1. Definitions

The definitions in this Section apply in this Agreement.

Additional Order: an order placed by the Customer for additional modules or services to be provided via the Platform, other than those included within Services subject to the terms of this Agreement.

Applicable Laws: all privacy, security, and data protection laws, rules, regulations, ordinances and regulatory guidance applicable to Secure Schools’ processing of Customer Personal Information, including all related amendments and implementing regulations, all as may be amended, restated or replaced from time to time.

Authorized Users: those employees, agents, or other persons who are authorized by the Customer to, and who do, use or access the Platform, Services, or the Platform Specification on the Customer’s behalf.  Where the Customer contracts with Secure Schools on behalf of more than one educational establishment, this shall include the employees and agents of the educational establishments represented by the Customer who are named in the Order Details.

Authorized User Account: an individual account linked to the Platform, established by an Authorized User for use of the Services.  

Business Day: a day, other than a Saturday, Sunday or public holiday in the United States, when banks in the United States are open for business.

Business Hours: 9am until 5pm on a Business Day.

Claims: claims, demands, disputes, actions, proceedings, losses, liabilities, damages, expenses and costs (including without limitation court costs and reasonable legal fees).

Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in Section 11.1.

Customer or you: the school or other educational establishment which is receiving the Services. 

Customer Data: includes Customer Personal Information and any data, text, documents, information, or other materials that are uploaded to, posted to, stored on, or created using the Platform or Services by the Customer, Authorized Users, or Secure Schools on the Customer's behalf including, but not limited to identity, address, financial and educational attainment records and special category data).

Customer’s Network: the network or networks owned by the Customer and connected devices owned by the Customer, including all software and hardware included in such networks.

Customer Personal Information: all Personal Information, including Sensitive Personal Information, that is Processed by or on behalf of, or made available to, Secure Schools in the course of providing the Services under the Agreement.

Effective Date: the date that Customer or Authorized User first accesses or uses the Platform or Services.

Initial Term: the initial term of this Agreement as set out in the Order Details.

Live Date: the date upon which the Customer is to have access to the Platform and Services, as set out in the Order Details or otherwise agreed between Secure Schools and the Customer. 

Materials: the policy documents and other materials produced by or through the Platform for use by the Customer. 

Order Details: the details of the Customer’s order for the Services, approved by the Customer on the Secure Schools order form or quote, which includes the Subscription Fees, the features or modules available to the Customer and the address of each Customer location which will have access to the Services. 

Personal Information has the meaning given in Applicable Laws. 

Platform: the Website, the online platform provided by Secure Schools as part of the Services, with the functionality as described in the Order Details and Platform Specification. 

Platform Specification: the document(s) made available to the Customer by Secure Schools online via app.secureschools.com or such other web address as Secure Schools may update from time to time which sets out a description of the Services (including the features for each module of the Platform), as amended from time-to-time. 

Renewal Period: the period as defined and described in Section 13.1.

Services: certain content, products, and services provided by Secure Schools to the Customer under this Agreement via the Website, or via any other method (as may be updated, modified, or otherwise changed from time to time), as set out in the Order Details, each as may be more particularly described in the Platform Specification,  and which include the Platform and Materials. 

Subscription Fees: the fees (if any) payable by the Customer to Secure Schools for use of the Services, as set out in the Order Details and subsequently varied in accordance with Section 7.2.

Subscription Term: the Initial Term together with any subsequent Renewal Period(s).

Third-Party Services: products, services, and websites that are advertised or offered by a third party through the Service or any hyperlinked website or service.

Virus:  worms, defects, spyware, malware, Trojan horses, viruses, time bombs, and other similar software, code, files, scripts, or program designed to interrupt, destroy, or limit the functionality or operation of any computer software, hardware device, telecommunications service, equipment.

Vulnerability Assessment: any penetration test or vulnerability assessment conducted by Secure Schools as part of the Services.

Website: https://www.secureschools.com/ (or such other website as notified from time to time by Secure Schools). 

2. Licence

2.1. Secure Schools hereby grants to the Customer a non-exclusive, non-transferable, non-sublicensable right and license to permit the Customer (acting by its Authorized Users) to use the Services (including the Materials) during the Subscription Term solely for the Customer's internal operations.

2.2. The Customer shall not take, and ensures that no Authorized User shall take,  any of the following actions: 

1. post, upload, publish, submit, share, distribute, or transmit any Customer Data that: (i) Customer lacks the authority to post, upload, publish, submit, share, distribute, or transmit; (ii) infringes, misappropriates, or violates a third party’s patent, copyright, trademark, trade secret, moral rights, or other intellectual property rights, or rights of publicity or privacy; (iii) contains any Virus or uses the Services to access, store, distribute or transmit any Viruses; (iv) violates, or encourages any conduct that would violate, any applicable law or regulation or would give rise to civil liability; (v) is fraudulent, false, misleading, or deceptive; (vi) is defamatory, indecent, obscene, pornographic, vulgar, or offensive; (vii) promotes discrimination, bigotry, racism, hatred, harassment, or harm against any individual or group; (viii) is violent or threatening or promotes violence or actions that are threatening to any person or entity; or (ix) promotes illegal or harmful activities or substances;

2. use the Services other than the purpose for which they were provided to the Customer; 

3. subject to Section 15.7(a), license, sell, resell, sublicense, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services available to any other school, educational establishment, or third party except the Authorized Users; 

4. introduce or permit the introduction of any Virus into Secure Schools’ network and information systems; 

5. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Services and/or Platform Specification (as applicable) in any form or media or by any means; or

6. attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Platform; or

7. access all or any part of the Services and Platform Specification in order to build a product or service which competes with the Services and/or the Platform Specification; or

8. interfere or attempt to interfere with the proper working of the Services (including, but not limited to, any application, function, or use of the Services) or any activities conducted on the Services; 

9. take any action that imposes or may impose (as determined by Secure Schools in Secure Schools’ sole discretion) an unreasonable or disproportionately large load on Secure Schools’ infrastructure;

10. attempt to probe, scan, or test the vulnerability of any Secure Schools system or network or breach any security or authentication measures;

11. avoid, bypass, remove, deactivate, impair, descramble, or otherwise circumvent any technological measure implemented by Secure Schools or any of Secure Schools’ providers or any other third party (including another Authorized User) to protect the Platform and Services, or Content;

12. collect from or store on the Platform or Services any personally identifiable information or sensitive information of other Authorized Users without their express permission;

13. impersonate or misrepresent Authorized User’s affiliation with any person or entity; or

14. engage in any fraudulent, deceptive, or illegal practices or activities, or use the Services to directly or indirectly support any such practices or activities.

2.3. If the Customer owns or operates more than one school or establishment, it shall only permit those schools or establishments named in the Order Details, and in respect of which the Customer has paid the Subscription Fees, to access the Platform and Services and use the Materials. Where the Customer places multiple orders at the same time, the Order Details will comprise the details of all orders placed. The Order Details will be (a) confirmed by email to the Customer after the Customer places its order for the Services, and (b) detailed in the Customer’s Authorized User Account.   

2.4. The rights provided under this Section 2 are granted to the Customer only, and shall not be considered granted to any subsidiary or holding company of the Customer, except where stated in the Order Details.

3. Services

3.1. Secure Schools shall, during the Subscription Term, provide the Services and make available the Platform Specification to the Customer on and subject to the terms of this Agreement. Use of the Platform and the Services are each conditioned upon Customer and its Authorized Users’ full compliance with this Agreement and all applicable laws, rules, and regulations.

 

3.2. This Agreement shall only apply to the Services specified in the Order Details. Any Additional Order (whether made before or after the date of this Agreement) placed by Customer will be provided under the terms of a separate agreement.
3.3. To use the Platform, Authorized User must have an Authorized User Account. Authorized User hereby authorizes Secure Schools to obtain and store Authorized User Account information as necessary to make the Platform available to Authorized User, subject to Secure Schools DPA located at https://www.secureschools.com/en-us/. 

3.4. Authorized User may use the Platform or access the Services only if Authorized User is thirteen (13) years of age or older, has not been previously suspended or removed from using the Platform or the Services and is not barred from using the Platform or the Services under applicable law. 

3.5. By using the Platform, the Customer and Secure Schools hereby agree to the terms and conditions of the Service Level Agreement (“SLA”) available at https://www.secureschools.com/en-us/sla-us, which forms part of and is hereby incorporated  into this Agreement by reference, as it may be updated from time to time. SECURE SCHOOLS MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE PLATFORM’S UPTIME, AVAILABILITY, OR PERMISSIBILITY IN ANY PARTICULAR GEOGRAPHICAL LOCATION. From time to time, scheduled system maintenance or emergency maintenance may occur, and during such maintenance periods, the Platform may be inaccessible and unavailable, with or without notice to the Customer.

3.6. Secure Schools will provide the other Services (not provided via the Platform) at such times as specified by Secure Schools in accordance with the Platform Specification, or such other times as agreed between the Customer and Secure Schools.

 

4. Data Protection

Secure Schools and the Customer each agree to comply with the terms and conditions of the Data Processing Addendum located at Exhibit A (the “DPA”), which forms part of and is hereby incorporated into this Agreement by reference, as it may be updated from time to time.

The Customer and Secure Schools agree that Secure Schools acts both as a controller and processor for the purposes of Applicable Laws. 

Secure Schools’ privacy notice (as amended from time to time) applies to Personal Information collected by Secure Schools in its capacity as controller. The current privacy notice is located here. 

Each party shall comply with Applicable Laws in respect of all Personal Information transferred by the other party to it, in connection with the Services. 

The Customer warrants that it has in place all necessary notices and consents to permit the transfer of Personal Information from the Customer to Secure Schools in connection with the Services, and the use of such Personal Information by Secure Schools in performing the Services.  

Secure Schools may publish data regarding trends and performance, observed by Secure Schools from its Customers and their respective Authorized Users. Where such data is compiled in whole or in part, from Personal Information collected by Secure Schools, Secure Schools shall ensure that such data is aggregated and anonymized before publication. 

5. Disclaimers; Third-Party Websites and Resources

 5.1. The Platform’s performance of actions initiated by Customer may irrevocably modify and/or delete Customer Data. CUSTOMER ACKNOWLEDGES AND AGREES THAT SECURE SCHOOLS IS NOT RESPONSIBLE FOR THE LOSS OR MODIFICATION OF ANY CUSTOMER DATA AS A RESULT OF CUSTOMER INITIATED ACTIONS AND THAT CUSTOMER’S USE OF THE PLATFORM IS AT CUSTOMER’S OWN RISK.

5.2. TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAW, THE SERVICES, PLATFORM SPECIFICATION, MATERIALS, AND/OR OTHER INFORMATION OBTAINED BY THE CUSTOMER THROUGH THE SERVICES ARE PROVIDED “AS IS,” WITHOUT WARRANTY OF ANY KIND MADE BY SECURE SCHOOLS. WITHOUT LIMITING THE FOREGOING, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SECURE SCHOOLS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, DATA LOSS, AND NON-INFRINGEMENT.

5.3. Secure Schools:

1. DOES NOT WARRANT THAT: THE CUSTOMER'S USE OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE; THE SERVICES, PLATFORM SPECIFICATION, MATERIALS AND/OR OTHER  INFORMATION OBTAINED BY THE CUSTOMER THROUGH THE SERVICES WILL MEET THE CUSTOMER'S REQUIREMENTS; THE PLATFORM OR THE SERVICES WILL BE FREE FROM VULNERABILITIES OR VIRUSES; OR THE INFORMATION CONTAINED IN THE SERVICES, PLATFORM OR PLATFORM SPECIFICATION IS ACCURATE, UP TO DATE, RELIABLE, TIMELY, TRUTHFUL OR COMPLETE;

2. CANNOT GUARANTEE THE ACCURACY OR COMPLETENESS OF CUSTOMER DATA AND MAKES NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO CUSTOMER DATA; 

3. DOES NOT WARRANT THAT THE USE OF ANY OR ALL OF THE SERVICES WILL SATISFY ANY REQUIREMENT OF THE CUSTOMER’S INSURANCE PROVIDER(S), OR SATISFY ANY REQUIREMENT OF THE RISK PROTECTION ARRANGEMENT FOR SCHOOLS; 

4. DOES NOT WARRANT OR GUARANTEE THAT THE CUSTOMER WILL BE FREE FROM ATTACKS, BREACHES AND FAILURES AS A RESULT OF USING THE SERVICES; AND

5. IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR ANY OTHER LOSS OR DAMAGE RESULTING FROM THE TRANSFER OF DATA OVER COMMUNICATIONS NETWORKS AND FACILITIES, INCLUDING THE INTERNET, AND THE CUSTOMER ACKNOWLEDGES THAT THE SERVICES AND PLATFORM SPECIFICATION MAY BE SUBJECT TO LIMITATIONS, DELAYS AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES.

5.4. This Agreement shall not prevent Secure Schools from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement.

5.5. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against Secure Schools shall be for Secure Schools to use reasonable commercial efforts to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by Secure Schools in accordance with Secure Schools’ customary archiving procedure. Secure Schools shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party.

5.6. Through the Services, the Customer may be able to elect to receive Third-Party Services from third parties (each such third party, a Third-Party Provider). Third-Party Providers are solely responsible for their Third-Party Services.  The Customer is solely responsible for, and assumes all risk from, the Customer’s election to receive and the Customer’s receipt of any Third-Party Service. SECURE SCHOOLS IS NOT RESPONSIBLE FOR THIRD-PARTY SERVICES OR ANY MATERIAL, INFORMATION, OR RESULTS MADE AVAILABLE THROUGH THIRD-PARTY SERVICES AND IS NOT RESPONSIBLE FOR ANY DAMAGES OR COSTS OR ANY TYPE ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE CUSTOMER’S DEALINGS WITH THIRD-PARTY PROVIDERS. The applicable Third-Party Providers may require the Customer to agree to terms and conditions or agreements with respect to their provision of the Third-Party Services to the Customer.  If the Customer elects to receive a Third-Party Service, the Customer authorizes Secure Schools to submit to the applicable Third-Party Provider any and all documents and information about the Customer and the Customer’s business that are necessary for such Third-Party Provider to provide the Third-Party Service to the Customer (Shared Information). The Customer is solely responsible for the accuracy of all Shared Information. The Customer represents and warrants that the Customer has all the rights in and to any Shared Information necessary to provide Shared Information to Secure Schools and for Secure Schools to provide it to Third-Party Providers, and that Secure Schools’ use or disclosure of Shared Information as contemplated hereunder will not violate any rights of privacy or other proprietary rights, or any applicable local, state, or federal laws, regulations, orders, or rules. The Customer agrees that by electing to receive a Third-Party Service, and by consenting and authorizing Secure Schools to submit the Customer’s Shared Information to a Third-Party Provider, the Customer has waived and released any Claim against Secure Schools and its directors, officers, and employees arising out of a Third-Party Provider’s use of the Customer’s Shared Information, even if that use is not authorized by the applicable agreement between the Customer and the Third-Party Provider.

5.7. The Services may contain links to third-party websites or resources that are not owned or controlled by Secure Schools. Secure Schools provides these links only as a convenience and is not responsible for the content, products, or services on or available from those websites or resources, or links displayed on such websites. The Customer acknowledges its sole responsibility for, and assumes all risk arising from, the Customer’s use of any third-party websites or resources. 

5.8. Secure Schools has no control over, and assumes no responsibility for, the content, accuracy, privacy policies, or practices of or opinions expressed in any third-party websites or by any third party that the Customer interacts with through the Services. In addition, Secure Schools will not and cannot monitor, verify, censor, or edit the content of any third-party site or service. Secure Schools encourages the Customer to be aware when the Customer leaves the Services and to read the terms and conditions and privacy policy of each third-party website or service that the Customer visits or utilizes. By using the Services, the Customer releases and holds Secure Schools harmless from any and all liability arising from the Customer’s use of any third-party website or service.

 

6. Customer's Obligations

The Customer shall:

Provide Secure Schools with:

1. all necessary co-operation in relation to this Agreement; and
2. all necessary access to such information as may be required by Secure Schools;

In order to provide the Services;

Without affecting its other obligations under this Agreement, comply with all applicable laws and regulations with respect to its activities under this Agreement;

Carry out all other Customer responsibilities set out in this Agreement in a timely and efficient manner. In the event of any delays in the Customer's provision of such assistance as agreed by the parties, Secure Schools may adjust any agreed timetable or delivery schedule as reasonably necessary;

Comply with, and ensure that the Authorised Users comply with, any terms of use for the Secure Schools website or Platform applicable from time to time; 

Ensure that the Authorised Users use the Services in accordance with the terms and conditions of this Agreement and shall be responsible for any Authorised User's breach of this Agreement;

Obtain and shall maintain all necessary licences, consents, and permissions necessary for Secure Schools, its contractors and agents to perform their obligations under this Agreement, including without limitation the Services;

Ensure that its network and systems comply with the relevant specifications provided by Secure Schools from time to time; and

Be, to the extent permitted by law and except as otherwise expressly provided in this Agreement, solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to Secure Schools' data centres, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer's network connections or telecommunications links or caused by the internet.

The Customer accepts and agrees the following:

1. the Customer is and at all times remains fully responsible for the Customer’s Network and its digital infrastructure generally (including without limitation their confidentiality, integrity, availability and resilience);
2. any Vulnerability Assessment, scanning or audit is based only on sampling, and can only look at the condition of the Customer’s Network at the time it is undertaken. It is not possible to review everything and there will always be parts or areas of the Customer’s Network which are not reviewed; and
3. any management information and Materials provided as part of the Services, are for guidance only, and are intended to help to improve the Customer’s cyber security. Secure Schools does not guarantee that the Customer will be free from attacks, breaches and failures.

The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Customer Data.

The Customer shall defend, indemnify and hold harmless Secure Schools against claims, actions, proceedings, losses, liabilities, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with the Customer's breach of this Agreement or use of the Services and/or Platform Specification in breach of this Agreement.

7. Charges and Payment

7.1. The Customer shall pay the Subscription Fees (if any) to Secure Schools as follows (unless agreed otherwise in the Order Details or in writing between Secure Schools and the Customer):

1. The Subscription Fees for the Initial Period shall be due on or before the Live Date. Secure Schools shall not be required to make the Services available unless and until the Subscription Fees for the Initial Period have been paid; and
2. Secure Schools shall issue an invoice for the Subscription Fees for each Renewal Period not more than 3 months before the commencement for that Renewal Period, and the Subscription Fees shall be payable within 30 days of the date of the invoice. 

7.2. Secure Schools may vary the Subscription Fees for each Renewal Period by giving the Customer not less than 4 months’ notice of the variation, unless agreed otherwise in the Order Details. 

7.3. If Secure Schools has not received payment of the relevant Subscription Fees by the due date, without prejudice to any other rights and remedies of Secure Schools:

1. Secure Schools may, without liability to the Customer, disable the Customer's and its Authorized Users’ password, account and access to all or part of the Services and Secure Schools shall be under no obligation to provide any or all of the Services while the invoice(s) concerned remain unpaid; and
2. interest shall accrue on a daily basis on such due amounts at an annual rate equal to 4% over the rate of inflation as reflected by the U.S. Consumer Price Index – Urban for all US Cities, unadjusted, commencing on the due date and continuing until fully paid, whether before or after judgment.

7.4. All amounts and fees stated or referred to in this Agreement:

1. shall be payable in U.S. dollars;

2. are non-cancellable and non-refundable;

3. are exclusive of value added tax, which shall be added to invoice(s) at the applicable rate.

8. Proprietary Rights

8.1. The Customer acknowledges and agrees that Secure Schools and/or its licensors own all intellectual property rights in the Services (including the Materials), the Platform Specification, and any other materials produced in the course of providing the Services. Except as expressly stated herein, this Agreement does not grant the Customer any rights to, under or in, any patents, copyright, database right, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or Licenses in respect of the Services (including the Platform and Materials) or the Platform Specification.

8.2. Secure Schools does not claim any ownership rights in any Customer Data and nothing in this Agreement will be deemed to restrict any rights that the Customer may have to use and exploit Customer Data to the extent the Customer has the authority to do so. However, by making any Customer Data available through the Services, the Customer hereby grants to Secure Schools an irrevocable, perpetual, non-exclusive, transferable, sublicensable, worldwide, royalty-free license to use, copy, modify, create derivative works based upon, publicly display, publicly perform, and distribute Customer Data in connection with operating and providing the Platform and the Services. The Customer is solely responsible for all Customer Data. The Customer represents and warrants that the Customer owns all Customer Data or the Customer has all rights that are necessary to provide the Customer Data to Secure Schools and grant Secure Schools the license rights in Customer Data under this Agreement. Secure Schools may retain copies of Customer Data as necessary to comply with legal or regulatory requirements, and its internal compliance and record retention policies and procedures. 

8.3. Any feedback, comments, and suggestions User may provide for improvements to the Services (“Feedback”) is given entirely voluntarily and Secure Schools will be free to use, disclose, reproduce, license, or otherwise distribute and exploit such Feedback as it sees fit, entirely without obligation or restriction of any kind. Feedback includes any feedback, however provided. 

8.4. The Customer shall own all right, title and interest in and to all of the Customer Data that is not Personal Information and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Customer Data.

 

9. Use of Materials

9.1. The Materials (and any derivatives thereof) shall belong to Secure Schools. 

9.2. The Customer may modify any Materials provided for its own use, but:

1. Secure Schools shall have no liability or responsibility for any such modifications or the effect of those modifications on the correctness or adequacy of the Materials; and

2. where the Materials are amended by the Customer, this may result in other aspects of the Services not performing as intended, and Secure Schools shall not be responsible or liable for any defects in the Services caused by modifications made to the Materials by the Customer.  

9.3. Certain Materials supplied to the Customer are tailored to the Customer’s needs, based upon information and responses provided by the Customer. The Customer must provide complete and accurate information in the Platform, and Secure Schools is not liable or responsible for any defects or errors in the Materials to the extent they result from inaccurate or incomplete information provided by the Customer.

 

10. Module Specific Terms

The terms in this clause 10 apply to specific modules of the Services, where these are included within the Services provided to the Customer. 

Policy Builder

The following terms shall apply where the Customer subscribes for Policy Builder:

1. Where Secure Schools provides access to a Customer to a library of cyber security document templates through the Platform, Secure Schools is not responsible for the content, or ongoing maintenance of the templates, or the accuracy of the information which are the responsibility of the Customer. The Customer must review all such templates, and take legal advice, on its own behalf as needed.
2. Secure Schools is not responsible for, and shall have no liability in respect of, any omissions or inaccuracy in the information provided.
3. The Customer is responsible for determining whether they are required to hold any such cyber security policies in its organisation, completing all necessary information and requirements of any such policies including but not limited to compliance with the policies, keeping any policies under review and up to date and implementing measures and safeguards to mitigate any identified risks.

Cyber Security Audit

The following terms shall apply where the Customer subscribes for the Cyber Security Audit module:

1. the Customer shall ensure that all information provided to Secure Schools for the purpose of Secure Schools conducting the cyber security audit is complete and accurate in all respects. Secure Schools shall have no liability for any errors or omissions in the audit report to the extent caused by the provision of inaccurate or incomplete information by the Customer;
2. the audit and recommendations provided by Secure Schools are provided as at the date of the report, and Secure Schools shall have no obligation to update the audit report unless and until Secure Schools is engaged to conduct a further audit;
3. Secure Schools will only conduct an audit on schools, items and areas within the agreed scope and only during the reporting period as defined within the audit report (the Scope). Secure Schools shall not be responsible for identifying vulnerabilities that are outside of the Scope.
4. For the avoidance of doubt, should the Customer require any additional third-party involvement in the audit process, Secure Schools shall not be liable for any costs associated with such third-party involvement.

External and Internal Vulnerability Assessments

The following terms shall apply where the Customer subscribes for the External Vulnerability Assessment and/or Internal Vulnerability Assessment modules:

1. the Customer authorises Secure Schools to access and take control of any part of the Customer’s Network, including all hardware and software included on such network, for the purpose of performing a Vulnerability Assessment. The Customer must notify in writing Secure Schools of any part of its network which Secure Schools should not attempt to access. The Customer must also notify Secure Schools  in writing from time to time of its correct IP address which shall be subject to such Vulnerability Assessments. For the avoidance of doubt, the Customer must notify Secure Schools as a matter of urgency if their IP address has changed to prevent any delays in Secure Schools providing any Vulnerability Assessments, and Secure Schools shall not be liable for any delays caused by such issues with the Customer providing any incorrect IP address, or not updating Secure Schools;
2. the Customer shall obtain all necessary consents and permissions to allow Secure Schools to conduct the relevant Vulnerability Assessments, including any consents and permissions needed from third parties to allow Secure Schools to seek to access hardware or software hosted or controlled by those third parties; 
3. the Customer shall indemnify Secure Schools against all costs, claims, damages, liabilities, losses and expenses (including professional fees) incurred by Secure Schools as a result of or in connection with a Vulnerability Assessment conducted by Secure Schools as part of the Services including where the Customer has given incorrect information (or failed to update such information) to Secure Schools such as an incorrect IP address (except to the extent caused by Secure School’s own negligence or wilful misconduct); 
4. the Customer acknowledges and accepts that a Vulnerability Assessment may cause damage to the Customer’s Network and devices, including loss of data and network downtime. The Customer accepts the risk of such damage, and agrees that Secure Schools shall have no liability for any loss or damage whatsoever suffered by the Customer arising out of the performance of a Vulnerability Assessment unless caused by the negligence or wilful misconduct of Secure Schools; and
5. where a dedicated server is established within the Customer’s Network from which to operate the tools necessary to conduct a Vulnerability Assessment, the Customer shall be responsible for decommissioning the server and removing all tools and scripts from the Customer’s Network after completion of the Vulnerability Assessment. 
6. For the avoidance of doubt, Secure Schools shall not be liable for any additional costs incurred by the Customer in preparation for  the External Vulnerability Assessment and/or Internal Vulnerability Assessment.

Phishing Simulation

1. The following terms shall apply where the Customer subscribes for the Phishing Simulation module:
   Secure Schools will recommend the potential content for emails and communications to users, but the Customer is responsible for the selection of content appropriate to the make up of its user base; 
2. the Customer shall obtain the permission of any person who is impersonated by Secure Schools for the purpose of conducting the phishing simulation; and 
3. the Customer shall indemnify Secure Schools against all costs, claims, damages, liabilities, losses and expenses (including professional fees) incurred by Secure Schools as a result of or connection with a phishing simulation exercise conducted by Secure Schools as part of the Services (except to the extent caused by Secure School’s own negligence or wilful misconduct).

Training 

The following terms shall apply where the Customer subscribes for the Training module:

1. The Customer must ensure that Authorised Users use the Training module on an individual basis, and that each Authorised User accesses the Training module and completes training assessments using their own unique user account. Where any individual accesses training through another Authorised User’s account, Secure Schools cannot confirm whether that individual has successfully received or completed any training.
2. The Training module provides a link to the National Cyber Security Centre’s own training resources and assessments. Secure Schools does not charge a fee for accessing these resources, and is not responsible for the content of these resources or for ensuring that an Authorised User has properly completed the relevant training using them. 

11. Confidentiality

11.1. Each party undertakes that it shall not at any time, disclose to any person any Confidential Information concerning the business, assets, affairs, staff, students, Authorized Users, Customer Data, clients or suppliers of the other party, except as permitted by this Section 11. 

11.2. Each party may disclose the other party's Confidential Information:

1. to its employees, officers, representatives, contractors, subcontractors or advisers who need to know such information for the purposes of exercising the party's rights or carrying out its obligations under or in connection with this Agreement. Each party shall ensure that its employees, officers, representatives, contractors, subcontractors or advisers to whom it discloses the other party's Confidential Information are subject to written confidentiality obligations no less restrictive than this Section 11; and
2. as may be required by applicable law, a court of competent jurisdiction or any governmental or regulatory authority.

11.3. Neither party shall use the other party's Confidential Information for any purpose other than to exercise its rights and perform its obligations under or in connection with this Agreement.

 

12. Indemnity; Limitation of Liability

12.1. The Customer shall defend, indemnify and hold harmless Secure Schools from and against any Claims arising out of or in connection with: (a) the Customer's breach of this Agreement or access or use of the Services and/or Platform Specification in breach of this Agreement; (b) Customer Data; (c) Customer’s violation or alleged violation of this Agreement; (d) Customer’s violation or alleged violation of any third party right, including without limitation, any right of privacy or publicity, or any right provided by any labor or employment law, rule, or regulation, or any intellectual property or proprietary right; (e) Customer’s violation or alleged violation of any applicable law, rule, or regulation, including, but not limited to, wage and hour laws; (f) Customer’s negligence, fraudulent activity, or willful misconduct; (g) Secure School’s use of or reliance on information or data furnished by Customer, Authorized User, an employee or independent contractor of Customer, or otherwise in connection with this Agreement; (h) actions or activities that Secure School undertakes in connection with the Services or this Agreement at the direct request or instruction of anyone that Secure Schools reasonably believes to be Customer or an Authorized User (each such action or activity, a “Requested Action”); (i) Secure School’s use of or reliance on information or data resulting from such Requested Actions; or (j) Customer’s failure, or the failure of any Authorized User, to properly follow Secure School’s instructions with respect to the Services.

12.2. Except as expressly and specifically provided in this Agreement the Customer assumes sole responsibility for use of the Services and the Platform Specification. Secure Schools shall have no liability for any damages arising out of or resulting from:

1. the Customer using the Services;
2. errors or omissions in any information, instructions or scripts provided to Secure Schools by the Customer in connection with the Services (including errors in Customer Data);
3. any actions taken by Secure Schools at the Customer's direction; or
4. any errors or omissions in any information contained within the Platform Specification or the Platform.

12.3. EXCEPT AS PROVIDED BY APPLICABLE LAW, SECURE SCHOOLS WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, LOSS OF DATA OR GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE, OR SYSTEM FAILURE, OR THE COST OF SUBSTITUTE SERVICES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, OR FROM THE USE OF OR INABILITY TO USE THE PLATFORM, SERVICES, OR CUSTOMER DATA, WHETHER SUCH DAMAGES ARE BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT SECURE SCHOOLS HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, EVEN IF A LIMITED REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO USER.  

SECURE SCHOOL’S TOTAL AGGREGATE LIABILITY IN CONTRACT (INCLUDING IN RESPECT OF ANY INDEMNITY GIVEN IN THIS AGREEMENT), TORT (INCLUDING NEGLIGENCE OR BREACH OF STATUTORY DUTY), MISREPRESENTATION, RESTITUTION OR OTHERWISE, ARISING IN CONNECTION WITH THE PERFORMANCE OR CONTEMPLATED PERFORMANCE OF THIS AGREEMENT SHALL BE LIMITED TO THE TOTAL SUBSCRIPTION FEES PAID BY THE CUSTOMER DURING THE 12 MONTHS IMMEDIATELY PRECEDING THE DATE ON WHICH THE CLAIM AROSE.

 

12.4. If Customer becomes aware of, or reasonably should have been aware of, any facts, issues, information, or circumstances which are reasonably likely, whether alone or in combination with any other facts, issues, information, or circumstances, to lead to a Claim against Secure Schools or Customer in connection with this Agreement, Customer must use reasonable efforts to mitigate any loss that may give rise to such a Claim.

 

13. Term and Termination

13.1. Unless agreed in writing otherwise between Secure Schools and the Customer, this Agreement shall, unless otherwise terminated as provided in this Section 13, commence on the Effective Date and shall continue for the Initial Term and, thereafter, this Agreement shall be automatically renewed for successive periods of 12 months (each a Renewal Period), unless:

1. either party notifies the other party of termination, in writing, at least 3 months before the end of the Initial Term or any Renewal Period, in which case this Agreement shall terminate upon the expiry of the applicable Initial Term or Renewal Period; or

2. otherwise terminated in accordance with the provisions of this Agreement.

 

13.2. Without affecting any other right or remedy available to it, either party may terminate this Agreement with immediate effect by giving written notice to the other party if:

1. the other party fails to pay any amount due under this Agreement on the due date for payment and remains in default not less than 10 Business Days after being notified in writing to make such payment; or

2. the other party commits a material breach of any other term of this Agreement and (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so. 

   For the purposes of Section 13.2(b), a material breach shall include any breach of Section 2.2 (Grant of License). 

 

13.3. On termination of this Agreement for any reason:

1. all Licenses granted under this Agreement shall immediately terminate and the Customer shall immediately cease all use of the Services and/or the Platform Specification, except that the Customer may be permitted to retain access to any free-to-access areas of the Platform.

2. the Customer’s right to use the Materials shall immediately terminate. The Customer shall destroy all copies of the Materials in its possession or control, and shall (on request) provide a written statement signed by an officer of the Customer confirming the Customer’s full compliance with this Section; 

3. each party shall return and make no further use of any equipment, property, Platform Specification and other items (and all copies of them) belonging to the other party;

4. Secure Schools may destroy or otherwise dispose of any of the Customer Data in its possession, and the Customer shall have no right to access the Materials or Customer Data stored on the Platform;

5. any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination shall not be affected or prejudiced.

14. Force Majeure

Neither party shall be in breach of this Agreement nor liable for delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure result from events, circumstances or causes beyond its reasonable control (provided that this shall not apply to any obligation of the Customer to pay the Subscription Fees or other sums due under this Agreement). The time for performance of such obligations shall be extended accordingly. If the period of delay or non-performance continues for 12 weeks, the party not affected may terminate this Agreement by giving 30 days’ written notice to the affected party.

15. General

15.1. Authority: the Customer shall ensure that any person approving this Agreement or any other document or terms relating to the Services, has authority to enter into the Agreement, document or terms on behalf of the Customer. Secure Schools are entitled to rely upon such person having sufficient authority to bind the Customer, and shall not be required to otherwise confirm or validate the authority of any such person.  

15.2. Conflict: If there is an inconsistency between any of the provisions in this Agreement and the Order Details, the provisions in the Order Details shall prevail.

15.3. Variation: Secure Schools may vary the terms of this Agreement at any time. 

15.4. Waiver:

1. A waiver of any right or remedy is only effective if given in writing and shall not be deemed a waiver of any subsequent right or remedy.
2. A delay or failure to exercise, or the single or partial exercise of, any right or remedy shall not waive that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy.

15.5 Severance: If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this Agreement.

15.6. Entire agreement

1. This Agreement, and the other agreements referred to in it, constitute the entire agreement between the parties and supersedes and extinguishes all previous and contemporaneous agreements, promises, assurances and understandings between them, whether written or oral, relating to its subject matter (excluding any Order Details).

2. Each party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement.

15.7. Assignment

1. Except as set out in Section (b) below, neither the Customer nor Secure Schools shall, without the prior written consent of the other, assign, novate, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.

2. Secure Schools may at any time assign, transfer, charge, novate, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement to any of its Affiliates. For these purposes, Affiliate shall mean any entity controlling, controlled by or under common control with Secure Schools; where “control” in this context means the legal, beneficial, or equitable ownership, directly or indirectly, of ownership interest in such entity sufficient to elect a majority of the board of directors (or equivalent governing body) of such entity.   

15.8. No partnership or agency: Nothing in this Agreement is intended to or shall operate to create a partnership between the parties, or authorize either party to act as agent for the other.

15.9. Third party rights: This Agreement does not confer any rights on any person or party (other than the parties to this Agreement and, where applicable, their successors and permitted assigns).

15.10 Notices:

1. Any notice given to a party under or in connection with this Agreement shall be in writing and shall be:
   1. delivered by hand or by pre-paid first-class post or other next Business Day delivery service at its registered office (if a company or corporate body) or its principal place of business (in any other case); or
   2. sent by a message within the Platform messaging service;
   3. sent by email to the addresses for service given in the Order Details (in the case of a notice to the Customer) or to accounts@secureschools.com (in the case of a notice to Secure Schools).
2. Any notice shall be deemed to have been received:
   1. if delivered by hand, at the time the notice is left at the proper address;
   2. if sent by pre-paid first-class post or other next working day delivery service, at 9.00 am on the second Business Day after posting; or
   3. if sent by email, at the time of transmission.

This Section does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

15.11. Governing Law and Jurisdiction: This Agreement and any dispute or claim arising out of or in connection with it shall be governed by and interpreted in accordance with the law of the State of Delaware without regard to its conflicts of law provisions. Each party irrevocably: (a) agrees that the state and federal courts situated in Wilmington, Delaware shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims); and (b) WAIVES ANY AND ALL RIGHTS TO TRIAL BY JURY IN ANY LEGAL PROCEEDING ARISING OUT OF, RESULTING FROM, RELATING TO, OR IN CONNECTION WITH THIS AGREEMENT.

15.12. Dispute Resolution: Except with respect to any claim of injunctive relief or other equitable remedy by a party, any dispute arising between the parties concerning this Agreement will be submitted to and settled by binding arbitration before JAMS by a single arbitrator (to the extent permitted) under JAMS’ Comprehensive Arbitration Rules in effect at the time the dispute arose. Arbitration will take place in Wilmington, Delaware. Any court having jurisdiction over the matter may enter judgment on the award of the arbitrator.  Service of a petition to confirm the arbitration award may be made by certified mail or by commercial express mail, in accordance with Section 15.10 (Notices) above. CUSTOMER ACKNOWLEDGES, UNDERSTANDS, AND AGREES THAT CUSTOMER IS WAIVING ITS RIGHT TO PARTICIPATE IN ANY CLASS ACTION PROCEEDING ARISING FROM THIS AGREEMENT.  

15.13. Interpretation

A person includes an individual, corporate or unincorporated body (whether or not having separate legal personality) and that person's legal and personal representatives, successors or permitted assigns.

A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.

Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.

A reference to a statute or statutory provision is a reference to it as it is in force as at the date of this Agreement.

A reference to a statute or statutory provision shall include all subordinate legislation made as at the date of this Agreement under that statute or statutory provision.

A reference to writing or written includes email, including messages sent within the Platform,  but not fax.

Any words following the terms including, include, in particular, for example or any similar expression shall be interpreted as illustrative and shall not limit the sense of the words preceding those terms.