Please read the following Terms of Use carefully. In these Terms of Use:
- "Trend Micro" "we", "our" and "us" means Trend Micro Incorporated a company registered in the United States of America with company registration number C1919248. Our registered office is at 225 E John Carpenter Freeway, Suite 1500, Irving, TX 75062.
- "you" and "your" means a user of the free service provided by us and accessible from https://phishinsight.trendmicro.com and its subdomains (the "Tool").
These Terms of Use set out the terms and conditions on which we agree to make available and you agree to access and use the Tool.
TABLE OF CONTENTS
- Acceptance of the Terms of Use
- Amendments to Terms of Use
- Account and password security
- Your right to use the Tool
- Your obligations
- Links & Open-Source & Third Party Technology & Third Party Content
- Legal disclaimer
- Confidentiality
- Intellectual Property Rights
- Data Protection
- Unenforceability
- Assignment
- No Partnership or Agency
- Third Party Rights
- Governing Law
Acceptance of the Terms of Use
- By using the Tool or by ticking the tick-box during the sign-up process, you agree to be legally bound by these Terms of Use. You also confirm that you have read our Privacy Policy and understand how we will process your personal data where we act as a controller (as defined in Clause 10).
- If you do not agree with these Terms of Use or to our use of your personal data as set out in Privacy Policy, you should not use the Tool.
Please save and/or print a copy of these Terms of Use and our Privacy Policy for your future reference.
Amendments to Terms of Use
- The date at the top of this webpage indicates when these Terms of Use were last updated. We may amend these Terms of Use from time to time. If we do, we will publish the changes on our website and will also notify you of the updated Terms of Use the next time you access the Tool.
Account and password security
- We will provide access to the Tool using a username and password system. You must ensure that you have appropriate security measures in place to ensure that:
- any username and password that we allocate to you is used only by you; and
- the security and confidentiality of your username and password is maintained at all times and not disclosed whether to other individuals within your organisation, or to any third parties.
- You shall not leave any session where you are using the Tool unattended and shall be responsible for all use that occurs under your account, regardless of whether any such use is by you or by unauthorised third parties.
- You agree to immediately notify us of any or any suspected unauthorised use of your account for use of the Tool or of any or any suspected other breach of security. We cannot and will not be liable for any loss, damage or other liability arising from your failure to comply with this Clause 3 or from any unauthorised access to or use of your account.
- We will provide access to the Tool using a username and password system. You must ensure that you have appropriate security measures in place to ensure that:
Your right to use the Tool
- Subject to your compliance with these Terms of Use, we grant you a non-exclusive, non-transferable, non-sub licensable right to access and use the Tool for the purposes of:
- creating and running internal phishing drills and campaigns;
- obtaining analytics and reports relating to the impact of the internal phishing campaigns that you run;
- accessing and using the third party content made available through the Tool; and
- contacting us in relation to your use of the Tool.
- For the avoidance of doubt, the restriction on transferring and sub-licensing the Tool in 4.a may be waived to the extent set out in clause 5.a(vi).
- Subject to your compliance with these Terms of Use, we grant you a non-exclusive, non-transferable, non-sub licensable right to access and use the Tool for the purposes of:
Your obligations
- You agree not to:
- use the Tool or access to it for any fraudulent or unlawful purpose;
- use the Tool or access to it to impersonate any person or entity, or to falsely state or otherwise misrepresent its affiliation with any person or entity;
- interfere with or disrupt the operation of the Tool or access to it;
- transmit or otherwise make available in connection with the Tool or access to it any virus, worm, Trojan horse, time bomb, spyware, or other computer code, file, or programme that is harmful or invasive or may or is intended to damage or hijack the operation of, or to monitor the use of, any hardware, software, or equipment;
- restrict or inhibit the ability of any other authorised person to access or use the Tool;
- use the Tool or access to it for any commercial purposes other than as set out in this sub-clause (vi). Where you are acting as a service provider to end customers, you may permit any third party end customer to use or benefit from the use or functionality of the Tool provided that
- you have provided such end customer with a copy of these Terms of Use and
- you accept full responsibility for any such use and shall indemnify us on demand for any losses, claims, fees, expenses (including legal fees) that we may suffer or incur as a result of any breach of these Terms of Use howsoever arising including where such use of the Tool is for and on behalf of or by a third party end customer;
- modify, adapt or translate any portion of the Tool;
- remove, obscure or modify any copyright, trade mark, or other proprietary rights notice from the Tool;
- use any robot, spider, search/retrieval application or other manual or automatic device to retrieve, index, “scrape,” “data mine,” or in any way gather or reproduce the Tool or circumvent the navigational structure or presentation of the Tool;
- copy, modify, adapt, distribute, or otherwise make use of the third party content available within the Tool for any purpose other than for internal business training purposes only and in accordance with these Terms of Use;
- or attempt to reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas or algorithms of the Tool or Third Party Technology (as defined in 6.c).
- You agree not to:
Links & Open-Source & Third Party Technology & Third Party Content
- From time to time, the Tool may include links to third party websites. These links are provided for your convenience only and do not signify that we endorse such third party websites. We do not review such third party websites and you acknowledge and agree that:
- we are not responsible for such websites, including the terms on which such websites are made available and the privacy policies of such websites, and we do not control their content or availability;
- we make no representation, warranty or condition, either express or implied, in relation to any goods or services or information received from such websites; and
- if you access any such websites, you do so entirely at its own risk.
- You may include links to the Tool on another website providing you acknowledge and agree the following:
- we are not liable to you for any loss that you suffer as a result of such links;
- we do not promise that the Tool will be continuously available (and therefore such links may not always work);
- you will not insert such links on any website which contains any content which is illegal, infringes any rights, such as the intellectual property rights, of any third party or contains any adult content;
- we reserve the right to object to any such links and require you to promptly remove them.
- The Tool may come bundled or otherwise be distributed with open source or other third party software (herein “Third Party Technology”), that is subject solely to the agreement terms, conditions, limitations, and disclaimers of the specific license (each “Different Terms”) under which such Third Party Technology is redistributed to you by us. Different Terms applicable to any Third Party Technology redistributed in any Tool provided hereunder will be identified by us in the Documentation for, and/or in a "Read Me" or an "About" file in, the Software. THIRD PARTY TECHNOLOGY IS PROVIDED BY US "AS IS" AND "AS AVAILABLE" WITHOUT ANY WARRANTY, EXPRESS, IMPLIED, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND/OR NON-INFRINGEMENT. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, AS IT RELATES TO ANY AND ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH THIRD PARTY TECHNOLOGY, WE SHALL HAVE NO LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIRD PARTY TECHNOLOGY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
- The Tool may include access to third party content. You acknowledge and agree that:
- you are required to assess whether or not the content is suitable for your purposes, we are not responsible for the quality, accuracy or content of any third party content;
- we make no representation, warranty or condition, either express or implied, in relation to the third party content; and
- if you access and/or use the third party content, you do so entirely at your own risk.
- THIRD PARTY CONTENT IS PROVIDED BY US "AS IS" AND “AS AVAILABLE” WITHOUT ANY WARRANTY, EXPRESS, IMPLIED, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND/OR NON-INFRINGEMENT. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, AS IT RELATES TO ANY AND ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH THIRD PARTY CONTENT, WE SHALL HAVE NO LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIRD PARTY TECHNOLOGY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
- From time to time, the Tool may include links to third party websites. These links are provided for your convenience only and do not signify that we endorse such third party websites. We do not review such third party websites and you acknowledge and agree that:
Legal disclaimer
- Our Tool is made available free of charge.
- Nothing in these Terms of Use is intended to exclude or limit our liability for death or personal injury caused by our negligence, for fraudulent misrepresentation or for any other liability that cannot be excluded or limited by law.
- Save as expressly provided in these Terms of Use, the Tool is made available to you on an "as is" basis and we disclaim and do not accept any liability to you in respect of it or otherwise.
- The information and content provided in the Tool is provided without warranties or conditions of any kind. We provide access to the Tool on the basis that we exclude all representations, warranties and conditions, to the maximum extent permitted by law.
- We do not condone, nor do we provide the Tool for the purpose of assisting you with employment decisions relating to the suitability for or termination of employment of your employees, agents, contractors or any other third parties. You may not use or permit the Tool to be used in this way. We do not accept any liability to you or to such third parties in relation to your use of the Tool. You will indemnify us on demand for any losses, claims, fees, expenses (including legal fees), fines and penalties of any nature which we incur as a result of your breach of this Clause 7.e
- It is your responsibility to ensure that the Tool is suitable for your intended purposes. We accept no liability as to the suitability or fitness of the Tool in meeting your needs and we exclude to the fullest extent permissible by law all express or implied warranties, representations, conditions or terms, including, without limitation:
- that access to the Tool will be uninterrupted or error-free;
- that the Tool or the computer that the Tool or the computer server from which the Tool is made available, are free of viruses or other harmful components; and
- to the accuracy, content, timeliness, completeness, reliability, quality or suitability of any content (including third party content) contained in or delivered via the Tool or otherwise made available in connection with the Tool.
- Where You or a user elects to use the Outlook Phish Reporter plugin we will provide you with a report identifying the recipient of a reported malicious email and the recipient’s response to such email. Other than providing such reports we will not engage with your administrator or provide any advice or assistance, technical or otherwise in relation to the reporting of suspected or actual malicious emails. You are advised to manage your own response to such malicious emails. We will use the personal data provided to us through the use of the Outlook Phish Reporter plugin (including any that is contained in the content of or attachments to a malicious email) for our own research and analytical purposes to help us with product and service development. You are responsible for ensuring that all persons or entities who access the Tool are aware of these Terms of Use and our Privacy Policy and that they fully comply with them and that in respect of the personal data of any individuals who are the subject of a Tool campaign or drill that all applicable data protection laws are complied with at all times.
- You also acknowledge and agree that the operation of the Tool is dependent upon the proper and effective functioning of the internet and other third party equipment and services, and that we do not guarantee and will not be liable for these in any way.
- Subject to Clause 7.b, all information, content and links provided on the Tool are for use at your own risk. You cannot and will not hold us responsible for any damage or loss of any kind caused either directly or indirectly by the information, content and/or links provided on the Tool.
- Subject to Clause 7.b, we will not be liable to you for any special, indirect or consequential losses or damages, or any:
- loss of data;
- profits, sales, business or revenue;
- business interruption;
- loss of business opportunity, goodwill or reputation.
- Subject to Clause 7.b, our total liability arising under or in connection with the Tool and/or these Terms of Use or any breach or non-performance of them no matter how fundamental (including any such use for and on behalf of or by a third party end customer) (including by reason of negligence) in contract, tort or otherwise shall be limited to fifty dollars ($50).
Confidentiality
- Each of the parties shall keep confidential all information concerning the business, technology, and affairs of the other and other information which is identified as such or is confidential by its nature ("Confidential Information").
- The provisions of Clause 8 shall not apply to:
- information that has come into the public domain other than by breach of this Clause or any other duty of confidence;
- information that is obtained from a third party without breach of this Clause or any other duty of confidence;
- information that is required to be disclosed by law; or
- information that is disclosed to professional advisors for the purpose of obtaining professional advice (subject to obtaining a satisfactory commitment from that party in respect of confidentiality).
Intellectual Property Rights
- The intellectual property rights in the Tool and copyright in all material and content stored, displayed and accessible on the Tool is either owned us or duly licensed by third parties. All such rights are reserved.
Data Protection
- Definitions: In this Clause, the following terms shall have the following meanings:
- "controller", "processor", "data subject", "processing" (and "process") and "special categories of personal data" shall have the meanings given in Applicable Data Protection Law;
- "personal data" shall have the meaning given in Applicable Data Protection Law and for the purposes of these Terms of Use relates either to:
- the personal data that is provided to us by you, is generated by the Tool to provide a report of the results of any phishing drill or campaign, or is otherwise processed by us as a processor to provide you with the Tool as described in these Terms of Use ("Customer Data"); or
- the personal data that you provide to us which we process for our own purposes (including but not limited to product and service development and analytical purposes) and to identify and where appropriate to provide you with advice in respect of any further advisable remedial actions ("Own Data"). We shall process the following types of Customer Data: First Name, Last Name, Email, IP Address, Region (optional), department (optional), reporting information detailing an individual user’s reporting of malicious emails including header information of emails, sender, recipients and email transmission information (optional); and any personal data that may be contained in the content of or attachments to a malicious email reported by the user(optional).
- "Applicable Data Protection Law" shall mean:
- any laws, rules and regulations applicable to each party or each party's affiliates (as applicable) in relation to data protection and data privacy from time to time; and
- where the Applicable Data Protection Law is Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, this will be applicable prior to 25 May 2018, however on and after 25 May 2018 the Applicable Data Protection Law will be Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
- “Appropriate Safeguards” shall mean: such legally enforceable mechanism(s) for transfers of personal data as may be permitted under Applicable Data Protection Law.
- Relationship of the parties: We agree that Trend Micro shall act as a controller in relation to the processing of Own Data. We agree that you (as controller) appoint Trend Micro as a processor to process the Customer Data for the purpose of providing the Tool (or as otherwise agreed in writing by the parties) (the "Permitted Purpose") until the earlier of 2 years from the creation of the Customer Data or the expiry or termination of these Terms of Use and including a reasonable period of time in which to return the data to you as may be required. Each of your employees or other personnel who you target with a campaign is a Data Subject for the purposes of this Clause 10.
Trend Micro as controller - Trend Micro warrants that it will comply with Applicable Data Protection Law in relation to its processing of Own Data.
Trend Micro as processor - Each party shall comply with the obligations that apply to it under Applicable Data Protection Law in relation to the processing of Customer Data. This Clause 10.4 shall apply where Trend Micro processes Customer Data:
- International transfers: You agree that Customer Data and Own Data for certain purposes including but not limited to the administering the Tool, providing technical support and maintenance, storing and backing up the data, using the LiveChat function and research and analytics activities within the Trend Micro group will be transferred to countries outside the European Economic Area (EEA) to Trend Micro group companies and Trend Micro sub-processors as appropriate (as defined in 10.d.iv) provided that all transfers by Trend Micro of the Customer Data and Own Data shall (to the extent required under Applicable Data Protection Law) be effected by way of Appropriate Safeguards and in accordance with Applicable Data Protection Law.
- Confidentiality of processing: We shall ensure that any person we authorise to process Customer Data (an "Authorised Person") shall protect the Customer Data in accordance with confidentiality obligations of these Terms of Use.
- Security: We shall implement technical and organisational measures to protect Customer Data
- from accidental or unlawful destruction, and
- loss, alteration, unauthorised disclosure of, or access to Customer Data (a "Security Incident").
- Subcontracting: You consent to us engaging third party sub-processors for ancillary operational and administrative functions, including but not limited to the backing up of the Customer Data (currently AWS), to send SMS security messages to administrators (currently Twilio), to operate the live chat function (currently LiveChat) and to provide us with customer analytics concerning your use of the Tool (currently Gainsight) within the Permitted Purpose provided that:
- we maintain an up-to-date list of our subprocessors on our website the URL for which will initially be notified to you in writing and which we shall update with details of any change in subprocessors at least 10 days' prior to any such change;
- we impose data protection terms on any subprocessor we appoint that require it to protect Customer Data to the standard required by Applicable Data Protection Law; and
- we remain liable for any breach of this Clause that is caused by an act, error or omission of our subprocessor. You may object to our appointment or replacement of a sub-processor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such event, we will either not appoint or replace the sub-processor or, if this is not possible, we may suspend or terminate these Terms of Use and stop providing you with access to the Tool.
- Cooperation and data subjects' rights: We shall provide reasonable and timely assistance to you (at your expense) to enable you to respond to:
- any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and
- any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of Customer Data. In the event that any such request, correspondence, enquiry or complaint is made directly to us, we shall promptly inform you providing full details of the same.
- Data Protection Impact Assessment: If we believe or becomes aware that our processing of Customer Data is likely to result in a high risk to the data protection rights and freedoms of data subjects, we shall inform you and provide reasonable cooperation to you (at your expense) in connection with any data protection impact assessment that may be required under Applicable Data Protection Law. You acknowledge that you will as Data Controller identify and comply with any requirement under Applicable Data Protection Law to carry out a Data Protection Impact Assessment.
- Security incidents: If we become aware of a confirmed Security Incident, we shall inform you without undue delay and shall provide reasonable information and cooperation to you so that you can fulfil any data breach reporting obligations you may have under (and in accordance with the timescales required by) Applicable Data Protection Law. We shall further take such any reasonably necessary measures and actions to remedy or mitigate the effects of the Security Incident and shall keep you informed of all material developments in connection with the Security Incident.
- Deletion or return of Data: Upon the earlier of a period of 2 years from the creation of any Customer Data and the termination or expiry of these Terms of Use, we shall destroy all Customer Data in our possession or control. This requirement shall not apply to the extent that we are required by applicable law to retain some or all of the Customer Data, or to Customer Data we have archived on back-up systems, which Customer Data we shall securely isolate and protect from any further processing except to the extent required by such law.
- Audit: To the extent that we are required to do so under Applicable Data Protection Law, we shall submit to an annual audit undertaken on your behalf by one of the “Big-Four” internationally recognised auditing firms to verify our compliance with Applicable Data Protection Law in processing Customer Data provided that we are promptly provided with an original copy of any resulting report which we may treat as our own property. We reserve the right to dilute or diminish your right to audit us to the extent and in accordance with any future decision, judgment, code of conduct or obiter statement issued by a court, supervisory authority or other competent authority.
- Definitions: In this Clause, the following terms shall have the following meanings:
Unenforceability
- If any provision or part of any provision of these Terms of Use is not enforceable, then you and we agree that the minimum necessary amendment shall be made to these Terms of Use to render them enforceable. If that happens, any unenforceable provision or part of any provision shall be replaced by an enforceable provision which as closely as possible matches the intent of the unenforceable provision or part of a provision.
Assignment
- We may assign all rights and obligations under these Terms of Use to any third party, but will not do so in way that reduces your rights under these Terms of Use.
No Partnership or Agency
- Nothing in these Terms of Use is intended to or shall operate to create a partnership or joint venture of any kind between the parties, or to authorise either party to act as agent for the other, and neither party shall have authority to act in the name or on behalf of or otherwise to bind the other in any way (including but not limited to the making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).
Third Party Rights
- A person who is not a party to these Terms of Use has no right under the Contracts (Rights of Third Parties) Act 1999 to rely upon or enforce any term of these Terms of Use.
Governing Law
- This Agreement and any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims) are governed by and shall be construed in accordance with English law.
- The parties submit to the exclusive jurisdiction of the English courts for all purposes relating to and in connection with this Agreement and any such dispute or claim referred to in Clause 15.a.