and You (“Reseller”) and is made and entered into on the date of acceptance by You of these terms.
(A) EveryCloud is a provider of: cloud based services designed to filter and prevent the delivery of Spam; and other associated IT services (hereinafter defined as the “Services”).
(B) EveryCloud appoints Reseller as its non-exclusive Reseller to sell the Services and Reseller accepts such appointment.
It is hereby agreed as follows:
1 Definitions and Interpretation
In this Agreement the following words shall, have the following meanings ,unless the context clearly requires otherwise.
1.1 Agreement: means these Terms and Conditions, and all attachments, exhibits, appendices, and schedules hereto.
1.2 Agreement Initial Term: the Agreement Initial Term shall be 12 months.
1.3 Applicable Law: the laws of England and Wales.
1.4 Authorised Representative: the Customer
1.5 Change of Control: shall be deemed to have occurred in respect of a Customer, solely where such Customer is a legal entity, if: (a) any entity having previously Controlled (as hereinafter defined) the Customer ceases to do so; (b) any entity acquires Control of Customer (whether by reason of acquisition, merger, reorganisation, operation of law, or otherwise); or (c) all, or substantially all, of the assets of Customer or an entity that Controls Customer are acquired (whether by reason of acquisition, merger, reorganisation, operation of law, or otherwise) by, or combined by merger with, any other entity. A Change of Control shall not include any assignment permitted under this Agreement pursuant to Clause 14.
1.6 Charges means the charges payable for the Services as set out in Appendix 6;
1.7 Confidential Information: means all trade secrets, business, technical and financial information, computer software, machine and operator instructions, business methods, procedures, know-how, and other information, irrespective of the form of communication, that relates to the business or technology of either party that is identified as being confidential at the time of disclosure or disclosed under circumstances that would lead a reasonable person to believe such information is confidential including but not limited to technical or financial data, information, processes and trade secrets, and business activities, whether in written, oral, or other form, including but not limited to, methods of doing business, and names of customers or clients, of each party, which are treated or identified as confidential or proprietary by such party or the disclosure of which might reasonably be construed to be contrary to the interest of such party.
1.8 Control (and “Controls,” “Controlling,” “Controlled by,” and “under common Control with” shall be construed accordingly): means the possession, directly or indirectly, of the power to direct or cause the direction of the management and/or policies of that party, whether through the ownership of voting, securities, partnership or equity, by contract, or otherwise. Where any two parties together satisfy any of this definition, they shall be deemed to have Control. For purposes of this definition, there shall be attributed to any party rights and powers of a nominee for it (that is to say, any rights or powers that another party possesses on its behalf or may be required to exercise on its direction or behalf).
1.9 Customer: means a customer of the Reseller that has entered into a EULA;
1.10Customer Use Period means the initial minimum period of 12 months that a Customer signs up to the Services, and subsequent 12 monthly periods thereafter;
1.11DP Laws: means the EU Data Protection Directive 95/46/EC (and all applicable laws which replace it, including the General Data Protection Regulation, the Data Protection Act 2018), the Data Protection Act 1998 and the rules and regulations made or having effect under it, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all applicable laws and regulations relating to processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner. References to the aforementioned legislation shall include any statutory or other re-enactment or modification of that legislation (whether before or after the date of this Agreement)
1.12EveryCloud Systems: means the EveryCloud customer relationship management functionality within the EveryCloud website or such other database as may be used from time to time, the EveryCloud workspace, continuity or archiving functionality or the EveryCloud control panel which can be used for management of Users of the Services.
1.13EULA: means the end user licence agreement entered into by a Customer of the Reseller between the customer and the Reseller governing the Customer’s use of the Services;
1.14Good Industry Practice means the exercise of the degree of professionalism, diligence, prudence, foresight, skill and care, which would reasonably and ordinarily be expected from a skilled and experienced contractor engaged in the United Kingdom in activities of a similar scope and complexity to those that are the subject of this Agreement.
1.15Initial Term: means a period of 12 months;
1.16Intellectual Property Rights: means all worldwide patents, patent applications, copyrights, trademarks, design rights, service marks, trade names, trade dress, trade secrets, know-how, moral rights, and any other intellectual property or proprietary rights.
1.17Normal Working Day: means Monday through Friday excluding public holidays.
1.18Normal Working Hours: means the hours between 9:00 a.m. and 6:00 p.m. of the time zone of the Customer during a Normal Working Day.
1.19Open Relay: means a situation whereby a Customer or the Reseller, acting on the Customer’s behalf or on its own behalf, has failed to lock down a firewall to IT system which then could or does become the subject of a network attack which could or does result in the Customer or Reseller system sending Spam, viruses or malware.
1.20Service(s): means those Services described in the Schedules hereto.
1.21Spam: means unsolicited commercial email.
1.22Term: shall have the meaning ascribed to it in Clause 7.1
1.23User: means a person, mailbox or machine that uses the Service.
2 Grant of Licence and Use of Services
2.1 Subject to this Agreement, EveryCloud hereby grants to the Reseller a non-exclusive, non-transferable, limited, revocable right to use the Services for the number of Customers and their associated Users specified in the set up process of each Customer’s domain which may be reviewed in the EveryCloud Systems from time to time.
2.2 The provision of the Services shall be subject to EveryCloud’s then current service level agreement (“SLA”) which is at Appendix 1 to this Agreement and located at www.everycloudtech.com/sla . Should EveryCloud wish to amend or update the SLA’s in this Agreement, they shall follow the procedure(s) set out in Clause 14. The Reseller’s sole and exclusive remedy for any interruptions or deficiencies in the Service shall be as set out in the SLA. The Reseller shall not be entitled to any SLA remedy for Service interruptions pursuant to Clauses 2.3, 2.4, 2.5, and/or 10.4.
2.3 EveryCloud reserves the right, both prior to the provisioning of the Service and at any time during the supply of the Service, to test whether the any Customer's email systems allow Open Relay. If at any time a Customer's email systems are found to allow Open Relay, EveryCloud reserves the right to withhold or suspend all or any part of the Services immediately and until the situation has been resolved to EveryCloud’s satisfaction subject to the following: EveryCloud shall notify the Reseller as soon as reasonably practicable of the existence of the Open Relay on a Customer system; such notification shall be before or after suspension or withholding of the Service has occurred; EveryCloud shall allow the Reseller a reasonable length of time to resolve the situation before suspending or withholding the Services.
2.4 If at any time EveryCloud determines that a Customer's email systems are being used for sending Spam, EveryCloud reserves the right to withhold or suspend all or part of the Services immediately and until such misuse has ceased. EveryCloud shall notify the Reseller as soon as reasonably practicable of a Customer’s suspension.
2.5 In the event that a Customer fails to protect their network effectively from, without limitation, hacking attempts, denial of service attacks, mail bombs which results in multiple occurrences of Spam sending, EveryCloud reserves the right to suspend or terminate the SMTP relay. This will not affect inbound Spam filtering, however, the Customer will no longer be able to send emails via the Service.
2.6 Subject to Applicable Law (including for the avoidance of doubt DP Laws derived from the Data Protection Directive 95/46/EC as enacted in the United Kingdom as the Data Protection Act 2018), EveryCloud may provide the Service from any hardware installation anywhere in the world and may, at any time, transfer the provision of the Service from one installation to another. EveryCloud does not guarantee that any such installation, or any part thereof, is or will be dedicated to the sole use of the Reseller.
2.7 EveryCloud may substitute products or services of later design to provide the Services, provided the changes, modifications, or substitutions under normal and proper use do not adversely impact on form, fit, or function specified under this Agreement.
2.8 Should the Services be suspended or terminated for any reason whatsoever, EveryCloud reserves the right to reverse all configuration changes made upon provisioning the Service upon reasonable notice to the Reseller. In such event, the Reseller acknowledges and agrees that it shall be responsible to undertake, at its sole cost and expense, all other necessary configuration changes to Customer email servers and to inform its Internet Service Provider (“ISP”) of the need to reroute inbound email.
2.9 Subject to Applicable Law, EveryCloud may monitor Customer’s use of the Service (and disclose or otherwise use information obtained in so doing) only to:
2.9.1 comply with Applicable Law, regulation, or other governmental request or order;
2.9.2 determine whether Customer’s use of the Service violates Applicable Law;
2.9.3 protect the integrity of the public Internet, the Service, and/or EveryCloud and/or networks; or
2.9.4 take other actions agreed upon or requested by Customer.
2.10The Reseller shall notify EveryCloud at the commencement of this Agreement of the number of Users it wishes to add to the Services. As the EveryCloud System automatically creates User accounts, EveryCloud reserves the right to periodically check the number of Users within the EveryCloud System against the number of paid Users of the Customer and invoice the Customer according to such User numbers.
2.11The Reseller acknowledges and agrees that the Service will be provided in accordance with EveryCloud’s default settings applied from the outset as detailed in the relevant Service descriptions contained within the SLA and that it is the Reseller’s sole responsibility to configure the Service to its own and its Customer requirements, provided EveryCloud shall at all times cooperate with and provide relevant information to the Reseller to assist in compatible configuration.
3 Reseller's Obligations
3.1 The Reseller will provide EveryCloud with all technical data and all other information that EveryCloud may reasonably request from time to time to enable EveryCloud to supply the Services to the Reseller. The Reseller will use its reasonable endeavours to ensure that all information supplied by it shall be complete, accurate, and given in good faith, and such information will be treated as Confidential Information under the terms of this Agreement.
3.2 The Reseller shall maintain the confidentiality of any User ID and/or password related to the Service including those that affect:
3.2.1 Reseller or Customer access to or use of the Service;
3.2.2 any computer system or network used in connection with the Service; or
3.2.3 any software, application, or service used in connection with the Service.
3.3 All such User IDs and passwords shall be considered “Confidential Information” hereunder.
3.4 The Reseller agrees that information sent to and from a Customer will pass through the Service and accordingly procure via its EULA that the Customer agrees to use the Service for legitimate and lawful business purposes only.
3.5 The Reseller shall be solely responsible for any data or systems failure or corruption, or any other loss or damage, caused by or arising from:
3.5.1 the release by the Reseller or a Customer or a Customer’s employees, agents, or contractors of any malware-infected files, links or phishing, content blocked, stopped, or such other files, links or content which would have been prevented by the Service (collectively “Malware”); and/or
3.5.2 the onward distribution of Malware specified in Clause 3.5.1 via the Reseller or a Customer or Customer’s Users’ email addresses or network system.
4 Ordering and Payment
4.1 Upon the Reseller setting the Customer up within the EveryCloud System, the Customer commences a 30 day free trial of the Services. The Customer may cease to use the Services at any time during the 30 day free trial without charge. Upon the completion of the 30 day free trial, EveryCloud will:
4.2 Where a Reseller sells any of the Services, Reseller shall issue a purchase order to EveryCloud with sufficient information to enable EveryCloud to process the order. EveryCloud rejects and shall not be bound by any terms contained within such purchase order and the purchase of the Services will be governed by this Agreement. EveryCloud shall notify the Reseller 60 days prior to a Customer’s renewal date of the amount of Users attributed to such Customer and shall issue an invoice 30 days after that notification. The invoice will therefore be due and payable on the Customer’s renewal data. Such invoice shall be based upon the then current price list and Reseller discount. If a Customer does not wish to continue with the Services, the Reseller must notify EveryCloud no less than 30 days prior to the Customer’s renewal date.
4.3 Invoiced Transaction: Where Reseller has chosen to be invoiced for the Services, EveryCloud will issue an invoice to the Reseller for the amount of Users relating to Customers during the set up process for the relevant Services.
4.4 Reseller shall pay to EveryCloud, the amount of the charges specified on the invoice, within 30 days of the date of the invoice, unless otherwise specified in Appendix 6. All charges are exclusive of VAT or other sales tax which will be itemized on the invoice. In the event that Reseller fails to make any payment when due, EveryCloud reserves the right to suspend Services immediately and delete and remove any emails contained within the EveryCloud Systems.
4.5 Card Payments: Where the Reseller makes full payment by credit, debit card or Paypal the customer trial will immediately be converted to full service for the Term, Renewal Term of such other period agreed between the Parties and accessible using the same login details. Full payment is required for the period purchased, which shall be a minimum period of the 12 months, whether payment for such period is paid monthly or annually, payment for each Customer Use Period shall be due and owing.
4.6 EveryCloud reserves the right to charge interest in respect of any overdue amounts whether before or after any judgment at a rate of one and one-half percent (1 1/2%) per month, or the maximum percentage permitted by law. The Reseller shall pay EveryCloud's costs of collection of such overdue amounts including, but not limited to, legal fees.
4.7 Refund requests submitted within 30 days of the purchase date and for less than $5,000.00 (USD) will receive a refund. Refunds are not eligible for requests of $5,000 (USD) or more, or for requests submitted after 30 days from the purchase
5 Email Archiving
5.1 In the event that the Reseller has chosen EveryCloud’s Email Archiving in respect of a Customer as part of the Services, and this Agreement is terminated or expires, the Reseller may, on behalf of a Customer, either:
5.1.1 Request data via an electronic download. The EveryCloud Email Archiving service will allow a bulk-data download to the Reseller’s or a Customer's own storage via a standard Internet connection. Bulk data download must be completed within the first thirty days of the termination or expiry of this Agreement, otherwise a data hold fee will be charged for each month beyond contract termination at the rate of £4.70 per GB per month for UK based Customers or US$7.25 (US Dollars) per GB per month for all non UK based Customers. Bulk data download fee is £4.70 per GB for UK based Customers or US$7.25 (US Dollars) per GB for all non UK based Customers. After the data is extracted all Customer data is deleted from the EveryCloud System; or
5.1.2 Request data hard drive shipment. The EveryCloud Email Archiving service will bulk store Customer data to a hard disk drive and ship the hard drive to the Reseller or Customer address as notified to EveryCloud by the Customer within the first thirty days of the termination or expiry of this Agreement. The fee will be a one off charge of £200 plus £4.70 per GB for UK based Customers or a one off charge of US$300 (US Dollars) plus US$7.25 per GB including shipping and tracking services. After the data is extracted all Customer data is deleted from the EveryCloud System; or
5.1.3 Request data destruction. Upon the written request of the Reseller on behalf of the Customer and verbally confirmed with an authorised representative of EveryCloud and confirmed by return email , the EveryCloud Email Archiving service will electronically shred all Customer data from all storage locations within the first thirty days of the termination or expiry of this Agreement. Electronically shredding includes deleting all data, removing all records from metadata databases, full-text index files and destroying the encryption key to ensure no data will ever be recoverable.
6 Limitation Of Liability
6.1 EveryCloud does not limit its liability (if any) in respect to the following:
6.1.2 the death of, or personal injury to, any person caused by its negligence or that of its employees.
6.2 Notwithstanding Clause 6.1 and subject to clause 6.3, EveryCloud’s total aggregate liability per event or series of connected events, under or in relation to this Agreement (and whether such liability arises due to breach of contract, negligence or for any other reason) shall be limited to the lower of:
6.2.1 the amount payable by the Reseller to EveryCloud during the first twelve (12) months of the Service; or
6.2.2 £5,000 (five thousand pounds sterling).
6.3 Notwithstanding clause 6.1, EveryCloud does not accept any liability to the Reseller or its Customers under or in relation to this Agreement or its subject matter (whether such liability arises due to negligence, breach of contract, misrepresentation or for any other reason), for any loss of profits, loss of sales or turnover, loss of or damage to reputation, loss of contracts, loss of customers, loss of any software or data, losses or liabilities under or in relation to any other contract, indirect loss or damage, consequential loss or damage, loss(es) directly or indirectly due to network access by third parties; or special loss or damage. For the purposes of this Clause 6.3 the term "loss" includes a partial loss or reduction in value as well as a complete or total loss.
7 Term & Termination
7.1 Upon the expiry of the Initial Term, this Agreement will automatically renew for additional one (1) year terms (each, a “Renewal Term”) until a party gives the other party written notice of non-renewal at least 30 days before commencement of the next Renewal Term. The “Initial Term” and all “Renewal Terms” constitute the “Term” of this Agreement.
7.2 Without prejudice to any other rights to which it may be entitled, either party may terminate this Agreement with immediate effect upon written notice to the other party:
7.2.1 if the other party commits any material breach of any of the terms herein and (if such a breach is remediable) fails to remedy that breach within fifteen (15) days of that party being notified thereof; or
7.2.2 if (i) an order is made or a resolution is passed for the winding up of the other party; (ii) an order is made for the appointment of an administrator to manage the affairs, business, and property of the other party; (iii) a receiver, administrator, or administrative receiver is appointed of any of the other party's assets or undertaking; (iv) circumstances arise which entitle a court with proper jurisdiction or a creditor to appoint a receiver or manager or which entitle a court with proper jurisdiction to make a winding-up order; or (v) if the other party takes or suffers any similar or analogous action in consequence of debt.
7.3 EveryCloud may, without prejudice to any other rights to which it may be entitled, terminate this Agreement:
7.3.1 upon written notice to the Reseller if the Reseller fails to pay any amount due and payable to EveryCloud; or
7.3.2 Reseller and fails to remedy any breach within ten (10) days of being notified thereof; or
7.3.3 upon written notice to Reseller if there is a Change of Control of Reseller.
7.4 EveryCloud may, without prejudice to any other rights to which it may be entitled, suspend the provision of the Service to the Reseller or any of its Customers with immediate effect if:
7.4.1 the Reseller is in material breach of any obligation in this Agreement;
7.4.2 the Reseller allows its systems to be used for Open Relay; or
7.4.3 the Reseller fails to comply with any of its obligations under Clauses 2 or 3 of this Agreement.
8 Effects of Termination
8.1 Termination or expiry of this Agreement shall be without prejudice to any rights, remedies or liabilities accrued as of the effective date of termination.
8.2 Upon termination:
8.2.1 EveryCloud shall cease to provide the Services to the Reseller;
8.2.2 any amounts owed to EveryCloud under this Agreement whether arising and falling due before or after such termination will immediately become due and payable;
8.2.3 any amounts paid by the Reseller for Services not delivered shall become immediately repayable; and
8.2.4 subject to Clause 8.3, Customer’s rights to use the Services will immediately terminate.
8.3 The following Clauses shall survive termination: 1, 4, 6, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18 & 19.
9.1 Each party (“Recipient”) acknowledges that during the performance of this Agreement, it may have access to the other party’s (“Discloser”) Confidential Information. The Recipient agrees that such Confidential Information is proprietary to the Discloser and will remain the sole property of the Discloser.
Except as otherwise provided herein, each party agrees that all information communicated to it by the other, whether before or after the Effective Date, will be deemed to have been received in strict confidence, will be used only for purposes contemplated hereby, and each party will use the same means it uses to protect its own Confidential Information, but in any event not less than reasonable means, to prevent the disclosure and to protect the confidentiality thereof. No such information shall be disclosed by the recipient party, its agents, representatives or employees without the prior written consent of the other party. The foregoing shall not prevent either party from disclosing information that: (i) becomes publicly available other than as a result of a disclosure by the recipient party or by its employees, agents, or other persons to whom the recipient party has disclosed such information; (ii) was available to the recipient party on a non-confidential basis prior to its disclosure to the recipient party by the other party provided that such prior disclosure and its non-confidential status are evidenced in writing; or (iii) becomes available to the recipient party on a non-confidential basis from a source other than the other party hereto, provided that such source is not bound by a confidentiality agreement with the other party hereto.
9.2 The Recipient agrees as follows: (i) to use the Confidential Information only for the purposes described in this Agreement; (ii) to hold in confidence and protect the Confidential Information from dissemination to, and use by, any third party, taking precautions at least as protective as those the Recipient employs with respect to its most confidential materials, but in no case less than reasonable precautions; (iii) restrict access to the Confidential Information to its employees and contractors who have a need to have access to the Confidential Information and who are bound by confidentiality obligations at least as restrictive as those set forth in this Agreement; (iv) immediately notify the Discloser upon discovery of any loss or unauthorised disclosure of the Discloser’s Confidential Information; and (v) to return or destroy all Confidential Information upon termination of this Agreement.
9.3 The foregoing provisions will not apply to Confidential Information that: (i) is publicly available or in the public domain at the time disclosed; (ii) is or becomes publicly available or enters the public domain through no fault of the Recipient; (iii) is rightfully communicated to the Recipient by persons not bound by confidentiality obligations with respect thereto; (iv) is already in the Recipient’s possession free of any confidentiality obligations with respect thereto at the time of disclosure; (v) is independently developed by the Recipient without access to the Confidential Information; or (vi) is approved for release or disclosure by the Discloser in writing without restriction. Notwithstanding the foregoing, the Recipient will be allowed to disclose Confidential Information of the Discloser to the extent that such disclosure is required by law or by the order of a court or similar judicial or administrative body; provided that, the Recipient notifies the Discloser of such required disclosure promptly in writing and cooperates with the Discloser, at the disclosing party’s request and expense, in any lawful action to contest or limit the scope of such required disclosure.
9.4 EveryCloud recognises and confirms that the content of all mails sent to or received from the Reseller or a Customer by the Service is confidential. Unless requested to do so by the Reseller, in the normal provision of the Service EveryCloud will not access, read or copy emails or their attachments other than by electronic methods for the purposes of providing the Service. However, EveryCloud reserves the right to utilise the Virus-related content of such email or its attachments solely to:
9.4.1 maintain and improve the performance and the integrity of the Service;
9.4.2 comply with all regulatory, legislative or contractual requirements; and
9.4.3 make available to Service subscribers any information passing through the Service which may be of interest to them, solely for the purpose of further developing and enhancing the Service, provided that information provided by EveryCloud does not include any Customer-identifiable information.
10 Force Majeure
10.1Neither party will be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder to the extent resulting from causes beyond the reasonable control of such party, including without limitation, strikes, shortages, riots, insurrection, fires, flood, storm, explosions, acts of God, terror, war, labour conditions, earthquakes, compliance with any law or governmental order, rule, regulation or direction, accident, loss of electrical power, loss of telephone/internet/wide area network and similar infrastructure, and material shortages (each a “Force Majeure Event”).
10.2In the event of either party being so hindered or prevented, the party concerned shall give notice of suspension as soon as reasonably possible to the other party stating the date, extent, and cause of the suspension. Failure to give such notice shall forfeit the rights of that party to claim suspension. Any party whose obligations have been suspended as aforesaid shall resume the performance of those obligations as soon as reasonably possible after the removal of the Force Majeure Event and shall so notify the other party. In the event that the Force Majeure Event continues for more than thirty (30) days after written notification as aforesaid either party may terminate this Agreement immediately upon written notice.
11 No Third Party Beneficiaries
This Agreement shall be for the benefit of the Reseller and EveryCloud. A person who is not a party to this Agreement has no right under the Contracts(Rights of Third Parties) Act 1999 to enforce or to enjoy the benefit of any term of this Agreement.
12 Data Privacy and Regulation of Investigatory Powers
12.1The Parties acknowledge that the factual arrangement dictates the classification of each Party in respect of the DP Laws. Notwithstanding the foregoing, the Parties anticipate that EveryCloud will be a Controller and the Reseller will be a Controller and each Party shall Process data on its own behalf in respect of the Customers and any third parties with whom it deals and whose Personal Data they collect.
12.2 Each Party undertakes that it will comply with its obligations as a Controller and shall not do or permit anything to be done in respect of any Personal Data that it processes will not be nor cause the other Party to be in breach of the DP Laws.
12.3In the event that either Party is deemed to Process on behalf of the other Party it undertakes to:
12.3.1 Process relevant personal data only in accordance with written instructions from the relevant Controller and not for its own purposes;
12.3.2 Process personal data always in accordance with the DP Laws and only to the extent, and in such manner, as is strictly necessary for the performance of its obligations under this Agreement;
12.3.3 maintain written records of all categories of personal data Processing activities carried out on behalf of the Controller (where applicable to this Agreement) containing the information prescribed in applicable DP Law. The relevant Processor shall promptly make these records available to the Controller and any applicable law enforcement authority at the Controller’s request;
12.3.4 implement appropriate technical and organisational measures to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure, including the measures taken in accordance with applicable DP Laws or as otherwise contained in this Agreement, and provide a written description of such technical and organisational methods employed by for processing personal data upon request and within the timescales reasonably required by the Controller. These measures must be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the personal data and having regard to the nature of the personal data which is to be protected;
12.3.5 take steps in accordance with Good Industry Practice to ensure the reliability of any Processor and sub-contractor personnel who have access to the personal data to ensure compliance with the provisions of this clause 12;
12.3.6 not transfer any personal data to any third party (including any sub-contractors) without the prior written consent of the Controller, save that where EveryCloud acts as a Processor it is hereby agreed that EveryCloud shall be entitled to sub-contract to its technology partner Hornetsecurity GmbH, am Listholze 78, 30177 Hanover Germany in order to enable EveryCloud to provide the Services. Where the Controller does consent to the Processor engaging a sub-contractor to carry out any part of the Services, the Processor must ensure the reliability and competence of such sub-contractor, its employees or agents who may have access to the personal data processed under this Agreement, and must include in any contract with such sub-contractor provisions which are equivalent and provide equivalent protection for the Controller to those included in this clause 12, and also as are required by applicable DP Laws;
12.3.7 promptly (but, in any event, within forty eight (48) hours of becoming aware) notify Controller if it becomes aware of any actual, suspected or attempted breach of this clause 12 and take such steps as Controller, the Information Commissioner or any other law enforcement authority may reasonably require, within the timescales required by such entities, to remedy such breach and provide such further information as any of those entities may reasonably require;
12.3.8 immediately refer to the Controller any requests, notices or other communication from data subjects, the Information Commissioner, any other law enforcement authority or any other relevant third parties, to the extent permitted by applicable law, for the Controller to resolve. The Processor must, at no additional cost, provide such information to Controller as the Controller may reasonably require, and within the timescales reasonably specified by Controller, to allow the Controller to resolve such requests, notices or other communications;
12.3.9 not transfer or process any personal data outside of the European Economic Area ("EEA") without Controller's express prior written consent. Where Controller does consent to the transfer or processing of personal data outside of the EEA, the Processor must comply with all applicable DP Laws and undertakes to take all steps necessary to comply with those DP Laws including, if requested by the Controller, to execute a copy of the EC approved standard contract clauses with the Controller as directed by the Controller;
12.3.10 not retain any of the personal data for longer than is necessary to perform its obligations under this Agreement and upon Controller's reasonable request, securely destroy or return such personal data; and
12.3.11 comply with and supplement this Agreement at Controller’s request with any specific clauses that any applicable law enforcement authority (including the European Commission and the European Data Protection Supervisor) recommend are included in agreements made with data Processors.
12.4The terms “Controller”, “Processor”, “Subject Access Request”, “Process”, “Processing” shall have the meanings ascribed to them within the DP Laws.
This Agreement may be amended by EveryCloud giving not less than 30 Normal Working Days’ notice to the Reseller of such amendment and shall become effective at the expiry of such 30 Normal Working Days’ notice. EveryCloud shall also be entitled to amend the SLA document and the Services schedule upon no less than 10 Normal Working Days notice to the Reseller and such variations shall become automatically effective upon the expiry of such 10 Normal Working Days notice without the need for signature of the Reseller.
Neither party may assign or transfer, by operation of law or otherwise, any of its rights under this Agreement to any third party without the other party’s prior written consent. Any attempted assignment or transfer in violation of the foregoing will be void.
All waivers must be in writing. The failure of a party to exercise or enforce any right under this Agreement shall not be deemed to be a waiver of that right, nor shall such failure operate to bar the exercise or enforcement of such right at any time or times thereafter.
If any provision of this Agreement is unenforceable, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under Applicable Law and the remaining provisions will continue in full force and effect.
All notices, consents, and approvals under this Agreement must be in writing and delivered by courier, by email of scanned original signed document, or by registered mail (postage prepaid and return receipt requested) to the other party at the address, set out below and will be effective upon the earlier to occur of receipt or three (3) business days after being deposited in the mail as required above. Either party may change its address by giving written notice of the new address to the other party.
Address for Notices to the Customer:
The Email Address you provided during the setup process of your account
Address for Notices to EveryCloud:
18 Governing Law and Jurisdiction
This Agreement will be governed by the laws of England and Wales and the parties hereby submit to the exclusive jurisdiction of the English courts. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement. If any legal action is brought to enforce this Agreement, the prevailing party will be entitled to receive its costs, expenses, and reasonable attorneys’ fees, in addition to any other relief it may receive as determined by the courts.
19 Entire Agreement
This Agreement constitutes the entire agreement between the parties regarding the subject hereof and supersedes all prior or contemporaneous agreements, understandings, and communications, whether written or oral. This Agreement may be executed in counterparts, each of which will be considered an original, but all of which together will constitute the same instrument. EveryCloud shall be entitled to rely upon the fact that the person who accepts this Agreement on behalf of the Reseller has capacity and authority to enter such Agreement and the Reseller warrants this to be the case. In the event of any terms and conditions appearing on the Reseller’s order form, such terms and conditions are expressly excluded and of no legal effect and shall not be deemed accepted by EveryCloud.
Signed digitally for and on behalf of EveryCloud
Signed for and on behalf of The Reseller by confirming acceptance of the terms and conditions through ticking the "accept terms and condititons"
Service Description and SLA
SPAM FILTER SERVICE DESCRIPTION
1. Service Description
1.1 The EveryCloud system shall filter incoming email of the Reseller and its Customers for dangerous content (e.g. viruses) and undesired advertisement (e.g. spam) received to the Users email addresses. Emails to any Customer shall be redirected to the EveryCloud server by changing of the MX records for the domains to be filtered.
2. If desired by the Reseller, outgoing emails shall be filtered as well.
3.1 Received email shall either be:
3.1.1 blocked (refused), in the case that they have been recognized with a high probability as undesired during data connection build-up with the EveryCloud server;
3.1.2 put under quarantine, in the case that they have been recognized as undesired after complete reception of the email to the EveryCloud server;
3.1.3 delivered or provided for pickup, in the case that they have been recognized as desired email.
4. Emails under quarantine shall be saved for 3 months to enable review by the Reseller and Users. If desired by Reseller and the EveryCloud Control Panel is correctly configured, a User shall be informed about new emails under quarantine. EveryCloud shall provide the Customer with clear and detailed instructions for Control Panel configuration.
5. Users can access email under quarantine via the Internet. The Customer shall be able to interactively initiate sending of emails under quarantine to the Customer systems.
6. Long-term archiving shall be provided by EveryCloud subject always to the Customer entering into an agreement in respect of archiving Services.
7. The Reseller shall be responsible for ensuring that each of its Customer’s firewalls shall be configured to only receive emails delivered by the EveryCloud system, however, EveryCloud shall provide reasonable support to the Reseller for this.
8. EveryCloud shall be responsible for the support relating to the EveryCloud System. At no time shall EveryCloud have any responsibility in respect of the Reseller or any Customer system.
9. The monthly average rate of spam recognition shall be at least 99.9%. Such recognition rate shall be calculated based on the number of all emails, which were targeted for the Reseller’s domains and reached the EveryCloud systems in the measured time period. The recognition rate shall only be applicable where the direct delivery of incoming emails via SMTP to the EveryCloud Systems occurs by modification of the MX record of the Reseller's domains to point email traffic to the EveryCloud system.
10. The yearly average rate of virus recognition shall be at least 99.99%. The virus recognition rate shall be calculated based on the number of all emails, which were targeted for the Reseller's domains and reached the EveryCloud System in the measured time period.
11. The monthly average false-positive rate shall be below 0.0004 %. Such false positive rate shall be calculated based on the number of all emails, which were targeted for the Reseller's domains and reached the EveryCloud system in the measured time period. The following shall not be included in the false positive percentage rate: emails which were sent via incorrectly configured servers (not RFC-conforming), via verified Open Relays or insufficiently configured mail clients.
12. The yearly average availability shall be 99.99%. Condition shall be the direct delivery of incoming emails via SMTP to the agent's systems ensured by modification of the MX record. Scheduled maintenance shall not be taken into account.
13. All scheduled maintenance on the production environment within the EveryCloud System shall, wherever practicable, be performed during weekend nights.
14. Reseller shall ensure that the Customer's systems can accept emails sent from the EveryCloud systems, and that the EveryCloud Control Panel has all the required information about the Customer's systems.
24x7 Technical Support and Fault Response
EveryCloud will provide technical support twenty-four (24) hours/day seven (7) days/week.
Whenever the Reseller/User raises a problem, fault or request for service information via telephone or email with EveryCloud, the fault shall be allocated a priority level as set out below with a corresponding response time.
Priority Response Target
Critical Loss of Service 95% of calls responded to within 2 hours
Major Partial loss of Service or Service impairment 85% of calls responded to within 4 hours
Minor Potentially Service affecting or non-Service affecting 75% of calls responded to within 8 hours
Planned maintenance: (where the Service is affected): EveryCloud shall use reasonable endeavours to give the Reseller at least 7 days advance notification
Unplanned breakdown or fault maintenance notification (where the Service is affected): EveryCloud shall give as much notice as is possible in the circumstances.
ENCRYPTION SERVICE DESCRIPTION
1. The EveryCloud Encryption service can only be purchased as an additional product when the Spam Filter Service is purchased. The Encryption service cannot work on a standalone basis.
2. EveryCloud encrypts and digitally signs Users’ outgoing e-mails and decrypts the recipients’ incoming e-mails using the EveryCloud systems according to set policies or Customer defined policies.
3. Outgoing mail is signed using S/MIME, if the required private key is available in the certificate store.
4. Policies on encrypting outgoing e-mails can be adjusted by Customers using the EveryCloud Control Panel.
5. Depending on how policies are set, outgoing e-mails are transferred:
a) S / MIME or PGP encrypted using the recipient's public key,
b) unencrypted, but using an encrypted channel (TLS),
6. If the policy provides for mandatory encrypted transmission to a recipient, but the necessary public key of the recipient is unavailable in the certificate store, and TLS data transfer is not supported by the receiving mail server, outgoing e-mails to that recipient will be rejected and not transmitted.
7. Incoming S / MIME or PGP encrypted e-mails will be automatically decrypted if the required private key is available in the certificate store.
8. Public keys are automatically extracted from incoming e-mail signatures and deposited in the certificate store.
9. Private keys for Customers can be ordered via the EveryCloud Control Panel and then be automatically stored in the certificate store. Alternatively, existing private keys can be stored in the certificate store by EveryCloud support.
10. EveryCloud ensures support of Customers, provided always that the support requirement is related to EveryCloud systems. EveryCloud will not support the Reseller and Customer systems.
CONTINUITY SERVICE DESCRIPTION
1. In the event of a failure of a Customer’s e-mail server, EveryCloud provides a backup e-mail server in an EveryCloud data centre that will allow Customer to receive and send e-mails.
2. The EveryCloud Continuity service can only be purchased as an additional product when the Spam Filter Service is purchased. The Continuity service cannot work on a standalone basis.
3. EveryCloud archives incoming and outgoing clean e-mails for a rolling period of 3 months on the EveryCloud IT systems provided always these emails have been routed through EveryCloud’s server.
4. Users can access stored e-mails from the EveryCloud Control Panel. Stored e-mails can be searched by specific criteria and content. Users can re-deliver stored e-mails to their e-mail server.
5. The redirection of incoming e-mails to the backup server is automatic when there is no response from the Customer’s server.
6. During activation of the backup server, Users can access e-mails in the backup server via POP3, IMAP or Webmail interface.
7. E-mails in the backup server will be automatically sent to a the relevant e-mail server as soon as the e-mail server becomes available again, provided always that the e-mails have not previously been moved to other folders or deleted via POP3, IMAP or Web interface. E-mails will be deleted from the backup server after transmission to the e-mail server.
ARCHIVING SERVICE DESCRIPTION
1. Service Description
1.1 The EveryCloud system shall archive Reseller/Customer emails which shall be retained for a maximum period of 30 years, or as otherwise determined by the Reseller or Customer within the EveryCloud System.
1.2 Users shall be able to access archived emails over the Internet. It is possible to search archived emails according to certain criteria and contents in order to retrieve the specific emails. Users shall be able to interactively initiate re-sending of archived emails to its systems.
1.3 Upon receipt of a written request to EveryCloud by the Reseller, the Reseller or a Customer shall be granted special access in order to allow access to all archived emails for a certain time period (audit access, e.g. for a tax audit). This access shall be deleted after completion of the required purpose.
1.4 The following emails shall be archived:
1.4.1 Emails which were sent by the Reseller or its Customer to third parties through the EveryCloud servers (outgoing external emails);
1.4.2 Emails which were received by the Reseller or its Customers from third parties through the EveryCloud servers (incoming external emails);
1.4.3 Emails which are provided by the Reseller or its Customers for pickup by in a special mail box within the EveryCloud server (internal email).
1.5 The support of IT systems owned and operated by the Reseller or its Customers shall not be the responsibility of EveryCloud.
1.6The archiving volume shall be limited to 25 GB per User per Annum. The volume shall be averaged over all Users within each Customer. Data volume exceeding the included volume shall be separately billed at the rate of £4.70 pounds sterling per GB.
1.7 EveryCloud shall use its reasonable endeavours to ensure the availability of archived email of the Reseller or its Customers for a maximum duration of 10 years starting the end of the year the archived email was sent or received. EveryCloud shall only make available such archived email whilst the Reseller or its Customers remains a live Reseller or Customer using the EveryCloud Services. In the event of termination of this Agreement, the Reseller shall be required to enter into a stand-alone agreement in respect of data storage maintenance to enable it or its Customers to have continuous availability of archived emails.
1.8 The Reseller or its Customers who take the archiving service shall have access to the archived emails 24 hours per day 365 days per year. In the event that there is a technical malfunction, scheduled maintenance, the Reseller or its Customers shall obtain access to the archived emails within 12 hours of making the request. Planned maintenance times shall be excluded.
1.9 The archiving Service is compliant with current statutory conditions regarding electronic email archiving. EveryCloud shall use its reasonable endeavours to ensure that the archiving Service remains compliant at all times, including in respect of amended statutory requirements and comply at all times with Good Industry Practice.