Symbol Security Terms and Conditions

Updated on:

GENERAL:Symbol will provide to Subscriber access to the Symbol Security SaaS Platform, which shall include its Software and/or certain monitoring services as part of the Symbol Security SaaS Platform offerings as referred to in the Symbol Sales Quote.  The parties acknowledge that these Services, as more fully defined below, include software applications and may include third party data licensed from third party data, all of which are governed by the terms of this Agreement. Symbol's performance in connection with any Services provided in accordance with this Agreement is conditional upon Subscriber fulfillment of Subscriber’s obligations as set forth in herein.


ARTICLE I. SOFTWARE AS A SERVICE (“SaaS”) END USER LICENSE AGREEMENT

DEFINITIONS: The terms referenced in this Agreement have the following meaning:

  1. a)     “License” shall mean the license to use the Software granted to Subscriber in Section 2.3 hereof.
  2. b)     “Symbol Security Services” (“Security Services”) are certain specified services that are provided by Symbol Security SaaS Platform and made commercially available by Symbol pursuant to the terms of this Agreement.
  3. c)     “Symbol Security SaaS Platform” (“Symbol Platform) refers to the either or both of hardware and software, owned, licensed, subscribed to, or managed by Symbol and to which Symbol grants the Subscriber and Subscriber's users access to that portion of the Symbol Platform providing the Security Services (comprising in part “Services” as defined herein) as set forth in the Symbol Sales Quote. 
  4. d)      “Symbol Sales Quote” is the pricing plan or statement of work from Symbol for the sale of specified products and services pursuant to this Agreement, and as agreed to and accepted by Subscriber's electronic signature through the Symbol website, or by hard copy bearing an inked signature, evidencing Subscriber's execution thereof.
  5. e)     “Symbol Security Service Description” is the formal Symbol commercial service offering defining the scope and coverage of the Services, referenced in the Symbol Sales Quote and incorporated hereto and attached to this Agreement as Attachment B.
  6. f)      “Service” or “Services” means, in whole or in part, and individually or collectively the Security Services, the Symbol Platform, the Software, and any other professional services in the Symbol Software Service Description referenced in the Symbol Sales Quote.
  7. g)     “Software” refers to the application software developed and/or distributed by Symbol, as referenced by or in the Symbol Sales Quote, and as described in the Symbol Software Service Description. 
  8. h)     “Subscriber” means the Customer named in the Symbol Sales Quote and/or associated Customer Purchase Order.
  9. i)       “Subscriber Data” means any data, content, code, video, images or other materials of any type that Subscriber or Subscriber's Sub-Customer(s) uploads, submits or otherwise transmits to or through Services; (ii) reports and documents generated by Symbol or the Service from such data, metadata, content, code, video, images or other materials submitted by or on behalf of Subscriber.
  10. j)       “Users” means those employees, contractors, and other end users, as applicable, authorized by the Subscriber to use the Services in accordance with this Agreement. For Services that are specifically designed to allow the Subscriber's customers, suppliers or other third parties to access the Services to interact with the Subscriber, such third parties will be considered “Users” subject to the terms of this Agreement. 
  11. k)      “Third Party Data” means data obtained by Symbol  from public sources or sources  under license by  third party vendors, user submissions, and other commercially available data sources for use with the Service, such as reported phishing incidents or internet domain name purchases.
  12. l) “Sub-Customer” means any business entity that is Subscriber’s customer to whom Subscriber is providing services and will utilize Symbol Platform to deliver some or all of these services.
  13. m) “Result Content” means any search results displayed or returned by the Software in response to MSP or Customer's search queries which may contain information referring to or describing content collected from third-party Internet sources, including information located in the surface web, deep web or dark web.

1.1) SaaS End User License Acceptance The Software provides the functionality as specified in the printed Symbol Software Service Description and product documentation, and Attachment B. The Software, including any pre-existing data, are proprietary and the property of Symbol and its suppliers and Symbol retains any and all rights, title and interest in and to the Software, including in all copies, improvements, enhancements, modifications and derivative works of the Software. Ant licensee or sublicensee, by its use of the software accepts and agrees to be bound by the terms of this agreement.

BY SELECTING THE “ACCEPT” OPTION PRIOR TO LOGGING INTO THE SOFTWARE, ANY LICENSEE, SUBLICENSEE OR USER HEREBY ACKNOWLEDGES AND AGREES TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF THE LICENSEE, SUBLICENSEE OR USE DOES NOT AGREE TO BE BOUND BY ALL THE TERMS OF THIS AGREEMENT, ACCESS TO AND USE OF THE SOFTWARE WILL NOT BE PERMITTED OR AUTHORIZED BY SYMBOL.

1.2) Third Party Data. The Software may utilize confidential and proprietary Third Party Data in processing Subscriber Data and generating various reports and reporting data. Such Third Party Data may not be accurate, complete, or up-to-date and is subject to ongoing and continual change without notice. Neither Symbol nor its Third Party Data sources make any representations or warranties regarding the accuracy, completeness, or currency of such data and assume no responsibility, for the accuracy, completeness, or currency of the Third Party Data, or any decisions Subscriber makes, based in whole or part on such Third Party Data. Third Party Data is not a substitute for Subscriber's own judgment, professional advice, or for the need to seek additional input and research prior to making any decisions based on such data, and accordingly THIRD PARTY DATA ALONE SHOULD NOT BE USED TO MAKE DECISIONS. Moreover, Subscriber acknowledges that the Third Party Data will not be used: i) in determining personal, family or household eligibility for obtaining credit or insurance; ii) nor shall it be used for employment purposes (but may be used when evaluating an individual as an independent consultant vendor); nor iii) for any other purpose governed by the Fair Credit Reporting Act. Subscribers will abide by all applicable laws as a condition for continued use of their Third Party Data. Symbol will use reasonable commercial efforts to: (i) help ensure the accuracy and appropriateness of the Third Party Data before it is selected for use with the Service; (ii) to promptly remove Third Party Data from the Service that is identified as such and in connection with which Symbol has been given reasonable notice; and (iii) promptly advise Subscriber of known or suspected problems and/or concerns with Third Party Data.

Surface web, deep web or dark web queries utilize Third Party Data that may contain sensitive, explicit, and sometimes illegal content. Included in this may be secret, non-public, or otherwise sensitive information that is not intended to be published or accessible by Customer, or other third parties and may be illegal for Customer to access or possess. Except as otherwise expressly provided in this Agreement, all Result Content is provided without warranty of any kind, express or implied, and the Company is not responsible for any Result Content or liability resulting from Customer's access or possession thereof.

1.3 Software License Grant. Subject to the terms and conditions of this Agreement, Symbol grants to Subscriber a limited, conditional, non-exclusive, non-transferable license to use the Software both in Subscriber's internal business operations, as well as Users associated with any named Sub-Customer listed in Attachment A, during the term of this license (“License”). During such license term, and where such license is neither revoked or otherwise terminates, Subscriber and Subscriber's authorized Users may: (i) use the Software within the Symbol Security Services Environment; and (ii) produce reports for their internal use. It is expressly understood and acknowledged by the parties hereto that no third party may rely in any manner on the reports, results, recommendation work product provided by or generated through the Service, and that all data is provided for informational purposes only for use by the Subscriber. Subscriber's rights to use the Services shall be limited to those expressly granted in this Agreement. All rights not expressly granted to Subscriber are retained by Symbol. The Services are protected by copyright laws, trade secret, as well as laws and any applicable regulations and/or treaties related to other forms of intellectual property. Symbol owns, or has the necessary rights in, all intellectual property rights in the Services necessary to provide the Services to Subscriber, and for Subscriber to access and utilize, the Services on the terms provided herein. Subscriber is granted only limited, conditional, non-exclusive, and non-transferable rights hereunder to use the Service and related user documentation during the term of the License as specified in the Symbol Sales Quote, and thereafter, to use the reports and documents generated during the term of the License for Subscriber's internal, historical or compliance purposes. Use of the Services or related user documentation is provided on an “AS IS” without warranty merchantability or fitness for a particular purpose, or warranty of any other kind, express or implied, at law or in equity. The parties hereto agree that any reports and documents will be treated as Confidential Information, in accordance with Section 2.6, notwithstanding the termination or expiration of this Agreement.

Subscriber grants Symbol the right to use, process, collect, copy, store, transmit, modify and create derivative works of Subscriber Data only to the extent necessary to provide, improve, upgrade or modify the applicable Service to Subscriber in accordance with and during the term of this Agreement, but such right shall also include any additional post-termination period during which Symbol provides the Customer with access to retrieve an export file of Subscriber's content, provided, however, that the time for such access to retrieve shall not exceed 60 days. The license granted to Subscriber by this Agreement shall be limited to the number of user ID's, or capacity (i.e., number of vendors etc.) provided for pursuant to the associated Symbol Sales Quote, and shall only be valid during the License term as set forth in the Symbol Sales Quote. Symbol shall make only such copies of the Subscriber Data as may be necessary to perform its obligations under this Agreement or as otherwise part of its regular internal backup, disaster recovery or business continuity practices. Concurrently with the term of this Agreement, Subscriber shall have taken and will on an ongoing basis continue taking reasonable steps to secure its information infrastructure, including restricting access (i) to user IDs and passwords, and (ii) access to the Software to those of its employees who are authorized by Subscriber to use the Software. Subscriber remains solely and exclusively responsible for any and all actions taken by Subscriber or its employees using Subscriber accounts and passwords. Subscriber agrees to immediately notify Symbol of any unauthorized use of the Software to which Subscriber becomes aware, or reasonably suspect.

Subscriber agrees not to use or permit any use of the Services, including uploading, emailing, posting, publishing or otherwise transmitting any Subscriber Data, any information submitted by Customer through the Software including surface web, deep web, or dark web query results, or any Services-generated work product or report, or third party content (collectively, “Material”), for any purpose that may (a) menace or harass any person or cause damage or injury to any person or property, (b) involve the publication of any material that it knows to be false, defamatory, harassing or obscene, (c) violate privacy rights or promote bigotry, racism, hatred or harm, (d) constitute unsolicited bulk e-mail, “junk mail”, “spam” or chain letters; (e) constitute an infringement of intellectual property or other proprietary rights, (f) frame, scrape, link or mirror any content forming a part of the Service, other than Subscriber’s own intranets or otherwise for its own internal use; (g) knowingly upload to the Services or use the Services to send or store viruses, worms, time-bombs, Trojan horses or other harmful or malicious code or (h) otherwise violate applicable laws, ordinances or regulations. Subscriber expressly agrees that it will not utilize content that would constitute a crime or expose Subscriber or Symbol to criminal or civil liability, and Symbol reserves the right to immediately terminate this Agreement and Subscriber's access to and use of the Services in the event such content is used by Subscriber. Subscriber shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness and ownership of all of Subscriber Data. Symbol reserves the right, but has no obligation, to take remedial action if any of Subscriber’s Material violates the foregoing restrictions, including removing or disabling access to such Material and terminating Subscriber’s license. Subscriber expressly acknowledges and agrees that Symbol shall have no liability to the Subscriber, Subscriber’s Sub-Customers, or any of Subscriber’s clients in the event that Symbol takes such action or actions. 

1.4) Restrictions on Transfer, Use, Alteration and Copying Subscriber may not, without Symbol’s prior written consent, conduct, cause or permit the: (i) use, copying, modification, rental, lease, sublease, sublicense, or transfer of the Services except as expressly provided in this Agreement; (ii) creation of any derivative works based on the Service or its accompanying documentation, including but not limited to translations, (iii) alteration of any program files or libraries in any portion of the Service, or reproduction of the database portion or creation of any tables or reports relating to the database structure; (iv) reverse engineering, disassembly, or decompiling of the Service; (v) use of the Service in connection with service bureau, facility management, timeshare, service Symbol or like activity whereby Subscriber operates or uses the Service for the benefit of a third party;  (vi) use of the Service, including any data, information or reports generated by the Service, by any party other than Subscriber and its subcontractors and agents acting on Subscriber’s behalf and subject to the terms of this Agreement; or (vii) falsely imply any sponsorship or association with Symbol. Any violation of this section shall result in immediate termination of this Agreement, which termination shall be in addition to any other remedies at law or in equity available to Symbol. Except for the purposes of training, translation, Subscriber’s internal backup, operational support or internal distribution, Subscriber may not copy or allow others to copy any part of the user documentation or other printed material provided with the Service without Symbol’s written consent.

1.5) Security. Symbol implements reasonable security measures to help protect Subscriber Data from cyberattack. However, subject to Symbol’s taking reasonable measures to secure Subscriber data for transport, Subscriber understands that use of the Services necessarily involves transmission of Subscriber Data over networks that are not owned, operated or controlled by Symbol, and Symbol shall not responsible for any of Subscriber Data lost, altered, intercepted or stored across such networks. Notwithstanding the foregoing, Symbol acknowledges and confirms that it has in place and will maintain throughout the term of this Agreement appropriate technical and organizational measures to help secure against the accidental, unauthorized or unlawful processing, destruction, loss, damage or disclosure of Subscriber Data and adequate security programs and procedures to ensure that unauthorized persons or parties do not have access to Subscriber Data or any equipment used to process such information or data.

1.6) Indemnity for Subscriber Data. Subscriber shall bear sole responsibility for any information uploaded or supplied by Subscriber, including any Sub-Customer, in connection with use of the Service, including but not limited to ensuring that the use of the Service to store, process and transmit Subscriber Data is compliant with all applicable laws and regulations. IN NO EVENT SHALL SYMBOL BEAR ANY LIABILITY FOR THE USE OR LOSS OF ANY INFORMATION UPLOADED OR SUPPLIED BY SUBSCRIBER IN CONNECTION WITH USE OF THE SERVICE. SUBSCRIBER FURTHER AGREES TO HOLD SYMBOL HARMLESS AND INDEMNIFY SYMBOL IN CONNECTION WITH ANY AND ALL LIABILITY ARISING FROM  SUBSCRIBER'S EMPLOYEES' ACCESS TO, USE OF, EXCHANGE OF, OR FAILURE TO EXCHANGE INFORMATION WITH, THE PLATFORM OR SERVICES, Subscriber will defend, indemnify and hold harmless Symbol from and against any loss, cost, liability or damage, including attorneys’ fees, for which Symbol becomes liable arising from or relating to any claim relating to Subscriber's, including any Sub-Customer's, inappropriate use of Subscriber Data in violation of this Agreement, including but not limited to any claim brought by a third party alleging that Subscriber Data, or Subscriber's use of the Services in breach of this Agreement, infringes or misappropriates the intellectual property rights of a third party or violates applicable law. Symbol shall not be responsible or liable any negligent or unintentional deletion, alteration, destruction, damage, loss or failure to store any Subscriber Data. It is expressly acknowledged and agreed that damages for any liability in connection with this Agreement shall be limited to the total of Subscriber fees, limited to one year's prior fees and as further set forth herein.

1.7) Legal Compliance. Subscriber agrees and warrants that Subscriber's use of Services and all Subscriber Data, including any information submitted by Customer through the Software including surface web, deep web, or dark web query results, is at all times compliant with applicable local, state, federal and international laws and regulations (“Laws”). Subscriber represents and warrants that: (i) Subscriber has obtained all necessary rights, releases and permissions to provide all Subscriber Data to Symbol and to grant the rights granted to Symbol in this Agreement and (ii) Subscriber Data and its transfer to and use by Symbol as authorized by Subscriber under this Agreement do not violate any Laws (including without limitation those relating to export control and electronic communications) or rights of any third party, including without limitation any intellectual property rights, rights of privacy, or rights of publicity, and any use, collection and disclosure authorized herein is not inconsistent with the terms of any applicable privacy policies. Other than its security and confidentiality related obligations set forth in this Agreement or in the Symbol Privacy Policy https://symbolsecurity.com/privacy-policy , Symbol assumes no responsibility or liability for Subscriber Data, and Subscriber shall be solely responsible in connection with Subscriber’s and User’s use, disclosure, storage, or transmission of Subscriber Data.

1.8) Term of Service Period. Services provided under this Agreement shall be provided for the period defined in the Symbol Sales Quote, unless earlier suspended or terminated in accordance, as applicable, with this Agreement, the Symbol Sales Quote or Online Pricing Guide.

1.9) Limited Warranty. THIS SECTION SETS FORTH SUBSCRIBER’S SOLE AND EXCLUSIVE REMEDY FOR UNCORRECTED SERVICE FAILURE: Symbol represents and warrants to Subscriber that the Services will function and perform in substantial compliance with the printed product information attached hereto as Attachment B. Symbol makes no warranty that the Software will meet Subscriber’s requirements or operate under Subscriber’s information infrastructure or in conformance with Subscriber’s specific conditions of use.

          SERVICE FAILURE: Except as otherwise expressly provided herein, In the event of a material malfunction resulting in the failure of the Services to operate in a manner not conforming to the Product documentation (“Service Failure”), Subscriber shall promptly notify Symbol in writing of such Service Failure and Symbol will use reasonable efforts to correct the Service Failure to bring it into compliance with the provisions of the Service Level Agreement set forth in Attachment A.

          If any Service Failure reported to Symbol by Subscriber remains uncorrected within thirty (30) days of Subscriber’s written notice to Symbol, Subscriber’s remedy is as follows: Subscriber may terminate this Agreement and shall not be liable for any unpaid balance from the date such notice has been given to Symbol.

          PRE-PAID SERVICES: In the event of a Service Failure in connection with which Subscriber has pre-paid and provided written notice to terminate, Subscriber shall receive a refund based on the period of time following written notice on a pro-rata basis.

ALL LIMITED WARRANTIES ON THE SERVICE ARE GRANTED ONLY TO SUBSCRIBER AND ARE NON-TRANSFERABLE. ANY SUCH TRANSFER SHALL BE VOIDABLE AND IS VOID. THIS REMEDY REPRESENTS SYMBOL’S EXCLUSIVE DUTY AND SUBSCRIBER’S SOLE REMEDY EVEN IN THE EVENT THAT THE REMEDY SHOULD FAIL IN ITS ESSENTIAL PURPOSE. SYMBOL MAKES NO WARRANTY THAT OPERATION OF THE SERVICE WILL BE SECURE, ERROR FREE, OR FREE FROM INTERRUPTION.

EXCEPT AS EXPLICITLY PROVIDED IN THIS AGREEMENT OR OTHERWISE AGREED TO IN WRITING BY SYMBOL, THE SERVICES ARE PROVIDED TO SUBSCRIBER “AS IS” AND “AS AVAILABLE.” SYMBOL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN FACT OR IN LAW, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SUBSCRIBER MUST DETERMINE WHETHER THE SERVICE SUFFICIENTLY MEETS SUBSCRIBER’S REQUIREMENTS FOR SECURITY AND AVAILABILITY. EXCEPT AS OTHERWISE EXPRESSLY PROVIDED HEREIN, SUBSCRIBER BEARS SOLE RESPONSIBILITY AND ALL LIABILITY FOR ANY LOSS INCURRED BY SUBSCRIBER, INCLUDING ANY LOSS INCURRED BY SUBSCRIBER’S EMPLOYEES, RESULTING FROM ANY SERVICE FAILURES.  SYMBOL WILL UNDER NO CIRCUMSTANCE BE RESPONSIBLE OR LIABLE FOR THE LOSS OF SUBSCRIBER OR USER DATA ON ANY SUBSCRIBER COMPUTER OR INFORMATION STORAGE DEVICE. IN ADDITION, SUBSCRIBER ACKNOWLEDGES AND AGREES THAT (A) THE SERVICE DOES NOT CONSTITUTE THE PROVISION OF LEGAL ADVICE OR SERVICER; (B) THE SERVICE IS NOT INTENDED TO COMPRISE OR IMPLY IN ANY WAY, SUBSCRIBER’S COMPLIANCE WITH ANY STATUTE, RULE, REGULATION OR STANDARD; AND (C) SUBSCRIBER IS AND REMAINS SOLELY RESPONSIBLE FOR ITS COMPLIANCE WITH APPLICABLE LAWS RULES AND REGULATIONS.

1.10) Indemnification for Claims Related to Intellectual Property.  Symbol, in its sole and exclusive discretion, shall, at its expense, indemnify and hold harmless Subscriber, e, against any claims, demands, suits or proceedings (“Claims”) made or brought against Subscriber by a third party alleging that the use of the Service as contemplated hereunder, and excluding Claims based upon Data provided by Subscriber that infringe a patent, copyright, trademark, or other intellectual property right of a third party or misappropriates such third party’s trade secrets, or any other Claim based upon generally available public data.  Upon Subscriber’s receiving notice of a Claim, Subscriber shall (a) give Symbol prompt written notice of the Claim; (b) give Symbol sole control of the defense and settlement of the Claim (provided that Symbol may not settle or defend any claim unless it unconditionally releases Subscriber of all liability and does not attribute any blame or contributory fault to Subscriber); and (c) provide to Symbol, at Symbol’s cost, all reasonable assistance in the defense or settlement of such Claim. This Section 1.10 comprises Symbol’s limit of liability and Subscriber’s exclusive remedy for any claim of intellectual property infringement against Subscriber and arising out of Subscriber’s use of the Services.

1.11) License by Subscriber to Use Feedback. Subscriber grants Symbol an unconditional, worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into the Services any suggestion, enhancement request, recommendation, correction or other feedback provided by Subscriber or Users relating to the Services, provided that such use and incorporation shall be made on an anonymized basis and without identification or attribution to Subscriber or User. Subscriber hereby acknowledges that is has obtained consent from Subscriber’s Users in connection with such use and incorporation.


II GENERAL TERMS AND CONDITIONS

2.1) Fees, Invoices and Payment. Subscriber shall be invoiced and pay Symbol monthly the fees due for the Services as stated in the Symbol Sales Quote or the Online Pricing Guide (the “Fees”). The Fees include all charges associated with the Services plan selected, any overage fees resulting from additional Users beyond the quantity in the plan, and any additional or incidental charges.   Subscriber shall pay all invoices within 30 days of receipt of the invoice; thereafter unpaid balances which are not the basis of a good faith dispute shall accrue interest at a rate of 1.5% per month. Any Subscriber prepayment or any credits earned must be used within 15 months of the date purchased, earned or awarded or they will expire without notice.    If Subscriber fails to pay all invoices or charges for referencing these Terms within thirty (30) business days of Symbol’s notice to Subscriber that payment is past due or delinquent in addition to Symbol’s other remedies, Symbol may suspend or terminate access to and use of the Service by Subscriber and/or Subscriber’s Users. 

2.2) Service Upgrades and Downgrades. If Subscriber chooses to upgrade a Service plan or increase the number of Users at any time during a pre-paid Subscription Term (a “Subscription Upgrade”), a prorated incremental Subscription Charge associated with such Subscription Upgrade during Subscriber’s  then current Subscription Term will be due and payable on the date such Subscription Upgrade is invoiced. If Subscriber chooses to downgrade a Service or decrease the number of Users during a current, pre-paid Subscription Term (a “Subscription Downgrade”),  Subscriber shall receive a pro-rated incremental credit for such for Subscription beginning with the next Subscription Term provided there are no termination or other penalties associated with the downgrade as set forth in this Agreement or in any related Agreement.   

2.3) Equitable Relief. Subscriber acknowledges that any use or disclosure of the Software or Third party Data or Subscriber Data in a manner inconsistent with the terms of this Agreement, or breach of confidentiality may cause Symbol irreparable damage for which other remedies may be inadequate, and Subscriber agrees not to oppose any request to a court of competent jurisdiction by Symbol, with respect to the Subscriber Data, for injunctive or other equitable relief seeking to restrain such use or disclosure. Subscriber waives any right it may have to require Symbol post a bond or other form of security as a precondition to any such injunctive relief. 

2.4) Severability. If any provision of this Agreement shall be held to be invalid or unenforceable, the remainder of this Agreement shall remain in full force and effect. To the extent any express or implied restrictions are not permitted by applicable laws, these express or implied restrictions shall remain in force and effect to the maximum extent permitted by such applicable laws.

2.5) Confidential Information.  “Confidential Information” means any information one party discloses to the other under this Agreement which is identified as confidential or proprietary. Confidential Information does not include information which: is rightfully obtained by the recipient without breaching any confidentiality obligations; is or becomes known to the public through no act or omission of the recipient; the recipient develops independently without using Confidential Information; or is disclosed in response to a valid court or governmental order if the recipient notifies the disclosing party and assists in any objections. The recipient may use Confidential Information only for the purposes expressly permitted pursuant to this Agreement and shall treat it with the same degree of care as it does its own confidential information, but with no less than reasonable care. This section shall not affect any other confidential disclosure agreement between the parties.

2.6) Limitation of Liability.  Except for breach of Subscriber’s payment obligations or situations arising as a result of either party’s gross negligence or willful misconduct, or a breach of confidentiality or indemnity provisions granted hereunder, each party’s aggregate liability to the other for claims arising out of or relating to this Agreement, whether for breach or in tort, at law or in equity, is limited to the price charged to Subscriber for the Services for the license period of the Agreement.  

EXCEPT AS OTHER PROVIDED HEREIN, SYMBOL SHALL NOT BE HELD LIABLE FOR ANY INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT (INCLUDING, WITHOUT LIMITATION, LOSS OF BUSINESS, REVENUE, PROFITS, GOODWILL, USE, DATA OR OTHER ECONOMIC ADVANTAGE) HOWEVER THEY ARISE, WHETHER IN BREACH OF CONTRACT, BREACH OF WARRANTY, IN TORT, AT LAW OR IN EQUITY, INCLUDING NEGLIGENCE, AND EVEN SYMBOL HAS PREVIOUSLY BEEN ADVISED OF, OR COULD REASONABLY HAVE FORESEEN, THE POSSIBILITY OF SUCH DAMAGES. 

 2.7) Termination: Either party may terminate this Agreement if a breaching party fails to cure any breach of this Agreement within thirty (30) days of written notice from the non-breaching party specifying such breach.

2.7.1) OBLIGATIONS UPON TERMINATION. Upon termination of this Agreement, Subscriber shall discontinue use of the Service and Subscriber shall be responsible for deleting all Subscriber Data from its information infrastructure, including any backups should they exist.

2.7.2) SURVIVAL UPON TERMINATION.  The other rights and obligations of the parties pursuant to Paragraphs; 1.4, Restrictions on Transfer; 1.6, Indemnity for Subscriber Data; 1.7, Legal Compliance; 1.9, Limited Warranty; 1.10, Indemnification; 2.5, Confidential Information; 2.6, Limitation of Liability; 2.9, Hiring Personnel; 2.7, Termination and 2.8. Audit; of this Agreement shall survive and continue after any termination of this Agreement.

2.7.3) POST-TERMINATION TRANSITION SERVICES.  In the event of Termination of this Agreement or SOW, and provided that this Agreement or  SOW has not been terminated by Symbol due to Subscriber’s undisputed non-payment of any amount due Symbol, Symbol will provide Subscriber with assistance reasonably requested by Subscriber to effect the orderly transition of the Services, in whole or in part, to Subscriber (“Transition Services”) following the termination of this Agreement or a SOW, in whole or in part. The Transition Services shall be provided by Symbol as-available, on a time and materials basis and may include at Symbol’s then usual and customary hourly or project rates: (a) developing a plan for the orderly transition of the terminated Services from Symbol to Subscriber; (b) if required, transferring the Subscriber content; (c) using commercially reasonable efforts to assist Subscriber in acquiring any necessary rights to legally and physically access and use any third-party technologies and documentation then being used by Symbol in connection with the Services;  (d) using commercially reasonable efforts to make available to Subscriber, pursuant to mutually agreeable terms and conditions, any third-party services then being used by Symbol in connection with the Services; and (e) such other activities upon which the parties may agree to in writing. 

2.8) Audit.  Upon reasonable notice to Subscriber, and during normal business hours, Symbol will have the right to audit Subscriber to ensure compliance with the terms of this Agreement.  Symbol agrees to: (i) schedule each audit during business hours or at some other mutually agreeable time; (ii) be responsible for all time and materials costs of its own or third party auditors retained to conduct the audit; and (iii) abide by Subscriber’s reasonable security policies and practices.

2.9) Headings. Headings of sections in this Agreement are inserted for convenience only and are in no way intended to limit or define the scope and/or interpretation of this Agreement.

2.10) Waiver & Severability. Failure on the part of either party to give notice of default, or delay in exercising any right or remedy hereunder, shall not operate as a waiver of any such right or remedy except as otherwise expressly stated in this Agreement.  In the event that any provision of this Agreement is held invalid, illegal or unenforceable, the remaining provisions shall be enforced to the maximum extent permitted by applicable law.

2.11) Force Majeure.  Neither party will be liable for any delay in performance hereunder if such delay is due to causes beyond the reasonable control of such party.  In the event Symbol is the party unable to perform for more than 30 days, Subscriber shall have the right to terminate this Agreement and Symbol shall provide Subscriber with a pro-rata refund of fees paid upon any such termination. 

2.12)    Assignment. Except in the case of merger or sale of all or substantially all of a party’s assets, neither party may assign or otherwise transfer any of its rights, duties or obligations under this Agreement without the prior written consent of the other party.  Such consent may not be unreasonably withheld.

2.13)    Disputes, Arbitration and Class Action Waiver.  Any disputes arising out of this Agreement shall be determined pursuant to the laws of the State of New Jersey, without regard to its conflict of laws rules. The parties hereto agree to arbitrate any dispute arising out of or in connection with the performance of this Agreement before the American Arbitration Association (AAA), and pursuant to the AAA’s then effective rules and procedures. In any such dispute, the prevailing party will be entitled to reasonable attorney’s fees and costs in connection with any such proceeding. In connection with any claim at law or equity that may be brought arising out this Agreement, Subscriber waives any right to commence class action litigation in either a judicial or arbitration proceeding.

3.0) Entire Agreement.  This Agreement, together with its Attachments  constitutes the entire agreement between the Symbol and Subscribe relating to the Services, and supersedes all prior or contemporaneous oral or written communications, proposals, conditions, representations and warranties, and prevails over any conflicting or additional terms contained in any quote, purchase order, order document, acknowledgment, or other communication between the parties relating to the Services, even if Symbol uses such order documents for invoicing purposes.


SCHEDULE A: PRIVACY POLICY ADDENDUM

Symbol Security ('Symbol') understands that you care how information about you is collected and used. Symbol is committed to protecting the privacy of individuals who interact with us. This Symbol Privacy Policy ('Privacy Policy') describes the privacy practices for our website and services and details out privacy practices related to the provision of any Symbol Product or Evaluation Product. Symbol provides this Privacy Policy to inform you of our policies and procedures in connection with the collection, use and disclosure of personal information we receive through our web site symbolsecurity.com 'Site' and the marketing, sale, and provision of Symbol Products, including the Evaluation Product. Our Privacy Policy may be updated from time to time, and we will notify you of any material changes via email or by posting the new Privacy Policy on the site at https://symbolsecurity.com/privacy-policy.


INFORMATION COLLECTION AND USE.

Symbol allows users to access the site in order to utilize the services offered by us, i.e., to register, download, install and use the Product or the Evaluation Product.

Personally Identifiable Information Collection and Use.When you register with the Symbol, request additional information, or to purchase or access Symbol services, you will be required to provide personally identifiable information including name, email address, company, and other optional information the user or that user’s company administrator provides. For the purchase of services, billing, identification, and authentication, we may also require payment account information and billing address.

Non-Personally Identifiable Information.Like many standard web servers, the Site may collect log files. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track users’ movement in the aggregate, and gather broad demographic information for aggregate use. We may also use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We may use other types of cookies to enable certain Site features, to enhance Product or Evaluation Product functionality and to better understand how you interact with the site and to monitor aggregate usage and web traffic on the Site.

INFORMATION SHARING AND DISCLOSURE.

  1. Symbol Website Users.We will display your personally identifiable information on your account profile page and elsewhere on the site depending on your preferences and use. Except as agreed by you, or as required by law, we will not share your information with third parties; we will strictly follow the sharing and disclosure policy as defined here in Section 2.
  2. Service Providers, Business Providers, and Others.Symbol may employ third-party companies and individuals to facilitate the provision of our Products, including Evaluation Product, and related services, to provide the service on our behalf, to perform Site-related services (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Site’s features), or to assist us in analyzing how our Site and services are used. These third-parties have access to your personally identifiable information only for the purposes of performing these tasks on our behalf.
  3. Compliance with Laws and Law Enforcement.Symbol may preserve and has the right to disclose any information about you or your use of our site without your prior permission if we have a good faith belief that such action is necessary to protect and defend the rights, property, or safety of Symbol or its employees, affiliates, other users of the site, or the public. We may also disclose information we deem necessary to satisfy any applicable law, regulation, legal process, court order, subpoena, or a law enforcement agency or other governmental request.
  4. Business Transfers.Symbol may sell, transfer, or otherwise share some or all of its assets, including your personal identifiable information, in connection with a merger, acquisition, reorganization or sale of assets, or in the event of bankruptcy.
  5. Affiliated Businesses.Symbol may sell, transfer, or otherwise share some or all of its assets, including your personal identifiable information, in connection with a merger, acquisition, reorganization or sale of assets, or in the event of bankruptcy.


CHOICE / OPT-OUT.

Symbol may send newsletters or other promotional communications containing information such as educational information, announcements, and notifications of new services. If you wish not to receive these newsletters and promotional communications or wish to not continue to receipt such newsletters and promotional communications, you may opt-out of receiving them by following the instructions included in each newsletter or communication.

In compliance with the Children’s Online Privacy Protection Act (COPPA), Symbol does not knowingly collect personally identifiable information from anyone we know to be under 13 years of age.


SECURITY.

We use commercially reasonable technological, physical, and other measures to keep your information protected from unauthorized access. No method of data transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.


LINKS TO OTHER SITES.

This Site may contain links to other sites. You hereby acknowledge and agree that Symbol is not responsible for the privacy practices of such other sites to which our Site may link. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every site that collects personally identifiable information. This privacy statement applies solely to information collected by this Site and not to any other site to which Symbol may link.


CHANGING, UPDATING YOUR INFORMATION.

You may review, update, correct, or delete the personally identifiable information provided to us by accessing your account profile and changing your information. Your account is protected by a password to help protect r your privacy and security. If you access your account via a third-party site or service, you may have additional or different sign-on protections via that third-party site or service. Symbol is not responsible for providing sign-on protections in connection with any third-party site. You must prevent unauthorized access to your account and personally identifiable information by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.


CONTACT INFORMATION.

If you have any questions about our Privacy Policy, please contact us at: support@symbolsecurity.com


SCHEDULE B:   SYMBOL SECURITY SERVICE DESCRIPTION

SPSS: Symbol Phishing Simulation Suite ('SPSS') is a Software as a Service (SaaS) offering that enables organizations to group and categorize its users, and test those users against a number of different simulated phishing email campaigns with the end goal being improved recognition by the users of suspected phishing emails. Organizations using Symbol SPSS to assess various points of data regarding security risks can opt to configure SPSS to help identify areas of weakness in either corporate wide, departmental, or individual employee behavior based on responses to certain phishing email campaigns.  Symbol SPSS performance may need administrators to adjust settings on their own systems (such as email security systems or email servers/services) so that the SPSS can successfully deliver emails to the users’ email inboxes.  Whitelisting instructions are contained at the following address: https://symbolsecurity.freshdesk.com/support/solutions/articles/66000498551-whitelisting-symbol-security-ips Additionally, administrators can contact support@symbolsecurity.com for other questions related to email performance and any third party settings.


SPSS Billing and Usage

Each SPSS license shall allow for the management and reporting for one (1) instance of use, with charges occurring for month based on the maximum number of Users on any given day of the month (unless a higher number of users had been committed for a fixed term).  A User is any email address loaded into the ‘Users’ section of the application within the Company’s instance.  Users are billed based on access to the SPSS platform and not based on usage of the SPSS services.


SPSS Features and General Overview:

Dashboard:  All Administrators will be granted access within the SPSS to a central dashboard that provides summarized information including Total Emails Sent, Phish Data Entered, Financial Risk, and time periods like Current Month, Last Month, Last Year, etc. 

Cyber Risk: Symbol Security uses proprietary data to assign a potential Cyber Risk Score based on a company’s current performance against the phishing simulation testing and other factors.  This Cyber Risk Score is presented in the main administrative dashboard.  The Cyber Risk Score presented is not a guarantee of accuracy of actual cyber risk and should be used as an internal measurement tool to quantify effectiveness of continued phishing simulation testing thru reduction of risk.

Phishing Campaigns:  All Administrators will be granted access to a Phishing Campaign Engine within the Symbol portal that enables Administrators to select Phishing email templates from both public and private libraries and select employees to test against these email templates for campaign periods that are customized by the Administrator.  At any point during an active campaign, an Administrator can choose to end a campaign.  All campaigns, both Active and Finished, will be available for Administrators to review.

Email Templates: All Administrators will be granted access to a library of Phishing Email Templates. These templates can be selected for individual Phishing Campaigns.  The Email Templates are available either as ‘public’, meaning they are a part of the SPSS library available to all Subscribers for use, or they are ‘private’, meaning they are only available to the Subscriber and its Administrators.

Email Template Creation: If Administrators wish to create a customized Email Template, not currently in the SPSS library, they can request a custom template to be created.   If the request if for a Public Template (meaning the template would be available to all customers and partners), Symbol will complete on a best effort basis.  Please note, if a Private Template is requested, it is likely that the request completion may require a professional services engagement at which point a separate Statement of Work will be provided and will need to be agreed to by both parties.

Employees and Users: It is the Administrators responsibility to upload or enter all employee information for use by the SPSS tools.  Administrators will be able to manually enter employees, or they can choose a .csv upload feature is enabled to provide for an easier means of transferring employee information (such as name, title, email address and department).  The SPSS also provides an integration tool to enable Azure Active Directory access via O365 Integration.   Subscriber Administrators can categorize Employees by their current titles or put into Employees into custom groups that the Administrator creates.

Administrator Settings:   Within the company profile settings, an Administrator can select or add other Administrators.  The other Administrators are known as a Member Administrators.  Members have access to use the site as an Administrator, but do not have access to financial and credit information and cannot invite other Members or Administrators to join.  Administrators can also choose to invite Reporting Administrators.  Reporting Administrators can have view only access to the Reporting Sections of the SPSS application.

Phish Alert Button: Within the SPSS Services is a feature known as the Phish Alert Button.  The Phish Alert Button allows Customers to enable Users to have a Button installed in their email application (support is dependent upon the email application version).  When this button is enabled, it allows the User to notify the denoted security team of any potentially suspicious email.  If that email is a phishing simulation training email from Symbol, the User will immediately receive a note indicating such and the event will be recorded in the Dashboard.  If that email is NOT a phishing simulation training email from Symbol, the email will be routed to the designated security team for review. Instructions on how to download and install the Phish Alert Button can be found in the Documentation section of www.symbolsecurity.com or directly in the Symbol application    

Custom Phish Emails:   Customers may wish to create simulating phishing templates that are not currently available in the SPSS library.  To initiate a request for a Custom Phish Email, Customer can contact support@symbolsecurity.com.  Charges may apply for these requests and corresponding statement of works to define any deliverables associated with a chargeable engagement will be required and agreed to by both parties.

SymbolSecure:  In addition to Phishing Simulation and Phish Alert services provided under the SPSS offering, Symbol also provides video-based security awareness training services delivered through the SymbolSecure offering.  All billing attributes and timing noted in SPSS are also true in SymbolSecure.  SymbolSecure is priced to include SPSS.  SymbolSecure allows Administrators to assign training courses to its Users (via Users, Groups, and Categories much like assigning a phishing campaign).  When Users are assigned to a training course, they will be emailed and prompted for a login.  Users successful completion, or failure to complete the assigned training courses will be represented in the administrator dashboard.

Symbol Managed Program:  In addition to SPSS and SymbolSecure offerings, Symbol, for an additional monthly management fee, can provide a suite of Managed Services designed to remove much of the administration of security awareness training from the customer and employ Symbol Security staff to execute those administrative tasks.  Examples of these tasks include but are not limited to: 


Design of:

  1. Training launch plan
  2. Training communications
  3. Training schedule

Execution of:

  1. Phishing Simulations
  2. Training Communications
  3. Training and Video Assignments
  4. Completion Tracking and Reporting

Symbol Domain and Email Threat Alerting Service (Symbol DETAS):  Symbol Security monitors thousands of dark web, deep web and publicly available sources to provide notifications regarding the activity of corporate email addresses, and corporate domain names that may be of helpful in reducing the risks of phishing attacks, credential theft resulting in ransomware, spoofed landing pages and many other acts of cyber-crime.  Activity may include things like a provided email address being found on a known breached website, or a database of sold email and password data, or simply a domain name that exists, that looks like a spoofed version of the Customer’s domain name.


DETAS Email Threat Alerts:

  1. In providing email domains for monitoring, Subscriber validates that in each case their customer is the owner of the subject email domain(s)
  2. Service provides historical breach information for all email users for subject domain, in some cases up to 7 years of prior results
  3. Proactively reports any breached information found to Subscriber Administrators either via emailed report, or through Symbol application
  4. End Users are also alerted if their email is found in a data breach
  5. Monthly reports aggregate the Email Breach Notifications of all email users for subject domain for that month
  6. Users are provided a workflow from the notification they receive that enables them to indicate whether they have changed username/password combinations.
  7. Administrators are able to view and modify these username/password change acknowledgements on their administrator dashboard


DETAS Domain Threat Alerts:

  1. In providing email domains for monitoring, Subscriber shall validate that in each case they are the owner of the subject web domain(s).
  2. Provides awareness of a number of different activities and scenarios related to subject domain name, including:
    • Any change in registration properties (i.e., ownership change)
    • Newly registered domains that meet certain rogue variant criteria such as:
      • Transposition of letters/characters compared with original domain name
      •  Addition of letters/characters compared with original domain name
      • Insertion of letters/characters compared with original domain name
      • Omission of letter(s) compared with original domain name
      • Bitsquatting or use of Unicode characters replacing other characters from original domain name
    • Upon any discovery of the above events, Subscriber administrator will be notified, and activity will be captured in monthly reporting provided by Symbol, or included in Symbol application.


Cyber Threat Surveillance:

  1. Cyber Threat Surveillance allows MSPs and Customers to search the surface web, deep web and dark web. These searches will be conducted and presented on a daily frequency unless otherwise stipulated in the Agreement.  The content of these searches of the surface web, deep web, and dark web shall be referred to as the “Result Content”.
  2. Result Content may include secret, non-public or otherwise sensitive information that is not intended to be published or accessible by Customer, MSP or other third parties, and may be illegal for Customer, MSP or other third parties to access or possess.
  3. Except as otherwise expressly provided in this Agreement, all Result Content is provided without warranty of any kind, express or implied, and Symbol Security is not responsible for any Result Content or liability resulting from Customer’s access or possession thereof.
  4. The Result Content will be presented in the portal for view of Administrators only. Any action taken as a result of Cyber Threat Surveillance is solely the responsibility of the MSP and/or MSP’s Customer.   Symbol is not responsible, and not liable for any action taken as a result of any data found in Symbol’s Cyber Threat Surveillance service.
  5. For each report, Cyber Threat Surveillance will return findings from the surface web, deep web, and dark web. The findings will alert administrators of new material to review.
  6. These findings will come with associated ‘Negativity’ Ratings for use in prioritization.
  7. Additionally, administrators may categorize findings to remove them, or give them a proper status to help organize each finding.
  8. At any time, findings can be permanently deleted. If no action is taken, findings will be removed in 30 days.