Terms and Conditions for accessing Bitdefender Managed Detection and Response Foundations Service (including MSP).

NOTICE TO ALL USERS AND MSPs  (“YOU”): PLEASE READ THIS AGREEMENT CAREFULLY. IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS DO NOT INITIATE THE MDR SERVICE. BY SELECTING "I ACCEPT", "OK", "CONTINUE", "YES" OR BY INITIATING THE MDR SERVICE IN ANY WAY, YOU (EITHER AN INDIVIDUAL OR A SINGLE ENTITY) INDICATING YOUR COMPLETE UNDERSTANDING AND ACCEPTANCE OF THESE TERMS WHICH TOGETHER WITH THE PRIVACY POLICY, ANY SERVICE DESCRIPTION PRESENTED TO YOU CONSTITUTE the AGREEMENT (collectively, the “AGREEMENT”). IF YOU DO NOT AGREE TO ALL OF THESE TERMS OR IF YOU DO NOT HAVE THE AUTHORITY TO BIND THE COMPANY, SELECT THE REJECTING OPTION AND DO NOT INITIATE THE MDR SERVICE (“MDR”).

FOR MDR FOUNDATIONS FOR MSPs, THE MSP HAS THE OBLIGATION TO INFORM ITS CUSTOMERS OF THIS AGREEMENT AND OBTAIN THEIR AGREEMENT ON THE TERMS OF THIS AGREEMENT.

YOU REPRESENT AND AGREE ON BEHALF OF YOUR COMPANY THAT YOU HAVE THE CAPACITY AND AUTHORITY TO BIND YOUR COMPANY TO THIS AGREEMENT AND THAT YOU HAVE READ ALL OF THE TERMS AND CONDITIONS, UNDERSTAND THEM, AND AGREE TO BE BOUND BY THEM. THESE TERMS AND CONDITIONS ARE BINDING AS OF THE EARLIEST OF THE DATE YOU ACCEPT THESE TERMS AND CONDITIONS, THE DATE SET FORTH ON AN ORDER OR THE DATE ON WHICH YOU DOWNLOAD, INSTALL OR ACTIVATE THE MDR SERVICE.

This Agreement is a legal agreement between you (either an individual, a MSP or a legal person) (“You”) and Bitdefender for the initialization and use of the MDR service, and may include associated media, printed materials and "online" or electronic documentation (hereafter designated as "Documentation"), all of which are protected by international copyright laws and international treaties. Any of your affiliate purchasing hereunder, or using or accessing MDR hereunder, or benefitting from your use of MDR, all listed herein, will be bound by and comply with all terms and conditions of this Agreement. The Company signing these Agreement will remain responsible for its affiliates’ acts and omissions unless otherwise agreed.

MDR SERVICE DETAILS. This Agreement refers to the Bitdefender Managed Detection and Response Foundations Service hereinafter referred to as “MDR Foundations”. To the extent permitted by applicable law, Bitdefender can modify its features, description and/or minimum system requirements, in order to continuously improve the quality and content of MDR. For Users: the access rights to MDR are not transferable. You, as a user, may not grant any transfer, sharing, or association with any third-party rights in order to benefit from MDR you purchased from Bitdefender. For the avoidance of any doubt, MDR is solely for Your Internal Use. By way of example and not limitation, Internal Use does not include access or use: (i) for the benefit of any person or entity other than You or your Affiliates or (ii) in any event, for the development of any product or service. Internal Use is limited to access and use by You and Your employees or any of your Affiliates, in either event, solely on your behalf and for your benefit. In case there are changes to Your internal environment, the parties shall make commercially reasonable efforts to tailor MDR services to such changes.

For MSPs:  The MSP will give access rights to MDR Foundations to its customers for their Internal Use. By way of example and not limitation, Internal Use does not include access for the benefit of any person or entity other than end customer and Affiliates.

Validity Period: For Users - The MDR Foundations validity period is limited, as stated in the MDR documentation, starting with the moment of initial activation and subject to the condition you have activated within the Bitdefender Solutions (“Validity Period”).

For MSPs: The MDR Foundations validity period is minimum 1 month limited, as stated in MDR Foundations documentation, starting with the moment of initial activation and subject to the condition MSP and its Customers activated within the Bitdefender Solutions: Bitdefender Cloud Security for MSP, Advanced Threat Security and EDR for the entire customer infrastructure, for a minimum of 1 month (“Validity Period”).

MDR Description:


MDR includes the below Services and otherwise described in the Documentation related to MDR. For clarity purposes, MDR includes specific software as well as cloud-based software or other products offered under any order, the available accompanying API’s, the relevant data, any Documentation and any updates thereto that may be made available by Bitdefender from time to time. Services do not include Professional Services as stated on the website.

I. Service Setup Phase

Onboarding: Via the MDR Portal, you shall provide us with Emergency Contacts, authorized containment actions (Previously Authorized Actions), and notification preferences. Onboarding for MSPs: As notifications are defined on a per-user basis, MSP users should NOT add end users to receive notifications, lest they receive data from other tenants. Instead, notifications must be set by end company users if they would like to receive them. For the avoidance of any doubt, the actions that You authorize through the MDR Portal shall be deemed expressly authorized under this Agreement, and You shall be deemed fully and completely informed on the consequences and/ or potential consequences of such authorization which is considered granted in full knowledge. Bitdefender shall have no liability towards You with respect to the Previously Authorized Actions and / or their consequences.

For Users: the onboarding process is deemed finalized when you have inserted your MDR Foundations license key into the GravityZone console, installed and enabled EDR on all endpoints, and you have set up Emergency Contacts, Previously-Authorized Actions, and Notification preferences in the MDR Portal. In addition, you enable the Remote Shell feature in all policies applied to assets monitored by MDR. (“Onboarding”).

You will receive an email when monitoring has begun. It will include links to documentation that will further detail how to finish tuning the service in the MDR Portal.

For MSPs: The onboarding process is deemed finalized when you (i) have enabled MDR Foundations for an end customer in GravityZone, (ii) installed and enabled ATS & EDR on all endpoints, and (iii) you have set up Emergency Contacts, Previously-Authorized Actions, and Notification preferences in the MDR Portal (“Onboardig”).

The primary contact of the XSP partner, as established in the GravityZone console, will receive an email when monitoring has begun. It will include links to documentation which will further detail how to finish tuning the service in the MDR Portal.

For both Users and MSPs, the Onboarding is followed by the “Deploy & Configure” service delivery phase. The later represents the period after onboarding and the active 24/7 monitoring service delivery phase in which You are responsible for deploying, installing, and configuring the endpoint detection and response feature in the GravityZone console.

II. Active 24/7 Monitoring Service Delivery Phase

MSP Partner management: By default, Bitdefender shall enable the option regarding the security management for all distributors, partners and customers that have access to MDR Foundations for MSPs, including the latter's Customers. Disabling this option will no longer be available as long as you have access to MDR Foundations for MSPs services.

1. Monitoring potential attacks: Solely after proper Onboarding, devices having the GravityZone agent installed shall be monitored, as per reasonable commercial diligence, 24x7 during the Validity Period. However, the parties acknowledge and agree that interruptions may occur, outside of Bitdefender’s control, such as those due to internet provider shortages and the like.

Potential attacks notifications:

Notifications and Updates. Once a security event has been identified in your or Customer’s Environment, we will provide an initial notification through the agreed communication channels provided by You/ the MSP via the MDR Portal and subsequent updates in the following timeframes based upon our determination of the applicable severity level. We will notify and update you/MSP via different vehicles, described below, depending upon the severity of the situation and consistent with any procedures that have been established and documented with you/ MSP for your account/ each Customer’s account. For MDR Foundations for Users, Environment shall mean the assets monitored by GravityZone agents or by XDR sensors. The notification times stated below start from the moment when ‘Bitdefender Solution’ has identified a potential incident, namely that Bitdefender has (i) identified a potential attack in order for necessary measures to be taken and/or (ii) if the case, request for more information from You/MSP. For the avoidance of any doubt, Bitdefender shall use all commercial reasonable efforts to notify You as stated in the below response timetable, which does not apply until you receive notice that an incident has occurred and that we have assigned the said incident a severity level. MSP has the obligation to notify its customers. Critical and High priority severity levels are not available for non-production systems. You hereby acknowledge and agree that Bitdefender MDR Foundation may add additional notification methods in the future.

 

Severity Level (example incidents)

Initial Notification (from event identification)

Update Frequency (after initial notification)

Notification Methods

Critical:

·        Advanced or Interactive Attacker.

·        Advanced Persistent Threat (APT): Nation-State Threat Group or Advanced Cyber-Crime Organization.

·        Data staged for exfiltration. Confirmed data exfiltration.

30 Min

MSP has the obligation to notify its Customer.

Every Hour

·        Phone Call

·        MDR Portal

·        Email (if selected in Portal)

 

High:

·        High confidence intelligence-driven detections.

·        Command line activity spawned by a suspicious process.

·        Web exploits.

·        Privilege escalation.

·        Credential theft.

30 Min

MSP has the obligation to notify its Customer.

Every Hour

·        Phone Call

·        MDR Portal

·        Email (if selected in Portal)

 

Medium:

·        High confidence known malware.

·        High confidence malicious document.

·        Social engineering of binary files.

24 Hour

MSP has the obligation to notify its Customer.

Notify customer if remediation recommendations require customer approval.

·        MDR Portal

·        Email (if selected in Portal)

Low:

·        Low confidence known malware (commodity malware or adware)

·        Low confidence malicious documents

·        Command line activity used for common administrative purposes and lateral movement or reconnaissance activity

24 Hour

MSP has the obligation to notify its Customer. 

Notify customer if remediation recommendations require customer approval.

·        MDR Portal

·        Email (if selected in Portal)

 

Inbound Questions:

·        Inquiries about detections in GravityZone

·        More information on cases in the MDR Portal

Based on severity of support case

N/A

GZ Console

MDR Portal


For MSPs: MSP WILL RESPECT THE ABOVE MENTIONED SLAs FOR NOTIFYING THEIR CUSTOMERS AND FOR RESPONDING BACK TO BITDEFENDER REPRESENTATIVES. BITDEFENDER WILL NOT BE HOLD LIABLE FOR ANY CLAIMS OR LOSSES RESULTED FROM BREACHING THE SLAs OF NOTIFING AND RESPONSE BY THE MSP.

2. Alert review and validation initiated by You: You can access Support channels 24/7 and inquire about the validity of an incident that they discover; MSPs may create a Support Ticket in the MDR Portal. You will be notified (The MSP will be notified in the MDR Portal) that the investigation request has been received and the investigation has started. Bitdefender can ask for more information if needed for the assessment. Once an investigation has been concluded, You will be notified of the completion of the investigation. MSP will have the obligation to notify its Customers in due time.

NOTE: Forensic analysis of the attack services are explicitly excluded from MDR Foundations and the services offered under this Agreement.

III. Reporting

MDR Foundations will provide standard information and reports to you as part of normal business operations including the following types of reports on your Environment/ MSP Customers’ Environment:

Realtime Dashboard for Users – A summary of all security events seen in your Covered Environment over the last day, week, or month.

Realtime Dashboard for MSPs - A summary of all security events seen in MSP Customers’ Environment over the last week.

Monthly Report – Monthly reports include a summary of all security events seen in your Covered Environment / MSP‘s Customers Environment for the previous month, including threat hunting and incident summaries.

Flash & After-Action Report – Flash reports are generated immediately after incidents are declared in order to give You/ customers an idea of initial findings & containment actions. After-Action Reports are generated for completed incident investigations. They contain the details of the attack, a summary of the actions taken and any recommendations on changes in the Environment to help prevent similar incidents in the future.

IV. Responses to live attackers

 You can decide how Bitdefender is to react to a live attacker, as per the  Previously Authorized Actions. These can be switched on or off directly in the MDR Portal (please find herein the relevant location: bitdefender.com/business/support/en/124809-151519-pre-approved-actions.html). In addition, you understand and hereby expressly allow and agree that Bitdefender shall be entitled to create, for one incident only, a remote shell on devices to further investigate or limit the impact of attacks, if the option is enabled. The ability to create a remote shell is essential to the MDR Service, and its main purpose is to obtain otherwise unobtainable necessary information in the course of an investigation and to properly contain attackers. All actions performed by an analyst via remote shell is stored in the GravityZone console for You to audit. In addition, signoff is required by senior staff in the SOC before the feature can be used. For the avoidance of any doubt, Bitdefender shall be entitled to perform (i) the pre-approved actions previously detailed and explained to You, both with respect to the timeframe for taking such action(s) as well as with respect to all consequences of taking the said actions (including unforeseen consequences which You hereby expressly agree upon); (ii) any other action that You expressly authorize, once you/ MSP have been notified with respect to an incident. In addition, You expressly acknowledge and agree that Bitdefender has no obligations (including no liabilities and no damages payment) towards You (nor towards MSP or any of its Customers) for any and all repercussions in connection with taking any of the (i) or (ii) actions, provided that Your express consent was previously obtained, except, for Users, in the case of usage of remote shell feature. You hereby expressly authorize any activity taken by the Bitdefender analyst while the remote shell feature is used, provided however that such activity will be limited to the purpose of providing MDR Foundation Services. Additional information on remote shell sessions and SOC may be found here: https://www.bitdefender.com/business/support/en/77209-151142-edr-investigating-incidents.html.

For MSPs: MSP has the obligation to obtain the necessary approvals from its Customers.

PAYMENTS. Orders are non-cancellable. Any order through a reseller is subject to, and Bitdefender obligations and liabilities to You are governed by this Agreement.

For MSPs: Any order through a Bitdefender distributors or resellers is subject to, and Bitdefender obligations and liabilities to MSP and its Customers are governed by this Agreement.

You will pay the fees for MDR Foundations directly or indirectly through Bitdefender channel resellers as set forth in the applicable order. Unless otherwise expressly set forth on the order, You will pay the fees stated in the order within 30 days after receipt of the applicable invoice. Except as otherwise expressly provided in this Agreement, all fees are non-refundable. Fees are exclusive of any applicable sales, use, value added, withholding, and other taxes applicable, however designated. You shall pay all such taxes levied or imposed by reason of Your purchase of MDR Foundations and the transactions hereunder, except for taxes based on Bitdefender’s/its channel partners’ income or with respect to Bitdefender’s employment of its employees.

Delivery Channels. Bitdefender may choose to provide MDR using the following delivery channels: phone, email or remotely accessing your GravityZone Console. During the delivery of MDR, Bitdefender may, at its sole discretion and without any obligation, capture MDR sessions in different forms (such as, but not limited to: voice recording, written recording, database monitoring) for quality improvement purposes and/or market research purposes. By accepting this Agreement, You agree (and MSPs will obtain Customers’ approval) to allow Bitdefender to perform such captures, including recordings of any type and to use and process any information resulted from such recordings for MDR improvement purposes, for marketing research or training purposes and in order to respond to any legal or regulatory requirements, in compliance with the applicable laws.

 

PREREQUISTES

For Users: For using MDR, You need to have a valid activated license to Bitdefender Solution. In addition, You need to have a valid MDR subscription.

For MSPs: For using MDR, MSP and its Customers need to have a valid activated license to Bitdefender Solution: Bitdefender Cloud Security for MSP, Advance Threat Security and EDR for the entire customer infrastructure. In addition, MSP and its Customers need to have a valid MDR subscription. Distributors/RMMs that have accepted the commercial agreements for MDR Foundations must make a request to the email address mdrfoundations-access@bitdefender.com to make the Foundations option available to MSPs in the GravityZone console.

MDR Availability. Bitdefender will make operationally and commercially reasonable efforts to make MDR available on a 24/7/365 basis. However, MDR delivery may be limited to some geographic regions or may suffer interruptions due to technical maintenance or Internet provider issues, independent of Bitdefender’s control. By accepting this Agreement, You (and MSP and in the name of its Customers) agree to grant Bitdefender’s representatives the following rights: (i)To use whatever support or remote access tools are necessary to investigate the incident(s); (ii)To install Bitdefender proprietary or third party licensed remote access tools, for the sole scope of providing MDR; (iii) To access your computer or MSPs Customer’s computer remotely and modify settings and configurations, including installing or removing specific items, in order to solve a problem or diagnose more complex problems, either as a result of a pre-approved action or as a direct response to Your indications; (iv) To gather data from your/ its devices only for the purpose of providing MDR and as a part of problem diagnosis process.

As a result of using MDR Services, including specific MDR support sessions, Bitdefender can remove any remote access tools software installed on your/ its Customer computer for the scope of providing MDR; however, by accepting this Agreement you (including MSP’s Customers) are informed and expressly accept the fact that there might be residual files left on your computer as a consequence of usage of the support and/or remote tools.

In addition, it is Your sole responsibility or, with respect to Customers, MSP’s sole responsibility, to check whether any residuals impact You/ Customer in any way and to resolve any and all potential consequences of such residuals. Bitdefender hereby accepts no liability whatsoever with respect to any residuals.

Restrictions. The access and use rights set forth in do not include any rights to, and You (nor MSP’s Customers) will not, with respect to any MDR (or any portion thereof): (i) alter, publicly display, translate, create derivative works of or otherwise modify MDR Foundations and Bitdefender Solutions; (ii) sublicense, distribute or otherwise transfer MDR Foundations and Bitdefender Solutions to any third party; except as permitted herein; (iii) allow third parties to access or use MDR Foundations and Bitdefender Solutions except for as expressly permitted herein; (iv) create public Internet “links” to MDR Foundations and Bitdefender Solutions or “frame” or “mirror” any MDR Foundations content on any other server or wireless or Internet-based device; (v) reverse engineer, decompile, disassemble or otherwise attempt to derive the source code (if any) for MDR Foundations and Bitdefender Solutions (except to the extent that such prohibition is expressly precluded by applicable law), circumvent its functions, or attempt to gain unauthorized access to MDR Foundations or its related systems or networks; (vi) use MDR Foundations to circumvent the security of another party’s network/information, develop malware, unauthorized surreptitious surveillance, data modification, data exfiltration, data ransom or data destruction; (vii) remove or alter any notice of proprietary right appearing on MDR Foundations and Bitdefender Solutions; (viii) conduct any stress tests, competitive benchmarking or analysis on, or publish any performance data of MDR Foundations; (ix) cause, encourage or assist any third party to do any of the foregoing. Customer agrees to use MDR Foundations in accordance with laws, rules and regulations directly applicable to Customer and acknowledges that Customer is solely responsible for determining whether a particular use of MDR Foundations is compliant with such laws.

MSP agrees to obtain the Customer approval to use MDR in accordance with laws, rules and regulations directly applicable to Customer and acknowledges that Customer is solely responsible for determining whether a particular use of MDR is compliant with such laws.  

For MDR Foundations and Bitdefender Solutions requiring user accounts, only the single individual user assigned to a user account may access or use it. You are liable and responsible for all actions and omissions occurring under your and your user accounts for MDR. If MSP makes Customer accounts, then MSP is liable and responsible for all actions and omissions occurring under user accounts for MDR.

You authorize Bitdefender to give your own suppliers/contractors who provide You services for internal use, the rights and privileges to the Bitdefender Solutions and MDR necessary to enable and provide for your use and receipt of its services to You. If at any time You will revoke this authorization, then You are responsible for taking the actions necessary to revoke such access and use in Bitdefender Solutions and MDR and You will disable its access to Bitdefender Solutions and MDR within a reasonable period of time. If You would need Bitdefender assistance, please contact Bitdefender support.

Disclaimer. You as well as Your suppliers/contractors remain responsible for their acts and omissions during such time. The Bitdefender Solutions and MDR Foundations are not conditional upon suppliers/contractor’s usage. Bitdefender is not responsible or liable for any loss, costs or damages arising out of their actions or inactions in any manner, including but not limited to, for any disclosure, transfer, modification or deletion of your or MSP’s Customers data. Bitdefender: (i) does not control, monitor, maintain or provide support for Your suppliers/contractors, (ii) disclaims all warranties of any kind, indemnities, obligations, and other liabilities in connection with Your/its suppliers/contractors services provided to You (or to MSPs Customers), and any of Your suppliers/contractors interface or integration with the Bitdefender Solutions and MDR. You hereby acknowledge and agree that Bitdefender cannot be held liable for any services and related features provided by your/its supplier/contractors which might no longer be available to You for any reason.

You should not give or allow Your suppliers/contractors access to, or use of, intelligence reports provided by, or made accessible in the Bitdefender Solutions or MDR.

Free, Trial Or Beta Subscription. If You are a trial or beta user, You may use MDR for evaluation or testing purposes in a non-production environment for the limited period announced to you, from the date You initiate MDR (the "Trial Period"). During the Trial Period, You can receive web or email based technical support in the country where You are located and Updates, if applicable, without any guarantee or warranty of any kind.

THE PROVISIONS OF THE SECTION APPLY IN LIEU OF SECTION WARRANTIES WITH RESPECT TO ANY FREE/TRIAL AND BETA SOLUTIONS.

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, MDR AND BITDEFENDER SOLUTION USED FOR EVALUATION AND BETA PURPOSES OR BETA SOLUTIONAS ARE PROVIDED TO YOU "AS IS" WITHOUT WARRANTIES OF ANY KIND.

Your right to use MDR or Bitdefender Solution ends when the Evaluation or Beta Period ends or if You violate any term of this Agreement. Upon termination of the Evaluation or Beta Period, You must delete or destroy all copies of Bitdefender Solution and Documentation and stop using MDR. Your obligations and rights under this Agreement will continue to apply after the end of the Evaluation or Beta Period.

Limitations. You are responsible for middleware, miscellaneous software and software applications installation. This responsibility covers correct licensing, configurations control, administration and operations readiness. You (as well as MSPs Customers) are responsible for the installation, operation, maintenance and support of any software that is not expressly under the sole responsibility of Bitdefender. You agree to inform Bitdefender via email about the progress of the site preparation, delivery, installation, configuration and completion of the tests of the configuration.

If you request any change to MDR services, the Parties can evaluate and agree upon such changes via a separate document, expressly specifying the adjustment and the new commercial conditions.

You acknowledge that technologies are not universally compatible and that there may be limitations. You understand and agree that You have the sole responsibility for maintaining and backing up your data. In all cases, You agree to hold Bitdefender harmless from any losses resulting from the loss of data during the performance of MDR Services or otherwise. In addition, you (and MSP’s Customers) are solely responsible for the protection of your passwords and in no way shall Bitdefender be responsible for any password loss, password change or password incompatibility, even if such password was initially generated by Bitdefender or any third-party software. Please be advised that in such scenario (i.e. a generated password), we strongly advise you (and MSP’s Customers) to change such automatically generated password after first introducing it along with any other credentials into any piece of software.

Proprietary Rights. Bitdefender or its licensors or suppliers retain ownership of all proprietary rights in MDR and any and all associated materials and services, documentation, deliverables and in all trade names, knowhow, trademarks, copyright associated or displayed with MDR, This Agreement only gives You (and MSP’s Customers) limited, non-exclusive, non-transferable rights to use MDR for your own internal use and not for any commercial activities. Unless an applicable law gives you (and MSP’s Customers) more rights despite this limitation, You (and MSP’s Customers) may use MDR only as expressly permitted in this Agreement. No service or deliverable provided by Bitdefender shall be considered “Work for Hire” or “Works made in the course of duty,” or any other similar terms under laws where the transfer of intellectual property occurs on the performance of services to a payor.

Expiration. Your right to benefit of MDR ends when the MDR Foundations Validity Period ends or if You violate any term of this Agreement.

After the specified MDR Foundations Validity Period has expired, you have no further right to receive any MDR Foundations services without the purchase of a new MDR Foundations subscription.

Copyright. All rights, titles and interest regarding MDR Foundations and including but not limited to know-how, images, photographs, logos, data, deliverables, animations, video, audio, music, text, "applets" and all accompanying printed materials are owned by Bitdefender or its licensors. The MDR Foundations services are protected by know-how and should be deemed as a trade secret and together with its components are also protected by copyright laws and international treaty provisions. You may not copy the printed materials accompanying MDR Foundations . You must produce and include all copyright notices in their original form for all copies created irrespective of the media or form in which MDR Foundations exists. You may not rent, sell, resell, loan, lease, share or otherwise transfer, with or without consideration MDR Foundations . You may not allow third parties to benefit from the use or functionality of MDR Foundations via a timesharing, service bureau or any other similar arrangements.

Feedback. It is expressly understood, acknowledged and agreed that you shall, regardless of whether or not formally requested to do so, provide to Bitdefender reasonable suggestions, comments, testimonials and feedback regarding MDR, including but not limited to usability, bug reports and test results, with respect to MDR testing (collectively, "Feedback"). If You provide such Feedback to Bitdefender, You shall grant Bitdefender the following worldwide, exclusive, perpetual, irrevocable, royalty free, fully paid up rights: (i) to make, use, copy, modify, sell, distribute, sub-license, and create derivative works of, the Feedback as part of any solution, technology, service, specification or other documentation (ii) to publicly perform or display, import, broadcast, transmit, distribute, license, offer to sell, and sell, rent, lease or lend copies of the Feedback (and derivative works thereof) as part of MDR; (iii) to sublicense to third parties the foregoing rights, including the right to sublicense to further third parties; and (iv) to sublicense to third parties any claims of any patents owned or licensable by You that are necessarily infringed by a third party product, technology or service that uses, interfaces, interoperates or communicates with the feedback or portion thereof incorporated into a Yonly, technology or service. Further, you warrant that your Feedback is not subject to any license terms that would purport to require Bitdefender to comply with any additional obligations with respect to MDR that incorporate any Feedback.

Limited Warranty. Bitdefender warrants to You (inclusing to MSP’s Customers) that it will perform MDR in a professional and workmanlike manner consistent with generally accepted industry standards. You must notify Bitdefender of any warranty claim for MDR Foundations during the period MDR Foundations Services are being performed or within 30 days after the conclusion of that service. Your sole and exclusive remedy and the entire liability of Bitdefender for its breach of this warranty will be for Bitdefender, at its option and expense, to (a) use commercially reasonable efforts to re-perform the nonconforming service, or (b) refund the portion of the fees paid attributable to the non-conforming services.

Express warranties do not apply if the applicable service or Bitdefender Solutions: (i) has been modified, except when such modification was performed by Bitdefender, (ii) has not been installed, used, or maintained in accordance with this Agreement or Documentation, or (iii) is non-conforming due to a failure to use an applicable Update. If any part of an applicable service or Bitdefender Solutions references websites, hypertext links, network addresses, or other third-party information, services or activities, it is provided as a convenience only.

Bitdefender does not warrant that the Bitdefender Solutions and MDR Foundations will be uninterrupted or error free or that any errors will be corrected. Bitdefender does not warrant that MDR will meet your requirements. This limited warranty is void if the alleged defect is a result of an accident, abuse, or misapplication. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, BITDEFENDER DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO MDR, ANY SERVICES OR PRODUCTS, INOPERABILITY, UNAVAILABILITY OR SECURITY VULNERABILITIES, ENHANCEMENTS, MAINTENANCE OR SUPPORT RELATED THERETO, OR ANY OTHER MATERIALS (TANGIBLE OR INTANGIBLE) OR SERVICES SUPPLIED. BITDEFENDER HEREBY EXPRESSLY DISCLAIMS ANY IMPLIED WARRANTIES AND CONDITIONS, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, LOSS OF DATA, FALSE POSITIVES OR FALSE NEGATIVES, DEVICE FAILURE OR MALFUNCTION, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INTERFERENCE, ACCURACY OF DATA, ACCURACY OF INFORMATIONAL CONTENT, SYSTEM INTEGRATION, AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS BY FILTERING, DISABLING, OR REMOVING SUCH THIRD PARTY’S SOFTWARE, SPYWARE, ADWARE, COOKIES, EMAILS, DOCUMENTS, ADVERTISEMENTS OR THE LIKE, WHETHER ARISING BY STATUTE, LAW, COURSE OF DEALING, CUSTOM AND PRACTICE, OR TRADE USAGE.

YOU SHALL BE SOLELY RESPONSIBLE FOR PROPER BACK-UP OF ALL DATA AND FOR TAKING APPROPRIATE MEASURES TO PROTECT ALL SUCH DATA. BITDEFENDER ASSUMES NO LIABILITY OR RESPONSIBILITY WHATSOEVER IF DATA IS LOST OR CORRUPTED.

Bitdefender is also acting on behalf of its partners for the purpose of disclaiming, excluding and/or limiting obligations, warranties and liability as provided under this Agreement. The foregoing provisions shall be enforceable to the maximum extent permitted by applicable law.

Limitation Of Liability. NEITHER PARTY SHALL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, OR DATA USE. BITDEFENDER’S MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT OR YOUR ORDER, WHETHER IN CONTRACT OR TORT, OR OTHERWISE, SHALL BE LIMITED TO THE FEES YOU HAVE PAID BITDEFENDER FOR THE ALLEGEDLY DEFICIENT BITDEFENDER SOLUTION OR SERVICES UNDER THIS AGREEMENT AS SPECIFIED IN YOUR ORDER. SOME STATES DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU. IN NO CASE SHALL BITDEFENDER'S LIABILITY EXCEED THE PURCHASE PRICE PAID BY YOU FOR BITDEFENDER SOLUTION.

You agree that (i) You (and, for MSP, the MSP’s Customers) are the legal holder of the benefits of MDR Foundations and (ii) the decision of initiating MDR Foundations, any action you instruct Bitdefender to take and the results of this action or using the internet connections is solely at Your own risk. Therefore, by initiating MDR, You warrant and confirm that you (a) have full and legal access to the hardware and software and any environment that are allocated for MDR Foundations purposes, including, without limitation, MDR Foundations installation, deployment, use and (b) have completed a back-up onto separate media of any software or data on the environment that may be impacted by MDR Foundations.

You (and, for MSP, the MSP’s Customers) are solely responsible for maintaining and backing up all information, data, text or other materials (collectively "customer data") and software stored on your computer and storage media before initiating MDR Foundations. You (and, for MSP, the MSP’s Customers) acknowledge and agree that Bitdefender or its partners have no responsibility or liability under any circumstances at any time for any loss or corruption of customer data, software or hardware that may arise out of MDR Foundations. You (and, for MSP, the MSP’s Customers) acknowledge and agree that Bitdefender does not provide backup copies or support installation.

BITDEFENDER DOES NOT LIMIT OR EXCLUDE ITS LIABILITY FOR (i) DEATH OR PERSONAL INJURY CAUSED BY GROSS NEGLIGENCE, (ii) FRAUDULENT MISREPRESENTATION, OR (iii) ANY OTHER LIABILITY TO THE EXTENT THAT SUCH LIABILITY CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW.

Indemnity. Bitdefender shall indemnify and keeps You harmless from any claim by a third party that your use or possession of the Bitdefender Solution and MDR Foundations, in accordance with the terms and conditions of this Agreement, infringes any third party patent, trademark or copyright and shall pay and indemnify any damages awarded to such third party by a court of competent jurisdiction as a result of such claim. The foregoing obligation of Bitdefender does not apply with respect to software, services or portions or components thereof: (i) not supplied by Bitdefender; (ii) used in a manner not expressly authorized by this Agreement or the accompanying Documentation (iii) made in accordance with Your specifications; (iv) modified by anyone other than Bitdefender, if the alleged infringement relates to such modification; (v) combined with other products, processes or materials where the alleged infringement would not exist but for such combination; (vi) any third party software or services or (vii) where you continue the allegedly infringing activity after being notified thereof and provided with modifications that would have avoided the alleged infringement.

In the event the Bitdefender Solution or MDR Foundations is held by a court of competent jurisdiction to constitute an infringement Bitdefender shall, at its sole option, do one of the following: (i) procure the right to continued use; (ii) modify the Bitdefender Solution so that their use becomes non-infringing; (iii) replace the MDR Foundations or Bitdefender Solution with substantially similar products in functionality and performance; or (iv) if none of the foregoing alternatives is reasonably available to Bitdefender, Bitdefender shall refund the pro-rata unused portion of the MDR Foundations or Bitdefender Solution.

The Parties may request indemnification under this provision, provided they: (a) give notice within ten (10) days of any claim being made or proceedings being issued against; (b) give sole control of the defense and settlement to the indemnifying party (provided any settlement relieves the indemnified party of all liability in the matter); (c) provide all available information and reasonable assistance; and (d) have not previously compromised or settled such claim.

THIS SECTION STATES BITDEFENDER’S ENTIRE LIABILITY AND YOUR SOLE AND EXCLUSIVE REMEDY FOR INFRINGEMENT AND MISAPPROPRIATION CLAIMS.

Confidentiality. Neither Party shall disclose any confidential and/or proprietary information belonging to the other party unless agreed in writing by the said party. Confidential information shall be limited to the terms and conditions of this agreement, including its pricing provision, and all information clearly identified as confidential. This obligation shall not apply to information received which: (i) is or becomes known by the recipient without an obligation to maintain its confidentiality; (ii) is or becomes generally known to the public through no act or omission on the part of the recipient; or (iii) is independently developed by the recipient without the use of confidential or proprietary information; (iv) must be disclosed to any government authority or court of law as a result of a court order. In the event that either Party is required to disclose confidential and proprietary information pursuant to law, it shall notify the other Party of the required disclosure. Each Party agree to hold each other’s confidential information in confidence for a period of three years from the date of disclosure. Also, we each agree to disclose confidential information only to those employees or agents on a need-to-know bases and who are required to protect it against unauthorized disclosure. Nothing shall prevent either party from disclosing the terms or pricing under this Agreement or orders submitted under this Agreement in any legal proceeding arising from or in connection with this Agreement. You acknowledge that a breach of this “Confidentiality” section shall cause Bitdefender irreparable injury and damages. Therefore, you agree that such breach may be stopped through injunctive proceedings in addition to any other rights and remedies which may be available to Bitdefender at law or in equity without the posting of a bond.

Electronic Communications. Bitdefender may send You (and, for MSP, the MSP’s Customers) legal notices and other communications about the subscription services or our use of the information you provide us within MDR Foundations services ("Communications"). Bitdefender will send Communications via in-product notices or via email to the primary user's registered email address or will post Communications on its Sites. The legal basis for sending these communications are this agreement (for the transactional communications) and the legitimate interest for marketing with the current customers (for the commercial communications).

Privacy Policy & GDPR. All the information on how the personal data is processed during the usage of the Bitdefender Solution and Services (including MDR Foundations) is specified in the Bitdefender Privacy Policy. By accepting this Agreement, You acknowledge and agree that You have been notified about how your personal data will be processed according to the Privacy Policy for Business Solutions published on: https://www.bitdefender.com/site/view/legal-privacy-policy-for-bitdefender-business-solutions.html as well as about the Personal Data Notice for Business Contacts of the Clients/Partners published on: https://www.bitdefender.com/site/view/legal-personal-data-notice-for-business-contacts-of-the-clientsorpartners.html.

With respect to personal data collected by Bitdefender Solution and Services (including MDR Foundations) from your Users and the applicable data protection legislation governing this relationship, according to the EU applicable legislation on personal data (GDPR – General Data Protection Legislation), Bitdefender together with You are joint controllers. Bitdefender acts as a data controller in relation to the personal data collected through its products and services sold to/through Business Clients only for the purposes of ensuring information and network security, including support activities for this purpose (only in specific cases, when support activities are included in the specific contract with Bitdefender). The Users also act as data controllers in relation to the personal data they might have access at through the Bitdefender’s Products and Services, including MDR Foundations for purposes of ensuring information and network security. For any other potential purposes that Business users may decide upon internally on their own, Business Clients and Service Providers (and their Clients) act as separate and independent data controllers, collecting personal data from another source, meaning Bitdefender`s products and services.

The joint controllers will be each independently and separately responsible for respecting the GDPR provisions, including lawful processing of personal data, informing service users on the use of their personal data, the security of such personal data and making sure service users can exercise their rights, according to the Joint Controllers Arrangement available here: https://www.bitdefender.com/media/materials/legal/Joint-ControllersArrangement.pdf.

Technologies. Bitdefender informs You (and MSPs Customers) that in certain programs or products it may use data collection technology in order to collect technical information (including suspect files), solely to (i) improve the products, (ii) provide related services, (iii) adapt them to the latest industry trends and (iv) prevent the unlicensed or illegal use of the product or the damages resulting from any malware products identified.

You (and MSPs Customers) hereby expressly agree and accept that Bitdefender may use such data collected / resulting information as part of the services provided in relation to the product and to prevent and stop the malware programs running on Your/its environment. By accepting this Agreement, You (and MSPs Customers) acknowledge and agree that the security technology used can scan the traffic in an impersonal mode to detect the malware and to prevent the damages resulting from the malware products.

You (and MSPs Customers) acknowledge and accept that Bitdefender may provide updates or additions to the program or product which automatically download to your device. By accepting this Agreement, You (and MSPs Customers) agree that some of the executable files considered potentially harmful, may be submitted to Bitdefender servers for the purpose of such files being scanned.

More details about the technical data collected are available on Bitdefender websites.

Bitdefender reserves the right to collect certain information from the computer on which MDR Foundations is installed, depending on the modules and services You have activated in MDR Foundations or Bitdefender Solution. Such information may pertain to potential security risks as well as to URLs of websites visited that the Bitdefender Solution and Services deems potentially fraudulent. The URLs could contain personally identifiable information that a potentially fraudulent website is attempting to obtain without Your permission. As such, You (and MSPs Customers) agree that certain modules, services and components may collect pieces of data from Your (and MSPs Customers) systems for the purpose of evaluating and improving the ability of Bitdefender’s products to detect malicious behavior, potentially fraudulent websites and other Internet security risks. Bitdefender also employs proprietary Cloud technologies to perform scanning on certain URLs, files or emails submitted from Your (and MSPs Customers) systems.

Force Majeure. Neither Party shall be in breach of the Agreement in the event it is unable to perform its obligations as a result of a natural disaster, war, emergency conditions, strikes, acts of terrorism, the substantial inoperability of the Internet, the inability to obtain supplies, or any other reason or condition beyond its reasonable control. If such reasons or conditions remain in effect for a period of more than thirty (30) calendar days, either Party may terminate the Agreement affected by such force majeure following the written notice to the other Party. Notwithstanding the aforementioned, the parties agree that payment obligations derived from this Agreement shall not be delayed for any reason.

Export: MDR Foundations and Bitdefender Solutions are designed for commercial use. The EU and US export laws and any other applicable export regulations (“Export laws”) apply to Bitdefender Solutions and Services. You agree that Export laws shall govern Your use of MDR or Bitdefender Solutions provided under this Agreement and You agree to comply with all Export laws. You agree that no data, information, software programs, services and/or materials resulting from MDR and Bitdefender Solutions will be exported, directly or indirectly, in violation of Export laws, or will be used for any purposes prohibited by Export laws and You agree to indemnify and hold Bitdefender harmless from and against claims, losses, costs, or liability, arising in connection with Your breach of these obligations.

General. If You are located in the United States or Canada, this Agreement is governed by the laws of the State of Florida, USA, with the venue in Broward County. If You are located in the Netherlands, Denmark, Finland, Iceland, Norway, Belgium, Luxemburg, France, Germany, Austria and Sweden, this Agreement is governed by the Dutch Laws with the venue in the Hague. If You are located in rest of Europe, LATAM, Africa, Middle East and Asia, this Agreement will be governed by the laws of Romania with the venue in the courts of Bucharest.

Nothing in this Agreement will diminish any rights You may have under existing applicable laws in Your jurisdiction that may not be waived by contract.

In the event of invalidity of any provision of this Agreement, the invalidity shall not affect the validity of the remaining portions of this Agreement.

This Agreement describes certain legal rights. You may have other rights under the laws of Your state or country. You may also have rights with respect to the party from whom You acquired the Bitdefender Solution or Services including MDR. This Agreement does not change Your rights or obligations under the laws of Your state or country if the laws of Your state or country do not permit it to do so.

Unless you inform Bitdefender otherwise by sending an email to us at legal@bitdefender.com, at any time, You agree that Bitdefender may display your company name and logo (in accordance with any trademark guidelines You provide) as a Bitdefender customer in a manner that does not suggest Your use or endorsement of any specific Bitdefender Solutions or service.

Bitdefender reserves the right to cooperate with any legal process and any law enforcement or other government inquiry related to your use of this MDR Foundations and Bitdefender Solution. This means that Bitdefender may provide documents and information relevant to a court subpoena or to a law enforcement or other government investigation in compliance of the applicable legislations.

Bitdefender name and Bitdefender logos are trademarks of BITDEFENDER. All other trademarks used in the product or in associated materials are the property of their respective owners.

Bitdefender retains the right to assign this Agreement at its sole discretion. You may not assign this Agreement without the prior written permission of Bitdefender.

BITDEFENDER may revise these Terms at any time and the revised terms shall automatically apply to the corresponding versions of the Bitdefender Solution distributed with the revised terms. If any part of the Agreement is found void and unenforceable, it will not affect the validity of the rest of the terms and conditions under this Agreement, which shall remain valid and enforceable. In case of controversy or inconsistency between translations of the Agreement to other languages, the English version issued by Bitdefender shall prevail.

Contact Bitdefender: https://www.bitdefender.com/business/customer-portal/enterprise-standard-support.html.
Legal Notices: legal@bitdefender.com.