Schedule 30 – Mimecast
- MIMECAST TERMS AND CONDITIONS
1.1 Usage Metrics. Services may be based on different usage metrics, including Domains, Takedowns, or Permitted Users. Where “Permitted Users” is the usage metric, all Permitted Users of the Services must be individuals employed by or otherwise under Client’s control). Client may increase the number of Domains, Takedowns, or Permitted Users listed in a Services Order or add Services at any time during the Subscription Term. However, Client must provide Reseller or Mimecast with advance notice prior to adding additional Domains, Takedowns, or Permitted Users to Client’s account, and additional fees may apply. During a Subscription Term, it is not possible for Client to (i) reduce the number of Domains, Takedowns, or Permitted Users; (ii) downgrade any of the Services ordered; or (iii) remove any of the Services ordered. Such changes may be made effective at the start of a new Subscription Term, but only if Mimecast receives notice of such change not less than thirty days prior to the renewal date.
1.2 Professional Services. Mimecast will provide professional services to Subscriber (“Professional Services”). Mimecast will perform such Professional Services in a professional and workmanlike manner, consistent with industry standards. In the event Mimecast’s performance does not conform as described in this Schedule, Subscriber will notify inq. of such failure within fifteen days after delivery of the Professional Services (“Acceptance Period”). Promptly after receipt of Client’s notice, inq.will ensure that Mimecast will re-perform the non-conforming Professional Services at no additional cost to Subscriber, as Subscriber’s exclusive remedy.
1.3 Subscriber Data. “Subscriber Data” means the data processed through Subscriber’s use of the applicable Services including, but not limited to, the contents of the files and emails sent by or to a Permitted User. The parties acknowledge and agree that inq.and Mimecast have no ownership rights to Client Data.
1.4 Security. Mimecast will implement and maintain appropriate administrative, technical, organizational and physical security measures for each of the Services to protect Client Data against unauthorized access, disclosure or loss. Subscriber acknowledges and agrees that, in the course of providing the Services to Subscriber, it may be necessary for Mimecast and/or inq.to access Client Data to respond to technical problems or Subscriber queries and to ensure the proper working of the Services. Additional information about Mimecast security, including the locations from which Support is provided and Mimecast’s certifications, attestations and assessments, is available on https://www.mimecast.com/company/mimecast-trustcenter/ (“Trust Center”). Mimecast may update the Trust Center from time to time.
1.5 Subscriber Use. Subscriber will use the Services only for its own internal business purposes and will not transfer, resell, license, or otherwise make the Services or the Intellectual Property. Subscriber will use the Services as reasonably directed by Mimecast and/or inq.. Subscriber will allow only the number of Permitted Users shown in clause 5 hereunder to access and use the Services. Subscriber may not use or access the Services for the purpose of (i) building a competitive service or comparative features; or (ii) comparative analysis (including but not limited to benchmarking) intended for use outside Subscriber’s organization.
1.6 Access Control. Subscriber will implement and maintain reasonable and appropriate controls to ensure that user accounts are used only by the Permitted Users to whom they are assigned and to manage and monitor Permitted Users, including designating one or more administrators responsible for access control. Subscribe is solely responsible for the acts or omissions of any user or Permitted User who obtains access to the Services through Subscriber or Subscriber’s systems. Subscriber will notify inq.promptly if it becomes aware of any unauthorized access or use.
1.7 Restrictions. Subscriber will not use the Services in any manner that: (a) infringes or violates the rights of others or that violates any applicable law or regulation (including but not limited to where Subscriber is required to obtain permissions or authorizations to permit Mimecast and/or inq.to perform its obligations hereunder); (b) violates any industry standards concerning unsolicited email; (c) introduces any viruses, malicious code, or any other items of a harmful nature; or (d) could reasonably be expected to interfere with or disrupt the Services (for example, an activity that causes Mimecast and or inq.to be blacklisted by an internet service provider). Client will defend, indemnify, and hold harmless inq.in the event of any third-party claim or regulatory action arising out of Subscriber’s breach (or alleged breach) of the terms of this clause 1.7.
1.8 Threat Data and Aggregated Data. Client hereby grants Mimecast a worldwide, royalty-free, fully paid up, irrevocable, non-exclusive license to use, process and store Threat Data for the purpose of providing the Services in accordance with these Mimecast Terms and Conditions. “Threat Data” means all data identified through the Services as malicious, such as data which may perpetuate data breaches, malware infections, cyberattacks or other threat activity, as well as data that describes and gives information about Subscriber Data, including but not limited to files, URLs, and other graph identifier derived features and other data used by machine learning processes that are designed to improve the Services. Threat Data does not include raw content of Client Data. For clarity, notwithstanding any provision herein to the contrary, Mimecast owns all aggregated data derived from the Services as aggregated with usage data from Mimecast’s other clients, including, without limitation, utilization statistics, reports, logs and information regarding spam, viruses or other malware processed by the Services (“Aggregated Data”). Aggregated Data does not contain Personal Data. Client acknowledges and agrees that Mimecast may (i) Process Aggregated Data and/or Threat Data for its business purposes; (ii) improve and develop the Services, including but not limited to the use of Threat Data to train the Service’s machine-learning algorithms, the output of which are anonymized and irreversible; and (iii)share Aggregated Data and/or Threat Data with Third Parties. A “Third Party” is any person (including companies, entities, organizations, etc.) that is not Subscriber or Mimecast.
1.9 Disclaimer. Without limiting Mimecast and or inq.’s express obligations under this schedule and the main agreement, Mimecast and inq.hereby disclaims all guarantees, conditions, warranties and representations, implied, statutory or otherwise concerning any services, software, documentation or materials provided by Mimecast and/or inq., including but not limited to, those implied warranties or conditions of merchantability of title, satisfactory quality, fitness for a particular purpose, and non-infringement. The services do not qualify as legal or expert advice. Subscriber should consider whether the services are appropriate for subscriber’s needs, and where appropriate, seek legal or expert advice. Mimecast and/or inq.do not represent that the services will achieve intended results, be uninterrupted or error free or meet subscriber’s requirements.
1.10 Limitation of liability. Liability caps shall not apply to Subscriber’s breach of clause 1.7 above and Data Claims. inq.’s maximum liability for any and all Data Claims will be limited to the greater of: (i) USD $100,000 (one hundred thousand US Dollars) (or the equivalent in South African rand) or (ii) two times the fees paid or payable by Subscriber to inq.for the applicable Services during the twelve months preceding the event giving rise to the Data Claim. The liability cap described in this clause 1.10 is intended to cover Data Claims only and may not be combined with the cap described in the Main Agreement in connection with the same set of underlying facts. Subscriber agrees that the limitations of liability set forth in these Mimecast Terms and Conditions are intended to apply to any data processing agreement entered into by the parties and that such limitations will control in the event of any conflict between such agreements. “Data Claims” means, collectively, any and all causes of action arising out of or relating to Mimecast and/or inq.’s breach of the obligations set forth in privacy and data protection clauses in in this Schedule and/or the Main Agreement or in any data processing agreement, whether in contract, extra-contractual liability, delict, statute or otherwise.