MyCyberEyes General Terms of Sale
Trust Software (hereinafter the “Company”) operates a B2B service called MyCyberEyes. It is a cyber-risk monitoring tool accessible as SaaS that enables companies to detect the vulnerabilities of their digital platforms exposed to the internet (hereinafter the “MyCyberEyes Solution”).
Article 1. Purpose
The purpose of these general terms of sale (hereinafter the “GTS” or the “Agreement”) is to set out the terms and conditions according to which the Company will supply the MyCyberEyes Solution and the related Services to the client.
Article 2. Acceptance and updating of the GTS
The GTS apply to all the services the Company provides to an entity (hereinafter the “Client”) and its employees who use the MyCyberEyes Solution (hereinafter the “Users”).
By subscribing to the MyCyberEyes Solution, the Client agrees that it and its Users will comply fully with the GTS. The GTS prevail over all other terms and conditions and documents other than any special conditions that may be expressly agreed to between the Parties.
The Company reserves the right to modify the GTS at any time. Each new version of the GTS will be published on the Client interface and the Client shall be informed thereof by email.
The Company, the Client, and the Users who are employees of the Client are hereinafter referred to together as the Parties, and individually as a Party.
Article 3. Services provided by the Company
The MyCyberEyes Solution detects vulnerabilities in applications, monitors the technical ecosystem, detects data leaks, and detects instances of regulatory noncompliance.
Through the MyCyberEyes Solution, the Company provides the Client with several services and features (hereinafter the “Services”).
These Services include:
- Detection of vulnerabilities on the Client’s digital platforms, such as an administrator interface accessible via Internet, an obsolete webserver version, data leaks, etc.;
- Notification of the Client in real time of such vulnerabilities;
- Provision of information about the security level of the Client’s digital platform;
- Recommendations as to the measures to take to fix the detected vulnerabilities. In the latter case, it is specified that the Company plays an advisory role and is not a technical service provider. The Client must take the necessary technical measures to fix vulnerabilities.
In addition, the MyCyberEyes Solution provides access to the following features:
- A customized dashboard that makes it easier to manage the Client’s cybersecurity;
- A list of the beneficiaries of the Services (the Client’s entities that may use the Company’s services);
- A list of the Client’s URLs covered by the cybersecurity monitoring service (the scope of the Services)
- A history of the vulnerabilities detected for each beneficiary and each URL covered by the service;
- In case of an administrator access, a list of the Users who have access to the MyCyberEyes Solution;
- Ranking of the Client’s platform security levels through delivery of an “MCE Rating” label;
- Downloadable vulnerability reports and the ability to share hypertext links with other Users or third parties. These third parties shall not have access to the MyCyberEyes Solution under any circumstances.
Article 4. Terms of access to the Services
The MyCyberEyes Solution may be accessed as SaaS through dedicated infrastructure using the Company’s resources. The Client and the Users have access rights to the MyCyberEyes Solution.
4.1 Subscribing to the Solution
The Client may sign up directly online using the subscription form available at: https://www.mycybereyes.com.
The Client’s subscription will be accepted only if the Client accepts the GTS and satisfies the following conditions:
- The Client provides information that is accurate, truthful, up to date, and reflects the Client’s current situation, such as first and last names, entity name, email address, telephone number, URLs, delegation of authority to represent the entity, etc.;
- The individual registering on behalf of the Client represents and warrants that they are duly authorized to bind the entity they represent;
- The individual registering on behalf of the Client represents and warrants that the URLs provided when subscribing to the Services belong to the entity or entities it is duly authorized to represent.
Moreover, the Client will not be able to access the Services until the Company has approved its subscription.
4.2 User account
The Client is responsible for its employees’ (the Users’) use of the MyCyberEyes Solution and the Services.
Once the subscription conditions have been satisfied, the User obtains a personal login and a password. Logins and passwords are strictly personal and confidential and must not under any circumstances be disclosed to or shared with third parties. Logins and passwords are designed to (i) limit access to the MyCyberEyes Solution to the Users, and (ii) protect the integrity, confidentiality, and availability of the MyCyberEyes Solution and its integrated data.
The Client must make sure the Users keep the logins and passwords confidential. The Client is solely liable for the use and confidentiality of the logins and passwords. It must inform the Company immediately if it notices any fraudulent use of a User account or a security defect related to the voluntary disclosure or the misappropriation of logins and passwords so that the Company may immediately take all appropriate measures to remedy the security defect.
Article 5. Obligations of the Parties
5.1 Obligations of the Client
For the performance of the Agreement, the Client agrees to comply with the provisions set out herein as well as with the law applicable to the Agreement, and to respect the rights of third parties.
In addition, the Client agrees not to allow unauthorized persons to access the MyCyberEyes Solution and shall make sure the Users comply with the related contractual terms of access as well as the law applicable to access to the Solution. The Client may not in any way transfer the right to access the MyCyberEyes Solution to any third party without the Company’s prior written consent.
Furthermore, on subscribing to the Services and throughout the term of the Agreement, the Client shall ensure that its digital platforms are secure, in particular by instituting and/or updating backup procedures.
Moreover, throughout the term of the Agreement, the Client shall actively cooperate with the Company and provide it with all the information the Company needs to provide its Services.
5.2 Obligations of the Company
Provided the price agreed to in this Agreement is paid, the Company shall provide its Services subject to an obligation of best efforts. The Company shall therefore dedicate the human and technical resources required to provide Services that satisfy the service quality conditions set out in Article 9 of these GTS.
Article 6. Financial terms
The price for access to the MyCyberEyes Solution and the provision of related Services is indicated on www.mycybereyes.com. The price is indicated in euros without tax, and must be increased by any taxes and duties that apply on the date of the invoice.
Every year on the anniversary of the Agreement’s effective date, the price will be adjusted, without prior notice, according to the variation in the SYNTEC index published by the French Fédération Syntec. If publication of the index is delayed, the Client shall temporarily pay the price then in effect, and the adjustment will be made and the additional amount will be due as soon as the index is published.
The calculation formula used for the price adjustment is P1 = P0 x S1/S0,
P0 = the year n contract price, excluding tax
P1 = the price, excluding tax, after the price adjustment for year n+1
S0 = the SYNTEC reference index published on the date of subscription to the Services in year (n)
S1 = the latest SYNTEC index published on the date the annual adjustment is made.
6.2 Billing and payment
Invoices shall be issued and paid in euros.
Payment is due within thirty (30) days of the issue date, or any other period agreed to between the Parties.
Invoices shall be paid either by wire transfer or through the Company’s website with a debit or credit card.
The Company does not accept partial or staggered payments unless the Parties have agreed otherwise.
6.3 Disputing an invoice
If the Client disputes the amounts invoiced, it must notify the company as soon as possible and no later than fifteen (15) days of receiving the invoice. All disputes must be supported by documentation. A dispute over an invoice does not justify non-payment of other, undisputed invoices.
6.4 Late payment or non-payment
If payment is late, the Company may suspend its Services or terminate the Agreement, without prejudice to any legal action.
Failure to pay any amount on the due date indicated on the invoice automatically triggers application, starting on the day following such due date, of penalties equal to five times the legal interest rate. In addition, a fixed, 40-euro penalty for collection fees shall be due. If the Company incurs collection fees of more than €40, it reserves the right to claim additional compensation upon proof of the amount.
Article 7. Intellectual property
The content of the MyCyberEyes Solution, in particular is architecture, design, interfaces, software, databases, texts, trademarks, images, and all graphic components, as well as the vulnerability reports and any other deliverable that may be accessed via the MyCyberEyes Solution (hereinafter the “MyCyberEyes Content”), is the Company’s exclusive property. The MyCyberEyes Content is protected by the provisions of the French Intellectual Property Code and all national or international texts that apply to intellectual property rights.
Any reproduction, dissemination, or use of some or all of the MyCyberEyes Content in any form without the Company’s prior express consent is prohibited and shall constitute infringement punishable, in particular, by articles L. 335-2 et seq. of the French Intellectual Property Code.
The Company is and remains the sole holder of all the intellectual property rights over the MyCyberEyes Content. There is no automatic transfer of ownership of the intellectual property when the Client subscribes to the MyCyberEyes Solution and the related Services. However, the Company grants the Client a right to use the downloadable deliverables (e.g., vulnerability reports) through the MyCyberEyes Solution interface. This use license is granted only for the Client’s internal needs and solely for the term of the Agreement.
Article 8. Personal data protection
The Parties agree to comply with European Regulation 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”), and with French law No. 78-17 of January 6, 1978 on information technology, computer files, and civil liberties, as amended (the “Data Processing and Civil Liberties Law”) (hereinafter the “Regulations”), and in particular to ensure the confidentiality and security of personal data (hereinafter the “Personal Data”).
The Company provides services to businesses. In that context, it collects and processes very little Personal Data concerning individuals. The Personal Data it collects from its Clients and processes are mainly the first and last names and email addresses of its correspondents, who are the Client’s employees. The Company may therefore be characterized as the Personal Data Controller of its Clients and Users within the meaning of the above Regulations.
In that capacity, the Company provides the Client with a standard security level enabling it to protect Personal Data from accidental or unlawful destruction, accidental loss, alteration, unauthorized dissemination or access, and other forms of unlawful processing or of disclosure to unauthorized persons. The Client’s and the Users’ Personal Data are stored on servers located in France that belong to the Company’s subcontractor, a company called OVH.
When the Agreement reaches its term, the Company shall destroy all of the Personal Data of the Client and its employee-Users, subject to a legal or regulatory obligation to retain them.
Article 9. Warranties
The Company shall devote the reasonable resources at its disposal to provide the Client with continuous, 24/7 access to the MyCyberEyes Solution
However, access to the MyCyberEyes Solution may be interrupted momentarily as required for service reasons, and in particular to conduct maintenance on the Company’s or its subcontractor’s servers. In such case, the Client shall be informed in advance by email.
In addition, in the event the Company detects a security defect likely to seriously compromise the security of the Company’s tools and software (including the MyCyberEyes Solution), the Company may momentarily interrupt the Services without notice to remedy the security defect as soon as possible. In such case, the Client may not claim any compensation or seek to hold the Company liable for any reason.
The Company shall conduct remedial maintenance on the MyCyberEyes Solution and devote all reasonable resources at its disposal to fixing the anomalies it detected or any reproducible anomalies the Client reported to the Company’s customer support.
The Parties acknowledge, however, that software may contain errors and that it is neither economically possible nor always necessary to fix all the errors. Therefore, the Company does not warrant that all defects or errors in the MyCyberEyes Solution will be fixed.
Moreover, the Company does not provide any express or implicit warranties related to the MyCyberEyes Solution, including but not only any implicit warranty that the Services are appropriate for a particular purpose. In particular, the Company cannot warrant that its Services will make it possible to detect and reduce all of the cyber risks that may exist in the Client’s applications or on its information system.
Article 10. Liability
10.1 Liability of the Company
The Company shall make its best efforts to provide its Services. Its liability shall be limited as provided for below in these GTS. Given the technical nature of the services being provided, the Company owes the Client only a best efforts obligation.
The Company may not under any circumstances be held liable if the MyCyberEyes Solution is rendered unavailable or the Company cannot perform its services for one or more of the following reasons:
- Access to the Services has been suspended for maintenance;
- The Client and/or the Users are using the Services in a manner that does not comply with the use documentation or is not expressly authorized under the Agreement;
- Damage has occurred as a result of the fault or negligence of the Client and/or the Users, or could have been avoided had they sought advice from the Company;
- Malicious intrusions have occurred through a security defect in an application that is not Client’s responsibility;
- The password to the client application has been misappropriated;
- A force majeure event has occurred, including delay or non-performance caused by a force majeure event;
- Anomalies caused by a defect in the Client’s hardware or applications not supplied by the Company;
- The MyCyberEyes Solution has been used in an inappropriate environment or there has been a failure of the telecommunications system, and in particular the internet access.
The Company is liable only for direct, foreseeable harm proven by the Client to be caused by the poor performance, in whole or in part, of the Services. Similarly, the Company is liable for direct harm caused by Personal Data processing that does not comply with the applicable Regulations.
The Company will not in any event be liable if it did not cause the harm. In addition, the Company may not under any circumstances be held liable for any consequential damages the Client may incur because of or in connection with the performance of the Agreement and its consequences.
10.2 Liability of the Client
The Client is solely liable for the actions performed by its representatives, employees, and/or agents following recommendations received from the Company that they may have misinterpreted or performed incorrectly and that caused malfunctions in the Client’s information system. The Client must take all backup, copying, and security measures to protect its data and its digital platforms.
Similarly, the Client is responsible for the security of its information system and digital platforms, as well as for the individual workstations used by the Users to access the MyCyberEyes Solution. Subscribing to the MyCyberEyes Solution does not shift liability to the Company as regards the security of the Client’s information system, digital platforms, or individual workstations.
In addition, the Client is solely liable for the direct and/or indirect consequences of following the Company’s advice and recommendations, and may not seek to hold the Company liable on any basis. The Company is not liable for the nature or result of the remedial measures the Client takes based on the Company’s recommendations.
The Client shall ensure that the digital platforms to which it gives the Company access for the purposes of the Agreement comply with applicable standards, are lawful, and respect third-party rights. The Company is therefore not liable for the nature or content of the Client’s digital platforms, for which the Client is solely liable. The Client shall compensate the Company for any consequences (harm, legal fees, etc.) arising from any claim from a third party, dispute, or civil or criminal proceeding initiated against the Company based on the nature or content of the Client’s digital platforms.
Article 11. Term and termination
11.1 Term of the Agreement
The Agreement takes effect on the day the Company approves the Client’s subscription. Access to the MyCyberEyes Solution and the related Services shall be granted for one (1) year from the entry into force of the Agreement (the “Initial Period”).
The Agreement shall be tacitly renewed after the Initial Period for successive periods of one (1) year. Either Party may object to the tacit renewal by sending the other Party a registered letter with return receipt requested at least ninety (90) business days before the renewal date. This notice period may be extended depending on the length of the Parties’ commercial relationship.
If either Party breaches any of its obligations under the Agreement and does not cure such breach within thirty (30) calendar days of receiving notice to do so, the non-breaching Party may terminate the Agreement as of right without any legal formalities.
The Agreement shall be terminated without prejudice to any damages the terminating Party may claim based on the other Party’s breach and any penalties that may be due under the Agreement.
11.3 Consequences of termination
When this Agreement ends for any reason, the Parties shall be restored to their pre-signature positions. The “Intellectual Property,” “Personal Data Protection,” and “Non-Disclosure” clauses shall survive the expiration of the Agreement.
Should the Agreement end for any reason, the Company may, if the Client so requests, provide the service of transferring any component, document, data, or configuration that is useful to starting up service again (service reversibility), provided the Services have been fully paid for.
The Client must make its request for reversibility in writing no later than one (1) month before the Agreement reaches its term. As of the Agreement’s end-date, the Company will have at most three (3) months to complete reversibility operations. If the Client’s actions prevent restitution by the Company, the Company shall be released from its obligation. A supplementary invoice will be issued for the reversibility operations.
Article 12. Non-disclosure
Throughout the term of the Agreement and for three (3) years after it expires or is terminated, the Parties shall keep strictly confidential all of the information and documents of any kind that they may have received from each other while performing the Agreement, and in particular, economic, commercial, strategic, marketing, or legal information, business secrets, the other Party’s know-how, software licenses, and databases, and the Personal Data.
The Parties agree:
- Not to use the confidential information for purposes unrelated to the Agreement;
- To keep such information strictly confidential and to treat them with as much care and offer them as much protection as it would its own information of the same importance;
- Not to disclose the confidential information to any third parties in any form in any way for any reason, with the exception of staff members or any other persons acting in the Party’s name and on its behalf that need to know the information to perform the Agreement.
The following types of information are not confidential:
- Information known to have been disclosed before it was obtained and/or received by the Parties or that is subsequently disclosed through no fault of either Party;
- Information that does not result directly or indirectly from the use of any or all of the confidential information as defined in this clause;
- Information validly obtained from a third party authorized to transfer or disclose such information.
When the Agreement ends for any reason, the Parties shall immediately return all confidential information, documents, and/or data the other Party may have provided in connection with performance of the Agreement, and shall destroy all copies, backups, excerpts, reproductions, or summaries of such confidential information, documents, and/or data provided by the other Party, in whole or in part, in any form.
Article 13. Miscellaneous provisions
The Parties represent that they have each purchased insurance policies to cover the risks and the liability they may incur in connection with performing the Agreement.
The Company may subcontract the performance of certain services covered by the Agreement.
13.3 Non-solicitation of personnel
The Client undertakes not to hire, try to hire, or cause to work directly or indirectly through a third party any employee of the Company who is assigned to perform the Services covered by the Agreement, or to take such employee into its employ, regardless of the type of employment. This undertaking is valid throughout the term of the Agreement plus a period of twelve (12) months from the date of its expiration. If the Client does not comply with this undertaking, it shall pay the Company compensation equal to the total gross pay paid to such employee over the course of the twelve (12) months preceding their departure.
13.4 Public relations
The Client authorizes the Company to mention the Services covered by the Agreement, and in particular the Client’s use of the MyCyberEyes Solution, in its marketing documents and/or advertising, regardless of the medium. In this regard, the Client authorizes the Company to use its names, distinctive signs, trademarks, and logos. The Company undertakes in all cases not to infringe the Client’s rights over its company name, commercial name, trademarks, domain names, and product names, and not to create confusion in the mind of the public. In addition, it shall always respect the Client’s brand image. The Company shall cease all use of the above-mentioned symbols when the Agreement ends, regardless of the reason.
Article 14. Governing law and jurisdiction
These GTS are governed by French law.
In the event of a dispute, after all of the Parties’ attempts to reach a voluntary solution have failed the French courts shall have exclusive jurisdiction to hear the dispute.
ALL DISPUTES RELATED TO THE SIGNATURE, INTEPRETATION, PERFORMANCE, AND TERMINATION OF THESE GTS SHALL BE SUBJECT TO THE EXCLUSIVE JURISDICTION OF THE COURTS WITHIN THE JURISDICTION OF THE VERSAILLES COURT OF APPEAL, TO WHICH THE PARTIES EXPRESSLY ATTRIBUTE JURISDICTION, EVEN IN THE EVENT OF MULTIPLE DEFENDANTS, SUMMARY PROCEEDINGS, IMPLEADER, OR EX PARTE PROCEEDINGS.
Article 15. Entire agreement
These GTS, including the Preamble, constitute the Agreement and express the entire agreement between the Parties.