BETA TEST AND EVALUATION AGREEMENT - STA ACCESS RISK SCORE
READ THIS BETA TEST AND EVALUATION AGREEMENT AND THE TERMS CONTAINED HEREIN (THE “AGREEMENT”) CAREFULLY. THIS AGREEMENT HAS THE SAME LEGAL EFFECT AS A SIGNED AND NEGOTIATED WRITTEN CONTRACT. BY CLICKING “I ACCEPT,” YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, THAT YOU UNDERSTAND IT, THAT YOU HAVE THE AUTHORITY TO BIND YOUR ORGANIZATION AND THAT YOU AGREE TO BE BOUND BY ITS TERMS. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, THEN DO NOT CLICK “I ACCEPT”. THIS AGREEMENT IS EFFECTIVE BY AND BETWEEN THE THALES ENTITY THAT IS PARTY TO YOUR SafeNet Trusted Access SERVICE AGREEMENT (“THALES”), AND YOU AND ANY OF YOUR AFFILIATES AND SUBSIDIARIES, WHO UTILIZE THE SERVICE (“EVALUATOR”) The use of the Thales SafeNet Trusted Access-Access Risk Score feature, and documentation (the “Add OnServices”) is subject to the terms and conditions contained herein this Agreement and those terms contained in your SafeNet Trusted Access agreement (“STA Agreement”), including the limitation and exclusion of liability.
1. Right to Use
Thales grants to you a temporary, revocable, non-exclusive, non-transferable, limited, internal right to use and access the specified beta version of the Add On Services and the related documentation solely for Evaluation Purposes (the “Evaluation Right to Use”) over a period until the end of the Add On Services beta test period which shall be noticed to you by Thales (the “Evaluation Period”). Thales grants Evaluator no other rights to use of any sort, actual or implied.
2. Limitations on Use
Evaluator shall not use, attempt to use or authorize use of the Add On Services in any manner other than herein specified.
This right to use does not include any rights to copy, alter, modify, reverse engineer, decompile, disassemble, make derivative works, rent, lease, disclose, sub-license, or otherwise transfer the Add On Services, related documentation, or other proprietary information of Thales. No commercial development, deployment or implementation that incorporates the Add On Services in any nature by Evaluator is permitted under this Agreement, which shall include any development of any product or part thereof intended for use or deployment in any form or manner inconsistent with the terms of this Agreement.
If Evaluator wishes to pursue development of a system or device containing the non-beta versions of the Add On Services (where applicable), deployment of a solution utilizing the Add On Services, or use of the Add On Services in connection with its business whether internally or commercially, Evaluator must contact Thales to obtain licensing terms.
Evaluator may not copy the documentation of the Add On Services in any manner, in whole or in part.
Thales shall have the right to audit the Evaluator for illegal development, use, copyright and license violations.
3. Ownership
The Add On Services, the related documentation, and all authorized copies thereof, shall remain the exclusive property of Thales, and shall not be used in any way other than as allowed by this Agreement, and shall not be disclosed to any third party.. Evaluator acknowledges that, as between Thales and Evaluator, the Add On Services and its related documentation and all copyrights, trade secret rights and other intellectual property rights with respect thereto, are and will at all times be the property of Thales, even if suggestions made by Evaluator are incorporated into current or subsequent versions of the Add On Services or related documentation.
4. Compliance with Export Legislation
Add On Services may be subject to U.S. export control laws and/or export or import regulations in other countries. Evaluator agrees to comply strictly with all such laws and regulations and acknowledges that it has the responsibility to obtain such licenses to export, re-export or import as may be required after delivery to Evaluator. Evaluator shall indemnify and hold Thales and its suppliers and affiliates harmless from and against all claims, losses, damages, demands, and expenses arising from or in connection with its breach of this Section 4.
5. Technical Assistance
Evaluator may report issues regarding the Add On Services to Thales via the support portal Thales does not, however, guarantee a response to any such reports. The right to use Add on Services provided hereunder does not guarantee or entitle Evaluator to any maintenance or support services from Thales.
6. Feedback
Evaluator may from time to time provide suggestions, comments, or other feedback to Thales with respect to the Add On Services (hereinafter, “Feedback”). Notwithstanding anything to the contrary, Evaluator agrees that all Feedback is and shall be entirely voluntary and shall not, absent a separate agreement, create any confidentiality obligation for Thales. Thales shall be free to disclose and use such Feedback as it sees fit, entirely without obligation of any kind to Evaluator. Evaluator acknowledges that Thales is under no obligation to use its Feedback or incorporate its suggestions into future versions of Add On Services. Evaluator further acknowledges that Thales owns all rights to all Feedback and the fact that Thales may use a suggestion or Feedback in future Add On Services in no way creates any ownership rights for Evaluator.
7. DATA COLLECTION, OWNERSHIP AND USE
For the duration of each Evaluation Period, Evaluator grants to Thales and its third party providers a limited, non-exclusive, royalty-free, fully paid-up, revocable (only as set forth in the termination provisions of this Agreement), worldwide license to process the Evaluator Data, as necessary to: (i) provide the Add On Services, (ii) monitor the Add On Services, and (iii) maintain the Service.
As between Thales and Evaluator, the Evaluator Data is owned or controlled by Evaluator. Nothing contained herein shall be construed as granting Thales ownership in any Evaluator Data.
Evaluator shall have sole responsibility for the content, legality, reliability, integrity, accuracy and quality of the Eva Data, and for correcting errors and omissions in the Evaluator Data and Thales shall have no liability with respect thereto.
Evaluator represents and warrants that it has the authority to provide the Evaluator Data to Thales and its third party providers for use in relation to the Add On Services. Thales makes no warranties or representations of any kind as to the accuracy, suitability or sufficiency of the Evaluator Data to provide the Add On Services.
If Evaluator or its authorized users decide to share Evaluator Data, Evaluator is solely responsible for that disclosure, and what any third parties do with such Evaluator Data. Evaluator is solely responsible for any actions or omissions taken by its employees or agents (including authorized users) with respect to the Evaluator Data, including but not limited to deleting or corrupting the Evaluator Data. Evaluator acknowledges that Thales is not responsible for the disclosure of Evaluator Data by Evaluator, Evaluator employees or agents (including authorized users), to any third parties.
8. PERSONAL DATA AND SECURITY
The DPA provided under STA Agreement are hereby incorporated by reference in full force and effect and shall apply to any such processing. In lieu of the breakdown of data collected for your use of the STA Services, with respect to the Add On Services the below table shall describe the breakdown of data with respect to Evaluator’s use of the Add On Services.
|
Data type | Purpose | Data retention period* |
|---|---|---|---|
1 |
UserName/UserID (required) |
To uniquely identify users within an account and to process authentication requests |
Up to 8 days in backup for disaster recovery |
2 |
UserName/UserID (required) |
To identify the user and to evaluate risk factors inherent to the access request through the service from ThreatMetrix. |
Up to 6 months in the ThreatMetrix databases in encrypted form with encryption key strictly accessible to Thales. Up to 25 months in the ThreatMetrix databases in hashed anonymized form. |
3 |
Aliases(optional) |
Alternate name to identify users within an account |
Up to 8 days in backup for disaster recovery |
4 |
First Name and Last Name (recommended) |
Display names of the users for Operator use and to personalize provisioning requests and other notifications to users |
Up to 8 days in backup for disaster recovery |
5 |
Email Address (where required) |
Email address of the user for sending provisioning request, responding to authentication request, used in mailing list for communication/notification and also used as an alternative name to identify user within an account |
Up to 8 days in backup for disaster recovery |
6 |
Email Address (where required) |
To contribute to the users identity information and to evaluate risk factors inherent to the access request through the service from ThreatMetrix. |
Up to 6 months in the ThreatMetrix databases in encrypted form with encryption key strictly accessible to Thales. Up to 25 months in the ThreatMetrix databases in hashed anonymized form. |
7 |
Phone Number (where required) |
Used as an alternate ID of the users and also to respond to authentication request |
Up to 8 days in backup for disaster recovery |
8 |
User Principal Name (optional) |
Alternate name to identify users within an account |
Up to 8 days in backup for disaster recovery |
9 |
Active Directory Password(optional) |
Synced hash of password is stored and used for offline authentication |
Up to 8 days in backup for disaster recovery |
10 |
Device attributes or profiling extracted through the user’s browser |
To identify the device through a form of browser fingerprint, and in this way contribute to the evaluation of risk factors inherent to the access request through the service from ThreatMetrix. |
The attributes are retained for a period of up to 24 hours in the ThreatMetrix databases. |
11 |
IP address of the connecting user’s device |
To contribute to the users identity information and to evaluate risk factors inherent to the access request through the service from ThreatMetrix. |
Up to 25 months in the ThreatMetrix databases. |
12 |
Relationship between anonymized userid references, device profiles (browser fingerprints), and IP addresses |
To contribute to the users identity information and to evaluate risk factors inherent to the access request through the service from ThreatMetrix. |
Up to 25 months in the ThreatMetrix databases. |
You hereby provide us general authorization to engage other processors for the processing of personal data in accordance with the DPA. For the use of Add On Services, in addition to the sub-processors and/or hosting entities used to provide the STA Service, Thales shall also engage ThreatMetrix, Inc., a LexisNexis Risk Solutions company, which shall utilize sub processors and data centers as provided for at the following link: https://risk.lexisnexis.com/group/dpa#sub-processors. For the purpose of the Add On Services, the data centers to be utilized shall be in the Netherlands and Iceland.
9. Disclaimers
Thales does not guarantee that the Add On Services will be commercially released, or that if released, the final commercial version of the Add On Services will be similar to the test version provided hereunder.
Thales disclaims any warranty that functions contained in the Add On Services or the results of use will meet
Evaluator’s requirements, that operation of the Add On Services will be uninterrupted or error free, or that any defects in the Add On Services will be correctable. THE ADD ON SERVICES ARE PROVIDED TO EVALUATOR “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE SUITABILITY, QUALITY AND PERFORMANCE OF THE ADD ON SERVICES IS WITH EVALUATOR AND NOT WITH THALES OR ITS SUPPLIERS.
EVALUATOR UNDERSTANDS THAT THE ADD ON SERVICES LICENSED UNDER THIS AGREEMENT ARE BETA ADD ON SERVICES AND MAY NOT FUNCTION AS EXPECTED OR WORK WITH THEIR SYSTEMS OR OTHER SOFTWARE. BETA ADD ON SERVICES MAY CONTAIN EXPERIMENTAL FEATURES WHICH MAY OR MAY NOT BE IN A FINAL PRODUCT. THALES MAKES NO GUARANTEE THAT A BETA PRODUCT WILL REFLECT THE FINAL VERSION.
10. Limited Remedy
Thales shall have no liability whatsoever to Evaluator in connection with this Agreement, including without limitation, liability for any problems in or caused by the Add On Services or the related documentation, whether direct, indirect, special or consequential (including lost profits), even if Thales has been advised of or otherwise has reason to know of the possibility of such damages. Further liability for such damage will be excluded. Evaluator shall be liable to Thales for any losses, costs or damages arising from damage to the Product that occurs while the Product is in Evaluator’s possession.
11. Assignment
Evaluator may not assign, sub-license or otherwise transfer this Agreement or any rights or obligations granted hereunder. Amalgamation or merger of the Evaluator with any corporate or other legal entity shall be considered as assignment. Thales may assign this Agreement and the rights and obligations hereunder at its discretion.
12. Terms and Termination
This Agreement is effective from the date the Add On Services are made available to Evaluator and shall remain in force until Thales’ provides notice of the end of the Add On Services beta test period, or one hundred eighty days (180), whichever comes first.
Upon termination of the Evaluation Period and of the Evaluation Right to Use granted hereunder, Evaluator shall cease any further use of the Add On Services. This Agreement is executed at no cost providing that all terms and conditions of the Agreement are fulfilled.
All provisions which by their nature must, but specifically provisions governing license, restrictions, confidentiality and ownership shall survive any expiry or termination hereof. Thales reserves the right to take any legal action necessary to recover any damages incurred by Thales resulting from breach of this
Agreement.
13. Governing Law and Dispute Resolution
This Agreement will be subject of the exclusive jurisdiction of the courts of and governed by and construed in accordance with the laws of the state of Texas, with that as set out in your STA Agreement. .
14. Anti-Corruption/Influence Peddling
Evaluator shall always act in accordance with the national and foreign laws and regulations applicable to the prevention of risks of corruption and influence peddling and in particular French law n° 2016-1691 of 9 December 2016 relating to transparency fight against corruption and modernization of the economy ("Sapin II Law"). Whether directly or through third parties, Evaluator shall not offer or promise any gift or advantage to a person, for himself or for others, with the purpose that this person abuses or because this person would have made illegitimate use of its real or supposed influence in order to obtain distinctions, jobs, contracts or any other favorable decision. Evaluator shall not solicit or accept for itself any offer, promise, gift or advantage of any kind, to make illegitimate use of its influence for the purpose of making or obtaining any favorable decision. Evaluator declares to have implemented a compliance program that meets the requirements of the Sapin II Law, insofar as Evaluator is subject to this requirement.
15. Compliance with Laws
Evaluator shall comply with all applicable laws and regulations including without limitation, laws and regulations aiming to protect human rights, fight against corruption, money laundering, terrorism, as well as laws and regulations related to antitrust, data protection, trade compliance, health, workplace safety, and environment.
16. Miscellaneous
16.1 No other rights. Except as expressly provided herein, no license, rights, or title in any intellectual property are provided hereunder, either expressly or in implication, estoppel, or otherwise.
16.2 Headings. The section headings of this agreement are for organizational purposes only and shall not be used in interpreting this Agreement. However, reference to a section includes reference to all subsections of that section.
16.3 Severability. In the event that any provision of this Agreement is found by a court of competent jurisdiction to be unenforceable, the remaining portions of this Agreement shall remain in full force and effect.
16.4 Waiver. The failure of either party to enforce any section of this Agreement shall not be construed as a waiver of such provisions or of the right of such party to enforce that, or any other, provision of this Agreement.
16.5 Complete Agreement. This Agreement, along with Schedule 1, represents the sole and exclusive Agreement between the parties; it supersedes and cancels any former written or oral agreement or arrangement between the parties in respect to the subject matter hereof. Neither party will be bound by any condition, definition, guarantee, or representation other than those set forth or mentioned in this Agreement.
16.6 Amendments. No modification, amendment, or waiver of any provision of this Agreement shall be binding on either party unless specifically agreed upon in a written amendment signed by both parties.
16.7 Non-exclusive Remedies. No remedy conferred by this Agreement is intended to be exclusive of any remedy, except as expressly provided, and each and every remedy shall be cumulative and in addition to every other remedy given under this Agreement or now or in the future existing in law or in equity or by statute or otherwise.
