THIS SOPHOS SERVICES AGREEMENT (“AGREEMENT”) BETWEEN CUSTOMER AND SOPHOS LIMITED (“SOPHOS”) GOVERNS CUSTOMER’S ACCESS AND USE OF THE SERVICE AND IS A LEGALLY BINDING AND ENFORCEABLE CONTRACT.
BY CLICKING A BOX INDICATING ACCEPTANCE OR AGREEMENT, OR BY ACCESSING OR USING THE SERVICE, CUSTOMER AGREES TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT S/HE HAS THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT.
If you wish to view the Sophos Services Agreement in another language, visit any of the following pages: Spanish, French, Italian, German, Japanese.
1. DEFINITIONS
1.1 “Affiliate” means, with respect to each party, an entity that controls, is controlled by, or is under common control with such party. For the purposes of this definition, “control” means the beneficial ownership of more than fifty percent (50%) of the voting power or equity in an entity.
1.2 “Beta Service” means any Service (or portion of a Service) or Service Software that Sophos identifies as beta, pre-release, early access, or preview, and that is made available to Customer during the Subscription Term but not made generally available for use.
1.3 “Cloud Service” means Sophos Cloud Optix services, Sophos Factory, Sophos Central XDR and Sophos Data Lake.
1.4 “Confidential Information” means any non-public, confidential, or proprietary information of the disclosing party that is clearly marked confidential or reasonably should be assumed to be confidential given the nature of the information and the circumstances of disclosure.
1.5 “Customer” means the company or legal entity identified in the applicable Schedule, or in the event there is no applicable Schedule, “Customer” means: (a) the company or legal entity on whose behalf a User accesses or uses the Service, or (b) an individual who accesses or uses the Service on such individual’s own behalf.
1.6 "Customer Content" means all software, data (including Personal Data), non-Sophos or third-party applications, and any other content, communications or material, in any format; and any system, network, or infrastructure provided or made accessible by Customer or User to Sophos in connection with Customer’s access and use of the Service.
1.7 “Documentation” means any online help content, user manuals, or similar materials pertaining to the implementation, operation, access, and use of the Service that are made available by Sophos, as may be revised by Sophos from time to time.
1.8 “Partner” means a reseller, distributor, or other independent third party from which Customer purchases a subscription to the Service.
1.9 “Personal Data” means any information relating to an identified or identifiable individual or that is otherwise defined as “personal data”, “personal information”, or “personally identifiable information” under applicable data protection laws.
1.10 “Sanctions and Export Control Laws” means any law, regulation, statute, prohibition, or similar measure applicable to the Service and/or to either party relating to the adoption, application, implementation, and enforcement of economic sanctions, export controls, trade embargoes, or any other restrictive measures, including, but not limited to, those administered and enforced by the European Union, the United Kingdom, and the United States, which shall be considered applicable to the Service.
1.11 “Schedule” means the order confirmation issued by Sophos, or other equivalent documentation, that details Customer’s purchase of a Service and the Service Entitlement, and may include other access and use details for the Service.
1.12 “Security Service” means Sophos Managed Threat Response, Sophos Managed Threat Detection, Sophos Rapid Response or other associated security services as described in the applicable Service Description.
1.13 “Service” means a Security Service, Cloud Service, Beta Service, or Trial Service that Customer is authorized to access and use under the terms of this Agreement, including any applicable support and maintenance services, and associated Service Software and Documentation.
1.14 “Service Description” means Sophos’s description of a Security Service’s features, including any additional Service-specific terms and requirements, available at https://www.sophos.com/en-us/legal.
1.15 “Service Entitlement” means the quantity of units of the Service that Customer has purchased and the associated Subscription Term, each as set forth on the applicable Schedule.
1.16 “Service Software” means any software agent, application, or tool made available by Sophos for Customer’s use in connection with a Service, including any updates and upgrades.
1.17 “Sophos Materials” means (i) all Sophos proprietary materials, any written or printed summaries, analyses or reports generated in connection with a Service, including written reports that are created for Customer in the course of providing a Service, and (ii) data generated by Sophos in the course of providing a Service to Customer, including but not limited to, detections, threat data, indicators of compromise and any contextual data (but excluding Customer Content).
1.18 “Subscription Term” means the term of Customer’s authorized access and use of the Service, as set forth in the applicable Schedule.
1.19 “Third Party Services” has the meaning set forth in Section 3.3 below.
1.20 “Trial Service” has the meaning set forth in Section 2.4 below.
1.21 “Trial Service Term” has the meaning set forth in Section 2.4 below.
1.22 “Usage Data” means any diagnostic and usage-related information from the use, performance and operation of the Service, including, but not limited to, type of browser, Service features, and systems that are used and/or accessed, and system and Service performance-related data.
1.23 “Use Level” has the meaning set forth in Section 2.2 below.
1.24 “User” means Customer’s and its permitted Affiliates’ employees, contractors, and similar personnel authorized by Customer or its Affiliates to access and use the Service on such entity’s behalf.
2. SERVICE USE AND RESTRICTIONS
2.1 Right to Access and Use. Subject to Customer’s compliance with the terms of this Agreement, Sophos grants Customer a non-exclusive, non-transferable, worldwide right to access and use the Service listed in the Schedule during the applicable Subscription Term solely for Customer’s internal information security purposes, except that Customers may use Sophos Factory for Customer’s internal business purposes. Customer may permit its Affiliates and Users to use the Service in accordance with this Agreement, provided that Customer remains fully responsible and liable for their use of the Service and compliance with the terms and conditions of this Agreement.
2.2 Use Level. The Service Entitlement together with the defined Service unit(s) or meter(s) specified in the Licensing Guidelines at https://www.sophos.com/en-us/legal form the applicable Customer use level (“Use Level”). Customer may access and use the Service in accordance with the applicable Use Level, and may not exceed the Use Level at any time. Customer’s use and access of the Service in excess of its Service Entitlement may result in degraded, incomplete or failed Service delivery. If Customer wishes to increase its Service Entitlement, it must first purchase the corresponding additional Service Entitlement. If Customer exceeds its Service Entitlement, Customer will pay any invoice for such excess use issued by Sophos or a Partner in accordance with Section 6.1.
2.3 Restrictions. Except as specifically permitted in this Agreement, Customer will not (and will not allow an Affiliate, User, or third party to), directly or indirectly: (a) sublicense, resell, rent, lease, distribute, market, commercialize, or otherwise transfer rights to, or usage of, all or any portion of the Service, or provide the Service on a timesharing, service bureau, or other similar basis; (b) modify, adapt, translate, create derivative works of, reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of, any part of the Service; (c) remove, alter, or obscure any proprietary rights notices contained in or affixed to the Service; (d) attempt to gain unauthorized access to the Service; (e) attempt to disrupt, degrade, impair, or violate the integrity, security, or performance of the Service, including, without limitation, by executing any form of network monitoring; (f) use the Service to store, transmit, or propagate any viruses, software routines, or other code designed to permit unauthorized access, to disable, erase or otherwise harm software, hardware or data, or to perform any other harmful actions; (g) take any action that imposes or may impose an unreasonable or disproportionately large load on Sophos’s infrastructure, as determined by Sophos in its sole discretion; (h) disable or circumvent any monitoring or billing mechanism related to the Service; or (i) access or use the Service in a manner that violates applicable law or regulation, infringes third party rights, or violates the terms and conditions of this Agreement.
2.4 Trial Services, Beta Services and Free Services
(a) If Sophos permits Customer to conduct a free trial or evaluation of a Service (“Trial Service”), Customer may access and use the Trial Service for thirty (30) days or such other duration specified by Sophos in writing (“Trial Service Term”).
(b) From time to time, Sophos may invite Customer to try a Beta Service, for a period specified by Sophos and at no charge, which Customer may accept or decline in Customer’s sole discretion. Customer will comply with testing guidelines that Sophos provides in connection with Customer’s use of a Beta Service and will make reasonable efforts to provide Feedback in accordance with Section 5.3. Sophos may discontinue a Beta Service at any time in its sole discretion and may not make it generally available.
(c) Trial Services and Beta Services are provided for internal testing and evaluation solely for Customer’s own internal information security purposes.
(d) Sophos may make certain Services, portions of certain Services, or certain usage tiers, available free of charge (“Free Services”). Customer’s right to access and use Free Services is not guaranteed for any period of time and Sophos reserves the right, in its sole discretion, to: (i) limit or terminate Customer’s use of Free Services; or (ii) reduce, change or deprecate the functionality of Free Services. For Free Services, only community support is available via https://community.sophos.com.
(e) TRIAL SERVICES, BETA SERVICES AND FREE SERVICES ARE PROVIDED “AS IS” WITHOUT ANY SUPPORT, INDEMNITY, LIABILITY OR REMEDY OF ANY KIND. TO THE EXTENT ALLOWED BY APPLICABLE LAW, SOPHOS EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTY, CONDITION, OR OTHER IMPLIED TERM AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF TRIAL SERVICES, BETA SERVICES OR FREE SERVICES.
(f) The terms of this Section 2.4 apply, and prevail over any conflicting terms in this Agreement, with respect to all access and use of Trial Services, Beta Services or Free Services.
2.5 Modifications to Service and Agreement.
2.5.1 Service. Sophos may modify or update the Service from time to time without materially reducing or degrading its overall functionality.
2.5.2 Agreement.
(a) Sophos may modify the terms of this Agreement from time to time by posting a modified version on https://www.sophos.com/legal or an alternate site Sophos identifies. Unless otherwise noted by Sophos, all modifications will become effective upon commencement of Customer’s next Subscription Term. If Sophos makes any material change to the Agreement that will become effective upon an earlier date (“Immediate Modification”), Sophos will notify Customers (i) in accordance with Section 11.2 (Notice) or (ii) by posting a notice in the Service console. Sophos may add new Services from time to time, and Customer’s purchase and use of a new Service will constitute Customer’s acceptance of this Agreement.
(b) In the event of an Immediate Modification, except where required by law, regulation, court order, or guidance issued by a government regulator, Customer will have the right to terminate the Agreement within thirty (30) days of the date of Sophos’s Immediate Modification notice if Customer objects to such Immediate Modification, and the termination will be effective at the end of the thirty- (30-) day period. Customer’s or a User’s continued access and use of the Service following thirty (30) days after the date of the Immediate Modification notice will constitute Customer’s acceptance of the Immediate Modification and updated Agreement. If Customer terminates the Agreement as provided in this paragraph, Sophos will provide or authorize a pro rata refund of the fees paid by Customer to Sophos or the Partner, respectively, for the remainder of the applicable Subscription Term. Customer will be responsible for all fees incurred prior to the effective date of termination.
2.6 Service Software. If Sophos provides Service Software, Customer may use it only: (a) during the Subscription Term, or applicable Trial Service Term or Beta Service term; and (b) in compliance with the Sophos End User License Agreement located at https://www.sophos.com/en-us/legal and in conjunction with the Service.
2.7 Support. Sophos will provide the technical support specified in the applicable Schedule or Documentation during the Subscription Term. Additional technical support packages may be available for an additional fee. Technical support packages are described at: https://www.sophos.com/en-us/support/technical-support. From time to time, Sophos performs scheduled maintenance to update the servers, software, and other technology that are used to provide the Service and will use commercially reasonable efforts to provide prior notice of such scheduled maintenance. Customer acknowledges that, in certain situations, Sophos may need to perform emergency maintenance of the Service without providing prior notice.
3. CUSTOMER OBLIGATIONS
3.1 Access and Use. Customer is solely responsible for: (a) accessing and using the Service in accordance with the Documentation; (b) determining the suitability of the Service for Customer’s internal information security purposes; (c) configuring the Service appropriately; (d) complying with any regulations and laws (including, without limitation, export, data protection, and privacy laws) applicable to Customer Content and Customer’s use of the Service; (e) Customer’s and Users’ access and use of the Service; (f) all activity occurring under Customer’s Service and support accounts, including the rights and privileges Customer grants to Users and any activity undertaken or decision made by Users regarding Service delivery; (g) providing all reasonable information and assistance required for Sophos to deliver the Service or enable Customer’s or Users’ access and use of the Service; (h) using reasonable means to protect the account information and access credentials (including passwords and devices or information used for multi-factor authentication purposes) used by Customer and Users to access the Service; and (i) promptly notifying Sophos of any unauthorized account use or other suspected security breach, or unauthorized use, copying, or distribution of the Service or Customer Content.
3.2 Accuracy of Information. Customer agrees to provide complete and accurate Customer and User identification information in connection with access and use of the Service, including but not limited to providing reasonable Customer and User contact details and information upon Sophos's or Partner’s request.
3.3 Third Party Services. The Service may enable or require Customer to associate its Service account with, link to, or otherwise access, third parties’ websites, platforms, content, products, services, or information (“Third Party Services”). Third Party Services are not part of the Service, and Sophos does not control and is not responsible for the Third Party Services. Customer is solely responsible for: (a) obtaining and complying with any terms of access and use of the Third Party Services, including any separate fees or charges imposed by the provider of the Third Party Services; and (b) configuring the Third Party Services appropriately. Sophos disclaims all responsibility and liability arising from or related to Customer’s access or use of the Third Party Services, including any impact on Service capabilities as a result of Customer’s use of, or reliance upon, the Third Party Services.
4. CUSTOMER CONTENT; PROTECTION OF CUSTOMER CONTENT; CONFIDENTIALITY; USE OF DATA
4.1 Customer Content. Customer is solely responsible for all Customer Content, including but not limited to its accuracy, quality, and legality. Customer represents and warrants that it: (a) has the legal rights to provide Customer Content to Sophos; (b) has provided any required notices and has obtained any consents and/or authorizations (including any required from Users) related to its access and use of the Service and the processing of and access to Customer Content by Sophos; and (c) will comply with all applicable laws and regulations for collecting and processing Customer Content, and transferring Customer Content to Sophos. Customer is responsible for taking and maintaining appropriate steps to protect the confidentiality, integrity, and security of Customer Content, including but not limited to: (i) controlling access that Customer provides to Users; and (ii) backing up Customer Content.
4.2 Use of Customer Content by Sophos. Customer grants Sophos a non-exclusive, worldwide, royalty-free license to access and use the Customer Content to perform its obligations (including to provide the Service) and exercise its rights under this Agreement.
4.3 Protection of Customer Content by Sophos. Sophos will maintain appropriate administrative, physical, and technical measures designed to protect the security, confidentiality, and integrity of Customer Content processed by Sophos. The Data Processing Addendum (“DPA”) located at https://www.sophos.com/en-us/legal/data-processing-addendum is incorporated by reference into this Agreement if the provision of Service constitutes any "processing" by Sophos of any "personal data" within the Customer Content, but only to the extent such processing falls within the scope of "Applicable Data Protection Laws" (each term as defined in the DPA). In the event of any conflict between the terms of the DPA and this Agreement, the terms of the DPA will take precedence.
4.4 Content Restrictions. If Customer’s access and use of the Service requires Customer to comply with industry-specific data security or data protection obligations, Customer will be solely responsible for such compliance. Customer may not use the Service in a way that would subject Sophos to those industry-specific regulations without obtaining Sophos’ prior written agreement.
4.5 Confidentiality.
(a) Each party acknowledges that it and its Affiliates (“Receiving Party”) may have access to Confidential Information of the other party and its Affiliates (“Disclosing Party”) in connection with this Agreement. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own Confidential Information of like kind (but not less than reasonable care). The Receiving Party agrees to (i) not use any Confidential Information for any purpose other than to perform its obligations and exercise its rights under this Agreement, and (ii) restrict dissemination of Confidential Information only to individuals or third parties with a “need to know” such information and who are under a substantially similar duty of confidentiality. A Receiving Party may disclose the Disclosing Party’s Confidential Information in any legal proceeding or as required as a matter of applicable law or regulation (such as in response to a subpoena, warrant, court order, governmental request, or other legal process); provided, however, that to the extent permitted by applicable law, the Receiving Party will (1) promptly notify the Disclosing Party before disclosing the Disclosing Party’s Confidential Information; (2) reasonably cooperate with and assist the Disclosing Party, at the Disclosing Party’s expense, in any efforts by the Disclosing Party to contest the disclosure; and (3) disclose only that portion of the Disclosing Party’s Confidential Information that is legally required to be disclosed.
(b) Notwithstanding the above, a Disclosing Party’s Confidential Information will not include information that: (i) is or becomes a part of the public domain through no act or omission of the Receiving Party; (ii) was in the Receiving Party’s lawful possession prior to the disclosure by the Disclosing Party and had not been obtained by the Receiving Party either directly or indirectly from the Disclosing Party; (iii) is lawfully disclosed to the Receiving Party by a third party without restriction on the disclosure; or (iv) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information.
4.6 Usage Data and Threat Intelligence Data. In the course of providing the Service, Sophos may collect, access, use, process, transmit, or store Usage Data and threat intelligence data for: (a) product improvement; (b) research and development purposes; and (c) deriving statistical data using information that is aggregated, anonymized, de-identified, or otherwise rendered not reasonably associated or linked to an identifiable individual or to Customer or Users (“Statistical Data”). Sophos retains all intellectual property rights in such Statistical Data. Sophos may share threat intelligence data (including from Customer Content, if it is anonymized, de-identified, or otherwise rendered not reasonably associated or linked to an identifiable individual or Users) with selected reputable members of the IT industry for the purposes of promoting awareness of security risks, and anti-spam and security threat research.
5. OWNERSHIP RIGHTS
5.1 Customer Ownership. Except as expressly provided otherwise in this Agreement, as between Sophos and Customer, Customer retains all right, title, and interest in and to Customer Content.
5.2 Sophos Ownership. As between Sophos and Customer, Sophos retains all right, title, and interest, including all intellectual property rights, in and to the Service and Sophos Materials, including all improvements, enhancements, modifications, derivative works, logos, and trademarks. Sophos reserves all rights in and to the Service that are not expressly granted under this Agreement. During the Agreement term, Sophos grants to Customer a limited, non-exclusive license to use such Sophos Materials solely for Customer to receive the Service and for Customer’s own internal information security purposes only.
5.3 Feedback. Customer or Users may provide suggestions, enhancement or feature requests, or other feedback to Sophos with respect to the Service (“Feedback”). If Customer provides Feedback, Sophos may use the Feedback without restriction and without paying any compensation to Customer, and Customer hereby irrevocably assigns to Sophos all intellectual property rights in and to such Feedback.
6. PAYMENT; TAXES; MONITORING
6.1 Fees, Taxes, and Payment. If Customer is purchasing a subscription to access and use the Service from a Partner, all provisions related to fees, taxes, and payment terms will be exclusively between the Partner and Customer. Otherwise, Customer will pay Sophos the fees for access and use of the Service within thirty (30) days of the invoice date (in the currency and via the payment method specified on the invoice), unless otherwise noted in the Schedule. All fees are exclusive of value added tax and any other federal, state, municipal, or other governmental taxes, duties, licenses, fees, excises, or tariffs, and Customer is responsible for paying any taxes assessed based on Customer’s purchases under the Agreement.
6.2 Service Monitoring. Customer acknowledges that Sophos continuously monitors the Service to: (a) track usage and Service Entitlement, (b) provide support, (c) monitor the performance, integrity, and stability of the Service’s infrastructure, (d) prevent or remediate technical issues, and (e) detect and address illegal acts or violations of Section 2.3 (Restrictions).
7. WARRANTIES; DISCLAIMERS; LIMITATION OF LIABILITY
7.1 Warranties. Each party warrants to the other party that it has the requisite authority to enter into this Agreement. Sophos warrants that, during the Subscription Term, (a) it will provide the Service using commercially reasonable skill and care, and (b) the Service will materially conform to the corresponding Documentation. Customer’s sole and exclusive remedy for Sophos’s breach of the foregoing warranty is, at Sophos’s option, either (i) repair or replacement of the Service, or (ii) a pro rata refund of the fees paid to Sophos or a Partner for the period in which Sophos was in breach of the foregoing warranty. This warranty is conditioned upon Customer providing Sophos prompt written notice of the Service’s non-conformity and using the Service in compliance with this Agreement.
7.2 Warranty Disclaimer. EXCEPT AS EXPRESSLY STATED IN SECTION 7.1, TO THE EXTENT ALLOWED BY APPLICABLE LAW, SOPHOS EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTY, CONDITION, OR OTHER IMPLIED TERM AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THE SERVICE. SOPHOS MAKES NO WARRANTY OR REPRESENTATION THAT THE SERVICE: (A) WILL BE UNINTERRUPTED, COMPLETELY SECURE, ERROR-FREE, FAILSAFE, OR FREE OF VIRUSES; (B) WILL MEET CUSTOMER’S BUSINESS REQUIREMENTS OR OPERATE WITH CUSTOMER’S CURRENT SYSTEMS; OR (C) WILL IDENTIFY OR REMEDIATE ALL THREATS OR INDICATORS OF COMPROMISE. SOPHOS IS NOT RESPONSIBLE FOR ANY ISSUES RELATED TO THE PERFORMANCE, OPERATION, OR SECURITY OF THE SERVICE THAT ARISE FROM CUSTOMER CONTENT, THIRD PARTY SERVICES, OR ANY OTHER SERVICES PROVIDED BY THIRD PARTIES. SOPHOS DISCLAIMS ANY RESPONSIBILITY OR LIABILITY FOR ANY INTERCEPTION OR INTERRUPTION OF ANY COMMUNICATIONS THROUGH THE INTERNET, NETWORKS, OR SYSTEMS OUTSIDE SOPHOS’S CONTROL.
7.3 Limitation of Liability.
IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INDIRECT, CONSEQUENTAL, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY DAMAGES, OR ANY LOSS OF REVENUES, BUSINESS, PROFITS (IN EACH CASE WHETHER DIRECT OR INDIRECT), OR DATA IN CONNECTION WITH THIS AGREEMENT OR THE SERVICE, EVEN IF THE DAMAGES WERE FORESEEABLE OR A PARTY HAD BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES.
IN NO EVENT WILL THE AGGREGATE LIABILITY OF SOPHOS OR ITS AFFILIATES FOR DIRECT DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE SERVICE EXCEED THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER TO SOPHOS OR THE PARTNER, AS APPLICABLE, UNDER THIS AGREEMENT DURING THE APPLICABLE SUBSCRIPTION TERM.
THE LIMITATIONS AND EXCLUSIONS OF LIABILITY IN THIS SECTION 7.3 APPLY (A) WHETHER SUCH CLAIMS ARISE UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE), EQUITY, STATUTE, OR OTHERWISE, AND (B) NOTWITHSTANDING THE FAILURE OF THE ESSENTIAL PURPOSE OF ANY REMEDY. NOTHING IN THIS AGREEMENT LIMITS OR EXCLUDES ANY LIABILITY WHICH CANNOT BE LIMITED OR EXCLUDED UNDER APPLICABLE LAW.
8. INDEMNIFICATION
8.1 Indemnification by Sophos.
(a) Sophos will (i) indemnify, defend, and hold Customer harmless from any third party claim, action, suit, or proceeding alleging that Customer’s access and use of the Service in accordance with this Agreement infringes such third party’s patent, trademark, or copyright; and (ii) reimburse Customers’ reasonable attorney’s fees and costs actually incurred and any damages finally awarded against Customer by a court of competent jurisdiction or agreed to by Sophos in a settlement. If a third-party claim is made or appears likely to be made, Sophos, in its sole discretion, may: (1) procure the right for Customer to continue accessing or using the Service under the terms of this Agreement; or (2) modify or replace the Service to be non-infringing without material decrease in functionality. If Sophos, in its sole discretion, determines that neither of the foregoing options is reasonably feasible, Sophos may terminate the Service upon written notice to Customer, and provide or authorize a pro rata refund of the fees paid by Customer to Sophos or the Partner, respectively, for the remainder of the applicable Subscription Term. The foregoing shall be Sophos’s entire obligation and Customer’s exclusive remedy regarding any third-party claim against Customer.
(b) Sophos will have no indemnity obligation for any claim to the extent such claim, in whole or in part, is based on: (i) a modification of the Service by Customer or a third party; (ii) access or use of the Service in a manner that violates the terms and conditions of this Agreement; (iii) technology, designs, instructions, or requirements provided by Customer or a third party on Customer’s behalf; (iv) combination, operation, or use of the Service with non-Sophos products, software, services, or business processes, if a claim would not have occurred but for such combination, operation, or use; or (v) Customer Content or Third Party Services.
8.2 Indemnification by Customer. Customer will indemnify, defend, and hold harmless Sophos, its Affiliates, and their officers, directors, employees, contractors, and agents against any claims, liabilities, and expenses (including court costs and reasonable attorneys' fees) that are incurred as a result of or in connection with: (a) Customer Content, including without limitation Customer’s failure to follow applicable laws, obtain all necessary consents related to Customer Content, or comply with Section 4.4 (Content Restrictions); (b) Customer's access or use of the Service in a manner not expressly permitted by this Agreement; (c) Customer’s violation of any third party rights; (d) Customer’s violation of applicable laws or regulations; or (e) any work product created in reliance on the Service and use of such work product by Customer or a third party.
8.3 Indemnification Procedures. The indemnified party (“Indemnitee”) will: (a) promptly notify the indemnifying party (“Indemnitor”) in writing of any indemnifiable claim; (b) give Indemnitor all reasonable assistance, at Indemnitor’s expense; and (c) give Indemnitor sole control of the defense and settlement of the claim. Any settlement of a claim will not include a specific performance obligation other than the obligation to cease using the Service, or an admission of liability by the Indemnitee, without the Indemnitee’s consent. The Indemnitee may join in the defense of an indemnifiable claim with counsel of its choice at its own expense.
9. TERM AND TERMINATION
9.1 Term. This Agreement will remain in effect until the expiration of the applicable Subscription Term or Trial Service Term.
9.2 Termination or Suspension of Service. Either party may terminate this Agreement and any then-current applicable Schedule if the other party materially breaches its obligations hereunder and does not cure the breach within thirty (30) days after receipt of written notice of the breach. Sophos, in its sole discretion, may terminate the Agreement if Sophos reasonably believes that Customer’s or User’s access and use of the Service could subject Sophos, its affiliates or any third party to liability. Sophos may immediately suspend Customer’s or User’s access and use of the Service, or portions of the Service, if: (a) Sophos believes there is a significant threat to the functionality, security, integrity, or availability of the Service to Customer or to other customers; (b) Customer accesses or uses the Service in violation of Section 2.3 (Restrictions); (c) Customer fails to pay the fee for access and use of the Service to Sophos or the Partner (as applicable) in accordance with the agreed payment terms; or (d) Sophos reasonably believes that Customer is violating or has violated Sanctions and Export Control Laws and/or the provisions of Section 10.1 (Export Compliance) in connection with access and use of the Service. When reasonably practicable and lawfully permitted, Sophos will provide Customer with advance notice of any such Service suspension. Sophos will use reasonable efforts to re-establish the Service promptly after it determines that the issue causing the suspension has been resolved. Any Service suspension under this Section shall not excuse Customer’s payment obligations under this Agreement.
9.3 Effect of Termination. Upon termination or expiration of this Agreement: (a) all Customer rights under this Agreement relating to the Service will immediately terminate; (b) Customer is no longer authorized to access the Service or Customer’s account; and (c) Customer must destroy any copies of Service Software within Customer’s control. Upon any termination by Customer for Sophos’s uncured material breach of the Agreement, Sophos will provide or authorize a pro rata refund of the fees paid by Customer to Sophos or the Partner, respectively, for the remainder of the applicable Subscription Term. Upon any termination by Sophos for Customer’s uncured material breach of the Agreement, Customer will pay any unpaid fees covering the remainder of the then-current Subscription Term.
9.4 Customer Content upon Termination. After termination or expiration of this Agreement, Customer agrees that Sophos has no obligation to Customer to retain Customer Content, which may thereafter be permanently deleted by Sophos. Sophos will protect the confidentiality of Customer Content residing in the Service for as long as such information resides in the Service.
10. EXPORT CONTROL; COMPLIANCE WITH LAWS
10.1 Export Compliance. Customer is solely responsible for ensuring that the Service is used, accessed, and disclosed in compliance with Sanctions and Export Control Laws. Customer certifies that Customer or Users, or any party that owns or controls Customer or Users, are not (a) ordinarily resident in, located in, or organized under the laws of any country or region subject to economic or financial trade sanctions or trade embargoes imposed, administered, or enforced by the European Union, the United Kingdom, or the United States; (b) an individual or entity on the Consolidated List of Persons, Groups, and Entities Subject to European Union Financial Sanctions; the U.S. Department of the Treasury's List of Specially Designated Nationals and Blocked Persons or Foreign Sanctions Evaders List; the U.S. Department of Commerce's Denied Persons List or Entity List; or any other sanctions or restricted persons lists maintained by the European Union, the United Kingdom, or the United States; or (c) the target or subject of any Sanctions and Export Laws. Customer further certifies that it and Users will not, directly or indirectly, export, re-export, transfer, or otherwise make available (i) the Service, or (ii) any data, information, software programs, and/or materials resulting from the Service (or direct product thereof) to any person described in (a) through (c) or in violation of, or for any purpose prohibited by, Sanctions and Export Control Laws, including for proliferation-related end uses. Customer agrees that Sophos has no obligation to provide the Service where Sophos believes the provision of the Service could violate Sanctions and Export Control Laws. Further details are available at https://www.sophos.com/en-us/legal/export.
10.2 Compliance with Laws. Each party agrees to comply with all laws applicable to the actions and obligations contemplated by this Agreement. Each party warrants that, during the term of this Agreement, neither party nor any of its officers, employees, agents, representatives, contractors, intermediaries, or any other person or entity acting on its behalf has taken or will take any action, directly or indirectly, that contravenes (a) the United Kingdom Bribery Act 2010, (b) the United States Foreign Corrupt Practices Act 1977, or (c) any other applicable anti-bribery laws or regulations anywhere in the world.
11.GENERAL
11.1 Assignment. Customer may not sublicense, assign, or transfer its rights or obligations under this Agreement without Sophos’s prior written consent. Sophos may in its sole discretion assign, novate, subcontract, or otherwise transfer any of its rights or obligations hereunder.
11.2 Notice. Sophos may provide Customer with notice (a) if applicable to the Service, by means of a general notice on the Service portal, on the Sophos.com website, or any other website used as part of the Service, and (b) if specific to the Customer, by electronic mail to the e-mail address in Sophos’s records. All notices to Sophos concerning this Agreement should be addressed to The Legal Department, Sophos Limited, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom with a copy to legalnotices@sophos.com.
11.3 Waiver. Failure by either party to enforce any term or condition of this Agreement will not be construed as a waiver of any of its rights under it.
11.4 Severability. If any provision of the Agreement is held to be invalid or unenforceable, the remaining provisions of the Agreement will remain in force to the fullest extent permitted by law.
11.5 Force Majeure. Neither party will be liable to the other for any delay or failure to perform hereunder, except for Customer’s payment obligations, due to circumstances beyond such party’s reasonable control, including acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems, or other industrial disturbances, systemic electrical, telecommunications, or other utility failures.
11.6 Community Forum. Customer and other Sophos customers may exchange ideas and technical insight related to Sophos offerings in the Sophos Community site at https://community.sophos.com/. Sophos does not endorse, warrant, or guarantee any information posted on that site, and Customer alone assumes the risk of using any such information.
11.7 United States Government Users; Non-Waiver of Government Immunity.
(a) The Service and Documentation are considered “commercial computer software” and “commercial computer software documentation” for the purposes of FAR 12.212 and DFARS 227.7202, as amended, or equivalent provisions of agencies that are exempt from the FAR or that are U.S. state or local government agencies. Any use, modification, reproduction, release, performance, display, or disclosure of the Service by the U.S. Government and U.S. state and local government agencies will be governed solely by this Agreement, and except as otherwise explicitly stated in this Agreement, all provisions of this Agreement shall apply to the U.S. Government and U.S. state and local government agencies.
(b) If Customer is a federal, state, or other governmental instrumentality, organization, agency, institution, or subdivision, the limitations of liability and Customer’s indemnity obligations herein shall apply only in the manner and to the extent permitted by applicable law, and without waiver of Customer’s constitutional, statutory, or other immunities, if any.
11.8 Governing Law and Jurisdiction. If the Sophos Affiliate from which Customer has purchased access and use of the Service is located in United States of America, Canada, or Latin America, this Agreement shall be governed by and construed in accordance with the laws of the Commonwealth of Massachusetts, U.S.A notwithstanding its conflicts of law principles, and all claims arising out of or relating to this Agreement or the Service shall be brought exclusively in the federal or state courts located in the Commonwealth of Massachusetts, U.S.A. The parties waive any right to a jury trial in any litigation arising out of or relating to this Agreement or the Service. For any other country, this Agreement shall be governed by and construed in accordance with the laws of England and Wales, without regard to conflict of laws principles, and all claims arising out of or relating to this Agreement or the Service shall be brought exclusively in the courts of England and Wales. The parties agree that the UN Convention on Contracts for the International Sale of Goods (CISG, Vienna, 1980) shall not apply to this Agreement.
11.9 Survival. The following sections, together with any other terms necessary for the interpretation or enforcement of this Agreement, will survive termination or expiration of this Agreement: 1 (Definitions), 4.5 (Confidentiality) for five (5) years, 4.6 (Usage Data and Threat Intelligence Data), 5 (Ownership Rights), 6 (Payment; Taxes; Monitoring), 7 (Warranties; Disclaimers; Limitation of Liability), 8 (Indemnification), 9.3 (Effect of Termination), 9.4 (Customer Content upon Termination), and 11 (General).
11.10 Independent Parties. Sophos and Customer are independent contractors, and nothing in this Agreement will create a partnership, joint venture, agency, franchise, sales representative, or employment relationship between the parties.
11.11 Entire Agreement. If Sophos and Customer have signed a separate written agreement covering access and use of the Service, the terms of such signed agreement will take precedence over any conflicting terms of this Agreement. Otherwise, this Agreement, the Service Description (where applicable), the Schedule, the Licensing Guidelines, and the documents and policies referenced herein constitute the entire agreement between the parties with respect to the Service and supersede all prior or contemporaneous oral or written communications, agreements or representations with respect to the Service. The Service Description is incorporated by reference into this Agreement if Customer’s purchase and use of the Service is described in the Service Description. If there are any inconsistencies between the English language version of this Agreement and any translated version, the English language version shall prevail.
Revision Date: 28 July 2021
Archived Versions