Mimecast Services. Customer agrees that accessing Sandbox Environment shall be deemed consent to such disclosure. Customer will not transfer Personal Data, Protected Health Information (as defined under the US Health Insurance Portability and Accountability Act of 1996 (HIPAA)), payment card information, or any other confidential or protected information. Customer will not transmit any content which is or may be considered offensive or violates the rights of another. Customer shall defend, indemnify and hold Mimecast harmless in the event of any third-party claim relating to Customer Data sent to or from the Sandbox Environment by Customer.

 

15. GENERAL.

15.1 The following Section will survive termination of this Agreement: Section 3 (Ownership); Section 4 (Terms of Use – Evaluation Services); Section 7 (Disclaimer); Section 8 (Data Protection); Section 9 (Confidentiality); Section 10 (Threat Data, Machine -Learning Data, and Aggregated Usage Data); Section 11 (Feedback); Section 12 (Limitation of Liability); Section 15 (General); and Section 16 (Governing Law).

15.2 Neither party will be liable for any delay in performance or failure to perform its obligations under this Agreement due to any cause or event outside its reasonable control including, acts of God, civil or military authority, acts of war, accidents, thirdparty computer or communications failures, natural disasters or catastrophes, strikes or other work stoppages or any other cause beyond the reasonable control of the affected party.

15.3 Customer may not assign this Agreement in whole or in part without Mimecast’s prior written consent, which consent will not be unreasonably withheld. This Agreement will be binding upon the parties hereto and any authorized assigns. 

15.4 Any business communications in connection with this Agreement may be provided by email. Any legal notices relating to this Agreement may be provided by email to the receiving party with read receipt enabled. If (i) no confirmation of receipt is received for such notice, or (ii) the notice concerns the commencement of legal proceedings, notice must be provided to the receiving party in writing at the address provided by such party and sent by major commercial delivery courier service or mailed in a manner that requires signature by the recipient.

15.5 Each party hereby acknowledges that no reliance is placed on any representation not provided in this Agreement. No purchase order or other communication will add to or vary this Agreement. Except as expressly provided herein, any modification to this Agreement must be made in writing and signed by an authorized representative of each party. If any provision of this Agreement is held to be unenforceable, such provision will be reformed to the extent necessary to make it enforceable, and such holding will not impair the enforceability of the remaining provisions. Failure by a party to exercise any right hereunder or to insist upon or enforce strict performance of any provision of this Agreement will not waive such party's right to exercise that or any other right in the future.

15.6 This Agreement is entered into solely between, and may be enforced only by, Mimecast and Customer. This Agreement does not create any third-party rights or obligations thereto and any person who is not a party to this Agreement shall not have any rights or remedies under or in connection with it. Each party will be acting as an independent contractor, and nothing herein will be construed to create a partnership, joint venture or any type of agency relationship between Mimecast and Customer or any Permitted User. 

15.7 Mimecast acknowledges that any limitation of liability set forth in this Agreement is intended to apply only to the extent permitted by applicable law.

15.8 Each party agrees to comply with all applicable laws and regulations with respect to the export and import of the Evaluation Services, including but not limited to the regulations of the United States Department of Commerce and the United States Export Administration Act. Customer hereby warrants that Customer will not procure or facilitate the use of the Evaluation Services or allow the export or re-export of anything related to the Evaluation Services, in any region that is the subject or target of any U.S. or other national government financial and economic sanctions or trade embargoes or otherwise identified on a list of prohibited, sanctioned, debarred, or denied parties, including those imposed, administered or enforced from time to time by the U.S. government through the Office of Foreign Assets Control (“OFAC”) of the U.S. Department of Treasury, the Bureau of Industry and Security (“BIS”) of the U.S. Department of Commerce, or the U.S. Department of State, the United Nationals Security Council, the European Union, or Her Majesty’s Treasury of the United Kingdom (collectively, “Sanctions”), without having first obtained any required license or other government authorization or in any manner which would result in a violation of Sanctions or regulations with respect to the export and import of the Evaluation Services, by Customer or Mimecast

 

16 GOVERNING LAW 

 Hosting Jurisdiction  Mimecast Entity
 Governing Law

United States

Mimecast North America, Inc.             

This Agreement and any disputes hereunder will be governed by the laws of the Commonwealth of Massachusetts, without regard to its conflict of law principles, and any litigation concerning this Agreement shall be submitted to and resolved by a court of competent jurisdiction in Boston, Massachusetts. Notwithstanding the foregoing, either party may seek equitable, injunctive or declaratory relief to enforce any of its intellectual property rights or rights in the Customer Data or Confidential Information in any court of appropriate jurisdiction.

Where applicable, each party hereby waives its respective rights to a jury trial of any claim or cause of action relating to or arising out of this Agreement. This waiver is intended to encompass any and all disputes that may be filed in any court and that relate to the subject matter of this Agreement, including contract claims, tort claims, breach of duty claims and all other common law and statutory claims. Each party further represents and warrants that it has consulted with legal counsel concerning this waiver and that it provides this waiver knowingly and voluntarily.

United Kingdom

 

Germany (FOR FRENCH CUSTOMERS ONLY)

Mimecast Services Limited

This Agreement and any court proceedings shall be governed by the laws of England and Wales and held in England. Notwithstanding the foregoing, either party may seek equitable, injunctive or declaratory relief to enforce any of its intellectual property rights or rights in the Customer Data or Confidential Information in any court of appropriate jurisdiction.

With regards to any dispute, action or claim arising from this Agreement any Customer in any Middle East territory, if the United Kingdom courts refuse jurisdiction, the parties agree that such dispute shall be subject to the exclusive jurisdiction of the court of the Dubai International Financial Centre, Dubai, UAE. Where such a dispute relates to a claim for a sum within the limits specified by the Dubai International Financial Centre Small Claims Tribunal, then the dispute may be referred to the said Tribunal.

Ireland


Mimecast Entity will be the entity set out in the Evaluation Order.

South Africa

Mimecast South Africa (Pty) Limited

This Agreement and any disputes hereunder will be governed by the laws of the Republic of South Africa, without regard to its conflict of law principles. The parties hereby consent and submit to the non-exclusive jurisdiction of the South Gauteng High Court, Johannesburg for the purpose of all or any legal proceedings arising from or concerning this Agreement.

Australia

Mimecast Australia (Pty) Limited

governed by the federal laws of Australia and the State of Victoria and held in Melbourne, Australia. Section 6 (Disclaimer), any restriction herein on liability will apply only to the extent that they are consistent with non-excludable Australian laws and nothing in those Sections or this Agreement limit any consumer guarantees or other rights Customer may have under non-excludable Australian laws. Customer hereby consents to the jurisdiction of such courts over Customer and stipulates to the convenience, efficiency and fairness of proceeding in such courts, and covenant not to assert any objection to proceeding in such courts based on the alleged inconvenience, inefficiency or unfairness of such courts.

THE DISCLAIMER SET FORTH IN SECTION 6 DOES NOT EXCLUDE OR LIMIT ANY STATUTORY OR IMPLIED GUARANTEE, CONDITION OR WARRANTY THAT

MAY NOT BY OPERATION OF LAW BE EXCLUDED OR LIMITED. TO THE EXTENT PERMITTED BY LAW, MIMECAST LIMITS ITS LIABILITY UNDER ANY

STATUTORY OR IMPLIED CONDITION, WARRANTY OR GUARANTEE THAT

CANNOT BE EXCLUDED TO, AT THE OPTION OF MIMECAST, THE RESUPPLY OF THE EVALUATION SERVICES OR THE PAYMENT OF THE COST OF DOING THE SAME.

Canada

Mimecast Canada Limited

This Agreement shall be governed by and construed in accordance with the laws of the province of Ontario and the federal laws of Canada. Any legal action or proceeding arising out of or based upon these General Terms will be instituted in the courts of the province of Ontario, and each party irrevocably submits to the jurisdiction of such courts in any such action or proceeding. The parties irrevocably and unconditionally waive any objection to the laying of venue of any action or any proceeding in such courts and irrevocably waive and agree not to plead or claim in any such court that any such suit, action or proceeding brought in any such court has been brought in an inconvenient forum.

Singapore

Mimecast Singapore Pte Limited.

This Agreement shall be governed by and construed in accordance with the laws of Singapore. The Singapore courts shall have exclusive jurisdiction in relation to all disputes under this Agreement. For these purposes each party irrevocably submits to the jurisdiction of the Singapore courts and waives any objection to the exercise of that jurisdiction.

 

Appendix 1

Supplemental Terms

The Supplemental Terms set forth in this Appendix 1 are an addendum to and form part of the Agreement with Mimecast (the “Agreement”).

 

A. Awareness Training Evaluation Services 

1. Material. The Awareness Training Evaluation Services may include Material. “Material” includes collateral such as training materials, video training modules, user surveys, and user assessments made available to Customer by Mimecast hereunder. Mimecast and its third-party licensors will retain all ownership interest in and to the Material. 

2. Collateral. If Customer uploads Customer’s own written, photographic, and/or videographic collateral (“Collateral”) to Mimecast’s platform during the Awareness Training Evaluation Services, then Customer agrees that such Collateral: (i) will not infringe on the intellectual property rights or any rights related to publicity or the privacy of any third party; (ii) will not be defamatory, libelous, threatening or harassing in nature; and (iii) will not be in violation of applicable law (including those laws relating to obscenity or pornography). The requirements of this Section 2 are supplemental to, and not in replacement of, any other restrictions contained in these Supplemental Terms or the Agreement.

3. Customer Indemnification. Customer will defend, indemnify, and hold Mimecast harmless from any third party claim relating to Customer’s breach of Section A.2 herein. Mimecast will provide prompt written notice of the applicable claim to Customer, as reasonably requested by Customer and at Customer’s expense. Customer will not settle any such third party claim in a manner which requires Mimecast to admit fault or pay any monetary amounts of any type without Mimecast’s express prior permission. Customer acknowledges and agrees that any liability caps included in the Agreement do not apply to Customer’s obligations under this Section A. 

 

B. Web Security Evaluation Services Supplemental Terms

1. Customer Data. Due to the nature of the Web Security Evaluation Services, Section 7 is not applicable to the Web Security Evaluation Services.

2. Restrictions. Customer will not disable or circumvent any access control, authentication process or security procedure established with respect to the Web Security Evaluation Services. The requirements of this Section 2 are supplemental to, and not in replacement of, any other restrictions contained in these Supplemental Terms or the Agreement.

3. Indemnification. Customer will defend, indemnify, and hold Mimecast harmless from any third party claim relating to Customer’s breach of Section B.2 herein. Mimecast will provide prompt written notice of the applicable claim to Customer and cooperate in Customer’s defense, as reasonably requested by Customer and at Customer’s expense. Customer will not settle any such third party claim in a manner which requires Mimecast to admit fault or pay any monetary amounts of any type without Mimecast’s express prior permission. Customer acknowledges and agrees that any liability caps included in the Agreement do not apply to Customer’s obligations under this Section B.3.

4. Suspension of Evaluation Services. In addition to the ability to suspend the Evaluation Services under Section 12, Mimecast may suspend the Evaluation Services in the event Customer’s account is in violation of acceptable use policies set forth in the Support Description or Service Levels. Mimecast will work with Customer to resolve such matters as soon as possible. In such circumstances, to protect Mimecast’s own systems, Customer acknowledges that Mimecast may be required to suspend the Web Security Evaluation Services until the issues are resolved. Mimecast will provide advance notice to Customer of such suspension where reasonably practicable.

5. Additional Disclaimer. MIMECAST DOES NOT WARRANT THAT THE EVALUATION SERVICES WILL ALWAYS LOCATE

OR BLOCK ACCESS TO OR TRANSMISSION OF ALL DESIRED ADDRESSES, EMAILS, MALWARE, APPLICATIONS AND/OR FILES, OR THAT ALL DATABASES WILL BE APPROPRIATELY CATEGORIZED OR THAT THE ALGORITHMS USED IN THE EVALUATION SERVICES WILL BE FULLY COMPLETE OR ACCURATE.

 

C. DMARC Analyzer Evaluation Services Supplemental Terms

1. Hosting Jurisdiction. DMARC Analyzer Evaluation Services are (i) hosted on a third-party platform that is located in Ireland and/or (ii) processes Customer Data, including Personal Data, in Ireland. Customer acknowledges that the certifications, attestations and assessments listed on Mimecast’s Trust Center may differ for the DMARC Analyzer Evaluation Services. Further, the DMARC Analyzer Evaluation Services will be conducted on a limited number of Customer domains.

2. Customer Obligations. Customer is responsible for adding applicable domains to the DMARC Analyzer Evaluation Services and for publishing a DMARC record into the DNS for each such domain. Further, Customer must issue DNS updates as reasonably required by Mimecast.

 

D. Brand Exploit Protect Evaluation Services Supplemental Terms

1. BEP Services. The Brand Exploit Protect Evaluation Services (the “BEP Evaluation Services”) are designed to protect Customer’s domains (each, a “Domain”) from illegitimate use by a third-party to create and/or register an imposter website. Customer must identify each Domain to be protected in writing to Mimecast, up to the maximum number of Domains listed on the applicable Evaluation Order. It is Customer’s responsibility to inform Mimecast of any additional Domains to be protected. Additional Domains may be subject to additional fees. The Mimecast Brand Exploit Protect Service is hosted in Google GCP Belgium and Microsoft Azure Netherlands regions.

2. Takedowns. Customer acknowledges and agrees that Mimecast will monitor for replications of Customer’s Domains, and in the event of a discovered Domain replication Mimecast will seek confirmation from Customer that a discovered Domain is illegitimate and unauthorized by the Customer. With such confirmation, Mimecast will report the imposter Domain to third party blocking sites and approach third-party registrars to request that the imposter Domain be disabled or blocked (each, a “Takedown”). Customer may request a more advanced countermeasure (“Countermeasure”) which includes but is not limited to, a regular Takedown. Each request for Countermeasures is charged as 5 regular Takedowns. Customer shall be responsible for all confirmations provided to Mimecast with regards to Takedowns whether in writing or via confirmation within Customer’s account or Mimecast administrative console. Takedowns are treated as the Professional Services referenced in the Agreement and are limited to the number listed on the Evaluation Order. Due to the nature of the BEP Evaluation Services provided, personnel will be available 24/7 to provide Support for the BEP Evaluation Services. Takedowns will be charged per request received and not upon completion of a successful Takedown.

3. Web Scraping Tracker. The subscription fee for the BEP Evaluation Services includes a limited, non-exclusive, nontransferable usage license to a script that Customer may add to each Domain for Customer’s internal business purposes only during the Evaluation Period (each, a “Web Scraping Tracker”). Customer is solely responsible for deploying the Web Scraping Tracker to Customer’s website code. Customer’s rights are limited to those specifically granted to Customer herein. Mimecast reserves all right, title, interest and ownership of the Web Scraping Tracker, and Customer shall gain no right, title, interest or ownership in the Web Scraping Tracker as a result of these BEP Supplemental Terms, the Agreement or the provision of the BEP Evaluation Services.

4. Additional Restrictions. Customer will not (a) register any Domain with Mimecast for the BEP Evaluation Services, unless said Domain is owned or legally controlled by Customer; or (b) engage in any activity that could reasonably be expected to interfere with or disrupt the BEP Evaluation Services. In addition to any indemnification obligations contained in the Agreement, Customer will hold harmless, defend and indemnify Mimecast in the event of any third-party claim or regulatory action arising out of Customer’s breach (or alleged breach) of this Section D4.

5. Additional Disclaimer. USE OF THE WEB SCRAPING TRACKER IS AT CUSTOMER’S DISCRETION AND RISK AND CUSTOMER IS SOLELY RESPONSIBLE FOR ANY DAMAGE TO ANY DOMAIN CAUSED BY THE WEB SCRAPING TRACKER.

 

E. Cybergraph Evaluation Services Supplemental Terms

1. Cybergraph Services. CyberGraph Services (f/k/a MessageControl Codebreaker and Silencer), MessageControl Gatekeeper, Cybergraph Controlled Availability, Cybergraph for SEG, and Misaddressed Email Protect Services (the “Additional Services”)

2. The Additional Services are designed to help protect Customer from identity attacks by seeking to identify misaddressed emails and risks within email content and by intercepting embedded email trackers. Customer acknowledges that the certifications, attestations, and assessments listed on Mimecast’s Trust Center may differ for the Additional Services.

3. Additional Customer Responsibilities and Restrictions. Customer is responsible for (i) obtaining and maintaining any Equipment needed to connect to, access, or otherwise use the software and software services (“Equipment” shall include equipment and ancillary services including, but not limited to, modems, hardware, services, software operating systems, networking, web services, and the like); (ii) ensuring the Services meet Customer’s regulatory requirements including without limitation, requirements and obligations with regard to data privacy and employment laws; (iii) obtaining all necessary consents, permissions and authority from individuals or regulators in respect of all Customer Data, including, where applicable, Personal Data transferred, processed and/or analysed in the use of the Services, including the right for Mimecast to use such data in the preparation of reports and analyses. In addition to any indemnification obligations contained in the Agreement, Customer will hold harmless, defend and indemnify Mimecast in the event of any third-party claim or regulatory action arising out of (i) Customer’s breach (or alleged breach) of this Section 2; (ii) Mimecast’s compliance with any Instructions or directions provided by Customer.

4. Data Processing Agreement. If the Customer has not executed a DPA with Mimecast, Customer acknowledges and agrees that Personal Data is not processed through the Services and/or the Additional Services.

English
  • Select language...
  • English

Evaluation Agreement

 

This Evaluation Agreement (the “Agreement”) governs the use of the Mimecast Services for evaluation purposes unless a separate written agreement has been agreed with Mimecast for the purposes of evaluation of services, in which case such agreement will prevail. 

BY CLICKING ‘I ACCEPT’ YOU (i) AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT WHICH WILL FORM A BINDING CONTRACT BETWEEN MIMECAST AND THE CORPORATION, BUSINESS OR ENTITY YOU REPRESENT (THE “CUSTOMER”); AND (ii) YOU REPRESENT AND WARRANT THAT YOU HAVE THE POWER AND AUTHORITY TO BIND THE CUSTOMER TO THIS AGREEMENT. 

IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, OR YOU DO NOT HAVE THE POWER AND AUTHORITY TO ACT ON BEAHLF OF AND BIND THE CUSTOMER, DO NOT PROCEED TO ACCEPT THE TERMS OR CONTINUE WITH THIS EVALUATION.

Depending on which Services Customer orders, “Mimecast” refers to: 

• for Email Security, Cloud Integrated (and associated Services) → Mimecast Services Limited  

• for Email Security, Cloud Gateway and all other Services → Mimecast Germany GmbH. 

Hosting Jurisdiction” means the country where the Customer Data is stored.

 

1 EVALUATION SERVICES. Subject to Customer’s compliance with the terms of this Agreement, Mimecast will make the evaluation services (the “Evaluation Services”) available to Customer for a period of 30 days (the “Evaluation Period”). The Evaluation Period may be extended by Mimecast in writing (including email). The Evaluation Services will be provided in accordance with the applicable services documentation at https://community.mimecast.com/community/knowledge-base (“Documentation”). The specific Evaluation Services subject to this Agreement, the Hosting Jurisdiction and number of Permitted Users or domains will be agreed in writing (including email) by Mimecast (“Evaluation Order”). For certain Evaluation Services, Supplemental Terms as set out in Appendix 1 shall apply. Notwithstanding the foregoing, the terms and conditions set out herein shall continue to apply for the duration of time that Mimecast stores or processes Customer Data provided in connection with the Evaluation Services. “Permitted Users” means individuals employed by or otherwise under Customer’s control and permitted to use thee Evaluation Services.

 

2 EXISTING CUSTOMERS. If you are an existing Mimecast Customer and you have an agreement in place for the provision the Mimecast Services (“Existing Agreement”), the terms of the Existing Agreement shall apply except as set out below:

2.1 Where Customer is provided Evaluation Services by Mimecast for evaluation purposes only, access to the Evaluation Services will be terminated upon expiration of the Evaluation Period, unless Customer enters into a paid subscription for the Evaluation Services on a non-trial basis prior to expiration of the Evaluation Period. Notwithstanding any provision to the contrary herein, in respect of the Evaluation Services Customer acknowledges and agrees that: (i) Mimecast has no obligation to retain Customer Data related to the Evaluation Services after termination or expiration of the Evaluation Period; (ii) either party may terminate the Evaluation Period immediately and without liability upon written notice to the other party; (iii) Mimecast’s Service Levels and Support do not apply to the Evaluation Services; (iv) the Evaluation Services are provided “as is”, and (v) Mimecast shall have no indemnification obligations nor any liability of any type with respect to the Evaluation Services. Exclusion in 2.1 (v) shall not apply , in cases of liability for damages from injury to life, body or health, in the case of malice, intent or gross negligence on the part of Mimecast of its legal representatives or vicarious agents or to the extent as the Product Liability Act applies.

2.2 Capitalized terms used but not otherwise defined in Section 2.1, shall have the meaning given in the Existing Agreement. Acceptance of this Agreement shall serve as an amendment to the Existing Agreement for the purposes of the Evaluation Services. Except as modified above, all terms and conditions of the Existing Agreement shall remain in full force and effect. In the event of any inconsistencies between the terms set out in Section 2.1 and any terms and conditions of the Existing Agreement with regards to the Evaluation Services, Section 2.1 shall prevail.

2.3 With the exception of Section 13 (Sandbox Environments), the remainder of this Evaluation Agreement shall notapply to Existing Customers.

 

3 OWNERSHIP. Mimecast and its third-party licensors will retain all ownership interest in and to the Evaluation Services and its underlying systems. Customer’s rights in Evaluation Services are limited to those expressly stated in this Agreement. Notwithstanding any provision herein to the contrary, nothing in this Agreement is intended to limit Customer’s liability in the event of Customer’s violation of the intellectual property rights of Mimecast and any claim with respect to such violation will not be deemed governed by this Agreement. Evaluation Services must not be used or accessed for the purposes of (i) building a competitive service or comparative features; or (ii) comparative analysis (including but not limited to benchmarking) intended for use outside the Customer’s organization.

Agreement 01 Nov

 

4 TERMS OF USE – EVALUATION SERVICES.

4.1 Customer will: (i) use the Evaluation Services for its own internal business purposes; (ii) use the Evaluation Services as reasonably directed by Mimecast; (iii) allow only the agreed number of Permitted Users access and use the Evaluation Services; (iv) implement and maintain reasonable and appropriate controls to ensure that user accounts are used only by the Permitted Users to whom they are assigned and to manage and monitor Permitted Users, including designating one or more administrators responsible for access control; (v) obtain and maintain any Equipment needed to connect to, access, or otherwise use the software and software services (“Equipment” shall include equipment and ancillary service including, but not limited to, modems, hardware, services, software, operating systems, networking, web services, and the like); (vi) ensure the Evaluation Service meet Customer’s regulatory requirements including, without limitation, requirements and obligations with regards to data privacy and employment laws;  and (vii) obtain all necessary consents, permissions and authority from individuals or regulators in respect of all Customer Data, including, where applicable, Personal Data transferred, processed and/or analysed in the use of the Evaluation Services including the right for Mimecast to use such data in the preparation of reports and analysis. 

4.2 Customer will not: (i) transfer, resell, license or otherwise make available the Evaluation Services to third parties; (ii) use the Evaluation Services in any manner that violates any applicable law or regulation (including but not limited to where Customer is required to obtain permissions or authorizations to permit Mimecast to perform its obligations hereunder); (iii) use the Evaluation Services in a manner that violates any industry standards concerning unsolicited email; (iv) not share any user authentication information and/or any user password with any third party; (v) use the Evaluation Services in a manner that introduces any viruses, malicious code, or any other items of a harmful nature; (vi) engage in any activity that could reasonably be expected to interfere with or disrupt the Evaluation Services (for example, an activity that causes Mimecast to be blacklisted by any internet service provider), (vii). license, sell rent, lease, transfer, grant rights in, or access to the Evaluation Services for commercial gain; or (viii) copy disseminate, allow unauthorized access to, disassemble, reverse engineer, or decompile the Evaluation Services, or any components thereof.

4.3 Customer is solely responsible for the acts or omissions of any user or Permitted User who obtains access to the Evaluation Services through Customer or Customer’s systems. Customer will notify Mimecast promptly if it becomes aware of any unauthorized access or use. If applicable, Customer will be granted a “Super Administrator” role for Customer’s Mimecast account, which will allow Customer full access to the Customer Data and the ability to configure the relevant account. Customer may assign a role to Mimecast which will allow Mimecast to access the Customer Data. In the event that such delegated access is provided, Customer will ensure that all necessary consents and authorisations have been obtained.

4.4 Customer will defend, indemnify, and hold harmless Mimecast in the event of any third-party claim or regulatory

action arising out of (i) Customer’s breach (or alleged breach) of the terms of Section 4.1, 4.2 and 4.3 herein; and/or (ii) Mimecast’s compliance with any Instructions or directions provided by Customer.

4.5 If Mimecast is prevented from or delayed in the performance of its obligations by any act or omission of Customer

that is outside of Mimecast’s reasonable control, Mimecast shall not be deemed in breach of its obligations, but only to the extent that the basis for Mimecast’s breach arises directly or indirectly from such prevention or delay.

 

5. SUPPORT, SLA, AND IMPLEMENTATION SERVICES. Mimecast will provide support for Customer for installation and use of the Evaluation Services via telephone during normal business hours (“Support”). Mimecast will undertake commercially reasonable efforts to respond to all Customer inquiries promptly; however, Customer acknowledges and agrees that Mimecast’s service level agreement does not apply to Evaluation Services provided under this Agreement.

 

6. MIMECAST APPLICATIONS, APIs AND THIRD-PARTY SERVICES

6.1 Mimecast Applications. Mimecast may make applications available to use with the Evaluation Services via various online marketplaces. Mimecast applications are licensed, not sold, to Customer. Customer’s license to use the applications is subject to Customer’s compliance with this Agreement and any associated end user license agreement made available via the application/marketplace. The term of Customer’s license to use the application is coterminous with this Agreement. For the avoidance of doubt, where made available, Mimecast applications fall under the definition of Evaluation Services hereunder.

6.2 Application Program Interfaces (“API”). Customer can enable certain Mimecast APIs to enable the Evaluation Services to work in conjunction with certain third-party services, systems, and/or applications. The process to gain access to API’s will be made available to Customer upon request. Customer must register with Mimecast and provide the information requested. Customer is responsible for ensuring that the information provided to Mimecast to enable any API, is and remains accurate and up-to-date. Mimecast may revoke access to any API at any time without notice to Customer, if Mimecast, in its reasonable discretion believes necessary or appropriate. All access keys, authentication procedures, and data to which Customer gains access or which is provided to Customer in connection with Customer’s use of the API, excluding Customer Data, is the Confidential Information of Mimecast. If Customer chooses to transfer Customer Data via Mimecast APIs to third-parties, whether or not such third parties are Mimecast technology partners, Mimecast is not responsible for the security of the Customer Data upon the Customer Data leaving the Mimecast environment and such transfer is on Customer’s own volition and risk. To the extent Customer uses the Mimecast APIs the provisions of this Section 6.2 shall apply to such use as if such APIs were included in the Evaluation Services.

6.3 Third-Party Services. To the extent Customer Data is retrieved from or provided by Third Party Services, Mimecast will not be liable for the condition of such Customer Data, including, but in no way limited to any such Customer Data that is retrieved from or provided by Third Party Services that is incorrect, incomplete, corrupt, or missing. 

Third Party Services” means third party products, applications, APIs, web hooks, services, software, systems, directories, websites, databases and information which Customer may connect to, permit connection to (including without limitation, where such connection is necessary to enable the Services), or enable in conjunction with the Evaluation Services or Mimecast API connectors. Mimecast is not responsible for, and no representations or warranties are made regarding, Third Party Services.

 

7. DATA PROTECTION 

7.1 Customer Data. “Customer Data” means data provided by Customer for processing via the Evaluation Services including without limitation, the contents of the files, emails or messages sent by or to a Permitted User. “Personal Data” means Customer Data that relates to an identified or identifiable natural person. Except as otherwise set forth herein, Customer Data will be purged in accordance with Mimecast standard business practices following termination or expiration of this Agreement and Customer acknowledges that Mimecast has no obligation to retain Customer Data thereafter. Notwithstanding the foregoing, Customer Data does not include any data processed via the Services that is reasonably identified to be malicious, including, without limitation, data which may perpetuate data breaches, malware infections, cyberattacks or other threat activity (collectively, “Threat Data”). Threat Data is discussed further in Section 9(a).

7.2 Security. Mimecast will implement and maintain appropriate administrative, technical, organizational and physical

security measures for each of the Evaluation Services, which are designed to protect Customer Data against unauthorized access, disclosure or loss. Customer acknowledges and agrees that, in the course of providing the Evaluation Services, Professional Services, and Support to Customer, it may be necessary for Mimecast to access Customer Data to respond to technical problems or Customer queries and to ensure the proper working of the Evaluation Services; such access may originate from any jurisdiction where Mimecast maintains Support personnel. Additional information about Mimecast security, including the locations from which Support is provided and a list of Mimecast’s certifications, attestations and assessments, is available at https://www.mimecast.com/company/mimecasttrust-center/ (the “Trust Center”). Mimecast may update the Trust Center from time to time and shall notify Customer of material changes. 

7.3 Data Protection. As required by law or as otherwise agreed by the parties, additional data protection terms may be

outlined in a separate data processing agreement between the parties (referred herein as “Data Processing Terms”). The Data Processing Terms shall be incorporated into and form an addendum to this Agreement. If there is any conflict between Sections 7.1 to 7.3 of this Agreement and the Data Processing Terms, the Data Processing Terms shall prevail. With respect to any Personal Data contained in Customer Data, Customer shall act as the accountable organization, or the data controller and Mimecast shall act as the service provider or the data processor. Except as may be required by Applicable Data Protection Law, Mimecast will use and process the Personal Data solely in accordance with Customer’s Instructions. The “Instructions” are embodied in this Agreement and as may be additionally communicated by Customer to Mimecast in writing from time-to-time. Mimecast process the Customer Data in compliance with Applicable Data Protection Law. For the purposes of this Section 7.3, “Applicable Data Protection Law” means German Data Protection law and the General Data Protection Regulation (Regulation (EU) 2016/679) as applicable to the Processing of Personal Data by Mimecast under this Agreement. Customer acknowledges and agrees that Mimecast may process, transfer or copy Customer Data and Personal Data in the United States or other countries or jurisdictions outside of the country where it was collected , as described further at https://www.mimecast.com/company/mimecast-trust-center/ provided such transfer occurs under a valid transfer mechanism. Customer will comply with its obligations under all laws applicable to it as the accountable organization and/or data controller, including the responsibility for providing any requisite notice and obtaining any consent (if required) from Permitted Users for such processing and transfer of Personal Data, including international transfers.

 

8 CONFIDENTIALITY. “Confidential Information” means information designated by the party disclosing such information (“Disclosing Party”) as “confidential” or “proprietary” or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of the disclosure and includes information in whatever form (including written, oral, visual, or electronic form). If information is disclosed orally or visually, it must be identified by the Disclosing Party as confidential at the time of disclosure. Customer’s Confidential Information also includes Customer Data. Mimecast’s Confidential Information amongst includes, amongst other, all information related to the performance, functionality, and reliability of the Evaluation Services. Confidential Information does not include information that: (i) is or becomes generally known to the public through no fault of the party that receives such information from the Disclosing Party (“Receiving Party”); (ii) is in the Receiving Party’s possession prior to receipt from the Disclosing Party; (iii) is acquired by the Receiving Party from a third-party without breach of any confidentiality obligation to Disclosing Party; or (iv) is independently developed by Receiving Party without reference to the Disclosing Party’s Confidential Information. Confidential Information is and will remain the exclusive property of the Disclosing Party. In addition to any other obligations outlined in Section 7 herein, the Receiving Party will: (i) use Disclosing Party’s Confidential Information solely for the performance of the activities contemplated by this Agreement; (ii) disclose such information only to its employees, agents, and contractors who are bound by obligations of confidentiality at least as strict as those contained in this Section 8; (iii) protect Disclosing Party’s Confidential Information against unauthorized use or disclosure using the same degree of care it uses for its own Confidential Information, which in no event will be less than reasonable care; and (iv) upon written request, return (at Disclosing Party’s expense) or destroy all copies of the Disclosing Party’s Confidential Information that are in its possession or control. Notwithstanding any provision herein, if lawfully required by judicial or administrative order or otherwise, Receiving Party may disclose Confidential Information of Disclosing Party, provided, where lawfully permitted, Receiving Party provides reasonable prior written notice to Disclosing Party to permit Disclosing Party to seek a protective order. Receiving Party will reasonably cooperate in Disclosing Party’s activities in seeking such order, at Disclosing Party’s expense. Receiving Party will disclose only that information that is reasonably necessary to meet the applicable legal order or requirement.

 

9. THREAT DATA, MACHINE-LEARNING DATA AND AGGREGATED USAGE DATA.

The parties acknowledge and agree that Mimecast has no ownership rights to Customer Data. In accordance with this Agreement, Customer hereby grants to Mimecast all necessary rights and licenses to Process Customer Data, including Customer Data within Machine-Learning Data (as defined below), and Personal Data within Threat Data (as defined below) for the purposes of: (i) providing the Evaluation Services; (ii) improving threat detection, analysis, awareness, and prevention; and/or (iii) improving and developing the Mimecast services. 

a) Threat Data. As part of the Evaluation Services, Mimecast Processes certain data reasonably identified to be malicious,

including, without limitation, data which may perpetuate data breaches, malware infections, cyberattacks or other threat activity (collectively, “Threat Data”). Mimecast processes Threat Data primarily through automated processes and may share limited Threat Data with Third Parties within the cybersecurity ecosystem for the purpose of improving threat detection, analysis, awareness and prevention. In certain instances, Threat Data may include Personal Data.

b) Machine-Learning Data. Primarily through automated pattern recognition designed to develop and improve the

efficacy and accuracy of our machine learning algorithms within the Evaluation Services, Mimecast processes Machine-Learning Data that may include Customer Data and other data that describes and/or gives information about Customer Data, “Machine-Learning Data” includes, but is not limited to metadata, files, URLs, derived features and other data. These machine-learning algorithms are hosted by Mimecast and/or Third-Party Subcontractors. The output of these machine learning algorithms is owned by Mimecast, does not contain Customer Data or Personal Data, and is anonymized and irreversible. Mimecast does not share Machine-Learning Data with Third Parties. 

c) Aggregated Usage Data. Mimecast processes certain aggregated data derived from the Evaluation Services,

including usage data, such as utilization statistics, reports, logs and information regarding spam, viruses and/or other malware (“Aggregated Usage Data”). Mimecast owns all Aggregated Usage Data.

 

10. FEEDBACK. Customer agrees to provide Feedback as reasonably requested by Mimecast. Such Feedback will include tracking and reporting all errors, defects and incompatibilities encountered during the Evaluation Period. Mimecast has an unlimited right to use such Feedback in any present or future form, format or manner it deems appropriate, without monetary or other compensation to Customer. “Feedback” means any information, comments, criticisms, reports or other feedback, whether in oral or written form, that

Customer provides to Mimecast regarding the function, features and other characteristics of the Evaluation Services howsoever such Evaluation Services are provided, including without limitation where provided under a trial subscription, paid subscription, free of charge, early release, beta, pilot or general acquisition.

 

11 LIMITATION OF LIABILITY.

11.1 General. 

(a) Mimecast’s liability is unlimited to the extent such liability arises from Mimecast’s: (i) wilful misconduct; (ii) gross negligence; (iii) personal injury liability; or (iv) liability under the German Product Liability Act (Produkthaftungsgesetz), or a written assumption of a guarantee.

(b) Except for aforementioned Mimecast shall only be liable for damages caused by a breach of a “material contractual obligation”. Which shall be defined, as an obligation, that is essential for the agreed performance of the contract in the first place, the fulfilment of which the Customer can regularly rely on and which if breached may jeopardize the purpose of the contract being achieved. 

(c) In the event of Liability subject to section 11.1 (b) such liability shall be limited damages as one may typically expect to occur within the scope of the individual contract, but shall in no event exceed an amount equal to the greater of: (i) €85,000 or (ii) two times the fees paid by Customer to Mimecast (or Reseller) for the applicable Services during the twelve months immediately preceding the event giving rise to the claim. 

11.2 Exclusion.

Unless otherwise agreed, it is Customer’s responsibility to undertake proper and regular data back up and he shall be liable for damages caused by failure to do so. Mimecast's liability for loss of data shall be limited to the typical recovery effort that would have occurred if the data had been backed up regularly and at the appropriate risk.

11.3 Statute of Limitations.

Employee Liability. With respect to Section 11.1 (a) the statutory provisions of limitation in accordance with German Law shall apply. In all other cases, claims for damages shall be subject to a limitation period twelve (12) months, commencing with the date, that the damage occurred and the Customer becomes aware or should have become aware of its occurrence, but in no event later than three (3) years after the occurrence of the damage. 

To the extent that Mimecast's liability is excluded or limited under the foregoing provisions, this shall also apply for the benefit of Mimecast's employees in the event of direct claims by the customer against them.

 

12. TERMINATION. Either party may terminate this Agreement for convenience or cause, immediately on giving written notice to the other party. Mimecast may suspend the Evaluation Services in the event Customer’s account is the subject of denial of service attacks, hacking attempts or other malicious activities, or Customer’s activities reasonably appear to be in breach of this Agreement. Mimecast will provide advance notice to Customer of such suspension where reasonably practicable.

12.1 Restricted Party Screening. The parties acknowledge that Mimecast on a regular basis conducts a review of its customers to determine whether any restrictions or sanctions apply with regards to transacting with them, including but not limited to those also referred to in clause 14.8 - Export Restrictions ("Restricted Party Screening or "RPS"). If Mimecast considers, in its sole discretion, but acting reasonably based on its standard RPS process, that the results of the RPS in relation to Customer are unsatisfactory, Mimecast may terminate this Agreement and any Evaluation Order with immediate effect upon written notice to Customer. Upon termination pursuant to this 12.1 Section, Mimecast shall have no further obligations to Customer hereunder.

 

13. SANDBOX ENVIRONMENTS. Mimecast may provide access to the Mimecast environment to enable Customer to test the Archiving, Secure Email Gateway and other Evaluation Services from time-to-time (each a “Sandbox Environment”). In the event such access is provided, Customer acknowledges and agrees that the Sandbox Environment is a shared platform and any reports generated and/or Customer Data (including but not limited to, email metadata and content) sent to or from the Sandbox Environment, will be visible to all other users granted access for evaluation purposes. The terms and conditions of this Evaluation Agreement including but not limited to Section 4 (Terms of Use – Evaluation Services), or for existing Customers, the terms of the Existing Agreement, shall apply to Customer’s access to and use of the Sandbox Environments, however the Hosting Jurisdiction for Archive Sandbox may differ. Customer further acknowledges that Customer’s corporate name may be visible to other users of the Sandbox Environment and therefore Customer may be identified as evaluating the Mimecast Services. Customer agrees that accessing Sandbox Environment shall be deemed consent to such disclosure. Customer will not transfer Personal Data, Protected Health Information (as defined under the US Health Insurance Portability and Accountability Act of 1996 (HIPAA)), payment card information, or any other confidential or protected information. Customer will not transmit any content which is or may be considered offensive or violates the rights of another. Customer shall defend, indemnify and hold Mimecast harmless in the event of any third-party claim relating to Customer Data sent to or from the Sandbox Environment by Customer.

 

14. GENERAL.

14.1 The following Section will survive termination of this Agreement: Section 3 (Ownership); Section 4 (Terms of Use – Evaluation Services); Section 6 (Data Protection), Section 8 (Confidentiality); Section 9 (Threat Data, Machine -Learning Data, and Aggregated Usage Data); Section 10 (Feedback); Section 11 (Limitation of Liability); Section 14 (General); Section 15 (Governing Law); and Section 16 (Language). 

14.2 Neither party will be liable for any delay in performance or failure to perform its obligations under this Agreement

due to any cause or event outside its reasonable control including, acts of God, civil or military authority, acts of war, cyber warfare, pandemics, accidents, third-party computer or communications failures, natural disasters or catastrophes, strikes or other work stoppages or any other cause beyond the reasonable control of the affected party.

14.3 Customer may assign this Agreement in whole or in part to the acquirer of the business in the event of a sale or

merger of Customer. Otherwise, Customer shall only be entited to assign, pledge or otherwise dispose of claims to which it is entitled against Mimecast with Mimecast’s express written consent. The provision of § 354a Para. 1 HGB remains unaffected. This Agreement will be binding upon the parties hereto and any authorized assigns. 

14.4 Any business communications in connection with this Agreement may be provided by email. Any legal notices

relating to this Agreement may be provided by email to the receiving party with read receipt enabled. If (i) no confirmation of receipt is received for such notice, or (ii) the notice concerns the commencement of legal proceedings, notice must be sent to the receiving party in writing at the address provided or at the registered address of the receiving party by major commercial delivery courier service or mailed in a manner that requires signature by the recipient.

14.5 Each party hereby acknowledges that no reliance is placed on any representation not provided in this Agreement. No purchase order or other communication will add to or vary this Agreement. Except as expressly provided herein, any modification to this Agreement must be made in writing and signed by an authorized representative of each party. If any provision of this Agreement is held to be unenforceable, such provision will be reformed to the extent necessary to make it enforceable, and such holding will not impair the enforceability of the remaining provisions. Failure by a party to exercise any right hereunder or to insist upon or enforce strict performance of any provision of this Agreement will not waive such party's right to exercise that or any other right in the future.

14.6 This Agreement is entered into solely between, and may be enforced only by, Mimecast and Customer. This Agreement does not create any third-party rights or obligations thereto and any person who is not a party to this Agreement shall not have any rights or remedies under or in connection with it. Each party will be acting as an independent contractor, and nothing herein will be construed to create a partnership, joint venture or any type of agency relationship between Mimecast and Customer or any Permitted User. 

14.7 n/a 

14.8 Each party agrees to comply with all applicable laws and regulations with respect to the export and import of the

Services, including but not limited to the regulations of the United States Department of Commerce and the United States Export Administration Act. Customer hereby warrants that Customer will not procure or facilitate the use of the Evaluation Services or allow the export or re-export of anything related to the Evaluation Services, in any region that is the subject or target of any U.S. or other national government financial and economic sanctions or trade embargoes or otherwise identified on a list of prohibited, sanctioned, debarred, or denied parties, including those imposed, administered or enforced from time to time by the U.S. government through the Office of Foreign Assets Control (“OFAC”) of the U.S. Department of Treasury, the Bureau of Industry and Security (“BIS”) of the U.S. Department of Commerce, or the U.S. Department of State, the United Nationals Security Council, the European Union, or Her Majesty’s Treasury of the United Kingdom (collectively, “Sanctions”), without having first obtained any required license or other government authorization or in any manner which would result in a violation of Sanctions or regulations with respect to the export and import of the Evaluation Services, by Customer or Mimecast.

 

15. Governing Law

This Agreement and any disputes hereunder will be governed by the laws of the Federal Republic of Germany, without regard to its conflict of law principles, and any litigation concerning this Agreement shall be submitted to and resolved by a court of competent jurisdiction in Munich, Germany. Notwithstanding the foregoing, either party may seek equitable, injunctive, declaratory or other relief to enforce any of its intellectual property rights or rights in the Customer Data or Confidential Information in any court of appropriate jurisdiction.

 

16. Language. This Agreement may be used in a variety of languages. In the event of inconsistencies or lack of clarity between the German language and other language versions the English language version of this Agreement shall apply.

 

Appendix 1

Supplemental Terms

The Supplemental Terms set forth in this Appendix 1 are an addendum to and form part of the Agreement with Mimecast (the “Agreement”).

 

A. Awareness Training Evaluation Services 

1. Material. The Awareness Training Evaluation Services may include Material. “Material” includes collateral such as training materials, video training modules, user surveys, and user assessments made available to Customer by Mimecast hereunder. Mimecast and its third-party licensors will retain all ownership interest in and to the Material. 

2. Collateral. If Customer uploads Customer’s own written, photographic, and/or videographic collateral (“Collateral”) to Mimecast’s platform during the Awareness Training Evaluation Services, then Customer agrees that such Collateral: (i) will not infringe on the intellectual property rights or any rights related to publicity or the privacy of any third party; (ii) will not be defamatory, libelous, threatening or harassing in nature; and (iii) will not be in violation of applicable law (including those laws relating to obscenity or pornography). The requirements of this Section 2 are supplemental to, and not in replacement of, any other restrictions contained in these Supplemental Terms or the Agreement.

3. Customer Indemnification. Customer will defend, indemnify, and hold Mimecast harmless from any third-party claim relating to Customer’s breach of Section A.2 herein. Mimecast will provide prompt written notice of the applicable claim to Customer and cooperate in Customer’s defense, as reasonably requested by Customer and at Customer’s expense. Customer will not settle any such third-party claim in a manner which requires Mimecast to admit fault or pay any monetary amounts of any type without Mimecast’s express prior permission. Customer acknowledges and agrees that any liability caps included in the Agreement do not apply to Customer’s obligations under this Section A. 

 

B. Web Security Evaluation Services Supplemental Terms

1. Customer Data. Due to the nature of the Web Security Evaluation Services, Section 8 is not applicable to the Web Security Evaluation Services.

2. Restrictions. Customer will not disable or circumvent any access control, authentication process or security procedure established with respect to the Web Security Evaluation Services. The requirements of this Section 2 are supplemental to, and not in replacement of, any other restrictions contained in these Supplemental Terms or the Agreement.

3. Indemnification. Customer will defend, indemnify, and hold Mimecast harmless from any third party claim relating to Customer’s breach of Section B.2 herein. Mimecast will provide prompt written notice of the applicable claim to Customer and cooperate in Customer’s defense, as reasonably requested by Customer and at Customer’s expense. Customer will not settle any such third party claim in a manner which requires Mimecast to admit fault or pay any monetary amounts of any type without Mimecast’s express prior permission. Customer acknowledges and agrees that any liability caps included in the Agreement do not apply to Customer’s obligations under this Section B.3.

4. Suspension of Evaluation Services. In addition to the ability to suspend the Evaluation Services under Section 12, Mimecast may suspend the Evaluation Services in the event Customer’s account is in violation of acceptable use policies set forth in the Support Description or Service Levels. Mimecast will work with Customer to resolve such matters as soon as possible. In such circumstances, to protect Mimecast’s own systems, Customer acknowledges that Mimecast may be required to suspend the Web Security Evaluation Services until the issues are resolved. Mimecast will provide advance notice to Customer of such suspension where reasonably practicable

5. Additional Disclaimer. MIMECAST DOES NOT WARRANT THAT THE EVALUATION SERVICES WILL ALWAYS LOCATE OR BLOCK ACCESS TO OR TRANSMISSION OF ALL DESIRED ADDRESSES, EMAILS, MALWARE, APPLICATIONS AND/OR FILES, OR THAT ALL DATABASES WILL BE APPROPRIATELY CATEGORIZED OR THAT THE ALGORITHMS USED IN THE EVALUATION SERVICES WILL BE FULLY COMPLETE OR ACCURATE.

 

C. DMARC Analyzer Evaluation Services Supplemental Terms

1. Hosting Jurisdiction. DMARC Analyzer Evaluation Services are (i) hosted on a third-party platform that is located in Ireland and/or (ii) processes Customer Data, including Personal Data, in Ireland. Customer acknowledges that the certifications, attestations and assessments listed on Mimecast’s Trust Center may differ for the DMARC Analyzer Evaluation Services. Further, the DMARC Analyzer Evaluation Services will be conducted on a limited number of Customer domains. 

2. Customer Obligations. Customer is responsible for adding applicable domains to the DMARC Analyzer Evaluation Services and for publishing a DMARC record into the DNS for each such domain. Further, Customer must issue DNS updates as reasonably required by Mimecast.

 

D. Brand Exploit Protect Evaluation Services Supplemental Terms

1. BEP Services. The Brand Exploit Protect Evaluation Services (the “BEP Evaluation Services”) are designed to protect Customer’s domains (each, a “Domain”) from illegitimate use by a third-party to create and/or register an imposter website. Customer must identify each Domain to be protected in writing to Mimecast, up to the maximum number of Domains listed on the applicable Evaluation Order. It is Customer’s responsibility to inform Mimecast of any additional Domains to be protected. Additional Domains may be subject to additional fees. The Mimecast Brand Exploit Protect Service is hosted in Google GCP Belgium.

2. Takedowns. Customer acknowledges and agrees that Mimecast will monitor for replications of Customer’s Domains, and in the event of a discovered Domain replication Mimecast will seek confirmation from Customer that a discovered Domain is illegitimate and unauthorized by the Customer. With such confirmation, Mimecast will report the imposter Domain to third party blocking sites and approach third-party registrars to request that the imposter Domain be disabled or blocked (each, a “Takedown”). Customer shall be responsible for all confirmations provided to Mimecast with regards to Takedowns whether in writing or via confirmation within Customer’s account or Mimecast administrative console. Takedowns are treated as the Professional Services referenced in the Agreement and are limited to the number listed on the Evaluation Order. Due to the nature of the BEP Evaluation Services provided, personnel will be available 24/7 to provide Support for the BEP Evaluation Services. Takedowns will be charged per request received and not upon completion of a successful Takedown.

3. Web Scraping Tracker. The subscription fee for the BEP Evaluation Services includes a limited, non-exclusive, nontransferable usage license to a script that Customer may add to each Domain for Customer’s internal business purposes only during the Evaluation Period (each, a “Web Scraping Tracker”). Customer is solely responsible for deploying the Web Scraping Tracker to Customer’s website code. Customer’s rights are limited to those specifically granted to Customer herein. Mimecast reserves all right, title, interest and ownership of the Web Scraping Tracker, and Customer shall gain no right, title, interest or ownership in the Web Scraping Tracker as a result of these BEP Supplemental Terms, the Agreement or the provision of the BEP Evaluation Services.

4. Additional Restrictions. Customer will not (a) register any Domain with Mimecast for the BEP Evaluation Services, unless said Domain is owned or legally controlled by Customer; or (b) engage in any activity that could reasonably be expected to interfere with or disrupt the BEP Evaluation Services. In addition to any indemnification obligations contained in the Agreement, Customer will hold harmless, defend and indemnify Mimecast in the event of any third-party claim or regulatory action arising out of Customer’s breach (or alleged breach) of this Section D4.

5. Additional Disclaimer. USE OF THE WEB SCRAPING TRACKER IS AT CUSTOMER’S DISCRETION AND RISK AND CUSTOMER IS SOLELY RESPONSIBLE FOR ANY DAMAGE TO ANY DOMAIN CAUSED BY THE WEB SCRAPING TRACKER.

 

E. Cybergraph Evaluation Services Supplemental Terms

1. Cybergraph Services. CyberGraph Services (f/k/a MessageControl Codebreaker and Silencer), MessageControl Gatekeeper, Cybergraph Controlled Availability, Cybergraph for SEG, and Misaddressed Email Protect Services (the “Additional Services”)

2. The Additional Services are designed to help protect Customer from identity attacks by seeking to identify misaddressed emails and risks within email content and by intercepting embedded email trackers. Customer acknowledges that the certifications, attestations, and assessments listed on Mimecast’s Trust Center may differ for the Additional Services.

3. Additional Customer Responsibilities and Restrictions. Customer is responsible for (i) obtaining and maintaining any Equipment needed to connect to, access, or otherwise use the software and software services (“Equipment” shall include equipment and ancillary services including, but not limited to, modems, hardware, services, software operating systems, networking, web services, and the like); (ii) ensuring the Services meet Customer’s regulatory requirements including without limitation, requirements and obligations with regard to data privacy and employment laws; (iii) obtaining all necessary consents, permissions and authority from individuals or regulators in respect of all Customer Data, including, where applicable, Personal Data transferred, processed and/or analysed in the use of the Services, including the right for Mimecast to use such data in the preparation of reports and analyses. In addition to any indemnification obligations contained in the Agreement, Customer will hold harmless, defend and indemnify Mimecast in the event of any third-party claim or regulatory action arising out of (i) Customer’s breach (or alleged breach) of this Section 2; (ii) Mimecast’s compliance with any Instructions or directions provided by Customer.

4. Data Processing Agreement. If the Customer has not executed a DPA with Mimecast, Customer acknowledges and agrees that this is not required in accordance with Applicable Data Protection Laws for Customer’s use of the Service and/ or the Additional Services.

Frequently asked questions

Will I be charged for the trial?

There is no charge for the trial. You get all the features of Email Security, Cloud Integrated for 30 days. There is no credit card required and no obligation to buy. 

How long does the trial last?

The trial lasts for 30 days.

What countries are eligible for trial?

United States, United Kingdom, Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hong Kong, Hungary, Iceland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malaysia, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Ireland, Romania, Singapore, Slovakia, Slovenia, South Africa, Spain, Sweden, Switzerland, United Arab Emirates

What if I don't meet the trial qualifications?

If you don’t meet the trial qualifications don’t worry! We’ll be expanding the trial out to other regions and MX providers over the coming months. If you’re interested in learning about our other solutions use the chat function and a Mimecast representative will be happy to help. 

Can I cancel anytime?

Yes, you can cancel at any time.

Is the trial hard to uninstall after the 30 days?

No, there are just 3 simple steps to follow:

  1. Delete the Email Security, Cloud Integrated routing rules. 
  2. Delete the ‘From Mimecast’ and ‘To Mimecast’ Connectors.
  3. Delete the Mimecast Email Security application.

For additional products such as Mimecast’s Protection For Teams, Awareness Training and Sync & Recover, connectors and applications can be removed. For more information visit, the Knowledge Hub.

What’s the difference between Protect and Monitor mode?

Protect Mode

In Protect Mode actions will be taken automatically on all identified threats according to these default settings.

  • Malware - Block
  • Phishing - Quarantine
  • Untrustworthy - Quarantine
  • Spam - Move to Junk

  • Or

    Monitor Mode

    In Monitor Mode, Email Security, Cloud Integrated will observe mail flow and detect threats; however, threats will still be delivered to your environment.

    Can I try Email Security, Cloud Integrated with only a selected group of my end-users?

    Yes. In the trial set up process, you can choose to have Email Security, Cloud Integrated scan emails for all end-users or only a select group of them. You will also be able to choose whether you want Mimecast to block and remove the threats we detect or simply report on them.

    What other Mimecast products are included in the trial?

    What other Mimecast products are included in the trial?

    During the 30 day trial, you will have access to the following add on products for Cloud Integrated:

    • Collaboration Security: Enhanced protection for Microsoft collaboration products - Teams, SharePoint & OneDrive.
    • Awareness Training: Award-winning content and phishing simulation to improve the security awareness of employees.
    • Sync & Recover: Backup and quickly restore critical messages, whole inboxes and more.
    • DMARC Analyzer: Protect your brand and stop direct domain spoofing with actionable monitoring and efficient enforcement of DMARC standards.
    Back to Top