Master Services Agreement
MASTER SERVICES AGREEMENT
Last updated August 09, 2023
THIS MASTER SERVICES AGREEMENT (“MSA”) TOGETHER WITH ANY ORDER FORMS AND ANY OTHER EXHIBITS, APPENDIXES, OR SCHEDULES ATTACHED THERETO OR WHICH REFERENCES THE MSA (COLLECTIVELY, THE “AGREEMENT”) SET FORTH THE TERMS UNDER WHICH CLIENT MAY ACCESS AND USE DARK CLOUD’S SERVICES.
BY ACCEPTING THIS MSA OR AGREEMENT, EXECUTING ANY ORDER FORM REFERENCING THIS MSA OR AGREEMENT, OR BY USING THE SERVICES, CLIENT ACKNOWLEDGES THAT IT HAS READ AND AGREES TO BE BOUND BY THE TERMS AND CONDITIONS OF THE AGREEMENT AND THAT IT HAS THE FULL AUTHORITY TO ENTER INTO AND BIND THE CLIENT TO THE AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS DOING SO ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS AND WARRANTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH COMPANY OR ENTITY TO THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE SUCH AUTHORITY, OR DOES NOT AGREE WITH THIS AGREEMENT, SUCH INDIVIDUAL MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICES.
THIS MSA WAS LAST UPDATED ON JUNE 28, 2023 AND IS EFFECTIVE BETWEEN DARK CLOUD AND CLIENT AS OF THE DATE CLIENT ACCEPTS THE AGREEMENT AS AFOREMENTIONED (THE “EFFECTIVE DATE”).
1. DEFINITIONS
“Client” means the company or legal entity accepting this Agreement and/or executing an Order Form and in the event of an individual accepting this Agreement or executing an Order Form on behalf of a company or other legal entity, then such company or other legal entity.
“Confidential Information” means any information or material: (a) concerning this Agreement or the Services (including personal information obtained incidentially to the Services provision), either Party’s internal business, employees, policies and/or actual or potential customers; or (b) which derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by other persons who can obtain economic value from its disclosure or use; and/or (c) identified in writing by disclosing party as confidential. Provided, however, that the Confidential Information excludes any information or material: (a) which is or subsequently becomes to the general public other than through a breach by the receiving party; (b) which is already known to the receiving party before disclosure by the disclosing party; (c) which is independently developed by the receiving party without use or reference to the Confidential Information of the other; or (d) which the receiving party rightfully receives from third parties without restriction as to use or disclosure.
“Data Protection Laws” means any applicable data protection, privacy or secrecy laws or regulations including, if applicable, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Directive 95/46/WE of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
"Order Form” means any order form or similar document (e.g., statement of work, insertion order, purchase order etc.) that contains the terms of the provision of the Services between Dark Cloud and the Client that was executed by the Client.
“Report” means a prepared by Dark Cloud report that includes recommendations for fixing identified vulnerabilities discovered during of full-scale penetration and security testing.
“Services” mean full-scale penetration and security testing, as further detailed in Schedule A to the Order Form, and preparation of the Report.
“Service Provider” or “Dark Cloud” means Dark Cloud Limited, a legal entity incorporated under the laws of Gibraltar, having its registered office at 5-9 Main Street, GX11 1AA, Gibraltar, Gibraltar.
2. SERVICES AND FEES
2.1. The Service Provider shall provide the Services to the Client in accordance with this MSA and applicable Order Forms with the due level of care, skill and diligence in accordance with standard practice in the industry, profession or trade. The parties shall negotiate Order Forms to this Agreement in writing, including, but not limited to, via email.
2.2. In consideration for the provision of the Services, the Service Provider shall charge the Client a fee as set out in the relevant Order Form (the “Fees”). The total Fees payable shall be determined and defined in invoices.
2.3. The Service Provider will issue invoices as follows:
2.3.1 the invoice for advance payment of 100% of the Fees will be issued upon execution of the relevant Order Form.
2.4. In addition to the Fees, the Client must also reimburse the Service Provider for out-of-pocket expenses reasonably and actually incurred by the Service Provider in performing the Services, provided that the Service Provider: (a) first obtains an approval for each expense from the Client; and (b) produces a valid invoice or receipt when claiming the expense.
2.5. All payments shall be made in the currency indicated in the Order Form in full and cleared funds without any set-off, counterclaim, deduction or withholding (except for any deduction or withholding required by law) within ten (10) business days after the applicable invoice date, unless otherwise specified in the Order Form.
2.6. In case the late payment under this Agreement exceeds 30 calendar days from the date when the relevant payment becomes due, the Client will be subject to a late payment interest rate charge of 2% (two per cents) per month of the amount due.
2.7. The Parties agree that any wire transfer fees (if any), or taxes imposed on any Party by any governmental authority in connection with the execution and performance of this Agreement shall be paid by that Party.
2.8. If Client believes that Service Provider has billed Client incorrectly, Client must contact Service Provider no later than 5 business days after receipt of invoice in order to receive an adjustment. Inquiries should be directed to Service Provider’s contact email set forth in the applicable Order Form.
3. CLIENT’S ASSISTANCE
3.1. The Client undertakes to:
3.1.1. where applicable and requested by the Service Provider provide the Service Provider with all information or assistance that the Service Provider reasonably requests or that is otherwise necessary to supply the Services, including by:
(a) making its staff available to answer questions;
(b) making its third-party suppliers co-operate with the Service Provider and provide it with any information and assistance it reasonably requires;
(c) providing test user accounts;
(d) providing advance notice (not less than 48 hours) of any planned downtime of the environment used for the Services; and
(e) ensuring that it does not block the Services traffic against the environment;
3.1.2. ensure that all the information that the Client provides to the Service Provider is accurate and complete;
3.1.3. provide the Service Provider with access to Client’s network, systems and premises on reasonable notice;
3.1.4. if the Services are to be conducted in a test environment, ensure the test environment:
(a) is available to the Service Provider within the agreed timeframes;
(b) mirrors the Client’s systems’ live production environment;
(c) is dedicated to the Service Provider for the Services, and is otherwise suitable for the Services;
(d) is segregated from any live production environment or data in a way that avoids or minimises the potential for detrimental impact to such live production environments or data; and
(e) after the Services have been completed, restore or remove from the Client’s systems any data, files and user accounts created in connection with the Services.
3.2. The Client must appoint at least one appropriately skilled and qualified member of its staff to liaise with the Service Provide on all matters relating to the Services.
4. TERM AND TERMINATION
4.1. This Agreement shall be valid until terminated in accordance with its terms. This Agreement or any of the Order Forms may be terminated by any Party by giving 30 (thirty) days written notice to the other Party.
4.2. Termination of this Agreement shall not affect any rights, remedies, obligations or liabilities of the Parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination.
4.3. Upon termination of this Agreement or cancelation of the Services by either Party (other than for the Service Provider’s material breach) the Client must pay the Service Provider the Fees for all Services supplied before the date of cancellation or termination plus the amount of any unavoidable out of pocket expenses.
5. CONFIDENTIALITY AND NON-SOLICITATION
5.1. Each Party agrees to maintain all Confidential Information of the other Party in confidence to the same extent that it protects its similar confidential information and to use such Confidential Information only as permitted under this Agreement. Each Party agrees to take all reasonable precautions to prevent any unauthorised disclosure or use of the Confidential Information of the other Party including, without limitation, disclosing such Confidential Information only to its employees or contractors with a need to know and who are parties to appropriate agreements sufficient to comply with this section.
5.2. The obligation of confidentiality shall extend for a period of 3 years after the termination of this Agreement, but shall not apply with respect to information that lawfully becomes a part of the public domain, or of which the parties gained knowledge or possession free of any confidentiality obligation.
5.3. During the Term and for a period of 1 year after any termination of the Agreement for any reason, each Party shall not directly or indirectly (i) induce or attempt to induce any employee or independent contractor of the other Party to leave the employment of the other Party and/or terminate cooperation with the other Party; (ii) in any way interfere with the relationships between the other Party and any such employee or independent contractor of the other Party; (iii) employ or otherwise engage as an employee, independent contractor or otherwise any such employee or independent contractor of the other Party; or (iv) induce or attempt to induce any customer, supplier, licensee or other person or entity that has done business with the other Party within the Term to cease doing business with such Party or in any way interfere with the relationship between any such customer, supplier, licensee or other business entity and such Party.
6. PRIVACY
6.1. The Client agrees and consents that the Service Provider may use and disclose personal information that is made available to it as is reasonably required in order to provide the Services to the Client including disclosing personal information to third parties including its’ subcontractors and suppliers who provide services to the Service Provider.
6.2. The Client warrants to the Service Provider that:
(a) it has taken all steps necessary in accordance with Data Protection Laws to permit the Service Provider and any third parties who provide services to the Service Provider to collect personal information and to use, disclose, store and transfer such personal information as contemplated under this clause 6.1; and
(b) it has notified or made the relevant individual aware of the matters, required in relation to notification of the collection of personal information under Data Protection Laws, in respect of the use and disclosure of that individual’s personal information as contemplated under this clause 6.
7. LICENSE
The Client hereby grants the Service Provider with the non-exclusive right to use its trademarks, service marks, slogans, domains, artwork, written materials, drawings, photographs, graphic materials, film, music, transcriptions, or other materials that are subject to copyright, trademark and similar protection for the purpose of the Services provision under this Agreement.
8. WARRANTIES AND REPRESENTATIONS
8.1. Mutual Representations and Warranties. Each Party represents and warrants to the other party that:
(a) it is duly organized, validly existing and in good standing as a corporation or other entity under the laws of the jurisdiction of its incorporation or other organization;
(b) it has the full right, power and authority to enter into and perform its obligations and grant the rights, licenses, consents and authorizations it grants or is required to grant under this Agreement;
(c) the execution of this Agreement by its representative whose signature is set forth at the end of this Agreement has been duly authorized by all necessary corporate or organizational action of such party; and
(d) when executed and delivered by both parties, this Agreement will constitute the legal, valid and binding obligation of such party, enforceable against such party in accordance with its terms.
8.2. Additional Representations and Warranties of the Service Provider. The Service Provider represents and warrants to the Client that it will perform the Services in a professional and workmanlike manner in accordance with generally recognized industry standards for similar services and will devote adequate resources to meet its obligations under this Agreement.
8.3. Additional Representations and Warranties of the Client. The Client represents and warrants to the Service Provider that:
(a) it has obtained all authorisations required from any third parties to enable Service Provider to provide the Services;
(b) the provision of the Services is legal where the Client is located and where the Client’s systems are located;
(c) it will review the impact and related risks of implementing any recommendation made by the Service Provider in any report provided to the Client. The Client is best placed to ascertain the applicability of security procedures and updates to its own environment;
(d) it will not report any activities the Service Provider undertakes as part of the Services to any external body (including law enforcement agencies).
9. AUTHORIZATIONS AND RISK ACKNOWLEDGMENT BY THE CLIENT
9.1. The Client authorises the Service Provider to provide the Services in accordance with the Agreement and any Order Form under it.
9.2. The Client must obtain all authorisations required from any third parties to enable the Service Provider to perform the Services (and must provide the Service Provider with evidence of such authorisations on request).
9.3. The Client acknowledges that the Service Provider relies on the timeliness and accuracy of the information provided by the Client.
9.4. The Client understands that the Service Provider will actively attempt to breach security controls in order to obtain access to the Client’s systems and data and that such attempts would otherwise amount to criminal activity by the Service Provider.
9.5. The Client acknowledges that the Services are inherently risky and while the Service Provider will take reasonable measures to perform the Services, to the maximum extent permitted by law, the Service Provider is not liable to the Client for losses or downtime that occurs as a result of the Services.
9.6. The Client understands that the Services will involve access to data and systems accessible via Client`s systems and there is a risk that the Services may result in:
(a) damage, loss, modification or impairment of such data and systems (including in respect of reliability, security, performance and operation);
(b) reduction in the availability of network services and functionality; and
(c) impairment of electronic communications.
9.7. The Client understands that the Services:
(a) may not identify all vulnerabilities within Client`s systems;
(b) are limited to an assessment of the current state of Client`s environment; and
(c) will not produce particular results or outcomes (including achieving any external accreditation or industry standard).
9.8. The Client must make its own assessment of the information and any recommendations provided by the Service Provider and must satisfy itrself as to its appropriateness for its specific requirements, prior to implementing any recommendation of the Service Provider.
9.9. The Client must use good industry practice procedures and measures to avoid or minimise the impact of the risks identified in this clause 8, including by ensuring that:
(a) the data and systems accessible via its systems are backed up regularly; and
(b) the back-ups are promptly restored, if required.
9.10. If the Client reasonably believes that the Services are materially adversely impacting any person, system or data, the Client:
(a) must notify the Service Provider as soon as possible; and
(b) may direct the Service Provider to suspend the Services if reasonably required to minimise the material adverse impact.
10. INDEMNITIES
10.1. The Service Provider shall indemnify, defend, and hold harmless the Client, its affiliates, and their respective employees, officers, directors, and agents from and against any and all liability, loss, damages, costs and expenses (including reasonable attorney fees) resulting from or in connection with the breach by the Service Provider of any representation or warranty under clauses 8.1 and 8.2 of this Agreement.
10.2. The Client shall indemnify, defend, and hold harmless the Service Provider, its affiliates, and their respective employees, officers, directors, and agents from and against any and all liability, loss, damages, costs and expenses (including reasonable attorney fees) resulting from or in connection with the breach by the Client of any representation or warranty of any of its obligations under this Agreement, in particular, but without limitation, under clauses 3, 6,8.1, 8.3, and 9 of this Agreement.
11. LIMITATION OF LIABILITY AND DAMAGES
11.1. SUBJECT TO CLAUSES 11.2 TO 11.4, EACH PARTY’S TOTAL AGGREGATE LIABILITY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING BUT NOT LIMITED TO NEGLIGENCE), BREACH OF STATUTORY DUTY, STRICT LIABILITY OR OTHER THEORY, WITH RESPECT TO ALL SUBJECT MATTER RELATING TO OR ARISING OUT OF THE AGREEMENT SHALL NOT EXCEED THE TOTAL OF THE AMOUNTS PAID AND PAYABLE TO SERVICE PROVIDER UNDER THE AGREEMENT IN THE YEAR PRECEDING THE FIRST EVENT GIVING RISE TO A CLAIM. THE EXISTENCE OF MORE THAN ONE CLAIM SHALL NOT ENLARGE THIS LIMIT.
11.2. SUBJECT TO CLAUSES 11.3 AND 11.4, NEITHER PARTY WILL BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, LOSS OF REVENUES OR PROFITS, LOSS OR INACCURACY OF DATA, OR COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY, ARISING UNDER OR IN CONNECTION WITH THIS AGREEMENT. THIS LIMITATION OF LIABILITY APPLIES REGARDLESS OF THE FORM OF ACTION AND WHETHER THE LOSSES OR DAMAGES INCURRED ARE DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL, INCLUDING BUT NOT LIMITED TO THOSE ARISING FROM CONTRACT, TORT (INCLUDING NEGLIGENCE), BREACH OF STATUTORY DUTY, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY.
11.3. THE LIMITATIONS AND EXCLUSIONS CONTAINED IN THIS CLAUSE 9 SHALL NOT APPLY TO INDEMNIFICATION OBLIGATIONS, A BREACH OF CLAUSE 5 (CONFIDENTIALITY AND NON-SOLICITATION), WILLFUL MISCONDUCT, AND CLIENT’S PAYMENT OBLIGATIONS.
11.4. NOTHING IN THE AGREEMENT SHALL LIMIT OR EXCLUDE EITHER PARTY'S LIABILITY FOR ANY LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED BY LAW.
12. FORCE MAJEURE
Neither Party shall be in breach of this Agreement nor liable for delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure result from events, circumstances or causes beyond its reasonable control. In such circumstances the time for performance shall be extended by a period equivalent to the period during which performance of the obligation has been delayed or failed to be performed.
13. VARIATION
No variation of this Agreement shall be effective unless it is in writing and signed by the parties (or their authorised representatives).
14. WAIVER
No failure or delay by a Party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
15. RIGHTS AND REMEDIES
The rights and remedies provided under this Agreement are in addition to, and not exclusive of, any rights or remedies provided by law.
16. SEVERANCE
If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this clause shall not affect the validity and enforceability of the rest of this Agreement.
17. ENTIRE AGREEMENT
Each Order Form and this MSA constitute the entire agreement of the parties with respect to the subject matter thereof and supersede all previous communications, representations, understandings, and agreements, either oral or written, between the parties with respect to the subject matter of each Order Form.
18. NO PARTNERSHIP OR AGENCY
Nothing in this Agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, or authorise any party to make or enter into any commitments for or on behalf of any other party.
19. COUNTERPARTS
This Agreement may be executed in any number of counterparts, each of which when executed shall constitute a duplicate original, but all the counterparts shall together constitute the one Agreement. This Agreement may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. The parties agree that any electronic signature shall have the same legal validity and enforceability as a manually executed signature to the fullest extent permitted by applicable law.
20. THIRD PARTIES
20.1. A person who is not a party to this Agreement shall not have any right under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement.
20.2. Unless otherwise agreed in the Agreement:
(a) the Services are provided for the Client’s benefit only;
(b) the Client must not use the Services for a third party’s benefit or allow a third party to use them; and
(c) the Service Provider is not responsible for the use by a third party or use by the Client for the benefit of a third party of the Services.
20.3. The Client acknowledges that the Service Provider may purchase some components of the Services from third party suppliers. If one of the Service Provider’s third-party suppliers suspends, cancels or terminates a service that the Service Provider relies on to provide the Client with the Services, the Service Provider may: (a) replace or modify that existing Service; (b) suspend or cancel that Service; (c) terminate the affected part of the Agreement; or (d) terminate any affected Order Form.
20.4. If the Service Provider exercises its rights under clause 20.3, it will give the Client as much notice as is reasonably practicable in the circumstances and in the event of cancellation or termination no early termination fees will apply.
21. GOVERNING LAW
This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of England and Wales.