Terms of service

Last Updated: October 15, 2018

Scope

The following terms and conditions apply to all business relationships between the customer and Malware.Expert (“M.E” “we” “our” or “us”). The governing law is that which was valid when the contract was put into effect.

Dissenting, conflicting or additional customer terms and conditions, even if acknowledged, are not part of the contract unless their validity is expressly agreed upon.

Conclusion of the contract

Our offers are subject to change. We reserve the right to make technical and other changes within reason.

An agreement is formed between the Parties when M.E receives an appropriately filled-in registration or order form (“Order”) which the Customer has submitted through a registration and/or purchasing procedure on Malware.Expert website. In connection with the registration procedure the Customer will create a service account.

Support

M.E shall provide the Customer’s administrative users with technical support with respect to the Service through the means described under the Support page on M.E’s website. Contact details are provided on M.E’s website.

Paid subscription, free trials and prices

The Service and the prices for the Service (“Service Fee”) are described in the service descriptions available on M.E’s website. M.E may from time to time offer trials of the Service for a specified period without payment. M.E reserves the right, in its sole discretion, to determine Customer’s eligibility for a free trial and, subject to applicable laws, to withdraw or to modify an offer trial at any time without prior notice and with no liability, to the greatest extent permitted under the law. For a free trial of the Service, M.E may require Customer to provide payment details to start the trial. At the end of such trial, M.E may automatically start to charge the applicable service fees for the Service immediately after the end of the free trial in accordance with Section Payment Terms and according to the price list on M.E’s website.

Depending on the contractual agreement, a monthly or annual account will be issued. Payment is due immediately upon receiving the invoice. M.E shall charge the Service by debiting credits from the Customer has submitted the Order. Invoices are made available on the Customer’s service account. With the exception of credits offered by M.E free-of-charge for a trial period. The Payments are not refundable unless otherwise decided by M.E at its sole discretion.

The applicable subscription to the Service must be cancelled through Customer’s account’s subscription page, or the Service must be terminated in its entirety, before the end of the trial period in case Customer does not accept the applicable prices provided on M.E’s website. Customer shall ensure that the authorised Users use the Service in compliance with this Agreement. Misuse of the Service by Customer or any User may lead to termination of the Agreement or suspension or denial of access to the Service.

Right to use the Service and eligibility

Subject to due subscription to the Service and compliance with the Agreement, M.E grants to Customer a non-exclusive, nontransferable and limited right to enter and use the Service and grant Users access rights to the Service

Changes to the Service

M.E is entitled to develop its services and business offerings. In case of a change in the Service, M.E will notify the Customer in advance. If M.E considers that a change will have a material effect in the Service, M.E will notify the Customer at least 30 days before the change will be effected and reserve the Customer a possibility to terminate the Agreement.

Customer’s obligations and rights

When subscribing to the Service, Customer shall provide true, accurate and complete information as prompted by the Order and update such information when required. Please note that this Agreement only covers the Service and the use thereof and any and all linked third party services and platforms are provided by the relevant third parties and covered by their terms of service or other agreement or license. M.E does not assume any liability in regard to use of such third-party services and platforms, whether or not they are linked to the Service.

Use restrictions

Customer is not permitted and not entitled to permit the Users or any other parties to do any of the following:

  • copy, redistribute, reproduce, record, transfer, perform or display to the public, broadcast, or make available to the public any part of the Service, or otherwise make any use of the Service which is not expressly permitted under the Agreement or applicable law or which otherwise infringes the intellectual property rights (such as copyright) in the Service or any part of it or any other intellectual property rights of third parties
  • sign up for an account on behalf of someone else
  • interfere with other Customers’ use and enjoyment of the Service
  • circumvent or try to circumvent any usage control or anti-copy functionalities of the Service
  • reverse engineer or decompile the Service or access the source code thereof, except as permitted by law
  • use the Service for transmitting any unauthorised advertising, promotional materials, junk mail, spam, chain letters, contests, pyramid schemes, or any other form of solicitation or mass messaging
  • use the Service in violation of applicable law
  • use the Service in ways that violate intellectual property rights, business secrets or privacy of third parties

Reselling

The customer is entitled to third-party contractual rights using the internet presence provided to him by us. In this case, the client still remains the sole contractor. The client is committed to all the terms of the contract, arising from the terms and conditions as well as from our order forms, passing these on to all third parties and obliging them to comply with the terms.

When changes need to be made regarding the participation acts of third parties, the customer is obligated to cooperate. The customer will provide us with the third party’s address and contact details on request. We are entitled, in the case of changes, to contact third parties directly to demand their written agreement to the changes.

The customer is responsible for all third party contractual violations. The customer is financially liable to us for all damages resulting from third party violations. In addition, we are exempt from liability for all claims which may arise from third parties and others.

Customer Data

Customer data shall mean all Customer’s data that a Customer or another party acting on Customer’s behalf generates in or submits to the Service (“Customer Data”) or the data Customer submits to a third-party service or platform which might be accessed by the Service, subject to and on the basis of the permissions or consents Customer has granted. Customer agrees that M.E does not assume any liability or responsibility in respect to any Customer Data, with the exceptions relating to Personal Data as set forth in Section Data Processing below. Customer shall at all times ensure that Customer Data does not infringe any third party intellectual property rights or violate any applicable laws or legislation. Customer shall not upload any illegal, offensive, threatening, libellous, defamatory, or otherwise inappropriate data to the Service. For clarity, M.E is not responsible and shall not be held liable for any Customer Data, nor does it endorse any opinion contained in any Customer Data. Aside from the rights specifically granted herein, Customer retains ownership of all rights, including intellectual property rights, in the Customer Data.

Data Processing

In order to provide the Service, M.E may process personal data on behalf of the Customer as a data processor for the purposes of providing the Service. M.E processes certain personal data also as a data controller. Such personal data includes, inter alia, data of the Customer’s contact persons, invoicing details and other personal data of Customer’s contact persons which M.E processes in order to maintain the customer relationship. The requirements relating to the personal data M.E processes as data controller are set out in our Privacy Policy available on M.E’s website. In this section, “Personal Data” refers to any information relating to an identified or identifiable natural person the Customer enters into the Service and M.E processes on behalf of the Customer in the course and within the scope of providing the Services. In connection with the use of the Service, the Customer may transfer various data to M.E for processing on behalf of the Customer. Such data might include Personal Data. The Customer shall be considered as the sole data controller and M.E as the sole data processor with respect to such data. The following terms and conditions set forth in this section concern the data processing activities of M.E as a data processor with respect to the Personal Data it processes on behalf of the Customer.

General requirements relating to processing of Personal Data

The Customer shall be responsible for the lawful collection, processing and use, and for the accuracy of the Personal Data, as well as for preserving the rights of the individuals concerned. If and to the extent legally required, the Customer shall inform the individuals concerned regarding the processing of their Personal Data by M.E, and shall obtain their consent if necessary. The Personal Data processed by M.E on behalf of the Customer may include e.g. Personal Data of the Customer’s employees and end-customers, such as contact details of the aforementioned data subjects. The Customer acknowledges that due to the nature of the Service, M.E cannot control and has no obligation to verify Personal Data the Customer transfers to M.E for processing on behalf of the Customer when the Customer uses the Service. The Customer ensures that the Customer is entitled to transfer the Personal Data to M.E so that M.E may lawfully process the Personal Data on behalf of the Customer in accordance with this Agreement. M.E shall not use Personal Data for any purpose other than that of rendering and providing the Service and will not assert liens or other rights over, or sell or disclose the Personal Data to any third parties, without the Customer’s prior written approval. M.E shall process Personal Data in accordance with this Agreement and documented instructions from the Customer. The Customer’s instructions must be commercially reasonable, compliant with applicable data protection laws and consistent with this Agreement. M.E shall not be obliged to verify whether any instructions given by the Customer are consistent with applicable laws, as the Customer is responsible for such compliance verification of its instructions. However, if M.E detects that any instruction given by the Customer is non-compliant with the requirements of any data protection legislation applicable to M.E’s operations, M.E shall inform the Customer in writing. M.E and the Customer shall comply with the EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“Regulation”) and any applicable European or foreign data protection laws as amended, as well as data protection authorities’ orders and guidelines. M.E and the Customer shall implement and maintain appropriate technical and organizational security measures to protect the Personal Data within their area of responsibility, in order to safeguard the Personal Data against unauthorised or unlawful processing or access and against accidental loss, destruction or damage. Such measures include where necessary and appropriate, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons the following measures:

  • access right controls to systems containing Personal Data
  • the pseudonymisation and encryption of Personal Data
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
  • the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing

assistance obligations

To respond to requests from individuals exercising their rights as foreseen in applicable data protection law, such as the right of access and the right to rectification or erasure, the Customer shall primarily use the corresponding functions of the Services, such as the M.E Control Panel. M.E shall provide the Customer with commercially reasonable assistance, without undue delay, taking into account the nature of the processing. M.E shall further provide the Customer with commercially reasonable assistance in ensuring compliance with the Customer’s obligations to perform security and data protection assessments, breach notifications and prior consultations of the competent supervisory authority, as set out in the applicable data protection law, taking into account the nature of the processing and the information available to M.E. In case such assistance requires extensive measures from M.E, the Customer shall pay additional reasonable remuneration to M.E for handling such assistance requests. In addition, M.E shall, and shall procure that its personnel (including its subcontractors’ personnel) shall:

  • only process Personal Data in accordance with the Customer’s written instructions and not for M.E’s own purposes;
  • ensure that individuals processing Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

Transfers of Personal Data

The Customer accepts that M.E may have Personal Data processed and accessible by its subprocessors outside the Customer’s country of domicile to provide the Service. In case the processing is subject to any EU data protection law and Personal Data is transferred from the European Economic Area (“EEA”) to a subprocessor for processing in any country outside the EEA that is not recognized by the European Commission as providing an adequate level of protection for personal data, M.E provides for appropriate safeguards by standard contractual clauses, adopted or approved by the European Commission and applicable to the processing by the non-EEA subprocessor or by any other appropriate safeguard as foreseen under Regulation.

Audits

The Customer shall have the right to audit the facilities and processing activities of M.E under this Agreement to examine the level of protection and security provided for Personal Data processed under this Agreement and to assess the compliance of M.E with the terms and conditions relating to Personal Data set out herein. Each Party shall bear its own costs for any such audit. Where an audit may lead to the disclosure of business or trade secrets of M.E or threaten intellectual property rights of M.E, the Customer shall employ an independent expert to carry out the audit, and the expert shall agree to be bound to confidentiality to M.E’s benefit.

Subprocessors

General authorization. The Customer gives its general authorization to allow M.E to involve M.E’s affiliated companies and other subcontractors as subprocessors to process Personal Data in connection with the provision of the Service, to the extent such appointment does not lead to non-compliance with any applicable law or M.E’s obligations under this Agreement. M.E ensures that the involved subprocessors are properly qualified, will be under a data processing agreement with M.E, and comply with data processing obligations similar to the ones which apply to M.E under this Agreement. M.E shall be liable towards the Customer for the processing of Personal Data carried out by M.E’s subprocessors.

Change of subprocessor

M.E is free to choose and change its subprocessors. Upon request, M.E shall inform the Customer of subprocessors currently involved. In case there is a later change of subprocessor (addition or replacement), M.E shall notify the Customer of such change. In case the Customer objects such change of subprocessor on reasonable grounds, the Customer has the right to request change of the subprocessor. If M.E is not willing to change the subprocessor the Customer has objected, the Customer shall have the right to terminate the Service and this Agreement.

Breaches

M.E shall, without undue delay after having become aware of it, inform the Customer in writing about any data breaches relating to Personal Data and any other events where the security of Personal Data processed on behalf of the Customer has been compromised. M.E’s notification about the breach to the Customer shall include at least the following:

  • description of the nature of the breach
  • name and contact details of M.E’s contact point where more information can be obtained
  • description of the measures taken by M.E to address the breach, including, where appropriate, measures to mitigate its possible adverse effects.

Deletion and return of Personal Data

M.E shall not take any action to intentionally erase any Personal Data processed on behalf of the Customer, without the Customer’s explicit request. Personal Data shall be processed under this Agreement until the Customer has ceased to use the Service. Within a reasonable time after the termination or expiry of this Agreement, or after the Customer has permanently ceased to use the Service, M.E shall permanently delete Personal Data from its storage media, except to the extent that M.E is under a statutory obligation to continue storing such Personal Data. On the Customer’s request, M.E shall confirm the deletion in writing. The obligation to delete Personal Data shall not apply to Personal Data contained in regular back-up copies of comprehensive datasets from which the individual deletion of Personal Data would not be possible without significant efforts or costs.

Confidentiality

The Parties may exchange confidential information during the performance of this Agreement. Confidential information shall mean any information which is marked as confidential or which should be understood as confidential, irrespective of its form of storage or disclosure. All confidential information shall remain the property of the disclosing Party and the receiving Party shall keep confidential and refrain from using such confidential information otherwise than for the purposes of this Agreement, during the term of this Agreement and after the termination of this Agreement. For the avoidance of doubt, any information of or relating to a Party or that Party’s personnel, suppliers, contractors, customers or end-users, which information is obtained or detected by the other Party or processed or generated in the course of providing or receiving the Service shall be deemed confidential information of that Party. Each Party shall promptly upon termination of the Service cease using confidential material and information received from the other Party and use reasonable means to destroy such material. Each Party shall, however, be entitled to retain the copies required by law or regulations.

Intellectual Property Rights

All intellectual property rights to and in the Service as well as intellectual property rights pertaining thereto, are exclusive property of M.E or its licensors with all rights reserved. All intellectual property rights to the content uploaded into the Service by or on behalf of the Customer will remain the exclusive property of the Customer or its licensors. Customer agrees not to resell the Service or redistribute or transfer the Service. All intellectual property rights relating to the provision of the Services, including suggestions for improvements made by the Customer, will remain the exclusive property of M.E or its licensors.

Limited Warranty

The Service is provided on “as-is” and “as-available” basis, and M.E will not give the Customer any warranty or guarantee, express or implied, for the Service, including but without limitation to warranties of merchantability, fitness for any particular purpose, performance, or non-infringement. The parties expressly note that the Service is not designed to be error-free or uninterrupted and therefore they are neither intended nor fit for purposes that require fail-safe performance.

Limited Liability

M.E will not be liable for indirect damage or consequential damages caused to the Customer. M.E’s total aggregate liability under or in connection with this Agreement shall be limited to the aggregate Service Fee paid by the Customer for the Service for the last six (6) months preceding the occurrence for which damages are claimed. These limitations will not apply to damage caused by willful misconduct or gross negligence. In order to be valid and enforceable, all claims for damages must be made within 30 days from the date the damage was or should reasonably have been noticed by the Customer.

Assignment and Third-Party Benefits

M.E may assign the Agreement in whole or in part to another group company or in connection with the trade sale which includes the provision of the Service. The Customer may assign the Agreement to a third party with M.E’s prior written consent which M.E will not unreasonably withhold. The Agreement will not create any third-party beneficiary rights in any third party.

Temporary Suspension

If the Customer has breached the provisions of the Agreement or M.E has justifiable reasons to believe such a breach exists, M.E may temporarily suspend the provision of the Service.

Termination for Convenience

The Customer may terminate the Agreement for any reason by issuing 5 days written notice to M.E. M.E may terminate the Agreement for any reason by issuing 30 days written notice to the Customer.

Termination for Cause

Either Party may terminate the Agreement with immediate effect if the other Party has materially breached the provisions of the Agreement.

Entire Agreement and Amendments

The Agreement constitutes the entire agreement and supersedes all previous commitments between the parties in respect of the provision of the Service. All amendments to the Agreement must be made in writing. M.E may modify this Agreement by notifying the Customer in writing, such as by e-mail or by posting a revised document version on M.E’s website. If M.E considers that a revision will have a material effect on the Agreement, M.E will notify the Customer at least 30 days before the revision will be effected and reserve the Customer a possibility to terminate the Agreement.

Non-Waiver

A failure by either Party to enforce any provision of the Agreement will not be deemed to constitute a present or future waiver of such provision. All waivers must be made in writing.

Force Majeure

Force Majeure is an event that prevents, or makes unduly difficult, the performance of the Service or the fulfilment of the provisions of the Agreement, such as war, rebellion, natural catastrophe, general interruption in energy distribution or telecommunications, fire, strike, embargo, or another equally significant and unforeseen event independent of the parties. Each Party shall be entitled to suspend its duties without liability thereof in case of Force Majeure affecting the Party either directly or through its subcontractor.

Severability

Should any provision of the Agreement be declared unenforceable by a court of competent jurisdiction, the remaining provisions of the Agreement will remain in full force and effect to the fullest extent permitted by law. The Parties shall attempt through negotiation in good faith to replace the unenforceable provision with such provisions that correspond as closely as possible to the original intention of the Parties.

Governing Law and Arbitration

The Agreement will be governed by the substantive laws of Finland, with the exception of any conflict of law principles. Any and all disputes, which the Parties fail to settle amicably, arising out of or relating to the Agreement will be finally settled by arbitration in English language in accordance with the Rules of the Arbitration Institute of the Finland Chamber of Commerce.