root@hckrt: ~#
Terms
Last updated 16 February 2021
Please read carefully the below terms of use before using https://hckrt.com/ and/or https://blog.hckrt.com/ (hereinafter together referred to as “Website”).
In case you do not accept the present terms of use, please do not use or visit the Website in any forms.
1. Subject of the terms of use
These Website terms of use contain the general terms and conditions of the Website operated by HACKRATE Ltd. (registered seat: Hungary, 2890 Tata, Baji út 35. 2. lház. 2. em. 12.; tax number: 28961200-2-11; electronic mail address: [email protected]; hereinafter: „Company” or “we” or “us”) under the URLs https://hckrt.com/ and https://blog.hckrt.com/ which apply to everyone who visits the Website, or uses its services (hereinafter: “User”). The Website may only be used within the framework of the applicable laws, without prejudice to the rights of third parties and the Company, and in compliance with the present terms of use.
2. Intellectual Property Rights
All visual, textual and other content on the Website, and the arrangement of those contents, trademarks, logos, characters, furthermore all intellectual properties on this Website are protected by copyright, trademark, or other intellectual property rights, and they are owned by the Company or third person licensors.
Use of the content of the Website or any of its components (e.g., images, text, etc.) in a manner, to the extent and degree other than provided for in the Act LXXVI of 1999 on the Copyright (hereinafter: “Copyright Act”) concerning free use, requires the prior written permission of the Company. The use of contents on the Website or any of its components on the basis of the free use provisions in the Copyright Act, or the written permission of the Company shall be permitted only by referencing the Website, provided that the transferee will not alter the original information and the link to the Website will be accurately and prominently displayed upon each transfer and publication. The substantive and formal components of the Website may not be altered or used for purposes other than the content of the Website.
Nothing on the Website shall be construed in any circumstances as grating anyone a license or the right to use trademarks or any other intellectual property of this Website. Except as provided in the present terms of use the User is strictly prohibited from using the Website or any other intellectual property appearing on this Website without permission.
3. User Account
In some cases, we may require you to create a user account in order to access some parts of the Website. If you wish to create a user account, please refer to our respective Terms and Conditions.
4. Disclaimers
While we make every attempt to ensure the accuracy and completeness of information presented on this Website, and we take reasonable care to maintain the Website, we are not responsible for any damage resulting from any inaccuracy and / or incompleteness and / or timeliness of the data or information on this Website.
The Company, as the operator of this Website, excludes all of its liability to the extent as permitted by applicable laws for the contents posted on this Website, having regard to the fact that the availability and access to the information on the Website, which are not subject to registration are free of charge.
The Company to the extent as permitted by applicable laws disclaims all liability for damages arising from the unavailability or downloading information or documents from the Website. The disclaimers and limitations of liability concerns especially, but not exclusively, the accuracy, completeness and correctness of the information and documents available on this Website.
If the applicable laws permit, the Company shall not be liable for any loss caused by a virus infection or any other malware to the User's computer or other property, resulting from the use of the Website, access to the Website or the downloading of any material from the Website. Users may download any material from the Website at their own risk.
We reserve the right to restrict, suspend, or terminate access to the Website or any part of the Website or any of its features at any time without any prior notice.
The aforesaid limitations of liability shall not apply if and to the extent those limit or exclude HACKRATE's liability for any cases where HACKRATE's liability may not be limited or excluded under applicable law.
5. Links to third party websites
You may find links which lead to other pages while using the Website. The Company as permitted by applicable laws undertakes no liability for the content, accuracy and the operation of third party websites. Links to any such websites shall not be construed as an endorsement of their content by the Company.
The Company as permitted by applicable laws undertakes no liability for the availability of such websites and for any damage or injury arising from the usage of such contents.
Links to third party websites serve only for the convenience of Website Users. Users may visit such websites at their own risks.
Where the Company becomes aware that any link on the Website contains illegal information, upon proof of the infringement, takes immediate action to remove such links.
6. Modifications
The Company is entitled to make reasonable changes to these terms of use at any time, and such modifications shall enter into force on their day of its publication on this Website.
7. Contact
If you have any question concerning our Website, please contact us at any of our contact details at https://hckrt.com/Home/Contact
Last updated 11 February 2021
These Terms and Conditions (“Terms and Conditions”, “Terms”) govern all use of HACKRATE’s Bug Bounty Platform (“the Platform”) and related Services by Program Sponsors sponsoring a Bug Bounty Program through the Platform.
The Platform is owned and operated by HACKRATE Kft. (seat: H-2890 Hungary, Tata, Baji út 35. Building 2. 2/12.; phone: +36203108651, e-mail: [email protected], registered at the Tribunal of Komárom-Esztergom County with registration No.: Cg. 11-09-028368, EU Tax ID: HU28961200, “HACKRATE”).
Program Sponsor and HACKRATE is each a “Party”, jointly referred to as “Parties”.
THE PROGRAM SPONSOR’S ATTENTION IS PARTICULARLY DRAWN TO THE PROVISIONS OF CLAUSES 8, 13, 14 AND 24 (WARRANTIES AND DISCLAIMERS, PAYMENTS AND INVOICING, LIMITS ON LIABILITY, LAW AND JURISDICTION).
1. DEFINITIONS
Affiliate: includes, in relation to either Party, each and any subsidiary or holding company of that Party and each and any subsidiary of a holding company of that party OR any business entity from time to time Controlling, Controlled by, or under common Control with, either Party.
Agreement: these Terms and Conditions, any Order Form or any other written agreement signed by an authorised signatory of HACKRATE and the Program Sponsor governing the use of the Platform and the Services.
Authorization: the term defined in Clause 8.2.b).
Bounty Hunter: a registered and identified user of the Platform who is authorised by the Program Sponsor in line with the Bounty Hunter Terms of Use to enter into, participate in and perform the Program Sponsor’s Bug Bounty Program and use the Services.
Bug Bounty Agreement: a separate agreement concluded between the Bounty Hunter and the Program Sponsor relative to the participation in and performance of the Bug Bounty Program.
Bug Bounty Program or Program: means the program rules made available to Bounty Hunters through the Platform from time to time and which establishes the Program Sponsor’s requirement, defines the Environment, the scope and limits of the program and the Program Sponsor’s instructions under the Agreement.
Bug Bounty Report: the verified and checked report about the Findings submitted by the Bounty Hunter to the Program Sponsor via HACKRATE, in the format defined by HACKRATE on the Platform.
Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in Clause 11.
Control: a business entity shall be deemed to “control” another business entity if it owns, directly or indirectly, in excess of 50% of the outstanding voting securities or capital stock of such business entity, or any other comparable equity or ownership interest with respect to a business entity other than a corporation.
Controller, processor, data subject, personal data, personal data breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation.
Data Protection Legislation: the General Data Protection Regulation ((EU) 2016/679) and the Hungarian Privacy Act (Act No. CXII of 2011) and any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a Party relating to the use of personal data (including, without limitation, the privacy of electronic communications); and the guidance and codes of practice issued by the relevant data protection or supervisory authority and applicable to a Party.
Environment: the set of IT systems under the control of the Program Sponsor and as provided by the Program Sponsor and the Third-Party Systems that the Program Sponsor explicitly allowed in the Bug Bounty Program for its purpose.
Export Control Laws: any applicable laws or regulations applicable, including United States export laws and regulations, to any country for which the government or any agency thereof at the time of export requires an export license or other governmental approval without first obtaining such license or approval.
Finding: any Vulnerability in the Environment identified and submitted by the Bounty Hunter within the scope of the Bug Bounty Program.
Force Majeure: any act of government or state, civil commotion, epidemic, fire, flood, industrial action or organised protests by Third Parties, natural disaster, war, failure of payment systems, damage to or failure of any Third Party’s computer equipment, software or telecommunications systems used to provide the Services, or any event beyond the reasonable control of the Party claiming to be excused from performance of its obligations;
HACKRATE Fees: are the agreed fees (including Subscription Fees and any one-off fee) that the Program Sponsor shall pay HACKRATE for the performance of the Services, as set out in the Order Form.
Intellectual Property Rights: all patents, utility models, rights to inventions, copyright and neighbouring and related rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all and other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection that subsist or will subsist now or in the future in any part of the world, including the Proof-of-Concept Code and Proof-of-Concept Documentation.
Mandatory Policies: the Program Sponsor’s business policies and codes as attached to the respective Bug Bounty Program and as amended from time to time.
Order Form: the Program Sponsor’s order for the Services as set out in the Program Sponsor’s purchase order form OR general terms and conditions OR the Program Sponsor’s written acceptance of a quotation by HACKRATE, or the general terms and conditions, as the case may be.
Platform: the online software applications and website provided by HACKRATE.
Platform Data: has the meaning set out in Clause 12.4.
Proof-of-Concept Code: anything or device (including any software, code, file or programme) which may be required to exploit a Vulnerability within the Environment and that is required to validate and verify a Finding.
Proof-of-Concept Documentation: any information written, graphical or oral that is required to use, build, compile and run the Proof-of-Concept Code and any information that is required to validate and verify a Finding.
Program Budget: the fees the Program Sponsor agrees to provide to HACKRATE for the purpose of the payment of any applicable Rewards to Bounty Hunters.
Program Sponsor: the Party being a business user i.e. acting within the scope of an economic activity (trade, business, craft, liberal profession) and accepting these Terms to whom the Services will be provided and who is responsible for the definition and the approval of the Bug Bounty Program on the Platform, the approval of Bounty Hunters who may participate in the Bug Bounty Program, the provision of the Environment, checking and approval of Findings and Bug Bounty Reports and approval of any Reward payments, if applicable.
Program Sponsor Materials: any materials, equipment, documents and other property of the Program Sponsor provided to HACKRATE for the performance of the Services.
Reward: any payment approved by the Program Sponsor in a Bug Bounty Program and to paid by HACKRATE from the Program Budget to the Bounty Hunter, if applicable.
Services: the Platform and the related services provided by HACKRATE to the Program Sponsor under the Agreement;
Subscription Fees: the agreed subscription fees the Program Sponsor shall pay HACKRATE for the performance of the Services, as set out in the Order Form, if applicable;
Third Party: any person other than HACKRATE, Program Sponsor or their Affiliates.
Third-Party Systems: any IT system (including related data) that is not under the sole control of the Program Sponsor. Accessing, monitoring, intercepting and/or recording both stored and/or live business or private communications may be a criminal offence and the Bounty Hunter, and the Program Sponsor must refrain from such actions.
Virus: anything or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, Viruses and other similar things or devices.
Vulnerability: a weakness in the computational logic (for example, code) found in software and hardware components that when exploited, results in a negative impact to the confidentiality, integrity, or availability, and the term Vulnerabilities shall be construed accordingly.
2. BASIS OF CONTRACT
2.1 The Order Form constitutes an explicit offer by the Program Sponsor regarding the Services in accordance with these Terms and Conditions.
2.2 The Order Form shall only be deemed to be accepted once signed by both HACKRATE and the Program Sponsor, whereupon the Order Form will be deemed to incorporate these Terms and Conditions and form the Agreement. Each signed Order Form will form a separate Agreement and shall be construed accordingly. If the Order Form is signed by several Program Sponsors, those Program Sponsors shall be jointly and severally liable for compliance with their obligations under this Agreement.
2.3 These Terms and Conditions apply to the Order Form to the exclusion of any other terms that the Program Sponsor seeks to impose or incorporate.
2.4 HACKRATE reserves the right to amend these Terms and Conditions and/or the Order Form if necessary, to comply with any applicable law or regulatory requirement, or if the amendment will not materially affect the nature or quality of the Services, and HACKRATE shall notify the Program Sponsor in any such event.
3. TERM
3.1 Unless the Parties agree otherwise in written form, this Agreement shall commence upon signature of the completed Order Form by HACKRATE and the Program Sponsor and will continue until the Bug Bounty Program closing or termination of this Agreement by any of the Parties.
4. SERVICES
4.1 The Program Sponsor may access and use the Platform solely for its and, if applicable, its Affiliates own business purposes to connect with Bounty Hunters and utilize the Services set forth in the Order Form or otherwise mutually agreed in written form by HACKRATE and the Program Sponsor. Program Sponsor shall not use the Services, or any portion thereof, for the benefit of any Third Party or in any manner not permitted by these Terms. Program Sponsor may create Programs using the Bug Bounty Program template (see Appendix 2 of these Terms) and, if applicable, offer Rewards to Bounty Hunters for the submission of Findings and/or Bug Bounty Reports to such Programs. Bounty Hunters can contact the Program Sponsor through the Platform if Bounty Hunters are interested in participating in such Programs and submit Findings for the Programs under the Bug Bounty Program.
4.2 Services may include Third Party services if such services are set out in an Order Form or otherwise mutually agreed by HACKRATE and the Program Sponsor. Notwithstanding anything to the contrary in the Terms, the Third Party services will only be provided to Program Sponsor by the Third Party services provider. HACKRATE is not responsible for the Third-Party services and makes no warranty or representation with respect to such Third Party services.
4.3 Program Sponsor acknowledges that a Bug Bounty Program may be public or private Program. Program Sponsor may define a private Bug Bounty Program and submit it to the Platform. HACKRATE will not make private Bug Bounty Programs visible to Bounty Hunters. In case of a private Bug Bounty Program, the Program Sponsor may select and approve Bounty Hunters to participate in such Program and HACKRATE will invite the selected Bounty Hunters through the Platform.
5. HACKRATE’S OBLIGATIONS
5.1 In providing the Platform and the Services to the Program Sponsor, HACKRATE shall
a) grant to the Program Sponsor a non-exclusive, non-transferable right during the Term to use the Platform solely to run a Bug Bounty Program on the Platform in accordance with the Agreement;
b) co-operate with the Program Sponsor in all matters relating to the use of the Platform under the Agreement.
6. PROGRAM SPONSOR’S OBLIGATIONS
6.1 The Program Sponsor shall:
a) respond without delay to HACKRATE’s reasonable requests for information and documents, including proof of identity of Program Sponsor’s authorized representatives, the ownership of the Environment, the existence of licenses, permission and consents and any confirmation of the details of any Reward offered within the Program;
b) comply with HACKRATE’s reasonable instructions, guidelines and directions in relation to the use of the Platform (including guidelines in relation to data security and access) and the related Services;
c) satisfy the conditions (if any) to be fulfilled by the Program Sponsor for it to receive and use the Services;
d) comply with its obligations and warranties under this Agreement, and any additional obligations as set out in the Order Form and the Bug Bounty Agreement, including any payment obligation agreed between HACKRATE and the Program Sponsor;
e) obtain, maintain and procure all necessary licences, permissions and consents which may be required for the use of the Platform and the Services before the date on which the Services are to start.
6.2 In relation to the Bounty Hunters, the Program Sponsor shall
a) conclude a binding Bug Bounty Agreement with Bounty Hunters reflecting the requirements of the Agreement and the Bounty Hunter Terms of Use;
b) if applicable, provide a clear method to securely report Findings.
c) not threaten or initiate legal action against Bounty Hunters if the Bounty Hunter materially complied with the Bug Bounty Agreement, including the Program terms;
d) confirm once a Finding has been resolved and throughout the process, provide regular updates of the current status, and the expected timeline to triage and fix the Finding.
e) approve any payments of any Rewards, if applicable, in accordance with the Program rules.
6.3 If HACKRATE’s performance of any of its obligations under the Agreement is prevented or delayed by any act or omission by the Program Sponsor or failure by the Program Sponsor to perform any relevant obligation (Program Sponsor Default), then
a) without limiting or affecting any other right or remedy available to it, HACKRATE shall have the right to suspend performance of the Services or the Bug Bounty Program until the Program Sponsor remedies the Program Sponsor Default, and to rely on the Program Sponsor Default to relieve it from the performance of any of its obligations in each case to the extent the Program Sponsor Default prevents or delays HACKRATE’s performance of any of its obligations;
b) HACKRATE shall not be liable for any costs or losses sustained or incurred by the Program Sponsor arising directly or indirectly from HACKRATE’s failure or delay to perform any of its obligations as set out in Clause 5.1; and
c) the Program Sponsor shall reimburse HACKRATE on written demand for any costs or losses sustained or incurred by HACKRATE arising directly or indirectly from the Program Sponsor Default.
7. REWARDS
7.1 Program Sponsor may award Rewards to those Bounty Hunters who participate in the Program Sponsor’s Programs and/or submit a Finding that meet the Program Sponsor’s requirements. HACKRATE agrees to process such Reward payments; provided, however that before processing any such payments HACKRATE must receive the Program Budget prepayment from the Program Sponsor for the Program. HACKRATE is not responsible for delays in payment outside of HACKRATE’s reasonable control, or unless otherwise set forth in the Order Form or agreed to by HACKRATE, for processing or providing to Bounty Hunters any Reward that is not a monetary payment.
7.2 Program Sponsor acknowledges that HACKRATE shall not accept any payments from or make any payments to FATF high risk or monitored jurisdictions. Once the Program Sponsor approves a Finding and its criticality, the Program Sponsor shall authorize HACKRATE to pay the pre-defined Reward for the Bounty Hunter, according to the payment mode selected by the Bounty Hunter (e.g., wire transfer) and currency (e.g., HUF, EUR or USD) on the Platform.
7.3 Program Sponsor acknowledges that HACKRATE will require the Bounty Hunter to provide HACKRATE with a valid tax residency certificate before making any payments to the Bounty Hunter. Program Sponsor acknowledge and agrees that HACKRATE will not make any payments if the Bounty Hunter does not present a valid tax residency certificate to HACKRATE.
8. WARRANTIES AND DISCLAIMERS
8.1 For the duration of the Term, HACKRATE warrants that:
a) it has the full power and authority to enter into this Agreement;
b) it has obtained and will continue to hold all necessary licences, permits and agreements required for the use of the Platform and the exercise by the Program Sponsor of the rights granted by HACKRATE under this Agreement; and
c) the use of the Platform by the Program Sponsor as permitted by this Agreement does not infringe any Third-Party Intellectual Property Rights.
8.2 For the duration of the Term, the Program Sponsor warrants that:
a) it has the full power and authority to enter into this Agreement;
b) it has obtained and will continue to hold or procure all necessary licences, consents, permits and agreements (collectively “Authorizations”) required for the performance of its obligations and the exercise by HACKRATE of the rights granted by the Program Sponsor under this Agreement and Program Sponsor provides written proof of such Authorizations to HACKRATE upon request; and
c) the use of the Program Sponsor Materials by HACKRATE as permitted by this Agreement do not infringe any Third-Party Intellectual Property Rights; and
d) Program Sponsor's participation in the Program and use of the Services must not violate any law, or disrupt, compromise or abuse any data or data access of other persons. When carrying out any of the activities connected with the Program, including any instructions to Bounty Hunters, the Program Sponsor must abide the law. There may be additional restrictions depending upon applicable local laws and the Program Sponsor agrees to comply with all these applicable local requirements and rights of Third Parties.
8.3 The Program Sponsor understands and accepts that information in a Finding and/or the Bug Bounty Report may be based upon and may comprise information provided to HACKRATE by Third Parties or is otherwise publicly available and HACKRATE is not able to control or verify the accuracy and/or completeness of such information. Accordingly, whilst HACKRATE agrees to use all reasonable care and skill in the collection and collation of a Finding and/or a Bug Bounty Report it otherwise gives no warranty about the accuracy or fitness for any particular purpose of a Finding and/or the Bug Bounty Report and in particular accepts no liability for any inaccuracy, incompleteness or other error in a Finding and/or the Bug Bounty Report which arises as a result of data provided by the Program Sponsor, Bounty Hunter or any Third Party.
8.4 The Program Sponsor acknowledges that:
a) The Platform is “as is” and “as available”, therefore, any use of the Platform and the Services by the Program Sponsor is at its sole risk. HACKRATE does not warrant that the Program Sponsor’s use of the Platform or the related Services will be uninterrupted or error-free and that the Services and/or the information obtained by the Program Sponsor through the Services will meet the Program Sponsor’s requirements. HACKRATE is not responsible for any damage or harm resulting from a Program Sponsor’s communications or interactions with Bounty Hunters or other program sponsors, either through the Services or otherwise. Any reputation ranking or description of any Bounty Hunter as part of the Services is not intended by HACKRATE as an endorsement of any type. Any selection or use of any Bounty Hunter is at the Program Sponsor’s own risk. HACKRATE is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the Internet, and Program Sponsor acknowledges that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
b) Any use of or reliance on any Finding or Bug Bounty Report that Program Sponsor receives is at Program Sponsor’s own risk. HACKRATE does not endorse, represent, or guarantee the completeness, truthfulness, accuracy, or reliability of any information in the Finding and/or the Bug Bounty Report. HACKRATE will not be liable for any errors or omissions in any Finding and/or the Bug Bounty Report, or any loss or damage of any kind, incurred as a result of the use of any Finding and/or the Bug Bounty Report.
c) Bounty Hunters are not employees, contractors, or agents of HACKRATE, but are independent Third Parties who want to participate in Bug Bounty Programs and connect with Program Sponsors through the use of the Platform and the Services. Program Sponsor explicitly approves and agrees with the application of the Bounty Hunter Terms of Use between HACKRATE and the Bounty Hunter.
d) Unless otherwise expressly agreed to in writing by HACKRATE, the Program Sponsor agrees that any Bug Bounty Agreement, contract or other interaction between a Program Sponsor and a Bounty Hunter, including with respect to any Program Sponsor Mandatory policies, will be between the Program Sponsor and the Bounty Hunter and HACKRATE is not liable for any actions or omissions by a Bounty Hunter regarding the Program or Bug Bounty Reports submitted to it. HACKRATE is not a Party to such contracts and disclaims all liability arising from or related to such contracts. Program Sponsor acknowledges that it may not exercise any rights, set claims against or make HACKRATE liable for the conclusion and/or the performance of the Bug Bounty Agreement between the Bounty Hunter and the Program Sponsor. Each Bug Bounty Agreement is governed by the respective Bug Bounty Program and the terms set out by the Bounty Hunter and the Program Sponsor between each other.
e) Unless otherwise expressly agreed to in writing by HACKRATE, this Agreement shall not prevent HACKRATE from entering into similar agreements with Third Parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement.
8.5 In light of the Program Sponsor’s acknowledgements under this Clause 8, HACKRATE does not make any warranty or representation that the use by the Program Sponsor of the Platform or any Services which involves the use of such indicative and/or predictive systems or data models or techniques will achieve any particular result for the Program Sponsor and the Program Sponsor acknowledges that the Services are for informational purposes only and not intended to be used as the sole basis for any business decision made by the Program Sponsor.
8.6 Program Sponsor is entirely responsible for fixing of any reported Vulnerability and will carry out or secure all operations necessary for fixing of this Vulnerability in his own interest as soon as possible. HACKRATE is not responsible for any damage incurred due to Program Sponsor 's delay with Vulnerability fixing. HACKRATE is not responsible for any damage incurred due to any kind of violation of any vulnerability which was detected in the Program Sponsor 's Environment which is object of the published Program.
9. INDEMNITY
9.1 The Program Sponsor will indemnify, defend, and hold harmless HACKRATE and its officers, directors, employees, and agents, from and against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising out of a Third Party claim (i) that Program Sponsor Materials or Platform Data infringe upon Intellectual Property Rights (including a patent, copyright, trademark, or trade secret) of a Third Party, or (ii) arising from the Program Sponsor’s use of the Platform, the Services, a Bug Bounty Report or Finding in violation of its Mandatory Policies or any other applicable regulatory requirements.
9.2 HACKRATE will indemnify, defend, and hold harmless the Program Sponsor and its officers, directors, employees, and agents, from and against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising out of a Third Party claim that HACKRATE Platform infringes Intellectual Property Rights (including a patent, copyright, trademark, or trade secret) of a Third Party, provided that HACKRATE shall not be responsible for any such claim to the extent arising out of or relating to a Bug Bounty Report, the Program Sponsor Materials or Platform Data supplied by Program Sponsor.
9.3 The indemnity in Clause 9 is given on condition that the indemnified Party:
a) notifies the indemnifying Party promptly and in any event no later than 30 days after becoming aware of any matter or claim to which the indemnity might relate;
b) does not make any admission or settlement in respect of such matter or claim without the prior consent of the indemnifying Party (such consent not to be unreasonably withheld or delayed); and
c) allows the indemnifying Party, where appropriate, to appoint legal advisers of its choice and to conduct and/or settle negotiations and/or proceedings relating to such matter or claim and the indemnified Party shall comply with the indemnifying Party’s reasonable requests in the conduct of any such negotiations and/or proceedings.
9.4 The indemnified Party shall give prompt written notice of all claims for which indemnity is sought and shall cooperate in defending against such claims, at the expense of the indemnifying Party. The indemnifying Party shall conduct and have sole control of the defence and settlement of any claim for which it has agreed to provide indemnification; provided that the indemnified Party shall have the right to provide for its separate defence at its own expense.
10. COMPLIANCE
10.1 Each Party undertakes to the other that, in connection with HACKRATE’s provision or the Program Sponsor’s use of the Services (as appropriate), it will at all times comply with all applicable legislation, regulations, and other rules having equivalent force including the Data Protection Legislation and any subordinate or associated regulations.
10.2 HACKRATE shall not be required to vary, amend and/or enhance the Services and/or the Platform as a result of the provisions of Clause 10 other than where either specifically agreed with the Program Sponsor or where HACKRATE, in its reasonable opinion, considers that such variation, amendment and/or enhancement is fundamental to the continued use of the Platform or the Services by its Program Sponsors generally.
10.3 If as a result of any changes in any legislation, regulations, codes or other rules having equivalent force (including any reasonable interpretation thereof), HACKRATE considers in its reasonable opinion that it is no longer desirable or practicable for HACKRATE to continue to provide the Services and/or the Platform at all or in accordance with this Agreement, HACKRATE shall be entitled to do one of the following on giving one months’ prior notice to the Program Sponsor:
a) modify the affected Services and/or Platform as necessary to accommodate such changes; or
b) terminate the Agreement in respect of those Services and/or Platform which are affected by such changes (without liability).
10.4 Neither Party shall export, directly or indirectly, any technical data acquired from the other Party under this agreement (or any products, including software, incorporating any such data) in breach of any applicable laws or regulations (Export Control Laws), including United States export laws and regulations, to any country for which the government or any agency thereof at the time of export requires an export licence or other governmental approval without first obtaining such licence or approval. Each Party undertakes:
a) contractually to oblige any Third Party to whom it discloses or transfers any such data or products to make an undertaking to it in similar terms to the one set out above; and
b) if requested, to provide the other Party with any reasonable assistance, at the reasonable cost of the other Party, to enable it to perform any activity required by any competent government or agency in any relevant jurisdiction for the purpose of compliance with any Export Control Laws.
11. CONFIDENTIALITY
11.1 Each Party shall, in respect of the Confidential Information for which it is the recipient:
a) keep the Confidential Information strictly confidential and not disclose, directly or indirectly, any part of such Confidential Information to any person except as permitted by, or as required for the performance of the recipient’s obligations under, this Agreement or under the Bounty Hunter Terms of Use between HACKRATE and the Bounty Hunter;
b) take all reasonable steps to prevent unauthorised access to the Confidential Information;
c) not use the Confidential Information other than for the purposes set out in this Agreement; and
d) not copy, reduce to writing or otherwise record the Confidential Information except as strictly necessary for the purposes set out in this Agreement. Any such copies, reductions to writing and records shall be the property of the disclosing Party.
11.2 Subject to Clause 11.1, the Parties may disclose the Confidential Information to, and allow its use in accordance with this Agreement by, the following:
a) employees and officers of the recipient who necessarily require it as a consequence of the performance of the recipient’s obligations under the Agreement;
b) the recipient’s auditors and professional advisors solely for the purposes of providing professional advice and any other persons or bodies having a legal right or duty to have access to, or knowledge of, the Confidential Information in connection with the business of the recipient; and
c) in the case of HACKRATE being the recipient, agents and sub-contractors of HACKRATE who necessarily require it as a consequence of the performance of HACKRATE’s obligations under this Agreement.
11.3 As a condition of the rights set out in Clause 11.2 the Party wishing to exercise the rights must:
a) ensure that any Party to whom it discloses Confidential Information is under an obligation of confidentiality in relation to such Confidential Information; and
b) procure that such persons observe the restrictions in this Clause 11.1.
11.4 The restrictions in Clause 11.1 do not apply to any information to the extent that it:
a) is or comes within the public domain other than through a breach of Clause 11.1; or
b) is in the recipient’s possession (with full right to disclose) before receiving it from the other Party; or
c) is lawfully received from a third Party (with full right to disclose); or
d) is independently developed by the recipient without access to or use of the Confidential Information; or
e) is required to be disclosed by law, any securities exchange, court order or by other authority of competent jurisdiction or any regulatory or government authority to which the receiving Party is subject provided that, so far as it is lawful to do so, the receiving Party shall take into account the reasonable requests of the disclosing Party in relation to the timing and content of such disclosure.
12. INTELLECTUAL PROPERTY RIGHTS
12.1 All Intellectual Property Rights in the Platform will remain vested in HACKRATE (or its relevant licensors) and to the extent that any rights in such materials and data vest in the Program Sponsor by operation of law, the Program Sponsor hereby assigns (by way of present and future assignment) such rights to HACKRATE. The Program Sponsor will notify HACKRATE promptly upon becoming aware of any unauthorised use of Intellectual Property Rights in the Platform.
12.2 All Intellectual Property Rights in the Program Sponsor Data, Program Sponsor Materials and the Environment will remain vested in the Program Sponsor (or its relevant licensors) and to the extent that any rights in such materials vest in HACKRATE by operation of law, HACKRATE hereby assigns (by way of present and future assignment) such rights to the Program Sponsor.
12.3 The Program Sponsor grants or procures to HACKRATE a fully paid-up, non-exclusive, royalty-free non-transferable license to copy and modify any Program Sponsor Materials provided by the Program Sponsor to HACKRATE for the purpose of providing the Services to the Program Sponsor. Program Sponsor acknowledges and agrees that it shall not acquire or claim any title to any of HACKRATE’s (or its relevant licensors’) Intellectual Property Rights by virtue of the rights granted to the Program Sponsor under this Agreement or through its use of HACKRATE’s (or its relevant licensors’) Intellectual Property Rights and further agrees that it will not, at any time, do, or omit to do, anything which is likely to prejudice HACKRATE’s or its licensors’ ownership of such Intellectual Property Rights.
12.4 Program Sponsor authorizes HACKRATE to aggregate and anonymize information from Bug Hunter Reports and use of the Services (“Platform Data”). Provided that Platform Data does not identify individual Program Sponsors or Bounty Hunters, Program Sponsor hereby agrees and authorizes HACKRATE in full extent permitted by law that HACKRATE may disclose, dispose or sell Platform Data in an aggregated or anonymized form. To the extent permitted by applicable law, Program Sponsor shall grant or procure the grant to HACKRATE a worldwide, irrevocable, perpetual, sub-licensable, transferable and royalty free licence to use, analyse, host, disclose, store, reproduce, distribute and create derivative works of Platform Data for the purpose of advertising, marketing, operating, promoting, improving and providing the Services and the Platform; as well as for the purposes of the advertising, marketing, promotion, of the Platform, even if Program Sponsor stops using the Platform or the Services.
12.5 HACKRATE acknowledges and agrees that it shall not acquire or claim any title to any of the Program Sponsor’s (or its relevant licensors’) Intellectual Property Rights by virtue of the rights granted to HACKRATE under this Agreement or through its use of the Program Sponsor’s (or its relevant licensors’) Intellectual Property Rights and agrees that it will not, at any time, do, or omit to do, anything which is likely to prejudice the Program Sponsor’s or its licensors’ ownership of such Intellectual Property Rights.
13. LIMITS ON LIABILITY
13.1 HACKRATE’s liability to the Program Sponsor in respect of any claims for the damage to or loss of tangible property (excluding claims for loss or corruption of, or damage to, data contained on any tangible media) shall be limited to the amount of the Program Budget specified in the Order Form.
13.2 Subject to Clauses 13.1, 13.4, 13.5, 13.6, 13.7 and 13.8, HACKRATE’s liability to the Program Sponsor per claim or series of claims arising from any one incident in respect of any claims arising (whether in contract, negligence, for breach of statutory duty or under any indemnity or otherwise) arising out of or in connection with this Agreement shall be limited to an amount equivalent to fees paid and/or payable in respect of the 6 months immediately prior to the date of the relevant incident.
13.3 The Program Sponsor shall:
a) notify HACKRATE in writing as soon as possible after becoming aware of any matter giving rise to or, in the Program Sponsor's reasonable opinion, is likely to give rise to liability under Clause 13.2, allowing HACKRATE to assess and, if applicable, mitigate the circumstances giving rise to any such liability; and
b) use reasonable endeavours to mitigate any circumstances under its control giving rise to any potential liability under Clause 13.2.
13.4 The limitations in Clause 13.2 shall not apply to the indemnity under Clause 9.2 given by HACKRATE in respect of Third-Party claims made against the Program Sponsor for infringement of Intellectual Property Rights.
13.5 Neither Party shall be liable (including under any indemnity given in this Agreement) for and to the extent that any proceedings, actions, claims or demands arise as a result of the failure of any product or services supplied by a Third Party directly to the Party making the claim.
13.6 HACKRATE shall not be liable (including under any indemnity given in this Agreement) for and to the extent that any proceedings, actions, claims or demands arise as a result of:
a) any modification, variation or amendment of the Platform or any part of them other than in accordance with this Agreement or as directed by HACKRATE; or
b) use of the Platform or any part of them in combination with any unapproved software, equipment or materials.
13.7 Subject to Clause 13.8, HACKRATE shall not be liable (whether in contract, negligence, for breach of statutory duty or under any indemnity or otherwise) for:
a) any indirect or consequential loss;
b) the following types of financial loss of the Program Sponsor: loss of profits; loss of earnings; loss of business or goodwill; business interruption; regardless of whether direct or indirect and even if HACKRATE had notice of the possibility of the Program Sponsor incurring such losses; or
c) the following types of anticipated or incidental losses of the Program Sponsor: loss of anticipated savings; increase in bad debt; loss of sales or revenue; failure to reduce bad debt; reduction in the value of an asset; regardless of whether direct or indirect and even if HACKRATE had notice of the possibility of the Program Sponsor incurring such losses.
13.8 Nothing in this Agreement shall limit or exclude HACKRATE's liability to the Program Sponsor for:
a) for personal injury or death resulting from HACKRATE’s negligence or that of its employees, agents and/or sub-contractors;
b) for any matter which it would be illegal for HACKRATE to exclude and/or limit, or attempt to exclude and/or limit, its liability; or
c) for HACKRATE’s fraud or fraudulent misrepresentation.
14. PAYMENTS AND INVOICING
14.1 In consideration for the provision of the Platform by HACKRATE to Program Sponsor, the Program Sponsor shall pay in advance the Program Budget, the applicable HACKRATE Fees and any applicable Subscription Fees as set out in the Order Form.
14.2 If the parties stipulate a Subscription Fee in the Order Form, then the agreed subscription period shall commence upon the provision of the Services by HACKRATE to the Program Sponsor. The subscription period shall renew automatically on the subscription’s expiry date and for the duration as defined in the Order Form. Subscription Fees are not refundable, except at the discretion of HACKRATE.
14.3 In the event of the termination of this Agreement, the Program Sponsor acknowledge and agrees the waive any claims regarding paid Subscription Fees.
14.4 All sums referred to in this Agreement are exclusive of VAT or any other similar sales or turnover tax (if applicable); such taxes shall be payable by the Program Sponsor to HACKRATE on the same payment terms as apply to the sums to which the taxes relate.
15. TERMINATION
15.1 Either Party shall be entitled to terminate this Agreement immediately by serving written notice on the other Party in the following circumstances:
a) if the other Party commits a material breach of any of its obligations under this Agreement which is not capable of remedy; or
b) if the other Party commits a material breach of any of its obligations under this Agreement which is not remedied within 30 days after receipt of a notice from the Party not in breach specifying the breach, requiring its remedy and making clear that failure to remedy may result in termination.
15.2 Termination of this Agreement (or of any element of it) shall not affect any rights, obligations or liabilities of either Party:
a) which have accrued before termination; or;
b) which are intended to continue to have effect beyond termination.
16. DATA PROTECTION
16.1 The Program Sponsor warrants that the performance of the Bug Bounty Program does not involve the processing of personal data of Third Parties, other than Bounty Hunters’ personal data for the performance of the Bug Bounty Program.
16.2 The Program Sponsor may ask HACKRATE any time to reveal the identity of a Bounty Hunter participating in the Bug Bounty Program. Upon Program Sponsor’s request, HACKRATE will contact the Bounty Hunter and ask for its consent to transfer Bounty Hunters contact information to the Program Sponsor. Program Sponsor acknowledges that HACKRATE is not obliged and may refuse to reveal the identity or contact details of the Bounty Hunter to Program Sponsor.
16.3 The Parties agree that with respect to the processing of personal data processed and disclosed on the basis of this Agreement, each Party shall be considered as an independent data controller and none of the Parties shall be responsible for the data processing activities of the other Party, which shall be performed for the independent purposes and independent means by each Party, respectively. In relation to the Agreement, the legal basis under applicable Data Protection Laws for the disclosure of personal data to a Party shall be secured by the Party handing over (transferring, disclosing) the personal data to the other Party. This also applies to any personal data directly disclosed by employees or contractors of a Party to the other Party in connection with the Agreement. The disclosing Party warrants that it has an appropriate legal basis for the disclosure of personal data to the other Party.
16.4 Without prejudice to Clause 16.1 above, if any further data processing by HACKRATE results HACKRATE acting as the data processor of the Program Sponsor, then an additional data processing agreement shall be concluded between the Parties which, in accordance with applicable Data Protection Legislation, is necessary to meet the requirements for the processing of personal data.
17. VARIATIONS
17.1 Variations of this Agreement shall not be effective unless recorded in writing signed by the Parties’ authorised signatories; variations in electronic form shall not count as variations recorded in writing.
18. FORCE MAJEURE
18.1 Neither Party will be liable for any delay or failure in the performance of its obligations under this Agreement if such delay or failure is due to an event of Force Majeure.
18.2 If Force Majeure occurs, the delaying Party shall be entitled to an extension of time for so long as the Force Majeure persists on condition that:
a) it promptly notifies the other Party (“unaffected Party”) of the occurrence of the Force Majeure;
b) it discusses with the unaffected Party possible action to be taken to overcome the effect of the Force Majeure; and
c) it uses all reasonable endeavours to overcome the Force Majeure.
18.3 If the Force Majeure persists for a period of 30 days or more, the Party not claiming Force Majeure may give notice to the other to terminate this Agreement with effect from a date specified in the notice without penalty or other liability (except for any liability on the Program Sponsor to pay accrued fees).
19. ASSIGNMENT
19.1 Subject to Clause 19.2, neither Party may assign, transfer, charge or deal in any other manner with this Agreement or any of its rights under it, or purport to do any of these things, or sub-contract any or all of its obligations under this Agreement without the prior written consent of the other Party (such consent not to be unreasonably withheld or delayed).
19.2 HACKRATE shall be entitled to sub-contract any or all of its obligations under this Agreement to a sub-contractor, without obtaining prior consent, but by doing so HACKRATE shall be responsible for the acts and omissions of the sub-contractor to the same extent as if it had carried out the obligations itself pursuant to this Agreement.
20. WAIVER
20.1 If either Party fails to exercise a right or remedy that it has or which arises in relation to an incident in connection with this Agreement either immediately or at all, such failure shall not prevent that Party from exercising that right or remedy subsequently in respect of that or any other incident.
20.2 A waiver of any breach or provision of this Agreement shall only be effective if it is made in writing and signed by the authorised signatory of the Party who is waiving the breach or provision. Any waiver of a breach of any term of this Agreement shall not be deemed a waiver of any subsequent breach and shall not affect the enforceability of any other term of this Agreement.
21. SEVERANCE
21.1 If any part of this Agreement is found to be invalid, unlawful or unenforceable by any court or other competent body, such invalidity or unenforceability shall not affect the validity, lawfulness or enforceability of any other provisions of this Agreement and such other provisions shall remain in full force and effect.
21.2 If any part of this Agreement is found to be invalid or unenforceable by any court or other competent body but would be valid or enforceable if some part of the provision were deleted, the provision in question shall be treated as having been amended as necessary to make it valid and enforceable.
21.3 In the circumstances referred to in Clause 21.1 and if Clause 21.2 does not apply, the Parties agree to attempt to substitute for any invalid or unenforceable provision a valid and enforceable provision which achieves to the greatest extent possible the same effect as would have been achieved by the invalid or unenforceable provision.
22. NO PARTNERSHIP
22.1 Nothing in this Agreement is intended to, or shall, operate to:
a) create a partnership or joint venture of any kind between the Program Sponsor and HACKRATE;
b) authorise either Party to act as agent for the other Party; or
c) authorise either Party to act in the name or on behalf of, or otherwise to bind, the other Party in any way.
23. NOTICES
23.1 Any notices to be sent by one Party to the other in connection with this Agreement except for the service of court proceedings shall be in writing and shall be delivered personally or sent by special delivery post (or equivalent service offered by the postal service from time to time) or by e-mail to the addresses of each Party as notified from time to time.
23.2 Notices shall be deemed to have been duly given as follows:
a) if delivered personally, upon delivery;
b) if sent by post, two clear days after the date of posting; or
c) if sent by email, only upon acknowledgment of the email by the recipient (not including out of office messages) provided that if such acknowledgment has not been received by the sender within 2 working days, the notice shall be deemed invalid.
23.3 If either Party notifies the other Party of a change to its details for the purposes of Clause 24.1, such notification shall only be effective on the date specified in such notice or seven days after notice is given, whichever is later.
24. LAW, JURISDICTION AND LANGUAGE
24.1 This Agreement and all matters arising out of it shall be governed by, and construed in accordance with, the laws of Hungary.
24.2 Each Party irrevocably agrees that that all disputes arising from or in connection with this Agreement, its breach, termination, validity or interpretation, shall be exclusively decided by the Court of Arbitration attached to the Hungarian Chamber of Commerce and Industry, Budapest in accordance with its own Rules of Proceedings. The number of arbitrators shall be three. The language to be used in the arbitral proceedings shall be English. The foregoing shall not preclude HACKRATE from filing court action or seeking any injunctive relief or protective measures in any competent court for the protection of its Intellectual Property Rights under the general rules or to file a lawsuit or take action before the courts located at Program Sponsor’s place of establishment or at any jurisdiction for the place of a tort.
24.3 The Agreement is made in the Hungarian language and in the English language. In case of any conflicts between the Hungarian language and the English language versions, then the terms of the English language version shall prevail.
Last updated 11 February 2021
1. About Us
1.1 HACKRATE (www.hckrt.com, hereinafter: the “HACKRATE”) is a bug bounty platform (“the Platform”) that helps HACKRATE’s Program Sponsors reduce cybersecurity risks by using the power of the global ethical hacker community.
1.2 The Platform enables Bounty Hunters to sign up for participation, enter into and perform Bug Bounty Programs sponsored by HACKRATE Program Sponsors and to establish a contractual relationship between the Bug Bounty Hunter and HACKRATE’s Program Sponsors.
1.3 HACKRATE is operated by HACKRATE Kft. (seat: H-2890 Hungary, Tata, Baji út 35. Building 2. 2/12.; phone: +36203108651, e-mail: [email protected], registered at the Tribunal of Komárom-Esztergom County with registration No.: Cg. 11-09-028368, EU Tax ID: HU28961200).
2. Our contract with you
2.1 These Bounty Hunter Terms of Use (“ToU” or “Agreement”) apply to you and the provision of our Services via the Platform by us to you. These ToU are made in the Hungarian language and in the English language. In case of any conflicts between the Hungarian language and the English language versions, then the terms of the English language version shall prevail.
2.2 THE BOUNTY HUNTER’S ATTENTION IS PARTICULARLY DRAWN TO THE PROVISIONS OF CLAUSES 6, 8, 12, 14, 16, 17, 27 and 28 (Third Party Systems, Submitting Findings and the Bug Bounty Report, The Bounty Hunter’s Obligations, Intellectual Property Rights, Export Compliance, Limitation of Liability, Governing Law, Jurisdiction).
3. Definitions
Active Period: the timeframe of a Bug Bounty Program while the Program Sponsor accepts Findings and make the Environment available and accessible to Bounty Hunters; the Bug Bounty Program’s time of suspension shall not qualify as an Active Period. Bug Bounty Program cancellation automatically terminates the Active Period.
Bounty Hunter: a registered and identified user of the Platform who is authorised by the Program Sponsor to enter into, participate in and perform the Program Sponsor’s Bug Bounty Program, and use the Services.
Bug Bounty Agreement: a separate agreement concluded between the Bounty Hunter and the Program Sponsor relative to the participation and performance of the Bug Bounty Program.
Bug Bounty Program: means the bug bounty program rules that is made available to Bounty Hunters by HACKRATE online via the Platform from time to time which sets out a description of the Program Sponsor’s requirement, defines the Environment, the limits of the program and the Program Sponsor and/or HACKRATE instructions.
Bug Bounty Report: the verified and checked report about the Findings submitted by the Bounty Hunter to the Program Sponsor via HACKRATE, in the format defined by HACKRATE on the Platform.
Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in Clause 15.1.
Controller, processor, data subject, personal data, personal data breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation.
Data Protection Legislation: the General Data Protection Regulation ((EU) 2016/679) and the Hungarian Privacy Act (Act No. CXII of 2011) and any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the privacy of electronic communications); and the guidance and codes of practice issued by the relevant data protection or supervisory authority and applicable to a party.
Environment: the set of IT systems under the control of the Program Sponsor and as provided by the Program Sponsor and the Third-Party Systems that the Program Sponsor explicitly allowed in the Bug Bounty Program for the purpose of the Bug Bounty Program.
Export Control Laws: any applicable laws or regulations applicable, including United States export laws and regulations, to any country for which the government or any agency thereof at the time of export requires an export license or other governmental approval without first obtaining such license or approval.
Finding: any Vulnerability identified by the Bounty Hunter in the Environment.
Heightened Cybersecurity Requirements: any laws, regulations, codes, guidance (from regulatory and advisory bodies, whether mandatory or not), international and national standards, industry schemes and sanctions, which are applicable to either the Program Sponsor or a Bounty Hunter relating to security of network and information systems and security breach and incident reporting requirements, which may include the NIS Directive ((EU) 2016/1148), Commission Implementing Regulation ((EU) 2018/151), the Act on Information Security (Act No. L of 2013), all as amended or updated from time to time.
Intellectual Property Rights: all patents, utility models, rights to inventions, copyright and neighbouring and related rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all and other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection that subsist or will subsist now or in the future in any part of the world, including the Proof-of-Concept Code and Proof-of-Concept Documentation.
Mandatory Policies: the Program Sponsor’s business policies and codes as attached to the respective Bug Bounty Program as amended by notification to the Bounty Hunter from time to time.
Platform: the online software applications and website provided by HACKRATE as part of the Services.
Program Sponsor: the party being a business user i.e. acting within the scope of an economic activity (trade, business, craft, liberal profession) and accepting the Program Sponsor Terms to whom the Services will be provided and who is responsible for the definition and the approval of the Bug Bounty Program on the Platform, the approval of Bounty Hunters who may participate in the Bug Bounty Program, the provision of the Environment, checking and approval of Findings and Bug Bounty Reports and approval of any Reward payments, if applicable.
Proof-of-Concept Code: anything or device (including any software, code, file or programme) which may be required to exploit a Vulnerability within the Environment and that is required to validate and verify a Finding.
Proof-of-Concept Documentation: any information written, graphical or oral that is required to use, build, compile and run the Proof-of-Concept Code and any information that is required to validate and verify a Finding.
Reward: any payment approved by the Program Sponsor in a Bug Bounty Program and to paid by HACKRATE to the Bounty Hunter, if applicable.
Services: the Platform and the related services provided by HACKRATE to the Bounty Hunter under this Agreement via the HACKRATE website.
Third Party: any person other than HACKRATE, Program Sponsor or their Affiliates.
Third-Party Systems: any IT system (including related data) that is not under the sole control of the Program Sponsor. Accessing, monitoring, intercepting and/or recording both stored and/or live business or private communications may be a criminal offence and the Bounty Hunter, and the Program Sponsor must refrain from such actions.
Virus: anything or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
Vulnerability: a weakness in the computational logic (for example, code) found in software and hardware components that when exploited, results in a negative impact to the confidentiality, integrity, or availability, and the term Vulnerabilities shall be construed accordingly.
4. Account Registration on the Platform
4.1 Any user, as a natural person over the age of 18 in their full legal capacity can register to the Platform who accepts this Agreement and abides HACKRATE’s acceptable use terms as set out in Clause 5 regarding the Platform. A user must provide his or her identification data, contact and payment information required by HACKRATE from time to time.
4.2 The user warrants for the validity and accuracy of the information provided to HACKRATE.
4.3 HACKRATE shall implement reasonable measures on the Platform to verify the accuracy of the information entered by or provided by the user. The user also warrants to keep the Platform account password confidential and that the Platform account password is not used for the user’s any other services or account.
4.4 HACKRATE reserves the right to verify the user’s e-mail address, payment and invoicing information (e.g., a bank account number), company information (if applicable) and identity any time. For this purpose, HACKRATE may require the user to present official identity documents (such as government ID, passport etc.) to HACKRATE that the user registered to the HACKRATE account.
4.5 HACKRATE reserves the right to reject, suspend or cancel any registration at any time. Once HACKRATE may have verified the identity of the user and approved the user registration then the user shall become a Bounty Hunter.
4.6 The Bounty Hunter warrants to keep up to date his or her account information and undertake to take the identity verification process if it is deemed any time to be necessary by HACKRATE.
4.7 The Bounty Hunter acknowledges and accepts that the Bounty Hunter account is not transferable, and the Bounty Hunter shall not allow any other person to access and/or use the Bounty Hunter’s account.
4.8 HACKRATE reserves the right to monitor and check the use of Bounty Hunter accounts. HACKRATE may terminate this Agreement and permanently ban a Bounty Hunter from the Platform under the terms of this Agreement.
5. Acceptable Use of the Platform
5.1 In the course of its use of the Platform and/or the Services or participation in a Bug Bounty Program shall not perform any activities that,
a) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
b) facilitates any illegal activity;
c) depicts sexually explicit images;
d) promotes unlawful violence;
e) is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or
f) stores, distributes or transmits any Viruses or
g) is otherwise illegal or causes personal injury and damage to property;
5.2 HACKRATE reserves the right, without liability or prejudice to its other rights to the Bounty Hunter, to disable the Bounty Hunter’s access to any material, Service or Bug Bounty Program that breaches the provisions of this Clause 5.
5.3 The Bounty Hunter shall not:
a) perform any activities that is not explicitly authorized in the Bug Bounty Program in the Environment;
b) except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this agreement and/or or the respective Bug Bounty Program:
(i) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Environment and/or he Platform (as applicable) in any form or media or by any means; or
(ii) attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Environment that is not expressly allowed by the Bug Bounty Program and/or the Platform; or
c) access all or any part of the Environment and/or the Platform in order to build a product or service which competes with the Environment and/or the Platform; or
d) use the Environment and/or the Platform to provide services to third parties; or
e) use any third-party services that is not expressly allowed by the respective Bug Bounty Program for the performance of any activity in the Environment and/or on the Platform; or
f) access, monitor, intercept and/or record both stored and/or live business or private communications in the Environment and/or Third-Party Systems that is not expressly allowed by the respective Bug Bounty Program;
g) subject to license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Environment and/or the Platform available to any third party, or
h) attempt to obtain, or assist third parties in obtaining, access to the Environment and/or the Platform, other than as provided under this Agreement; or
i) introduce or permit the introduction of, any non-controllable attack, Virus or Vulnerability into HACKRATE’s and/or the Program Sponsor’s network and information systems.
5.4 HACKRATE shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the Platform.
6. Third-Party Systems
6.1 The Bounty Hunter warrants for and shall not use any Third-Party Systems that are not expressly allowed in the Bug Bounty Program by the Program Sponsor during the course of his or her engagement.
6.2 The Bounty Hunter acknowledges that the Services may enable or assist it to access the website content of, correspond with, and purchase products and services from, Third Parties via Third-Party websites and that it does so solely at its own risk. HACKRATE makes no representation, warranty or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with, any such Third-Party website, or any transactions completed, and any contract entered into by the Bounty Hunter, with any such third party. Any contract entered into and any transaction completed via any Third-Party website is between the Bounty Hunter and the relevant Third Party, and not HACKRATE. HACKRATE recommends that the Bounty Hunter refers to the Third Party’s website terms and conditions and privacy policy prior to using the relevant third-party website. HACKRATE does not endorse or approve any Third-Party website nor the content of any of the Third-Party website made available via the Services.
7. Participation in a Bug Bounty Program
7.1 A Bug Bounty Program may be public or private.
7.2 The Bounty Hunter can use the Platform to browse, select and sign up for public Bug Bounty Programs provided by different Program Sponsors prior to in the Bug Bounty Program’s Active Period. If the Program Sponsor and HACKRATE agrees to limit the scope of the Bounty Program to specific Bounty Hunters or based on specific criteria (such as experience, place of residence of the Bounty Hunter, i.e., in private Bug Bounty Program), then HACKRATE will invite only the selected Bounty Hunters to such Bug Bounty Programs. HACKRATE may at its own discretion decide to send out invitations through the Platform and the Bounty Hunter may also reserve the right to reject the invitation to a private Bug Bounty Program.
7.3 The Bounty Hunter must read, acknowledge and accept the terms of the Bug Bounty Program that the Bounty Hunter wishes to sign up for on the Platform. The Bounty Hunter can participate in multiple Bug Bounty Programs in their Active Periods, respectively, at a time provided by the same Program Sponsor or provided by several Program Sponsors.
7.4 The Program Sponsor may require the Bounty Hunter to meet Heightened Cybersecurity Requirements and requirements set out by Mandatory Policies. The Program Sponsor is responsible for making available the applicable Heightened Cybersecurity Requirements and requirements set out by Mandatory Policies to the Bounty Hunter via the Platform. The Bounty Hunter must expressly acknowledge and accept to secure compliance with the Heightened Cybersecurity Requirements and requirements set out by Mandatory Policies. HACKRATE shall not warrant for the validity and accuracy of the Heightened Cybersecurity Requirements and the Mandatory Policies, it is the sole responsibility of the Program Sponsor to define up-to-date requirements in the Bug Bounty Program.
7.5 The Program Sponsor may request HACKRATE any time to reveal the identity of the Bounty Hunter participating in the Bug Bounty Program. In this case HACKRATE will request the Bounty Hunter’s consent to transfer the Bounty Hunter’s identity information to the Program Sponsor. In any case HACKRATE may be unable to transfer identity related personal data to the Bounty Hunter, because the Bounty Hunter does not respond to the consent request, then HACKRATE may suspend or cancel the Bounty Hunter’s user account.
7.6 The Bounty Hunter acknowledges and accepts that by signing up to a Bug Bounty Program, a separate Bug Bounty Agreement shall be concluded between the Bounty Hunter and the Program Sponsor.
7.7 The Bounty Hunter expressly acknowledges and accepts that HACKRATE is not subject of the Bug Bounty Agreement between the Bounty Hunter and the Program Sponsor and may not exercise any rights, set claims against or make HACKRATE liable for the conclusion and/or the performance of the Bug Bounty Agreement between the Bounty Hunter and the Program Sponsor. Each Bug Bounty Agreement is governed by the respective Bug Bounty Program and the terms set out by the Bounty Hunter and the Program Sponsor between each other.
7.8 The Bug Bounty Agreement between the Bounty Hunter and the Program Sponsor shall be concluded and enter into force if the Program Sponsor approves the participation of the Bounty Hunter in the Bug Bounty Program. The Bounty Hunter acknowledges and accepts that the Program Sponsor reserves the right to reject the participation of the Bounty Hunter in the respective Bug Bounty Program, in which case the Bug Bounty Agreement shall not be concluded, and the Bounty Hunter shall not be allowed to participate in the Bug Bounty Program. The Bounty Hunter may request from HACKRATE to re-evaluate the rejection of a Bounty Hunter, in which case HACKRATE will liaise with the Program Sponsor.
7.9 HACKRATE shall send a notification via e-mail and the Platform to the Bounty Hunter if the Program Sponsor has approved the Bounty Hunter’s participation in the related Bug Bounty Program. This notification shall contain the Program Sponsor’s explicit authorization for the Bounty Hunter to engage the performance of activities in the Environment within the limits of the Bug Bounty Program. Once the Program Sponsor approves the participation of the Bounty Hunter in the respective Bug Bounty Program, HACKRATE shall make available the technical details via the Platform for the Bounty Hunter to access the Program Sponsor’s Environment. HACKRATE reserves the right to change such technical details and notify the Bounty Hunter via the Platform from time-to-time. HACKRATE shall not warrant for the availability and/or accessibility of the Environment.
7.10 HACKRATE reserves the right to suspend a Bounty Hunter from participating in the respective Bug Bounty Program on the Program Sponsor’s notification if the Bounty Hunter breached or suspected to have breach the terms of the Bug Bounty Program and/or Heightened Cybersecurity Requirements and/or requirements set out by Mandatory Policies.
7.11 The Bug Bounty Agreement shall automatically terminate by the end of the Bug Bounty Program and/or the Bug Bounty Program’s Active Period. The Program Sponsor may at any time suspend indefinitely and/or cancel the Bug Bounty Program, which shall terminate the Bug Bounty Program’s Active Period. HACKRATE shall notify the Bounty Hunter about the suspension and/or cancellation of the Bug Bounty Program. Such notification shall constitute the explicit withdrawal of the authorization to engage any activity in the Environment.
8. Submitting Findings and the Bug Bounty Report
8.1 The Bounty Hunter shall report any Findings immediately, without delay on the Platform in the required format, during the Active Period of the related Bug Bounty Program. The Bounty Hunter can report one or more Finding(s) at a time on the Platform.
8.2 The Bounty Hunter may request HACKRATE’s assistance in the evaluation of the Finding prior to reporting it on the Platform and the interpretation of the Bug Bounty Program rules.
8.3 The Bounty Hunter must include the Proof-of-Concept Code and Proof-of-Concept Documentation to each Finding and define the criticality of each Finding on the Platform. The Bounty Hunter shall upload Proof-of-Concept Code and Proof-of-Concept Documentation to HACKRATE and/or the Program Sponsor only via the Platform.
8.4 HACKRATE shall review each Findings and HACKRATE reserves the right to reject or overrule any Findings, Proof-of-Concept Code, Proof-of-Concept Documentation and Finding criticality. HACKRATE may validate the Finding prior to sending it to the Program Sponsor for approval via the Platform. The Program Sponsor may reserve the right in the Bug Bounty Program to reject any Findings. The Bounty Hunter acknowledges that The Program Sponsor is allowed to involve third parties to the validation and check of any Findings submitted via the Platform by HACKRATE.
8.5 Once the Program Sponsor approves a Finding it shall be included in the Bug Bounty Report. HACKRATE will anonymize the Bug Bounty Report and shall make it available to the Program Sponsor. HACKRATE will archive anonymized Bug Bounty Reports after the end of the respective Bug Bounty Program and/or the termination of the Active Period.
8.6 The Bounty Hunter can access prior Findings and Bug Bounty Reports submitted by him or her and can also comment on HACKRATE’s and/or the Program Sponsor’s Finding and/or Bug Bounty Report evaluation and the Bounty Hunter can request the re-evaluation of the Bug Bounty Report and/or the Finding.
9. Reward Payment
9.1 HACKRATE shall not accept any payments from or make payments to FATF high risk or monitored jurisdictions. HACKRATE shall require the Bounty Hunter to provide HACKRATE with a valid tax residency certificate before making any payments to the Bounty Hunter. HACKRATE reserves the rights to not make any payments if the Bounty Hunter shall not present a valid tax residency certificate to HACKRATE.
9.2 Once the Program Sponsor approves a Finding and its criticality, the Program Sponsor shall authorize HACKRATE to pay the pre-defined Reward for the Bounty Hunter.
9.3 The Bounty Hunter must select the default payment mode (e.g., wire transfer) and currency (e.g., HUF, EUR or USD) on the Platform. HACKRATE shall make any payments via the default payment mode and in default currency on a monthly basis. HACKRATE shall track payments to Bounty Hunters and shall make the related data available on the Platform to the Bounty Hunter.
9.4 HACKRATE hereby notifies the Bounty Hunter that any Reward or other income that the Program Sponsor or HACKRATE pays to the Bounty Hunter may invoke tax payment obligations and/or social security charges depending on the Bounty Hunter’s country of residence. HACKRATE hereby notifies the Bounty Hunter that in case HACKRATE shall deduct any taxes or social security charges under the applicable tax laws, HACKRATE will pay said taxes and charges and will transfer only the net amount of the Reward to the Bounty Hunter. HACKRATE shall not pay taxes or social security charges that the Bounty Hunter is obliged to pay directly.
10. Bounty Hunter Evaluation
10.1 HACKRATE will keep a record of Bounty Hunter activities on the Platform (“Bounty Hunter Leaderboard”). The Bounty Hunter Leaderboard presents Bounty Hunter rankings for different time periods (e.g., all-time, last month, last quarter, etc.) on the Platform.
10.2 Program Sponsors and/or HACKRATE can award plus or minus points for each Bounty Hunter that participated in a Bug Bounty Program and reported any Findings. HACKRATE and/or the Program Sponsor may award minus points to a Bounty Hunter for reporting invalid, existing or publicly known (at the time of reporting) Findings. Program Sponsors can use the Bounty Hunter records to select Bounty Hunters for private Bug Bounty Programs or set a Bounty Hunter’s status to be automatically allow or reject on the Program Sponsor’s Bug Bounty Programs. In this case the Bounty Hunter can request human intervention.
10.3 HACKRATE may award digital badges to Bounty Hunters at its own discretion. Bounty Hunters may share digital badges on social media platforms.
11. HACKRATE’s Obligations
11.1 HACKRATE shall provide the Services and make available the Platform to Bounty Hunters on and subject to the terms of this Agreement. HACKRATE undertakes that the Services will be performed substantially with reasonable skill and care.
11.2 HACKRATE does not warrant that the Bounty Hunter’s use of the Services will be uninterrupted or error-free and that the Services and/or the information obtained by the Bounty Hunter through the Services will meet the Bounty Hunter’s requirements.
11.3 HACKRATE is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Bounty Hunter acknowledges that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
11.4 This Agreement shall not prevent HACKRATE from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement.
11.5 HACKRATE warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this Agreement.
12. The Bounty Hunter’s Obligations
12.1 The Bounty Hunter shall:
a) provide HACKRATE with:
(i) all necessary co-operation in relation to this Agreement; and
(ii) all necessary access to such information as may be required by HACKRATE;
in order to provide the Services, including but not limited to the participating in any Bug Bounty Program, Emvironment access information and configuration services;
b) without affecting its other obligations under this Agreement, comply with all applicable laws, including the Heightened Cybersecurity Requirements and Mandatory Policies when necessary and regulations with respect to its activities under this Agreement;
c) carry out all other Bounty Hunter responsibilities set out in this Agreement in a timely and efficient manner. In the event of any delays in the Bounty Hunter’s provision of such assistance as agreed by the parties, HACKRATE may adjust any agreed timetable or delivery schedule as reasonably necessary;
d) use the Services and the Platform in accordance with the terms and conditions of this Agreement and shall be responsible for any breach of this Agreement;
e) obtain and shall maintain all necessary licences, consents, and permissions necessary for HACKRATE and/or the Program Sponsor, its contractors and agents to perform their obligations under this Agreement, including without limitation the Services and the Bug Bounty Programs;
f) ensure that its network and systems comply with the relevant specifications provided by HACKRATE from time to time; and
g) be, to the extent permitted by law and except as otherwise expressly provided in this Agreement, solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to the HACKRATE’s systems and/or the Program Sponsor’s Environment, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Bounty Hunter’s network connections or telecommunications links or caused by the internet.
13. Data Protection
13.1 Both parties will comply with all applicable requirements of the Data Protection Legislation. HACKRATE and the Bounty Hunter acknowledge that each party qualifies as an independent data controller as defined by the applicable Data Protection Legislation.
13.2 Without prejudice to clause 13.1 above, if any further data processing by the Bounty Hunter when performing its obligations under this Agreement results in the Bounty Hunter acting as the data processor of HACKRATE, then HACKRATE and the Bounty Hunter shall enter into an additional data processing agreement determined by HACKRATE which, in accordance with applicable Data Protection Legislation, is necessary to meet the requirements for the processing of personal data.
14. Intellectual Property Rights
14.1 The Bounty Hunter acknowledges and agrees to grant HACKRATE and the respective Program Sponsor a fully paid-up by the Reward, worldwide, non-exclusive, royalty-free, perpetual and irrevocable licence to the copy of the Intellectual Property, including the Proof-of-Concept Code and Proof-of-Concept Documentation created during the course of, or for the purpose to participate and perform a Bug Bounty Program relative to a Finding and/or the Bug Bounty Report. HACKRATE and the Program Sponsor may not sub-license, assign or otherwise transfer the rights granted in this Clause, without the prior, written permission of the Bounty Hunter.
14.2 The Bounty Hunter warrants that HACKRATE and the Program Sponsor shall have in perpetuity and without territorial limitation exclusive ownership rights to all Proof-of-Concept Code and Proof-of-Concept Documentation, and all Intellectual Property Rights relative to a Finding and/or the Bug Bounty Report therein created in the course of activities by the Bounty Hunter under this Agreement.
14.3 The Bounty Hunter shall take all appropriate action and execute and deliver all documents necessary or reasonably requested by HACKRATE to effectuate any of the provisions or purposes of Clause 14 or otherwise, as may be necessary or useful for HACKRATE to prosecute, register, record, or enforce its rights in or to any Finding and/or Bug Bounty Report or any Intellectual Property Right therein.
14.4 If the Bounty Hunter is not able to transfer the Intellectual Property Rights to HACKRATE and/or the Program Sponsor for any reasons under this Clause 14, the Bounty Hunter warrants that HACKRATE and/or the Program Sponsor shall have a Licence to use, reproduce, display, perform, distribute, install and make copies for an unlimited period and without territorial limitation on such Intellectual Property Rights. Under the Licence provided or procured by the Bounty Hunter to HACKRATE and/or the Program Sponsor, HACKRATE and/or the Program Sponsor may adapt, reverse engineer, decompile, disassemble or modify the Proof-of-Concept Code and Proof-of-Concept Documentation supplied under this Agreement.
14.5 The Bounty Hunter warrants that no other person has rights or claims over the Intellectual Property Rights delivered to HACKRATE by the Bounty Hunter under this Agreement, which would violate HACKRATE’s or the Program Sponsor’s rights or rightful interests.
14.6 The Bounty Hunter shall indemnify HACKRATE and/or the Program Sponsor against all liabilities, costs, expenses, damages and losses (including any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal and other professional costs and expenses) suffered or incurred by HACKRATE and/or the Program Sponsor arising out of or in connection with any claim made against HACKRATE and/or the Program Sponsor for actual or alleged infringement of a third party’s Intellectual Property Rights arising out of or in connection with use of the Finding and/or the Bug Bounty Report or receipt of the benefit of the Services.
15. Confidentiality
15.1 Each party may be given access to Confidential Information from the other party in order to perform its obligations under this Agreement. A party’s Confidential Information shall not be deemed to include information that:
a) is or becomes publicly known other than through any act or omission of the receiving party;
b) was in the other party’s lawful possession before the disclosure;
c) is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
d) is independently developed by the receiving party, which independent development can be shown by written evidence.
15.2 Subject to this Clause 15.1, each party shall hold the other’s Confidential Information in confidence and not make the other’s Confidential Information available to any Third Party or use the other’s Confidential Information for any purpose other than the implementation of this Agreement.
15.3 Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement.
15.4 A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this Clause 15, it takes into account the reasonable requests of the other party in relation to the content of such disclosure.
15.5 The Bounty Hunter acknowledges that details of the Services, the Bug Bounty Program, the Findings and the Bug Bounty Report and the Intellectual Property, and the results of any activities in the Environment and/or the Platform, constitute HACKRATE’s and the Program Sponsor’s Confidential Information.
15.6 No party shall make, or permit any person to make, any public announcement concerning this Agreement without the prior written consent of the other parties (such consent not to be unreasonably withheld or delayed), except as required by law, any governmental or regulatory authority (including, without limitation, any relevant securities exchange), any court or other authority of competent jurisdiction.
15.7 The above provisions of this Clause 15.1 shall survive termination of this agreement, however arising.
16. Export Compliance
16.1 Neither party shall export, directly or indirectly, any technical data acquired from the other party under this agreement (or any products, including software, incorporating any such data) in breach of any applicable laws or regulations (Export Control Laws), including United States export laws and regulations, to any country for which the government or any agency thereof at the time of export requires an export licence or other governmental approval without first obtaining such licence or approval.
16.2 Each party undertakes:
a) contractually to oblige any third party to whom it discloses or transfers any such data or products to make an undertaking to it in similar terms to the one set out above; and
b) if requested, to provide the other party with any reasonable assistance, at the reasonable cost of the other party, to enable it to perform any activity required by any competent government or agency in any relevant jurisdiction for the purpose of compliance with any Export Control Laws.
17. Limitation of Liability
17.1 To the fullest extent permitted by applicable law, HACKRATE’s contractual and extra-contractual liability shall, irrespective of its legal ground (whether on warranty, contract, tort, negligence or otherwise, including for latent/hidden defects), for losses and damages arising out of or in connection with the provision of the Services or any delay or interruption in the provision of the Services, be limited as follows:
(i) HACKRATE shall be liable up to the amount of foreseeable damages typical for this type of contract due to a breach of material contractual obligations;
(ii) HACKRATE shall not be liable due to a breach of any non-material contractual obligations nor for any slightly negligent breach of any other duty of care applicable; and
(iii) HACKRATE shall not be liable for any special, indirect or consequential damages, including, but not limited to, loss of use, of data, of profits, of savings, of opportunity, of goodwill, as well as for third parties claims (even if HACKRATE has been advised of the possibility of such damage).
17.2 The aforesaid limitations of liability shall not apply if and to the extent HACKRATE has assumed a specific guarantee. Nothing in these Terms of Use will limit or exclude HACKRATE's liability for
(i) death or personal injury resulting from HACKRATE's negligence or the negligence of HACKRATE employees or agents;
(ii) wilful misconduct;
(iii) breach of obligations deriving from public order rules; and
(iv) any other case where HACKRATE's liability may not be limited or excluded under applicable law.
18. Term and Termination
18.1 This Agreement shall commence on the date of accepting it on HACKRATE’s Platform and shall continue to be in effect for an indefinite period of time.
18.2 Either party's right to terminate for good cause remains unaffected.
18.3 The Bounty Hunter may terminate this Agreement by cancelling his or her HACKRATE account at any time.
18.4 Without affecting any other right or remedy available to it, HACKRATE may terminate this Agreement with immediate effect if:
a) the Bounty Hunter commits a material breach of any other term of this Agreement which breach is irremediable or (if such breach is remediable) fails to remedy that breach within a period of 3 days after being notified in writing to do so;
b) the Bounty Hunter repeatedly breaches any of the terms of this Agreement in such a manner as to reasonably justify the opinion that its conduct is inconsistent with it having the intention or ability to give effect to the terms of this Agreement;
c) any warranty given by the Bounty Hunter of this Agreement is found to be untrue or misleading.
18.5 On termination of this agreement for any reason:
a) the Bounty Hunter shall make no further use of any equipment, property, Service and other items (and all copies of them) belonging to HACKRATE and/or the Program Sponsor;
b) HACKRATE may destroy or otherwise dispose of any of the Bounty Hunter’s data in its possession
c) any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination shall not be affected or prejudiced.
19. Force Majeure
19.1 HACKRATE shall have no liability to the Bounty Hunter under this Agreement if it is prevented from or delayed in performing its obligations under this Agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of HACKRATE or any other party), failure of a utility service or transport or telecommunications network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors, provided that the Bounty Hunter is notified of such an event and its expected duration.
20. Waiver
20.1 No failure or delay by a party to exercise any right or remedy provided under this Agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
21. Rights and Remedies
21.1 Except as expressly provided in this Agreement, the rights and remedies provided under this Agreement are in addition to, and not exclusive of, any rights or remedies provided by law.
22. Severance
22.1 If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this Agreement.
22.2 If any provision or part-provision of this Agreement is deemed deleted under Clause 22, the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
23. Entire Agreement
23.1 This Agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
23.2 Each party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement.
23.3 Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this agreement. Nothing in this clause shall limit or exclude any liability for fraud.
24. Assignment
24.1 The Bounty Hunter shall not assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement.
24.2 HACKRATE may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this agreement.
25. No Partnership or Agency
25.1 Nothing in this Agreement is intended to or shall operate to create a partnership between the parties or authorise either party to act as agent for the other, and neither party shall have the authority to act in the name or on behalf of or otherwise to bind the other in any way (including, but not limited to, the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
26. Notices
26.1 Any notice required to be given under this Agreement shall be in writing and shall be delivered via the Platform or by pre-paid first-class or recorded delivery post to the other party at its address as may have been notified by that party for such purposes or sent by fax to the other party’s fax number.
26.2 A notice delivered via the Platform shall be deemed to have been received when delivered. A correctly addressed notice sent by pre-paid first-class post or recorded delivery post shall be deemed to have been received at the time at which it would have been delivered in the normal course of post. A notice sent by fax shall be deemed to have been received at the time of transmission (as shown by the timed printout obtained by the sender).
27. Governing Law
27.1 This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of Hungary.
28. Dispute Resolution
28.1 Each Party irrevocably agrees that that all disputes arising from or in connection with this Agreement, its breach, termination, validity or interpretation, shall be exclusively decided by the Court of Arbitration attached to the Hungarian Chamber of Commerce and Industry, Budapest in accordance with its own Rules of Proceedings. The number of arbitrators shall be three. The language to be used in the arbitral proceedings shall be English. The foregoing shall not preclude HACKRATE from filing court action or seeking any injunctive relief or protective measures in any competent court for the protection of its Intellectual Property Rights under the general rules or to file a lawsuit or take action before the courts located at Bounty Hunter’s place of establishment or at any jurisdiction for the place of a tort.
1. About Us
1.1 HACKRATE (www.hckrt.com, hereinafter: “HACKRATE”) provides agile cybersecurity services, including Managed Vulnerability Disclosure Programs (“mVDPs”) to its clients.
1.2 HACKRATE is operated by HACKRATE Kft. (seat: H-2890 Hungary, Tata, Baji út 35. Building 2. 2/12.; phone: +36203108651, e-mail: [email protected], registered at the Tribunal of Komárom-Esztergom County with registration No.: Cg. 11-09-028368, EU Tax ID: HU28961200).
2. Our contract with you
2.1 These Terms of Use (“ToU” or “Agreement”) apply to you, as a User. If any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this Agreement. If any provision or part-provision of this Agreement is deemed deleted under, the parties shall negotiate in good faith to agree a replacement provision that, to the greatest extent possible, achieves the intended commercial result of the original provision.
2.2 YOUR ATTENTION IS PARTICULARLY DRAWN TO THE PROVISIONS OF CLAUSES 5, 6, 7, 9, 10, 12, 13, 17 and 18 (Third Party Systems, Submitting Findings, Awards, The User’s Obligations, Intellectual Property Rights, Export Compliance, Limitation of Liability, Governing Law, Jurisdiction).
3. Definitions
Active Period: the timeframe of an mVDP Program while HACKRATE accepts Findings on behalf of the mVDP Client and the mVDP Client makes the Environment available and accessible to Users; the mVDP Program’s time of suspension shall not qualify as an Active Period. Program cancellation automatically terminates the Active Period.
Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in Clause 11.1.
Environment: the set of IT systems under the control of the mVDP Client and as provided “as-is” by the mVDP Client that the Client explicitly provided authorization in the mVDP Program.
Export Control Laws: any applicable laws or regulations applicable, including United States export laws and regulations, to any country for which the government or any agency thereof at the time of export requires an export license or other governmental approval without first obtaining such license or approval.
Finding: any Vulnerability identified by the User in the Environment.
Intellectual Property Rights: all patents, utility models, rights to inventions, copyright and neighbouring and related rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all and other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection that subsist or will subsist now or in the future in any part of the world, including the Proof-of-Concept Code and Proof-of-Concept Documentation.
mVDP Client: the party being a business user i.e., acting within the scope of an economic activity (trade, business, craft, liberal profession) that defines the mVDP Program and provides the Environment as the business client of HACKRATE.
Proof-of-Concept Code: anything or device (including any software, code, file or programme) which may be required to exploit a Vulnerability within the Environment and that is required to validate and verify a Finding.
Proof-of-Concept Documentation: any information written, graphical or oral that is required to use, build, compile and run the Proof-of-Concept Code and any information that is required to validate and verify a Finding.
Third-Party: any person other than HACKRATE, the mVDP Client or their Affiliates.
Third-Party Systems: any IT system (including related data) that is not under the sole control of the mVDP Client. Accessing, monitoring, intercepting and/or recording both stored and/or live business or private communications may be a criminal offence and the User must refrain from such actions.
User: You, as an individual and the user of the mVDP Client’s Environment as provided by the mVDP Client “as-is”, who reports a Finding about the Environment via the mVDP Form to HACKRATE made available and publicly accessible in the Client’s Environment.
Virus: anything or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
Vulnerability: a weakness in the computational logic (for example, code) found in software and hardware components that when exploited, results in a negative impact to the confidentiality, integrity, or availability, and the term Vulnerabilities shall be construed accordingly.
4. Acceptable Use Requirements
4.1 In the course of its engagement in the Environment and the use of the mVDP Form the User shall not perform any activities that,
a) is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive;
b) facilitates any illegal activity;
c) depicts sexually explicit images;
d) promotes unlawful violence;
e) is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability; or
f) stores, distributes or transmits any Viruses or
g) is otherwise illegal or causes personal injury and damage to property;
4.2 The User shall not:
a) perform any activities that is not explicitly authorized in the mVDP Program in the Environment;
b) except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this agreement and/or or the respective mVDP Program:
(i) attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Environment and/or the mVDP Form (as applicable) in any form or media or by any means; or
(ii) attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Environment that is not expressly allowed by the mVDP Program and/or the mVDP Form; or
c) access all or any part of the Environment and/or the mVDP Form in order to build a product or service which competes with the Environment and/or the mVDP Form; or
d) use the Environment and/or the mVDP Form to provide services to Third-Parties; or
e) use any Third-Party Services that is not expressly allowed by the mVDP Client for the performance of any activity in the Environment and/or on the mVDP Form; or
f) access, monitor, intercept and/or record both stored and/or live business or private communications in the Environment and/or Third-Party Systems that is not expressly allowed by the MVDP Client;
g) subject to license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Environment and/or the mVDP Form available to any third party, or
h) attempt to obtain, or assist Third-Parties in obtaining, access to the Environment and/or the mVDP Form, other than as provided under this Agreement; or
i) introduce or permit the introduction of, any non-controllable attack, Virus or Vulnerability into HACKRATE’s and/or the mVDP Client’s Environment, network and information systems.
4.3 HACKRATE shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the mVDP Form.
5. Third-Party Systems
5.1 The User warrants for and shall not use any Third-Party Systems that are not expressly allowed by the mVDP Client during the course of his or her engagement in the Environment.
6. Submitting Findings
6.1 The User must read, acknowledge and accept the terms of the mVDP Program as displayed with the mVDP Form before using and submitting data to HACKRATE via the mVDP Form.
6.2 The User shall only engage in actions (e.g., use exploits) in the Environment to the extent that is necessary to confirm the existence of a Finding and the User shall refrain from exploiting, compromising, exfiltrating data or establish persistent access or pivot to other systems.
6.3 The User shall stop all engagements within the Environment once the existence of a Finding is established or the User encountered Confidential Information (e.g., personal data, banking secrecy or other legally protected data) within the Environment.
6.4 The User shall report any Findings immediately, without delay on the mVDP Form in the required format as defined by the mVDP Form, during the Active Period of the related Program.
6.5 The User shall refrain from submitting high volume and low-quality reports to HACKRATE via the mVDP Form. The User can report one Finding at a time on the mVDP Form.
6.6 The User warrants for the validity and accuracy of the information provided to HACKRATE.
6.7 The User must include the Proof-of-Concept Code and Proof-of-Concept Documentation to each Finding and define the criticality of each Finding on the mVDP Form. The User shall upload Proof-of-Concept Code and Proof-of-Concept Documentation to HACKRATE only via the mVDP Form.
6.8 The User can provide a contact email address if the User wishes to receive status information regarding the assessment of the Finding submitted by the User.
7. Awards
7.1 User expressly acknowledge and accepts that HACKRATE shall not award any rewards, make payments or provide compensation to the User in any form. The mVDP Client may award the User on its own discretion, which is out of HACKRATE’s influence and control.
8. HACKRATE’s Obligations
8.1 HACKRATE shall review and validate each Findings in the mVDP Client’s Environment and HACKRATE reserves the right to reject or overrule any Findings, Proof-of-Concept Code, Proof-of-Concept Documentation and Finding. HACKRATE may contact the User regarding the Finding, if the User provided a valid email address for this purpose.
8.2 HACKRATE does not warrant that the User’s use of the mVDP Form will be uninterrupted or error-free and that the information obtained by the User in the Program will meet the User’s requirements.
8.3 HACKRATE is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the User acknowledges that the Program may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
8.4 This Agreement shall not prevent HACKRATE from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement.
8.5 HACKRATE warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this Agreement.
9. The User’s Obligations
9.1 The User shall:
a) provide HACKRATE with:
(i) all necessary co-operation in relation to this Agreement; and
(ii) all necessary access to such information as may be required by HACKRATE (if applicable);
b) without affecting its other obligations under this Agreement, comply with all applicable laws when necessary and regulations with respect to its activities under this Agreement;
c) carry out all other User responsibilities set out in this Agreement in a timely and efficient manner. In the event of any delays in the User’s provision of such assistance as agreed by the parties, HACKRATE may adjust any agreed timetable or delivery schedule as reasonably necessary;
d) use the mVDP Form in accordance with the terms and conditions of this Agreement and shall be responsible for any breach of this Agreement;
e) obtain and shall maintain all necessary licences, consents, and permissions necessary for HACKRATE and/or the mVDP Client, its contractors and agents to perform their obligations under this Agreement, including without limitation the Program and/or the mVDP Form;
f) ensure that its network and systems comply with the relevant specifications provided by HACKRATE from time to time; and
g) be, to the extent permitted by law and except as otherwise expressly provided in this Agreement, solely responsible for procuring, maintaining and securing its network connections and telecommunications links from its systems to the HACKRATE’s systems and/or the mVDP Client’s Environment, and all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the User’s network connections or telecommunications links or caused by the internet.
10. Intellectual Property Rights
10.1 The User acknowledges and agrees to grant HACKRATE and the respective mVDP Client (as displayed on the related mVDP Form) a worldwide, non-exclusive, royalty-free, perpetual and irrevocable licence to the copy of the Intellectual Property, including the Proof-of-Concept Code and Proof-of-Concept Documentation created during the course of, or for the purpose to participate in and perform a Program relative to a Finding. HACKRATE and the mVDP Client may not sub-license, assign or otherwise transfer the rights granted in this Clause, without the prior, written permission of the User.
10.2 The User warrants that HACKRATE and the mVDP Client shall have in perpetuity and without territorial limitation exclusive ownership rights to all Proof-of-Concept Code and Proof-of-Concept Documentation, and all Intellectual Property Rights relative to a Finding therein created in the course of activities by the User under this Agreement.
10.3 The User shall take all appropriate action and execute and deliver all documents necessary or reasonably requested by HACKRATE to effectuate any of the provisions or purposes of Clause 10 or otherwise, as may be necessary or useful for HACKRATE to prosecute, register, record, or enforce its rights in or to any Finding and/or any Intellectual Property Right therein.
10.4 If the User is not able to transfer the Intellectual Property Rights to HACKRATE and/or the mVDP Client for any reasons under this Clause 10, the User warrants that HACKRATE and/or the mVDP Client shall have a Licence to use, reproduce, display, perform, distribute, install and make copies for an unlimited period and without territorial limitation on such Intellectual Property Rights. Under the Licence provided or procured by the User to HACKRATE and/or the mVDP Client, HACKRATE and/or the mVDP Client may adapt, reverse engineer, decompile, disassemble or modify the Finding supplied under this Agreement.
10.5 The User warrants that no other person has rights or claims over the Intellectual Property Rights delivered to HACKRATE by the User under this Agreement, which would violate HACKRATE’s or the mVDP Client’s rights or rightful interests.
11. Confidentiality
11.1 The User acknowledges that details and contents of the Environment, the Program, the Findings and the Intellectual Property, and the results of any activities in the Environment and/or the mVDP Form, constitute HACKRATE’s and the mVDP Client’s Confidential Information.
11.2 The User shall not publicly disclose any Findings (either fixed or not), details of the Environment, the Intellectual Property, including but not limited to the Proof-of-Concept Code and Proof-of-Concept Documentation in any form without HACKRATE’s written authorization.
11.3 Each party may be given access to Confidential Information from the other party in order to perform its obligations under this Agreement. A party’s Confidential Information shall not be deemed to include information that:
a) is or becomes publicly known other than through any act or omission of the receiving party;
b) was in the other party’s lawful possession before the disclosure;
c) is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
d) is independently developed by the receiving party, which independent development can be shown by written evidence.
11.4 Subject to this Clause 11.1, each party shall hold the other’s Confidential Information in confidence and not make the other’s Confidential Information available to any Third Party or use the other’s Confidential Information for any purpose other than the implementation of this Agreement.
11.5 Each party shall take all reasonable steps to ensure that the other’s Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement.
11.6 A party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this Clause 11, it takes into account the reasonable requests of the other party in relation to the content of such disclosure.
11.7 No party shall make, or permit any person to make, any public announcement concerning this Agreement without the prior written consent of the other parties (such consent not to be unreasonably withheld or delayed), except as required by law, any governmental or regulatory authority (including, without limitation, any relevant securities exchange), any court or other authority of competent jurisdiction.
11.8 The above provisions of this Clause 11.1 shall survive termination of this agreement, however arising.
12. Export Compliance
12.1 Neither party shall export, directly or indirectly, any technical data acquired from the other party under this agreement (or any products, including software, incorporating any such data) in breach of any applicable laws or regulations (Export Control Laws), including United States export laws and regulations, to any country for which the government or any agency thereof at the time of export requires an export licence or other governmental approval without first obtaining such licence or approval.
12.2 Each party undertakes:
a) contractually to oblige any third party to whom it discloses or transfers any such data or products to make an undertaking to it in similar terms to the one set out above; and
b) if requested, to provide the other party with any reasonable assistance, at the reasonable cost of the other party, to enable it to perform any activity required by any competent government or agency in any relevant jurisdiction for the purpose of compliance with any Export Control Laws.
13. Limitation of Liability
13.1 To the fullest extent permitted by applicable law, HACKRATE’s contractual and extra-contractual liability shall, irrespective of its legal ground (whether on warranty, contract, tort, negligence or otherwise, including for latent/hidden defects), for losses and damages arising out of or in connection with the provision of the Services or any delay or interruption in the provision of the Services, be limited as follows:
(i) HACKRATE shall be liable up to the amount of foreseeable damages typical for this type of contract due to a breach of material contractual obligations;
(ii) HACKRATE shall not be liable due to a breach of any non-material contractual obligations nor for any slightly negligent breach of any other duty of care applicable; and
(iii) HACKRATE shall not be liable for any special, indirect or consequential damages, including, but not limited to, loss of use, of data, of profits, of savings, of opportunity, of goodwill, as well as for third parties claims (even if HACKRATE has been advised of the possibility of such damage).
13.2 The aforesaid limitations of liability shall not apply if and to the extent HACKRATE has assumed a specific guarantee. Nothing in these Terms of Use will limit or exclude HACKRATE's liability for
(i) death or personal injury resulting from HACKRATE's negligence or the negligence of HACKRATE employees or agents;
(ii) wilful misconduct;
(iii) breach of obligations deriving from public order rules; and
(iv) any other case where HACKRATE's liability may not be limited or excluded under applicable law.
14. Rights and Remedies
14.1 Except as expressly provided in this Agreement, the rights and remedies provided under this Agreement are in addition to, and not exclusive of, any rights or remedies provided by law.
15. Entire Agreement
15.1 This Agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
15.2 Each party acknowledges that in entering into this Agreement it does not rely on, and shall have no remedies in respect of, any statement, representation, assurance or warranty (whether made innocently or negligently) that is not set out in this Agreement.
15.3 Each party agrees that it shall have no claim for innocent or negligent misrepresentation or negligent misstatement based on any statement in this agreement. Nothing in this clause shall limit or exclude any liability for fraud.
16. Governing Law
16.1 This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of Hungary.
17. Dispute Resolution
17.1 Each Party irrevocably agrees that that all disputes arising from or in connection with this Agreement, its breach, termination, validity or interpretation, shall be exclusively decided by the Court of Arbitration attached to the Hungarian Chamber of Commerce and Industry, Budapest in accordance with its own Rules of Proceedings. The number of arbitrators shall be three. The language to be used in the arbitral proceedings shall be English. The foregoing shall not preclude HACKRATE from filing court action or seeking any injunctive relief or protective measures in any competent court for the protection of its Intellectual Property Rights under the general rules or to file a lawsuit or take action before the courts located at User’s place of establishment or at any jurisdiction for the place of a tort.
These Terms and Conditions (“Terms and Conditions”, “Terms”) govern all use of HACKRATE’s Managed Vulnerability Disclosure Program (“mVDP”) and the related Services provided by HACKRATE.
The mVDP is owned and operated by HACKRATE Kft. (seat: H-2890 Hungary, Tata, Baji út 35. Building 2. 2/12.; phone: +36203108651, e-mail: [email protected], registered at the Tribunal of Komárom-Esztergom County with registration No.: Cg. 11-09-028368, EU Tax ID: HU28961200, “HACKRATE”). Client and HACKRATE is each a “Party”, jointly referred to as “Parties”.
THE CLIENT’S ATTENTION IS PARTICULARLY DRAWN TO THE PROVISIONS OF CLAUSES 8, 12, 14 AND 24 (WARRANTIES AND DISCLAIMERS, PAYMENTS AND INVOICING, LIMITS ON LIABILITY, LAW AND JURISDICTION).
1. DEFINITIONS
Active Period: the timeframe of an mVDP Program while HACKRATE accepts Findings on behalf of the Client and the Client makes the Environment available and accessible to Users; the mVDP Program’s time of suspension shall not qualify as an Active Period. Program cancellation automatically terminates the Active Period.
Affiliate: includes, in relation to either Party, each and any subsidiary or holding company of that Party and each and any subsidiary of a holding company of that party OR any business entity from time to time Controlling, Controlled by, or under common Control with, either Party.
Agreement: these Terms and Conditions, any Order Form or any other written agreement signed by an authorised signatory of HACKRATE and the Client governing the use of the mVDP Form and the Services;
Authorization: the term defined in Clause 8.2.b).
Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in Clause 11.
Control: a business entity shall be deemed to “control” another business entity if it owns, directly or indirectly, in excess of 50% of the outstanding voting securities or capital stock of such business entity, or any other comparable equity or ownership interest with respect to a business entity other than a corporation.
Controller, processor, data subject, personal data, personal data breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation.
Data Protection Legislation: the General Data Protection Regulation ((EU) 2016/679) and the Hungarian Privacy Act (Act No. CXII of 2011) and any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a Party relating to the use of personal data (including, without limitation, the privacy of electronic communications); and the guidance and codes of practice issued by the relevant data protection or supervisory authority and applicable to a Party.
Environment: the set of IT systems under the control of the Client and as provided “as-is” by the Client that the Client explicitly provided authorization in the mVDP Program.
Export Control Laws: any applicable laws or regulations applicable, including United States export laws and regulations, to any country for which the government or any agency thereof at the time of export requires an export license or other governmental approval without first obtaining such license or approval.
Finding: any Vulnerability in the Environment identified by a User within the scope of the mVDP Program.
Force Majeure: any act of government or state, civil commotion, epidemic, fire, flood, industrial action or organised protests by Third Parties, natural disaster, war, failure of payment systems, damage to or failure of any Third Party’s computer equipment, software or telecommunications systems used to provide the Services, or any event beyond the reasonable control of the Party claiming to be excused from performance of its obligations;
Intellectual Property Rights: all patents, utility models, rights to inventions, copyright and neighbouring and related rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all and other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection that subsist or will subsist now or in the future in any part of the world, including the Proof-of-Concept Code and Proof-of-Concept Documentation.
mVDP Form: the embeddable form (e.g., an iframe or any other solution) provided by HACKRATE “as-is” and updated from time to time, to the Client to collect information from the Users regarding any Findings identified in the Environment.
mVDP Program or Program: means the program rules made available to the Users as displayed together with the mVDP Form on the URL provided by the Client and which establishes the Client’s requirement, defines the Environment, the scope and limits of the Program and the Client’s instructions to the Users.
Order Form: the Client’s order for the Services as set out in the Client’s purchase order form OR general terms and conditions OR the Client’s written acceptance of a quotation by HACKRATE, or the general terms and conditions, as the case may be.
Proof-of-Concept Code: any thing or device (including any software, code, file or programme) which may be required to exploit a Vulnerability within the Environment and that is required to validate and verify a Finding.
Proof-of-Concept Documentation: any information written, graphical or oral that is required to use, build, compile and run the Proof-of-Concept Code and any information that is required to validate and verify a Finding.
Client: the Party being a business user i.e. acting within the scope of an economic activity (trade, business, craft, liberal profession) and accepting these Terms to whom the Services will be provided and who is responsible for the definition and the approval of the mVDP Program, the provision of URLs where the mVDP form will be embedded and the provision of and securing the Environment.
Client Materials: any materials, equipment, documents and other property of the Client provided by the Client to HACKRATE for the performance of the Services.
Services: the mVDP Form and the related services, such as proof-of-concept assessment and evaluation, vulnerability assessment and evaluation, collaboration with the User and the Client, Finding reporting and consultancy provided by HACKRATE to the Client under the Agreement;
Subscription Fees: the agreed subscription fees the Client shall pay HACKRATE for the performance of the Services, as set out in the Order Form, if completed;
Third-Party: any person other than HACKRATE, Client or their Affiliates.
Third-Party Systems: any IT system (including related data) that is not under the sole control of the Client. Accessing, monitoring, intercepting and/or recording both stored and/or live business or private communications may be a criminal offence and the Client must refrain from such actions.
User: the user of the mVDP Client’s Environment, provided by the mVDP Client “as-is” who reports a Finding about the Environment via the mVDP Form made available and publicly accessible in the Client’s Environment.
Virus: any thing or device (including any software, code, file or programme) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, Viruses and other similar things or devices.
Vulnerability: a weakness in the computational logic (for example, code) found in software and hardware components that when exploited, results in a negative impact to the confidentiality, integrity, or availability, and the term Vulnerabilities shall be construed accordingly.
2. BASIS OF CONTRACT
2.1 The Order Form constitutes an explicit offer by the Client regarding the Services in accordance with these Terms and Conditions.
2.2 The Order Form shall only be deemed to be accepted once signed by both HACKRATE and the Client, whereupon the Order Form will be deemed to incorporate these Terms and Conditions and form the Agreement. Each signed Order Form will form a separate Agreement and shall be construed accordingly. If the Order Form is signed by several Clients, those Clients shall be jointly and severally liable for compliance with their obligations under this Agreement.
2.3 These Terms and Conditions apply to the Order Form to the exclusion of any other terms that the Client seeks to impose or incorporate.
2.4 HACKRATE reserves the right to amend these Terms and Conditions and/or the Order Form if necessary, to comply with any applicable law or regulatory requirement, or if the amendment will not materially affect the nature or quality of the Services, and HACKRATE shall notify the Client in any such event.
3. TERM
3.1 Unless the Parties agree otherwise in written form, this Agreement shall commence upon signature of the completed Order Form by HACKRATE and the Client and will continue until the Client’s valid subscription term.
4. SERVICES
4.1 The Client may use and embed one mVDP Form under one single domain (and an unlimited number of sub-domains) listed in the Order Form solely for its and, if applicable, its Affiliates own business purposes and utilize the Services set forth in the Order Form or otherwise mutually agreed in written form by HACKRATE and the Client. Client shall not use the Services, or any portion thereof, for the benefit of any Third-Party or in any manner not permitted by these Terms.
4.2 Services may include Third-Party services if such services are set out in an Order Form or otherwise mutually agreed by HACKRATE and the Client. Notwithstanding anything to the contrary in the Terms, the Third-Party services will only be provided to Client by the Third-Party services provider. HACKRATE is not responsible for the Third-Party services and makes no warranty or representation with respect to such Third-Party services.
5. HACKRATE’S OBLIGATIONS
5.1 In providing the mVDP Form and the Services to the Client, HACKRATE shall
a) assess, evaluate, validate and confirm a Finding in the Environment submitted by a User via the Client’s mVDP Form;
b) collaborate with the User (if the User provided any contact e-mail address) if necessary relative to the Finding;
c) report the Finding to the Client with HACKRATE’s advice;
d) provide assistance and consultancy services regarding the assessment of any Finding;
e) co-operate with the Client in all matters relating to the use of the mVDP Form under the Agreement.
6. CLIENT’S OBLIGATIONS
6.1 The Client shall:
a) respond without delay to HACKRATE’s reasonable requests for information and documents, including the ownership of the Environment, the existence of licenses, permission and consents regarding Program;
b) comply with HACKRATE’s reasonable instructions, guidelines and directions in relation to the use of the mVDP Form (including guidelines in relation to data security and access) and the Services;
c) satisfy the conditions (if any) to be fulfilled by the Client for it to receive and use the Services;
d) comply with its obligations and warranties under this Agreement, and any additional obligations as set out in the Order Form, including any payment obligation agreed between HACKRATE and the Client;
e) obtain, maintain and procure all necessary licences, permissions and consents which may be required for the use of the mVDP Form and the Services before the date on which the Services are to start;
f) exclude any Third-Party Systems from the Environment and shall not list URLs, systems that are not under the sole control of the Client;
g) notify HACKRATE regarding any modification or change in the Environment 30 days prior to making any modifications or changes;
h) make reasonable efforts to fix reported Findings in the Environment;
i) provide authorization for dedicated HACKRATE staff (including employees and contractors) authorization to perform the Services in the Environment;
j) provide a general authorisation for Users to act within the boundaries of the Environment and within the Active Period and the mVDP Program and Client shall not threaten or initiate legal action against the Users;
6.2 If HACKRATE’s performance of any of its obligations under the Agreement is prevented or delayed by any act or omission by the Client or failure by the Client to perform any relevant obligation (Client Default), then
a) without limiting or affecting any other right or remedy available to it, HACKRATE shall have the right to suspend performance of the Services or the provision of the mVDP Form until the Client remedies the Client Default, and to rely on the Client Default to relieve it from the performance of any of its obligations in each case to the extent the Client Default prevents or delays HACKRATE’s performance of any of its obligations;
b) HACKRATE shall not be liable for any costs or losses sustained or incurred by the Client arising directly or indirectly from HACKRATE’s failure or delay to perform any of its obligations as set out in Clause 5.1; and
c) the Client shall reimburse HACKRATE on written demand for any costs or losses sustained or incurred by HACKRATE arising directly or indirectly from the Client Default.
7. REWARDS
7.1 The Client acknowledges and agrees that any reward the Client wishes to award to any User shall be provided by the Client and HACKRATE is not responsible for the provision of any award, payment or compensation to the User.
8. WARRANTIES AND DISCLAIMERS
8.1 For the duration of the Term, HACKRATE warrants that:
a) it has the full power and authority to enter into this Agreement;
b) it has obtained and will continue to hold all necessary licences, permits and agreements required for the use of the mVDP Form and the exercise by the Client of the rights granted by HACKRATE under this Agreement; and
c) the use of the mVDP Form by the Client as permitted by this Agreement does not infringe any Third-Party Intellectual Property Rights.
8.2 For the duration of the Term, the Client warrants that:
a) it has the full power and authority to enter into this Agreement on its behalf and on behalf of its Affiliates, if those Affiliates also rely on the Services;
b) it has obtained and will continue to hold or procure all necessary licences, consents, permits and agreements (collectively “Authorizations”) required for the performance of its obligations and the exercise by HACKRATE of the rights granted by the Client under this Agreement and Client provides written proof of such Authorizations to HACKRATE upon request; and
c) the use of the Client Materials by HACKRATE as permitted by this Agreement do not infringe any Third-Party Intellectual Property Rights; and
d) Client's use of the mVDP Form and the Services must not violate any law, or disrupt, compromise or abuse any data or data access of other persons. When carrying out any of the activities connected with the mVDP Program, including any instructions to Users, the Client must abide the law. There may be additional restrictions depending upon applicable local laws and the Client agrees to comply with all these applicable local requirements and rights of Third Parties.
8.3 The Client understands and accepts that information in a Finding and/or the mVDP Report may be based upon and may comprise information provided to HACKRATE by Third Parties or is otherwise publicly available and HACKRATE is not able to control or verify the accuracy and/or completeness of such information. Accordingly, whilst HACKRATE agrees to use all reasonable care and skill in the collection, collation, assessment and evaluation of a Finding, it otherwise gives no warranty about the accuracy or fitness for any particular purpose of a Finding and in particular accepts no liability for any inaccuracy, incompleteness or other error in a Finding which arises as a result of data provided by the Client, the User or any Third-Party.
8.4 The Client acknowledges that:
a) The mVDP Form is “as is” and “as available”, therefore, any use of the mVDP Form and the Services by the Client is at its sole risk. HACKRATE does not warrant that the Client’s use of the mVDP Form or the related Services will be uninterrupted or error-free and that the Services and/or the information obtained by the Client through the Services will meet the Client’s requirements. HACKRATE is not responsible for any damage or harm resulting from a Client’s communications or interactions with Users or other Clients, either through the Services or otherwise. HACKRATE is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the Internet, and Client acknowledges that the Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
b) Any use of or reliance on any Finding that Client receives is at Client’s own risk. HACKRATE does not endorse, represent, or guarantee the completeness, truthfulness, accuracy, or reliability of any information in the Finding. HACKRATE will not be liable for any errors or omissions in any Finding or any loss or damage of any kind, incurred as a result of the use of any Finding.
c) Client explicitly approves and agrees with the application of the mVDP Terms of Use between HACKRATE and the User.
d) Unless otherwise expressly agreed to in writing by HACKRATE, this Agreement shall not prevent HACKRATE from entering into similar agreements with Third Parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this Agreement.
e) HACKRATE is not obliged to and cannot confirm and verify the User’s identity.
8.5 In light of the Client’s acknowledgements under this Clause 8, HACKRATE does not make any warranty or representation that the use of the mVDP Form or any Services by the Client which involves the use of such indicative and/or predictive systems or data models or techniques will achieve any particular result for the Client and the Client acknowledges that the Services are for informational purposes only and not intended to be used as the sole basis for any business decision made by the Client.
8.6 Client is entirely responsible for fixing of any reported Findings and Vulnerabilities and will carry out or secure all operations necessary for fixing of this Finding or Vulnerability in its own interest as soon as possible. HACKRATE is not responsible for any damage incurred due to Client 's delay or inability with Finding and Vulnerability fixing. HACKRATE is not responsible for any damage incurred due to any kind of violation of any Findings and Vulnerabilities which was detected in the Client 's Environment.
9. INDEMNITY
9.1 The Client will indemnify, defend, and hold harmless HACKRATE and its officers, directors, employees, and agents, from and against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising out of a Third-Party claim (i) that Client Materials or any data shared with HACKRATE infringe upon Intellectual Property Rights (including a patent, copyright, trademark, or trade secret) of a Third-Party, or (ii) arising from the Client’s use of the mVDP Form, the Services, any mVDP Report or any Findings in violation of any applicable regulatory requirements.
9.2 HACKRATE will indemnify, defend, and hold harmless the Client and its officers, directors, employees, and agents, from and against any claims, disputes, demands, liabilities, damages, losses, and costs and expenses, including, without limitation, reasonable legal and accounting fees arising out of a Third-Party claim that the mVDP Form infringes Intellectual Property Rights (including a patent, copyright, trademark, or trade secret) of a Third-Party, provided that HACKRATE shall not be responsible for any such claim to the extent arising out of or relating to any mVDP Report, the Client Materials or any data supplied by Client to HACKRATE.
9.3 The indemnity in Clause 9 is given on condition that the indemnified Party:
a) notifies the indemnifying Party promptly and in any event no later than 30 days after becoming aware of any matter or claim to which the indemnity might relate;
b) does not make any admission or settlement in respect of such matter or claim without the prior consent of the indemnifying Party (such consent not to be unreasonably withheld or delayed); and
c) allows the indemnifying Party, where appropriate, to appoint legal advisers of its choice and to conduct and/or settle negotiations and/or proceedings relating to such matter or claim and the indemnified Party shall comply with the indemnifying Party’s reasonable requests in the conduct of any such negotiations and/or proceedings.
9.4 The indemnified Party shall give prompt written notice of all claims for which indemnity is sought and shall cooperate in defending against such claims, at the expense of the indemnifying Party. The indemnifying Party shall conduct and have sole control of the defence and settlement of any claim for which it has agreed to provide indemnification; provided that the indemnified Party shall have the right to provide for its separate defence at its own expense.
10. COMPLIANCE
10.1 Each Party undertakes to the other that, in connection with HACKRATE’s provision or the Client’s use of the Services (as appropriate), it will at all times comply with all applicable legislation, regulations, and other rules having equivalent force including the Data Protection Legislation and any subordinate or associated regulations.
10.2 HACKRATE shall not be required to vary, amend and/or enhance the Services and/or the mVDP Form as a result of the provisions of Clause 10 other than where either specifically agreed with the Client or where HACKRATE, in its reasonable opinion, considers that such variation, amendment and/or enhancement is fundamental to the continued use of the mVDP Form or the Services by its Clients generally.
10.3 If as a result of any changes in any legislation, regulations, codes or other rules having equivalent force (including any reasonable interpretation thereof), HACKRATE considers in its reasonable opinion that it is no longer desirable or practicable for HACKRATE to continue to provide the Services and/or the mVDP Form at all or in accordance with this Agreement, HACKRATE shall be entitled to do one of the following on giving one months’ prior notice to the Client:
a) modify the affected Services and/or the mVDP Form as necessary to accommodate such changes; or
b) terminate the Agreement in respect of those Services and/or mVDP Form which are affected by such changes (without liability).
10.4 Neither Party shall export, directly or indirectly, any technical data acquired from the other Party under this agreement (or any products, including software, incorporating any such data) in breach of any applicable laws or regulations (Export Control Laws), including United States export laws and regulations, to any country for which the government or any agency thereof at the time of export requires an export licence or other governmental approval without first obtaining such licence or approval. Each Party undertakes:
a) contractually to oblige any Third-Party to whom it discloses or transfers any such data or products to make an undertaking to it in similar terms to the one set out above; and
b) if requested, to provide the other Party with any reasonable assistance, at the reasonable cost of the other Party, to enable it to perform any activity required by any competent government or agency in any relevant jurisdiction for the purpose of compliance with any Export Control Laws.
11. CONFIDENTIALITY
11.1 Each Party shall, in respect of the Confidential Information for which it is the recipient:
a) keep the Confidential Information strictly confidential and not disclose, directly or indirectly, any part of such Confidential Information to any person except as permitted by, or as required for the performance of the recipient’s obligations under, this Agreement or the User Terms of Use between HACKRATE and the User;
b) take all reasonable steps to prevent unauthorised access to the Confidential Information;
c) not use the Confidential Information other than for the purposes set out in this Agreement; and
d) not copy, reduce to writing or otherwise record the Confidential Information except as strictly necessary for the purposes set out in this Agreement. Any such copies, reductions to writing and records shall be the property of the disclosing Party.
11.2 Subject to Clause 11.1, the Parties may disclose the Confidential Information to, and allow its use in accordance with this Agreement by, the following:
a) employees and officers of the recipient who necessarily require it as a consequence of the performance of the recipient’s obligations under the Agreement;
b) the recipient’s auditors and professional advisors solely for the purposes of providing professional advice and any other persons or bodies having a legal right or duty to have access to, or knowledge of, the Confidential Information in connection with the business of the recipient; and
c) in the case of HACKRATE being the recipient, agents and sub-contractors of HACKRATE who necessarily require it as a consequence of the performance of HACKRATE’s obligations under this Agreement.
11.3 As a condition of the rights set out in Clause 11.2 the Party wishing to exercise the rights must:
a) ensure that any Party to whom it discloses Confidential Information is under an obligation of confidentiality in relation to such Confidential Information; and
b) procure that such persons observe the restrictions in this Clause 11.1.
11.4 The restrictions in Clause 11.1 do not apply to any information to the extent that it:
a) is or comes within the public domain other than through a breach of Clause 11.1; or
b) is in the recipient’s possession (with full right to disclose) before receiving it from the other Party; or
c) is lawfully received from a Third-Party (with full right to disclose); or
d) is independently developed by the recipient without access to or use of the Confidential Information; or
e) is required to be disclosed by law, any securities exchange, court order or by other authority of competent jurisdiction or any regulatory or government authority to which the receiving Party is subject provided that, so far as it is lawful to do so, the receiving Party shall take into account the reasonable requests of the disclosing Party in relation to the timing and content of such disclosure.
12. INTELLECTUAL PROPERTY RIGHTS
12.1 All Intellectual Property Rights relative to the mVDP Form and the Services will remain vested in HACKRATE (or its relevant licensors) and to the extent that any rights in such materials and data vest in the Client by operation of law, the Client hereby assigns (by way of present and future assignment) such rights to HACKRATE. The Client will notify HACKRATE promptly upon becoming aware of any unauthorised use of Intellectual Property Rights relative to the mVDP Form and the Services.
12.2 All Intellectual Property Rights in the data provided by the Client Materials and the Environment will remain vested in the Client (or its relevant licensors) and to the extent that any rights in such materials vest in HACKRATE by operation of law, HACKRATE hereby assigns (by way of present and future assignment) such rights to the Client.
12.3 The Client grants or procures to HACKRATE a fully paid-up, non-exclusive, royalty-free non-transferable license to copy and modify any Client Materials provided by the Client to HACKRATE for the purpose of providing the Services to the Client. Client acknowledges and agrees that it shall not acquire or claim any title to any of HACKRATE’s (or its relevant licensors’) Intellectual Property Rights by virtue of the rights granted to the Client under this Agreement or through its use of HACKRATE’s (or its relevant licensors’) Intellectual Property Rights and further agrees that it will not, at any time, do, or omit to do, anything which is likely to prejudice HACKRATE’s or its licensors’ ownership of such Intellectual Property Rights.
12.4 Client authorizes HACKRATE to aggregate and anonymize information from Findings and use of the Services (“mVDP Data”). Provided that mVDP Data does not identify individual Clients or individual Users, Client hereby agrees and authorizes HACKRATE in full extent permitted by law that HACKRATE may disclose, dispose or sell mVDP Data in an aggregated or anonymized form. To the extent permitted by applicable law, Client shall grant or procure the grant to HACKRATE a worldwide, irrevocable, perpetual, sub-licensable, transferable and royalty free licence to use, analyse, host, disclose, store, reproduce, distribute and create derivative works of mVDP Data for the purpose of advertising, marketing, operating, promoting, improving and providing the Services and the mVDP Form; as well as for the purposes of the advertising, marketing, promotion, of the mVDP Form, even if Client stops using the mVDP Form or the Services.
12.5 HACKRATE acknowledges and agrees that it shall not acquire or claim any title to any of the Client’s (or its relevant licensors’) Intellectual Property Rights by virtue of the rights granted to HACKRATE under this Agreement or through its use of the Client’s (or its relevant licensors’) Intellectual Property Rights and agrees that it will not, at any time, do, or omit to do, anything which is likely to prejudice the Client’s or its licensors’ ownership of such Intellectual Property Rights.
13. LIMITS ON LIABILITY
13.1 HACKRATE’s liability to the Client in respect of any claims for the damage to or loss of tangible property (excluding claims for loss or corruption of, or damage to, data contained on any tangible media) shall be limited to the amount equivalent to fees paid and/or payable in respect of the 6 months specified in the Order Form.
13.2 Subject to Clauses 13.1, 13.4, 13.5, 13.6, 13.7 and 13.8, HACKRATE’s liability to the Client per claim or series of claims arising from any one incident in respect of any claims arising (whether in contract, negligence, for breach of statutory duty or under any indemnity or otherwise) arising out of or in connection with this Agreement shall be limited to an amount equivalent to fees paid and/or payable in respect of the 6 months immediately prior to the date of the relevant incident.
13.3 The Client shall:
a) notify HACKRATE in writing as soon as possible after becoming aware of any matter giving rise to or, in the Client's reasonable opinion, is likely to give rise to liability under Clause 13.2, allowing HACKRATE to assess and, if applicable, mitigate the circumstances giving rise to any such liability; and
b) use reasonable endeavours to mitigate any circumstances under its control giving rise to any potential liability under Clause 13.2.
13.4 The limitations in Clause 13.2 shall not apply to the indemnity under Clause 9.2 given by HACKRATE in respect of Third-Party claims made against the Client for infringement of Intellectual Property Rights.
13.5 Neither Party shall be liable (including under any indemnity given in this Agreement) for and to the extent that any proceedings, actions, claims or demands arise as a result of the failure of any product or services supplied by a Third-Party directly to the Party making the claim.
13.6 HACKRATE shall not be liable (including under any indemnity given in this Agreement) for and to the extent that any proceedings, actions, claims or demands arise as a result of:
a) any modification, variation or amendment of the mVDP Form or any part of them other than in accordance with this Agreement or as directed by HACKRATE; or
b) use of the mVDP Form and the Services or any part of them in combination with any unapproved software, equipment or materials.
13.7 Subject to Clause 13.8, HACKRATE shall not be liable (whether in contract, negligence, for breach of statutory duty or under any indemnity or otherwise) for:
a) any indirect or consequential loss;
b) the following types of financial loss of the Client: loss of profits; loss of earnings; loss of business or goodwill; business interruption; regardless of whether direct or indirect and even if HACKRATE had notice of the possibility of the Client incurring such losses; or
c) the following types of anticipated or incidental losses of the Client: loss of anticipated savings; increase in bad debt; loss of sales or revenue; failure to reduce bad debt; reduction in the value of an asset; regardless of whether direct or indirect and even if HACKRATE had notice of the possibility of the Client incurring such losses.
13.8 Nothing in this Agreement shall limit or exclude HACKRATE's liability to the Client for:
a) for personal injury or death resulting from HACKRATE’s negligence or that of its employees, agents and/or sub-contractors;
b) for any matter which it would be illegal for HACKRATE to exclude and/or limit, or attempt to exclude and/or limit, its liability; or
c) for HACKRATE’s fraud or fraudulent misrepresentation.
14. PAYMENTS AND INVOICING
14.1 In consideration for the provision of the mVDP Form and the Services by HACKRATE to the Client, the Client shall pay in advance the Subscription Fees prior to the commencement of the related subscription period defined in the Order Form and any applicable Subscription Fees as set out in the Order Form.
14.2 Parties agree that the subscription period defined by the Parties in the Order Form shall commence upon the provision of the Services by HACKRATE to the Client. The subscription period shall renew automatically on the subscription’s expiry date and for the duration as defined in the Order Form. Subscription Fees are not refundable, except at the discretion of HACKRATE.
14.3 In the event of the termination of this Agreement, the Client acknowledges and agrees to waive any claims regarding paid Subscription Fees.
14.4 All sums referred to in this Agreement are exclusive of VAT or any other similar sales or turnover tax (if applicable); such taxes shall be payable by the Client to HACKRATE on the same payment terms as apply to the sums to which the taxes relate.
15. TERMINATION
15.1 Either Party shall be entitled to terminate this Agreement immediately by serving written notice on the other Party in the following circumstances:
a) if the other Party commits a material breach of any of its obligations under this Agreement which is not capable of remedy; or
b) if the other Party commits a material breach of any of its obligations under this Agreement which is not remedied within 30 days after receipt of a notice from the Party not in breach specifying the breach, requiring its remedy and making clear that failure to remedy may result in termination.
15.2 Termination of this Agreement (or of any element of it) shall not affect any rights, obligations or liabilities of either Party:
a) which have accrued before termination; or
b) which are intended to continue to have effect beyond termination.
16. DATA PROTECTION
16.1 Parties agree that Clause 16 shall govern the data protection related roles and responsibilities of the Parties regarding the provision and use of the Services. The Parties have established that (i) they determine jointly the scope of activities and personal data (e.g., the User’s email address if applicable and any other personal data disclosed and/or uploaded by the User) in connection with the provision and use of the Services; and (ii) the Parties jointly determine the means (e.g., the mVDP Form) of the processing in respect of the provision and use of the Services; and (iii) the Parties share a pool of personal data that they process independently of each other.
16.2 Each Party shall be responsible for any and all processing performed by the Party and any and all processing performed prior to the personal data being transferred to the other Party’s systems as part of the provision of the Services. Further, each Party shall be responsible for any and all processing of personal data performed by the Parties, where the Parties independently determines the purposes and means of the processing.
16.3 The Parties acknowledge and agree that they are each responsible for being able to document compliance with the applicable Data Protection Legislation and this Terms towards the relevant data protection authorities. The Parties acknowledge and agree that they are each responsible for ensuring a legal basis which complies with applicable Data Protection Legislation for processing of Personal Data performed by the Party itself.
16.4 The Parties acknowledge and agree that they are each responsible for processing Personal Data in accordance with the principles for processing Personal Data set out in the applicable Data Protection Legislation, insofar as the applicable Data Protection Legislation applies to the Party’s areas of responsibility in connection with the provision and use of the Services.
16.5 Parties agree that HACKRATE shall provide information to data subjects about the processing of personal data relative to the use of the mVDP Form and the User participating in the mVDP Program.
16.6 The Parties acknowledge and agree that they are each responsible for having in place procedures for how to handle personal data breaches, data subject rights, including access requests and information duty. Parties agree that HACKRATE shall manage and handle data subject requests relative to the use of the mVDP Form and the User participating in the mVDP Program.
16.7 Each Party shall ensure that its employees or other persons authorized to process personal data under this Terms have committed themselves to the obligation of confidentiality or are under an appropriate statutory obligation of confidentiality. Each Party must also limit the access to personal data to its employees or other persons for whom access to the personal data is necessary to fulfil the Party’s obligations to the other Party as part of the provision of the Services.
16.8 The Parties agree that the competent lead data protection authority for the jointly controlled data and joint data processing activities set out in this Terms shall be the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság - Hungary, H-1055 Budapest, Falk Miksa utca 9-11., phone: +36-1-391-1400, fax: +36-1-391-1410, e-mail: ü[email protected]).
16.9 To the extent that any other processing carried out by the Parties amounts to one Party acting as a processor on behalf of the other, the Parties agree to enter into such further agreements as are necessary to give effect to the requirements of applicable Data Protection Legislation regarding the processing of personal data by a processor.
17. VARIATIONS
17.1 Variations of this Agreement shall not be effective unless recorded in writing signed by the Parties’ authorised signatories; variations in electronic form shall not count as variations recorded in writing.
18. FORCE MAJEURE
18.1 Neither Party will be liable for any delay or failure in the performance of its obligations under this Agreement if such delay or failure is due to an event of Force Majeure.
18.2 If Force Majeure occurs, the delaying Party shall be entitled to an extension of time for so long as the Force Majeure persists on condition that:
a) it promptly notifies the other Party (“unaffected Party”) of the occurrence of the Force Majeure;
b) it discusses with the unaffected Party possible action to be taken to overcome the effect of the Force Majeure; and
c) it uses all reasonable endeavours to overcome the Force Majeure.
18.3 If the Force Majeure persists for a period of 30 days or more, the Party not claiming Force Majeure may give notice to the other to terminate this Agreement with effect from a date specified in the notice without penalty or other liability (except for any liability on the Client to pay accrued fees).
19. ASSIGNMENT
19.1 Subject to Clause 19.2, neither Party may assign, transfer, charge or deal in any other manner with this Agreement or any of its rights under it, or purport to do any of these things, or sub-contract any or all of its obligations under this Agreement without the prior written consent of the other Party (such consent not to be unreasonably withheld or delayed).
19.2 HACKRATE shall be entitled to sub-contract any or all of its obligations under this Agreement to a sub-contractor, without obtaining prior consent, but by doing so HACKRATE shall be responsible for the acts and omissions of the sub-contractor to the same extent as if it had carried out the obligations itself pursuant to this Agreement.
20. WAIVER
20.1 If either Party fails to exercise a right or remedy that it has or which arises in relation to an incident in connection with this Agreement either immediately or at all, such failure shall not prevent that Party from exercising that right or remedy subsequently in respect of that or any other incident.
20.2 A waiver of any breach or provision of this Agreement shall only be effective if it is made in writing and signed by the authorised signatory of the Party who is waiving the breach or provision. Any waiver of a breach of any term of this Agreement shall not be deemed a waiver of any subsequent breach and shall not affect the enforceability of any other term of this Agreement.
21. SEVERANCE
21.1 If any part of this Agreement is found to be invalid, unlawful or unenforceable by any court or other competent body, such invalidity or unenforceability shall not affect the validity, lawfulness or enforceability of any other provisions of this Agreement and such other provisions shall remain in full force and effect.
21.2 If any part of this Agreement is found to be invalid or unenforceable by any court or other competent body but would be valid or enforceable if some part of the provision were deleted, the provision in question shall be treated as having been amended as necessary to make it valid and enforceable.
21.3 In the circumstances referred to in Clause 21.1 and if Clause 21.2 does not apply, the Parties agree to attempt to substitute for any invalid or unenforceable provision a valid and enforceable provision which achieves to the greatest extent possible the same effect as would have been achieved by the invalid or unenforceable provision.
22. NO PARTNERSHIP
22.1 Nothing in this Agreement is intended to, or shall, operate to:
a) create a partnership or joint venture of any kind between the Client and HACKRATE;
b) authorise either Party to act as agent for the other Party; or
c) authorise either Party to act in the name or on behalf of, or otherwise to bind, the other Party in any way.
23. NOTICES
23.1 Any notices to be sent by one Party to the other in connection with this Agreement except for the service of court proceedings shall be in writing and shall be delivered personally or sent by special delivery post (or equivalent service offered by the postal service from time to time) or by e-mail to the addresses of each Party as notified from time to time.
23.2 Notices shall be deemed to have been duly given as follows:
a) if delivered personally, upon delivery;
b) if sent by post, two clear days after the date of posting; or
c) if sent by email, only upon acknowledgment of the email by the recipient (not including out of office messages) provided that if such acknowledgment has not been received by the sender within 2 working days, the notice shall be deemed invalid.
23.3 If either Party notifies the other Party of a change to its details for the purposes of Clause 24.1, such notification shall only be effective on the date specified in such notice or seven days after notice is given, whichever is later.
24. LAW, JURISDICTION AND LANGUAGE
24.1 This Agreement and all matters arising out of it shall be governed by, and construed in accordance with, the laws of Hungary.
24.2 Each Party irrevocably agrees that that all disputes arising from or in connection with this Agreement, its breach, termination, validity or interpretation, shall be exclusively decided by the Court of Arbitration attached to the Hungarian Chamber of Commerce and Industry, Budapest in accordance with its own Rules of Proceedings. The number of arbitrators shall be three. The language to be used in the arbitral proceedings shall be English. The foregoing shall not preclude HACKRATE from filing court action or seeking any injunctive relief or protective measures in any competent court for the protection of its Intellectual Property Rights under the general rules or to file a lawsuit or take action before the courts located at Client’s place of establishment or at any jurisdiction for the place of a tort.
The Agreement is made in the Hungarian language and in the English language. In case of any conflicts between the Hungarian language and the English language versions, then the terms of the English language version shall prevail.
Hackrate
Our platform helps companies to identify software vulnerabilities in a cost-efficient way. It provides a secure and centralized view of ethical hacking projects for your company.
US Patent Applied for HackGATE #63/645,845
Products
From the Blog
-
Why choose managed Vulnerability Disclosure Programs (mVDP)?
Aug 30 • 10 min read
-
Pentesting AI Applications with Hackrate and SplxAI
Aug 12 • 4 min read ★
-
Navigating the NIS 2 directive - Key takeaways
Aug 06 • 6 min read