SCW SaaS - Customers | Secure Code Warrior

‍Secure Code Warrior Subscription for Software as a Service

(SaaS) Agreement (Subscription Agreement)

This is the Subscription Agreement for Software as a Service dated the date that the last party signs (Subscription Agreement) between the parties identified in the Subscription Order form, for the right to access and use the SCW Learning Platform.

The Subscription Agreement (including the SLAs and Subscription Order Form) sets out the Terms and Conditions between SCW and the Customer and when executed by both parties forms a legally binding and enforceable agreement between them.

SCW and the Customer shall hereinafter be defined as the “Party” and collectively as the “Parties”.

1. DEFINITIONS AND INTERPRETATIONS

The following words shall have the meaning stipulated herein below:
Affiliates means a company in which either party either wholly owns or has a controlling interest, and includes subsidiaries as that term is commonly applied and Related Body Corporate as defined in the Corporations Act 2001 (Cth);

Applicable Data Protection Legislation means any data protection or privacy legislation which applies, respectively to the activities of the Customer and SCW, including, where applicable the European General Data Protection Regulation Act 2016 (GDPR), the UK Data Protection Act 2018, the Australian Privacy Act (Cth) 1988, and any other applicable legislation

Confidential Information means any information, maintained in confidence by the disclosing Party, communicated in written or oral form, marked as proprietary, confidential or otherwise so identified, and/or any information that by its form, nature, content or mode of transmission would, to a reasonable recipient, be deemed confidential or proprietary, including, without limitation, each party, employees, business plans, methods of operation, SCW Offerings, including the SCW Learning Platform. Confidential Information will also include, without limitation:

(a) certain confidential and/ or proprietary financial, sales and distribution, marketing, research and development, organizational, technical and other business information, policies or practices, related information; and
(b) any information disclosed by a Party which relates to an actual or potential End User, vendor or third party with which the disclosing Party is in a confidential relationship

Consent means consent, permission, agreement or approval which meets the requirements for the consent of the Applicable Data Protection Legislation

Controller has the meaning as defined by Regulation (EU) 2016/679 with obligations as set forth in the regulation

Customer means the party which acquires a Subscription on execution of this Subscription Agreement, and, if applicable, End Users(s)

Customer Data means all information, including any personal information provided by the Customer to SCW to enable SCW to provide the Customers and its End Users access to and use of the SCW Learning Platform

Defect means a defect, error or bug having a materially adverse effect on the appearance, operation or functionality of the SCW Learning Platform, but excluding any defect, error or bug caused by or arising as a result of an act or omission of the Customer, any failures of the internet or part of the internet or other mechanism designed or used to disable, erase, alter or harm the SCW Learning Platform

Device means a single personal computer, workstation, mobile phone, tablet, or other electronic devices.

End Date is the date set out in Item 2 of the Subscription Order Form

End User means a person or persons employed and / or otherwise authorized by the Customer, or where applicable the Customer’s group, and who is provided with a subscription by the Customer to access and use the SCW Learning Platform, and excludes any person or persons who is employed by or contracted to a competitor to SCW

Force Majeure means any circumstances which are outside the parties’ control and which prevent or delay SCW providing the Service and SCW’s Materials (or any of them), including the failure of any utility service or transport or telecommunications network, any bug, defect, error, fault or deficiency in any software or data not provided by SCW, any act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation, or direction, accident, breakdown of place, machinery or equipment fire, flood or storm.

Insolvency Event means a situation where in respect to either party (1) a party is unable to pay its debt as and when they fall due; (2) a receiver or administrator is appointed over the party or any part of their respective undertakings or assets; (3) a resolution for winding up the party is proposed (or ordered), with the expectation of such an order being proposed for the purpose of a bona fide reconstruction; (4) a court of competent jurisdiction makes an order to that effect; (5) it becomes subject to an order of administration; (6) it enters into any scheme of arrangement with credits or any similar process to any of the above is begun in any jurisdiction, or if it ceases or threatens to cease to carry on business Intellectual Property means all intellectual property rights wherever in the world, whether registered or unregistered, including patents, rights to any invention, copyrights and related rights, moral rights, rights in computer software, trademarks, service marks, trade names, domain names, rights in any goodwill and the right to sue for passing off or unfair competition, registered designs, other rights in designs any application or right of application of such rights, including codes, sequences, derivative works, copyrights, data-base rights, trade secrets, know-how, business names, trade names, trademarks, service marks, patents, petty patents, utility models, rights in design, organisation, structure, interfaces, any documentation (including the SCW Materials), data and other related rights

Personal Data has the meaning given to it according to Regulation (EU) 2016/679 and Directive 95/46/EC, as amended from time to time, and includes the definition of Personal Information as provided in the Privacy Act 1988 (Cth)

Processor has the meaning as defined by Regulation (EU) 2016/679 with obligations as set forth in the regulation

SCW means Secure Code Warrior Limited, and its related/ affiliate entities

SCW Learning Platform means computer software developed and owned by SCW Limited made available to the Customer as a service via the internet, including Documentation, updates, supplements, modification, addition and/or adaptation of the SCW Learning Platform to enable or include certain features and/or functionality, under the terms and conditions of this Subscription Agreement

SCW Materials means any electronic or written aids, manuals, user instructions, technical literature, training material, demo material, specifications and all other related materials, which may be accessible by the Customer in the SCW Learning Platform

SLAs means the Service Level Schedule attached as Attachment A to this Subscription Agreement

Start Date means the date set out in Item 2 of the Subscription Order Form.

Subscription means the subscription for the right to access and use the SCW Learning Platform according to this Subscription Agreement

Subscription Fee means the fee payable by the Customer for SCW for access to and use of the SCW Learning Platform, the amount of which is set out in Item 3 of the Subscription Order Form.

Subscription Order Form means the Subscription Order Form between the Parties and attached to this Subscription Agreement

Subscription Term means the term specified in Item 2 of the Subscription Order Form

Sub Processor means a 3rd party processor selected by SCW for a specific set of processing needed by the SCW Learning Platform.

2. SCW LEARNING PLATFORM

2.1
The SCW Learning Platform provides an integrated suite of secure code training and tools that moves the focus from reaction to prevention. SCW’s Learning Platform includes hands-on training, team tournaments, real time coaching plug-in, self-paced learning for every skill level and online assessments.

2.2
The SCW Learning Platform is made available through an account set up for the Customer. The Customer’s right to access and use the Subscription for the SCW Learning Platform is web based only pursuant to the terms of this Subscription Agreement.

3. TERM

3.1
The initial term of this Subscription Agreement is set out in Item 2 of the Subscription Order Form (Initial Term).

3.2
This Subscription Agreement will automatically renew for successive 12-month periods, unless either party provides the other with a minimum of sixty (60) days written notice.

3.3
On termination or expiration of the Subscription Agreement, the Customer´s access to and use of the SCW Learning Platform will no longer be available, neither the Customer or the End User(s), will have access to or use of the SCW Learning Platform and applicable data or Services therein.

4. CUSTOMER RIGHTS AND RESTRICTIONS

4.1
The Customer (including its End Users) is granted a limited, non-transferable, non-exclusive subscription to access and use the SCW Learning Platform on Devices via any standard web browser during the Subscription Term.

4.2
Neither Customer nor any End User are permitted to frame, reproduce, or otherwise re-publish, re-sell or re-distribute the SCW Learning Platform, or any part thereof.

4.3
The Customer agrees, and will procure that its End Users, will only access and use the SCW Learning Platform for its internal business use.

4.4

The Customer must not, and will procure that it’s End Users do not:

(a) access or use the SCW Learning Platform in any way that causes or may cause damage to the SCW Learning Platform or impairment of the availability or accessibility of the SCW Learning Platform or any of the areas of or services on the SCW Learning Platform;
(b)access or use the SCW Learning Platform in any way that is unlawful, illegal, fraudulent or harmful or in connection with any unlawful, illegal, fraudulent unethical, immoral, inappropriate or harmful activity, including but not limited to, to exploiting or acquiring skills for illegal or malicious attacks;
(c) allow its End Users or any third party to attempt, to copy, modify, duplicate, create derivative works, mirror, republish, reverse compile, disassemble, reverse engineer, download, transmit, or distribute all or any portion of the SCW Learning Platform, including but not limited to the object code and the source code, in any form or media or by any means;
(d) rent, lease, distribute, sell, sublicense, transfer or provide access to or use of the SCW Learning Platform to any third party; or
(e) access or use the SCW Learning Platform for any commercial purpose or for any public display, whether commercial or non-commercial, without the prior written approval of SCW.

4.5
The Customer acknowledges and agrees that the subscriptions are for designated End Users and cannot be shared or used by more than one End User and may only be reassigned to new End Users replacing former End Users who have left the Customer’s business or otherwise with the express consent of Secure Code Warrior.

4.6
The Customer is entitled to add additional End Users during the Subscription Term, following which the Customer will be invoiced for the additional End Users, prorated to the end of the relevant Subscription Term (or renewal term as may be appropriate).

4.7
If the Customer exceeds the number of End Users (and has not gone through the process outlined in clause 4.6 above), SCW reserves the right to charge the Customer for each of the additional End Users. The Customer will be invoiced for the number of additional End Users, as outlined in clause 4.6 above, prorated to the end of the relevant Subscription Term (or renewal term as may be appropriate).

4.8
The Customer acknowledges and agrees that the SCW Learning Platform may include certain software which is incorporated in the SCW Learning Platform for no additional fee (Open Source Software). Access to the Open Source software is provided subject to the terms provided for such access. A link to the relevant terms is https://license-list.securecodewarrior.com/. The Customer herein agrees that such terms are incorporated into this Subscription Agreement.

5. SUPPORT

5.1
SCW does not make any representation, endorsement, guarantee or assurance of the suitability of the SCW Learning Platform for the Customer.

5.2
SCW will maintain the SCW Learning Platform and provide all support services on terms set out in the Service Level Schedule.‍

6. FEES and PAYMENT

6.1
The Customer agrees to pay SCW a subscription fee for the right to access and use the SCW Learning Platform (Subscription Fee). The amount of the Subscription Fee and payment terms are set out in the Subscription Order Form.

6.2
Unless otherwise set out in the Subscription Order Form, SCW may revise the Subscription Fee with effect from the end of the Initial Term or, in the case of a Term which is longer than 12 months but where the Customer is paying on an annual basis, with effect from the end of each 12 month period by giving the Customer not less than 30 days’ notice, provided that (with the exception of any increase in the Fee which relates to an increased number of End Users during any Subscription Term) the percentage increase in the Subscription Fee does not exceed 2% above the percentage increase as follows:

(a) Where the SCW entity is Secure Code Warrior Pty Limited: the Consumer Price Index published by the Australian Bureau of Statistics
(b) Where the SCW entity is Secure Code Warrior, Inc: the Consumer Price Index published by the US Bureau of Statistics; and
(c) Where the SCW entity is Secure Code Warrior Ltd: in the UK Consumer Price Index published by the UK Office for National Statistics from time to time or, failing such that publication, such other index as SCW may determine most closely resembles that index, measured over the period starting (in the case of the first revision of the Subscription Fee) on the date of this Subscription Agreement or (in the case of any later revision of the Fee) the date 12 months before the date of SCW’s notice of given under this Clause and, in each case, ending on the date of that notice.

6.3
The Subscription Fee does not include any applicable taxes including but not limited to goods and services tax (GST), value added tax (VAT) which will be added on top of the fee as applicable, and as otherwise set out in the Subscription Order Form.

6.4
The Customer is responsible for payment of any applicable taxes as may be owed by the Customer due to entering into this Subscription Agreement.

6.5
If the Customer wishes to dispute any part of an invoice, the Customer must notify SCW, in writing, within five (5) business days after receipt of the invoice, explaining the reason for the dispute and the amount disputed (a Disputed Invoice). If SCW is not notified that an invoice is disputed within that time, the invoice will be deemed undisputed and will be due and payable in accordance with the terms of this Subscription Agreement. The Parties will work together to resolve any Disputed Invoice expeditiously. Where only part of the invoice is disputed, the Customer will pay the undisputed amount on the due date for payment.

7. CONFIDENTIALITY

7.1
Each party recognises and agrees that the Subscription Agreement, including the terms and negotiations leading up to its execution, create a confidential relationship between them, and that all information disclosed between them is Confidential Information. Each party agrees to protect Confidential Information disclosed to it to the same extent and in the same manner that it would protect its own Confidential Information. Each party further agrees to bind their respective employees, agents and subcontractors to the confidentiality and other terms and conditions of the Agreement and to be liable for their compliance therewith. In no event shall either parties’ practices and/ or policies fall below a level of reasonable and due care, which includes each party limiting reproduction, access, disclosure and use to those personnel who have a need to know for the purposes of performing the services in this Agreement, and who are made aware of and agree to comply with the terms of the Confidentiality obligations herein.

7.2
The Customer may receive User-specific information and may export and use that information in order to monitor the End Users’ use, results and performance in regard to the individual performance of the End User and as a part of internal use as applicable and desirable by the Customer for, including but not limited to, reports, campaigns and examination.

8. INTELLECTUAL PROPERTY

8.1
SCW owns and retains all right, title, interest and ownership to the SCW Learning Platform including without any limitation all Intellectual Property rights in and to the SCW Learning Platform, SCW Materials, and Learning materials. Accordingly, the Customer acknowledges and agrees that this Subscription Agreement and its access and use of the SCW Learning Platform transfers no title or ownership of the SCW Learning Platform either to it or any of its End Users.

8.2
The Customer acknowledges and agrees that SCW has a royalty-free, worldwide, transferable, irrevocable, perpetual license to use or incorporate into the SCW Learning Platform any suggestions, enhancement requests, recommendations or other feedback provided by Customer, including Users, relating to the operation of the SCW Learning Platform.

9. INSURANCE

9.1
Each party agrees during the Subscription Term to maintain appropriate insurances as required by applicable law and which include all insurance as required by all applicable laws and regulations and employers’ liability insurance, Public / Products Liability, and Professional Indemnity.

10. WARRANTIES

10.1

Each party represents and warrants that:

(a) are duly authorized to enter into the Subscription Agreement;
(b) will each execute their respective obligations under the Subscription Agreement with due care, skill and professionalism;
(c) will not hold themselves out as being an employee or any other association with the other than as provided in the Subscription Agreement

‍10.2

The Customer acknowledges and agrees that:

(a) SCW makes no representation regarding the SCW Learning Platform other than as stated in this Subscription Agreement
(b) it has relied on its own skill and judgment or that of its advisers in entering to enter into this Subscription Agreement; and
(c) the SCW Learning Platform including all SCW Materials comprise a standard service and materials provided to SCW’s customers generally and they have not been developed to meet the Customer’s or any of the Subsidiaries’ requirements; and it is the Customer’s and the Affiliates responsibility to check that the features, facilities and functions of the Service meet its requirements.

11. SUSPENSION

11.1

SCW reserves the right to suspend the Customers access to and use of the SCW Learning Platform in circumstances set out in clause 12.2(b) below and if:

(a) there has been, or if SCW has reasonable grounds to suspect that there may have been, a breach of security (including the introduction of any Malicious Code), a breach of this Subscription Agreement, or any unlawful or illegal use of the Service and the SCW Materials (or any of them;
(b) SCW knows or has reasonable grounds to suspect that any of the Customer Data infringes the Intellectual Property Rights or other rights of any third party, or is in any way unlawful, or is likely to lead to any third party instituting or threatening legal proceedings against SCW or any other person;
(c) the Customer or any of the Affiliates cause, or SCW has reasonable grounds to suspect that the Customer, its End Users, other employees including those of any of its Affiliates has caused any technical or security issue which affects the Service or other customers of SCW or of any SCW Affiliate;
(d) the Customer has not paid the Subscription Fee in accordance with the agreed payment terms; and/ or(e) in circumstances set out in clause 12.3 below.

12. TERMINATION

12.1
The Subscription Agreement will only terminate on the End Date if the Customer provides the notice as described in clause 3.2 above.

12.2
Either party may terminate the Subscription Agreement and any applicable Subscription Order by notice in writing to the other and with immediate effect if:

(a) the other party commits a material breach, incapable of remedy;

(b) the other party fails to remedy a breach within 10 business days of receiving written notice by the other party, provided that, in each instance of a claimed breach: (i) the non-breaching Party notifies the breaching Party in writing of such breach; and (ii) the breaching Party fails to either cure such breach within ten (10) days (or such other period as mutually agreed by the Parties) from receipt of such notice;

(d) any law enforcement agency or court requires or requests SCW to do so.

12.3
SCW may terminate the Subscription Agreement at any time in circumstances where there are technical and or security issues caused by the Customer that directly impact (or may impact) either of (a) the business operations of SCW or any of its customers; (b) the integrity of the SCW Learning Platform. For clarity, SCW will provide the Customer with a period of 14 days to respond to and or resolve any issues or concerns that Secure Code Warrior identifies in writing to the Customer, but the decision will otherwise be exercised by Secure Code Warrior in its absolute discussion.

13. INDEMNITIES

13.1
SCW agrees to indemnify, defend and/or, at its option, settle any third-party claims that Customer’s (including affiliates and authorized users) (each an “Indemnified Party”) brought against or suffered by any Indemnified Party, alleging that any of the SCW Materials or the Indemnified parties’ access to and use of the SCW Learning Platform infringes any valid patent, copyright, trademark, trade secret or other intellectual property rights in the relevant territory. At its option and expense, SCW may either: (i) procure for Customer the right to continue to access and use the SCW Offerings; (ii) repair, modify or replace the SCW Offerings so that it is no longer infringing; and in circumstances where neither (i) or (ii) are possible (iii) provide a prorated refund of the fees paid for the SCW Offerings which gave rise to the indemnity calculated against the remainder of term for the applicable SCW Offerings from the date it is established that SCW is notified of the third party claim.

13.2
This indemnity is subject to: (i) the Indemnified Party providing prompt notice of any claim of infringement and assistance in the defense thereof, (ii) the Indemnifying Party’s sole right to control the defense or settlement of any such claim, provided that the settlement does not require a payment or admission of liability on the part of the other Party, and (iii) the indemnified Party not taking any actions or failing to take actions that hinder the defense or settlement process as reasonably directed by the indemnifying Party.

13.3
The Customer which for the purpose of this indemnity (includes its Affiliates and their respective employees, contractors and End Users’), is responsible for compliance with this Subscription Agreement. Without prejudice to SCW’s right to take action against any of the Customer’s Affiliates in relation to any breach of this Subscription Agreement, will be liable to and indemnifies SCW for all loss, cost, liability and/ or and damages (including legal fees) arising from or related to Customer's failure to comply with clauses 4, 7 and 8 of this Subscription Agreement.

14. LIMITATION OF LIABILITY

14.1
Other than as provided in section 13 above, the maximum liability of SCW to the Customer will in no circumstances exceed an amount equal to or more than the Subscription Fee paid or payable to SCW for access to and use of the SCW Learning Platform, in any 12 month period.

14.2
Notwithstanding the above, neither Party will be liable to the other, whether in contract or tort, or otherwise for any incidental, indirect, punitive, exemplary, special, consequential or unforeseeable loss, damage or expense, loss of profits, loss of business, loss of opportunity, loss or corruption of data, however arising, even if advised of the possibility of such loss or damages being incurred.

14.3
‍Entire liability. The provisions in sections 13 and 14 state the exclusive remedy of the Customer with respect to any infringement and/or misappropriation claims.

15. DISPUTE ESCALATION CLAUSE AND GOVERNING LAW

15.1
This Subscription Agreement and any disputes arising out of or in connection with access to and use of the SCW Learning Platform under the terms of the Subscription Agreement will be governed and interpreted by the non-exclusive jurisdiction of the laws as follows:

(a) where the SCW entity is Secure Code Warrior Pty Limited: the laws of New South Wales;
(b) where the SCW entity is Secure Code Warrior, Inc: the laws of the state of New York; and
(c) where the SCW entity is Secure Code Warrior Ltd: the laws of England and Wales

‍15.5
The parties agree that if a dispute arises out of or in connection with the performance of the parties’ rights and obligations under the Subscription Agreement (Dispute), that each of them will adhere to the following process before initiating any court action. The language to be used in the proceedings will be English, and the dispute resolution process is agreed as follows:

(a) The party alleging the Dispute will provide the other party with written notice of the Dispute (Dispute Notice) and include in such Dispute Notice relevant facts and circumstances giving rise to the Dispute.
(b) The parties will, within a reasonable time but no less than ten (10) business days from receipt of the Dispute Notice, convene a meeting between senior representatives of each party with authority to resolve the Dispute (Dispute Meeting).
(c) Unless agreed otherwise the Dispute Meeting has thirty (30) days to resolve the Dispute and may meet as many times that it is able and considers reasonable.

16. MISCELLANEOUS

16.1
This Subscription Agreement and the Customer’s right to access and use the SCW Learning Platform does not establish any relationship of partnership, joint venture, employment, franchise or agency between the Customer and SCW.

16.2 Neither party will use and/or display the other’s name and logo on its website and marketing or other collateral, without the other’s express prior consent.

16.3
‍Assignment. Neither party may assign the Subscription Agreement or its rights and obligations under the Subscription Agreement without the prior written consent of the other party, whose consent will not be unreasonably withheld or delayed. Notwithstanding the foregoing, neither party is entitled to withhold or delay its consent for any complete or partial assignment made by, or between their respective corporate structure

16.4
‍Survival. Sections of this Subscription Agreement that, by their terms, require performance after the termination or expiration of this Subscription Agreement will survive as permitted by local law. These sections include section 1 (Definition), section 7 (Confidentiality), section 8 (Intellectual property), section 10 (Warranties), section 13 (Indemnities) and section 16 (Miscellaneous)

16.5
‍Entire agreement. This Subscription Agreement (including the Service Level Schedule), the Subscription Order Form and where relevant, any Data Processing Agreement constitutes the entire agreement between SCW and the Customer. It supersedes any prior or contemporaneous communications, and any prior agreement between the Parties regarding its subject matter, and cannot be amended or updated other than by a written agreement signed by both Parties. In the event of a conflict between the terms of this Subscription Agreement and a subsequent written agreement, this Subscription Agreement shall prevail.

16.6
‍Waiver. No waiver of any breach of this Subscription Agreement shall be a waiver of any other breach, and no waiver will be effective unless made in writing and signed by an authorized representative of the waiving Party.

16.7
‍Severability. If a court holds any provision of this Subscription Agreement to be illegal, invalid or unenforceable, the remaining provisions will remain in full force and effect and the Parties will amend this Subscription Agreement to give effect to the stricken section to the maximum extent possible.

16.8
‍Non-Solicitation. Each party and their respective Affiliates (referred to as party/ parties in this clause) acknowledge and agree that each of them spend significant time and money to recruit and train their staff and that, were either party to hire an employee of the other, that party may suffer loss, including incurring significant time and money in finding, hiring, training and onboarding of suitable replacement staff. Therefore if, at any time during the Subscription Term or within 12 months after the end of the Subscription Term, either party hires an employee, the hiring party will pay the other an amount equal to that member of staff’s salary, bonuses and benefits during the 12 months immediately preceding that member of staff ceasing to be a member of staff of that party. For clarity this clause does not apply in circumstances where an employee of one party applies for a bona fide advertised position vacant for the other entity.

17. Additional Terms

[Not Used]

The SIGNATURES below confirm the agreement of both parties to the terms and conditions of the Subscription Agreement above. When signed by authorized signatories, each party agrees that the terms of Subscription Agreement constitute a legally binding and enforceable agreement between them:

Client Name	Secure Code Warrior [Inc/ Limited /PtyLtd]
Signature:	Signature:
Name:	Name:
Title:	Titele:
Date:	Date:

‍

ATTACHMENT A

Service Level Schedule

‍

DEFINITIONS

Term	Meaning
Agreement	means the agreement between the parties to which this schedule is appended
Business Day	means a day on which the Customer is open for business at an office location using the Service
Customer	includes its subsidiaries/ affiliates entities
Customer Help Desk	means the internal support desk established by the Customer qualified to support the Services within the Customer’s operations
Day	means a calendar day
Down Time	means total unavailability of the service to all users due to factors within the control of SCW
Maintenance and Support Services	means the maintenance and support services to be provided by SCW as described in this Schedule
Minimum Service Level	means the Minimum Service Levels to be achieved by SCW as set out in this Schedule
Maintenance and Support Services	means the maintenance and support services to be provided by SCW as described in this Schedule
Response Times	The average amount of time it takes between a system alert or customer support ticket being raised and when a support team member acknowledges the incident and begins working to resolve it.
Maintenance and Support Services	means the maintenance and support services to be provided by SCW as described in this Schedule
Resolution Time	The average amount of time to detect an issue, diagnose the problem, repair the fault (possibly by means of a workaround), and return the system to being functional. It is measured from the moment that a failure occurs until the point where the product or service is repaired, tested, and available for use.
Service	means the online security learning service to be provided by SCW to the Customer
Service Credits	means the applicable service credits as described in 2(f) of the Service Levels
Service Hours	means, in respect of each week of the Term, the period from the start of the first business day in the first location from which Customer accesses the Services to the end of the last Business day in the relevant week in the last location from which Customer accesses the Services, and excludes Public Holidays in the relevant territory.
Service Levels	means the performance levels to which the Services shall be provided as set out in this Schedule
Service Period	means each calendar month that Customer receives the Services
Service Up Time Percentage	means the total number of minutes in a calendar month minus the number of minutes of downtime suffered in a calendar month, divided by the total number of minutes in a calendar month minus scheduled downtime
System Response Time	means the time required for the Service to respond to an input as set out in this Schedule
Service Period	means each calendar month that Customer receives the Services
Term	Means the term for which the Customer has subscribed to the Service
Up Time	has the meaning set out in 2(e)(iii) of the Service Levels

‍

SERVICES SPECIFICATION

1. GENERAL

1.1.
This schedule describes the scope and functionality of the Services to be provided by SCW to the Customer under this Subscription Agreement. It also specifies certain of the obligations of each party in the delivery of the Services.

1.2.
Each Service has, where specified, an associated Service Level.

2. SERVICE OVERVIEW

2.1.
SCW shall supply Customers with an online security training service incorporating the following production environment services:

(a) Online Access: On-line access to the Service during the Service Hours excluding scheduled downtime as defined in this schedule or as otherwise agreed in writing between the parties.

(b) Maintenance and Support Services during the Service Hours.

(d) Application management: (1) application upgrades, (2) delivery of

application maintenance updates

2.2.
SCW shall monitor and manage all components used to deliver the Service during the Service Hours throughout the Term.

2.3.
SCW shall ensure appropriate capacity planning of the Services to ensure there is always sufficient capacity to provide the Service at the Service Levels. This shall require Customer to advise SCW of any anticipated material changes to the use of the Service.

3. MAINTENANCE AND SUPPORT SERVICES

3.1.
Release Strategy

(a) SCW will inform Customer regularly of the timing and contents of new releases to the Service. Customer may provide suggestions and input to SCW regarding any planned or requested new features. SCW shall, at its sole discretion, consider whether Customer’s suggestions shall be included in a subsequent release as part of the

Maintenance and Support Services.

(b) Except where a product enhancement cost has been agreed with the Customer, such new releases to the Service shall be made at no cost to the Customer.

(c) SCW shall document any such changes in release notes which shall be made available to the Customer as soon as possible, but no later than the date any new release is issued.

3.2.
Support Services & Responsibilities

(a) SCW shall provide the support services in English.

(b) SCW shall notify Customer of all material incidents that have an impact on the Service provided to the Customer

(i) The availability of the Service.

(ii) Solving incidents and problems raised by the Customer Help Desk.

(iii) Implementing changes to the Service required as a result of solving incidents.

(iv) Communicating the status of incidents to the Customer Help Desk.

(v) Communicating information about planned system changes of outages to Customer and the subsidiaries in a timely manner.

(vi) Responding to each incident in line with the specified actions for each incident class.

(d) Customer is responsible for:

(i) Raising incidents to the SCW help desk through a centralized Customer Help Desk.

(ii) The Customer must nominate at least 2 authorized Support Contacts and notify SCW of their names and contact details immediately following the date of the Agreement.

(iii) Incidents and service requests must be reported via any of the supported service channels.

(iv) No phone support is provided directly to Users.

(v) The Customer must not publish SCW’s contact details on their intranet, website, or anywhere else.

3.3.
Service channels

Channel	Days/Hours
Knowledge Base (https://help.securecodewarrior.com/)	24/7
Email (support@securecodewarrior.com )	24/5 service hours
Support widget on the platform	24/5 service hours
Date:	Date:

3.4.
Incident management

The Customer Help Desk shall provide the following items when notifying SCW of an incident:

(i) incident time, duration, and location.

(ii) User ID and contact details.

(iii) Incident description.

(iv) Category of the incident, to be mutually agreed between the parties.

3.5.
Incident categorization

CLASS	RESPONSE TIME	RESOLUTION TIME
Class A Severe Impact Provision of Service Failure An incident that results in the loss of all or a significant portion of the service and impacts a majority of the users.	1 Hour	24 hours
Class B Major Impact Provision of Service Failure The service is accessible by means of a workaround, or only a small number of users are impacted Or an incident which materially affects the performance of the Services in a negative manner or materially restricts the Customer and the Subsidiaries’ use of the Service	4 Hours	5 Business Days
CLASS C Moderate impact Incidents occur which do not individually represent a failure of the service but are agreed as defects Or an incident which only has a minor effect on the Customer’s use of the Service or an Incident which is not a Class A or B incident	8 Hours	Within such period of time as SCW deems appropriate given the nature of the issue.
CLASS D Low impact A general question or concern raised by the Customer concerning the use or implementation of the Service	1 business day	2 business days

SCW can adjust the severity of reported issues if our investigations have shown the severity to be incorrect.

Severity readjustment is commonly used in circumstances where a ticket is submitted as Class A or Class B but contradicts the definition above.

SCW may also increase the level of severity if the issue is considered to be more serious than initially reported

3.6.
Closing Incidents

Before closing an incident, the SCW help desk will seek confirmation from the Customer that the incident has been resolved.

4. SERVICE LEVELS

4.1.
‍General Description of Service Levels

(a) Unless otherwise specified, the measurement period for the Service Levels is each Service Period.

(b) Where Service Levels are described as “targeted”, such targeted Service Level measurements represent the expected performance levels of the Service under normal operating conditions, but such targeted measurements are for guidance only and do not constitute any obligations or liabilities on the part of SCW and any failure to meet such targeted Service Levels shall not be construed in any way as a breach by SCW of this Agreement.

(c) In the event that Service Levels fail to meet the targeted Up Time and/or the targeted System Response Time metrics in any Service Period, SCW’s obligations are limited to providing analysis and explanation of the reason(s) and proposed reasonable measures to eliminate the undershoot. Such measures may require changes either in the usage of the Services by the Customer or of the Services by SCW.

(d) Where Service Levels are described as ‘contracted’, such contracted Service Level measurements represent the actual performance

levels of the Service under normal operating conditions and a failure to meet such contracted Service Levels will result in Service Credits being calculated.

4.2. Uptime and Performance Service Levels

(a) The Service Levels apply to the SCW learning platform and shall be measured over the Service Hours except for scheduled

maintenance periods.

(b) The metrics used to measure performance of the Service are as follows:

(i) System Response Time

(ii) Up Time

(iii) Maintenance Window

(c) The point of measurement for all Services monitoring with respect to System Response time shall be the servers at the SCW sub-processor data center. Response times exclude the transaction cycle times on communication links from the data center to the Customer’s end-user

Commitment	System response time measure	System response Time % of Service period that response times will be met
Targeted	5 seconds	99.9%
Contracted	10 seconds	99.5%
Contracted	10 seconds	99.75%

(d) The System Response metric shall be calculated over a Service Period.

(e) Measurement methods and targets for Service Up Times shall be as follows:

(i) Service Up Time shall be calculated at the end of each Service Period. The Contracted Service level for Service Up Times in any service period shall be 99.75%. The targeted Service Level for Services Up Times in any Services Period shall be 99.9%.

(ii) Up Time shall be expressed in percent and is defined as the time period during which the Service is available to the

customer.

(iii) Up Time is calculated as follows:-

Service Up Time in % = means total number of minutes in

the calendar month minus scheduled downtime minus the

number of minutes of downtime suffered in a calendar

month, divided by the total number of minutes in a

calendar month minus scheduled maintenance windows

(iv) Service Up Time is continuously monitored via the following status page: https://status.securecodewarrior.com

(f) Service Credits shall apply for failure to meet the contracted Service Levels and shall be as follows:

(i) For Uptime Percentage less than 99.75% but equal to or greater than 99.0%, you will be eligible for a 10% Service Credit of the Service fee for the applicable month.

(ii) For Uptime Percentage less than 99.0%, you will be eligible for a 20% Service Credit.

(iii) The Service Fee shall be the total service fee paid divided by the number of months of subscription to the service during a Term.

(iv) SCW shall provide the Service Credit to the Customer in the month following the Service Period in which the Service

Level Failure occurred.

4.3. Maintenance Windows

(a) The provisions for scheduled maintenance are as follows :

Frequency	Weekly
Duration	Maximum of two (2) hours

(b)

Unplanned maintenance including corrective actions to be taken by SCW to resolve an incident

4.4.
‍Service Level Exclusions

The parties agree that the Service Levels shall not apply if one or more of the following exists:

(a) Suspension of the Service to carry out planned or routine maintenance.

(b) Adverse impact on Up Times or Response Times due to the malfunction of Customer-owned or controlled firewalls, networks, or connectivity.

4.5.
‍Back-Ups

(a) SCW shall take a backup of all Customer data:-

(i) Incremental Backup: Every Minute, retained for 24 hours

(ii) Full backup: Every 6 hours, retained for 2 calendar days.

(iii) Full backup: Every day retained for 7 calendar days.

(iv) Full backup: Every week retained for 4 calendar weeks.

(v) Full backup: Every month retained for 13 months.

(b) Such backup shall be stored at a separate, secure, location to the production environment.

(c) Backup data shall only be used for resolving incidents in the SCW Platform. Backup data is not intended to be used (and in most cases won't be able to be used) to recover data accidentally deleted by Customer. Accidentally deleted data does not classify as an incident.

‍

Appendix A - Secure Code Warrior Legal Entities

a. ENGLAND AND WALES
Secure Code Warrior Limited
Company Number 08559432
Ironstone House
4 Ironstone Way
Brixworth, Northampton. NNG 9UD
United Kingdom

b. NEW SOUTH WALES
Secure Code Warrior Pty Limited
ABN 97 608 498 639
c/o Vital Addition
5, 120 Sussex Street
Sydney. NSW 2000
Australia

c. BELGIUM
Secure Code Warrior BVBA
Baron Ruzettelaan 5
bus 3 8310 Brugge
Belgium

d. DELAWARE
Security Code Warrior Inc
265 Franklin Street, Suite 1702
Boston MA 02110
USA

e. ICELAND
Motherji ehf
Borgatun 24, 105,
Reykjavik,
Iceland

Appendix B - Collection of Personal Information

a. PLATFORM USER

User email address (username)
First Name, Last Name
Employer/Company Name/ Team name
Test results /Metrics information/Assessment data
IP Address (Anonymised)
Machine ID (Anonymised)
Geo-location (derived from IP)
Password
Roles/Job Title
Inviter details (email address of inviter/First Name/Last Name)
Country/Region
Browser Type
Phone Number*

* Only required for Trial Users

Whilst you have access to our platform, and thereafter for a period of 12 months, unless otherwise agreed.

CUSTOMERS

Name
Business Email Address
Phone Number
Employer/Company Name
Job Title
Billing address
Company/Tax Registration Number

We will retain this information in accordance with applicable laws and our privacy policy for a period of 7 years from the date of our last contact with you unless, where you are entitled, request that we delete this information.

‍
PRospects / leads

Name
Business Email Address
Phone Number
Employer/Company Name
Job Title
Physical Location

We will retain this information for a period of 24 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.

PARTICIPANTS IN TOURNAMENTS AND / OR COMPETITIONS: Registrant / participant

Name
Email address
Physical address in circumstances where there may be a physical prize to be delivered
Country/Region

We will retain this information for the duration of the Competition, and for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information

SUPPLIER

Name
Business/Company Name
Email Address
Phone Number
Bank Details
Billing address
Company/Tax Registration Number

We will retain this data for up to 7 years from our last contact with you, unless you request that we delete the data beforehand.

recruitment candidates

CV/ Resume
Phone Number
Date of Birth
Qualifications
Email address
Physical address (if provided)

For unsuccessful we will retain this data for a period of twelve (12) months so that we may contact you regarding any future opportunities, unless you request that we delete the data beforehand.

Website visitor

Name³
Contact information³ (company, role/title, business email address and phone number)
IP Address¹
Cookie Data¹ ²

¹ When you communicate with us through our websites:
We use Drift as one of our chatbots to allow customers to interact with us through our websites. Drift will only use the IP address for data enrichment, i.e. to determine if it is associated with a business to provide Secure Code Warrior with information such the industry and # of employees of the business.

Drift will only use cookies to track the activities of site visitors within Secure Code Warrior’s sites, e.g. whether they visited a particular product page or the pricing page before engaging with the messaging widget. Drift will NOT track users across domains or build profiles.

² Cookiebot

We use Cookiebot to manage all cookies across our websites. Cookiebot allows Secure Code Warrior to:

Enable prior consent.
Provide clear and specific information about data types and purpose of the cookies.
Fully document all given consents.
Allow our visitors to reject superfluous cookies and still use our websites.
Allow our visitors to withdraw their consent whenever they want.

³ Information is collected after consent is given

Refer to our cookie policy

We will retain this data for a period of 12 months from the date of our last contact with you unless, where you are entitled, request that we delete this information.

Appendix C - Purposes for which we process your personal information, and the lawful basis on which we carry out such processing

1. PLATFORM USER

1.Necessary to enable us to perform our contract with you:

to set up, administer and manage a user’s account, verify a user’s identity, provider users with our platform and services, and to receive and respond to a user’s communications and requests.
to notify our users of updates to our platform and services necessary for the performance of the contract we have with you.
to support any other purpose necessary for performance of our contractual obligations or specifically stated at the time at which you provided your personal information.

2. Necessary for the performance of our contract with you where such communication relates specifically to our services, and legitimate interest to be able to handle such queries:

to receive and respond to a user’s communications and requests.

3. For legitimate interest to enable Secure Code Warrior to:

carry out market research campaigns so that we can better understand the functionality of our platform and how we can improve our platform and our services.
prepare statistics relating to the use of our platform and services by our users so that we can understand the use of, and improve our platform and services.

4. For legitimate interests to allow Secure Code Warrior to improve customer services offering:

to record and review customer service communications for training and performance improvements to enable us to improve customer services.
To enable Secure Code Warrior to comply with legal obligations.

5. With consent:

to send users marketing materials where marketing materials have been specifically requested.

2. Customers

1. Necessary for the performance of a contract

conducting business and make our services available to customers,

2. For legitimate interests to enable Secure Code Warrior to conduct business

to send and receive business communications
to administer our relationship with customers, prospective customers and business contacts

3. For legitimate interests to contact those who may benefit from our services

informing prospective customers and business contacts about our services.

4. With consent

to send out marketing materials where these have been specifically requested.

3. email contact / prospective customer

1.For legitimate interests to enable Secure Code Warrior to conduct business

to send and receive business communications
to administer our relationship with customers, prospective customers and business contacts

2. For legitimate interests to contact those who may benefit from our services

informing prospective customers and business contacts about our services.

3. With consent

to send out marketing materials where these have been specifically requested.

‍
4. participants in tournaments and / or competitions: registrant / participant

1. Necessary for the performance of our contract with you, namely for the running of the competition and/ or tournament

2. With consent: to send out marketing materials

‍

5. SUPPLIER

1. For legitimate interests to enable Secure Code Warrior for the performance of a contract where the supplier is an individual

to assess and appoint suppliers
Legitimate interests to conduct business

2. To send and receive business communications.

3. To administer our relationship with our suppliers.

6. recruitment candidates

To enable Secure Code Warrior to recruit employees and assess potential candidates, that is to:

consider applications for roles for which you may have applied, directly or via a recruitment, and the negotiation of employment opportunities,
consider applicants for other roles within Secure Code Warrior for which they may be suited,
obtain references from former employers.

7. website visitor

For legitimate interest to enable Secure Code Warrior to,

provide, operate, maintain, improve, and promote our Websites and Services;
enable you to access and use our Websites and Services;
send promotional communications, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners (you can opt-out of receiving marketing communications from us by unsubscribing from any communication we send you);
monitor and analyze trends, usage, and activities in connection with our Websites and Services and for marketing or advertising purposes;
investigate and prevent fraudulent transactions, unauthorized access to our Websites and Services, and other illegal activities;
personalize our Websites and Services, including by providing features or advertisements that match your interests and preferences; and for other purposes for which we obtain your consent.

Appendix D - Secure Code Warrior Related Websites

securecodewarrior.com
help.securecodewarrior.com
discover.securecodewarrior.com
leadersinappsec.com
leadersindevsec.com
softwaresecuritygurus.com
scw.io
learn.securecodewarrior.com

SCW SaaS - Customers

Document Summary