QIMA Limited, incorporated and registered in Hong Kong, having its registered office at 5/F Dah Sing Life Building, No. 99-105 Des Voeux Road Central, Hong Kong SAR (hereinafter referred as “QIMA” ).has developed Cyberexpert, a cybersecurity self-assesment compliance platform (hereinafter referred as the “Platform”) in Software-as-a-Service (SaaS) mode.
This Agreement sets out the conditions under which QIMA will provide access to its Platform in SaaS mode.
Each Party has read this Agreement in its entirety and represents to the other Party that it is aware of and understands all of these terms and conditions.
Agreement: means these General Terms and Conditions, its Schedules, and the Sales Order.
Client Data: means the Client’s data uploaded or stored on the Platform by the Client and Users for the purpose of using the Platform.
Confidential Information: means any information of a Party that is identified by the disclosing party as proprietary or confidential, or by its nature should reasonably be understood by the receiving Party to be confidential, as further defined in this Agreement. Confidential Information specifically includes, without limitation, for the Client: the Client Data; and for QIMA: the Software and its features, the Documentation, any programming code, the prices, the details of the Platform, the terms of this Agreement.
Data Protection Legislation: means the Hong Kong Personal Data Privacy Ordinance and all other legislation and regulatory requirements in force under the applicable law which apply to a Party relating to the use of personal data.
Downtime Events: means the events listed in Schedule I excluded of the SLA.
Effective Date: means the signature date of the Sales Order by the Client in electronic format through QIMA’s website or otherwise.
Initial Subscription Term: means the initial term of this Agreement.
Help Center: means the section of the Platform which contains the information and support related to the Platform and enables the Users to report any incidents regarding the Platform.
Intellectual Property Rights or IPRs: mean(s) (i) any and all industrial property rights and intellectual property rights, including copyrights, rights to inventions, design and trademarks (whether registered or unregistered), trade secrets, patents, trade or business names, domain names, goodwill and the right to sue for passing off or unfair competition, copyright and related rights, database rights, know-how, any developments and customizations based on the Platform and Confidential Information (ii) all other intellectual property rights and similar or equivalent rights under any applicable laws anywhere in the world which currently exist or are recognized in the future, and all moral rights related thereto and (iii) applications, extensions and renewals in relation to any such rights.
Login Details: means the usernames and passwords created by the named Users after the validation of the Client’s account.
Professional Services: means additional and specific Services subject to a specific written price quotation.
Sales Order: means any price quotation accepted in writing by the Client or any order issued electronically through QIMA’s website for the purchase of Subscriptions Offer, or Professional Services.
Platform: means the platform developed and owned by QIMA and made accessible via website address cyberexpert.qima.com
Renewal Term: means the successive additional subscription periods following the Initial Subscription Term.
Service Level Agreement or SLA: means the service levels commitments defined in Schedule I. and that QIMA shall comply with.
Software: means the online software applications which are integrated within the Platform, in code object format, and are provided by QIMA.
Subscription Fees: means the fees payable by the Client to use and access the Platform in accordance with the Subscription Offer and the Professional Services chosen by the Client.
Subscription Term: means the Initial Subscription Term together with any subsequent Renewal Periods.
Third Party: means any person other than the Client, its Users, QIMA and QIMA’s employees or persons assigned by QIMA to perform any obligation under this Agreement.
Third Party Materials: means any software or hardware components owned by a Third Party (proprietary or open source) and interoperating in any manner with the Platform. This Third-Party open source software companies list and their open license terms can be provided by QIMA upon Client’s written request.
Users: means the Client’s employees, agents, contractors, suppliers (factories and vendors) and third-party inspectors, who are namely authorised by the Client to access and use the Platform. The Client shall determine the number of Users for the Subscription Offer and is liable for any Users’ fault or negligence.
Provided that the Client and its Users comply with Articles 2.1 to 2.3 herein below and the Client duly pays its Subscription Fees, QIMA will offer to the Client and its Users an access to the Platform for the Subscription Term agreed by the Parties.
The access to the Platform is subject to the purchase of the Subscription Offer. During the purchase process, the Client must provide its full contact details, either via the Platform subscription form or manually via email or other communication means. The Client is also required to determine the number of Users allowed to access and use the Platform.
Subject to the payment of the Subscription Fees and the Sales Order as the case may be and the validation of the Client’s account by QIMA, the Client will name the Users that will be granted access to the Platform and provide their contact details.
In relation to the Users, the Client undertakes that:
The Client will be fully liable for any unauthorized access to, or use of, the Platform due to the negligence or fault of the Users. In the event of any such unauthorized access or use, the Client or the Users must notify QIMA within 24 hours of its discovery.
The Client and its Users shall not access, store, distribute or transmit in the Platform any viruses or any material that:
The Client agrees that aforementioned cases of prohibited use, without limitation, shall constitute an immediate and material breach of this Agreement enabling QIMA to immediately suspend the Client’s access to the Platform and/or terminate the Agreement, without prejudice to any other rights, remedies or damages to which QIMA is entitled.
This Agreement will come into effect on the Effective Date and will continue for the Subscription Term. The Sales Order signed by the Parties shall state the duration of the Initial Subscription Term. Unless one of the Parties terminates this Agreement in accordance with Article 8, the Initial Term shall automatically renew. The Initial Subscription Term together with any subsequent Renewal Periods will constitute the Subscription Term.
QIMA shall make its best efforts to provide reasonable support and assistance to the Client, including through assistance to the Client and its Users in their use of the Platform, via its administrator privileges.
Client’ support requests shall be made within the Platform, preferably from the Help Center, where the Client and the Users will request the opening of an incident ticket in case of any incident as defined in Schedule I.
QIMA shall use commercially reasonable endeavours during the Subscription Term to make the Platform available. Any non-compliance with the Service Levels Agreement will give rise to credits, each defined in the Schedule I.
The SLA will not apply in case of non-compliance caused by the Client’s use or the Users’ use of the Platform in breach with QIMA’s instructions, modification or alteration of the Platform by the Client or the Users, any third party not duly authorized by QIMA, failure of the Client’s network connections or telecommunications links or internet disruption, as the case may be.
The Client undertakes to:
QIMA undertakes to make its best efforts to:
QIMA warrants to the Client that, during the Subscription Term:
The Client warrants that in the event of a Third-Party claim arising from, or relating to, its Users’ act or omission, the Client shall be liable for any of these acts or omissions and shall indemnify QIMA for any damages resulting from such Third-Party claim.
The Client represents and warrants that the Client’s data will be free of any virus, Trojan Horse, cancelbot, timebombs or other devices developed to disable or to erase, damage or corrupt software, hardware or data.
The Client acknowledges and agrees that the Platform is designed solely as an assistance tool for self-assessment purposes with respect to cybersecurity regulations and compliance frameworks. The Platform and any outputs, reports, or recommendations generated therefrom shall not be construed, interpreted, or relied upon as evidence, certification, or proof of compliance with any applicable cybersecurity laws, regulations, standards, or requirements. The Client remains solely responsible for ensuring its compliance with all applicable cybersecurity regulations and for obtaining any necessary certifications or attestations from qualified third parties.
By purchasing a Subscription Offer or additional Users, the Client shall pay by bank transfer or credit card the applicable Subscription Fees and fees, whether monthly or annually, at the beginning of the Subscription Term or as agreed otherwise in the Sales Order.
The Client will be responsible until it terminates this Agreement, for Subscription Fees and any fees in relation with the use of the Platform even if the Client or its Users do not connect with their Login Details to the Platform.
If a payment is not successfully settled, QIMA may suspend Client’s access and its Users’ access to the Platform until the Subscriptions Fees and any fees are paid.
QIMA will be under no obligation to provide, access to the Platform, Professional Services while the Subscriptions Fees remain unpaid.
All Subscriptions Fees stated or referred to in this Agreement:
When required, the Client will provide to QIMA relevant valid, up-to-date and complete contact and billing details.
QIMA may change its Subscription Fees from time to time. Any price changes will apply to the Renewal Term following notice by email of the change(s) to the Client.
If the Client purchases additional Users or Professional Services, the price change will apply at the date agreed by the Parties for the subscription of such additional Users or Professional Services.
This Agreement shall become effective upon the signature date of the Sales Order by the Parties until the end of the Subscription Term.
However, each of the Parties may terminate this Agreement, by providing in writing to the other Party a prior cancellation notice, by email or through any available mean offered by QIMA on the Platform:
If the Client terminates this Agreement before the end of the Subscription Term, the payments made will be not refundable.
Without prejudice to any other rights or damages to which the Parties may be entitled, either Party may terminate this Agreement without prior notice and liability to the other if:
On termination of this Agreement for any reason:
QIMA will use reasonable commercial endeavours to deliver the back-up to the Client within thirty (30) calendar days of its receipt of such a written request, provided that the Client has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Client will pay all reasonable expenses incurred by QIMA in returning or disposing of Client Data; and
the accrued rights of the Parties as of termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination, will not be affected or prejudiced.
Subject to the purchase of a Subscription Offer and the compliance with the terms of this Agreement, QIMA hereby grants to the Client only, excluding any Client’s subsidiary or holding company, during the applicable Term, a non-transferable, non-exclusive, revocable, limited license to access and use the Platform solely for the Client’s internal business operations. The Platform may only be accessed and used by the Users.
QIMA may perform developments within the Platform, including creation of new features, features modifications, customization. QIMA will own and retain all IPRs in the developments and will grant to the Client only, excluding any Client’s subsidiary or holding company, during the applicable Term, a non-transferable, non-exclusive, revocable, limited license to use such developments.
Except as expressly stated herein, nothing in this Agreement will be deemed to grant to any Party any rights to the other Party’s IPRs existing prior to the Effective Date.
Notwithstanding the foregoing, (i) Client will continue to own all rights, title and interest both in and to all of the Client Data; and (ii) QIMA and/or its licensors will continue to own all IPRs in the Platform.
The Client hereby grants to QIMA a worldwide, non-exclusive, unlimited royalty-free license to access, use, copy, adapt, transmit and exploit Client Data to the extent necessary (i) to perform its obligations under the Agreement, (ii) to enhance the Platform (including the performance of the Platform, developing new features, improving QIMA clients’ offers) and (iii) to conduct market research, industry trends and more generally for statistics’ purposes. Such license shall be perpetual for items (ii) and (iii) above provided that the Client Data will only be disclosed, used or otherwise made available in an anonymized and/or aggregated format whereby the Client and/or its Users cannot be identified.
QIMA owns and retains all Intellectual Property Rights in the Platform and its developments and all related Documentation, including, without limitation, any customizations, standardized report templates and/or training and support documents, whatever the format, with the exception of any Third-Party Materials that interoperate with the Platform.
This Agreement does not grant the Client any rights to, under or in, any patents, copyrights, trade secrets, trade names, trademarks (registered or not), or any other rights or licenses in respect of the Platform.
The Client agrees that it shall not, without QIMA’s prior written consent, use any name(s), trade name(s) or trademark(s) of QIMA. The Client shall not attempt to copy or remove any proprietary marks, markings, logos, copyrights or other indications of industrial or intellectual property or other rights on, in or related to the QIMA Software.
The Client shall own all right, title and interest in and to all of the Client Data that is not personal data, and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Client Data.
The Client and its Users shall not:
The Client shall defend, indemnify and hold harmless QIMA from and against any and all claims, actions, losses, damages, liabilities, costs and expenses (including, without limitation, reasonable attorneys’ fees) and disbursements incurred by QIMA arising out of or in connection with QIMA’s use of the Client Data, Client’s use of the Platform, including, without limitation, Client’s use of the Platform in conjunction with any material or content that the Client stores or transmits that:
Neither Party will use, disclose, reproduce, distribute, disseminate, or in any way circulate the other Party’s Confidential Information except as required by law or as required to perform its obligations under this Agreement. The Receiving Party may only disclose Confidential Information to its representatives who have a need to know the Confidential Information in order to allow the receiving Party to adequately perform its obligations under this Agreement. Prior to disclosure of any Confidential Information to any representatives, the receiving Party will advise all representatives of the confidential nature of the Confidential Information and ensure that such representatives will keep the Confidential Information confidential in accordance with the provisions of this Agreement. Each Party will be fully responsible and liable for the actions of its representatives with respect to any Confidential Information.
In the event that a receiving Party becomes required by law to disclose any Confidential Information relating to the other, it will to the extent possible and permitted by law provide the disclosing Party with written notice thereof so that the disclosing Party may seek a protective order or another appropriate remedy. The disclosing Party will have the right to defend such action in lieu of and on behalf of the receiving Party. The receiving Party will cooperate with the disclosing Party in any effort to obtain such remedies but a disclosing Party will not be required to undertake litigation or legal proceedings in its name. In the event that the receiving Party is legally compelled to disclose any Confidential Information, the receiving Party will furnish only that portion of the Confidential Information that is necessary in order to comply with such legal obligation and such disclosure will not be treated as a breach of this Agreement.
Confidential Information excludes information that:
Promptly upon termination of this Agreement or request of the disclosing Party, the receiving Party will return or destroy (at its option), all Confidential Information of the disclosing Party. Any destruction of Confidential Information under this Agreement will be done in a secured manner and in accordance with all applicable law. The receiving Party will not retain any Confidential Information except (a) if, and only to the extent, required by applicable law; (b) as required to respond to actual, threatened or impending legal action; or (c) archived electronic copies of Confidential Information that are saved in due course of a bona fide data retention policy. Notwithstanding any other provision of this Agreement, the confidentiality obligations of this Article will continue to apply to any retained Confidential Information until returned or deleted.
The obligations of the Parties to protect the Confidential Information pursuant to this Article will continue for a period of five (5) years following the termination or expiry of this Agreement.
QIMA is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of Client Data over external communications networks and facilities, including the internet, and the Client acknowledges that the Platform may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
QIMA does not warrant that the Platform will be uninterrupted, secure and/or free of errors or other harmful components and will not be held responsible for any of these.
QIMA disclaims any liability in connection with the Client’s use of the Platform, of the Third-Party Materials and of the Client Data. QIMA will not be held responsible for any damages resulting from the Client’s use of the Platform, including for loss, recovery, or compromise of data, software or programs, to the extent permitted by applicable laws.
The Client and the Users may upload, store and create data through the Platform ( “Client Data” ). The Client remains the only owner of these Client Data and is solely responsible for its use.
QIMA has no obligation to monitor, edit or control in any manner the Client Data and the Client agrees not to upload, store and/or create any data that would contain any unlawful material or violate any applicable laws. The Client is solely responsible for any claim in connection with the Client Data.
To the extent permitted by applicable laws, in no event shall QIMA be held liable for any damages arising from or connected to the Client Data, including for loss, recovery, or compromise of data, software or programs. The Client shall promptly indemnify QIMA for any such loss if so incurred by QIMA.
The Client is fully responsible for its Users, employees, including Inspectors, regarding their use of the Platform, in whole or in part, its features and all related Documentation.
The Client is solely responsible for any claim in connection with the Client’s Data, surveillance tools or detection of fraud features.
QIMA will not be liable to the Client or to any Third Party for any loss or injury arising out of, or caused in whole or in part by QIMA’s acts or omissions or in any other way whatsoever, unless such loss or injury is occasioned by:
The Platform is provided to the Client on an “as is” basis. Nothing in this agreement excludes the liability of each Party:
Subject to the above, QIMA shall not be liable whether in tort, contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses arising under this agreement.
QIMA’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this Agreement shall be limited to the amount of the total Subscription Fees paid during the last 3 months preceding the date on which the claim arose.
QIMA will have no liability to the Client under this Agreement if it is prevented from or delayed in performing its obligations under this Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of QIMA or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, pandemics, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors, provided that the Client is notified of such an event and its expected duration.
This Agreement shall be construed, interpreted and enforced in accordance with, and the respective rights and obligations of the Parties shall be governed by, the laws of Hong Kong SAR.
Any and all disputes, controversy, difference or claim arising out of or in connection with this Agreement, including the existence, validity, breach or termination, negotiation, execution, interpretation, performance or non-performance of this Agreement, or any dispute regarding non-contractual obligations arising out of or relating to it, shall be referred to and finally resolved by the Hong-Kong International Arbitration Centre (HKIAC) under the HKIAC Administered Arbitration Rules in force when the Notice of Arbitration is submitted, whose decision shall be final and binding upon the Parties with no right of appeal. The arbitration tribunal shall consist of one arbitrator, appointed by the joint agreement of the Parties, and proceedings shall be conducted in English language. The seat of arbitration shall be Hong Kong.
This Agreement constitutes the entire agreement between the Parties in relation to its subject matter. It replaces and extinguishes all prior agreements, collateral warranties, collateral contracts, statements, representations and undertakings made by or on behalf of the Parties, whether oral or written, in relation to that subject matter.
If there is an inconsistency between any of the provisions in the main body of this Agreement and the Schedules, the provisions in the Schedules shall prevail.
If there is an inconsistency between any of the provisions in the main body of this Agreement and the Sales Order, the provisions in the Sales Order shall prevail.
The failure to exercise, or delay in exercising, a right, power or remedy provided by this Agreement or by law shall not constitute a waiver of that right, power or remedy. If a Party waives a breach of any provision of this Agreement, this shall not operate as a waiver of a subsequent breach of that provision, or as a waiver of a breach of any other provision.
In addition to those provisions hereof which, by their terms, provide for survival following the termination of this Agreement, the provisions of Articles 5 (Obligations of the Parties), 6 (Warranties), 9 (Intellectual Property Rights), 10 (Confidential Information), 12 (Liability) shall survive the termination of this Agreement.
The Client shall not assign or transfer this Agreement or any of its rights or obligations detailed under this Agreement, whether in whole or in part, without QIMA’s prior written consent.
QIMA may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.
The Clients acknowledges and agrees that QIMA may reference the Client and the nature of the services provided hereunder in QIMA business development and marketing efforts, including without limitation its website.
This Agreement shall be binding upon and enforceable by the Parties and their respective successors and permitted assigns. If any provision of this Agreement is determined by a court of competent jurisdiction to be invalid, illegal or unenforceable in any respect, such determination shall not impair or affect the validity, legality or enforceability of the remaining provisions thereof, and each provision is hereby declared to be separate, severable and distinct.
This Agreement will not be construed as (i) creating any partnership, agency relationship or other form of legal association that would impose liability upon one Party for the actions or failure to act of the other Party, or (ii) providing any Party with the right, power or authority (express or implied) to create any duty for, or obligation of, the other Party.
Either Party may immediately seek equitable relief (without posting a bond or proving actual harm), including, without limitation, temporary injunctive relief upon a violation of a Party’s Confidentiality or Intellectual Property rights.
a. Metrics
QIMA will meet the below service performance standards when providing services to the client.
| System Availability Percentage | Standard |
|---|---|
| Platform Services and Products monthly uptime (availability) | 99% |
b. Definition
The Platform availability level that QIMA plans to meet or exceed during the Subscription Term. The System Availability is calculated according to the following formula:
System Availability Percentage = ((Total Minutes in the Month − Excluded Downtime − Downtime) / (Total Minutes in the Month − Excluded Downtime)) × 100
* “Excluded Downtime” means the Total Minutes in the Month attributable to (a) a scheduled downtime for which a regular Maintenance window (for any updates of the Platform’s features including the major features and/or upgrades of the minor features), or (b) any Major Upgrade Window (for any upgrades of the major Platform’s features) for which the Client has been notified at least two(2) Business Days prior to such Major Upgrade Window or (c) unavailability caused by factors outside of QIMA’s reasonable control, such as Force majeure events, as defined in the Agreement that could not have been avoided even if reasonable care had been exercised.
Any period of time for which the Platform is not available will be considered as part of the SLA except for the following Excluded Downtime Events:
Provided that the Client duly pays on time its Subscription Fees to QIMA, QIMA will provide technical support in case of incidents.
To enable such technical support, Client must report any incident regarding the Platform’s use in a timely manner preferably via the Help Center, accessible via the Client’s Platform interface, from Monday to Friday 8 am to 6 pm (Local Time Zone).
The Client shall cooperate and provide its support as requested by QIMA’s Help Center contacts to resolve and remedy such issues.