Instart Logic Third Party Offering Terms and Conditions:
Verisign DDoS Protection Services
Last Updated April 20, 2016
THIS INSTART LOGIC THIRD PARTY OFFERING TERMS AND CONDITIONS (THE “VERISIGN TPO AGREEMENT”, OR “VTA”) IS A LEGAL AGREEMENT BETWEEN INSTART LOGIC, INC. (“RESELLER”) AND YOU OR THE LEGAL ENTITY (OR RELATED GROUP OF ENTITIES) THAT YOU REPRESENT (“YOU”, “YOUR” OR “CUSTOMER”), AND SETS FORTH THE TERMS AND CONDITIONS WITH RESPECT TO THE VERISIGN DDOS PROTECTION SERVICES YOU MAY HAVE PURCHASED THROUGH RESELLER (THE “VERISIGN SERVICE”). YOUR USE OF THE VERISIGN SERVICE, OR ACCEPTANCE OF AN INSTART SERVICE ORDER DOCUMENT (THE “SERVICE ORDER”) IS YOUR ACCEPTANCE OF THE TERMS AND CONDITIONS IN THIS VTA, AND YOU HEREBY REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND THE ENTITY YOU REPRESENT TO SUCH TERMS AND CONDITIONS. THE TERM OF THIS VTA SHALL COMMENCE ON THE DATE SET FORTH IN THE SERVICE ORDER (THE “EFFECTIVE DATE”), AND SHALL CONTINUE AS INDICATED IN THE SERVICE ORDER. YOU ACKNOLWEGDEE THAT CERTAIN TERMS HEREIN ARE REQUIRED BY VERISIGN, AND YOU MAY NOT USE THE VERISIGN SERVICE UNLESS YOU AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS VTA. CAPITALIZED TERMS NOT DEFINED IN THIS VTA SHALL HAVE THE MEANING ASCRIBED TO THEM IN THE INSTARTLOGIC TERMS OF SERVICE. Reseller and Customer may also be referred to individually as a “Party” or collectively as the “Parties” herein.
1. Definitions. Unless otherwise defined, capitalized terms shall have the meanings ascribed to them in this Section 1.
1.1 “Alert” means data that may indicate a potential DDoS Event based on Customer’s Internet Traffic deviating from Customer’s profile and that deviation exceeds pre-defined thresholds.
1.2 Intentionally omitted.
1.3 “BGP” or “Border Gateway Protocol” means a routing protocol that can be used by Customer to redirect Customer’s Internet Traffic to the Verisign DDoS Protection Service.
1.4 “Confidential Information” means material, data, systems and other information concerning the operation, business, projections, market goals, financial affairs, products, services, customers and Intellectual Property Rights of the other Party that may not be accessible or known to the general public. Confidential Information shall include, but shall not be limited to, the terms of the VTA, and any information which concerns technical details of operation of any of Verisign’s Services provided hereunder.
1.5 “Customer” means the Reseller’s customer.
1.6 “Customer Portal” shall mean a web-based portal where Customer may view its Internet Traffic, reports, Alerts and account information.
1.7 Intentionally omitted.
1.8 “DDoS Event” means an attempt from external sources to make Customer’s Internet-based services unavailable to its intended users as measured and determined by Verisign.
1.9 “Emergency Maintenance” means downtime outside of Regularly Scheduled Maintenance due to the application of urgent patches or fixes or other urgent maintenance.
1.10 “Filtered DDoS Event” occurs when Customer’s Internet Traffic has been redirected to the Verisign DDoS Protection Site and continues until the earlier of (a) the time in which Customer is returned to normal operations (i.e., Customer’s Internet Traffic is no longer being redirected to the Verisign DDoS Protection site); or (b) expiration of forty eight (48) hours regardless of the number of DDoS Events the Customer experiences during this timeframe. If the Filtered DDoS Event continues beyond forty eight (48) hours, it will be considered a new Filtered DDoS Event.
1.11 Intentionally omitted.
1.12 “Government Fees” mean all government permit fees, customs fees and similar fees that Verisign or Reseller may incur with respect to this VTA.
1.12 “GRE Tunnel” shall mean a tunneling protocol used to encapsulate point-to-point links between Verisign DDoS Protection site(s) and Customer’s Mitigation Router that may be used to return Customer’s Internet Traffic.
1.13 “Hacking” means (a) illegally accessing or accessing without authorization computers, accounts, information or communication devices or resources or networks of a third party (including Verisign); (b) circumventing or penetrating, or attempting to circumvent or penetrate, the security measures of a third party, or (c) engaging in any activity that might be used as a precursor to an attempted system penetration.
1.14 “Infrastructure Limitations” means that Customer’s DDoS Event (a) cannot be mitigated by the Verisign DDoS Protection Service; or (b) may impact the operational stability of Verisign or other Verisign customers.
1.15 “Intellectual Property Rights” mean any and all now known or hereafter existing rights associated with United States and foreign copyrights (including, without limitation, the right to use, reproduce, modify, distribute, publicly display and publicly perform the copyrighted work), database rights, trademarks (including, without limitation, trade dress, trade names, service marks, corporate names and logos), inventions, patents (including, without limitation, the right to make, use, offer for sale and sell), patent applications, software, firmware, know-how, trade secrets, moral rights and all rights or forms of protection of proprietary rights of every kind and of a similar nature, or having similar effect to any of them, which may exist throughout the world however designated, whether or not any of them is registered, and including applications for registration for any of the foregoing.
1.16 “Internet Traffic” is includes, but is not limited to, all Web, VPN, electronic mail, file transfer or other data that traverses through a packet network.
1.17 “Laws” means any law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding restriction.
1.18 “Mitigation Routers” means the number of routers where Verisign will return Customer’s Internet Traffic as described in Section 2.3 using, in the case of a BGP swing, GRE Tunnels and, in the case of a DNS-based redirect, VIPs.
1.19 “Normal Conditions” means Customer is not experiencing a DDoS Event.
1.20 Intentionally omitted.
1.21 “Regularly Scheduled Maintenance” means any maintenance performed during the maintenance window; provided, however, such maintenance shall not be (i) more than one (1) time per month during the Term and (ii) more than four (4) consecutive hours per occurrence.
1.24 “Service Activation Date” means the earlier of (a) the date on which Verisign sends an email to Customer in accordance with the Contact Information section in the Customer Provisioning Document that the first router has been provisioned as determined by Verisign; (b) the date on which the first Filtered DDoS Event occurred; or (c) thirty (30) days from the Order Effective Date.
1.25 “Software Piracy” means installing or distributing pirated software that is not appropriately licensed for use.
1.26 “Taxes” means taxes, duties, fees and other governmental charges of any kind (including business, sales, services, use and value-added taxes and any applicable penalties, interest and other additions thereto, but excluding taxes based on the net income of Reseller which are imposed by or under the authority of any government or any political subdivision thereof on the fees for any of the Verisign DDoS Protection Service or associated documentation resold to Customer hereunder.
1.28 “Third Party Environment” means an environment owned or operated by a third party which hosts Customer’s Applications (e.g., public cloud vendors) that uses the Verisign API, directly or indirectly, to send Alerts to the Verisign DDoS Protection Service.
1.29 “Verisign DDoS Protection Sites” means the mitigation sites whereby Verisign mitigates Filtered DDoS Events.
1.30 “VIP” shall mean a virtual IP address that Verisign DDoS Protection Service designates to Customer for the redirection of Customer’s Internet Traffic.
2. Service Description. Subject to the terms and conditions of this VTA, Verisign will provide Customer with the following components via a shared platform (all of which are collectively referred to as the “Verisign DDoS Protection Service”):
2.1 Customer Set-up. Verisign will commence Customer set-up upon acceptance of the VTA between Reseller and Customer. Customer agrees and acknowledges that Verisign may, in its reasonable discretion, reject or refuse to execute any service order form presented to Verisign for any reason, in which case Reseller shall not be obligated to provide the Verisign DDoS Protection Service to Customer.
(a) Customer Portal. Verisign will set up an account for Customer in the Customer Portal and will provide Customer with a username and password to access the Customer Portal. Verisign will provide Customer with one (1) basic training session on the Customer Portal.
(b) Provisioning Information. Upon initial log-in into the Customer Portal, Customer shall provide the provisioning information as prompted by the Customer Portal. Verisign may, in its discretion, request Customer to provide the provisioning information in a form provided by Verisign.
(c) Configuration Files. (i) After submission of the provisioning information, Verisign will review the information and, if necessary, provide router configuration files to Customer. Customer must implement such configuration file(s) on Customer’s Mitigation Routers (if applicable) and/or Monitored Routers (if applicable).
(d) Operational Test. Once Verisign determines that Customer has implemented the router configuration file(s), Verisign and Customer will schedule a time and date to conduct an operational test of the Verisign DDoS Protection Service as part of the Customer Set-up process.
2.2 Customer hereby acknowledges and agrees that Customer is responsible for all monitoring and that Reseller will not provide any monitoring services to Customer and have no liability for failure to monitor and/or detect a potential DDoS Event. Customer further acknowledges and understands that Customer must notify Reseller if Customer is experiencing or believes it is experiencing a DDoS Event.
2.3 Mitigation. Upon request by Reseller, Verisign will work with Reseller to mitigate the DDoS Event by providing a recommended course of action. In the event that redirecting the Customer’s Internet Traffic is the recommended course of action by Verisign and Reseller approves, the following steps will apply:
(a) On-ramping Traffic. Customer’s Internet Traffic destined for Customer’s Internet-based service must be redirected to the Verisign DDoS Protection Sites before reaching Customer’s network through a DNS-based swing.
(b) Filtering. Verisign will apply layered filters to the Internet Traffic redirected to the Verisign DDoS Protection Sites which progressively block traffic aimed at disrupting or disabling Customer’s Internet-based services. Customer acknowledges and agrees that Verisign will only filter the amount of Customer’s Internet Traffic that is necessary to make Customer’s Internet-based services available to its end user customers.
(c) Off-ramping Traffic. After the filtering process described above is performed, Customer’s Internet Traffic is redirected from the Verisign DDoS Protection Sites back to Customer’s network.
(d) Normal Operations. When Verisign has determined that the DDoS Event has abated, Verisign will coordinate with Customer in order to return Customer to its normal operations. In the event that Customer does not discontinue redirecting its Internet Traffic to the Verisign DDoS Protection Sites within twelve (12) hours of Verisign’s determination that the DDoS Event has abated, Reseller will invoice Customer, and Customer shall pay Reseller, the Post-Event Overage Fee for each day (or any portion thereof) not to be pro-rated after the expiration of such twelve (12) hours until Customer’s Internet Traffic is no longer redirected to the Verisign DDoS Protection Sites.
Notwithstanding anything in this Customer Agreement to the contrary, Customer may choose to discontinue redirecting its Internet Traffic to the Verisign DDoS Protection sites at any time during a Filtered DDoS Event in accordance with the Escalation Plan. In such cases, Verisign will have no liability and Customer will be solely responsible for mitigating the Filtered DDoS Event once the filtering process is turned off and Customer’s Internet Traffic is no longer being redirected to the Verisign DDoS Protection sites; provided, however, Customer shall be responsible for all fees incurred while Customer’s Internet Traffic was directed to the Verisign DDoS Protection sites and/or the Filtered DDoS Event was being managed by Verisign.
2.4 Customer Support. Reseller will provide (a) telephone and e-mail support to Customer; (b) questions related to the billing for the Verisign DDoS Protection Service; (c) notifications to Customer (email being sufficient) (i) at least thirty six (36) hours in advance of any Regularly Scheduled Maintenance; (ii) use reasonable efforts to notify Customer (email being sufficient) as soon as it is possible in the event of an Emergency Maintenance. Verisign will provide Customer with (a) assistance with configuration file(s); and (b) questions/troubleshooting related to the Verisign DDoS Protection Service.
2.5 Modification or Discontinuation of Services. Customer acknowledges and agrees that Reseller may, in its sole discretion and at any time but only following a consistent change by Verisign, modify or discontinue any, all, or a part of the Verisign DDoS Protection Service or otherwise amend any other provision of the terms applicable to the Verisign DDoS Protection Service (a) upon ninety (90) days prior written notice (which may be via email) to Customer; (b) immediately upon written notice (which may be via email) to Customer if necessary to comply with any applicable Law (each of subparagraphs (a) and (b) shall hereafter be referred to as the “Service Modification Effective Date”). In addition, Reseller shall have the right to amend the Verisign DDoS Protection Service, pricing, or Service Order consistent with any amendments made to the terms and conditions as necessary, in Reseller’s judgment, to comply with requests by Verisign. As of the applicable Service Modification Effective Date (i) any amended exhibits shall be deemed to replace all prior versions. Notwithstanding the foregoing, such amended exhibits shall not affect the Verisign DDoS Protection Service provided by Reseller under this VTA executed by the parties thereto prior to the applicable Service Modification Effective Date until expiration of the initial term or then current renewal term, as applicable, unless otherwise required to comply with any applicable law, rule, or regulation, or any court or governmental order. Upon any extension of this VTA for a renewal term (auto-renewal or otherwise), Customer shall agree to the then current VTA for the Verisign DDoS Protection Service, to the extent that such VTA is inconsistent with those terms and conditions included in the preexisting VTA.
3. Clean Traffic Validation.
3.1 As a part of Customer Set-up and upon request from Verisign (which may be in the form of an email), Customer will redirect its Internet Traffic to the Verisign DDoS Protection Service site(s) during Normal Conditions for a continuous twenty-four (24) hour period. During this twenty four hour (24) period, Verisign will determine Customer’s 95th Percentile Data Point to validate that the appropriate Clean Traffic Tier was selected for Customer.
3.2 If the 95th Percentile Data Point of a Filtered DDoS Event exceeds the Clean Traffic Tier, then upon request from Verisign (which may be via email), Customer will redirect its Internet Traffic to the Verisign DDoS Protection Service site(s) for up to seven (7) days during Normal Conditions. During this seven (7) day period, Verisign will determine the 95th Percentile Data Point to validate that the appropriate Clean Traffic Tier was selected for Customer.
Except as otherwise provided for in the VTA, Verisign will only use such data in order to perform the Verisign DDoS Protection Service.
4. Conditions and Limitations.
4.1 If Verisign determines, in its sole discretion, using commercially reasonable standards that an Infrastructure Limitation(s) has occurred or is occurring, Verisign may immediately choose (a) not to accept all or a part of Customer’s Internet Traffic; or (b) drop all or a part of Customer’s Internet Traffic from the Verisign DDoS Protection Service sites. In the event Verisign exercises its rights due to Infrastructure Limitations, Verisign may suspend the performance of all its obligations under this Order Form and, during such suspension, the Verisign DDoS Protection Services (or any part thereof) will be unavailable to Customer. Once Verisign determines, in its sole discretion, that the Infrastructure Limitation has abated, then Verisign will begin performing all of its obligations under this Order Form and the Verisign DDoS Protection Services will be available to Customer.
4.2 Customer acknowledges and agrees that Verisign (a) will use the Alerts and provisioning information for the purposes of providing the Verisign DDoS Protection Service; (b) may publish aggregate data; provided, however, that such publications will not identify Customer; (c) may be required to disclose information or data about DDoS Events to law enforcement officials and/or National Computer Response Teams (“CERTs”), and that Verisign will not be liable for such required disclosure. If such information or data about a DDoS Event relates to Customer, Verisign will (i) to the extent permitted by law provide Customer with notice of such required disclosure; and (ii) reasonably cooperate with Customer’s efforts to secure a protective order or other legal remedy to prevent the disclosure.
4.3 Customer acknowledges and permits Verisign and Reseller to share one with the other, any and all relevant information including, but not limited to, Confidential Information of Customer relating to the Services provided herein.
4.4 Customer hereby acknowledges and agrees that the Verisign DDoS Protection Service is subject to certain technical limitations and is designed to defend against known forms of DDoS Events, and that Customer has had the opportunity to discuss these limitations with Reseller and/or Verisign. As a result, the Verisign DDoS Protection Service may not detect and mitigate all DDoS Event(s) and, although Verisign has and will use commercially reasonable efforts to operate the Verisign DDoS Protection Service in order to detect and mitigate both known and unknown DDoS Event(s), Verisign cannot guarantee that all DDoS Events will be detected and mitigated. In addition, the Verisign DDoS Protection Service is not designed to address failures by upstream providers to transmit Internet Traffic.
5. Payment of Fees and Taxes.
5.1 Suspension of Services for Nonpayment. Notwithstanding anything in the VTA to the contrary, Customer acknowledges and agrees that (i) Reseller pays Verisign fees with respect to the Verisign DDoS Protection Services only after Customer has paid the corresponding fees to Reseller; (ii) Verisign may suspend performance of and/or access to any or all of the Verisign DDoS Protection Service, discontinue the provision of any or all of the Verisign DDoS Protection Service, or terminate a Reseller Service Order Form in its entirety for non-payment or repeated late payment of the fees upon providing twenty four (24) hours prior written notice (which may be via email) of its intent to do so; (iii) Reseller may direct Verisign to suspend performance of and/or access to the Verisign DDoS Protection Service, or terminate this VTA for non-payment or repeated late payment of the fees or failure to submit a purchase order; (iv) Customer shall be liable for any reasonable attorneys’ fees or collection agency fees incurred by Reseller in connection with Customer’s non-payment of any fees hereunder. In addition to any other remedies Verisign or Reseller may have under this VTA, a Instart Service Order Form, or a Service Order, Customer will be responsible and reimburse and indemnify Reseller for any and all costs, expenses and fees associated with efforts to collect unpaid amounts including, but not limited to, third party collection agency fees and reasonable attorneys’ fees. Verisign and Reseller shall have no liability in the event Verisign or Reseller suspends performance of and/or access to the Verisign DDoS Protection Service or terminates a Instart Service Order Form or Service Order for non-payment or repeated late payment of the fees as described above.
5.2 Costs, Expenses, Taxes. Except as expressly provided herein or agreed to in writing by Reseller, each Party shall pay all costs and expenses incurred in the performance of its obligations under this VTA. All payments to Reseller shall be in United States Dollars and Customer shall pay, indemnify and hold Reseller and Verisign harmless from (a) Taxes; and (b) Government Fees. The fees stated are exclusive of any applicable Taxes and Government Fees. All Taxes and Government Fees shall be borne by Customer and shall not be considered a part of, a deduction from, or an offset against such fees. All payments due to Reseller shall be made without any deduction nor withholding on account of any Taxes or Government Fees except as required by applicable law, in which case the sum payable by Customer from which such deduction or withholding is to be made shall be increased to the extent necessary to ensure that, after making such deduction or withholding, Reseller receives and retains (free from any liability) a net sum equal to the sum it would have received but for such deduction or withholding being required. Customer shall provide Reseller with an applicable exemption certificate, direct pay permit, or other exempt entity documentation, prior to billing of Verisign DDoS Protection Service. If a validly executed certificate is not provided to Reseller in fulfillment of such requirement prior to billing of the Verisign DDoS Protection Service, then Customer will be responsible for penalties or interest resulting from such failure. Customer shall be responsible for any sales and use taxes due to a taxing jurisdiction on applicable products and services billed where Reseller is not required by law to collect sales and use taxes.
5.3 Fees. Customer acknowledges and agrees that the fees with respect to the Verisign DDoS Protection Service change from time-to-time without notice, and the fees with respect to any renewal period or new order will be the then-current fees applicable on the date of such renewal or new order.
6. Customer Obligations. As a condition to Reseller reselling and Verisign providing the Verisign DDoS Protection Service to Customer, Customer acknowledges and agrees that Customer is solely responsible for and obligated as follows:
(a) Intentionally omitted.
(b) Customer will (i) determine the minimum thresholds for Customer’s Internet Traffic at each OpenHybrid Source that will result in an Alert being sent to the Verisign DDoS Protection Service; and (ii) adjust the minimum threshold for Customer’s Internet Traffic at each OpenHybrid Source that will result in an OpenHybrid Alert being sent to the Verisign DDoS Protection Service.
6.2 Customer shall (a) upon request make changes or direct its hosting and/or service providers to make changes to existing network equipment and/or infrastructure in order to enable Verisign to provide the Verisign DDoS Protection Service; (b) be responsible for obtaining all necessary authorizations and permissions to effect such changes (including, but not limited to, any fees imposed by Third Party Environments to send Alerts to Verisign) and also be responsible for all fees or charges involved in getting Customer’s Internet Traffic to the Verisign DDoS Protection Sites including, but not limited to, switch and transport charges, if any, for Off-ramping and On-ramping Internet Traffic as contemplated in Section 2.3 above; (c) provide Verisign with points-of-contact to assist Verisign with Customer Set-up and deployment of, as well as on-going support for, the Verisign DDoS Protection Service, which points-of-contact will be available and will respond to Verisign in accordance with the Escalation Plan; (d) take all reasonable steps to protect against unauthorized access to, use, and disclosure of its username and password provided by Verisign in order for Customer to access the Customer Portal.
6.3 Within two (2) business days of a request by Reseller, Customer shall provide Reseller with a completed and executed LOA. Customer acknowledges and agrees that the (a) LOA must be on Customer’s company letterhead; (b) Customer’s company information contained in the LOA must be the same as the company information provided to ARIN or Customer’s Internet Service Provider with respect to the specified IP pre-fixes or CIDR Block specified in the LOA; and (c) Customer must provide an updated LOA to Reseller in the event that any of the information provided in the original LOA changes and/or Customer wants to add or remove IP pre-fixes and/or CIDR Blocks.
6.4 Customer represents and warrants that (a) it has obtained any necessary consents and permissions to provide Customer and/or third party information (including personal data) to Verisign and/or Reseller; (b) the use of the Verisign DDoS Protection Service is for its own internal use, not for resale by Customer; (c) it is not engaged and will not engage in any illegal activities and that it will comply with all applicable rules, regulations, and laws; and (d) all provisioning information submitted by Customer (whether via the Customer Portal or in a form provided by Verisign) is accurate, reliable and complete, and that Customer will update the provisioning information as needed on a timely basis. Customer hereby acknowledges and agrees that file(s) on Customer’s Mitigation Routers (if applicable) and/or Monitored Routers (if applicable) depend upon submission of accurate provisioning information.
6.5 Customer’s Indemnification Obligations. Customer shall indemnify, defend and hold harmless Reseller and its officers, directors, agents, employees, contractors, suppliers, successors and assigns (each a “Reseller Party” and collectively, the “Reseller Parties”) from and against any and all third party claims, damages, losses, liabilities, suits, actions, demands, proceedings (whether legal or administrative), judgments, and costs and expenses (including reasonable attorneys’ fees and expenses) incurred by any Reseller Party arising out of, or directly or indirectly relating to (a) the gross negligence or willful misconduct of Customer, its officers, directors, employees, agents, contractors, successors or assigns (each a “Customer Party” and collectively, the “Customer Parties”) in the performance of this VTA; and (b) any Customer Party’s breach of this VTA; (c) Verisign’s or Reseller’s discontinuance or suspension of performance of and/or access to any Verisign DDoS Protection Service or termination of a Instart Service Order Form or Service Order for (i) non-payment or repeated late payment of the fees by Customer; or (ii) Customer’s breach or alleged breach of the VTA; (d) Customer’s breach or alleged breach of the VTA; (e) any Customer Party’s knowing failure to comply with the AUP; (f) action taken, or in action, by either Reseller or Verisign in connection with the Acceptable Use Policy; and (g) use or failure of Customer’s services.
6.6 Indemnification Process. The indemnified party shall promptly notify the indemnitor of any claim for indemnity by providing written notice. The indemnitor shall have the right to solely control and bear full responsibility for the defense of such claim (including any settlements); provided however, that: (i) the indemnitor shall keep the indemnitee informed of, and consult with the indemnitee in connection with the progress of such litigation or settlement; (ii) the indemnitor shall not have any right, without the indemnitee’s written consent, which consent shall not be unreasonably withheld, to settle any such claim if such settlement arises from or is part of any criminal action, suit or proceeding or contains a stipulation to or admission or acknowledgment of, any liability or wrongdoing (whether in contract, tort or otherwise) on the part of the indemnitee, or requires any specific performance or non-pecuniary remedy by the indemnitee; and (iii) the indemnitee shall have the right to participate in the defense of a claim with counsel of its choice at its own expense.
7. License. During the Term and on behalf of Verisign, Reseller grants to Customer, and Customer accepts, a limited, non-exclusive, non-transferable, non-sublicensable license to use and access the Customer Portal solely for purposes of using and accessing the Verisign DDoS Protection Service (including the Verisign API) and viewing and managing Customer’s account and the data there in and solely in accordance with any applicable instructions or documentation provided by Reseller.
8. Restrictions. Customer shall not (a) modify, disassemble, decompile, reverse engineer, create derivative works of, or make any other attempt to discover or obtain the source code for any of the software or systems which deliver the Verisign DDoS Protection Service; (b) combine any software provided by Verisign in connection with the Verisign DDoS Protection Service with any code or software licensed under the GNU General Public License (“GPL”) or any other open source license, in any manner that could cause, or could be interpreted to cause, such software (or any modifications thereto) to become subject to the terms of the GPL or such other open source license; or (c) use the Verisign API in a manner that constitutes excessive or abusive usage, or otherwise fails to comply or is inconsistent with any part of this Agreement. Customer acknowledges and agrees that Verisign retains all Intellectual Property Rights, title to and interest in all other information, data, content, software, ideas, concepts, techniques, processes, configurations or other intellectual property embodied in or practiced in connection with the Verisign DDoS Protection Service (including the Customer Portal and Verisign API). All such intellectual property of Verisign is deemed Confidential Information.
9. Customer License Grant. During the Term, Customer grants to Reseller a limited, non-exclusive, non-transferable, non-sublicensable license (except as set forth herein) to (a) use the Customer’s Internet Traffic and provisioning information for the purposes of providing the Verisign DDoS Protection Service; and (b) provide the license to Verisign as set forth in Reseller Service Order Form.
10. Term; Termination.
10.1 The term of this VTA shall commence upon the Effective Date and unless terminated pursuant to the terms herein, will continue for the number of months set forth in the Service Order (the “Initial Term”).
10.2 Renewals and Termination for Convenience. Upon expiration of the Initial Term, this VTA will automatically continue for additional periods set forth in the Service Order (each, a “Renewal Term” and, together with the Initial Term, the “Term”) unless either party provides written notice to the other party one hundred and twenty (120) days prior to the end of the Initial Term or then Renewal Term of its intent to terminate this VTA. Each party waives any right it may have to receive any compensation or reparations on termination or expiration of this VTA under the law of any jurisdiction, other than as expressly provided in this VTA. Additionally, in the event that the Reseller Agreement between Verisign and Reseller under which Verisign’s Services are resold to Customer is terminated for any reason, then this VTA shall immediately terminate unless otherwise explicitly agreed to in writing by Verisign. Customer acknowledges that Verisign may terminate at any time and for any or no reason Reseller’s right to resell or otherwise make the Verisign DDoS Protection Services available Notwithstanding anything in this VTA to the contrary, Reseller may terminate this VTA upon sixty (60) days’ prior written notice in the event Verisign terminates its agreement with Reseller.
10.3 Termination for Material Breach. Either Party may terminate this VTA or any Service Order by providing written notice to the other party in the event of a material breach by such other party and a failure to cure such material breach within a period of sixty (60) days following receipt of written notice specifying that the same has occurred.
10.4 Insolvency. Either Party, to the extent permitted by applicable Law, may terminate this VTA immediately upon (a) the institution of any proceedings by or against the party seeking relief, reorganization or arrangement under any laws relating to insolvency, which proceedings are not dismissed within thirty (30) days; (b) an assignment for the benefit of creditors, or the appointment of a receiver, liquidator or trustee, of any of the other party's property or assets; or (c) the liquidation, dissolution or winding up of the other party's business.
10.5 Effects of Termination
10.5.1 Expiration; Termination for Convenience. In the case of expiration of this VTA or termination for convenience pursuant to Section 10.2 above, all existing Service Order will remain in effect through the Initial Term or Renewal Term, as applicable, and the applicable terms and conditions of this VTA will continue to apply to the Service Order and their corresponding VTA; provided, however, that Customers acknowledges Reseller’s intent not to continue providing the Verisign DDoS Protection Service after expiration of the Initial Term or Renewal Term, as applicable.
10.5.2 Termination by Reseller. In the case of termination of this VTA by Reseller pursuant to Sections 10.3 or 10.4 above, Reseller, at its sole option, may elect to (a) have all or a portion of the Service Order immediately terminate; or (b) have such Service Order remain in effect through the Initial Term or then current Renewal Term, as applicable. In the event Reseller terminates a Service Order pursuant to this Section 10.5.2, any license grant to Customer under the corresponding VTA shall immediately terminate, and Customer must cease making use of the Verisign DDoS Protection Service under the corresponding VTA. In such latter case, the applicable terms of this VTA will continue to apply to Service Orders and their corresponding VTAs; provided, however, that Customer acknowledges and Reseller’s intent not to continue providing the Verisign DDoS Protection Service after expiration of the Initial Term or current Renewal Term, as applicable.
10.5.3 General. Upon the expiration or termination of this VTA, Customer shall cease using the Verisign DDoS Protection Service. Any expiration or termination shall not discharge any obligation to make payments which have accrued or are due as of the effective date of such expiration or termination.
10.5.4 Customer Transition. Any termination (for any reason), expiration or non-renewal of Reseller’s services (other than expiration or non-renewal of the Verisign DDoS Protection Service) shall not relieve Customer of its obligations to continue to pay fees to Reseller with respect to the Verisign DDoS Protection Service, unless, and solely to the extent: (i) Customer enters into an agreement with Verisign with respect to the Verisign DDoS Protection Services; and (ii) Verisign agrees in writing to relieve Reseller of its remaining payment obligations with respect to such Verisign DDoS Protection Service.
10.6 Notwithstanding anything in this VTA to the contrary and in addition to Reseller’s rights set forth in the Agreement, Reseller may terminate this VTA immediately upon notice to Customer in the event that Verisign determines, in its sole discretion, that (a) Customer has breached Section 6.4 herein; and/or (b) Customer does not have the necessary hardware in order for Verisign to deliver the Verisign DDoS Protection Service.
11. No Right of Indemnification Against Verisign or Reseller. Customer acknowledges and agrees that it shall have no right to seek, and shall not seek, any indemnification from Verisign or Reseller with respect to the Verisign DDoS Protection Service.
12. REPRESENTATIONS AND WARRANTIES; NO LIABILITY
12.1 Customer Representations and Warranties. Customer hereby (i) represents and warrants that it is not and will not become a Restricted Customer; and (ii) warrants that it will at all times abide by and comply with terms and conditions of this VTA.
12.2 Disclaimer of Warranties. NOTWITHSTANDING ANYTHING CONTAINED IN THIS VTA TO THE CONTRARY, THE VERISIGN DDOS PROTECTION SERVICE IS PROVIDED “AS IS”, “AS AVAILABLE” AND WITHOUT ANY WARRANY WHATSOEVER. RESELLER DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTION OF CUSTOMER REQUIREMENTS, NON-INFRINGEMENT, AND ANY WARRANTY ARISING OUT OF A COURSE OF PERFORMANCE, DEALING OR TRADE USAGE. RESELLER DOES NOT REPRESENT, WARRANT OR GUARANTEE THAT THE VERISIGN DDOS PROTECTION SERVICE PROVIDED HEREUNDER WILL BE UNINTERRUPTED, UNDISRUPTED OR ERROR-FREE. NOTWITHSTANDING ANYTHING TO THE CONTRARY, NEITHER RESELLER NOR VERISIGN SHALL HAVE ANY LIABILITY (A) TO THE EXTENT THAT CUSTOMER DELAYS IN REDIRECTING ITS INTERNET TRAFFIC OR IN THE EVENT THAT CUSTOMER DOES NOT REDIRECT ITS INTERNET TRAFFIC OR DISCONTINUES REDIRECTING ITS INTERNET TRAFFIC DURING A FILTERED DDOS EVENT OR DELAYS IN PROVIDING, OR FAILS TO PROVIDE, CONENT TO REDIRECT ITS INTERNET TRAFFIC WHERE SUCH CONSENT IS REQUIRED; AND (B) WITH RESPECT TO SECTION 13 (INCLUDING, BUT NOT LIMITED TO, IN RELATION TO ANY VIOLATION OF SECTION 13 OR ACTION TAKEN BY VERISIGN OR ANY INACTION BY VERISIGN IN CONNECTION WITH SECTION 13. CUSTOMER UNDERSTANDS AND AGREES THAT VERSIGN OR RESELLER SHALL NOT BE LIABLE FOR CUSTOMER’S ACTION, OR FAILURE TO ACT, IN RELIANCE ON ANY INFORMATION FURNISHED AS PART OF THE VERISIGN DDOS PROTECTION SERVICES. VERISIGN OR RESSLER DO NOT REPRESENT, WARRANT OR GUARANTEE THAT (A) SECURITY THREATS, MALICIOUS CODE AND/OR VULNERABILITIES WILL BE IDENTIFIED, (B) THE VERISIGN DDOS PROTECTION SERVICE WILL RENDER CUSTOMER’S NETWORK AND SYSTEMS SAFE FROM MALICIOUS CODE, INTRUSIONS, OR OTHER SECURITY BREACHES, (C) EVERY VULNERABILITY ON EVERY TESTED SYSTEM OR APPLICATION WILL BE DISCOVERED, OR (D) THERE WILL BE NO FALSE POSITIVES.
12.3 NOTWITHSTANDING ANYTHING TO THE CONTRARY, IN THE CASE OF THE VERISIGN DDOS PROTECTION SERVICE, VERISIGN AND RESELLER SHALL HAVE NO LIABILITY (i) TO THE EXTENT THAT CUSTOMER DELAYS IN REDIRECTING ITS INTERNET TRAFFIC OR IN THE EVENT THAT CUSTOMER DOES NOT REDIRECT ITS INTERNET TRAFFIC OR DISCONTINUES REDIRECTING ITS INTERNET TRAFFIC DURING A FILTERED DDOS EVENT; AND (ii) WITH RESPECT TO THE ACCEPTABLE USE POLICIES (INCLUDING, BUT NOT LIMITED TO, ANY ACTION TAKEN BY VERISIGN OR RESELLER, OR INACTION BY VERISIGN OR RESELLER.
13. Acceptable Use Policy.
13.1 Prohibited Activities. Customer shall not undertake, attempt to undertake, the following prohibited activities: (a) Hacking, pinging, flooding, mail bombing, or denial of service attacks or any other activities that disrupt the use of or interfere with the ability of others to effectively use any network, system, service or equipment; (b) engaging in or promoting instructional information about fraudulent or illegal activities (including online gambling in all forms regardless of whether it violates applicable laws) infringing or misappropriating third party Intellectual Property Rights (including Software Piracy), violating privacy, publicity or any other personal rights of others, collecting, advertising, transmitting, storing, posting, displaying, uploading or otherwise making available child pornography or any other obscene speech or material or using the network of Verisign or its vendors (as the case may be) to do so; (c) engaging in any activity, whether lawful or unlawful, that Verisign determines may damage the operations, reputation, goodwill, or customer relations of Verisign; (d) sending unsolicited bulk and/or commercial electronic messages, viruses, worms or Trojan horses; (e) forging, deleting or misrepresenting message headers, return addresses or Internet protocol addresses or otherwise manipulating identifiers, whether in whole or in part, in order to disguise the originator of the message; (f) promoting physical harm or injury against any group or individual; (g) providing material support or resources (or conceal or disguise the nature, location, source or ownership of material support or resources) to any organization(s) designated by the United States government as foreign terrorist organization pursuant to section 219 of the Immigration and Nationality Act; or (h) advertising, transmitting, providing or otherwise making available any software, program, product, service, capability or information that is designed to facilitate a violation of this Acceptable Use Policy. Customer shall take reasonable steps to ensure that any third party whom Customer permits to use Customer’s services shall not undertake or attempt to undertake any of the prohibited activities listed below.
13.2 Customer Acknowledgements. Customer acknowledges and agrees that (a) information reaching the facilities of Verisign or its vendors may have originated from a customer of Customer, or from another third party and that, as a result, Verisign or its vendors, as the case may be, may request Customer to take reasonable action against its customers directly to prevent a breach of the Acceptable Use Policy; and (b) where required by law, Verisign may notify law enforcement agencies when it becomes aware of any illegal activities on or being transmitted through the network of Verisign.
13.3 Verisign’s Rights. If Reseller determines, in its sole discretion or upon consultation with Verisign, or Verisign determines, it is sole discretion, that Customer has failed to comply with any provision of this Section 13 or has undertaken or attempted to undertake any of the prohibited activities described herein, Customer agrees that Reseller and/or Verisign may immediately take corrective action which includes, but is not limited to, suspension of the Verisign DDoS Protection Service and/or termination of this VTA upon twenty four (24) hours notice (which may be via email). Such corrective action is in addition to any other rights of Verisign under this VTA or the law. Verisign may provide Customer with notice that Verisign intends to take action under this Section 13.3 but is not required to do so. Verisign may, in its sole discretion, change or update this Acceptable Use Policy at any time by providing notice to Customer via email. The updated Acceptable Use Policy shall be deemed to replace the prior version thirty (30) calendar days after Customer’s receipt of such email. Customer shall cooperate with Verisign and/or its vendors in any corrective or preventive action that either Verisign or its vendors deem necessary.
14. Compliance with Law, Export Requirements. Each party agrees that it shall comply with all applicable federal, state and local laws, regulations, and export requirements in connection with its performance under this Agreement. Regardless of any disclosure made by Customer to Reseller of an ultimate destination of any software, hardware, or technical data acquired from Reseller and, notwithstanding anything contained in this VTA to the contrary, Customer will not modify, export, or re-export, either directly or indirectly, any software, hardware, or technical data, or portions thereof, without first obtaining any and all necessary licenses from the United States government or agencies thereof or any other country that requires an export license or other governmental approval at the time of modification, export, or re-export. Reseller shall have the right to suspend performance of any of its obligations under this VTA, without prior notice and without liability if Customer fails to comply with this Section 14.
15. Anti-Bribery. Customer represents and warrants that (a) it is aware of, understands and will comply with the provisions of the U.S. Foreign Corrupt Practices Act (the “FCPA”) and the U.K. Bribery Act, as applicable (collectively, the “Acts”); (b) it will not take any action that might be a violation of the Acts or other applicable anti-corruption Laws that prohibit the same type of conduct; (c) it has, and will have, policies in place sufficient to ensure compliance with the provisions of the FCPA and U.K. Bribery Act, as applicable; (d) Customer and its Affiliates, in the exercise of their rights and the performance of their obligations under this VTA, or in connection with any transaction contemplated or authorized by this insert name of Reseller’s agreement, have not, and shall not, pay or give, offer or promise to pay or give, or authorize any third party to pay or give, any money or any other thing of value directly or indirectly for the purpose of unfairly obtaining or retaining any business or securing any other unfair advantage to: (i) any government official or government employee (including any official or employee of a state-owned commercial enterprise or public international organization; (ii) any political party or officer or employee of any political party; (iii) any candidate for political office; (iv) any officer or employee of any customer or potential customer; or (v) any other person, firm, corporation or other entity at the suggestion, request or direction of, or for the benefit of, any of the foregoing persons or entities; (vi) all amounts paid to Reseller by Customer hereunder, including, but not limited to, any discounts or credits furnished by Reseller, if any, shall not be paid or given to any other person, firm, corporation or other entity, except in payment for a bona fide business purposes authorized by this VTA and incurred in connection with the performance of services hereunder in accordance with applicable Law. Reseller acknowledges that any violation of this Section 15, or any formal allegation brought by a government agency charged with enforcement of anti-corruption Laws that Customer is involved in a violation of any applicable anti-corruption law involving or related to this VTA, would be a material breach of this VTA, giving Reseller the right to terminate the VTA immediately without any liability owed by Reseller.
16. . Survival of Terms. The following provisions shall survive any expiration or termination of this VTA: (a) Section 1 (Definitions); (b) Section 6.4 – 6.6; (c) Section 8 (Restrictions); (d) Section 12 (Warranties); (e) Section 10 (Term; Termination); (f) 16 (Survival of Terms); (g) 17 (Miscellaneous Provisions) and (h) any other provisions of this VTA which, by their nature, were intended by the Parties to survive any expiration or termination of this Agreement.
17. Miscellaneous Provisions
17.1 Governing Law. This VTA shall be governed by, construed, and enforced in all respects in accordance with the laws of the state of California, United States of America, excluding its conflict of laws rules. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods shall not apply to this VTA. For all disputes arising out of or related to this Agreement, the parties submit to the non-exclusive subject matter jurisdiction, personal jurisdiction and venue of the courts located in San Francisco, California and hereby waive any objection to the jurisdiction and venue of such courts.
17.2 Export Control. Regardless of any disclosure made by Customer to Reseller of an ultimate destination of any software, hardware, or technical data acquired from Verisign or Reseller and, notwithstanding anything contained in this VTA to the contrary, Customer will not modify, export, or re-export, either directly or indirectly, any software, hardware, or technical data, or portions thereof, without first obtaining any and all necessary licenses from the United States government or any other country that requires an export license or other governmental approval at the time of modification, export, or re-export. Reseller shall have the right to suspend performance of any of its obligations under this VTA, without prior notice and without liability if Customer fails to comply with this Section 17.3.
17.3 Force Majeure. Except with respect to Customer’s payment obligations, neither party shall be deemed in default hereunder, nor shall it hold the other party responsible for, any cessation, interruption or delay in the performance of its obligations hereunder (excluding payment obligations) due to earthquake, flood, fire, storm, natural disaster, act of God, war, terrorism, armed conflict, labor strike, lockout, boycott or other events beyond the reasonable control of such party; provided, however, that the party relying upon this provision: (a) gives prompt written notice thereof, and (b) takes all steps reasonably necessary to mitigate the effects of the Force Majeure Event; and, provided further, that in the event a Force Majeure Event extends for a period in excess of sixty (60) days in the aggregate, either party may immediately terminate this VTA or the upon written notice to the other party.
17.4 Order of Precedence. In the event of a conflict between this VTA and any Service Order, the terms of the Service Order shall govern to the extent of such conflict, but only in regard to the specific Verisign DDoS Protection Service provided under that Service Order.