***IMPORTANT READ CAREFULLY***
PURCHASE ORDER TERMS AND CONDITIONS
Updated December 26, 2019
2. DELIVERY. Vendor will provide the goods and services, including any Work Product arising therefrom (collectively, the “Work”) at such times and places and of such items and quantities as set forth in the PO. Time is of the essence in Vendor’s performance of its obligations hereunder. If Vendor delivers any Work after the date(s) specified in the PO, Cofense may at its option, reject such Work and cancel the PO. Vendor will (a) keep Cofense reasonably advised of the status of its performance under the PO; (b) permit Cofense or its representatives to review and observe, from time to time upon reasonable notice, Vendor’s performance in connection with the PO; and (c) provide Cofense with such reports as are appropriate to the nature of the Work set forth in the PO, as may be reasonably requested by Cofense from time to time.
3. ACCEPTANCE. All Work will be received subject to Cofense’s inspection and approval within a reasonable time after delivery (“Acceptance”). If Work does not conform to any applicable drawings, samples, descriptions or any other similar specifications (“Specifications”) or warranties set forth herein, at Cofense’s option, Cofense may (a) with respect to goods, at Vendor’s expense, (i) return the non-conforming goods to Vendor for a refund or (ii) require that Vendor replace the non-conforming goods, (b) with respect to services, such services will be promptly re-performed so that such services conform with the Specifications and warranties set forth herein; and (c) with respect to Work Product, such Work Product will be promptly re-delivered so that such Work Product conforms to the Specifications and warranties set forth herein. If Vendor should fail to promptly re-deliver the goods, re-perform the services or correct the Work Product to conform with the Specifications and warranties set forth herein, Cofense may cancel the PO and seek any other remedies available in accordance with applicable law, including cover, incidental and consequential damages.
4. SHIPPING; RISK OF LOSS. Vendor will preserve, pack, package and handle all goods so as to protect the same from loss or damage and in accordance with best commercial practices in the absence of any specifications Cofense may provide. Any goods shipped to Cofense must be properly labeled with the PO number visible. Vendor will ensure all transport and customs documentation is complete and accurate when shipping goods. Unless otherwise agreed to in writing by Cofense: (a) title and risk of loss will pass to Cofense upon Cofense’s Acceptance of goods at the location specified on the PO; and (b) prices on the face of each PO include all charges for packing and crating. Cofense will have the right to return all freight damaged items to Vendor and receive full credit therefor, unless such damage is solely caused by Cofense’s negligence.
5. IMPORTS AND EXPORTS.Vendor is the importer and exporter of record. Vendor will comply with all import and export laws and administrative requirements, including the payment of all associated duties, taxes and fees associated with the import or export of Vendor’s products.
6. INVOICES. Vendor will submit an invoice to Cofense subject to this Section and in the method and manner as may be prescribed by Cofense from time to time. Such invoice will include the applicable PO number and conform to the price and specifications set forth in the PO. If Cofense has separately and specifically agreed to reimburse Vendor for expenses, Vendor will only be entitled to reimbursement for reasonable out-of-pocket expenses incurred directly on Cofense’s behalf in connection with the Work on a cost-basis only, without any mark-up to the extent supported by proof (in a form reasonably satisfactory to Cofense) that such expenses were actually paid.
7. PAYMENT; TAXES. Following Acceptance of the Work, Cofense agrees to pay Vendor the purchase price set forth in the PO within thirty (30) days of receipt of an undisputed invoice for the Work. All amounts to be billed and paid by Cofense hereunder are gross amounts unless otherwise agreed to in writing by the parties. Cofense is not responsible for any taxes on Vendor income under the PO. Notwithstanding any language expressed in this Section, Cofense may withhold (or cause there to be withheld, as the case may be) from any amounts otherwise due or payable under the PO such as federal, state and local income, employment, or other taxes as may be required to be withheld pursuant to any applicable law or regulation.
8. TERMINATION: The PO may be terminated by Cofense at any time, for any reason, with or without cause, upon fifteen (15) days’ written notice to Vendor. If Cofense terminates without cause, Cofense will pay Vendor for Work performed and Vendor’s actual and reasonable expenses for Work that has been satisfactorily completed as of the date of termination, but in no event will such payment exceed the fees set forth in the PO. A party may terminate the PO, if the other party commits a material breach, and fails to remedy such breach within ten (10) days of being notified by the non-breaching party of such breach. If Cofense terminates the PO for Vendor’s material breach, Cofense will have no further payment obligation to Vendor, and will receive a refund for the remainder of the PO term. Unless otherwise agreed upon in writing by the parties, each party will promptly return to the other party all intellectual property of the other party upon the termination or expiration of PO.
9. INTELLECTUAL PROPERTY.
a. WORK PRODUCT. Except as otherwise provided hereunder, Cofense is the sole and exclusive owner of any and all inventions, results, discoveries, improvements, works of authorship, materials, artwork, deliverables and intellectual property which Vendor may develop, create, write, furnish, contribute or otherwise produce in the performance of its services to Cofense (“Work Product”). To the extent possible, all Work Product(s) hereunder will be deemed to be “works-made-for-hire” and Cofense will be deemed to be the sole owner and author thereof in all territories and for all purposes. Vendor hereby transfers and assigns any “moral rights” or rental rights which Vendor may have in any Work Product under any copyright or similar law, either U.S. or foreign, to Cofense. If, for any reason, under the laws of any territory or jurisdiction, the Work Products hereunder are not deemed to be works-made-for-hire and Cofense is not deemed to be the sole author and owner thereof in all territories and jurisdictions and for all purposes, then Vendor hereby transfers and assigns to Cofense all Intellectual Property Rights and interest that Vendor may have in and to any Work Product. “Intellectual Property Rights” means copyrights (including, without limitation, the exclusive right to use, reproduce, modify, distribute, publicly display and publicly perform the copyrighted work), trademark rights (including, without limitation, trade names, trademarks, service marks, and trade dress), patent rights (including, without limitation, the exclusive right to make, use and sell), trade secrets, moral rights, right of publicity, authors’ rights, contract and licensing rights, goodwill and all other intellectual property rights as may exist now and/or hereafter come into existence and all renewals and extensions thereof, regardless of whether such rights arise under the law of the United States or any other state, country or jurisdiction.
b. COFENSE IP. Cofense owns all Intellectual Property Rights in and to Cofense IP. “Cofense IP” means all Cofense proprietary materials, including without limitation, logos, trademarks, trade names, and copyrighted information Cofense’s Confidential Information, Work Product, Cofense Data, threat intelligence and threat indicators, intelligence alerts and reports, source code, and/or investigation tools, documentation, proprietary processes and methods, and any Cofense templates and/or forms.
c. GRANT OF LIMITED LICENSE. During the term of the PO, Cofense hereby grants to Vendor a non-exclusive, restricted license to use certain Cofense IP, solely for purposes of performing its obligations under the PO. The term “restricted license” hereby requires Vendor to obtain prior written approval by Cofense on any and all items for which the Cofense IP will be used (including, but not limited to, banners, promotional items, advertisements, and the like).
d. VENDOR MARKS. Vendor owns all Intellectual Property Rights in and to Vendor’s logo’s, trademarks, and trade names (“Vendor Marks”). Upon Vendor’s prior written approval, Vendor will grant to Cofense a license to use Vendor Marks in connection with the PO.
e. VENDOR SOFTWARE.If the goods set forth in the PO includes any software (including a software-as-a-service offering), related documentation and/or updates thereto (collectively, “Software”) the following terms and conditions apply:
i. Vendor will retain all Intellectual Property Rights in and to the Software. Vendor hereby grants to Cofense and its affiliates a perpetual (unless otherwise limited in the PO to a specific duration), worldwide, non-exclusive license to access and/or use the Software for the business purposes of Cofense and its affiliates. If the PO limits the Software to use by a certain number of users, then Cofense may replace a user with another user from time to time, provided that the then-current number of users using the Software does not exceed such number. If Vendor determines that Cofense and its affiliates have exceeded rights to the Software in the PO through increased usage that is otherwise in accordance with these terms and conditions, Vendor will promptly notify Cofense in writing of such excess usage and Cofense will thereafter promptly eliminate such excess usage.
ii. Cofense and its affiliates may make a reasonable number of backup or archive copies of any Software provided by Vendor. Except as expressly permitted herein, Cofense and its affiliates will (a) not reverse engineer, decompile or otherwise discover the source code of the Software; (b) not remove any copyright, trademark or other proprietary rights notices in the Software; and (c) reproduce such notices on any copies of the Software.
10. COMPLIANCE WITH LAW AND POLICIES. Vendor will perform its obligations and provide all Work hereunder in accordance with all applicable laws, rules, and regulations, as well as applicable Cofense rules, policies and regulations, now in effect or hereafter amended or established by Cofense from time to time. In particular and without limitation, Vendor will not act in any fashion or take any action that will render Cofense liable for a violation of any applicable anti-bribery legislation (including without limitation, the U.S. Foreign Corrupt Practices Act and the UK Bribery Act 2010). Furthermore, Vendor recognizes that Cofense is an equal opportunity employer. Vendor agrees to comply with Cofense policies regarding employment practices and with applicable federal, state and local laws prohibiting discrimination on the basis of race, color, sex, religion, gender identity, national origin, citizenship, age, marital status, sexual orientation, disability or veteran status. Vendor will also comply with the Modern Slavery Act of 2015 and take reasonable steps to ensure that there is no modern slavery or human trafficking in the Vendors or its subcontractors supply chains or any part of their business.
11. VENDOR PERSONNEL; SUBCONTRACTORS. Cofense assumes no liability or responsibility for Vendor personnel. Vendor will: (a) ensure Vendor personnel are in compliance with the PO, Cofense’s policies, and all laws, regulations, ordinances, and licensing requirements; (b) be responsible for the supervision, control, compensation, withholdings, health, and safety of Vendor personnel; (c) upon request, provide Cofense, for export evaluation purposes, to the extent permitted by law, the country of citizenship and permanent residence and immigration status of those persons. Cofense retains the right to refuse to accept persons made available by Vendor for export control reasons; (d) at Cofense’s request, remove Vendor Personnel from any assignment under the PO (which right will not relieve Vendor of any responsibility it has for the PO); (e) comply, at its own expense, with all laws (including Executive Orders), regulations and ordinances relating to verification of employment eligibility for personnel to which it is or becomes subject to, such as participation in the United States Department of Homeland Security’s E-Verify program (“E-Verify”) in the United States or similar state or other government sponsored programs, and verify employment eligibility of all Vendor personnel performing services or providing Work Product to Cofense; (f) upon Cofense’s request, provide documentation to verify compliance with this Section; and (g) to the extent permitted by local law, ensure that prior to Vendor personnel being assigned to perform services under the PO on Cofense’s premises and/or access Cofense’s systems have passed a pre-assignment screening, which may include, but will not be limited to, a drug test, background check and a motor vehicle report. Vendor may not subcontract any of its rights or obligations under the PO without Cofense’s prior written consent. If Cofense consents to the use of a subcontractor, Vendor will guarantee and will remain liable for the performance of all subcontracted obligations in accordance with the applicable terms set forth in this Section.
12. WARRANTIES AND REPRESENTATIONS. Vendor represents and warrants that (a) it has the full power to enter into the PO and to perform its obligations hereunder; (b) it has the right and unrestricted ability to assign any Work Product hereunder to Cofense; (c) all Work does not and will not infringe upon or violate any applicable laws or regulations or any rights of third parties, including, but not limited to, privacy or intellectual property rights, or contain any libelous, defamatory, obscene, threatening, harassing or unlawful material or otherwise contain any material that could reasonably be expected to injure the reputation of Cofense; (d) Work will be free of defects in materials and workmanship under normal use; (e) Work delivered in electronic form, including Software, will not contain any virus, embedded device or undocumented code that is intended to obstruct, prevent or disable Cofense’s use thereof or otherwise contain any other computer programming routines that are intended to damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or personal information; (f) all services provided by Vendor will be provided by qualified personnel reasonably skilled and trained in the performance of the services and in a workmanlike and professional manner; and (g) Work will comply with all applicable federal, state and municipal statutes, laws, ordinances and regulations. If Vendor is supplying Cofense with individual email addresses, Vendor will ensure that such individuals have provided their free, specific and informed consent to allow Cofense to email such individuals. For clarification, consent requires an active and positive opt-in by such individuals.
13. INFORMATION SECURITY
a. Vendor will not place any Cofense Data on any Vendor systems without Cofense’s prior written permission. Vendor understands and agrees that it will not transfer or move any Cofense Data outside of Cofense’s systems or environment without Cofense’s prior written consent. “Cofense Data” is all data (including personal data) and content provided by Cofense or learned of Cofense in the course of Vendor’s provision of the Work and/or Work Product under the PO.
b. Vendor will notify Cofense immediately of any suspected or alleged theft, unauthorized use, disclosure, access, loss or destruction of any Cofense Confidential Information and Cofense Data in Vendor’s or any Vendor Personnel’s possession or control (“Security Incident”). Vendor will promptly comply with all reasonable directions and instructions given by Cofense, and will take such actions and steps as Cofense may specify, in connection with the detection, prevention or mitigation of any Security Incident.
c. Vendor will implement and maintain an effective information security program, consistent with then-current industry best practices, that includes administrative, technical, and physical safeguards; and appropriate technical and organizational measures; in each case, adequate to ensure the security, integrity and confidentiality of Cofense Data and Cofense Confidential Information. Vendor will protect against unauthorized processing of Cofense Data otherwise than in accordance with these terms and conditions. Vendor will encrypt all personal data stored on or while in transit between all digital, analogue or electronic media and storage devices, including computer laptops, tablets, smartphones, CDs, diskettes, portable drives, and magnetic tapes consistent with then-current industry best practices.
d. Vendor will at all times comply with its obligations under all applicable data protection laws, including in relation to all personal data that is processed by Vendor in the course of performing its obligations under the PO, including by maintaining any valid and up to date registrations or notifications required under applicable data protection laws. Vendor will provide Cofense with all reasonable assistance in connection with Cofense’s obligations under all applicable data protection laws and applicable customer agreements to which the Work and Work Product provided under the PO apply, including without limitation, assisting Cofense with carrying out any data protection impact assessments or audits.
e. Vendor will not sell, retain, use, or disclose any Cofense Data that, under the California Consumer Privacy Act (“CCPA”), constitutes “personal information” (“CA Personal Information”), except to provide the Work and Work Product under the PO, or as otherwise permitted by the CCPA, including selling, retaining, using, or disclosing the CA Personal Information for a commercial purpose (as defined in the CCPA). The Parties acknowledge and agree that any CA Personal Information that Cofense discloses to Vendor is provided to Vendor for a business purpose (as defined in the CCPA) and Cofense does not sell CA Personal Information to Vendor for monetary or other valuable consideration in connection with the PO and these terms and conditions. For clarification, Vendor’s access to CA Personal Information or any other Cofense Data does not constitute part of the consideration exchanged by the Parties for the Work and Work Product under the PO. Vendor hereby certifies that it understands its obligations under this section and will comply with them.
14. INDEMNIFICATION. Vendor will defend, indemnify and hold harmless Cofense, and its directors, officers, shareholders, employees, contractors and affiliates, from any and all costs, losses, expenses, claims, suits, actions, damages, liabilities, fines, penalties, reasonable attorneys’ fees (including allocable cost of in-house counsel), court costs or other consequences resulting from (a) a breach of the PO by Vendor, its personnel or its subcontractors; (b) injury to persons, including without limitation death, and damage to property caused by Vendor, its personnel or its subcontractors; (c) the gross negligence or willful misconduct of Vendor, its personnel or its subcontractors; or (d) a claim that the Work infringes a valid third party intellectual property right. If the Work provided to Cofense or the use thereof by Cofense infringes on any third party’s intellectual property rights, Vendor will, at its expense and option, either procure for Cofense the right to continue to use such Work, replace such Work with equivalent non-infringing Work or modify such Work so they become equivalent non-infringing Work. The foregoing, however, will not be construed to limit or exclude any other claims or remedies that Cofense may assert.
15. LIMITATION OF LIABILITY. IN NO EVENT WILL COFENSE BE LIABLE FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO ANY LOST PROFITS AND LOST SAVINGS, HOWEVER CAUSED, WHETHER FOR BREACH OR REPUDIATION OF CONTRACT, TORT, BREACH OF WARRANTY, NEGLIGENCE, OR OTHERWISE, WHETHER OR NOT COFENSE WAS ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES. IN NO EVENT WILL THE LIABILITY OF COFENSE UNDER THE PO EXCEED THE TOTAL AMOUNT DUE AND OWING UNDER THE PO.
a. “Confidential Information” means any non-public, confidential, or proprietary information of a disclosing party (“Discloser”) that should reasonably be understood by the receiving party (“Recipient”) to be confidential because of (i) legends or other markings; (ii) the circumstances of disclosure; or (iii) the nature of the information, which may be disclosed either directly or indirectly, in writing, visual, orally or by inspection of tangible objects (including without limitation documents, prototypes, samples, products, software, product specifications and white papers) or other means. Confidential Information includes but is not limited to technology and technical information, promotional and marketing activities, inventions, finances and financial plans, customers, business and product plans, know-how, source code, data, algorithms, methods and processes, trade secrets, designs, techniques, analyses, models, strategies and objectives, and any third-party information that Discloser is otherwise obligated to keep confidential.
b. Recipient will: (i) not use any Confidential Information for any purpose except to evaluate and engage in discussions concerning a potential business relationship between the parties and/or to fulfill its obligations under the PO; (ii) use at least the same degree of care as Recipient uses to protect its own confidential information from unauthorized use, access or disclosure, but in no event less than a reasonable degree of care; (iii) limit disclosure of Confidential Information to those persons within Recipient’s organization who have a need to know and who have previously agreed in writing, prior to the receipt of Confidential Information, to be bound by confidentiality obligations similar to those set forth herein; (iv) not disclose any Confidential Information to third parties without Discloser’s prior written consent; (v) not copy, reverse engineer, disassemble, create any works from, or decompile any prototypes, software or other tangible objects which embody Discloser’s Confidential Information; and (vi) comply with, and obtain all required authorizations arising from, all U.S. and other applicable export control laws or regulations. Any reproduction of Confidential Information requires Discloser’s prior written consent and will remain the property of Discloser. Any reproductions will contain any and all notices of confidentiality contained on the original Confidential Information.
c. The foregoing confidentiality obligations will not apply to information that Recipient can demonstrate: (i) is publicly known and made generally available through no improper action or inaction of Recipient; (ii) was already in the possession of, or known by Recipient prior to the time of disclosure by Discloser through no fault or breach of the PO by Recipient; (iii) was rightfully obtained by, or disclosed to, Recipient from a third party without any obligation to maintain the Confidential Information as proprietary or confidential; or (iv) is independently developed by Recipient without use of or reference to Discloser’s Confidential Information. Recipient may disclose Confidential Information to the extent such disclosure is required to comply with applicable law or a valid order or requirement of a governmental or regulatory agency or court of competent jurisdiction, provided that Recipient (a) restricts such disclosure to the maximum extent legally permissible; (b) notifies Discloser as soon as practicable of any such requirement to the extent such provision of prior notice is permitted by applicable law; and (c) that subject to such disclosure, such disclosed materials will in all respects remain subject to the restrictions set forth in the PO.
d. Within ten (10) business days of the termination of the PO or upon Discloser’s written request, Recipient will promptly, at Recipient’s election, destroy or return all of Discloser’s Confidential Information in Recipient’s possession or in the possession of any representative of Recipient; provided, however, that Recipient will not, in connection with the foregoing obligations, be required to delete Confidential Information held electronically in archive or back-up systems, and such Confidential Information will in all respects remain subject to the restrictions set forth in the PO. Upon Discloser’s written request, Recipient will provide a certification, signed by an officer of Recipient, as to the destruction or return of Discloser’s Confidential Information.
e. ALL CONFIDENTIAL INFORMATION IS PROVIDED “AS IS.” DISCLOSER MAKES NO WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY, COMPLETENESS OR PERFORMANCE.
f. This Section 16 will survive the termination or expiration of the PO.
17. PUBLICITY. Without securing the prior written consent of Cofense in each instance, Vendor will not use the name or logo of Cofense in any news release, public announcement, advertisement, or other form of publicity, or disclose any of the terms or subject matter of the PO to any third party.
18. INSURANCE. Vendor will obtain and maintain worker’s compensation and employer’s liability insurance in amounts required under the laws of the state(s) in which the Work is to be performed; and comprehensive general liability and automobile liability insurance for bodily injury, death or loss of or damage to property of third persons in the minimum amount of $1,000,000 per occurrence which policy will name Cofense as an additional insured. Vendor will, upon request, promptly furnish to Cofense certificates of insurance as well as copies of any endorsements thereto evidencing Cofense being added as an additional insured.
19. EQUITABLE REMEDIES. Each party acknowledges that a breach by it of any confidentiality and intellectual property rights provisions of the PO will cause the other party irreparable damage, for which the award of damages would not be adequate compensation. Consequently, a party may seek to institute an action to enjoin the other party from any and all acts in a violation of those provisions, without a requirement to prove irreparable harm and without the posting of a bond. This provision will not in any way limit such other remedies as may be available to a party at law or in equity.
20. ASSIGNMENT. Vendor will not assign any portion of its obligations or rights under the PO without the prior written consent of Cofense, and any such attempted assignment in violation of this Section will be null and void.
21. SURVIVAL. In addition to any provisions specifically identified as such hereunder, any provision that contemplates performance or observance subsequent to any termination or expiration of the PO (in whole or in part, including any intellectual property ownership provision) will survive any termination or expiration of the PO and will continue in full force and effect.
22. GOVERNING LAW. All disputes and matters arising out of or relating to the PO will be governed by and construed in accordance with the laws of the Commonwealth of Virginia, without regard for its rules of conflict of laws. Vendor irrevocably and unconditionally submits to the exclusive jurisdiction of the federal or state courts within the Commonwealth of Virginia and the courts of appeal therefrom.
23. NO THIRD-PARTY BENEFICIARIES. Nothing in the PO will benefit or create any right or cause of action in or on behalf of any person or entity other than Vendor and Cofense.
24. RELATIONSHIP OF PARTIES. Vendor will perform the Work as an independent contractor and not as an agent, employee or partner of Cofense for any purpose whatsoever. Neither Vendor nor any Vendor personnel or subcontractors are authorized by Cofense to incur on behalf of Cofense, or to make any promise, warranty or representation with respect to Cofense’s products or otherwise, and will not hold themselves out as being so authorized.
25. NOTICE. Any notice to be given under the PO will be in writing and addressed to the party at the address stated in the front of the PO. Notices will be deemed given and effective (i) if personally delivered, upon delivery, (ii) if sent by an overnight service with tracking capabilities, upon receipt; (iii) if sent by fax or electronic mail, at such time as the party which sent the notice receives confirmation of receipt by the applicable method of transmittal; or (iv) if sent by certified or registered mail, within five days of deposit in the mail.