This Evaluation Agreement (the “Agreement”) governs the use of the Mimecast Services for evaluation purposes unless a separate written agreement has been agreed with Mimecast for the purposes of evaluation of services, in which case such agreement will prevail.
BY CLICKING ‘I ACCEPT’ YOU (i) AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT WHICH WILL FORM A BINDING CONTRACT BETWEEN MIMECAST AND THE CORPORATION, BUSINESS OR ENTITY YOU REPRESENT (THE “CUSTOMER”); AND (ii) YOU REPRESENT AND WARRANT THAT YOU HAVE THE POWER AND AUTHORITY TO BIND THE CUSTOMER TO THIS AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, OR YOU DO NOT HAVE THE POWER AND AUTHORITY TO ACT ON BEAHLF OF AND BIND THE CUSTOMER, DO NOT PROCEED TO ACCEPT THE TERMS OR CONTINUE WITH THIS EVALUATION.
“Mimecast” means the Mimecast entity shown in the Evaluation Order (defined below) and “Hosting Jurisdiction” means the jurisdiction in which the Evaluation Services (defined below) are provided, and Customer Data is stored.
1 EVALUATION SERVICES. Subject to Customer’s compliance with the terms of this Agreement, Mimecast will make the evaluation services (the “Evaluation Services”) available to Customer for a period of 30 days (the “Evaluation Period”). The Evaluation Period may be extended by Mimecast in writing (including email). The Evaluation Services will be provided in accordance with the applicable Services documentation at https://community.mimecast.com/community/knowledge-base (“Documentation”). The specific Evaluation Services subject to this Agreement, the Hosting Jurisdiction and number of Permitted Users or domains will be agreed in writing (including email) by Mimecast (“Evaluation Order”). For certain Evaluation Services, Supplemental Terms as set out in Appendix 1 shall apply. Notwithstanding the foregoing, the terms and conditions set out herein shall continue to apply for the duration of time that Mimecast stores or processes Customer Data provided in connection with the Evaluation Services. “Permitted Users” means individuals employed by or otherwise under Customer’s control and permitted to use thee Evaluation Services.
2 EXISTING CUSTOMERS. If you are an existing Mimecast Customer and you have an agreement in place for the provision the Mimecast Services (“Existing Agreement”), the terms of the Existing Agreement shall apply except as set out below:
2.1 Where Customer is provided Evaluation Services by Mimecast for evaluation purposes only, access to the Evaluation Services will be terminated upon expiration of the Evaluation Period, unless Customer enters into a paid subscription for the Evaluation Services on a non-trial basis prior to expiration of the Evaluation Period. Notwithstanding any provision to the contrary herein, in respect of the Evaluation Services Customer acknowledges and agrees that: (i) Mimecast has no obligation to retain Customer Data related to the Evaluation Services after termination or expiration of the Evaluation Period; (ii) either party may terminate the Evaluation Period immediately and without liability upon notice to the other party; (iii) Mimecast’s service levels and support description does not apply to the Evaluation Services; Mimecast’s maximum liability for any and all causes of action arising out of or relating to the Evaluation Services, whether in contract, tort, statute or otherwise, will be limited to $100 (or the equivalent in the currency of the applicable Hosting Jurisdiction at the time the claim arose).
2.2 Capitalized terms used but not otherwise defined in Section 2.1, shall have the meaning given in the Existing Agreement. Acceptance of this Evaluation Agreement shall serve as an amendment to the Existing Agreement for the purposes of the Evaluation Services. Except as modified above, all terms and conditions of the Existing Agreement shall remain in full force and effect. In the event of any inconsistencies between the terms set out in Section 2.1 and any terms and conditions of the Agreement with regards to the Evaluation Services, Section 2.1 shall prevail.
2.3 With the exception of Section 13 (Sandbox Environments), the remainder of this Evaluation Agreement shall not apply to Existing Customers.
3 OWNERSHIP. Mimecast and its third-party licensors will retain all ownership interest in and to the Evaluation Services and its underlying systems. Customer’s rights are limited to those expressly stated in this Agreement. Notwithstanding any provision herein to the contrary, nothing in this Agreement is intended to limit Customer’s liability in the event of Customer’s violation of the intellectual property rights of Mimecast and any claim with respect to such violation will not be deemed governed by this Agreement. Evaluation Services must not be used or accessed for the purposes of (i) building a competitive service or comparative features; or (ii) comparative analysis (including but not limited to benchmarking) intended for use outside the Customer’s organization.
4.1 Customer will: (i) use the Evaluation Services for its own internal business purposes; (ii) use the Evaluation Services as reasonably directed by Mimecast; (iii) allow only the agreed number of Permitted Users access and use the Evaluation Services; (iv) implement and maintain reasonable and appropriate controls to ensure that user accounts are used only by the Permitted Users to whom they are assigned and to manage and monitor Permitted Users, including designating one or more administrators responsible for access control; (v) obtain and maintain any Equipment needed to connect to, access, or otherwise use the software and software services (“Equipment” shall include equipment and ancillary service including, but not limited to, modems, hardware, services, software, operating systems, networking, web services, and the like); (vi) ensure the Evaluation Service meet Customer’s regulatory requirements including, without limitation, requirements and obligations with regards to data privacy and employment laws; (iii) obtaining all necessary consents, permissions and authority from individuals or regulators in respect of all Customer Data, including, where applicable, Personal Data transferred, processed and/or analysed in the use of the Evaluation Services including the right for Mimecast to use such data in the preparation of reports and analysis.
4.2 Customer will not: (i) transfer, resell, license or otherwise make available the Evaluation Services to third parties; (ii) use the Evaluation Services in any manner that violates any applicable law or regulation (including but not limited to where Customer is required to obtain permissions or authorizations to permit Mimecast to perform its obligations hereunder); (iii) use the Evaluation Services in a manner that violates any industry standards concerning unsolicited email; (iv) not share any user authentication information and/or any user password with any third party; (v) use the Evaluation Services in a manner that introduces any viruses, malicious code, or any other items of a harmful nature; or (vi) engage in any activity that could reasonably be expected to interfere with or disrupt the Evaluation Services (for example, an activity that causes Mimecast to be blacklisted by any internet service provider).
4.3 Customer is solely responsible for the acts or omissions of any user or Permitted User who obtains access to the Evaluation Services through Customer or Customer’s systems. Customer will notify Mimecast promptly if it becomes aware of any unauthorized access or use. If applicable, Customer will be granted a “Super Administrator” role for Customer’s Mimecast account, which will allow Customer full access to the Customer Data and the ability to configure the relevant account. Customer may assign a role to Mimecast which will allow Mimecast to access the Customer Data. In the event that such delegated access is provided, Customer will ensure that all necessary consents and authorisations have been obtained.
4.4 Customer will defend and indemnify Mimecast in the event of any third-party claim or regulatory action arising out of (i) Customer’s breach (or alleged breach) of the terms of Section 4.1, 4.2 and 4.3 herein; and/or (ii) Mimecast’s compliance with any Instructions or directions provided by Customer.
4.5 If Mimecast is prevented from or delayed in the performance of its obligations by any act or omission of Customer that is outside of Mimecast’s reasonable control, Mimecast shall not be deemed in breach of its obligations, but only to the extent that the basis for Mimecast’s breach arises directly or indirectly from such prevention or delay.
5. SUPPORT, SLA, AND IMPLEMENTATION SERVICES. Mimecast will provide support for Customer for installation and use of the Evaluation Services via telephone during normal business hours (“Support”). Mimecast will undertake commercially reasonable efforts to respond to all Customer inquiries promptly; however, Customer acknowledges and agrees that Mimecast’s service level agreement does not apply to Evaluation Services provided under this Agreement.
6. MIMECAST APPLICATIONS, APIs AND THIRD-PARTY SERVICES.
6.1 Mimecast Applications. Mimecast may make applications available to use with the Evaluation Services via various online marketplaces. Mimecast applications are licensed, not sold, to Customer. Customer’s license to use the applications is subject to Customer’s compliance with this Agreement and any associated end user license agreement made available via the application/marketplace. The term of Customer’s license to use the application is coterminous with this Agreement. For the avoidance of doubt, where made available, Mimecast applications fall under the definition of Evaluation Services hereunder.
6.2 Application Program Interfaces (“API”). Customer can enable certain Mimecast APIs by requesting a Customer specific application key (“Application Key”). In order to gain access to an Application Key, Customer must register with Mimecast and provide the information requested. Customer is responsible for ensuring that the information provided to Mimecast is and remains accurate and up-to-date. Mimecast can revoke the Application Key at any time without notice to Customer, to protect Mimecast services and customers. All access keys, authentication procedures, and data to which Customer gains access or which is provided to Customer in connection with Customer’s use of the API, excluding Customer Data, is the Confidential Information of Mimecast. In the event Customer chooses to transfer Customer Data via Mimecast APIs to third-parties, whether or not such third-parties are Mimecast technology partners, Mimecast is not responsible for the security of the Customer Data upon the Customer Data leaving the Mimecast environment and such transfer is on Customer’s own volition and risk. To the extent Customer uses the Mimecast APIs the provisions of this Section 6.2 shall apply to such use as if such APIs were included in the Evaluation Services. Mimecast is not responsible for, and no representations or warranties are made regarding, Third Party Services (as defined in Section 6.3 below).
6.3 Third-Party Services. To the extent Customer Data is retrieved from or provided by Third Party Services, Mimecast will not be liable for the condition of such Customer Data, including, but in no way limited to any such Customer Data that is retrieved from or provided by Third Party Services that is incorrect, incomplete, corrupt, or missing. “Third Party Services” means third party products, applications, APIs, web hooks, services, software, systems, directories, websites, databases and information which Customer may connect to, permit connection to (including without limitation, where such connection is necessary to enable the Services), or enable in conjunction with Mimecast Services or Mimecast API connectors.
7. DISCLAIMER. MIMECAST DISCLAIMS ALL GUARANTEES, CONDITIONS, WARRANTIES AND REPRESENTATIONS, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE CONCERNING ANY SERVICES, SOFTWARE, DOCUMENTATION OR OTHER MATERIALS PROVIDED BY MIMECAST, INCLUDING BUT NOT LIMITED TO, THOSE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THE EVALUATION SERVICES DO NOT QUALIFY AS LEGAL OR EXPERT ADVICE. CUSTOMER SHOULD CONSIDER WHETHER THE EVALUATION SERVICES ARE APPROPRIATE FOR CUSTOMER’S NEEDS, AND WHERE APPROPRIATE, SEEK LEGAL OR EXPERT ADVICE. MIMECAST DOES NOT REPRESENT THAT THE EVALUATION SERVICES OR THE PROFESSIONAL SERVICES WILL ACHIEVE INTENDED RESULTS, BE UNINTERRUPTED OR ERROR FREE OR MEET CUSTOMER’S REQUIREMENTS.
8. DATA PROTECTION
8.1 Customer Data. “Customer Data” means the data processed through Customer's use of the Evaluation Services including, where relevant to the Evaluation Services, the contents of the files and emails sent by or to Permitted Users. “Personal Data” means Customer Data that relates to an identified or identifiable natural person. Except as otherwise set forth herein, Customer Data will be purged in accordance with Mimecast standard business practices following termination or expiration of this Agreement and Customer acknowledges that Mimecast has no obligation to retain Customer Data thereafter.
8.2 Security. Mimecast will implement and maintain appropriate administrative, technical, organizational and physical security measures for each of the Evaluation Services to protect Customer Data against unauthorized access, disclosure or loss. Customer acknowledges and agrees that, in the course of providing the Evaluation Services, Professional Services, and Support to Customer, it may be necessary for Mimecast to access Customer Data to respond to technical problems or Customer queries and to ensure the proper working of the Evaluation Services; such access may originate from any jurisdiction where Mimecast maintains Support personnel. Additional information about Mimecast security, including the locations from which Support is provided and a list of Mimecast’s certifications, attestations and assessments, is available at https://www.mimecast.com/company/mimecast-trust-center/ (the “Trust Center”). Mimecast may update the Trust Center from time to time. Where required hereunder (or in accordance with any Data Processing Agreement), Mimecast shall notify Customer of any material changes.
8.3 Data Protection Laws. As required by law or as otherwise agreed by the parties, data protection measures may be described in more detail in a data processing agreement between the parties, which will be made supplementary to this Agreement (“Data Processing Agreement”). In the event of any conflict between this Agreement and the Data Processing Agreement, the Data Processing Agreement shall prevail. Mimecast acknowledges that, as between the parties, Customer owns and controls the right, title and interest in and to the Customer Data. With respect to any Personal Data contained in Customer Data, Customer acts as data controller and Mimecast acts as data processor. Mimecast will use and process the Personal Data solely in accordance with Customer’s Instructions, but solely during the Evaluation Period. The “Instructions” are embodied in this Agreement, the applicable Evaluation Order(s), and any applicable Data Processing Agreement, and as may be additionally communicated by Customer to Mimecast in writing from time-to-time. Mimecast will collect and protect the Customer Data in compliance with Applicable Law. “Applicable Law” means one or more of the following data protection laws or regulations as applicable to the Processing of Personal Data by Mimecast under this Agreement: (i) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”); (ii) the GDPR as incorporated into United Kingdom (“UK”) law by the Data Protection Act 2018 and amended by the Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU Exit) Regulations 2019 (“UK GDPR”); (iii) California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100 et seq. (“CCPA”); (iv) the South Africa Protection of Personal Information Act (“POPIA”); (v) the Australia Privacy Act No. 119 1988 (as amended), (vi) Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”); and
(vii) any law, regulation or order that implements the foregoing. Customer acknowledges and agrees that Mimecast may process, transfer or copy Customer Data and Personal Data in the United States or other countries or jurisdictions outside of the country where it was collected, as described further at https://www.mimecast.com/company/mimecast-trust-center/ provided such transfer occurs under a valid transfer mechanism. Customer is responsible for providing any requisite notice and obtaining any consent (if required) from Permitted Users for such processing and transfer of Personal Data, including international transfers.
9 CONFIDENTIALITY. “Confidential Information” means information designated by the party disclosing such information (“Disclosing Party”) as “confidential” or “proprietary” or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of the disclosure. Customer’s Confidential Information includes Customer Data. Mimecast’s Confidential Information includes any information related to the performance, functionality, and reliability of the Evaluation Services. Confidential Information does not include information that: (i) is or becomes generally known to the public through no fault of the party that receives such information from the Disclosing Party (“Receiving Party”); (ii) is in the Receiving Party’s possession prior to receipt from the Disclosing Party; (iii) is acquired by the Receiving Party from a third-party without breach of any confidentiality obligation to Disclosing Party; or (iv) is independently developed by Receiving Party without reference to the Disclosing Party’s Confidential Information. Confidential Information is and will remain the exclusive property of the Disclosing Party. In addition to any other obligations required of it under Section 8 herein, the Receiving Party will: (i) use Disclosing Party’s Confidential Information solely for the performance of the activities contemplated by these this Agreement; (ii) disclose such information only to its employees, agents, and contractors who are bound by obligations of confidentiality at least as strict as those contained in this Section 9; (iii) protect Disclosing Party’s Confidential Information against unauthorized use or disclosure using the same degree of care it uses for its own Confidential Information, which in no event will be less than reasonable care; and (iv) upon written request, return or destroy all copies of the Disclosing Party’s Confidential Information that are in its possession or control. Notwithstanding any provision herein, if lawfully required by judicial or administrative order or otherwise, Receiving Party may disclose Confidential Information of Disclosing Party. Provided, where lawfully permitted, Receiving Party provides reasonable prior written notice to Disclosing Party to permit Disclosing Party to seek a protective order. Receiving Party will reasonably cooperate in Disclosing Party’s activities in seeking such order, at Disclosing Party’s expense. Receiving Party will disclose only that information that is reasonably necessary to meet the applicable legal order or requirement.
10. THREAT DATA, MACHINE-LEARNING DATA AND AGGREGATED USAGE DATA.
10.1 Customer Data. The parties acknowledge and agree that Mimecast has no ownership rights to Customer Data. In accordance with this Agreement, Customer hereby grants to Mimecast a worldwide, irrevocable license to collect and process Customer Data, including certain Customer Data within Machine-Learning Data (as defined below), as well as Threat Data (as defined below) for the purposes of: (i) providing the Evaluation Services; (ii) improving threat detection, analysis, awareness, and prevention; and/or (iii) improving and developing the Mimecast services.
10.2 Threat Data. As part of the Services, Mimecast processes certain data reasonably identified to be malicious, including, without limitation, data which may perpetuate data breaches, malware infections, cyberattacks or other threat activity (collectively, “Threat Data”). Mimecast processes Threat Data primarily through automated processes and may share limited Threat Data with third parties within the cybersecurity ecosystem for the purpose of improving threat detection, analysis and awareness. Threat Data is not Customer Data but may include Personal Data.
10.3 Machine-Learning Data. Through automated processes designed to develop and improve our machine learning algorithms within the services we provide, Mimecast processes certain Customer Data and other data that describes and/or gives information about Customer Data, including but not limited to metadata, files, URLs, derived features and other data (“Machine- Learning Data”). We do not share Machine-Learning Data with Third Parties. Machine-Learning Data does not include full message content of Customer Data.
10.4 Aggregated Usage Data. Mimecast processes certain aggregated data derived from the Evaluation Services, including usage data, such as utilization statistics, reports, logs and information regarding spam, viruses and/or other malware (“Aggregated Usage Data”). Mimecast owns all Aggregated Usage Data.
11. FEEDBACK. Customer agrees to provide Feedback as reasonably requested by Mimecast. Such Feedback will include tracking and reporting all errors, defects and incompatibilities encountered during the Evaluation Period. Mimecast has an unlimited right to use such Feedback in any present or future form, format or manner it deems appropriate, without monetary or other compensation to Customer. “Feedback” means any information, comments, criticisms, reports or other feedback, whether in oral or written form, that Customer provides to Mimecast regarding the function, features and other characteristics of the Evaluation Services howsoever such Services are provided, including without limitation where provided under a trial subscription, paid subscription, free of charge, early release, beta, pilot or general acquisition.
12 LIMITATION OF LIABILITY.
12.1 Exclusion of Damages. TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), BREACH OF STATUTORY DUTY OR OTHERWISE FOR ANY (A) INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES, (B) LOSS OF PROFITS, (C) LOSS OF ANTICIPATED SAVINGS, OR (D) LOST MANAGEMENT TIME OF ANY KIND WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR ANY OF THE EVALUATION SERVICES PROVIDED OR AGREED TO BE PROVIDED BY MIMECAST, EVEN IF THE PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR HAD OTHER REASON TO KNOW OR KNEW OF THE POSSIBILITY THEREOF. THIS SECTION 12 DOES NOT APPLY TO ANY AMOUNTS PAYABLE IN CONNECTION WITH THE INDEMNIFICATION OBLIGATIONS STATED HEREIN.
12.2 LIABILITY CAP. EACH PARTY’S MAXIMUM LIABILITY FOR ANY AND ALL CAUSES OF ACTION ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE EVALUATION SERVICES, WHETHER IN CONTRACT, TORT, STATUTE OR OTHERWISE, WILL BE LIMITED TO $100 (OR THE EQUIVALENT IN THE CURRENCY OF THE APPLICABLE HOSTING JURISDICTION AT THE TIME THE CLAIM AROSE); PROVIDED THAT THE FOREGOING CAP WILL NOT APPLY TO: (I) THE INDEMNIFICATION OBLIGATIONS SET FORTH IN THIS AGREEMENT, (II) CUSTOMER’S OBLIGATIONS UNDER SECTION 4, OR
(III) EITHER PARTY’S GROSS NEGLIGENCE OR WILFUL MISCONDUCT.
12.3 EXCLUSIONS. NOTWITHSTANDING THE TERMS OF ANY OTHER PROVISION OF THIS AGREEMENT, NEITHER PARTY'S LIABILITY IS EXCLUDED OR LIMITED BY THIS AGREEMENT IN THE EVENT OF: (A) DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE; (B) FRAUDULENT MISREPRESENTATION; OR (C) ANY OTHER LIABILITY WHICH MAY NOT LAWFULLY BE EXCLUDED OR LIMITED.
13. TERMINATION. Either party may terminate this Agreement for convenience or cause, immediately on giving written notice to the other party. Mimecast may suspend the Evaluation Services in the event Customer’s account is the subject of denial of service attacks, hacking attempts or other malicious activities, or Customer’s activities reasonably appear to be in breach of this Agreement. Mimecast will provide advance notice to Customer of such suspension where reasonably practicable.
13.1 Restricted Party Screening. The parties acknowledge that Mimecast on a regular basis conducts a review of its customers to determine whether restrictions or sanctions apply with regards to transacting with them, including but not limited to, those referred to in Section 15.8, (“Restricted Party Screening” or “RPS”). In the event Mimecast considers, in its sole discretion, but acting reasonably based on its standard RPS process, that the results of the RPS in relation to Customer are unsatisfactory, Mimecast may terminate this Agreement and any Evaluation Order related hereto with immediate effect upon written notice to Customer. Upon termination pursuant to this Section 13.1, Mimecast shall have no further obligations to Customer hereunder.
15.2 Neither party will be liable for any delay in performance or failure to perform its obligations under this Agreement due to any cause or event outside its reasonable control including, acts of God, civil or military authority, acts of war, accidents, third- party computer or communications failures, natural disasters or catastrophes, strikes or other work stoppages or any other cause beyond the reasonable control of the affected party.
15.3 Customer may not assign this Agreement in whole or in part without Mimecast’s prior written consent, which consent will not be unreasonably withheld. This Agreement will be binding upon the parties hereto and any authorized assigns.
15.4 Any business communications in connection with this Agreement may be provided by email. Any legal notices relating to this Agreement must be provided in writing and sent to the receiving party at the address provided by such party. All notices will be sent by major commercial delivery courier service or mailed in a manner that requires signature by the recipient.
15.5 Each party hereby acknowledges that no reliance is placed on any representation not provided in this Agreement. No purchase order or other communication will add to or vary this Agreement. Except as expressly provided herein, any modification to this Agreement must be made in writing and signed by an authorized representative of each party. If any provision of this Agreement is held to be unenforceable, such provision will be reformed to the extent necessary to make it enforceable, and such holding will not impair the enforceability of the remaining provisions. Failure by a party to exercise any right hereunder or to insist upon or enforce strict performance of any provision of this Agreement will not waive such party's right to exercise that or any other right in the future.
15.6 This Agreement is entered into solely between, and may be enforced only by, Mimecast and Customer. This Agreement does not create any third-party rights or obligations thereto. Each party will be acting as an independent contractor, and nothing herein will be construed to create a partnership, joint venture or any type of agency relationship between Mimecast and Customer or any Permitted User.
15.7 Mimecast acknowledges that any limitation of liability set forth in this Agreement is intended to apply only to the extent permitted by applicable law.
15.8 Each party agrees to comply with all applicable laws and regulations with respect to the export and import of the Evaluation Services, including but not limited to the regulations of the United States Department of Commerce and the United States Export Administration Act. Customer hereby warrants that Customer will not procure or facilitate the use of the Evaluation Services in any region that is the subject or target of any U.S. or other national government financial and economic sanctions or trade embargoes or otherwise identified on a list of prohibited, sanctioned, debarred, or denied parties, including those imposed, administered or enforced from time to time by the U.S. government through the Office of Foreign Assets Control (“OFAC”) of the U.S. Department of Treasury, the Bureau of Industry and Security (“BIS”) of the U.S. Department of Commerce, or the U.S. Department of State, the United Nationals Security Council, the European Union, or Her Majesty’s Treasury of the United Kingdom (collectively, “Sanctions”), without having first obtained any required license or other government authorization or in any manner which would result in a violation of Sanctions by Customer or Mimecast
16 GOVERNING LAW
Mimecast North America, Inc.
This Agreement and any disputes hereunder will be governed by the laws of the Commonwealth of Massachusetts, without regard to its conflict of law principles, and any litigation concerning this Agreement shall be submitted to and resolved by a court of competent jurisdiction in Boston, Massachusetts. Notwithstanding the foregoing, either party may seek equitable, injunctive or declaratory relief to enforce any of its intellectual property rights or rights in the Customer Data or Confidential Information in any court of appropriate jurisdiction.
Where applicable, each party hereby waives its respective rights to a jury trial of any claim or cause of action relating to or arising out of this Agreement. This waiver is intended to encompass any and all disputes that may be filed in any court and that relate to the subject matter of this Agreement, including contract claims, tort claims, breach of duty claims and all other common law and statutory claims. Each party further represents and warrants that it has consulted with legal counsel concerning this waiver and that it provides this waiver knowingly and voluntarily.
Mimecast Services Limited
This Agreement and any court proceedings shall be governed by the laws of England and Wales and held in England. Notwithstanding the foregoing, either
party may seek equitable, injunctive or declaratory relief to enforce any of its
intellectual property rights or rights in the Customer Data or Confidential Information in any court of appropriate jurisdiction.
With regards to any dispute, action or claim arising from this Agreement any Customer in any Middle East territory, in the event that the United Kingdom courts refuse jurisdiction, the parties agree that such dispute shall be subject to the exclusive jurisdiction of the court of the Dubai International Financial Centre, Dubai, UAE. Where such a dispute relates to a claim for a sum within the limits specified by the Dubai International Financial Centre Small Claims Tribunal, then the dispute may be referred to the said Tribunal.
Mimecast Entity will be the entity set out in the Evaluation Order.
Mimecast South Africa (Pty) Limited
This Agreement and any disputes hereunder will be governed by the laws of the Republic of South Africa, without regard to its conflict of law principles. The parties hereby consent and submit to the non-exclusive jurisdiction of the South Gauteng High Court, Johannesburg for the purpose of all or any legal proceedings arising from or concerning this Agreement.
Mimecast Australia (Pty) Limited
This Agreement and any arbitration and court proceedings shall be governed by the federal laws of Australia and the State of Victoria and held in Melbourne, Australia. Section 6 (Disclaimer), any restriction herein on liability will apply only to the extent that they are consistent with non-excludable Australian laws and nothing in those Sections or this Agreement limit any consumer guarantees or other rights Customer may have under non-excludable Australian laws. Customer hereby consents to the jurisdiction of such courts over Customer and stipulates to the convenience, efficiency and fairness of proceeding in such courts, and covenant not to assert any objection to proceeding in such courts based on the alleged inconvenience, inefficiency or unfairness of such courts.
THE DISCLAIMER SET FORTH IN SECTION 6 DOES NOT EXCLUDE OR LIMIT ANY STATUTORY OR IMPLIED GUARANTEE, CONDITION OR WARRANTY THAT MAY NOT BY OPERATION OF LAW BE EXCLUDED OR LIMITED. TO THE EXTENT PERMITTED BY LAW, MIMECAST LIMITS ITS LIABILITY UNDER ANY STATUTORY OR IMPLIED CONDITION, WARRANTY OR GUARANTEE THAT CANNOT BE EXCLUDED TO, AT THE OPTION OF MIMECAST, THE RESUPPLY OF THE EVALUATION SERVICES OR THE PAYMENT OF THE COST OF DOING THE SAME.
Mimecast Canada Limited
This Agreement shall be governed by and construed in accordance with the laws of the province of Ontario and the federal laws of Canada. Any legal action or proceeding arising out of or based upon these General Terms will be instituted in the courts of the province of Ontario, and each party irrevocably submits to the jurisdiction of such courts in any such action or proceeding. The parties irrevocably and unconditionally waive any objection to the laying of venue of any action or any proceeding in such courts and irrevocably waive and agree not to plead or claim in any such court that any such suit, action or proceeding brought in any such court has been brought in an inconvenient forum.
Mimecast Singapore Pte Limited.
This Agreement shall be governed by and construed in accordance with the laws of Singapore. The Singapore courts shall have exclusive jurisdiction in relation to all disputes under this Agreement. For these purposes each party irrevocably submits to the jurisdiction of the Singapore courts and waives any objection to the exercise of that jurisdiction.
The Supplemental Terms set forth in this Appendix 1 are an addendum to and form part of the Agreement with Mimecast (the “Agreement”).
A. Awareness Training Evaluation Services
1. Material. The Awareness Training Evaluation Services may include Material. “Material” includes collateral such as training materials, video training modules, user surveys, and user assessments made available to Customer by Mimecast hereunder. Mimecast and its third-party licensors will retain all ownership interest in and to the Material.
2. Collateral. If Customer uploads Customer’s own written, photographic, and/or videographic collateral (“Collateral”) to Mimecast’s platform during the Awareness Training Evaluation Services, then Customer agrees that such Collateral: (i) will not infringe on the intellectual property rights or any rights related to publicity or the privacy of any third party; (ii) will not be defamatory, libelous, threatening or harassing in nature; and (iii) will not be in violation of applicable law (including those laws relating to obscenity or pornography). The requirements of this Section 2 are supplemental to, and not in replacement of, any other restrictions contained in these Supplemental Terms or the Agreement.
3. Customer Indemnification. Customer will defend, indemnify, and hold Mimecast harmless from any third party claim relating to Customer’s breach of Section A.2 herein. Mimecast will provide prompt written notice of the applicable claim to Customer, as reasonably requested by Customer and at Customer’s expense. Customer will not settle any such third party claim in a manner which requires Mimecast to admit fault or pay any monetary amounts of any type without Mimecast’s express prior permission. Customer acknowledges and agrees that any liability caps included in the Agreement do not apply to Customer’s obligations under this Section A.
B. Web Security Evaluation Services Supplemental Terms
1. Customer Data. Due to the nature of the Web Security Evaluation Services, Section 7 is not applicable to the Web Security Evaluation Services.
2. Restrictions. Customer will not disable or circumvent any access control, authentication process or security procedure established with respect to the Web Security Evaluation Services. The requirements of this Section 2 are supplemental to, and not in replacement of, any other restrictions contained in these Supplemental Terms or the Agreement.
3. Indemnification. Customer will defend, indemnify, and hold Mimecast harmless from any third party claim relating to Customer’s breach of Section B.2 herein. Mimecast will provide prompt written notice of the applicable claim to Customer and cooperate in Customer’s defense, as reasonably requested by Customer and at Customer’s expense. Customer will not settle any such third party claim in a manner which requires Mimecast to admit fault or pay any monetary amounts of any type without Mimecast’s express prior permission. Customer acknowledges and agrees that any liability caps included in the Agreement do not apply to Customer’s obligations under this Section B.3.
4. Suspension of Evaluation Services. In addition to the ability to suspend the Evaluation Services under Section 12, Mimecast may suspend the Evaluation Services in the event Customer’s account is in violation of acceptable use policies set forth in the Support Description or Service Levels. Mimecast will work with Customer to resolve such matters as soon as possible. In such circumstances, to protect Mimecast’s own systems, Customer acknowledges that Mimecast may be required to suspend the Web Security Evaluation Services until the issues are resolved. Mimecast will provide advance notice to Customer of such suspension where reasonably practicable
5. Additional Disclaimer. MIMECAST DOES NOT WARRANT THAT THE EVALUATION SERVICES WILL ALWAYS LOCATE OR BLOCK ACCESS TO OR TRANSMISSION OF ALL DESIRED ADDRESSES, EMAILS, MALWARE, APPLICATIONS AND/OR FILES, OR THAT ALL DATABASES WILL BE APPROPRIATELY CATEGORIZED OR THAT THE ALGORITHMS USED IN THE EVALUATION SERVICES WILL BE FULLY COMPLETE OR ACCURATE.
C. DMARC Analyzer Evaluation Services Supplemental Terms
1. Hosting Jurisdiction. DMARC Analyzer Evaluation Services are (i) hosted on a third-party platform that is located in Ireland and/or (ii) processes Customer Data, including Personal Data, in Ireland. Customer acknowledges that the certifications, attestations and assessments listed on Mimecast’s Trust Center may differ for the DMARC Analyzer Evaluation Services. Further, the DMARC Analyzer Evaluation Services will be conducted on a limited number of Customer domains.
2. Customer Obligations. Customer is responsible for adding applicable domains to the DMARC Analyzer Evaluation Services and for publishing a DMARC record into the DNS for each such domain. Further, Customer must issue DNS updates as reasonably required by Mimecast.
D. Brand Exploit Protect Evaluation Services Supplemental Terms
1. BEP Services. The Brand Exploit Protect Evaluation Services (the “BEP Evaluation Services”) are designed to protect
Customer’s domains (each, a “Domain”) from illegitimate use by a third-party to create and/or register an imposter website. Customer must identify each Domain to be protected in writing to Mimecast, up to the maximum number of Domains listed on the applicable Evaluation Order. It is Customer’s responsibility to inform Mimecast of any additional Domains to be protected. Additional Domains may be subject to additional fees. The Mimecast Brand Exploit Protect Service is hosted in Google GCP Belgium and Microsoft Azure Netherlands regions.
2. Takedowns. Customer acknowledges and agrees that Mimecast will monitor for replications of Customer’s Domains, and in the event of a discovered Domain replication Mimecast will seek confirmation from Customer that a discovered Domain is illegitimate and unauthorized by the Customer. With such confirmation, Mimecast will report the imposter Domain to third party blocking sites and approach third-party registrars to request that the imposter Domain be disabled or blocked (each, a “Takedown”). Customer may request a more advanced countermeasure (“Countermeasure”) which includes but is not limited to, a regular Takedown. Each request for Countermeasures is charged as 5 regular Takedowns. Customer shall be responsible for all confirmations provided to Mimecast with regards to Takedowns whether in writing or via confirmation within Customer’s account or Mimecast administrative console. Takedowns are treated as the Professional Services referenced in the Agreement and are limited to the number listed on the Evaluation Order. Due to the nature of the BEP Evaluation Services provided, personnel will be available 24/7 to provide Support for the BEP Evaluation Services. Takedowns will be charged per request received and not upon completion of a successful Takedown.
3. Web Scraping Tracker. The subscription fee for the BEP Evaluation Services includes a limited, non-exclusive, non-
transferable usage license to a script that Customer may add to each Domain for Customer’s internal business purposes only during the Evaluation Period (each, a “Web Scraping Tracker”). Customer is solely responsible for deploying the Web Scraping Tracker to Customer’s website code. Customer’s rights are limited to those specifically granted to Customer herein. Mimecast reserves all right, title, interest and ownership of the Web Scraping Tracker, and Customer shall gain no right, title, interest or ownership in the Web Scraping Tracker as a result of these BEP Supplemental Terms, the Agreement or the provision of the BEP Evaluation Services.
4. Additional Restrictions. Customer will not (a) register any Domain with Mimecast for the BEP Evaluation Services, unless said Domain is owned or legally controlled by Customer; or (b) engage in any activity that could reasonably be expected to interfere with or disrupt the BEP Evaluation Services. In addition to any indemnification obligations contained in the Agreement, Customer will hold harmless, defend and indemnify Mimecast in the event of any third-party claim or regulatory action arising out of Customer’s breach (or alleged breach) of this Section D4.
5. Additional Disclaimer. USE OF THE WEB SCRAPING TRACKER IS AT CUSTOMER’S DISCRETION AND RISK AND
CUSTOMER IS SOLELY RESPONSIBLE FOR ANY DAMAGE TO ANY DOMAIN CAUSED BY THE WEB SCRAPING TRACKER.
E. Cybergraph Evaluation Services Supplemental Terms
1. Cybergraph Services. CyberGraph Services (f/k/a MessageControl Codebreaker and Silencer), MessageControl Gatekeeper, Cybergraph Controlled Availability, Cybergraph for SEG, and Misaddressed Email Protect Services (the “Additional Services”)
2. The Additional Services are designed to help protect Customer from identity attacks by seeking to identify misaddressed emails and risks within email content and by intercepting embedded email trackers. Customer acknowledges that the certifications, attestations, and assessments listed on Mimecast’s Trust Center may differ for the Additional Services.
3. Additional Customer Responsibilities and Restrictions. Customer is responsible for (i) obtaining and maintaining any Equipment needed to connect to, access, or otherwise use the software and software services (“Equipment” shall include equipment and ancillary services including, but not limited to, modems, hardware, services, software operating systems, networking, web services, and the like); (ii) ensuring the Services meet Customer’s regulatory requirements including without limitation, requirements and obligations with regard to data privacy and employment laws; (iii) obtaining all necessary consents, permissions and authority from individuals or regulators in respect of all Customer Data, including, where applicable, Personal Data transferred, processed and/or analysed in the use of the Services, including the right for Mimecast to use such data in the preparation of reports and analyses. In addition to any indemnification obligations contained in the Agreement, Customer will hold harmless, defend and indemnify Mimecast in the event of any third-party claim or regulatory action arising out of (i) Customer’s breach (or alleged breach) of this Section 2; (ii) Mimecast’s compliance with any Instructions or directions provided by Customer.
4. Data Processing Agreement. If the Customer has not executed a DPA with Mimecast, Customer acknowledges and agrees that Personal Data is not processed through the Services and/or the Additional Services.