Terms & Conditions

BACKGROUND

(A) RMI Cyber has developed certain software applications and platforms, including a security management and education system called ‘rmi’ which is a software platform that delivers monitoring tools that help to identify and manage attack surface exposure, vulnerabilities and misconfigurations, allowing businesses to proactively reduce and remediate these issues. RMI Cyber owns the site code for ‘rmi’ however, uses open source software tools to collate data, MI and vulnerabilities.

(B) RMI Cyber makes these software applications and platforms available to subscribers via the internet on a pay-per-use basis.

(D) RMI Cyber has agreed to provide and the Customer has agreed to take and pay for RMI Cyber's service subject to the terms and conditions of this agreement.

AGREED TERMS

1. INTERPRETATION

1.1 The definitions and rules of interpretation in this clause apply in this agreement.

Applicable Laws: all applicable laws, statutes, regulations and codes from time to time in force.

Authorised Users: those employees, agents and independent contractors of the Customer who are authorised by the Customer to use the Services and the Documentation, as further described in clause 3.2.

Business Day: a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business.

Business Hours: the period from 9.00 am to 5.00 pm on any Business Day.

Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or (a) all confidential information (however recorded or preserved) disclosed by a party or its Representatives (as defined below) to the other party and that party’s Representatives whether before or after the date of this agreement, including the existence and terms of this agreement; (b) any information that would be regarded as confidential by a reasonable business person relating to: (i) the business, assets, affairs, customers, clients, suppliers, plans, intentions, or market opportunities of the disclosing party; and (ii) the operations, processes, product information, know-how, designs, trade secrets or software of the disclosing party; (c) any information developed by a party in the course of carrying out this agreement, and the parties agree that details of the Services, and the results of any performance tests of the Services, shall constitute Supplier Confidential Information.

Contract Year: a twelve (12) month period commencing on the Effective Date or any anniversary of it.

Controller, Processor, Data Subject, Personal Data, Personal Data Breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation.

Customer Data: the data inputted by the Customer, Authorised Users, or RMI Cyber on the Customer's behalf for the purpose of using the Services or facilitating the Customer's use of the Services.

Data Protection Legislation: (a) to the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of Personal Data; and (ii) to the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which the Customer or Provider is subject, which relates to the protection of Personal Data.

Documentation: the documents and information made available to the Customer by RMI Cyber online via the Website (once the Customer has logged into the Software on the Website using its login details) RMI Cyber which sets out a description of the Services and the user instructions for the Services.

Effective Date: has the meaning given in clause 2.2.

EU Law: the law of the European Union or any member state of the European Union.

Initial Subscription Term: the initial term of this agreement as set out in clause 15.1.

Intellectual Property Rights: patents, utility models, rights to inventions, copyright and neighbouring and related rights, moral rights, trade marks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, rights in computer software, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.

OSS Terms: the terms and conditions which govern any software licensed under any form of open-source licence including, but not limited to, licences meeting the Open Source Initiative's Open Source Definition.

Proposal: the proposal document for the supply of Services which is prepared by RMI Cyber and which is incorporated into this agreement in accordance with clause 2.

Representatives: in relation to a party, its employees, officers, contractors, subcontractors, representatives and advisers.

Renewal Period: the period described in clause 15.1.

Services: the subscription services provided by RMI Cyber to the Customer under this agreement via the Website RMI Cyber, as more particularly described in the Documentation.

Software: the online software applications provided by RMI Cyber as part of the Services.

Subscription Fees: the subscription fees payable by the Customer to RMI Cyber for the User Subscriptions, as set out in the Proposal.

Subscription Term: has the meaning given in clause 15.1 (being the Initial Subscription Term together with any subsequent Renewal Periods).

Software Support Policy: RMI Cyber's policy for providing support in relation to the Software only (and not the Services) as made available at the Website.

UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.

User Subscriptions: the user subscriptions purchased by the Customer pursuant to clause 10.1which entitle Authorised Users to access and use the Services and the Documentation in accordance with this agreement.

Virus: any thing or device (including any software, code, file or programme) which may: (a) prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; (b) prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or (c) adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.

Vulnerability: a weakness in the computational logic (for example, code) found in software and hardware components that when exploited, results in a negative impact to the confidentiality, integrity, or availability, and the term Vulnerabilities shall be interpreted accordingly.

Website: https://www.reelmein.io or such other website address as may be notified to the Customer from time to time.

1.2 Clause, schedule and paragraph headings shall not affect the interpretation of this agreement.

1.3 A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality) and that person's legal and personal representatives, successors or permitted assigns.

1.4 A reference to a company includes any company, corporation or other body corporate, wherever and however incorporated or established.

1.5 Unless the context otherwise requires: (a) words in the singular includes the plural and in the plural includes the singular; and (b) a reference to one gender includes a reference to the other genders.

1.6 A reference to a statute or statutory provision: (a) is a reference to it as it is in force as at the date of this agreement; and (b) includes all subordinate legislation made as at the date of this agreement under that statute or statutory provision.

1.7 A reference to writing or written excludes fax but not email.

1.8 References to clauses and schedules are to the clauses and schedules of this agreement; references to paragraphs are to paragraphs of the relevant schedule to this agreement.

2. CONTRACT FORMATION

2.1 Any Proposal provided by RMI Cyber is not an offer to supply the Services.

2.2 The acceptance by the Customer of any Proposal constitutes an offer by the Customer to purchase the Services and User Subscription(s) in accordance with the terms and conditions of this agreement.

2.3 The agreement shall come into existence and only be binding when RMI Cyber issues written acceptance of the Customer’s offer pursuant to clause 2.2 (Effective Date).

3. USER SUBSCRIPTIONS

3.1 Subject to the Customer purchasing the User Subscriptions in accordance with clause 4.3 and clause10.1, the restrictions set out in this clause 3 and the other terms and conditions of this agreement, RMI Cyber hereby grants to the Customer a non-exclusive, non-transferable right and licence, without the right to grant sublicences, to permit the Authorised Users to use the Services and the Documentation (subject to any OSS Terms) during the Subscription Term solely for the Customer's internal business operations.

3.2 In relation to the Authorised Users, the Customer undertakes that:

(a) the maximum number of Authorised Users that it authorises to access and use the Services and the Documentation shall not exceed the number of Use Subscriptions set out in the Proposal and any additional User Subscriptions must be purchased for an additional fee;

(b) it will not allow or suffer any User Subscription to be used by more than one individual Authorised User unless it has been reassigned in its entirety to another individual Authorised User, in which case the prior Authorised User shall no longer have any right to access or use the Services and/or Documentation;

(d) if any password has been provided to any individual who is not an Authorised User, then without prejudice to RMI Cyber’s other rights, RMI Cyber shall be entitled to disable such password and RMI Cyber shall not issue any new passwords to any such individual.

3.3 The Customer shall not access, store, distribute or transmit any Viruses, or any material during the course of its use of the Services that:

(a) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;

(b) facilitates illegal activity;

(d) promotes unlawful violence;

(e) is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or

(f) is otherwise illegal or causes damage or injury to any person or property;

and RMI Cyber reserves the right, without liability or prejudice to its other rights to the Customer, to disable the Customer's access to any material that breaches the provisions of this clause.

3.4 The Customer shall not:

(a) except as may be allowed by Applicable Laws which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this agreement:

(i) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software and/or Documentation (as applicable) in any form or media or by any means; or

(ii) attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software or the Services; or

(b) access all or any part of the Services and Documentation in order to build a product or service which competes with the Services and/or the Documentation; or

(d) subject to clause 17.1, license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services and/or Documentation available to any third party except the Authorised Users, or

(e) attempt to obtain, or assist third parties in obtaining, access to the Services and/or Documentation, other than as provided under this clause 3; or

(f) introduce or permit the introduction of, any Virus or Vulnerability into the Services or RMI Cyber's network and information systems.

3.5 The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Services and/or the Documentation and, in the event of any such unauthorised access or use, promptly notify RMI Cyber.

4. ADDITIONAL USER SUBSCRIPTIONS

4.1 Subject to clause 4.2 and clause 4.3, the Customer may, from time to time during any Subscription Term, purchase additional User Subscriptions in excess of the number set out in the Proposal and RMI Cyber shall grant access to the Services and the Documentation to such additional Authorised Users in accordance with the provisions of this agreement.

4.2 If the Customer wishes to purchase additional User Subscriptions, the Customer shall notify RMI Cyber in writing. RMI Cyber shall evaluate such request for additional User Subscriptions and respond to the Customer with approval or rejection of the request. Where RMI Cyber approves the request, RMI Cyber shall activate the additional User Subscriptions within 72 Business Hours of its approval of the Customer's request.

4.3 If RMI Cyber approves the Customer's request to purchase additional User Subscriptions, the Customer shall, within 30 days of the date of RMI Cyber's invoice, pay to RMI Cyber the relevant fees for such additional User Subscriptions as set out on the Website and, if such additional User Subscriptions are purchased by the Customer part way through the Initial Subscription Term or any Renewal Period (as applicable), such fees shall be pro-rated from the date of activation by RMI Cyber for the remainder of the Initial Subscription Term or then current Renewal Period (as applicable).

5. SERVICES

5.1 RMI Cyber shall, during the Subscription Term, provide the Services and make available the Documentation to the Customer on and subject to the terms and conditions of this agreement.

5.2 The Customer must sign up and create an account with RMI Cyber in order to access the Services. In order to create an account, the Customer will need to use a username and password.

5.3 RMI Cyber shall use reasonable endeavours to make the Software available 95% of the time during any 24-hours period and 7 days a week, except for:

(a) planned maintenance carried out during the maintenance window of 10.00 pm to 2.00 am UK time; and

(b) unscheduled emergency maintenance performed outside Business Hours, provided that RMI Cyber has used reasonable endeavours to give the Customer at least 6 Business Hours' notice in advance.

5.4 The Supplier will, as part of the Services and at no additional cost to the Customer, provide the Customer with RMI Cyber's standard customer support services during Business Hours in accordance with RMI Cyber's Software Support Policy in effect at the time that the Services are provided. RMI Cyber may amend the Software Support Policy in its sole and absolute discretion from time to time. The Customer may purchase enhanced support services separately at RMI Cyber's then current rates.

6. DATA PROTECTION

6.1 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 6 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.

6.2 The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Controller and RMI Cyber is the Processor. Schedule 1 sets out the scope, nature and purpose of processing by the Provider, the duration of the processing and the types of Personal Data and categories of Data Subject.

6.3 Without prejudice to the generality of clause 6.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to RMI Cyber and/or lawful collection of the Personal Data by RMI Cyber on behalf of the Customer for the duration and purposes of this agreement.

6.4 Without prejudice to the generality of clause 6.1, RMI Cyber shall, in relation to any Personal Data processed in connection with the performance by RMI Cyber of its obligations under this agreement:

(a) process that Personal Data only on the documented written instructions of the Customer unless RMI Cyber is required Data Protection Legislation to otherwise process that Personal Data. Where RMI Cyber is relying on Data Protection Legislation as the basis for processing Personal Data, RMI Cyber shall promptly notify the Customer of this before performing the processing required by the Data Protection Legislation unless the Data Protection Legislation prohibits RMI Cyber from so notifying the Customer;

(b) ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);

(c) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and

(d) not transfer any Personal Data outside of the EEA unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled:

(i) the Customer or RMI Cyber has provided appropriate safeguards in relation to the transfer;

(ii) the data subject has enforceable rights and effective legal remedies;

(iii) RMI Cyber complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and

(iv) RMI Cyber complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;

(e) assist the Customer, at the Customer's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;

(f) notify the Customer without undue delay on becoming aware of a Personal Data Breach;

(g) at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by Data Protection Legislation to store the Personal Data; and

(h) maintain complete and accurate records and information to demonstrate its compliance with this clause 6 and allow for audits by the Customer or the Customer's designated auditor and immediately inform the Customer if, in the opinion of the Provider, an instruction infringes the Data Protection Legislation.

6.5 Where RMI Cyber acts as a Processor, the Customer consents to RMI Cyber appointing third-party processors of Personal Data under this agreement. RMI Cyber confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this clause 6 and in either case which RMI Cyber confirms reflect and will continue to reflect the requirements of the Data Protection Legislation. As between the Customer and RMI Cyber, RMI Cyber shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 6.

6.6 Where RMI Cyber acts as a Processor, either party may, at any time on not less than 30 (thirty) days’ notice, revise this clause 6 by replacing it with any applicable controller to processor standard clauses or similar terms adopted under the Data Protection Legislation or forming part of an applicable certification scheme (which shall apply when replaced by attachment to this agreement).

7. THIRD PARTY PROVIDERS

The Customer acknowledges that the Services may enable or assist it to access the website content of, correspond with, and purchase products and services from, third parties via third-party websites and that it does so solely at its own risk. RMI Cyber makes no representation, warranty or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with, any such third-party website, or any transactions completed, and any contract entered into by the Customer, with any such third party. Any contract entered into and any transaction completed via any third-party website is between the Customer and the relevant third party, and not RMI Cyber. RMI Cyber recommends that the Customer refers to the third party's website terms and conditions and privacy policy prior to using the relevant third-party website. RMI Cyber does not endorse or approve any third-party website nor the content of any of the third-party website made available via the Services.

8. SUPPLIER'S OBLIGATIONS

8.1 RMI Cyber shall perform the Services substantially in accordance with the Documentation and with reasonable skill and care.

8.2 RMI Cyber's obligations at clause 8.1 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to RMI Cyber's instructions, or modification or alteration of the Services by any party other than RMI Cyber or RMI Cyber's duly authorised contractors or agents. If the Services do not conform with the terms of clause 8.1, Supplier will, at its expense, use reasonable commercial endeavours to correct any such non-conformance promptly. Such correction constitutes the Customer's sole and exclusive remedy for any breach of the undertaking set out in clause 8.1.

8.3 RMI Cyber:

(a) does not warrant that:

(i) the Customer's use of the Services will be uninterrupted or error-free;

(ii) that the Services, Documentation and/or the information obtained by the Customer through the Services will meet the Customer's requirements. It is the Customer’s responsibility to ensure that its operating systems are up-to-date, fully supported versions which are compatible with the Software; or

(iii) the Software or the Services will be free from Vulnerabilities or Viruses, and

(b) is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.

8.4 This agreement shall not prevent RMI Cyber from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this agreement.

8.5 RMI Cyber warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this agreement.

8.6 RMI Cyber shall follow its archiving procedures for Customer Data as set out in ‘Back up’ section in the ‘Help’ section on the Website (which is only accessible when the Customer is logged into its account on the Website), as such document may be amended by RMI Cyber in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against RMI Cyber shall be for RMI Cyber to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by RMI Cyber in accordance with the archiving procedure described in the ‘Back up’ section in the ‘Help’ section’ on the Website. RMI Cyber shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party provided that this clause shall not exclude RMI Cyber’s liability in relation to the acts and omissions of its third party sub-contractors in carrying out RMI Cyber’s obligations pursuant to this agreement.

9. CUSTOMER'S OBLIGATIONS

9.1 The Customer shall:

(a) provide RMI Cyber with:

(i) all necessary co-operation in relation to this agreement; and

(ii) all necessary access to such information as may be required by RMI Cyber;

in order to provide the Services, including but not limited to Customer Data, security access information and configuration services;

(b) without affecting its other obligations under this agreement, comply with all applicable laws and regulations with respect to its activities under this agreement;

(c) carry out all other Customer responsibilities set out in this agreement in a timely and efficient manner. In the event of any delays in the Customer's provision of such assistance as agreed by the parties, RMI Cyber may adjust any agreed timetable or delivery schedule as reasonably necessary;

(d) ensure that the Authorised Users use the Services and the Documentation in accordance with the terms and conditions of this agreement and shall be responsible for any Authorised User's breach of this agreement;

(e) obtain and shall maintain all necessary licences, consents, and permissions necessary for RMI Cyber, its contractors and agents to perform their obligations under this agreement, including without limitation the Services;

(f) ensure that its network and systems comply with the relevant specifications provided by RMI Cyber from time to time; and

(g) be, to the extent permitted by law and except as otherwise expressly provided in this agreement, solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to RMI Cyber's data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer's network connections or telecommunications links or caused by the internet.

9.2 The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Customer Data.

10. CHARGES AND PAYMENT

10.1 The Customer shall pay the Subscription Fees to RMI Cyber for the User Subscriptions in accordance with this clause 10 and the Proposal, any support fees in accordance with clause 5.4 and any other fees which are payable under this agreement.

10.2 The Customer shall on or before the Effective Date provide to RMI Cyber valid, up-to-date and complete information (including contact and billing details)as required by RMI Cyber.

10.3 RMI Cyber shall invoice the Customer:

(i) on the Effective Date for the Subscription Fees payable in respect of the Initial Subscription Term; and

(ii) unless otherwise specified in the Proposal, on each anniversary of the Effective Date, for the Subscription Fees payable in respect of the relevant Renewal Period,

and the Customer shall pay each invoice within 30 days after the date of such invoice, except for the Subscription Fees payable in respect of the Initial Subscription Term under clause 10.2(i) which shall be payable immediately.

10.4 If RMI Cyber has not received payment by the due date, and without prejudice to any other rights and remedies of RMI Cyber:

(a) RMI Cyber may, on 24 hours’ notice to the Customer and without liability to the Customer, disable the Customer's password, account and access to all or part of the Services and RMI Cyber shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and

(b) interest shall accrue on a daily basis on such due amounts at an annual rate equal to 4% over the then current base lending rate of the Bank of England from time to time, commencing on the due date and continuing until fully paid, whether before or after judgment.

10.5 All amounts and fees stated or referred to in this agreement:

(a) shall be payable in pounds sterling;

(b) are, subject to clause 14.4(b), non-cancellable and non-refundable;

10.6 RMI Cyber shall be entitled to increase the Subscription Fees, the fees payable in respect of the additional User Subscriptions purchased pursuant to clause 4.3, and the support fees payable pursuant to clause 5.4 (where applicable) at the start of each Renewal Period upon at least 30 days' prior notice to the Customer and the Proposal shall be deemed to have been amended accordingly.

11. PROPRIETARY RIGHTS

11.1 The Customer acknowledges and agrees that RMI Cyber and/or its licensors (or anything that is licenced under OSS Terms) own all Intellectual Property Rights in the Services and the Documentation. Except as expressly stated herein, this agreement does not grant the Customer any rights to, under or in, any Intellectual Property Rights, or any other rights or licences in respect of the Services or the Documentation.

11.2 RMI Cyber confirms that it has all the rights in relation to the Services and the Documentation that are necessary to grant all the rights it purports to grant under, and in accordance with, the terms of this agreement.

12. CONFIDENTIALITY

12.1 Each party undertakes that it shall not at any time disclose to any person any Confidential Information concerning the business, affairs, customers, clients or suppliers of the other party or of any member of the group of companies to which the other party belongs, except as permitted by clause 12.2.

12.2 Each party may disclose the other party's Confidential Information:

(a) to its Representatives who need to know such information for the purposes of exercising the party's rights or carrying out its obligations under or in connection with this agreement. Each party shall ensure that its Representatives to whom it discloses the other party's Confidential Information comply with this clause 12; and

(b) as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.

12.3 No party may use any other party's Confidential Information for any purpose other than to exercise its rights and perform its obligations under or in connection with this agreement.

12.4 On termination or expiry of this agreement, each party shall:

(a) destroy or return to the other party all documents and materials (and any copies) containing, reflecting, incorporating or based on the other party’s Confidential Information;

(b) erase all the other party’s Confidential Information from computer and communications systems and devices used by it, including such systems and data storage services provided by third parties (to the extent technically and legally practicable); and

(c) certify in writing to the other party that it has complied with the requirements of this clause, provided that a recipient party may retain documents and materials containing, reflecting, incorporating or based on the other party’s Confidential Information to the extent required by law or any applicable governmental or regulatory authority. The provisions of this clause shall continue to apply to any such documents and materials retained by a recipient party, subject to clause 15 (Term and Termination).

12.5 No party shall make, or permit any person to make, any public announcement concerning this agreement without the prior written consent of the other parties (such consent not to be unreasonably withheld or delayed), except as required by law, any governmental or regulatory authority (including, without limitation, any relevant securities exchange), any court or other authority of competent jurisdiction.

12.6 Except as expressly stated in this agreement, no party makes any express or implied warranty or representation concerning its Confidential Information.

13. Indemnity

13.1 The Customer shall defend, indemnify and hold harmless RMI Cyber against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with the any third party claims arising from a breach of clause 3.3, provided that:

(a) the Customer is given prompt notice of any such claim;

(b) RMI Cyber provides reasonable co-operation to the Customer in the defence and settlement of such claim, at the Customer's expense; and

14. Limitation of liability

14.1 References to liability in this clause 14 include every kind of liability arising under or in connection with this agreement including but not limited to liability in contract, tort (including negligence), misrepresentation, restitution or otherwise and the term “liable” shall be construed accordingly.

14.2 Except as expressly and specifically provided in this agreement:

(a) the Customer assumes sole responsibility for results obtained from the use of the Services and the Documentation by the Customer, and for conclusions drawn from such use. RMI Cyber shall have no liability for any damage caused by errors or omissions in any Customer Data, information, instructions or scripts provided to RMI Cyber by the Customer in connection with the Services, or any actions taken by RMI Cyber at the Customer's direction;

(b) all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this agreement; and

14.3 Nothing in this agreement excludes or limits the liability of RMI Cyber:

(a) for death or personal injury caused by RMI Cyber's negligence;

(b) for fraud or fraudulent misrepresentation; or

14.4 Subject to clause 14.2 and clause 14.3:

(a) RMI Cyber shall not be liable for any:

(i) loss of profits,

(ii) loss of business,

(iii) wasted expenditure,

(iv) depletion of goodwill and/or similar losses,

(v) loss or corruption of data or information, or

(vi) any special, indirect or consequential loss, costs, damages, charges or expenses;

however arising under this agreement, and

(b) RMI Cyber's total aggregate liability to the Customer howsoever arising out of or in connection with this agreement shall be limited to an amount equal to 100% of the total Subscription Fees paid by the Customer in the Contract Year in which the breaches occurred.

14.5 Nothing in this agreement excludes the liability of the Customer for any breach, infringement or misappropriation of RMI Cyber’s Intellectual Property Rights.

15. Term and termination

15.1 This agreement shall, unless otherwise terminated as provided in this clause 15, commence on the Effective Date and shall continue for 12 months (the Initial Subscription Term) and, thereafter, this agreement shall be automatically renewed for successive periods of 12 months (each a Renewal Period), unless:

(a) either party notifies the other party of termination, in writing, at least 30 days before the end of the Initial Subscription Term or any Renewal Period, in which case this agreement shall terminate upon the expiry of the applicable Initial Subscription Term or Renewal Period; or

(b) otherwise terminated in accordance with the provisions of this agreement;

and the Initial Subscription Term together with any subsequent Renewal Periods shall constitute the Subscription Term.

15.2 Without affecting any other right or remedy available to it, RMI Cyber may terminate this agreement with immediate effect by giving written notice to the Customer if:

(a) the Customer fails to pay any amount due under this agreement on the due date for payment and remains in default not less than 7 days after being notified in writing to make such payment;

(b) the Customer commits a material breach of any other term of this agreement and (if such breach is remediable) fails to remedy that breach within a period of 14 days after being notified in writing to do so;

(c) the Customer takes or has taken against it (other than in relation to a solvent restructuring) any step or action towards its entering bankruptcy, administration, provisional liquidation or any composition or arrangement with its creditors, applying to court for or obtaining a moratorium under Part A1 of the Insolvency Act 1986, being wound up (whether voluntarily or by order of the court), being struck off the register of companies, having a receiver appointed to any of its assets, or its entering a procedure in any jurisdiction with a similar effect to a procedure listed in this clause 15.2(c);

(d) the Customer suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business; or

(e) the Customer’s financial position deteriorates so far as to reasonably justify the opinion that the Customer’s ability to give effect to the terms of this agreement is in jeopardy.

15.3 On termination of this agreement for any reason:

(a) all licences granted under this agreement shall immediately terminate and the Customer shall immediately cease all use of the Services and/or the Documentation;

(b) each party shall return and make no further use of any equipment, property, Documentation and other items (and all copies of them) belonging to the other party;

(c) RMI Cyber may destroy or otherwise dispose of any of the Customer Data in its possession unless RMI Cyber receives, no later than 10 days after the effective date of the termination of this agreement, a written request for the delivery to the Customer of the then most recent back-up of the Customer Data. RMI Cyber shall use reasonable commercial endeavours to deliver the back-up to the Customer within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Customer shall pay all reasonable expenses incurred by RMI Cyber in returning or disposing of Customer Data; and

(d) any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination shall not be affected or prejudiced.

16. Force majeure.

Neither party shall be in breach of this agreement or otherwise liable for any failure or delay in the performance of its obligations if such delay or failure results from events, circumstances or causes beyond its reasonable control. The time for performance of such obligations shall be extended accordingly.

17. Assignment.

17.1 The Customer shall not, without the prior written consent of RMI Cyber, assign, transfer, mortgage, charge, subcontract, delegate, declare a trust over or deal in any other manner with any of its rights and obligations under this agreement.

17.2 RMI Cyber may at any time assign, mortgage, charge, subcontract, delegate, declare a trust over or deal in any other manner with any or all of its rights and obligations under this agreement.

18. Notices.

18.1 Any notice given to a party under or in connection with this agreement shall be in writing and shall be:

(a) delivered by hand or by pre-paid first-class post or other next working day delivery service at its registered office (if a company) or its principal place of business (in any other case); or

(b) sent by email to the email addresses (or an address substituted in writing by the party to be served) set out within the Proposal for each party.

18.2 Any notice shall be deemed to have been received:

(a) if delivered by hand, at the time the notice is left at the proper address;

(b) if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting; or

(c) if sent by email, at the time of transmission, or, if this time falls outside Business Hours in the place of receipt, when Business Hours resume.

18.3 This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

19. General

19.1 If there is an inconsistency between any of the provisions in the main body of this agreement and the Schedules, the provisions in the main body of this agreement prevail.

19.2 Subject to clause 10.6, RMI Cyber may modify the provisions of this agreement at any time upon 30 days’ notice to the Customer but no variation of this agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).

19.3 Subject to clause 10.6, RMI Cyber may modify any of the Software at any time upon 30 days’ notice to the Customer.

19.4 A waiver of any right or remedy is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy. A delay or failure to exercise, or the single or partial exercise of, any right or remedy does not waive that or any other right or remedy, nor does it prevent or restrict the further exercise of that or any other right or remedy.

19.5 Except as expressly provided in this agreement, the rights and remedies provided under this agreement are in addition to, and not exclusive of, any rights or remedies provided by law.

19.6 If any provision or part-provision of this agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this agreement. If any provision or part-provision of this agreement is deemed deleted under clause 19.6the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.

19.7 This agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous and contemporaneous agreements, promises, assurances and understandings between them, whether written or oral, relating to its subject matter. Each party acknowledges that in entering into this agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this agreement. Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this agreement. Nothing in this clause shall limit or exclude any liability for fraud.

19.8 Nothing in this agreement is intended to or shall operate to create a partnership between the parties, or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).

19.9 This agreement does not give rise to any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this agreement. The rights of the parties to rescind or vary this agreement are not subject to the consent of any other person.

19.10 This agreement may be executed in any number of counterparts, each of which shall constitute a duplicate original, but all the counterparts shall together constitute the one agreement. Transmission of an executed counterpart of this agreement (but for the avoidance of doubt not just a signature page) by email (in PDF, JPEG or other agreed format) takes effect as the transmission of an executed "wet-ink" counterpart of this agreement. If this method of transmission is adopted, without prejudice to the validity of the agreement thus made, each party shall on request provide the other with the "wet ink" hard copy original of their counterpart. No counterpart shall be effective until each party has provided to the other at least one executed counterpart.

20. Governing law and Jurisdiction

20.1 This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and interpreted in accordance with the law of England and Wales.

20.2 Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims).

This has been entered into on the date stated at the beginning of it.

SCHEDULE 1PROCESSING, PERSONAL DATA AND DATA SUBJECTS

1. Processing by RMI Cyber

1.1 Scope

Rmi is a software platform that delivers monitoring tools that help to identify and manage attack surface exposure, vulnerabilities and misconfigurations, allowing businesses to proactively reduce and remediate these issues.

1.2 Nature of processing

Data collection for reporting purposes within the system, leaked personal data is not stored in identifiable format.

1.3 Purpose of processing

To identify weaknesses and potential vulnerabilities created through leaked company credentials and information.

1.4 Duration of the processing

Annually or as long as the software continues to be accessed.

2. Types of Personal Data

Name, Company or personal email addresses, job titles, bank account details, personal address details.

3. Categories of Data Subject

Employees of the customer.

Log In

Terms & Conditions