Version: 1.0
Last Updated: June 3rd, 2024
The Client has commissioned DarkInvader to search the internet and dark web for data that could pose a threat to the business systems, brand or company employees. Client will receive a view of publicly visible exposures with identified risks that need to be mitigated. Where a risk is identified, DarkInvader will provide context to the client so that it can understand the risk, and, where possible, recommendations for remediation. For absolute clarity, DarkInvader does not guarantee to identify all risks associated with the client\'s external attack surface, employees, domains or brands.
The client may also use DarkInvader\'s scanning technology to automatically map its public-facing attack surface. The client acknowledges that automatic scans can affect the smooth running of systems/applications and uses the service with this knowledge. The Client also acknowledges that it is illegal to scan digital assets that it does not own or has permission to scan. The client also acknowledges that the intelligence gathered may be highly sensitive and of a personal nature.
2.1 Exclusion of Liability: DarkInvader will not be liable for any losses or damages suffered by the Client resulting from actions, omissions, misrepresentations, or errors made by the Client or on their behalf.
2.2 Limitation of Financial Liability: This Agreement defines DarkInvader\'s maximum financial liability to the Client, including liability for the actions or omissions of its employees. This liability pertains to:
2.3 Warranties and Conditions: Except as explicitly stated in this Agreement, all implied warranties, conditions, and other terms are excluded to the fullest extent permissible by law. However, this Agreement does not limit or exclude DarkInvader’s liability for:
2.4 Service-Related Liabilities: DarkInvader is not liable for:
2.5 General Liability Caps: DarkInvader will not be liable for:
2.6 Total Aggregate Liability: The total aggregate liability of DarkInvader to the Client for any default under this contract, whether in contract, tort (including negligence or breach of statutory duty), misrepresentation, or otherwise, shall be limited to the lesser of the total charges paid or payable by the Client during the 12 months preceding the default, or £50,000.
2.7 Notification and Mitigation: The Client is required to promptly notify DarkInvader of any issue arising from the use of the services that could result in a claim. The Client is also expected to take reasonable steps to mitigate any damages or losses that may occur.
2.8 Amendment of Terms: DarkInvader reserves the right to amend the terms of this liability clause. Any changes will be communicated to the Client in writing and will take effect from the date of notification.
2.9 Governing Law: This Agreement, and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims), are governed by and construed in accordance with the law of England and Wales.
2.10 Dispute Resolution: In the event of a dispute, the parties will seek resolution through negotiation and mediation. If a resolution cannot be reached through these means, the parties agree to submit to the exclusive jurisdiction of the courts of England and Wales for the resolution of any disputes.
The Client hereby warrants that it has permission to test, monitor and research the systems, applications, domains, people, and brands on which the service is to be completed and is fully entitled to permit DarkInvader to perform the service. The client also warrants that such performance will not breach any third-party rights.
The Client hereby indemnifies, shall keep indemnified and hold wholly harmless DarkInvader in respect of any claim by any third party against either of them resulting from a breach of the Client\'s warranties set out in this \'Client Warranty\' section. In the event of DarkInvader becoming aware of such a claim, it shall notify the Client promptly and will allow the Client at the Client\'s expense to defend and, if appropriate, settle such claim. DarkInvader will, if required, assist in the defence of such claim at the Client\'s expense.
As between the parties, all Intellectual Property now known or hereafter recognised in any jurisdiction in and to the Services and/or the Services Data are owned by DarkInvader and/or its licensors, and the Client agrees to make no claim of interest in or ownership of any such Intellectual Property Rights.
The Client does not obtain any rights, express or implied, in the Services Data, other than the rights expressly granted in clause below. DarkInvader grants to the Client a non-exclusive, non-transferable, non-sub licensable right to access the DarkInvader Portal and use the Services Data for the duration of this Agreement provided such access and use is for its own internal business use.
DarkInvader undertake to perform the service in a responsible and professional manner but cannot guarantee or warrant that it will succeed in identifying all security risks in relation to the client, its attack surface, brand and or key personnel.
DarkInvader will keep confidential the identity of the Client and the results and treat as confidential any data that it accesses in performing the service, and will only use such data for the purposes of this Agreement and will return or delete all such data when required to do so by the Client. The warranty given by DarkInvader in this paragraph is exclusive of and in lieu of all other conditions terms and warranties, statutory or otherwise, either express or implied, including without limitation those relating to satisfactory quality or fitness for purpose.
It is the Client\'s responsibility to change the password and for keeping the Client\'s user name and password confidential. Client will be responsible for all activities and charges incurred through the use of Client\'s user name and password, and will indemnify, keep indemnified and hold harmless DarkInvader for any claims, liability, damages, losses and costs (including reasonable legal fees) to the extent resulting from such use.
In consideration for the provision of the Services and the license of the Equipment the Client shall pay DarkInvader or its nominated representative the Charges. Apart from any Charges which are specified in writing to be payable within an agreed time scale, all Charges will be invoiced in advance of Service.
Each party undertakes that it shall not at any time during this Agreement, and for a period of two years after termination or expiry of this Agreement, disclose to any person any confidential information concerning the business, affairs, customer, clients or suppliers or the other party or of any member of the group of companies to which the other party belongs, except as permitted by clause 10.
Each party may disclose the other party\'s confidential information: to its employees, officers, representatives, contractors, subcontractors or advisers who need to know such information for the purposes of exercising the party\'s rights or carrying out its obligations under or in connection with this Agreement. Each party shall ensure that its employees, officers, representatives, contractors, subcontractors or advisers to whom it discloses the other party\'s confidential information comply with this clause 10, and as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority. No party shall use any other party\'s confidential information for any purpose other than to exercise its rights and perform its obligations under or in connection with this Agreement.
DarkInvader will use all reasonable efforts to ensure that they have at least 99% uptime, as measured monthly, excluding planned downtime. DarkInvader will notify Client within two business hours of any known and unscheduled downtime and update the status to Client periodically until the service is restored. DarkInvader will notify Client when the service is restored. Planned downtime will be no greater than eight hours monthly and will occur at a regularly scheduled times during off-peak periods.
Without affecting any other right or remedy available to it, either party may terminate this Agreement by providing written notice to the other party if: the other party commits any breach of any term of his Agreement and (in the case of a breach capable of being remedied) shall have failed within 30 (thirty) days after receipt of notice from such party so to do, to remedy the breach to the reasonable satisfaction of such party; the other party suspends payment or is unable to pay its debts (within the meaning of Section 123 of the Insolvency Act 1986) or a petition is granted by a competent court, an order made or a resolution passed for winding-up of the other whether voluntary or compulsory or the other is dissolved (otherwise for the purpose of a reconstruction or amalgamation whilst solvent on terms previously approved in writing by the first mentioned party) or a petition is granted by a competent court for the appointment of an administrator over the other, or notice of intention to appoint an administrator or notice of appointment of an administrator is presented or an order appointing an administrator is made by a competent court or the other enters into an arrangement, compromise or composition in satisfaction of its debts with its creditors or any class of them or takes steps to obtain a moratorium or makes an application to a court of competent jurisdiction for protection from its creditors or a distress, execution or other legal process (including the appointment of an administrative receiver, receiver or manager) is levied or issued on or against the other or over the whole or part of its undertaking or assets.
Without affecting any other right or remedy available to it, DarkInvader may terminate this Agreement at any time by giving written notice to the Client, should any Services Data be discovered which DarkInvader believes (in its absolute discretion) may be evidence of an unlawful, criminal, fraudulent act or omission. No party to this Agreement may assign, charge, sub-contract or in any other way deal with any of its rights or obligations under this Agreement without the agreement of all the other party.
The headings of this Agreement are inserted for convenience of reference only and shall not in any way affect the interpretation of this Agreement.
This Agreement shall not be modified except by an instrument in writing signed by the duly authorised representatives of each of the parties to this Agreement.
This Agreement constitutes the entire agreement and understanding between the parties in relation to its subject matter.
Each party irrevocably and unconditionally waives any right it may have to rescind the Agreement and/or claim damages or other relief for any misrepresentation not contained in the Agreement or for breach of any warranty not contained in the Agreement, unless such misrepresentation or warranty was made fraudulently.
In the event that any or part of the terms, conditions or provisions contained in this Agreement shall be determined invalid, unlawful or unenforceable to any extent, then such terms, conditions or provisions shall be severed from the remaining terms, conditions and provisions which shall continue to be valid and enforceable to the fullest extent permitted by law.
The waiver by any party of a breach or default of any of the provisions of the Agreement by the any other party must be in writing and shall not be construed as a waiver of any succeeding breach of the same or other provisions nor shall delay or omission on the part of either party to exercise or avail itself of any right, power or privilege that it has or may have hereunder operate as a waiver of any breach or default by any other party. No party shall be liable for any loss suffered by any other party or be deemed to be in default for any delays or failures in performance hereunder (other than in relation to payment) resulting from acts or causes beyond its reasonable control or from any acts of God, acts or regulations of any governmental or supra-national authority.
DarkInvader shall comply with Data Protection Law in respect of the performance of its obligations under this Agreement. DarkInvader shall, in providing the Services, comply with its Privacy and Security Policy, which may be amended from time to time by DarkInvader in its sole discretion.
DarkInvader shall Process personal Data on the Client\'s behalf when performing its obligations under this Agreement. The parties acknowledge and agree that for the purposes of Data Protection Law, the Client shall be the Data Controller and DarkInvader shall be a Data Processor.
DarkInvader shall process Personal Data as part of the Services only on and in accordance with Client\'slawful written instructions and it shall not process Personal Data for any purposes other than those expressly authorised by the Client except where otherwise required by Data Protection Law (and shall inform the Client of that legal requirement before processing, unless the Data Protection Law prevents it from doing so). DarkInvader shall take reasonable steps to ensure the reliability of all of its employees who have access to the Personal Data and ensure they are bound to keep Personal Data confidential.
DarkInvader shall implement and maintain, at its cost and expense, appropriate technical and organisational measures against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, personal Data to ensure a level of security appropriate to: the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and the nature of the Personal Data to be protected.
The Client shall ensure that the relevant third parties (the subjects of the Client Information) have been notified and informed of such use, processing, and transfer of their Personal Data or that the Client has a lawful basis for disclosure as required by Data Protection Law such that DarkInvader are lawfully permitted to use, process and transfer such Personal Data in order to provide the Services as set out in this Agreement. Indemnity: The Client agrees to indemnify and keep indemnified DarkInvader from and against any and all Losses suffered or incurred by DarkInvader in relation to its use of the Client\'s or its employees, sub-contractor or agents\' Personal Data where such has been used in accordance with the Client\'s instructions and/or where the Client is in breach of confidentiality.
This Agreement shall be governed by the laws of England and the parties submit to the exclusive jurisdiction of the Courts of England and Wales. A person who is not a party to this Agreement has no rights or remedy under the Contract (Rights of Third Parties) Act 1999 to enforce any term of this Agreement.
DarkInvader (13636918), Calls Wharf, 2 The Calls, Leeds, LS2 7JU
[email protected]
[email protected]