License agreement

WARNING.— WE ASK THAT YOU READ THIS SERVICE LICENSE AGREEMENT (HEREINAFTER THE “LICENSE”) CAREFULLY BEFORE REGISTERING AND USING THE SERVICE. IF YOU DO NOT AGREE WITH ANY OF THE TERMS AND CONDITIONS IN THIS LICENSE, PLEASE DO NOT REGISTER OR OTHERWISE USE THE SERVICE IN ANY WAY. REGISTRATION AND USE OF THE SERVICE IN ANY WAY IMPLY THAT YOU KNOW AND ACCEPT THE TERMS AND CONDITIONS IN THIS LICENSE, AND THAT YOU ARE BOUND BY THEM.

SUBSCRIPTION SERVICE LICENSE

THE THIRD ITERATION SRL (hereinafter, the “Owner”), a Romanian corporation whose place of business is in Aleea Negoiu 21, Gilau, Cluj, Romania, holder of tax identification number 36915314 (EU VAT 40599350), website www.attacksimulator.com and e-mail contact@attacksimulator.com, and the owner and proprietor of all existing rights over the service called ATTACK SIMULATOR, which this License refers to, authorizes you to use the service as per the following terms and conditions:

 

Definitions.

For the purposes of this License:

1.1.    “ATTACK SIMULATOR” (hereinafter, the “Service”) is a digital service that can be accessed via the www.attacksimulator.com website (hereinafter, the “Website”) that offers any client that subscribes to it (hereinafter, the “Subscriber”) the ability to simulate believable cyberattacks of different types, also known as attack campaigns (including, but not limited to, ransomware, spam, phishing and malware), with the purpose of establishing: (i) the computer security skill level of the Subscriber’s employees and the users’ detection effectiveness; and (ii) the training required by his qualified personnel to prevent and recognize the attacks, thereby maintaining a secure environment and preventing and/or minimizing the hazards that these types of attacks may cause on the Subscriber’s environment. The Service comprises the web pages, servers, programs and any other component and/or element that composes it, as well as (i) the technical information, installation manuals, instructions for use or any other documentation related to the Service; (ii) the images, photographs, sounds or other proprietary files; and (iii) any Service version, update, modification and/or upgrade.

—    Subscriber: The person, organization or company that hires the Service. Each Subscriber has his own account, which includes information about him and his linked Users.

—    User: The natural person who, under the coordination, authorization and direction of the Subscriber, can use the Service for its intended purposes. The Subscriber may create one or more User accounts linked to his account.

—    Service Website: The www.attacksimulator.com website which is used to provide access to the Service.

 

1. Usage License

The Owner grants the Subscriber a non-exclusive Service usage license, as an ancillary service inherent to the existence of an active subscription by the Subscriber. This License shall be considered to be granted to the Subscriber once he accepts its terms and conditions at the moment of registration to the Service, and its duration shall depend on the specific category selected, as well as on the specific conditions that may apply.

1.1.    The Subscription to the service shall be activated for the first time upon the payment of the first instalment for the category selected by the Subscriber upon registration, and shall remain active as long as the instalments set forth for it are paid as per the corresponding periodicity. If, once registered, the Subscriber fails to activate a subscription, or fails to maintain a subscription active, this usage License shall no longer take effect, and the Owner may delete the Subscriber’s account. The Owner will publish on the Service Website all information related to the various subscription categories on offer, including their corresponding prices.

1.2.    The Service License is non-exclusive and non-transferrable, and enables the Subscriber and the Users linked to his account, identified within it, to use the Service as per the hired subscription category and in full compliance with the terms and conditions set forth herein. The Subscriber is obligated to, and agrees to, inform these terms and conditions to any User linked to his account, by means of the procedure in place for that purpose within the Service itself, as well as to obtain their express acceptance of them by the Users, before access to the use of the Service is granted to them. The Subscriber shall be liable in case any of the Users linked to his account failed to duly give their prior acceptance to the terms and conditions of this License, and under all circumstances shall hold the Owner harmless from any claim that may arise from such noncompliance.

1.3.    This License includes an authorization for the Subscriber to engage in an acceptable use of the programs, applications or other software components that compose the Service, including their installation, loading, transfer, copy and/or reproduction on any equipment or computer device, only when necessary for the normal performance of the Service, and in a way that is pursuant to its intended purpose and specifications. The usage authorization applies to the Users linked to the Subscriber’s account as per the aforestated terms, who shall also engage in an acceptable use of the Service under the Subscriber’s responsibility.

1.4.    Any other use of the Service that has not been expressly outlined herein is strictly forbidden, including any exploitation of the Service and/or its components and/or elements that are not limited to the acceptable use specified herein, or the granting of any kind of sub-license to third parties, even free of charge. In the case that any use of the Service that fails to comply with our authorized acceptable use is detected, and/or that it may imply an abuse of the Service, the Owner may terminate and/or block any access to the Service by the Subscriber and/or the Users linked to his account.

1.5.    In addition to by reason of the finalization of the duration of the subscription, the License may also be automatically terminated, without prior notice by the Owner, in case of a noncompliance by the Subscriber or any User linked to his account with any of the terms herein. When the license is no longer in effect, for any cause, all contents managed and/or stored through the Service by the Subscriber and/or the Users linked to his account shall be eliminated.

 

2. Reserved intellectual and industrial property rights

2.1.    The Service is the property of the Owner, who is the sole and exclusive owner of any rights in existence over it and the components and/or elements that integrate it, such as the corresponding intellectual and industrial property rights, including, but not limited to, the exclusive rights in existence over the software, source code, designs, interfaces, patents, trademarks, logotypes and any other existing rights that are protected by national and international applicable laws, which the Owner expressly reserves.

2.2.    In addition to the proprietary components and/or elements, the operation of the Service involves the use of other third-party resources and services, whose rights belong to their respective owners, who likewise enjoy the appropriate protection pursuant to the national and international applicable laws.

2.3.    This License does not constitute a sale nor any form of assignment of rights over the Service, its components or its elements, or the resources and services of third parties involved in its operation. Other than the usage rights as per the aforestated terms, this License does not grant the Subscriber, or any User linked to his account, any other right over the Service, is components and elements, or any third-party resources and services.

 

3. Privacy Policy

3.1.    All personal data of the Subscriber and the Users linked to his account, whether collected at the time of the account registration, or during the use of the Service, will be added to a database owned by the Owner, who shall be the data controller, with the purpose of being used for the management and rendering of the Service, as well as, if expressly agreed by the interested party and separately from his consent to the collection of his data for such purpose, for the sending of any advertisement message related to its products and/or services. The Owner shall process the data solely for the purposes consented to by the interested parties, in a lawful, trustworthy and transparent manner, and agrees to comply with all obligations set forth by the personal data protection laws in effect (hereinafter, the “Data protection laws”).

3.2.    The interested parties may exercise, at any time, the rights that they are legally entitled to; in particular, the rights to access, rectify, delete and object, as well as the rights to erasure, limitation and portability, by sending an e-mail at contact@attacksimulator.com, duly identifying themselves and clearly specifying the purpose of their request. Under all circumstances, given that the effective performance of the Service requires counting with the aforementioned personal data of the Subscriber and the Users linked to his account, the request to delete the data shall result in the termination of the subscription to the Service and the deletion of his account, except in the event that such deletion is limited to the sending of advertising messages.

3.3.    Furthermore, the Owner shall process the personal data of the Subscriber’s employees provided by the Subscriber as a Data Processor, with the sole purpose of rendering the Service. This processing shall be performed on behalf of the Subscriber and as per his instructions and mandate. The Subscriber is obligated, and agrees, to previously obtain the express authorization of the employees whose data he provides to the Owner for the rendering of the Service, so that it can process the aforementioned data for the aforestated purposes, and in all circumstances, the Subscriber shall be solely and exclusively liable for the failure to be duly authorized by the employees, and the Owner shall be held harmless from any claim that may result from such noncompliance.

3.4.    The Owner shall be authorized to subcontract the following providers for the performance of the service, if applicable, who shall act as data processors, with the purpose of individually rendering the corresponding services below:

•    Amazon Web Services – database storage services
•    Sendgrid – Mass mailing service used for the transfer of the simulated attacks
•    Digital Ocean – hosting service for the web pages related to the simulated attacks

3.5.    A third party to whom the Owner commissions the rendering of payment services, and who will be the only party responsible before the Subscriber for both the rendering of the service itself and for the processing of the personal data necessary for that purpose, including the corresponding banking information, shall handle the collection of the instalments corresponding to the acquired subscription, based on the hired category. This payment service shall include access to a payment gateway to which the Service will connect during the registration procedure for the collection of the first instalment corresponding to the hired category, as well as the collection of subsequent periodic instalments. The Owner will, at no time, store or have access to the banking information or other personal data provided by the Subscriber at the moment of making the payment through the aforementioned service, rendered by a third party, other than receiving the confirmation of the payment made by the Subscriber and the corresponding amount. To see the details of the processing of this personal data, the Subscriber may see the information provided by the owner of the payment service, who will be duly identified upon completing the subscription.

3.6.    The personal data provided by the Subscriber and the Users linked to his account shall be accurate, truthful and current, and it shall be their exclusive responsibility to keep them updated at all times. Failure to do this shall result in them being liable for any damages that may arise as a result. Furthermore, the Subscriber and the Users linked to his account shall be responsible for the proper safekeeping of their respective identifiers, passwords or any other data used for identification and/or access to the Service, and they shall be liable for their improper use, assignment, disclosure or loss.

3.7.    The Owner agrees to, at all times, care for the security and the compliance with the Data Protection Laws. For this purpose, it shall adopt the necessary technical and organizational security measures that are appropriate and sufficient, based on the characteristics of the processing, the type of data processed and the technology employed in the rendering of the Service, with the purpose of guaranteeing the data security, ensure its confidentiality, and prevent its undue processing, damage or loss. Furthermore, the Owner shall also make sure that the providers that intervene in the rendering of the Service as data processors adopt the necessary security measures, previously verifying that the specifications of their respective services allow it to guarantee the fulfilment of such commitment. In any event, the Owner shall provide the Subscriber with any information requested in relation to the purpose and lawfulness of the processing, the interested party and the personal data affected by such processing, the duration of its storage, and the rights that he may be entitled to, including the right to withdraw the consent to the processing, as well as file, when applicable, a claim before the control authority.

3.8.    The Owner shall keep a record of all the personal data processing performed for the purposes of the rendering of the Service, informing its contact information and that of the data processors hired, if any, and specifying the nature and category of the data processed and the security measures implemented. In the event of any incident, or if any breach were detected in relation to the security of the personal data being processed, the Owner shall act immediately to prevent, reduce or minimize its effects, as well as to remedy or modify whatever is necessary and, if applicable, it shall notify the local Data Protection Agency within the established period.

3.9.    Upon termination of the subscription for any reason, the Owner shall immediately destroy or, when applicable, return the personal data of the Subscribers and the Users linked to his account to the interested parties, and shall under no circumstance have the obligation to store them.

3.10.    Any future modification to this Privacy policy shall be duly notified through the Service’s Website.

 

4. Obligations of the Subscriber

4.1.    The Subscriber expressly agrees to the following obligations on his behalf and on that of any and all Users linked to his account:

•    to use the Service in full compliance with the terms and conditions herein;
•    to take all measures reasonably within his reach to prevent any unauthorized use of the Service.

4.2.    Furthermore, the Subscriber specifically agrees, on his behalf and on that of any and all Users linked to his account, to refrain from engaging in any of the following acts:

a)    modifying, adapting, translating, deconstructing, decompiling or otherwise manipulating the Service or any of its components and/or elements, whether owned by the Owner or by third parties;
b)    copying or reproducing the Service or any of its components and/or elements, whether owned by the Owner or by third parties, except in the event that it is absolutely necessary for its normal operation, as per its intended purpose and specifications;
c)    assigning, licensing, leasing, renting, loaning, transferring or otherwise exploiting the Service, either fully or partially, whether directly or through third parties, even temporarily;
d)    disclosing, publishing or otherwise communicating the code or implementation of the Service or any of its components and/or elements, either owned by the Owner or by third parties, expressly acknowledging that they are subject to exclusive rights and due confidentiality.

5. Technical Support

5.1.    The Owner shall provide technical support to the Subscriber in regard to the use of the Service in a non-physical manner (via phone assistance, e-mail, or any other similar means). However, technical support shall only be provided to a Subscriber as long as his account has an active subscription at the moment the request is received.

5.2.    Any inquiry, question or request for information related to this License or the Service it relates to may be directed at the technical support department or the contact person listed for that purpose in the Service’s Website.

 

6. Disclaimer of warranties

6.1.    The Owner warrants to the Subscriber that the Service fulfills the specifications and functionalities described in the documentation that is included with it. However, this warranty does not extend to the cases in which the functionality of the Service suffers minor variations in relation to what is described in the documentation.

6.2.    With the exception of the warranty outlined in the previous paragraph, and as per its terms, the Owner disclaims any other warranty in relation to the Service, whether express, implied or legal, including, but not limited to, quality; fulfillment of needs; usefulness for a specific purpose; accuracy; uninterrupted, error-free, defect-free functioning; and general use and enjoyment warranties; which are not warranted, notwithstanding the Owner’s commitment to dedicating its best efforts, professionalism and diligence to improving the Service.

6.3.    Furthermore, the Subscriber acknowledges and expressly accepts that the Owner cannot have control over the conditions under which the Users linked to his account use the Service; therefore, their use of the Service shall be at their own risk and responsibility, and they shall be fully liable for any defect over the quality, availability, scope, effectiveness and/or, in general, the rendering of the Service itself, resulting from the respective conditions of use of the Service.

6.4.    For any warranty claims, the Subscriber may contact the Owner within no more than fifteen (15) days since the defect in the Service that motivates it is detected, specifying the reason for his claim and providing all the information and/or documentation related to it. Under all circumstances, if the Owner considers that such claim is appropriate, it shall, at most, and at its sole discretion, have the obligation to remedy the corresponding Service, or reimburse the amount paid by the Subscriber for the subscription, either fully or partially.

 

7. Limitation of Liability

7.1.    The Subscriber declares to be duly informed, and accepts at his own responsibility that, in order to simulate the cyberattack campaigns in a way that is believable, being, as a result, effective for the intended purposes of prevention and/or mitigation of security risks within his environment, the Owner may use third-party brands and/or identifying symbols. The use of such third-party symbols with the aforementioned purpose does not constitute a use as a brand; this use is merely accessory and has the sole purpose of achieving the lawful purpose intended by the Service. Notwithstanding the foregoing, the Owner shall under no circumstance be liable for such accessory use of third-party symbols, and this is acknowledged by the Subscriber, who agrees to hold the Owner harmless against any claim that may arise from this use of third-party symbols.

7.2.    Furthermore, the Owner shall under no circumstance be liable in any way for any damages that may result from the use of the Service by the Subscriber and the Users, which is expressly acknowledged by the Subscriber, even in the event of a defective use of the Service, or the inability to access it, regardless of the person that suffers the aforementioned damages. This limitation of liability extends to any damages, whether material damages and/or injuries, in the form of loss of profit or direct damages, and/or it involves indirect, special or incidental damages, and this limitation of liability shall include, without limitation, punitive damages – in particular, due to injury, death, etc. –, economic damages – due to loss of profit, loss of data, interruption of business activities, or any other commercial, economic or business damages –, and damages resulting from any claims filed by third parties, regardless of the manner in which the damages may have occurred and the intended basis for the imputation of liabilities.

7.3.    The aforementioned disclaimers shall apply as permitted by the applicable laws, and under all circumstances, if a liability were attributed to the Owner, it shall, at most, be limited to the total amount for the subscription paid by the Subscriber.

 

8. Other stipulations

8.1.    The terms and conditions of this License may only be modified with prior, express acceptance by the Owner.

8.2.    In case of discrepancies in the interpretation of the terms of this License in various languages, the version in Spanish shall prevail over the others.

 

9. Jurisdiction and applicable law

9.1.    This License shall be governed and construed as per the Laws of the United States of America.
9.2.    The Courts of Delaware (USA) shall have exclusive jurisdiction to address and resolve any conflict related to this License, and all parties agree to submit to them, expressly waiving any other jurisdiction to which they may be entitled.