End-User License Agreement (“Agreement”)

Version 3.0.0

This End User License Agreement (this “Agreement”), is a binding agreement between Mimecast Netherlands B.V. (”Mimecast”) and the customer (“Customer” or “You”) for Customer’s use of Mimecast’s DMARC Analyzer service and any related documentation (together, the “Services”).
MIMECAST PROVIDES THE SERVICES SOLELY ON THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT AND ON THE CONDITION THAT CUSTOMER ACCEPTS AND COMPLIES WITH THE AGREEMENT. BY CLICKING THE “ACCEPT” BUTTON YOU (A) REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF CUSTOMER; AND (B) ACCEPT THIS AGREEMENT AND AGREE THAT CUSTOMER IS LEGALLY BOUND BY ITS TERMS . IF CUSTOMER DOES NOT AGREE TO THE TERMS OF THIS AGREEMENT, MIMECAST WILL NOT AND DOES NOT PERMIT USE OF THE SERVICES BY CUSTOMER AND YOU MUST NOT ACCESS THE SERVICES.

1. General.
1.1. License to Access.
Subject to and conditioned upon Customer’s payment of applicable fees and Customer’s strict compliance with all terms and conditions set forth in this Agreement, Mimecast hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable, limited license during the Term (as defined in Section 8) to access and use the Services for Customer’s internal business operations solely in accordance with this Agreement, and to access the support materials available at www.dmarcanalyzer.com/dmarc-knowledge-center/. Customer acknowledges that the Services are offered as software-as-a-service and that the Services and the support materials may change over time. Further, Customer acknowledges that some features and functionality are available only to Customer during a paid Term and thereafter only upon the condition that Customer pay the applicable fees. For clarity, Customer acknowledges and agrees that failure to pay fees in a timely manner may result in the termination of the Services in whole or in part.

1.2. Customer Responsibility.
Customer is responsible for adding all owned domains to the Services and for publishing a DMARC record into the DNS for each such domain. Further, Customer must issue DNS updates as reasonably required by Mimecast. Customer is responsible and liable for all uses of the Services resulting from access provided by Customer or via Customer’s systems, whether directly or indirectly. Without limiting the generality of the foregoing, Customer is responsible for all acts and omissions of its employees and agents, and any act or omission by an employee or agent of Customer that would constitute a breach of this Agreement will be deemed a breach of this Agreement by Customer. Customer will implement and maintain reasonable and appropriate controls to ensure that any passwords and access credentials associated with the Services remain confidential. Customer will not sell or transfer such passwords or access credentials to any other person or entity. Customer will promptly notify Mimecast in the event that Customer has a reasonable belief that unauthorized access to the Services or Customer’s passwords or access credentials has occurred.

1.3. Third-Party Products.
The Services utilize Third-Party Products. For purposes of this Agreement, such Third-Party Products are subject to their own terms and conditions available at www.dmarcanalyzer.com. If Customer does not agree to abide by the applicable terms for any such Third-Party Products, then Customer should not install, access, or use the Services. “Third-Party Products” means any products, content, services, information, or other materials that are owned by third parties and are incorporated into the Services.

2. Data Protection and Confidentiality.
2.1 Data.
“Personal Data” means Customer Data that relates to an identified or identifiable natural person. “Customer Data” means the data processed through Customer’s use of the Services including, where relevant to the Services, the contents of emails. Customer Data does not include Aggregated Data or Threat Data (as those terms are defined in Section 5.2). Customer acknowledges and agrees that Customer Data processed through the Services will be stored in Ireland (“Hosting Jurisdiction”).

2.2 Security.
Mimecast will implement and maintain appropriate administrative, technical, organizational and physical security measures for each of the Services to protect Customer Data against unauthorized access, disclosure or loss. Customer acknowledges and agrees that, in the course of providing the Services to Customer, it may be necessary for Mimecast to access Customer Data to respond to technical problems or Customer queries and to ensure the proper working of the Services; such access may originate from any jurisdiction where Mimecast maintains support personnel. Additional information about Mimecast security, including the locations from which support is provided and a list of Mimecast’s certifications, attestations and assessments, is available at www.mimecast.com/company/mimecast-trust-center/ (the “Trust Center”). Mimecast may update the Trust Center from time to time. Where required hereunder (or in accordance with any Data Processing Agreement), Mimecast shall notify Customer of any material changes.

2.3 Data Protection Laws.
As required by applicable law or as otherwise agreed by the parties, data protection measures may be described in more detail in a data processing agreement, which will be made supplementary to this Agreement if executed by the parties (“Data Processing Agreement”). In the event of any conflict between this Agreement and the Data Processing Agreement, the Data Processing Agreement shall prevail. Mimecast acknowledges that, as between the parties, Customer owns and controls the right, title and interest in and to the Customer Data. With respect to any Personal Data contained in Customer Data, Customer acts as data controller and Mimecast acts as data processor. Mimecast will use and process the Personal Data in accordance with Customer’s Instructions during an effective Term or as otherwise may be required by applicable law. The “Instructions” are embodied in this Agreement and any applicable Data Processing Agreement if executed by the parties, and as may be additionally communicated in writing by Customer to Mimecast from time-to-time. Mimecast will collect and protect the Customer Data in compliance with the applicable laws and regulations of the Hosting Jurisdiction, including without limitation, as applicable, the requirements of European Economic Area data protection law, and the General Data Protection Regulation (Regulation (EU) 2016/679). Where permitted by applicable law, Mimecast may process, transfer or copy Customer Data and Personal Data in the United States, the United Kingdom, or other countries or jurisdictions outside of the country where it was collected. Customer is responsible for providing any requisite notice and obtaining any consent (if required) from individuals for the processing and transfer of Personal Data, including international transfers.

2.4 Confidentiality Obligations.
(a) Definitions. “Confidential Information” means information designated by the party disclosing such information (“Disclosing Party”) as “confidential” or “proprietary” or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of the disclosure. Customer’s Confidential Information includes Customer Data. Mimecast’s Confidential Information includes any information related to the performance, functionality, and reliability of the Services. Confidential Information does not include information that: (i) is or becomes generally known to the public through no fault of the party that receives such information from the Disclosing Party (“Receiving Party”); (ii) is in the Receiving Party’s possession prior to receipt from the Disclosing Party; (iii) is acquired by the Receiving Party from a third-party without breach of any confidentiality obligation to Disclosing Party; or (iv) is independently developed by Receiving Party without reference to the Disclosing Party’s Confidential Information.
(b) Obligations. Confidential Information is and will remain the exclusive property of the Disclosing Party. In addition to any other obligations required of it under this Section 2, the Receiving Party will: (i) use Disclosing Party’s Confidential Information solely for the performance of the activities contemplated by this Agreement; (ii) disclose such information only to its employees, agents, and contractors who are bound by obligations of confidentiality at least as strict as those contained in this Section 2.4; (iii) protect Disclosing Party’s Confidential Information against unauthorized use or disclosure using the same degree of care it uses for its own Confidential Information, which in no event will be less than reasonable care; and (iv) upon written request, return or destroy all copies of the Disclosing Party’s Confidential Information that are in its possession or control.

3. Restrictions.
Customer shall not and shall not permit any of Customer’s employees or agents to use the Services or any software component of the Services for any purpose beyond the scope of the access granted in this Agreement. Customer shall not at any time, directly or indirectly, and shall not permit any of Customer’s employees or agents to: (i) copy, modify, or create derivative works of the Services, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, transfer, or otherwise make the Services available to anyone, except as expressly permitted under this Agreement; (iii) reverse engineer, disassemble, or decompile the Services; (iv) attempt to circumvent or interfere in any way with the security features of the Services; (v) remove any proprietary notices from the Services; (vi) use the Services in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law, regulation, or rule; (vii) use the Services in, or in association with, the design or operation of any system meant for use in conjunction with emergency services; or (viii) use the Services for purposes of competitive analysis, the development of a competing product or service, or any other purpose that is to Mimecast’s commercial disadvantage.

4. Disclaimer.
WITHOUT LIMITING MIMECAST’S EXPRESS OBLIGATIONS UNDER THIS AGREEMENT, MIMECAST HEREBY DISCLAIMS ALL GUARANTEES, CONDITIONS, WARRANTIES AND REPRESENTATIONS, IMPLIED, STATUTORY OR OTHERWISE CONCERNING ANY SERVICES, SOFTWARE, DOCUMENTATION OR MATERIALS PROVIDED BY MIMECAST, INCLUDING BUT NOT LIMITED TO, THOSE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THE SERVICES DO NOT QUALIFY AS legal or expert advice. Customer should consider whether the Services are appropriate for Customer’s needs, and where appropriate, seek LEGAL OR EXPERT advice. MIMECAST DOES NOT REPRESENT THAT THE SERVICES OR THE PROFESSIONAL SERVICES WILL ACHIEVE INTENDED RESULTS, BE UNINTERRUPTED OR ERROR FREE OR MEET CUSTOMER’S REQUIREMENTS.

5. Ownership.
5.1 Ownership of the Services.
The parties acknowledge and agree that Mimecast has no ownership rights to Customer Data. Mimecast and its third-party licensors will retain all ownership interest in and to the Services and its underlying systems. Customer’s rights are limited to those expressly stated in this Agreement. Notwithstanding any provision herein to the contrary, nothing in this Agreement is intended to limit Customer’s liability in the event of Customer’s violation of Mimecast’s intellectual property rights, and any claim with respect to such violation will not be deemed governed by this Agreement.

5.2 Aggregated Data and Threat Data.
Notwithstanding any provision herein to the contrary, Mimecast owns: (i) the aggregated data derived from the Service as aggregated with usage data from Mimecast’s other customers, including, without limitation, utilization statistics, reports, logs and information regarding spam, viruses or other malware processed by the Services (“Aggregated Data”); and (ii) all data identified through the Services as malicious, such as that which may perpetuate data breaches, malware infections, cyberattacks or other threat activity (“Threat Data”). Neither Aggregated Data nor Threat Data will include any Personal Data. Customer agrees that Mimecast may process Aggregated Data or Threat Data for its business purposes and/or may share Aggregated Data or Threat Data with third-parties.

5.3 Feedback.
Mimecast owns an unlimited right to any Feedback in any present or future form or format for use in any manner that Mimecast deems appropriate, without monetary or other compensation to Customer. “Feedback” means any communications or materials provided to Mimecast by Customer suggesting or recommending changes to the Services.

6. Intellectual Property Indemnification
6.1 Indemnification.
Mimecast will defend, indemnify and hold harmless Customer, its officers, directors, employees and consultants against any third-party claim, suit, proceeding or regulatory action alleging that the Services infringe any copyright, moral right, trade secret, trade or service mark, or patent issued in the United States or the European Union. Customer will provide prompt written notice of the applicable claim to Mimecast and cooperate in Mimecast’s defense, as reasonably requested by Mimecast and at Mimecast’s expense. Mimecast will have sole control of the defense and settlement of the applicable matter.

6.2 Additional Terms.
Mimecast may, at its expense and discretion, attempt to resolve any indemnified claim by: (a) modifying the Services to avoid the alleged infringement; (b) obtaining a license to permit Customer’s use of the Services as contemplated by this Agreement; or (c) terminating the rights set forth in this Agreement and giving Customer a refund for any fees paid for the remainder of the then-effective Term. Customer will cooperate fully with Mimecast in the implementation of any above-described resolution. Mimecast will have no liability under this Section 6 to the extent any claim results from the combination of the Services with third-party products, services, data or business processes used by Customer or from content or information supplied by Customer.

6.3 Entire Liability.
This Section 6 sets forth Mimecast’s entire liability and Customer’s sole remedy in connection with any matters concerning any intellectual property rights relating to the Services. Customer agrees that any and all implied indemnification obligations that may apply to this Agreement are hereby excluded.

7. Limitation of Liability
7.1 Exclusion of Damages.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), BREACH OF STATUTORY DUTY OR OTHERWISE FOR ANY (A) INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, (B) LOSS OF PROFITS, (C) LOSS OF ANTICIPATED SAVINGS, OR (D) LOST MANAGEMENT TIME ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR ANY OF THE SERVICES PROVIDED OR AGREED TO BE PROVIDED BY MIMECAST, EVEN IF THE PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR HAD OTHER REASON TO KNOW OR IN FACT KNEW OF THE POSSIBILITY THEREOF. THIS SECTION 7.1 DOES NOT APPLY TO ANY AMOUNTS PAYABLE IN CONNECTION WITH THE INDEMNIFICATION OBLIGATIONS STATED HEREIN.

7.2 Liability Cap.
Mimecast’s maximum liability for any and all causes of action arising out of or relating to this Agreement or the Services, whether in contract, tort, statute or otherwise, will be limited to an amount equal to the fees paid or payable by Customer to Mimecast for the Services during the twelve months preceding the incident giving rise to the claim (or $100 USD if the Services were provided free of charge); provided that the foregoing cap will not apply to: (i) the indemnification obligations set forth in this Agreement, (ii) Customer’s obligations under Section 3, or (iii) Customer’s payment obligations.

7.3 Exclusions.
Notwithstanding any other provision of this Agreement, neither party’s liability is excluded or limited by this Agreement in the event of: (i) death or personal injury caused by its negligence or (ii) any other liability which may not lawfully be excluded or limited.

8. Term, Termination, Free Trial, Payment
8.1 Term and Free Trial.
This Agreement is in effect from the time that Customer clicks “Accept” to indicate Customer’s acceptance of the terms and conditions herein. The Services are available to Customer at no charge for fourteen days (the “Free Trial”). Prior to the end of the Free Trial, Customer must make arrangements with Mimecast to pay applicable fees for the Services or some features and functionality will be disabled.
(a) In the event that Customer begins to pay the applicable Fees, a Term of twelve months will commence, and the Agreement will thereafter renew automatically for additional twelve month terms (each, a “Renewal Term”) unless Customer provides notice of non-renewal not less than thirty days in advance of the end of the then-current Term. Notwithstanding the foregoing, Mimecast may terminate this Agreement at any time, provided that in such case, any pre-paid, unused fees will be promptly refunded.
(b) If Customer does not begin to pay the applicable Fees prior to the end of the Free Trial, then this Agreement shall remain in effect until Customer ceases its use of the Services or until terminated by Mimecast. For clarity, Customer acknowledges and agrees that in this case some features and functionality will be disabled.

8.2 Fees and Payment.
Mimecast reserves the right to increase Fees applicable to any Renewal Term by no more than five percent. Fees are due monthly or annually in advance via credit card or bank transfer. If Customer disputes any portion of an invoice due, then Customer will notify Mimecast in writing within fifteen days of receipt of the applicable invoice. Such notice will include a description of the basis for Customer’s dispute. If only part of an invoice is disputed, then Customer will pay the undisputed amount as provided herein. The parties will work together in good faith to resolve any such dispute promptly.

8.3 Late Payment.
Mimecast may charge a late payment fee on any undisputed unpaid amount due at the rate of one percent (1%) per month or at the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date such amount is paid. In the event any action is taken to pursue collection of any fees payable hereunder, Customer will reimburse Mimecast for Mimecast’s costs associated with such collection, including reasonable legal fees.

8.4 Taxes. The fees and any other charges hereunder do not include any taxes, withholdings, levies or duties of any nature (including without limitation, local, state, federal, VAT or foreign taxes) that may be assessed at any time in connection with the Services during the term of this Agreement. Customer is responsible for paying any such taxes, excluding taxes based on Mimecast’s net income.

8.5 Suspension of Services.
Mimecast may suspend the Services in the event Customer’s account is the subject of denial of service attacks, hacking attempts or other malicious activities, or Customer’s activities reasonably appear to be in breach of Section 3, Mimecast will work with Customer to resolve such matters as soon as possible. In such circumstances, to protect Mimecast’s own systems, Customer acknowledges that Mimecast may be required to suspend the Services until the issues are resolved. Mimecast will provide advance notice to Customer of such suspension where reasonably practicable.

9. Miscellaneous
9.1 Survival.
Customer’s payment obligations, the provisions of this Section and the provisions of the following Sections will survive termination of this Agreement: Section 2 (Data Protection and Confidentiality), Section 3 (Restrictions), Section 4 (Disclaimer), Section 6 (Intellectual Property Indemnification), and Section 7 (Limitation of Liability).

9.2 Legal Demands.
Notwithstanding any provision herein to the contrary, Customer Data may be retained and disclosed by Mimecast as required to comply with applicable laws, regulations, subpoenas or court orders or to otherwise enforce its rights under this Agreement. Where allowed by law, Mimecast will provide reasonable prior written notice to Customer to permit Customer to seek a protective order and will cooperate in Customer’s activities under this Section 9.2, at Customer’s expense. Mimecast will disclose only that information that is reasonably necessary to meet the applicable legal order or requirement.

9.3 Force Majeure.
Neither party will be liable for any delay in performance or failure to perform its obligations under this Agreement due to any cause or event outside its reasonable control including, acts of God, civil or military authority, acts of war, accidents, third-party computer or communications failures, natural disasters or catastrophes, strikes or other work stoppages or any other cause beyond the reasonable control of the affected party.

9.4 Assignment.
Customer may assign this Agreement in whole or in part to a successor in interest in the event of a sale or merger of Customer. Otherwise, Customer may not assign this Agreement in whole or in part without Mimecast’s prior written consent, which consent will not be unreasonably withheld. This Agreement will be binding upon the parties hereto and any authorized assigns.

9.5 Notices and Language.
The language of this Agreement is English and all notices to be given in connection with this Agreement must be in English. Any business communications in connection with this Agreement may be provided by email. Any legal notices relating to this Agreement must be written in English or accompanied by a certified English translation. All legal notices will be sent by major commercial delivery courier service or mailed in a manner that requires signature by the recipient.

9.6 Entire Agreement.
Each party hereby acknowledges that (i) no reliance is placed on any representation not provided in this Agreement; and (ii) agreement to this Agreement is not conditioned on any promise made by Mimecast to deliver any future deliverable such as a feature or functionality. No purchase order or other communication will add to or vary these General Terms. Any purchase order or other terms provided by Customer will be accepted by Mimecast for invoicing purposes only.

9.7 Modifications and Severability.
Except as expressly provided herein, any modification to this Agreement must be made in writing and signed by an authorized representative of each party. If any provision of this Agreement is held to be unenforceable, such provision will be reformed to the extent necessary to make it enforceable, and such holding will not impair the enforceability of the remaining provisions.

9.8 Waiver.
The failure by a party to exercise any right hereunder or to insist upon or enforce strict performance of any provision of this Agreement will not waive such party’s right to exercise that or any other right in the future.

9.9 No Third-Party Beneficiaries.
This Agreement is entered into solely between, and may be enforced only by, Mimecast and Customer. This Agreement will not be deemed to create any third-party rights or obligations.

9.10 Independent Contractors.
Each party to this Agreement will be acting as an independent contractor, and nothing herein will be construed to create a partnership, joint venture or any type of agency relationship between Mimecast and Customer.

9.11 Export Restrictions.
Each party agrees to comply with all applicable regulations of the United States Department of Commerce and with the United States Export Administration Act, as amended from time to time, and with all applicable laws and regulations of other jurisdictions with respect to the export and import of the Services.

9.12 Governing Law.
This Agreement and any related court proceedings shall be exclusively governed by and construed in accordance with Dutch law. Any matter, claim or dispute arising out of or in connection with this Agreement or the Services, whether contractual or non-contractual, is to be governed by and determined in accordance with Dutch law. The Parties agree that any such dispute shall be exclusively submitted to the jurisdiction of the competent court in Amsterdam. All parties hereby consent to litigation in the English language before the Netherlands Commercial Court (internationale handelskamer), which forms part of the court in Amsterdam, including in the event of an application for provisional and protective measures.