2022/06/28 City Council Resolution 2022-071 RESOLUTION NO. 2022-071
A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF ROHNERT PARK
APPROVING MASTER AGREEMENT AND PURCHASE ORDER WITH
DARKTRACE HOLDINGS LIMITED FOR IT EMAIL AND NETWORK SECURITY
SERVICES IN AMOUNT OF 8145, 248
WHEREAS, the security of the City's IT infrastructure is critical to its operation; and
WHEREAS, the City's email system is a likely target for security breaches; and
WHEREAS,these systems need to be maintained with current security technologies
available to better deter possible security breaches; and
WHEREAS, the City's IT Department has researched options and has recommended a
viable and effective solution.
NOW, THEREFORE, BE IT RESOLVED by the City Council of the City of Rohnert
Park that it does hereby authorize and approved the entering into a Purchase Order and Master
Agreement with Darktrace Holdings Limited, in substantially the same form as set forth in
Exhibit A, subject to such modifications as may be approved by the Assistant City Manager in
consultation with the City Attorney.
BE IT FURTHER RESOLVED that the Assistant City Manager is hereby authorized
and directed to execute documents pertaining to same for and on behalf of the City of Rohnert
Park.
DULY AND REGULARLY ADOPTED this 28th day of June, 2022.
CITY OF ROHNERT PARK
a ie Elwar ayor
ATTEST: •
I\
izab th Machado, Deputy City Clerk - ` --
Attachments: Exhibit A
GIUDICE: At.le. HOLLINGSWORTH-ADAMS: Gaye STAFFORD: kip RODRIGUEZ: Atie ELWARD:
AYES: (6 ) NOES: ( j ) ABSENT: ( ABSTAIN: ( j ) "T`
6/30
:
-- Subscription
1 July 2022
1
30th June
Exhibit A to Resolution
V09.12.2020 MCA SHRINKWRAP 1
DARKTRACE MASTER CUSTOMER AGREEMENT
IMPORTANT - READ CAREFULLY:
Please read the following legally binding Darktrace Master Customer Agreement (“Agreement”) between Darktrace Holdings
Limited (“Darktrace”) and City of Rohnert Park (“Customer”) carefully. THIS AGREEMENT WILL APPLY TO ANY QUOTE, PRODUCT
ORDER FORM, ORDER ACKNOWLEDGEMENT, AND INVOICE, AND ANY SALE, LICENCE, OR DELIVERY OF ANY APPLIANCES OR
SERVICES BY DARKTRACE. By selecting the ‘accept’ option, installing or otherwise accessing or using the Offering (as defined
herein), Customer acknowledges that Customer has read, understands and agrees to be bound by the terms and conditions of
this Agreement. Where a reseller, service provider, consultant, contractor or other permitted third party downloads, installs or
otherwise uses the Appliance on Customer’s behalf, such party will be deemed to be Customer’s agent and Customer will be
deemed to have accepted all of the terms and conditions of this Agreement as if Customer had directly downloaded, installed or
used the Appliance.
If Customer does not agree with the terms and conditions of this Agreement, Customer is not authorised to install the Appliance
or otherwise use the Offering for any purpose whatsoever. If Customer returns the unused Appliance and all accompanying
items in their original condition and packaging within twenty-one (21) calendar days of delivery by Darktrace, together with proof
of purchase, Customer may receive a full refund of any Fees paid.
Darktrace and Customer may be collectively referred to as the “Parties” or individually as a “Party”.
RECITALS
Whereas, Darktrace is the supplier of the Offering that is more fully described in the applicable quotation, ordering document,
or commercial terms schedule provided by Darktrace or its authorised reseller, as applicable, and accepted by Darktrace, which
identifies the Appliances and any Services ordered by Customer from Darktrace or its authorised reseller, as applicable, the term,
the respective quantities, the applicable fees, together with any other specifications or requirements and any other restrictions
(if any) (“Product Order Form”).
Whereas, Customer is interested in using the Offering for its internal use and Darktrace has agreed to Customer’s use of the
Offering on the terms of this Agreement.
Now therefore, in consideration of the mutual covenants and the payment of Fees described herein, the Parties agree as follows:
1. DEFINITIONS
Certain capitalised terms used but not defined herein are as set forth in Appendix 1 to this Agreement.
2. EVALUATIONS AND BETA TESTING
The following terms in this Clause 2 apply to a Darktrace proof of value or technical preview of the Offering.
2.1. If Darktrace permits Customer to conduct a proof of value of any commercially-available Offering (the “Evaluation”), Customer
shall be granted a non-exclusive, non-transferable, non-sublicensable licence to use the Offering free of charge for evaluation
purposes only for a maximum of four (4) weeks, or such other duration as specified by Darktrace in writing at its sole discretion
(the “Evaluation Period”). Except for the foregoing, Darktrace does not grant Customer any rights, implied or otherwise in or
to the Offering in respect of an Evaluation. Customer must keep the Appliance free from liens, will be responsible for any
damage to such Appliance during the Evaluation Period (reasonable wear and tear excepted) and will carry insurance coverage
(all risks) in an amount equal to the full replacement value of the Appliance. On the expiry of the Evaluation Period, and unless
the Parties agree to a subsequent purchase of the Offering, Customer shall return the Appliance to Darktrace securely and
properly packaged, with carriage (and insurance at Customer’s option) and this Agreement will terminate.
2.2. If Darktrace provides Customer with a new product or new version of the Offering for technical preview or beta testing
purposes (a “Preview Product”), Customer may use the Preview Product for evaluation purposes, in a non-production test
environment only, for the period specified by Darktrace (the “Test Period”). Customer will test the Preview Product in
accordance with any conditions specified in the readme file for the software or any accompanying Documentation and will
gather and report test data, feedback, comments and suggestions to Darktrace. Customer’s right to use the Preview Product
will terminate upon expiry of the Test Period. Darktrace does not warrant that it will release a commercial version of the
Preview Product, or that a commercial version will contain the same or similar features as the Preview Product.
V09.12.2020 MCA SHRINKWRAP 2
2.3. Clause 9 and Clause 12 will not apply to Evaluations or Preview Products. APPLIANCES PROVIDED FOR THE PURPOSES OF
EVALUATION (“EVALUATION PRODUCTS”) AND PREVIEW PRODUCTS ARE PROVIDED “AS IS” AND, TO THE MAXIMUM EXTENT
PERMITTED BY APPLICABLE LAW: (i) DARKTRACE MAKES NO WARRANTIES, CONDITIONS, REPRESENTATIONS OR
UNDERTAKINGS OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE WITH RELATION TO SUCH
EVALUATION PRODUCTS OR PREVIEW PRODUCTS; AND (ii) IN NO EVENT SHALL DARKTRACE BE LIABLE TO CUSTOMER OR TO
THOSE CLAIMING THROUGH CUSTOMER FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR SPECIAL DAMAGE OR
LOSS OF ANY KIND, OR ANY LOSS OF PROFITS, LOSS OF CONTRACTS, BUSINESS INTERRUPTIONS, LOSS OF OR CORRUPTION OF
INFORMATION OR DATA HOWEVER CAUSED AND WHETHER ARISING UNDER CONTRACT OR TORT (INCLUDING WITHOUT
LIMITATION NEGLIGENCE), EVEN IF DARKTRACE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
2.4. IF ANY LIMITATION, EXCLUSION, DISCLAIMER OR OTHER PROVISION CONTAINED IN CLAUSE 2.3 ABOVE IS HELD TO BE INVALID
FOR ANY REASON BY A COURT OF COMPETENT JURISDICTION AND DARKTRACE BECOMES LIABLE THEREBY FOR LOSS OR
DAMAGE THAT MAY LAWFULLY BE LIMITED, SUCH LIABILITY WHETHER IN CONTRACT, TORT OR OTHERWISE, SHALL NOT
EXCEED TEN THOUSAND POUNDS STERLING (£10,000).
3. OFFERING; ORDER PROCESS
3.1. Darktrace agrees to provide to Customer: (i) the number and type of Appliances; (ii) the Support Services; and (iii) the training
to be provided to Customer, if any, each as set out in the Product Order Form. The Product Order Form must be in writing and
reference this Agreement to be valid. The Product Order Form will be governed by this Agreement and any different or
additional terms presented with or in any communication, including but not limited to, Customer’s purchase order, are
deemed null and void and of no effect unless the additional terms are agreed upon by the Parties in writing prior to acceptance
of that Product Order Form.
4. HARDWARE
4.1. Hardware Products. Unless otherwise agreed in the Product Order Form, use of the Hardware is included in the Fees. The
Hardware is provided solely as the medium for delivery and operation of the Software, and must not be used for any other
purpose. Customer will be granted a licence to the Software on the terms of Clause 5 below.
4.2. Delivery. Darktrace will use commercially reasonable efforts to ship the Appliance(s) on the agreed delivery dates (in partial
or full shipments); provided, however, that Darktrace will in no event be liable for any delay in delivery or for failure to give
notice of delay. Darktrace may withhold or delay shipment of any order if Customer is late in payment or is otherwise in
default under this Agreement. Darktrace will deliver the Appliance FCA (Incoterms 2010) to the agreed Sites. In the absence
of specific shipping instructions from Customer, Darktrace will ship by the method of its choice. Unless otherwise agreed,
Customer will pay and be exclusively liable for all costs associated with shipping and delivery including without limitation,
freight, shipping, customs charges and expenses, cost of special packaging or handling and insurance premiums incurred by
Darktrace in connection with the shipment of the Appliance(s) to Customer. Darktrace will identify itself in all documents
related to the shipment of the Appliance(s) as the exporter of record from the applicable jurisdiction of export, and Customer
(or its agent, as applicable) as the importer of record into the country of delivery.
4.3. Title to Hardware. Title to the Hardware will remain with Darktrace for the entire Term. Upon termination for any reason,
or on expiration of the Term, Customer shall return the Hardware to Darktrace, securely and properly packaged, with carriage
(and insurance at Customer’s option) prepaid. Whilst the Hardware is in Customer’s possession, Customer must (a) clearly
designate the Hardware as Darktrace’s property; (b) take commercially reasonable steps to protect the Hardware; (c) store
and use the Hardware in a proper manner in conditions which adequately protect and preserve the Hardware; and (d) not
sell, charge, pledge, mortgage or otherwise dispose of the Hardware or any part of it or permit any lien to arise over the
Hardware (or part thereof) and keep the Hardware free from distress, execution and other legal process.
5. LICENCE GRANT FOR THE SOFTWARE AND RESTRICTIONS
5.1. Licence Grant for Software. In consideration of the Fees paid by Customer to Darktrace, and subject to the terms and
conditions of this Agreement and the Product Order Form, Darktrace grants to Customer a non-exclusive, non-transferable,
non-sublicensable licence for the Term to: (i) install and use the Appliance on the Site(s) or an Outsource Provider’s site(s) for
Customer’s or its Affiliate’s internal business purposes (provided that neither Customer nor its Affiliates may use the Appliance
or the Services as a commercial product or for the benefit of an unaffiliated third party); (ii) make a commercially reasonable
number of copies of the Documentation; provided however, that Customer must reproduce and include all of Darktrace's and
its suppliers' copyright notices and proprietary legends on each such copy;.
V09.12.2020 MCA SHRINKWRAP 3
5.2. Licence Restrictions. All Software is licensed, not sold. The restrictions in this Agreement represent conditions of Customer’s
licence. Unless otherwise specified in the Product Order Form or the Documentation, the Software is pre-installed on the
Hardware and Customer agrees to use the Software solely in conjunction with such Hardware and not separately or apart from
the Hardware. Customer specifically agrees not to: (i) sub-licence, rent, sell, lease, distribute or otherwise transfer the Software
or any part thereof or use the Offering, or allow the Offering to be used, for timesharing or service bureau purposes or
otherwise use or allow others to use for the benefit of any third party (other than Customer’s Affiliates); (ii) attempt to reverse
engineer, decompile, disassemble, or attempt to derive the source code or underlying ideas or algorithms of the Software or
Third Party Software (other than the GPL Software) or any portion thereof, except as required to be permitted by applicable
law; (iii) modify, port, translate, localise or create derivative works of the Software, the Third Party Software, the
Documentation; (iv) use the Offering: (a) in violation of any law, statute, ordinance or regulation applicable to Customer
(including but not limited to the laws and regulations governing publicity or privacy, export/import control, federal, state and
local laws and regulations governing the use of network scanners and related software in all jurisdictions in which systems are
scanned or scanning is controlled, or anti-discrimination, in each case that are applicable to Customer); or (b) negligently,
intentionally or wilfully propagate any virus, worms, Trojan horses or other programming routine intended to damage any
system or data; (v) remove or modify any acknowledgements, credits or legal notices contained on the Appliance or any part
thereof; (vi) install or run on the Hardware on any software applications other than the Software and Third Party Software
installed by Darktrace on such Hardware; (vii) collect any information from or through the Offering using any automated means
(other than Darktrace approved APIs), including without limitation any script, spider, “screen scraping,” or “database scraping”
application or gain or attempt to gain non-permitted access by any means to any Darktrace computer system, network, or
database; and (viii) file copyright or patent applications that include the Offering or any portion thereof.
5.3. Affiliate Use. Darktrace acknowledges and agrees that the Offering may be used for the benefit of Customer Affiliates
incorporated on or before the Effective Date of the Product Order Form. Such Customer Affiliates will be entitled to utilise
the Offering in the same way as Customer under the terms of this Agreement. To the extent that any such Customer Affiliate
utilises the Offering in accordance with this Clause 5.3 Customer (acting as agent and trustee of the relevant Customer
Affiliate) will be entitled to enforce any term of this Agreement and recover all losses suffered by such Customer Affiliate
pursuant to this Agreement as though Customer had suffered such loss itself, provided that in no event may Customer make
multiple recoveries in respect of the same loss.
5.4. Outsource Provider. In the event that Customer contracts with any third party service provider(s) such as an outsourcer,
hosting, managed service, or collocation service provider or other information technology service provider for the
performance of information technology functions (each, an “Outsource Provider”), Customer may permit such Outsource
Provider to exercise all or any portion of the rights granted in Clause 5.1 above solely on Customer’s or its Affiliates’ behalf,
provided that, (i) the Outsource Provider will only use or operate the Offering for Customer’s use subject to terms and
conditions that are consistent with the rights and limitations set out in this Agreement; and (ii) Customer will remain liable
for the acts and omissions of the Outsource Provider under this Agreement.
5.5. Third Party Software/ Open Source Software. Customer acknowledges that the Software may contain or be accompanied by
certain third-party hardware and software products or components (“Third Party Products”) including Open Source Software.
Any Open Source Software provided to Customer as part of the Offering is copyrighted and is licensed to Customer under
the GPL/LGPL and other Open Source Software licences. Copies of, or references to, those licences may be set out in a Product
Order Form, the Third Party Product packaging or in a text file, installation file or folder accompanying the Software. If
delivery of Open Source Software source code is required by the applicable licence, Customer may obtain the complete
corresponding Open Source Software source code for a period of three years after Darktrace’s last shipment of the Software
by sending a request to: Attn: Legal Department - Open Source Software Request, Darktrace Holdings Limited, Maurice Wilkes
Building, Cowley Road, Cambridge CB4 0DS, United Kingdom.
6. SERVICES
6.1. Installation. Darktrace will conduct its standard installation and test procedures to confirm completion of the installation of
the Appliance on Customer’s or its Outsource Provider’s site (“Installation Services”).
6.2. Support Services. Darktrace will provide the Standard Support Services for the Term and any Support Service Options
specified in the Product Order Form (collectively, the “Support Services”). Darktrace’s Support Services are further described
in the Support Services Data Sheet, which details Darktrace’s Standard Support Services and Support Service Options, and
their respective eligibility requirements, service limitations and Customer responsibilities.
6.3. Call Home. Darktrace’s Call Home feature is critical for certain Support Services. Darktrace will limit its access solely to the
V09.12.2020 MCA SHRINKWRAP 4
extent relevant to Darktrace's provision of the Support Services, and such remote access will be subject to Customer’s
reasonable policies and procedures provided to Darktrace in writing in advance. The Call Home connection remains within
Customer’s complete control and is initiated by the onsite Appliance. It can be initiated and terminated at any time by
Customer.
6.4. DISCLAIMER. UNLESS EXPRESSLY AGREED, THE SERVICES DO NOT INCLUDE THE MONITORING, INTERPRETATION OR
CORRECTIVE ACTION WITH RESPECT TO ANY ALERTS GENERATED BY THE OFFERING. NO ADVICE, REPORT, OR INFORMATION,
WHETHER ORAL OR WRITTEN, OBTAINED BY CUSTOMER FROM DARKTRACE OR THROUGH OR FROM THE SERVICES SHALL
CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT. CUSTOMER UNDERSTANDS THAT: (A) ANY OUTCOME
OF THE SERVICES INVOLVING SECURITY ASSESSMENT IS LIMITED TO A POINT-IN-TIME EXAMINATION OF CUSTOMER’S
SECURITY STATUS; AND (B) THE SERVICES DO NOT CONSTITUTE ANY FORM OF REPRESENTATION, WARRANTY OR
GUARANTEE THAT CUSTOMER’S SYSTEMS ARE SECURE FROM EVERY FORM OF ATTACK, EVEN IF FULLY IMPLEMENTED.
CUSTOMER UNDERSTANDS AND ACKNOWLEDGES THAT NOT ALL ANOMALIES / INTRUSIONS MAY BE REPORTED OR
PREVENTED.
7. FEES, PAYMENT AND TAXES
7.1. Fees. Fees are stated in the Product Order Form. No refunds will be made except as provided in Clause 9 and Clause 10.3
of this Agreement. Unless otherwise explicitly agreed in writing, fees are: (i) exclusive of sales and use taxes assessed by any
taxing authority in the jurisdiction(s) in which Customer is physically located and takes delivery of the Appliance or Services;
and (ii) exclusive of duties and shipping and handling fees, which unless otherwise agreed will be the responsibility of
Customer. Should Customer be required under any law or regulation of any governmental entity or authority outside of the
United Kingdom to withhold or deduct any portion of the payments due to Darktrace, then Customer will increase the sum
payable to Darktrace by the amount necessary to yield to Darktrace an amount equal to the sum Darktrace would have
received had no withholdings or deductions been made..
7.2. Invoices and Payment. Unless otherwise stated in the Product Order Form, Customer will be invoiced the Fees from the
commencement date specified in the Product Order Form (the “Commencement Date”). Any other charges, such as out of
pocket expenses will be invoiced monthly in arrears. Invoicing will occur via email. Unless otherwise agreed in the Product
Order Form, Customer agrees to pay all undisputed amounts within thirty (30) days of Customer’s receipt of the applicable
invoice by direct bank or wire transfer in accordance with the instructions on the invoice, and any bank charges assessed on
Customer by Customer’s bank. UNLESS PAYMENTS ARE MADE BY BANK OR WIRE TRANSFER, THEY MUST BE MADE
ANNUALLY IN ADVANCE. Darktrace may suspend or cancel performance of open orders or Services if Customer fails to make
payments when due, reserving all other rights and remedies as may be provided by law. Darktrace may impose late charges
on overdue payments at a rate equal to two percent (2%) per annum above the official dealing rate of the Bank of England,
calculated from the date payment was due until the date payment is made, and all reasonable expenses incurred in collection,
including legal fees.
7.3. Lapsed Fees. If Customer has lapsed in the payment of Fees due hereunder, Darktrace may suspend the provision of
Services and prior to recommencement of the Services by Darktrace, Customer will be responsible for paying all fees
associated with the Offering from the date such Services were stopped through to the then-current date.
7.4. Clause 7 shall not apply where Customer has purchased the Offering through a Darktrace authorised reseller.
8. INTELLECTUAL PROPERTY; OWNERSHIP
8.1. Intellectual Property. Except as expressly set forth herein: (i) this Agreement does not grant either Party any rights, implied
or otherwise, to the other’s Intellectual Property; and (ii) Darktrace, its suppliers and licensors, retain all right, title and
interest in and to the Offering , and the Documentation and all copies thereof, including all enhancements, error correction,
new releases, updates, derivations, and modifications thereto (collectively, “Darktrace Intellectual Property”). Customer
agrees to inform Darktrace promptly of any infringement or other improper action with respect to Darktrace Intellectual
Property that comes to Customer’s attention.
9. WARRANTIES
9.1. Hardware Warranty. Darktrace warrants to Customer that during the duration of this Agreement, the Hardware will
perform materially in accordance with the applicable Datasheet.
V09.12.2020 MCA SHRINKWRAP 5
9.2. Software Warranty. Darktrace warrants to Customer that during a period of ninety (90) days from the date of delivery of
the Appliance, the Software will perform materially in accordance with the applicable Datasheet.
9.3 Services Warranty. Darktrace warrants to Customer that all Services will be performed with all reasonable care, skill and
diligence in accordance with generally recognised commercial practices and standards.
9.4 Warranty Against Viruses and Disabling Code. The Software, when delivered by Darktrace to Customer, will be free of any
Virus or Disabling Code. For purposes of the foregoing, ”Virus or Disabling Code” means any program routine, device, code
or instructions (including any code or instructions provided by third parties) or other undisclosed feature, including a time
bomb, virus, software lock, drop-dead device, malicious logic, worm, Trojan horse, bug, error, defect, trap door, wabbit or
rabbit, rootkit, logic bomb, or bacteria that is capable of accessing, modifying, deleting, damaging, disabling, deactivating,
interfering with, or otherwise harming the Software or Services, or computer programs or systems. Notwithstanding the
foregoing, neither Call Home nor Antigena Network Software will be considered to be a “Virus or Disabling Code” within
the meaning of this Clause 9.4. Darktrace will use all reasonable endeavours, promptly for a reasonable period of time and
at no expense to the Customer, to remedy any non-conformance.
9.4 Exceptions. The warranties contained in Clause 9.1 and Clause 9.2 above will not apply if: (i) Customer’s use of the Offering
is not in accordance with this Agreement; (ii) Customer fails to follow Darktrace’s environmental, installation, operation or
maintenance instructions or procedures in the Documentation; (iii) the Appliance has been subject to Customer’s (or its
agent’s) abuse, negligence, improper storage, servicing or operation (including without limitation use with incompatible
equipment), reasonable wear and tear excepted; (iv) the Appliance has been modified, repaired or improperly installed
other than by Darktrace or any contractor or subcontractor of Darktrace; (v) Customer (or its agent) has failed to
implement, or to allow Darktrace or its agents to implement, any corrections or modifications to the Appliance made
available to Customer by Darktrace; or (vi) Customer (or its agent) has combined the Appliance with other software,
services, or products that are not provided by Darktrace or not otherwise specified in the Documentation, and, but for such
combination, the breach of warranty would have been avoided.
9.5 Remedies. If during the applicable warranty period contained in Clause 9.1 or Clause 9.2 above: (i) Darktrace is notified
promptly in writing upon discovery of an error in any of the Appliance, including a detailed description of such alleged error;
and (ii) Darktrace’s inspections and tests determine that the Appliance contains an error and it is not subject to any of the
exceptions set out in Clause 9.5, then, as Darktrace’s entire liability and Customer’s sole remedy for such breach of
warranty, Darktrace will (at Darktrace’s option and sole expense) correct, repair or replace the Appliance within a
reasonable time or provide or authorise a refund of the unused portion of the Fees Customer has paid for the Offering
following the return of the Appliance to Darktrace and the Agreement will terminate. Any items provided as replacement
under the terms of the applicable warranty will be warranted for the remainder of such original warranty period. Darktrace
will pay for, and will bear all risk of loss of or damage to, the return shipment of the Appliance to Darktrace and the shipment
of repaired or replaced the Appliance to Customer. Customer agrees to provide prompt notice of any failure under Clause
9.3 and Darktrace will re-perform any Service that fails to meet the warranted standard.
9.6 DISCLAIMER. EXCEPT FOR THE EXPRESS WARRANTIES SET OUT IN THIS AGREEMENT, AND TO THE FULLEST EXTENT
PERMITTED BY LAW, NEITHER DARKTRACE NOR ANY OF ITS THIRD PARTY LICENSORS OR SUPPLIERS MAKE ANY
WARRANTIES, CONDITIONS, UNDERTAKINGS OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED,
STATUTORY OR OTHERWISE IN RELATION TO ANY SUBJECT MATTER OF THIS AGREEMENT, INCLUDING WITHOUT
LIMITATION ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A
PARTICULAR PURPOSE, NON-INFRINGEMENT OR ARISING FROM COURSE OF PERFORMANCE, DEALING, USAGE OR TRADE..
DARKTRACE DOES NOT WARRANT THAT THE OPERATION OF THE OFFERING WILL BE ERROR-FREE OR UNINTERRUPTED.
10. INTELLECTUAL PROPERTY RIGHTS INFRINGEMENT INDEMNITY
10.1. Darktrace Indemnity. To the maximum extent permitted by law, Darktrace will indemnify , defend, and hold harmless
Customer, Customer’s Affiliates, and their respective officers, officials, and employees (and any successors and assigns of
the foregoing) (collectively, the “Customer Indemnitees”) against all liabilities, damages, and costs (including settlement
costs and reasonable attorneys’ fees) arising out of a third-party claim that the Software provided or made available by
Darktrace under this Agreement, or its receipt, possession or use by any Customer Indemnitee, infringes a European or U.S.
patent, any copyright, or misappropriates any third-party trade secrets. The indemnification and defense obligations of
Darktrace will be subject to Customer: (i) notifying Darktrace in writing within twenty (20) days of receiving notice of any
threat or claim of such action; (ii) giving Darktrace exclusive control and authority over the defence or settlement of such
action (provided that: (A) any settlement will not entail an admission of fault or guilt by any Customer Indemnitee, nor will
V09.12.2020 MCA SHRINKWRAP 6
any settlement term require any Customer Indemnitee to agree to perform any non-monetary act, including without
limitation, adoption or changes to any laws, policies, procedures or any other act involving the exercise of governmental
authority; and (B) the settlement includes, as an unconditional term, the claimant’s or the plaintiff’s release of Customer
Indemnitees from all liability in respect of the claim); (iii) not entering into any settlement or compromise of any such action
without Darktrace’s prior written consent; and (iv) providing reasonable assistance requested by Darktrace at Darktrace’s
expense. Customer will be obliged to mitigate its losses insofar as is reasonable in the circumstances.
10.2. Exclusions. The obligations set out in Clause 10.1 do not apply to the extent that a third party claim is caused by, or results
from: (a) Customer’s combination or use of the Software that is the subject of the claim with other software, services, or
products that are not provided or authorised by Darktrace in writing, if the claim would have been avoided by the non-
combined or independent use of the Software that is the subject of the claim; (b) modification of the Software that is the
subject of the claim by anyone other than Darktrace or any contractor or subcontractor of Darktrace, if the third party claim
would have been avoided by use of the unmodified Offering or other intellectual property that is the subject of the claim;
(c) Customer’s continued allegedly infringing activity after being notified thereof and being provided with modifications by
Darktrace that would have avoided the alleged infringement (which in implementing such modifications, Darktrace will use
commercially reasonable efforts to have substantially preserve the utility and functionality of the Offering or other
intellectual property that is the subject of the claim); (d) Customer’s use of the Software that is the subject of the claim in
a manner not in accordance with this Agreement or the Documentation; (e) use of other than Darktrace’s most current
release of the Software that is the subject of the claim if the third party claim would have been avoided by use of the most
current release or revision release or revision; subject to Darktrace providing Customer with reasonable notice, instruction
and opportunity to install and operate the most current release of the Software.
10.3. Remedies. If Darktrace reasonably believes the Software infringes a third party’s Intellectual Property Rights, then
Darktrace will, at its option and at no additional cost to Customer: (a) procure for Customer the right to continue to use the
Software; (b) replace the Software; or (c) modify the Software to avoid the alleged infringement. If none of the options in
the previous sentence are commercially reasonable, Darktrace may terminate the licence for the allegedly infringing
Software and refund a pro rata refund of the Fees paid by Customer from the date a third party claim arose for the allegedly
infringing Software to the then-current date, whereupon this Agreement will automatically terminate.
10.4 THIS CLAUSE 10 IS A COMPLETE STATEMENT OF THE CUSTOMER’S REMEDIES FOR THIRD PARTY CLAIMS FOR INFRINGEMENT
AS DESCRIBED IN CLAUSE 10.1.
11. CUSTOMER DATA; CUSTOMER UNDERTAKINGS
11.1. Customer Data; Licence Grant. Customer will own all right, title and interest in and to the Customer Data and to the extent
such Customer Data is included in a Report, the actual content of such Report. For any Customer Data stored on the
Appliance, to the extent required to provide the Services, Customer grants to Darktrace a limited, and non-exclusive licence
to access and use the Customer Data only to the extent necessary for Darktrace to perform the Services. Customer agrees
Darktrace may utilise the details of any Alerts occurring in Customer’s network and any connected data source to develop
the Offering on an anonymised basis and excluding any Customer Confidential Information.
11.2. Customer Security Obligations. In using the Offering or authorising its Outsource Provider and third parties to use it on
Customer’s behalf, Customer (and not Darktrace) will be responsible for establishing, monitoring, and implementing
security practices to control the physical access to and use of the Offering and all Customer Data therein, including Personal
Data.
11.3. DATA DISCLAIMER. CUSTOMER IS SOLELY RESPONSIBLE FOR ITS USE OF THE OFFERING, THE ACTIVITIES OF ITS USERS AND
FOR THE ACCURACY, INTEGRITY, LEGALITY, RELIABILITY AND APPROPRIATENESS OF ALL CUSTOMER DATA. CUSTOMER
EXPRESSLY RECOGNISES THAT DARKTRACE DOES NOT CREATE OR ENDORSE ANY CUSTOMER DATA PROCESSED BY OR USED
IN CONJUNCTION WITH THE OFFERING. CUSTOMER FURTHER ACKNOWLEDGES THAT DARKTRACE AND ITS AFFILIATES DO
NOT PROVIDE BACKUP SERVICES FOR CUSTOMER DATA AND CUSTOMER UNDERTAKES THAT IT SHALL BE SOLELY
RESPONSIBLE FOR BACKUP OF ALL CUSTOMER DATA.
12. LIMITATION OF LIABILITY
12.1. LIMITATION OF LIABILITY. SUBJECT TO THE REMAINDER OF THIS CLAUSE 12, EACH PARTY’S MAXIMUM LIABILITY TO THE
OTHER PARTY FOR ANY AND ALL CLAIMS, LOSS OR DAMAGE, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE),
BREACH OF STATUTORY DUTY, OR OTHERWISE, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT SHALL NOT
EXCEED, IN THE AGGREGATE, TWO MILLION U.S. DOLLARS ($2,000,000 USD).
V09.12.2020 MCA SHRINKWRAP 7
12.2. EXCLUSION OF CONSEQUENTIAL DAMAGES. SUBJECT TO CLAUSE 12.3 BELOW, NEITHER PARTY SHALL BE LIABLE TO THE
OTHER FOR ANY INDRECT OR CONSEQUENTIAL LOSS; OR ANY LOSS OF PROFITS; LOSS OF REVENUE OR BUSINESS; LOSS OF
GOODWILL OR REPUTATION; LOSS OF OR CORRUPTION OR DAMAGE TO DATA; LOSS OF MANAGEMENT TIME, HOWSOEVER
ARISING AND WHETHER OR NOT SUCH PARTY HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS, CORRUPTION OR
DAMAGE.
12.3. Exclusions from Limitation of Liability. Nothing in this Agreement will exclude or limit either Party’s liability for: (i) for death
or personal injury due to negligence; (ii) fraud; (iii) breach of Clause 14 (“Confidentiality”); (iv) breach of Clause 5 (“Licence
Grant for the Software and Restrictions”), (v) breach of Clause 10.1 (“Darktrace Indemnity”) (subject to Clauses 10.2 through
10.4), or (vi) for any other matter in respect of which liability cannot lawfully be limited or excluded.
13. TERM; TERMINATION
13.1. Term. This Agreement is effective from the Effective Date and will remain in force until: (i) expiry of the Evaluation Period
in accordance with Clause 2.1 above; or (ii) the end of the term specified in a Product Order Form (as applicable the “Term”).
In the event of extension or renewal of the Product Order Form, such extension or renewal shall be considered a new and
separate Term.
13.2. Expiration of the Term. Notwithstanding any provision of this Clause 13, Customer’s right to use, and Customer’s access
to, the Appliance will automatically terminate on expiry of the Term unless and until Customer renews or extends the Term
for the Appliance.
13.3. Termination for Breach. Either Party may terminate this Agreement if: (i) the other Party is in material breach of the
Agreement and fails to cure such breach within thirty (30) days after receipt of written notice; or (ii) the other Party ceases
its business operations or becomes subject to insolvency proceedings, which proceedings are not dismissed within thirty
(30) days.
13.4. Termination or Suspension by Darktrace. Without prejudice to any other right or remedy available to Darktrace:
13.4.1. Darktrace may restrict, suspend or terminate Customer’s licence or use of the Offering without liability if a court or
other government authority issues an order prohibiting Darktrace from furnishing the Offering to Customer.
Customer’s obligation to pay Fees during any period of suspension under this Clause 13.4.1 will also be suspended.
In the event the Offering is suspended pursuant to this Clause 13.4.1 then provided it is lawful to do so, Darktrace
will inform Customer of the reasons for the suspension and will work with Customer to resolve such issues and re-
instate the Offering.
13.4.2. Additionally, Darktrace may terminate, suspend or limit Customer’s licence grant or use of the Offering without
liability if Darktrace provides Customer with written notice that it has a reasonable suspicion that Customer is using
the Offering: (i) in breach of Clause 5.1 or Clause 5.2; or (ii) in a manner that is otherwise unlawful, and in each case
Customer does not cure the condition identified in such notice within five (5) business days.
13.5. Effect of Termination. Upon termination or expiration of this Agreement:
13.5.1. The Term and all other rights and licences granted by one Party to the other, and any Services provided by Darktrace
to Customer, will cease immediately;
13.5.2. Customer shall ensure all Customer Data is removed from the Appliance and return the Appliance to Darktrace in
accordance with Clause 4.3. DARKTRACE WILL NOT BE RESPONSIBLE FOR MAINTAINING OR PROTECTING ANY
CONFIGURATION SETTINGS OR DATA FOUND ON THE RETURNED HARDWARE OR COMPONENT PART OF THE
HARDWARE AND IT IS CUSTOMER'S SOLE RESPONSIBILITY TO DELETE ANY SUCH INFORMATION PRIOR TO RETURN;
and
13.5.3. All undisputed Fees owing to Darktrace at the date on which termination takes effect will become due and payable.
13.6. Survival. The following provisions will survive any termination of this Agreement: Clause 2 (“Evaluations and Beta
Testing”)”; Clause 5 (“Licence Grant For the Software and Restrictions”); Clause 7 (“Fees, Payments and Taxes”); Clause 8
(“Intellectual Property; Ownership”); Clause 9.7 (“Disclaimer”); Clause 10 (“Intellectual Property Rights Infringement
Indemnity”); Clause 11.3 (“Data Disclaimer; Indemnity”); Clause 12 (“Limitation of Liability”); Clause 13.5 (“Effect of
Termination”); Clause 13.6 (“Survival”); Clause 14 (“Confidentiality;”); Clause 15 (“Data Protection”); and Clause 16
(“General Provisions”).
V09.12.2020 MCA SHRINKWRAP 8
14. CONFIDENTIALITY
14.1. Each party will treat the other party’s Confidential Information as confidential. Confidential Information of one Party (the
“Disclosing Party”) may only be used by the other Party (the “Receiving Party”) for the purpose of fulfilling obligations or
exercising rights under this Agreement, and may only be shared with employees, agents or contractors of the Receiving
Party who have a need to know such information to support such purpose (“Representatives”). Each Party will procure
that any of its Representatives to whom Confidential Information is disclosed are bound by contractual obligations
equivalent to those in this Clause 14.1. Notwithstanding the foregoing, the Receiving Party shall remain liable for the acts
or omissions of its Representatives. Confidential Information will be protected using a reasonable degree of care to prevent
unauthorised use or disclosure for five (5) years from the date of receipt or (if longer) for such period as the information
remains confidential. These obligations do not cover information that: (i) was known or becomes known to the Receiving
Party on a non-confidential basis from a third party, provided that: (a) the Receiving Party has no knowledge that the third
party is subject to a confidentiality agreement with the Disclosing Party in respect of the information; and (b) such
information is not of a type or character that a reasonable person would have regarded it as confidential; (ii) is
independently developed by the Receiving Party without violating the Disclosing Party’s rights; (iii) is or becomes publicly
known other than through disclosure by the Receiving Party or one if its Representatives in breach of this Agreement; or
(iv) was lawfully in the possession of the Receiving Party before the information was disclosed by the Disclosing Party. A
party may disclose Confidential Information to the extent disclosure is required by law or a governmental agency provided
that, to the extent it is lawful to do so, the Receiving Party notifies the Disclosing Party of the request giving it reasonable
opportunity to respond, and cooperate with the Disclosing Party’s reasonable, lawful efforts to resist, limit or delay
disclosure at the Disclosing Party’s expense, and except for making such required disclosure, such information will
otherwise continue to be Confidential Information. On termination of the Agreement, each Party will promptly return or
destroy all Confidential Information of the other Party. Nothing in this Clause 14 shall prohibit Customer from disclosing
information that it determines in its sole discretion is subject to disclosure as may be required by court order, subpoena,
or applicable transparency laws, including without limitation, the California Public Records Act.
15. DATA PROTECTION
15.1. The Parties acknowledge that the Offering may be used to process Personal Data regulated by the Data Privacy Laws and the
Parties shall comply with the data processing requirements as set out in Appendix 2.
16. GENERAL PROVISIONS
16.1. Entire Agreement; Integration.
16.1.1. This Agreement, the appendices and any documents referenced herein, represent the entire agreement between
the Parties on the subject matter hereof and supersedes all prior discussions, agreements and understandings of
every kind and nature between the Parties and excludes, without limitation, any terms appearing on a purchase
order, invoice or other Customer paperwork or any other terms (in each case whether by way of conduct or
otherwise). No modification of this Agreement will be effective unless in writing and signed by both Parties. Each
Party acknowledges and agrees that, in connection with the Agreement, it has not been induced to enter into the
Agreement in reliance upon, and does not have any remedy in respect of, any representation or other promise of
any nature other than as expressly set out in this Agreement. Each Party signing this Agreement acknowledges that
it has had the opportunity to review this Agreement with legal counsel of its choice and there will be no
presumption that ambiguities will be construed or interpreted against the drafter.
16.1.2. Unless otherwise specifically agreed to in a writing signed by each of the Parties, in the event of any conflict or
inconsistency between this Agreement, an appendix hereto, any Product Order Form issued hereunder, and or any
document incorporated by reference, the order of precedence of the documents from highest to lowest is the
Product Order Form, this Agreement, any appendix hereto and the documents incorporated by reference.
16.2. Severability. The illegality or unenforceability of any provision of this Agreement will not affect the validity and
enforceability of any legal and enforceable provisions hereof.
16.3. Force Majeure. Neither Party will be liable for any failure or delay in performing services or any other obligation under
this Agreement, nor for any damages suffered by the other or a Customer by reason of such failure or delay, which is,
indirectly or directly, caused by an event beyond such Party’s reasonable control, riots, natural catastrophes, terrorist
acts, governmental intervention, refusal of licences by any government or other government agency, or other acts of god
(each, a “Force Majeure Event”), and such non-performance, hindrance or delay could not have been avoided by the non-
V09.12.2020 MCA SHRINKWRAP 9
performing Party through commercially reasonable precautions and cannot be overcome by the non-performing Party
through commercially reasonable substitute services, alternate sources, workarounds or other means. During the
continuation of a Force Majeure Event, the non-performing Party will use commercially reasonable efforts to overcome
the Force Majeure Event and, to the extent it is able, continue to perform its obligations under the Agreement.
16.4. Notices. Any notice will be delivered by hand or sent by recorded delivery, registered post or registered airmail and
satisfactory proof of such delivery must be retained by the sender. All notices will only become effective on actual receipt.
Any notices required to be given in writing to Darktrace or any questions concerning this Agreement should be addressed
to: Attn: Legal Department, Darktrace Holdings Limited, Maurice Wilkes Building, Cowley Road, Cambridge CB4 0DS,
United Kingdom.
16.5. Rights of Third Parties. The provisions of this Agreement concerning restrictions on usage of the Offering and protection
of Intellectual Property Rights are for the benefit of and may be enforced by each of Darktrace, any Darktrace Affiliate
and the Darktrace Indemnitees. Except for the foregoing sentence, or as otherwise expressly set out in the Agreement,
this Agreement does not create any rights for any person who is not a party to it and no person who is not a party to this
Agreement may enforce any of its terms or rely on any exclusion or limitation contained herein.
16.6. Audit. Customer will permit Darktrace or an independent certified accountant appointed by Darktrace access, on written
notice, to Customer’s premises and Customer’s books of account and records at any time during normal business hours
for the purpose of inspecting, auditing, verifying or monitoring the manner and performance of Customer’s obligations
under this Agreement. Darktrace will not be able to exercise this right more than twice in each calendar year.
16.7. Independent Contractors. The Parties are independent contractors. Nothing in this Agreement will be construed to create
a partnership, joint venture, or agency relationship between the Parties.
16.8. Assignment. This Agreement may not be assigned by either Party without the written consent of the other Party.
Notwithstanding the foregoing, consent of the other Party will not be required for a transfer to an Affiliate of a Party or if
a Party undertakes an initial public offering, a sale of all or substantially all of its shares or assigns all or substantially all of
its business and assets to another entity that is not a direct competitor of the non-assigning Party. Any attempt to assign
this Agreement in violation of the foregoing will be null and void. This Agreement binds the Parties, their respective
Affiliates, successors and permitted assigns.
16.9. Governing Law. Any dispute or claim relating in any way to this Agreement will be governed by the Governing Law, and
adjudicated in the Governing Courts, as defined in the table below, and each Party consents to the exclusive jurisdiction
and venue thereof; save that (i) each party may enforce its or its Affiliates’ intellectual property rights in any court of
competent jurisdiction, including but not limited to equitable relief and (ii) Darktrace or its Affiliate may, bring suit for
payment in the country where the Customer Affiliate that placed the Product Order Form is located. Where arbitration
applies it shall be conducted in English, under the Rules of Arbitration of the International Chamber of Commerce (the
“ICC”) by three arbitrators in accordance with Art 12 of said Rules. The award shall be final and binding on the Parties.
Except to the extent entry of judgment and any subsequent enforcement may require disclosure, all matters relating to
the arbitration, including the award, shall be held in confidence. Customer and Darktrace agree that the United Nations
Convention on Contracts for the International Sale of Goods will not apply.
Customer location (as stated in the
Product Order Form)
Governing Law Governing Courts
United Kingdom The laws of England & Wales The courts of England & Wales
United States of America The laws of the state of
California
The state or Federal courts in San
Francisco, California
None of the above The laws of England & Wales Arbitration at the ICC in London
16.10. Export Restrictions. The Offering is for Customer’s use and not for further commercialisation. Customer acknowledges
that the Offering may be classified and controlled as encryption items under the United Kingdom’s Export Regulations
and other national regulations. Each Party will comply with all applicable laws regarding export-controlled items, and will
not export, re-export or import, directly or indirectly, any export-controlled items, or any direct product of them, nor
undertake any transaction hereunder in violation of any applicable export laws.
V09.12.2020 MCA SHRINKWRAP 10
16.11. ITAR. Customer understands that employees of Darktrace and/or its suppliers may have access to native data to perform
the Support Services herein and represents that none of this data requires protection from access by foreign persons
because it contains technical information regarding defence articles or defence services within the meaning of the United
States International Traffic in Arms Regulations (22 CFR § 120) or technical data within the meaning of the United States
Export Administration Regulations (15 CFR §§ 730 - 774). If any of this data does contain any such information, Customer
will either lock down access to any such data and/or identify any folders containing such data as export-controlled
information and acknowledges that special service rates may apply thereto.
16.12. Government End-User Notice (applicable to United States government customers only). The Offering is commercial within
the meaning of the applicable civilian and military Federal acquisition regulations and any supplements thereto. If the
user of the Appliance is an agency, department, employee, or other entity of the United States Government, the use,
duplication, reproduction, release, modification, disclosure, or transfer of the Appliance, including technical data or
manuals, is governed by the terms, conditions and covenants contained in the Darktrace standard commercial licence
agreement, as contained herein.
16.13. Waiver. Each Party agrees that the failure of the other Party at any time to require performance by such Party of any of
the provisions herein will not operate as a waiver of the rights of such Party to request strict performance of the same or
like provisions, or any other provisions hereof, at a later time.
16.14. Headings. All headings used herein are for convenience of reference only and will not in any way affect the interpretation
of this Agreement.
16.15. Equitable Remedies. The Parties agree that with respect to a breach by a Party of Clauses 5, 8 or 14, monetary damages
may not be an adequate or sufficient remedy for a breach of this Agreement. Therefore, in addition to any applicable
monetary damages, a Party will also be entitled to apply for injunctive relief and other equitable relief to prevent breaches
of the Agreement, without proof of actual damage.
16.16 Insurance. Darktrace agrees to maintain insurance coverage that is the same or substantially similar to the coverage
outlined in Appendix 3 hereto.
IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed as of the Effective Date.
Darktrace: Darktrace Holding Limited Customer: City of Rohnert Park
By: By:
Name: Name:
Title: Title:
V01.04.2020 MCA SHRINKWRAP 11
Appendix 1 – Definitions
1. DEFINITIONS:
1.1. Defined Terms. Terms defined in this Appendix 1 will have the meanings given below. Defined terms may be used in the singular
or plural depending on the context.
“Affiliate” means any corporation or other business entity that directly or indirectly controls, is controlled by or is under
common control with a Party. Control means direct or indirect ownership of or other beneficial interest in fifty percent (50%)
or more of the voting stock, other vesting interest, or income of a corporation or other business entity;
“Alerts” means features of the Software that generates alerts of suspected malicious activity on a Customer’s network;
“Appliance(s)” means the Software, or Software combined with Hardware, as more fully described on the Product Order Form
“Call Home” means the secure and encrypted channel that connects the Appliance to Darktrace central management;
“Confidential Information” means any information, however conveyed or presented, that relates to the business, affairs,
operations, customers, suppliers, processes, budgets, pricing policies, product information, strategies, developments, trade
secrets, Intellectual Property, and know-how of a Party, and any other information clearly designated by a Party as being
confidential to it (whether or not it is marked "confidential"), and information that ought reasonably be considered to be
confidential, but in all circumstances excludes any Personal Data.
“Customer Data” means all data and information provided by Customer to, or accessible by, Darktrace under this Agreement
in connection with the performance of the Services (which may include information about network traffic on Customer’s
network (metrics), log/metadata collection, as well as the raw packet capture data from Customer’s network);
“Datasheet” means the document providing the specification for the Hardware, Software or Services, as applicable and as
may be updated by Darktrace from time to time;
“Data Privacy Laws” means the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive)
Regulations 2003, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the California Consumer
Privacy Act of 2018 (“CCPA”), and laws of similar purpose or effect in any relevant jurisdiction, in each case as amended,
updated, re-enacted or replaced from time to time;
“Documentation” means user manuals for the Appliance consisting of the applicable installation guides, Datasheets; service
descriptions, technical specifications and online help files provided by Darktrace or available on Darktrace’s online portal, as
may be updated by Darktrace from time to time;
“Effective Date” means the Effective Date specified in the Product Order Form;
“EU Model Clauses” means the standard contractual clauses for the transfer of personal data to processors established in third
countries which do not ensure an adequate level of data protection under Directive 95/46/EC, pursuant to the European
Commission Decision of 5 February 2010;
"Fees" means all applicable fees as set out in the Product Order Form;
“GPL Software” means third party software provided by Darktrace on the Hardware to support use of the Software that is
licensed directly to Customer and the relevant Customer Affiliates by the relevant rights holder on the terms of the version
included or provided with it of the GNU General Public Licence, GNU Lesser General Public Licence or other comparable
licence.
“Hardware” means any hardware device (including embedded firmware) shipped and installed as part of the Offering;
“Information Security Standards” means Darktrace’s information security code of conduct, as amended from time to time in
Darktrace’s sole discretion and available upon request;
“Intellectual Property” means patents, trademarks, service marks, rights (registered or unregistered) in any designs,
applications for any of the foregoing, trade or business names, copyright (including rights in computer software) and
topography rights, know-how and other proprietary knowledge and information, internet domain names, rights protecting
goodwill and reputation, database rights (including rights of extraction) and all rights and forms of protection of a similar
nature to any of the foregoing or having equivalent effect anywhere in the world and all rights under licences and consents
in respect of any of the rights and forms of protection mentioned in this definition (and “Intellectual Property Rights” will be
construed accordingly);
V01.04.2020 MCA SHRINKWRAP 12
“Offering” means collectively the Appliance(s), Software, Services and the Documentation;
“Open Source Software” means third party software that Darktrace distributes with the Software pursuant to a licence that
requires, as a condition of use, modification or distribution of such software, that the software or other software combined
and/or distributed with it be: (i) disclosed or distributed in source code form; (ii) licensed for the purpose of making derivative
works; (iii) redistributable at no charge; or (iv) redistributable but subject to other limitations;
“Product Order Form” has the meaning set forth in the introductory paragraphs;
“Personal Data” means, generally, information relating to an identified or identifiable natural person, or other regulated
data types as defined by applicable Data Privacy Laws;
“Services” means the Darktrace Support Services, and any Installation Services, training or professional services which may be
provided by Darktrace as specified in the Product Order Form;
“Support Service Options” means the optional support services, if any, as specified in the Product Order Form and further
described in the Support Services Data Sheet;
“Site(s)” means the Customer’s business location or its datacentre at the locations described in a Product Order Form;
“Software” means the Darktrace and the Third Party Software (in object code form) delivered to Customer as part of the
Offering or on a standalone basis, together with all enhancements, error corrections, and/or updates which are generally
made available by Darktrace as part of the Offering. The GPL Software does not form part of the Software and is licensed
to Customer and the Customer Affiliates directly on the terms of the applicable licences, provided that the GPL Software will
nevertheless be deemed to form part of the Software for the purposes of the Support Services, such that Darktrace will
support it as if it were part of the Software;
“Standard Support Services” means the standard support services provided by Darktrace as set out in the Darktrace Support
Services Data Sheet;
“Support Services Data Sheet” means the Documentation describing the terms of the Support Services.
“Third Party Licensors” means the suppliers of the Third Party Software to Darktrace; and
“Third Party Software” means: (i) any software or other technology that is licensed to Darktrace from Third Party Licensors for
the purpose of making the Offering available commercially; and (ii) Open Source Software.
1.2. Construction. In this Agreement (except where the context otherwise requires):
1.2.1. any reference to a clause or schedule is to the relevant clause or schedule of or to this Agreement and any reference
to a paragraph is to the relevant paragraph of the clause or schedule in which it appears;
1.2.2. the index and clause headings are included for convenience only and will not affect the interpretation of this Agreement;
1.2.3. use of the singular will include the plural and vice versa;
1.2.4. use of any gender will include any other gender;
1.2.5. any reference to persons includes natural persons, firms, partnerships, companies, corporations, associations,
organisations, governments, foundations and trust (in each case whether or not having separate legal personality);
1.2.6. any phrase introduced by the terms “including”, “include”, “in particular” or any similar expression will be construed as
illustrative and will not limit the sense of the words preceding those terms;
1.2.7. any reference to any other document is a reference to that other document as amended, varied, supplemented, or
novated (in each case, other than in breach of the provisions of this Agreement) at any time.
V01.04.2020 MCA SHRINKWRAP 13
Appendix 2: Data Processing Agreement
1. DEFINITIONS. For the purposes of this DPA, the terms defined in this Appendix shall have the meanings as set forth in the
Agreement. Any terms not specifically defined by this DPA or the Agreement shall have the meaning given by GDPR.
2. SUBJECT MATTER OF THE DATA PROCESSING AGREEMENT
2.1 This Data Processing Agreement (“DPA”) applies to the processing of Customer Personal Data under the Agreement.
2.2 Customer will be the Data Controller and Darktrace will be the Data Processor as defined under GDPR. Each Party agrees
that it shall comply with its obligations as a Data Controller and a Data Processor, respectively under the Data Privacy Laws
in exercising its rights and performing its obligations under this Agreement.
2.3 This DPA is an Appendix to the Agreement.
3. NATURE AND PURPOSE OF PROCESSING REGULATED DATA
3.1 The Data Processor shall process Personal Data in order to provide the Support Services as set forth in the Support
Services Datasheet.
3.2 In the event that the Data Controller has purchased Antigena Email, the additional data protection provisions of the
Antigena Email Schedule shall apply and be incorporated into this DPA.
4. TYPES AND CATEGORIES OF PERSONAL DATA
4.1 Categories of Data Subjects.
- Employees including volunteers, agents, temporary workers, independent contractors;
- Contractors
- Customer clients, prospects
- Suppliers, vendors
- Advisors, consultants and other professional experts
- Customer officers, directors
- And any other categories of Data Subjects that may be contained in the Data Controller’s network.
4.2 Types of Personal Data:
- IP addresses
- Host names
- File names
- Email addresses
- And any other types of Personal Data that may be contained in the Data Controller’s network.
5. RIGHTS AND OBLIGATIONS OF THE CONTROLLER
5.1 The Data Controller hereby instructs the Data Processor to take such steps in the processing of Personal Data as are
reasonably necessary for the performance of the Data Processor’s obligations under the Agreement, and agrees that such
instructions, comprising the terms of this DPA and the Agreement, constitute its full and complete instructions as to the
means by which Personal Data shall be processed by the Data Processor.
6. RIGHTS AND OBLIGATIONS OF THE PROCESSOR
6.1 The Data Processor shall only process Personal Data in accordance with the Data Controller’s written instruction as
specified herein and shall not use Personal Data except to deliver the Offering and the Services as instructed by the
Agreement, unless such processing is required by law to which the Data Processor is subject, in which case the Data
Processor shall, to the extent permitted by law, inform the Data Controller of that legal requirement prior to carrying
out the applicable processing.
6.2 The Data Processor shall immediately inform the Data Controller if, in the Data Processor’s reasonable opinion, an
instruction from the Data Controller infringes the Data Privacy Laws.
6.3 The Data Processor shall not transfer Personal Data outside the European Economic Area (“EEA”) without the prior
written consent of the Data Controller and not without procuring provision of adequate safeguards (as defined by the
European Commission from time to time);
6.4 In the event that the UK ceases to be a member of the European Union or ceases to be considered by the European
Commission to be an adequate country pursuant to Article 45 of GDPR, then the parties agree that Darktrace shall apply
the EU Model Clauses as set out at https://www.darktrace.com/en/resources/legal-customer-model-clauses.pdf, to
any relevant transfer of data and such EU Model Clauses shall be deemed incorporated from the date of first transfer.
6.5 The Data Processor shall take reasonable steps to ensure the reliability of its agents and employees who have access to
any Personal Data.
V01.04.2020 MCA SHRINKWRAP 14
7. SECURITY
7.1 Taking into account the nature, scope, context and purposes of processing, the Data Processor has implemented
and will maintain the administrative, physical, technical and organisational measures as described in the Darktrace
Information Security Policy to protect any Personal Data accessed or processed by it against unauthorised or unlawful
processing or accidental loss, destruction, damage or disclosure. The parties agree that for the purposes of the
processing hereunder, the measures contained within the Darktrace Information Security Policy are appropriate, given
the nature of the data to be processed and the harm that might result from such unauthorised or unlawful processing
or accidental loss, destruction, disclosure, access or damage.
8. PERSONAL DATA BREACH NOTIFICATION
8.1 In the event that the Data Processor suffers a Personal Data Breach, the Data Processor shall inform the Data Controller
within twenty-four (24) hours upon learning of the same and reasonably cooperate with the Data Controller to mitigate
the effects and to minimise any damage resulting therefrom. To the extent reasonably possible, the notification to the
Data Controller shall include: (i) a description of the nature of the incident, including where possible the categories and
approximate number of data subjects concerned and the categories and approximate number of Personal Data records
concerned; (ii) the name and contact details of the Data Processor’s data protection officer or another contact point
where more information can be obtained; (iii) a description of the likely consequences of the incident; and (iv) a
description of the measures taken or proposed to be taken by the Data Processor to address the incident including,
where appropriate, measures to mitigate its possible adverse effects
9. SUBPROCESSORS
9.1 Save as expressly provided herein, the Data Processor will not use subprocessors for the processing of Personal Data.
For the purposes of providing Support Services alone: (i) The Data Controller hereby authorises the Data Processor to use
its affiliates specified in the Support Services Datasheet to process Personal Data (the “Affiliate Subprocessors”); (ii) The
Data Processor shall have in place with the Affiliate Subprocessors a written agreement equivalent to the terms contained
herein to protect Personal Data; and (iii) The EU Model Clauses shall apply to the extent the processing of Personal Data
by the Affiliate Subprocessors involves a transfer of Personal Data which originates in the EEA to a third country outside
of the EEA. For such purposes, the Data Controller hereby authorises the Data Processor to enter into the EU Model
Clauses with the Affiliate Subprocessors on the Data Controller’s behalf.
9.2 Save for the foregoing, the Data Processor shall not engage any subprocessors without the prior written authorisation of
the Data Controller. In the event that the Data Controller authorises the use by the Data Processor of any other
subprocessors, the Data Processor shall procure that such subprocessors enter into a written agreement containing
provisions no less stringent than this DPA.
9.3 The Data Processor shall be fully liable for any breach by the subprocessors of any data protection obligations set
out in this Clause.
10. ASSISTANCE WHEN HANDLING REQUESTS FROM DATA SUBJECTS
10.1 Taking into account the nature of processing and the information available to the Data Processor, the Data Processor will
provide reasonable support to the Data Controller: (i) in complying with any legally mandated request for access to or
correction of any Personal Data by a data subject under Chapter III GDPR (and where such request is submitted to the
Data Processor, the Data Processor will promptly notify the Data Controller of it); (ii) in responding to requests or
demands made to the Data Controller by any court or governmental authority responsible for enforcing privacy or data
protection laws; or (iii) in its preparation of a Data Protection Impact Assessment.
11. AUDIT
11.1 The Data Processor agrees to maintain ISO 27001 certification for the duration of the Term. The Data Processor will use
an external auditor to verify that its security measures meet ISO 27001 standards in accordance with the ISO certification
process. On the Data Controller’s written request, and subject to appropriate confidentiality obligations, the Data
Processor will make available to the Data Controller: (i) a copy of the current certificate in relation to the ISO 27001
certification; and (ii) Information reasonably requested by the Data Controller in writing with regards to the Data
Processor’s processing of Personal Data under this DPA. The Data Controller agrees to exercise any right it may have to
conduct an audit or inspection under GDPR (or the EU Model Clauses if they apply) by requesting the foregoing
information.
12. RETURN/DESTRUCTION OF PERSONAL DATA
12.1 Upon termination of the Agreement, the Data Processor shall delete or return all Personal Data in accordance with the
Data Controller’s written instructions.
V01.04.2020 MCA SHRINKWRAP 15
Appendix 3: Darktrace Insurance Certificates