EULA
End User License Agreement
PLEASE READ THIS END USER LICENSE AGREEMENT (“EULA”) CAREFULLY BEFORE
INSTALLING OR ACCESSING/USING THE SOFTWARE. BY INSTALLING, ACCESSING, OR USING THE SOFTWARE, YOU ARE
AGREEING TO BE BOUND BY THE TERMS OF THIS LICENSE. IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE,
DO NOT INSTALL, ACCESS, OR USE THE SOFTWARE AND (IF APPLICABLE) RETURN THIS SOFTWARE TO THE PLACE WHERE YOU
OBTAINED IT. IN THE EVENT THIS SOFTWARE IS PURCHASED BY LICENSEE ON BEHALF OF ITS EMPLOYEES, THE LICENSEE
REPRESENTS THAT LICENSEE IS LIABLE FOR THE ACTS AND OMISSIONS UNDER THIS EULA FOR ALL OF ITS EMPLOYEES.
This End-User License Agreement (EULA) is a legal agreement between Shield Alliance registered at RM 1202 Capital CTR-19 Jardine’s Bazaar Causeway Bay, Hongkong
(Licensor) and you (Licensee) for access and use of OhPhish Phishing Simulation OhPhish Reporter,
OhPhish Quizzer ‘Mobile Applications and OhPhish Learning Management software (together referred
to as “Software as a Service”) subject to the terms and conditions of this EULA.
- Grant of License by Licensor:
- Subject to the terms and conditions of this EULA and/or payment of applicable
license and/or subscription fees, Licensor hereby grants to Licensee a revocable, non-exclusive,
non-transferable license to access and use Software as a Service only for internal business use and not
for resale, unless Licensee is a legal and authorized reseller of Licensor, pursuant to a contract
executed by both parties stating Licensee is an authorized reseller. The Software as a Service is licensed to you and not sold.
Additional restrictions and/or terms on use of the Software as a Service may be specified in the
applicable Order Form and the Licensee agrees to be bound by such additional restrictions and/or terms.
Licensee may use the Software as a Service solely to train no more than the number of Licensee’s
employees specified in the applicable Order Form. Access will be provided only to employees of Licensee
and independent contractors acting as authorized agents of Licensee accessing the Software as a Service
from the domains listed in the applicable Order Form. This EULA does not authorize the Licensee in any
way to use and access the Software as a Service as a platform to launch fake cyber security attack
campaigns, attack the system and/or abuse any person or entity and/or commit any fraudulent activities
such as email fraud, spam mail fraud, access device fraud, identify theft, bank fraud, wire fraud,
computer fraud and abuse, privacy protection, email fraud, spam etc. and/or infringe any
third-party’s intellectual property rights and/or launching.
- Subject to the terms and conditions of this EULA and/or payment of applicable
license and/or subscription fees, Licensor grants a limited, revocable, non-exclusive, non-transferable
license to use the Security Awareness Materials (“Security Awareness Materials”) and
Security Awareness Campaigns (“Security Awareness Campaigns”) for Licensee’s own
internal business use provided each user is an authorized managed end user in the Licensee’s
organization. Security Awareness Training Materials will be provided under license in digital format
only. Printing where allowed, and other costs are the responsibility of Licensee. Any attempt to sell,
transfer, create derivative works from, broadcast or post on any external network or media is
prohibited. Licensee is not permitted to broadcast or post the Security Awareness Materials and/or
Security Awareness Campaigns on or through Licensee’s internal communications channels unless
written permission is obtained from the Licensor.
- Grant of Licensor to Licensee for Trial Purpose:
- Subject to the terms and conditions of this EULA and/or payment of applicable
license and/or subscription fees (if applicable), Licensor may grant to Licensee a revocable,
non-exclusive, non-transferable license to access and use Software as a Service only for internal trial
purpose for not exceeding fifteen (15) days which may be extended only by special request made to
Licensor via writing. The Software as a Service is licensed to you and not sold. In addition to any
other license restrictions under this EULA, the Licensee shall not generate more than five (5) active
campaigns and each campaign shall be routed to not more than ten (10) targets. This provision is
applicable only if the Licensee expresses desire to use and access the Software as a Service for trial
purpose.
- Subject to the terms and conditions of this EULA and/or payment of applicable
license and/or subscription fees (if applicable), Licensor may grant a limited, revocable,
non-exclusive, non-transferable license to use the Security Awareness Materials (“Security
Awareness Materials”) and Security Awareness Campaigns (“Security Awareness
Campaigns”) for Licensee’s own internal trail purpose connected with the foregoing trial
method.
- Licensee takes sole responsibility for running such trail and
shall not run any campaign on any person or entity in violation of applicable data protection laws
and/or any applicable laws.
- Grant of License by Licensee:
- Licensee covenants that it will comply with its use of the Software as a
Service, including but not limited to all applicable laws pertaining to mail fraud, access device fraud,
identify theft, bank fraud, wire fraud, computer fraud and abuse, privacy protection, email fraud, spam,
and the protection of trademarks and copyrights.
- “Licensee Content” shall mean information and materials provided by
Licensee and/or employees or agents, regardless of form, including (without limitation) its trademarks,
trade names, service marks, logos and designs, e-mail addresses of Licensee and/or its employees or
agents, and images, graphics, and text, in connection with the use of the Software as a Service.
Licensee shall be solely responsible for the accuracy of all Licensee Content hosted on the platform and
for obtaining all required rights and licenses to use and display all License Content in connection with
Licensee's use of the Software as a Service. Licensee must include clear guidelines regarding
the responsibility of the accuracy of the Licensee Content generated through Software as a Service which
is hosted on the platform. Licensee grants limited, non-exclusive and non-transferable right to use the
Licensee Content solely for the purpose of providing the Software as a Service. When accessing and using
the Software as a Service, Licensee shall not include Licensee Content that is obscene, offensive,
inappropriate, libellous, tortious, defamatory, threatening, abusive, objectionable, hateful or that
violates any applicable law or regulation, contract, or privacy or other third party right, or that
otherwise exposes Licensor to civil or criminal liability. Licensee acknowledges that the Software is
designed to assist Licensee in developing customized, controlled cyber security attack campaigns for
purposes of training to its employees, but that Licensee, and not Licensor or any Licensor’s
Distributor, shall be solely responsible for compliance with all laws and governmental regulations, and
any results in connection with its use of the Software as a Software (including any reports or
information produced in connection therewith).
- Licensee shall keep the credentials (e.g. usernames and passwords) of each user
provided by Licensor and/or its Distributor in connection with the use of the Software as a Service
confidential and not disclose any such credentials to any third party. Each user credential shall be
unique and allows only one user to access the Software as a Service. The Licensee shall not share one
user credentials at any cost with any other user and/or with any third party. In addition,
Licensee shall notify Licensor immediately upon the disclosure of any such credentials, and upon any
termination of the engagement of any employees or agents of Licensee with knowledge of any such
credentials, so that such credentials can be changed. Licensor is not responsible for (i) Licensee's
access to the Internet, (ii) interception or interruptions of communications through the Internet, or
(iii) changes or losses of data through the Internet.
- Security Awareness Campaigns: Licensor does not have any
responsibility to determine if any suspect email received by any user is a phishing attack of any
form. Licensor's sole and exclusive obligation shall be to use
reasonable commercial efforts to forward any suspect email/SMS/call received by Licensor using
designated Software as a Service to the address / phone number/email ID designated by Licensee. Licensor
shall not be responsible to verify the accuracy of such email Id and phone number disclosed by the
Licensee. Further, Licensor is not responsible for any damage to the
Licensee's network as a result of the suspect email. Licensee has the sole and exclusive obligation
to evaluate any suspect email and take any and all actions Licensee determines are appropriate as a
result of such suspect email. Licensee shall indemnify, defend and hold Licensor harmless in the event
of any breach or threatened breach of this provision.
- Description of Limitations: Licensee shall not and shall
not allow any third party to (i) reverse engineer, modify, decompile, or disassemble, modify, adapt,
translate, copy the Software as a Service either whole or in part and/or any associated documentation;
(ii) remove or modify any proprietary marking or restrictive legends in the Software as a Service and/or
its associated documentation; (iii) access the Software as a Service or use the documentation to build a
competitive service or product, or copy any feature, function or graphic for competitive purposes; (iv)
launch fake cyber security attack campaigns, attack the system and/or abuse any person or entity and/or
commit any fraudulent activities such as email fraud, spam mail fraud, access device fraud, identify
theft, bank fraud, wire fraud, computer fraud and abuse, privacy protection, email fraud, spam etc.
and/or infringe any third-party’s intellectual property rights and/or launching. The Licensor reserves the right to terminate the use and access
of such service without notice in the event of breach or threatened breach of this provision.
- Title to Software as a Service: Licensor and/or its
licensor owns the Software as a Service and its associated documentation, including but not limited to
Security Awareness Material, website, and its design, text, content, files, selection and arrangement of
elements, organization, graphics, compilation, translations, digital conversion and other matters
related to, and all trademarks, logos, service marks, symbols, trade dress and all materials provided on
or through, this Software as a Service and website are protected by all applicable copyright laws,
trademark laws and/or international conventions and treaties. The Software as a Service may contain Open
Source Software, the usage of which is governed by the applicable open source license. Anything not
expressly granted herein is reserved by the Licensor and/or its licensor.
Except as expressly provided herein, nothing contained in this EULA shall be
construed as conferring by implication, estoppel or otherwise any license, interest or right in or to the
Software as a Service or Security Awareness Material under any copyright, trademark or proprietary rights of
Licensor or of any third party. Further, except as otherwise provided herein, the Software as a Service
and/or Security Awareness Material (in whole or portions thereof) may not be used, copied, reproduced,
distributed or redistributed, published or republished, downloaded, modified, displayed, posted,
broadcasted, imitated, adapted, translated, or transmitted in any form or by any means, including, but not
limited to, electronic, mechanical, photocopying, recording, or otherwise, or sold, offered for sale,
licensed or sublicensed, reverse engineered, disassembled, decompiled or incorporated into compilations or
used in the creation of derivative works, without Licensor’s express prior written permission or that
of the respective third-party owner.
- Confidentiality:
- Licensee acknowledges that the Software as a Service, related documentation,
and other confidential information that may be provided by Licensor or its authorized representative or
Distributor (collectively "Confidential Information") is confidential information of Licensor.
Licensee agrees not to disclose the Confidential Information to third parties or use the Confidential
Information other than in connection with its License rights under this EULA. Licensee will use at least
the same security measures as Licensee uses to protect its own confidential and trade secret information
but no less than reasonable measures to protect the Confidential Information. Confidential Information
shall not include information: (i) already in Licensee's possession at the time of disclosure, (ii)
that is or later becomes part of the public domain through no fault of Licensee, or (iii) is required to
be disclosed pursuant to law or court order provided that Licensee shall notify Licensor prior to such
required disclosure and assist Licensor in preventing or limiting such required disclosure.
- Licensee agrees and acknowledges that any breach of the provisions regarding
ownership or confidentiality contained in this EULA shall cause Licensor irreparable harm and Licensor
may obtain injunctive relief as well as seek all other remedies available to Licensor in law and in
equity in the event of breach or threatened breach of such provisions.
- Licensee acknowledges that Licensor may aggregate data from Licensee for
analysis and reporting, provided that none of the individual data is able to be identified as received
from Licensee or any of its employees or independent contractors.
- Support: Subject to payment of license and/or
subscription fees and fulfilling terms of this EULA, Support shall be provided to Licensee in accordance
with the description herein:
Support Description: There are three levels of Support:
Severity 1, Severity 2 and Severity 3. Every level of Shield Alliance Support provides telephone support and
email. Support cases are handled based on case priority levels as described below:
Severity
|
SLA for first response (working hours)
|
SLA for complete resolution (working hours)
|
Severity 1 - Complete OhPhish Solution
not accessible / working
|
12 hrs
|
24 hrs
|
Severity 2 - Solution accessible, but
certain features not accessible / working
|
24 hrs
|
48 hrs
|
Severity 3 - Minor bugs / issues
|
48 hrs
|
120 hrs
|
Notwithstanding the foregoing, the first line support shall be provided by the
authorized distributor and/or representative of the Licensor.
Support is delivered only in English unless agreed otherwise via writing.
Support in case of on-prem and hybrid provided by Shield Alliance shall be
remote – email, telephonic, remote access to server.
Notwithstanding the foregoing, Shield Alliance will have no obligation of any
kind to provide Support for issues caused by or arising out of any of the following (each, a “End-User
Generated Error”): (i) modifications to the Software as a Service not made by Shield Alliance; (ii)
use of the Software as a Service other than as authorized in the EULA or as provided in the Documentation;
(iii) damage to the machine on which the Software as a Service is installed; (iv) Licensee’s continued
failure to use the Software as a Service without reference to the Documentation; (v) versions of the
Software as a Service other than the most recent version; (vi) Third-Party products not expressly supported
by Shield Alliance and described in the Documentation; or (vii) conflicts related to replacing or installing
hardware, drivers, and software that are not expressly supported by Shield Alliance and described in the
Documentation.
- Duration: This EULA is effective as long as the
Licensee have been granted the right to continue to use the Software as a Service based on the
applicable license term specified in the applicable Order Form and/or from the date of acceptance by the
Licensee until:
- Automatically terminated or suspended if Licensee fails to comply with any
terms of this EULA; or
- If we suspect anything untoward, we may terminate or suspend your access with or without cause and not otherwise.
In the event, the EULA is terminated, the Licensee must cease use of the
Software as a Service and destroy all copies of the Software as a Service.
- Payment: Licensee must pay all undisputed fees within 30
days of the date of an invoice. Licensee is responsible for the payment of all applicable sales, use,
withholding, VAT and other similar taxes.
- Warranty:
- Licensor warrants to Licensee that the Software as a Service shall be provided
in a professional and workmanlike manner.
- EXCEPT THE EXPRESS WARRANTY AS PROVIDED HEREIN, LICENSOR MAKES NO
REPRESENTATIONS OR WARRANTIES OR CONDITIONS OF ANY KIND CONCERNING THE SOFTWARE AS A SERVICE OR THEIR
USE, ACCURACY AND FUNCTION SHALL NOT BE LIABLE IN ANY MANNER FOR ANY REPRESENTATION OR WARRANTY OR
CONDITION OF ANY KIND WHETHER EXPRESS OR IMPLIED OR COLLATERAL OR WHETHER ARISING BY OPERATION OF LAW OR
OTHERWISE, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY OR CONDITION OF MERCHANTABLE QUALITY OR FITNESS
FOR A PARTICULAR PURPOSE OR THAT THE SOFTWARE AS A SERVICE WILL BE ERROR-FREE.
- Remedy: In the event of any breach of the warranties
set forth above, Licensee shall notify Licensor, and Licensor shall, at Licensor’s option either
promptly repair or replace the relevant functionality or features of the Service giving rise to the
substantial non-conformity or re-perform the Services at no additional cost to Licensee. Such repair,
replacement or re-performance shall be the sole and exclusive remedy of the Licensee for any breach of
the warranty.
- Licensor Indemnity: Licensor shall indemnify and hold
Licensee harmless against any and all losses, damages, claims, or liabilities to the extent that they
are based upon a third party claim that Licensee’s use of the Service in accordance with the terms
of this EULA, provided by Licensor hereunder, infringes a valid U.S. and Hong Kong copyright.
Licensor’s obligations under this Section are also contingent upon (i) Licensee providing Licensor
with prompt written notice of such claim; (ii) Licensee providing reasonable cooperation to Licensor in
Licensor’s defense of any such claim; and (iii) Licensee granting to Licensor sole authority and
control over the defense and settlement of such claim. If the Software as a Service hereunder becomes,
or in Licensor’s opinion is likely to become, the subject of a claim of infringement, Licensor
may, at its option: (i) procure for Licensee the right to continue to use the Software as a Service;
(ii) replace or modify the Software as a Service to make it non-infringing; or (iii) terminate this EULA
and refund the fees paid for such Software as a Service for the then-current license term. Licensor will
have no liability for any claim based on: (w) any modification of the Software as a Service except with
respect to modifications performed by Licensor; (x) any use of the Software as a Service other than as
expressly permitted under this EULA; or (y) any use or combination of the Software as a Service with any
third-party products. This Section sets forth Licensor’s complete liability, and
Licensee’s sole remedy, with respect to claims relating to infringement of intellectual property
rights.
- Licensee Indemnification: Licensee shall indemnify and
hold licensor as well as its subsidiaries, officers, directors, agents, representatives, employees and
third-party licensors harmless from any and all claims, liabilities, losses, expenses or demands,
including reasonable legal fees, based on, arising from, or otherwise related to (a) Licensee’s
breach or violation of any of the provisions of this EULA; (b) Licensee’s access or use of the
Software as a Service, including but not limited to the hosted platform, any of the information,
materials, or any other services made available on or through the Software as a Service, in violation of
the EULA; (c) any infringement or misappropriation by Licensee of any intellectual property or other
rights of Licensor or any third party; (d) any threat, attack or abuse of the Software as a Service due
to unauthorized use of the Software as a Service; or (e) any negligence or willful misconduct by
Licensee.
- Limitation of Liability: Licensor shall not be
liable to Licensee, or any other person or entity claiming through Licensee any loss of profit, income,
savings, or any other consequential, incidental, special, punitive, direct and indirect damage, whether
arising in contract, tort, warranty, or otherwise. These limitations will apply regardless of the
essential purpose of any limited remedy. Under no circumstances shall Licensor’s aggregate
liability to Licensee, or any person or entity claiming through Licensee, exceed the financial amount
actually paid by Licensee to Licensor for the Software as a Service.
- Export Laws: Licensee may not use or otherwise export or
re-export the Software except as authorized by United States law and the laws of the jurisdiction in
which the Licensor’s Software was obtained. In particular, but without limitation, the
Licensor’s Software may not be exported or re-exported (a) into (or to a national or resident of)
any U.S. embargoed countries (currently Cuba, Iran, Libya, North Korea, Sudan, and Syria) or (b) to
anyone on the U.S. Treasury Department's list of Specially Designated Nationals or the U.S.
Department of Commerce Denied Person’s List or Entity List. By using the Licensor’s
Software, you represent and warrant that you are not located in, under control of, or a national or
resident of any such country or on any such list.
- Data Security by Licensee: The Licensee is solely
responsible for ensuring that the Licensee Content generated via Software as a Service is appropriate
for Licensee’s intended use and Licensee is solely responsible to maintain the security of
Licensee Content. Licensee is responsible for
taking and maintaining appropriate steps to maintain the confidentiality, integrity and security of the
Licensee Content. Those steps include (without limitation) (i) controlling the access that Licensee
provides to its users, (ii) configuring the service appropriately; (iii) ensuring the security of the
Licensee Content while transferring the Licensee Content to any other medium (electronic or manual);
(iv) using encryption technology wherever required to protect the Licensee Content; (v) backing up
and/or archiving the Licensee Content in a secured environment to prevent any possible data loss due to
technology failure or inactivation of the user account. The Licensor may retain Licensee Content in
whole or in portion for specific duration in accordance with its internal data retention policy.
- Data Security by Licensor: If and to the extent the EU
Directive 95/46/EC or the EU General Data Protection Regulation (EU) 2016/679 (together with any
transposing, implementing, or supplemental legislation “GDPR”) and/or any other applicable
data protection and privacy laws apply to the processing of Personal Data (as defined in the GDPR or in
the relevant legislation) (a) Licensor will process Personal Data only in accordance with
Licensee’s instructions; (b) Licensor will process Personal Data only on Licensee’s written
documented instructions, including with regard to transfers of Personal Data to any third party or any
other country from the originating country; (c) Licensor will maintain and implement technical and
organizational measures appropriate (having regard to the state of technological development and cost of
implementation) to the risk of, and to seek to protect Licensee’s Personal Data against any
Security Incident; (d) Licensor shall not transfer Licensee’s Personal Data without
Licensee’s express written consent. In the event, the Licensor becomes aware of a confirmed
Security Incident, inform Licensee without undue delay and provide reasonable information (to the extent
such information is known or available to the Licensor) and cooperation to Licensee so that Licensee can
fulfil any data breach reporting obligations it may have under applicable data protection laws. The
Licensor further take such any reasonably necessary measures and actions to remedy or mitigate the
effects of such Security Incident. “Security Incident” means a breach of
Licensor’s and/or Licensee’s security measures leading to (i) accidental or unlawful
destruction of personal data or (ii) loss, alteration, unauthorised disclosure of, or access to personal
data.
- Privacy Policy: Please refer to Licensor’s Privacy
Policy located online at https://ohphish.eccouncil.org/privacy_policy.html for information regarding how
Licensor uses, transfers and shares information collected by or provided to it.
- Permission to use Trademark and/or Logo: Licensee grants
permission to Licensor to use Licensee’s trademark and/or logo on the Licensor’s website, or
any other marketing material when referring to Licensee. Licensee will retain all title and rights to
such trademarks and/or logos. Further, Licensor may customize the phishing simulation by including
Licensee’s trademark and/or logo in which case the Licensee agrees not to bring any trademark
infringement and/or trademark dilution claim against the Licensor.
- Governing Law. This EULA shall be deemed to
have been made in Hong Kong, and shall be construed and enforced in accordance with, and the validity
and performance hereof shall be governed by the laws of the Hong Kong, without reference to principles
of conflict of laws thereof. Judicial proceedings regarding any matter arising under the terms of this
EULA shall be brought solely in the Courts of the Hong Kong.
- Assignment: The Licensee shall not transfer its right
to access and use the Software as a Service to any third party.
- Publicity: With Licensee’s prior written consent,
Licensor may refer to Licensee as one of its customers on Licensor's website and in other marketing
material, including a possible joint press release.
- Entire Agreement: This License constitutes the
entire agreement between the parties with respect to the use of the Licensor’s Software licensed
hereunder and supersedes all prior or contemporaneous understandings regarding such subject matter.
No amendment to or modification of this License will be binding unless in writing and signed by
Licensor. The parties hereto confirm that they have requested that this License and all related
documents be drafted in English.