1. Scope of application

These terms and conditions of delivery are applicable to all products and services (“Services”) delivered by Cyber Intelligence House Pte. Ltd. (“Supplier”) to a Customer unless the Customer and the Supplier have specifically agreed otherwise in writing.

The Supplier may update the terms of these Terms and Conditions from time to time in our sole discretion; the Supplier will provide Customer with written notice of any material change, and Customer’s renewal of their Subscription following such updates constitutes acceptance of the same.

2. Performance of the Services and general obligations of the parties

2.1 The contents and scope of the Services are determined in accordance with the service agreement entered into between the Customer and the Supplier. Unless otherwise specifically agreed in writing, the Services are fully provided in accordance with the best specialists as well as best suitable methods, premises, tools, connections and working methods determined by the Supplier. The Supplier shall provide the Services in accordance with the service agreement and with due care and professional skills required by the task.

2.2 The Customer shall, in good time before the estimated starting date, provide sufficient and correct information in order for the Supplier to perform the Services.

2.3 The Customer undertakes to find out and be responsible for approvals of third parties, e.g. co-operation partners, its clients and authorities, as well as be responsible for prior notifications to such third parties. The Customer has also the above-mentioned responsibility in relation to its own organization and employees finding out and obtaining the approvals and notifying the third parties as mentioned in this section 2.3.

2.4 The Customer represents, warrants and undertakes that it has the legal capacity, powers and right to implement the Services and that the use of Services has been arranged in accordance with the law and that the Services are used only for purposes allowed by the law.

2.5 The Customer authorises the Supplier to perform the services and the Supplier is responsible for the delivery of the Services agreed in accordance with section 2.1.

2.6 The Services shall be made available by Supplier to the Customer, subject to any unavailability caused by circumstances beyond Suppliers reasonable control, including any force majeure events as contemplated in Section 9 and any computer, communications, Internet service or hosting facility failures or delays involving hardware, software, power or other systems not within Suppliers possession or reasonable control, and denial of service attacks.

2.7 It is acknowledged that the Services may be temporarily limited, interrupted or curtailed due to maintenance, repair, modifications, upgrades or relocation, or for Supplier to rectify any situation that Supplier considers that immediate rectification is required (collectively, the “Downtime”). In the circumstances, Supplier shall use its best endeavours to provide Customer with timely updates on the resumption of the Services.

3. Deliverables of the Services and their acceptance

3.1 The deliverable of the Services is the performance of the agreed Services to the Customer in accordance with the service agreement.

3.2 The Customer decides and is responsible for the implementation, application and use in its own activities of the Services and the deliverables of the Services, including information given about data exposure and correction recommendations of the Supplier. Due to the changing interpretations and practices in relation to data security, data protection and processing of personal data in legislation and regulations and in particular in relation to the decisions of governmental authorities, the Supplier strives to act in the best possible way and in accordance with the best practices and interpretations known to it at the time.

4. Prices and invoices

4.1 The pricing of the Services is agreed in the service agreement. If the Customer fails to pay the invoice by the due date, the Customer shall pay the Supplier interest at the rate of 15% per annum from the due date until the date of full payment.

5. Use of the Service

5.1 The Customer is granted a non-exclusive, non-transferable licence, during the Term, to use and access the Service, solely in its own internal business (including internal business of the companies belonging to the same group of companies or that of its affiliates) in order to correct the observed errors or defects. The Customer has no right to utilize the Services or final report in other ways, nor perform corresponding Services to third parties.

5.2 The Customer understands that the methods used to perform the Services and methods used to describe the final results are business secrets of the Supplier, the disclosure of which to third parties may cause the Supplier considerable damage, disadvantage, costs and loss of business.

5.3 The Customer agrees that the Service, all software, hardware, algorithms, all Exposure Data as defined below, methodologies, and other technology used by the Supplier to provide the Service, and all intellectual property and proprietary rights in all of the foregoing, is the exclusive property of the Supplier. All rights not expressly granted to the Customer are reserved to the Supplier. “Exposure Data” means all information that is generated, collected, developed, produced, or created through the functions of the Service. Subject to the terms and conditions of the Agreement, the Supplier hereby grants to the Customer a non-exclusive, non-transferable license to access and download the Exposure Data using the Service, during the term of the Agreement solely for its internal business purposes.

5.4 The Customer shall supervise and control use of the Service and ensure that the Service is used by the Customer’s employees and representatives in accordance with the terms of this Agreement; not provide or otherwise make available the Service in whole or in part in any form to any person other than the Customer’s employees and representatives without prior written consent from Supplier;

5.5 The Customer shall ensure that its access credentials for the Service are stored securely at all times and only used by those employees of the Customer that are expressly authorised by the Customer to access the Service and are not shared with any other person. The Customer shall take all reasonable steps to prevent any unauthorised access to the Service and will immediately notify Supplier if it becomes aware of any such access.

5.6 Where the Service involves the provision of any form of weakness, threat or vulnerability identification against defined Assets, the Customer shall only direct the Service against Assets owned by the Customer or a third party where the Customer has explicit authorisation from such third party to do so.

6. Confidentiality

6.1 The parties undertake to keep confidential all materials and information received from each other which have been marked as confidential or which has to be understood confidential due to their nature. The parties undertake to use such information received from each other only for the purpose agreed in the service agreement.

6.2 The professional skills and experience acquired in connection with the delivery do not belong to the scope of confidentiality. The confidentiality obligation does not cover materials and information which are publicly available or belong otherwise to public domain, or which a party has in a verifiable way received from a third party without breach of any confidentiality obligation, or which in a verifiable way was in the possession of the recipient party without breach of any confidentiality obligation before receipt of the materials or information from the other party, or which a party has wholly and independently developed without utilizing the materials and information received from the other party.

7 Technical data security test

7.1 Where the scope of service involves the burdening of the network connections, data systems, hardware, software and components of the Customer as well as penetration attacks carried out by the Supplier, the objects described may as a consequence of these measures be damaged. The Supplier is not responsible in any way for damage caused this way or for other consequences for any part.

7.2 In addition to what has been stated in section 7.1 above, the Customer understands and accepts that

a) no network, hardware, system, software or component is completely free from defects or safe;

b) the Service and its final report as well as possible correction suggestions are based on the information available to the Supplier and on its best judgment at the time of performance;

c) due to the nature of the Service, the Service or the reports handed over to the Customer accordingly, as well as other deliverables such as correction suggestions do not include any warranty over the safety of the object of the Service or the accuracy of the information; and

d) the Customer is alone responsible for the protection and secrecy of all the received testing information, such as information about vulnerability of its systems, received through final report, correction suggestions or in any other possible manner, and of consequences of data leaks belonging to its scope of liability.

7.3 The Customer is alone responsible for all parts, both during the performance of the Service and thereafter, for its own data and other systems, including used cloud and other services, network services and all hardware and software products and components (“System”), the rights connected to the System and their permanence, the availability and usability of the System and the correctness, accuracy and durability of the information contained by the System.

8. Limitations of liability

8.1 The maximum liability of the Supplier for direct costs and damages caused to the Customer is 50% of the price for the Services agreed in the service agreement exclusive value added tax. Neither party shall be liable for any indirect or consequential damage. Indirect or consequential damage shall mean loss of profits, economic loss or damage caused due to decrease or interruption in turnover or production.

8.2 The limitations of liability shall not apply to damage which has been caused by willful conduct or gross negligence. In addition, the limitations of liability shall not cover damages caused by the breach of provisions in section 5 (Use of the Service) or section 6 (Confidentiality).

8.3 For the avoidance of any doubt, it is noted that the Supplier is not responsible for any damage caused to a contracting party of a Customer or to a third party, but that such damage remains the sole responsibility of a Customer.

9. Force majeure

9.1 A party is released from those contractual obligations, the fulfilment of which becomes impossible due to reason of an impediment beyond its reasonable control (“force majeure”). Such force majeure event shall include occurrences independent from the parties, which are surprising and unusual, preventing the fulfillment of contractual obligations according to the service agreement, which a party could not have reasonably taken into account at the time of the execution of the service agreement and which consequences a party could not reasonably have avoided or overcome.

9.2 The provisions in section 9.1 are also applicable to the Supplier when its subcontractor or co-operation partner used in performing the Services meets an impediment beyond reasonable control.

9.3 A party invoking force majeure under this section 9 shall notify the other party of such occurrence and the consequential termination of the service agreement without undue delay.

10. Term of the service agreement and other provisions

10.1 The service agreement shall be entered into in writing between the Supplier and the Customer. The service agreement becomes effective when executed by both parties. The parties may communicate with each other, by email or other comparable way in writing, regarding the execution of the service agreement or any amendments to the service agreement.

10.2 Neither party may assign or transfer its rights or obligations in the service agreement or any part thereof to a third party without the prior written approval of the other party. Nothing in this section 10.2 shall prohibit the Supplier from engaging or appointing any subcontractor or co-operation partner to perform the Services.

10.3 A party may terminate the service agreement with immediate effect by a written notification, if the other party has materially breached the contract terms and has not rectified the relevant breach within 30 days from the date of a written notification concerning the same.

10.4 The obligations in sections 2.3, 2.4, 3.2, 5, 6, 7, 8 and 11 shall remain in force notwithstanding the termination of the service agreement.

11. Security and Data Privacy.

Customer agrees that the Supplier may process performance, usage, consumption, and Personal Data about Customer and Customer’s Users’ use of the Services in accordance with its Privacy Policy. Each party will comply with its respective obligations under applicable data protection legislation and will maintain appropriate administrative, physical, technical, and organizational measures that provide an appropriate level of security for Confidential Information (defined above in section 6) and Customer Data.

12. Governing law and dispute resolution

12.1 The service agreement and these terms and conditions between the parties shall be construed in accordance with and governed by the laws of Singapore without reference to any conflict of laws provision thereof that directs the application of the laws of another jurisdiction.

12.2 Any dispute, controversy or claim arising out of or relating to the service agreement and these terms and conditions between the parties, or the breach, termination or validity thereof, shall be referred to and finally settled by arbitration administered by the Singapore International Arbitration Centre (“SIAC”) in accordance with the Arbitration Rules of the Singapore International Arbitration Centre for the time being in force, which rules are deemed to be incorporated by reference in this clause. The arbitration shall consist of one (1) arbitrator to be appointed by the Chairman of the SIAC. The seat of arbitration shall be Singapore. The language of the arbitration shall be English.