CHAPTER I - GENERAL PROVISIONS Article 1 - Definitions
The parties agree and accept that each of the terms mentioned below will have the following meaning in these terms and conditions:
TOS refers to these terms of service.
Client refers to any entity that has subscribed to a Service.
Personal Account refers to the personal and informational space of the Security Rating Platform reserved for the User or any other person authorized by an Administrator User to access the Services.
Financial Terms refers to the stipulations regarding the price and the Scope of use described in the purchase order and/or the commercial proposal accepted by the Client.
Personal Data or Personal Information refers to any information relating to an identified or identifiable natural person; a "identifiable natural person" is deemed to be a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific elements specific to his physical, physiological, genetic, mental, economic, cultural, or social identity, in accordance with the definition of Regulation (EU) 2016/679 of April 27, 2016 (GDPR).
Force Majeure refers to the cases defined by the jurisprudence of French courts as constituting force majeure. In addition to the cases retained by jurisprudence, interventions by public authorities in the event of a pandemic, disturbances related to energy flow restrictions, supply disruptions for any equipment, software, and power supply system not in the possession or under the control of the concerned party, and malicious cyber attacks, including denial-of-service attacks, will be considered equivalent to force majeure, regardless of their predictability.
Login Credentials refer to the username and password entered by the User at the time of creating their Personal Account.
Confidential Information (or "Information") refers to information, documents of any nature, and know-how communicated by any means by one party to the other party.
Partner refers to each entity authorized to distribute the Services of Board of Cyber.
Scope of Use refers to the parameters, limitations, and other variables that define the scope of the rights of use of the Security Rating Platform® by the Client.
Security Rating Platform® (or "Platform") refers to the "SECURITY RATING" software, available in SaaS mode and made available to Users by the company Board of Cyber.
Service (or "Services") refers to all services made available to Users.
User refers to any person using or having used the Platform and/or Services, including User account or company Users and Administrator account or company Users.
Administrator User account refers to a category of User responsible for administering and/or managing the use of the Security Rating Platform®. Like the User account, the Administrator User account can access all rating information for companies associated with an account, but can also invite new Users to the account or companies.
Administrator User company refers to a category of User responsible for administering and/or managing the use of the Security Rating Platform®. Like the User company, the Administrator User company can access all rating information for a company, but can also invite new Users at the company level.
User account refers to a category of User who can access all rating information for companies associated with an account.
User company refers to a category of User who can access all rating information for a company.
CHAPTER II - THE SECURITY RATING PLATFORM Article 2 – Company Description
The company Board of Cyber, a simplified joint-stock company located at Crisco Duo Building, 7 Avenue de la Cristallerie, 92310 SÈVRES, registered with the Trade and Companies Register of NANTERRE under number 908185424 (hereinafter referred to as "Board of Cyber"), offers its Clients and Users the "SECURITY RATING" Platform, the use of which is subject to these terms and conditions.
Article 3 – Platform Description
These general terms of use (hereinafter referred to as "TOS") are intended to govern the terms of access and use of the Security Rating Platform® by the User.
The Security Rating Platform® is accessible 24 hours a day, 7 days a week, except in cases of Force Majeure or events beyond the control of Board of Cyber.
However, Board of Cyber reserves the right to interrupt, without prior notice to the User, access to the Security Rating Platform® for technical maintenance or for any other reasons.
Article 4 – Acceptance of TOS
In order to access the Security Rating Platform®, the user must have read and accepted these TOS.
CHAPTER III - USERS AND STATUSES Article 5 - User Categories
Board of Cyber has defined the following 4 User statuses, each providing access through the Platform to specific services:
Status: User account
Services: Access to rating information for companies associated with an account, which is assigned to them by an Administrator User to whom they are attached.
Description: The User account only accesses rating information for companies associated with an account, assigned to them by an Administrator User.
Status: User company
Services: Access to rating information for a company, assigned to them by an Administrator User to whom they are attached.
Description: The User company only accesses rating information for a company, assigned to them by an Administrator User.
Status: Administrator User account
Services: Access to rating information for companies associated with an account, and to Users with access.
Description: The Administrator User account can, among other things:
Status: Administrator User company
Services: Access to rating information for a company, and to Users with access.
Description: The Administrator User company can, among other things:
Article 6 - Services Associated with Statuses
The Security Rating Platform® notably includes the services described at https://www.boardofcyber.io/servicedescription
New services may be added by Board of Cyber to the Security Rating Platform®, if applicable, subject to a modification of the Financial Terms. The use of any additional service not listed above will be subject to these TOS.
The Service is provided on a best-effort basis and without a guarantee of detecting vulnerabilities or weaknesses in the Client's information system or external surface. The Client is cautioned about these limitations.
The Service is provided "as is" and without any warranty of any kind, express or implied (including any warranty of ownership, non-infringement, merchantability, or fitness for a particular purpose).
Board of Cyber also does not guarantee uninterrupted and error-free operation of the Service, compatibility with the Client's computer system, correction of all defects or anomalies, or prevention against unauthorized access to the Service.
Article 7 – Service Connection Terms
The User's Login Credentials necessary for accessing a Personal Account are provided by Board of Cyber during the creation of a Personal Account.
Upon the first connection, the User must set the password by clicking on the "forgot password" link. The User then defines a password, which they undertake not to communicate in any way to any third party.
The User's Login Credentials are strictly personal and may not, under any circumstances, be communicated or exploited by a third party, under penalty of the Personal Account being suspended and/or deleted by Board of Cyber.
In case of loss or theft of their Login Credentials by a third party, the User undertakes to inform Board of Cyber immediately, Board of Cyber's partner by sending an email to the following address: [email protected].
The User can log out of their Personal Account by clicking on: "log out".
Article 8 – User's Commitment
In exchange for the benefit of the Security Rating Platform®, the User agrees to: (i) always respect the image of the Security Rating Platform®, the Services, and Board of Cyber; (ii) respect the characteristics and constraints, including technical ones, of all the Services; (iii) collaborate with Board of Cyber and/or its partner Board of Cyber by providing all necessary information for the proper execution of the Services.
Any breach of the provisions of these TOU may result in the suspension and/or deletion of the User's Account.
The Client acknowledges that the Services contain valuable trade secrets and Confidential Information of Board of Cyber, the unauthorized disclosure of which would cause immediate and irreparable harm to Board of Cyber. Therefore, maintaining the confidentiality of this information is an essential condition of these TOU.
Board of Cyber may use all information collected by the Security Rating Platform® and any other information collected in the course of relations with the Client, in order to, without limitation: (i) improve and/or modify the Service; (ii) develop new services.
CHAPTER IV - PERSONAL DATA
Article 9 – Data Controller
In the context of the use of the Security Rating Platform®, Board of Cyber is a Joint Data Controller (as defined in the GDPR).
Article 10 – Purpose, Legal Basis, and Processed Data
The Personal Data of Users collected in the context of creating an Account on the Security Rating Platform® includes the following:
The Personal Data of Users collected in the use of the Platform includes the following:
The Personal Data is processed for the following purposes:
to enable user management and access to the platform.
The processing carried out by Board of Cyber is based on the legal basis of the execution of the service contract, the conditions of which are detailed in these TOU.
Board of Cyber does not subcontract.
Article 11 – Hosting
The Security Rating Platform® and Personal Data are hosted in France by Microsoft Azure. Its backups are located in France.
The User is informed that the Personal Data communicated to Board of Cyber is treated confidentially and securely and is necessary for Board of Cyber to provide the Services.
Article 12 – Retention Period
The data of users with access to the platform are deleted at the end of the contractual service. Connection logs are deleted every 3 months.
Article 13 – Exercise of Rights
Each User can request from the Data Controller access to their Personal Data and, where applicable, exercise their rights of rectification, erasure, restriction of processing, as well as objection to processing and portability.
The User can exercise these rights at any time by mail addressed to Board of Cyber at the postal address "Board of Cyber Crisco Duo Building 7 Avenue de la Cristallerie 92310 Sèvres" or by email to the following email address: [email protected].
Board of Cyber will do its best to respond to the User's request as quickly as possible.
If you are not satisfied with the response provided, you can file a complaint with the CNIL: complaints.
CHAPTER V - INTELLECTUAL PROPERTY AND USE OF THE PLATFORM
Article 14 – Intellectual Property
All elements published on the Security Rating Platform®, such as sounds, images, photographs, videos, writings, animations, programs, graphic charter, utilities, databases, software, and other underlying technologies, are protected by the provisions of the Intellectual Property Code and belong to Board of Cyber or third parties or partners whose offerings are presented on the Security Rating Platform®.
Any distinctive sign on the Security Rating Platform®, including trade names, trademarks, and logos, is a registered trademark of Board of Cyber or third parties or partners whose offerings are presented on the Security Rating Platform®.
Any total or partial reproduction, modification, or use of these trade names, trademarks, logos, photographs, images, sounds, videos, writings, animations, programs, graphic charters, utilities, databases, software, or other underlying technologies, for any reason and on any medium whatsoever, without the express and prior consent of Board of Cyber or the concerned third parties, is strictly prohibited and would constitute an infringement punishable by the Intellectual Property Code. The User agrees to use the content of the Security Rating Platform® strictly for private purposes. Commercial use of the Security Rating Platform® is strictly prohibited. The User requests prior authorization from Board of Cyber for any reproduction, publication, or copy of the various contents of the Security Rating Platform®.
Article 15 – Use of the Platform by the Client
The Client is authorized to use the Security Rating Platform® only for the Scope of Use described in the Financial Terms. This right of use is granted exclusively to the Client and is not transferable, except with the prior written consent of Board of Cyber.
The Client undertakes to: (i) respect the Scope of Use; (ii) pay all amounts due under these TOS; (iii) not conduct comparative evaluations of the Services, benchmarking, or other comparative analyses intended to be published outside the Client's organization without the prior written consent of Board of Cyber; (iv) not use the Services to create a competing product or service or to copy its features or user interface; (v) not use the Services in violation of the intellectual property rights of third parties or in violation of a confidentiality obligation.
CHAPTER VI - LIABILITY AND WARRANTIES
Hyperlinks to partner sites or third-party sites may be provided to the User on the Security Rating Platform®. As Board of Cyber cannot control these sites, Board of Cyber disclaims all responsibility for the information contained on these sites. Board of Cyber cannot be held liable or implicated, particularly regarding modifications or updates to these sites or any malfunction thereof. Board of Cyber cannot, under any circumstances, be held responsible for direct or indirect damages related to browsing or downloading from hyperlinks published on the Security Rating Platform®.
The use of the Security Rating Platform® implies the User's knowledge and acceptance of the characteristics and limitations of the Internet and related technologies. Board of Cyber cannot be held responsible for any damage resulting from a connection to the Security Rating Platform® that the User undertakes at their sole responsibility.
Moreover, Board of Cyber disclaims all liability, especially in the event of misuse or incidents related to the use of the Service, internet access, server maintenance, technical malfunctions, phone line, or any other technical connection, claims, or other requests sent by the User to Board of Cyber at an incorrect or incomplete address, any computer errors, or defects found on the Security Rating Platform®.
Lastly, Board of Cyber strives to provide accurate and up-to-date information on the Security Rating Platform®. However, Board of Cyber cannot be held responsible for any inaccuracies or omissions on the Security Rating Platform®.
In any other case, Board of Cyber's liability is limited to the total amount of licenses paid or due by the Client for the twelve months preceding the event generating such liability.
Board of Cyber will not be liable for indirect damages suffered by the Client or Users, the companies of their Group, their executives, clients, and subcontractors. The following damages are expressly excluded: (i) loss of revenue, profit, or turnover; (ii) loss of opportunity; (iii) damages related to the Client's image or reputation; (iv) data loss; (v) losses related to intrusions into the Client's network, except in the case of gross or willful misconduct by Board of Cyber.
No limitation applies to: (i) direct bodily harm; (ii) fraud; (iii) cases where applicable law prohibits limitations.
The Client guarantees Board of Cyber against any claims, complaints, actions, and/or claims that Board of Cyber may suffer due to the User's violation of any of its obligations or warranties to third parties or under these TOS. The Client undertakes to indemnify Board of Cyber for any damage it may suffer in this regard and to pay all expenses, charges, and/or convictions that it may have to bear as a result.
Board of Cyber reserves the right to conduct an audit of the Client's actual use of the Security Rating Platform® at any time. In the event that Board of Cyber finds that the actual use of the Security Rating Platform® exceeds the Scope of Use, the Client undertakes to immediately pay the fees corresponding to the additional use.
Regarding the import and use of the Services and any related media and Confidential Information of Board of Cyber, each party undertakes to comply with all applicable regulations at any time concerning software exports and applicable services in France, the European Union, and those issued by the U.S. Department of Commerce to the extent that they may have extraterritorial application.
The Client undertakes to prevent, to the extent it is incumbent upon it, the Services, media, and confidential information of Board of Cyber from being exported, imported, or used in violation of applicable law.
Subject to the conditions below, Board of Cyber agrees to defend the Client against any third-party claim brought against the Client in the European Union on the grounds that the Services, as sold and delivered to the Client under these TOS (the "Indemnified Services"), directly infringe the enforceable intellectual property rights of a third party (a "Claim").
Board of Cyber agrees to pay damages (excluding attorney's fees) to which the Client may have been sentenced by a final court decision or under a settlement agreement approved by Board of Cyber.
Board of Cyber may, at its sole discretion and at its expense: (i) obtain sufficient rights to allow the Client to continue to use and operate the Indemnified Services in accordance with the terms of these TOS; (ii) replace or modify the Indemnified Services to avoid the above-mentioned infringement; or (iii) if the above options are not reasonably feasible, terminate the Client's rights to use the Indemnified Services and refund all prepaid amounts received by Board of Cyber for the terminated Services.
Board of Cyber will have no obligation or liability to the Client for any Claim arising out of or related to: (i) the modification or adaptation of the Indemnified Services; (ii) the use of the Indemnified Services in combination with any other product, service, or device, to the extent the Claim would have been avoided if the Indemnified Services had been used without such other product, service, or device; (iii) the use or exploitation of the Indemnified Services contrary to Board of Cyber's instructions described in the TOS or in the media.
Board of Cyber's obligations are subject to the following conditions:
(a) the Client must send Board of Cyber a written notification of the Claim within five (5) business days after the Client becomes aware of the Claim or should reasonably have become aware of it;
(b) the Client must allow Board of Cyber to have exclusive control of the Claim once it has sent the written notification of the Claim to Board of Cyber;
(c) the Client must provide reasonable assistance, cooperation, and information required for the defense and/or amicable settlement of the Claim, including allowing Board of Cyber access to the Client's documents and personnel.
The Client may, at its own expense, participate in the Claim, provided that Board of Cyber retains exclusive control of the defense and/or amicable settlement.
In the event of the Client's failure to comply with the conditions defined above, Board of Cyber will no longer be bound by its obligations under these TOS to the extent that the Client's actions or omissions have: (i) prejudiced the defense of the Claim; (ii) increased the financial liability of the Client or Board of Cyber.
Each party may terminate these TOS automatically following a notice sent by registered letter with acknowledgment of receipt (or equivalent means allowing for a certain date and proof of effective receipt by the other party) to the other party in the event of: (i) a material breach by the other party, at the fault of the defaulting party, if the defaulting party has not remedied it within thirty (30) calendar days from the date of receipt of the notice; (ii) repeated breaches by the defaulting party which, taken together, would constitute a material breach; (iii) if the circumstances defined as Force Majeure persist beyond ninety (90) calendar days.
The TOS may be terminated immediately by Board of Cyber in the event of a breach by the Client of the provisions regarding Intellectual Property.
Each party undertakes to protect the confidentiality of Confidential Information disclosed by the other party, except as permitted by these TOS.
Each party undertakes not to copy or disclose the Confidential Information (in whole or in part) to a third party, nor allow a third party to access it, in each case without the prior written consent of the other party.
Each party must promptly comply with all reasonable instructions given by the other party regarding the use of all or part of the Confidential Information of the disclosing party.
Each party is authorized to disclose the Confidential Information of the other party to members of its Group, its staff, its agents, its subcontractors, its Partners, and its representatives who need to know them to manage, provide, or receive the Services, or to perform its obligations or enforce its rights under these TOS, provided that the party in possession of the Confidential Information of the other party:
(a) informs the person or entity of the confidential nature of the Confidential Information; and
(b) ensures that the receiving person or entity is obligated to keep the Confidential Information under an obligation of confidentiality.
Each party has the right to disclose the terms of these TOS and the Confidential Information of the other party to an audit firm, its legal advisors, or other professional advisors (including insurance brokers and financial advisors), any regulator, or any entity of its Group based on the need to know, without the prior written consent of (or notification to) the other party.
CHAPTER VII - AMENDMENTS AND TERMINATION
Board of Cyber reserves the right to modify these Terms of Service (TOS) at any time. It is recommended that the User regularly reviews the TOS.
The nullity of all or part of any provision of the TOS shall not affect the validity of the other provisions.
The use of the Security Rating® Platform and the TOS are subject to French law and are drafted in the French language. Although these TOS are translated into several languages, only the French text shall prevail in case of a dispute.
Any dispute arising from the interpretation or execution of these TOS shall be under the exclusive jurisdiction of the competent courts of Nanterre, notwithstanding any potential plurality of defendants or third-party proceedings.
For any questions regarding these TOS, the User can contact Board of Cyber at the following address: [email protected].
These TOS are deemed accepted by the Client at the earliest of: (i) the use of the Security Rating® Platform; (ii) sending to Board of Cyber a copy of these TOS duly signed by the Client; or (iii) the signing of an order form with the Partner or Board of Cyber that references the TOS.
Terms and conditions of use of the Security Rating® platform
