KASPERSKY SECURITY FOR MICROSOFT OFFICE 365 AGREEMENT
This agreement (“Agreement”) contains the terms and conditions that govern your access to and use of the Kaspersky Security for Microsoft Office 365 (“Product”) and is an agreement between AO Kaspersky Lab ("Kaspersky Lab" or “Kaspersky”) and you (“User” or “You”), as the organization have authorized the natural person accepting this Agreement to enter into this Agreement for and on behalf of You. This Agreement takes effect when you click the “I Accept” button or check the box indicating Your agreement to these terms.
If there is a separate agreement entered into between Kaspersky Lab and the You, or between You and the corresponding authorized partner of Kaspersky Lab (“Partner”), to the extent the separate agreement (“Separate Agreement”) between Kaspersky Lab or Partner and the You conflicts with any provisions of this Agreement, such Separate Agreement shall prevail.
SECTION A: GENERAL TERMS
Overview of the Product
Kaspersky Security for Microsoft Office 365 is a software solution designed for protection of Exchange Online mailboxes, OneDrive files and SharePoint sites managed through Office 365. Exchange Online email messages are scanned for viruses, Trojans, and other types of malware that can be transmitted via email, as well as spam and phishing. OneDrive files and files stored on SharePoint sites are scanned for viruses, Trojans, and other types of malware.
Kaspersky Security for Microsoft Office 365 can perform the following operations:
scan Exchange Online email messages in user mailboxes for malware;
filter unsolicited mail (spam) from user Exchange Online mailboxes;
scan Exchange Online email messages for phishing and malicious links;
filter attachments in Exchange Online email messages;
scan OneDrive files and files stored on SharePoint sites for malware;
move Exchange Online messages, OneDrive files, and files stored on SharePoint sites to backup to prevent infection;
provide the common view for items located in Kaspersky Security backup and Exchange Online quarantine, thus allowing the Administrator to review all the security violations and, if necessary, to locate and release selected items;
notify about Exchange Online messages that contain malicious objects, filtered attachments and/or phishing;
notify about OneDrive files and files stored on SharePoint sites that contain malicious objects;
display statistics and generate reports on Product activity.
Kaspersky Security for Microsoft Office 365 is deployed in the Kaspersky Lab infrastructure.
The functionality of the Kaspersky Security for Microsoft Office 365 is provided in the online help (“Online Help”).
Grant and Limitations of License
License. Kaspersky Lab grants the User a non-exclusive, non-transferable limited license to access and use the Product in accordance with this Agreement and solely for the User’s internal business purposes. User must comply with all technical requirements provided in the Online Help. Additional conditions and restrictions on use of the Product shall be specified in the applicable License Certificate (as defined below) and/or in the Separate Agreement.
License Certificate. License Certificate is the separate file generated by Kaspersky Lab upon execution of an order by the User. License Certificate contains the main information with a description of the license to Product(s).
Access to Product. Product is provided by means of granting to User access to the web-based portal at cloud.kaspersky.com (“Portal”). User will identify the username and password that are used for access to User’s account on Portal. User will not share its username or password with any third party and will be responsible and liable for the acts or omissions of any person who accesses Product using passwords or access procedures provided to User. Kaspersky Lab reserves the right to refuse registration of or to suspend or cancel, login IDs used by User to access the Product for any reason, including if User violates the terms and conditions set forth in this Agreement.
Kaspersky Lab reserves the right at any time to change the Product and/or its components including but not limited to Online Help.
With the exception of the DPA (as defined in the section “DATA PROCESSING AND PRIVACY TERMS”), Kaspersky Lab reserves the right at any time to modify this Agreement and to impose new or additional terms or conditions on the use of the Product. Such modifications will be effective immediately when incorporated into the Agreement. Continued use of the Product by You will be deemed acceptance thereof.
User must comply with, and may not work around, any technical limitations in the Product as specified in the Online Help.
User must comply with all laws and regulations applicable to its use of the Product, including but not limited to all applicable laws related to privacy, personal data, data protection and confidentiality of communications. User is responsible for responding to any request from a third party regarding User’s use of the Product.
User shall not sell, rent, lease, or lend the Product to any third party or use the Product to create own products or services used for detection, blocking, or treating threats or any other purpose.
User may not remove or alter any copyright notices or other proprietary notices of the Product, related documentation or materials.
User may not probe, scan or test the vulnerability of the Product or Portal or any related system or networks, or violate any safety measures or verification checks used in connection with the Product and Portal and such systems and networks.
If the User violates any of its obligations hereunder or license limitations stipulated in this Agreement or other legally binding document entered into between User and Kaspersky Lab and/or Partner(s), Kaspersky Lab may revoke the license and disable use of the Product.
Term and Termination
Term. The initial expiration date of the license is specified in the License Certificate. User has the option to renew the license to the Product for one or more additional time period upon execution of an additional order of the Product. In that case User has the license to use the Product during the renewal term. This Agreement shall remain in effect for the entire term of the license (“License Term”).
Termination. In the event of material breach of this Agreement by User, Kaspersky Lab may immediately terminate this Agreement and the License to use Product by without written notice to User. For any other breach of this Agreement, Kaspersky Lab may provide User with fifteen (15) days written notice of such breach and if User does not cure the breach within the fifteen (15) day notice period, Kaspersky Lab may immediately terminate this Agreement. Upon any termination, User's right to use and access the Product shall be terminated.
Payment. License fees and all applicable taxes payable are due within the period specified in the invoice provided to User by Kaspersky Lab or Partner.
User may order a version of the Product for trial use. Upon Kaspersky Lab’s acceptance of the order, User may access and use the Product for evaluation purposes and non-production purposes only. User has thirty (30) days to use the Product as specified in this Clause. If Kaspersky Lab sets another duration for the applicable trial period, User will be informed prior to User providing credentials for access and use. Kaspersky Lab does not provide technical support during trial use of the Product.
During the License Term of this Agreement, Kaspersky Lab provides User with technical support service for the Product (except during trial use of the Product) in accordance with technical support rules. Technical support service and its rules are located at support.kaspersky.com
Kaspersky Lab may provide User with important information and notices about the Product electronically, including via email and the Portal. For such aims, Kaspersky Lab may use all necessary information about You, including information about User’s account on the Portal.
Limited Warranty and Disclaimer
Product may contain or show links to third-party websites or resources in relation to the Product. Kaspersky Lab provides these links for convenience only and is not responsible for the content, resources, or links to products or services that they provide. You accept sole responsibility and assume all risk when using third-party websites or resources.
Kaspersky Lab and/or Partners are not responsible for any delays in, failures of, and access denial to the Products which may be caused by Your Internet or mobile service provider.
EXCEPT FOR KASPERSKY LAB OBLIGATIONS STATED HEREBY THE PRODUCT IS PROVIDED "AS IS" AND KASPERSKY LAB MAKES NO REPRESENTATION AND GIVES NO WARRANTY AS TO ITS USE OR PERFORMANCE. EXCEPT FOR ANY WARRANTY, CONDITION, REPRESENTATION OR TERM THE EXTENT TO WHICH CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW. KASPERSKY LAB AND ITS PARTNERS MAKE NO WARRANTY, CONDITION, REPRESENTATION, OR TERM (EXPRESSED OR IMPLIED, WHETHER BY STATUTE, COMMON LAW, CUSTOM, USAGE OR OTHERWISE) AS TO ANY MATTER INCLUDING, WITHOUT LIMITATION, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, MERCHANTABILITY, SATISFACTORY QUALITY, INTEGRATION, OR APPLICABILITY FOR A PARTICULAR PURPOSE. USER ASSUMES ALL RESPONSIBILITY, AND THE ENTIRE RISK AS TO PERFORMANCE AND RESPONSIBILITY FOR SELECTING THE PRODUCT TO ACHIEVE USER INTENDED RESULTS, AND FOR THE INSTALLATION OF, USE OF, AND RESULTS OBTAINED FROM THE PRODUCT. WITHOUT LIMITING THE FOREGOING PROVISIONS, KASPERSKY LAB MAKES NO REPRESENTATION AND GIVES NO WARRANTY THAT THE PRODUCT WILL BE ERROR-FREE OR FREE FROM INTERRUPTIONS OR OTHER FAILURES OR THAT THE PRODUCT WILL MEET ANY OR ALL OF USER REQUIREMENTS WHETHER OR NOT DISCLOSED TO KASPERSKY LAB.
Exclusion and Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL KASPERSKY LAB BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR LOSS OF PRIVACY, FOR CORRUPTION, DAMAGE AND LOSS OF DATA OR PROGRAMS, FOR FAILURE TO MEET ANY DUTY INCLUDING ANY STATUTORY DUTY, DUTY OF GOOD FAITH OR DUTY OF REASONABLE CARE, FOR NEGLIGENCE, FOR ECONOMIC LOSS, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE PRODUCT, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER PRODUCTS, INFORMATON, SERVICE AND RELATED CONTENT THROUGH THE PRODUCT OR OTHERWISE ARISING OUT OF THE USE OF THE PRODUCT, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS AGREEMENT, OR ARISING OUT OF ANY BREACH OF CONTRACT OR ANY TORT (INCLUDING NEGLIGENCE, MISREPRESENTATION, ANY STRICT LIABILITY OBLIGATION OR DUTY), OR ANY BREACH OF STATUTORY DUTY, OR ANY BREACH OF WARRANTY OF KASPERSKY LAB, EVEN IF KASPERSKY LAB HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Intellectual Property Ownership
You agree that the Product and the authorship, systems, ideas, methods of operation, documentation and other information contained in the Product are proprietary intellectual property and/or the valuable trade secrets of the Kaspersky Lab or its Partners and that the Kaspersky Lab and its Partners, as applicable, are protected by civil and criminal law, and by the law of copyright, trade secret, trademark and patents of the Russian Federation, European Union and the United States, as well as other countries and international treaties. This Agreement does not grant You any rights to the intellectual property, including any Trademarks or Service Marks of the Kaspersky Lab and/or its Partners ("Trademarks"). You may use the Trademarks only insofar as to identify printed output produced by the Product in accordance with accepted trademark practice, including identification of the Trademark owner’s name. Such use of any Trademark does not give you any rights of ownership in that Trademark. The Kaspersky Lab and/or its Partners own and retain all right, title, and interest in and to the Product, including without limitation any error corrections, enhancements, updates or other modifications to the Product, whether made by the Kaspersky Lab or any third party, and all copyrights, patents, trade secret rights, trademarks, and other intellectual property rights therein. Your possession, installation or use of the Product does not transfer to you any title to the intellectual property in the Processor, and you will not acquire any rights to the Product except as expressly set forth in this Agreement. All copies of the Product made hereunder must contain the same proprietary notices that appear on and in the Product. Except as stated herein, this Agreement does not grant You any intellectual property rights in the Product and you acknowledge that the license, as further defined herein, granted under this Agreement only provides You with a right of limited use under the terms and conditions of this Agreement. Kaspersky Lab reserves all rights not expressly granted to you in this Agreement.
Violation of the intellectual rights to the Product shall result in civil, administrative or criminal liability in accordance with the law.
Except as provided in Clauses 12.2 and 12.3 below, this Agreement shall be governed by and construed in accordance the laws specified below for the country or territory in which You obtained the License Certificate, without reference to or application of conflicts of laws principles:
Russia. If you obtained the License Certificate in Russia, the laws of the Russian Federation.
United States, Puerto Rico, American Samoa, Guam, and U.S. Virgin Islands. If you obtained the License Certificate in the United States, Puerto Rico, American Samoa, Guam or the U.S. Virgin Islands, the laws of the Commonwealth of Massachusetts, USA, provided, however, that the laws of the U.S. state where you live will govern claims under state consumer protection, unfair competition, or similar laws. To the fullest extent permitted by law, the Kaspersky Lab and you expressly agree hereby to waive any right to a trial by jury.
Canada. If you obtained the License Certificate in Canada, the laws of the Province of Ontario.
Mexico. If you obtained the License Certificate in Mexico, the federal laws of the Republic of Mexico.
European Union (EU). If you obtained the License Certificate in a member country of the EU, the laws of Germany.
Australia. If you obtained the License Certificate in Australia, the laws of the State or Territory in which you obtained the license.
Hong Kong Special Administrative Region (SAR) and Macau SAR. If you obtained the License Certificate in Hong Kong SAR or Macau SAR, the laws of Hong Kong SAR.
Taiwan. If you obtained the License Certificate in Taiwan, the laws of Taiwan.
Japan. If you obtained the License Certificate in Japan, the laws of Japan.
Any Other Country or Territory. If you choose to obtain the License Certificate in another country, the substantive laws of the country where the purchase took place will be in effect.
Notwithstanding the foregoing, if the mandatory laws or public policy of any country or territory in which this Agreement is enforced or construed prohibit the application of the law specified herein, then the laws of such country or territory shall instead apply to the extent required by such mandatory laws or public policy. Similarly, if you are an individual consumer, the provisions of clause 12.1 shall not affect any mandatory right you may have to take action in your country of residence under the laws of that country.
This Agreement shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded.
User is responsible for contacting only the Kaspersky Lab or their Partners directly if having any problems with the product.
Period for Bringing Actions
No action, regardless of form, arising out of the transactions under this Agreement may be brought by either party hereto more than one (1) year after the cause of action has occurred, or was discovered to have occurred, except that an action for infringement of intellectual property rights may be brought within the maximum applicable statutory period.
Entire Agreement; Severability; No Waiver
If any provision of this Agreement is found by a court of competent jurisdiction to be invalid, void, or unenforceable for any reason, in whole or in part, such provision will be more narrowly construed so that it becomes legal and enforceable, and the entire Agreement will not fail on account thereof and the balance of the Agreement will continue in full force and effect to the maximum extent permitted by law or equity while preserving, to the fullest extent possible, its original intent. No waiver of any provision or condition herein shall be valid unless in writing and signed by you and an authorized representative of Kaspersky Lab provided that no waiver of any breach of any provisions of this Agreement will constitute a waiver of any prior, concurrent or subsequent breach. Kaspersky Lab’s failure to insist upon or enforce strict performance of any provision of this Agreement or any right shall not be construed as a waiver of any such provision or right.
SECTION B: DATA PROCESSING AND PRIVACY TERMS
Data Processing on behalf of the User
Product is used by the User to protect Exchange Online mailboxes, OneDrive files and SharePoint sites under the control of the User, during which the User collects, stores, and processes data, which may include personal data (“User Data”).
User Data, including Personal Data as so defined under the EU General Data Protection Regulation 2016/679 (“GDPR”), provided to Kaspersky Lab on User’s behalf, if any, and the processing thereof, shall be governed under the terms and conditions set forth in the Kaspersky Security for Microsoft Office 365 Data Processing Agreement (“DPA”). Kaspersky Lab shall provide prior notification to the User upon any material change to the DPA.
The DPA is an integral part of this Agreement. Unless otherwise explicitly agreed in writing between the User and Kaspersky Lab and/or Partner, it is agreed and acknowledged that the User is the Controller and Kaspersky Lab is the Processor (as defined under the GDPR and the DPA), in particular with respect to any Personal Data included in the User Data. The list of data and purposes of processing data are specified in the DPA.
User will have the ability to access User Data stored in the Product in the Kaspersky Lab infrastructure and systems. Kaspersky Lab will retain User Data in the User account in restricted mode for the duration specified in the Online Help following the expiration or termination of User license so that User may extract the User Data. Upon conclusion of the retention period, Kaspersky Lab will delete the User Data. Kaspersky Lab has no liability for the deletion of User Data as described in this Clause.
User is solely responsible for acquainting itself with the Online Help, in particular, the DPA and the Section “Data Processing and Privacy Terms” of this Agreement. The User is solely responsible for independently determining whether the foregoing documents and documents referenced therein comply with the User’s requirements.
During use of the Product, the User is fully responsible for ensuring that the processing of Personal Data included in the User Data is lawful, particularly, within the meaning of Article 6 (1) (a) to (f) of GDPR (if the administrated computer or mobile device is in the European Union) or applicable laws on confidential information, personal data, data protection, or similar thereto.
User shall be fully liable in relation to Kaspersky Lab for any damage resulting from a breach of this Agreement, especially in relation to the Section “Data Processing and Privacy Terms”, or DPA.
User shall indemnify Kaspersky Lab in relation to third parties from any claim arising from the failure of the User to fulfill obligations under the Section “Data Processing and Privacy Terms” of this Agreement which third parties, especially data protection authorities, assert against Kaspersky Lab.
Data Processing for the Product
Purposes of Processing Data. During use of the Product, processing data is necessary to protect the User from known threats to information security, as described in the Online Help and to ensure uninterrupted performance of the Product. Such information may be considered personal according to applicable laws of certain countries. The Controller is Kaspersky Lab in relation to data described in the Subsection 2 “Data Processing for the Product.”
The following data will be processed by Kaspersky Lab on a regular basis to protect the User from known threats to information security:
IP address of the sender of the scanned message.
The checksums (MD5, SHA2-256, SHA1) of the scanned object.
Web address for which the reputation is being requested.
Top-level domain names used in web addresses in the scanned messages.
Checksum (MD5) of the names of files attached to the message.
The number of IP addresses (v4 and v6) in the message header and a flag indicating the address belonging to the local or external network.
Irreversible hash function of domain names in the header of the scanned message.
Message scan result and spam rating.
Checksum (MD5) of the scanned message sender's email address.
Web addresses from scanned messages with deleted passwords.
Checksums (MD5) of graphic objects included in the message.
Short text signatures composed of message text used for filtering known spam mailings and product decisions about them. (Only irreversible text digests that cannot be used to recover the original text are processed. The text itself is not transmitted to Kaspersky Lab.)
IP addresses of the message sender and intermediate mail servers, sender’s mail client version, message ID, information about the completion of message fields, the checksum (CRC32) of message fragments defined by markup language, sender domain names taken from the SMTP session and MIME-header, checksums (CRC23) of the sender name taken from the SMTP-session and MIME-header, checksums (CRC32) of the sender's name and domain taken from the SMTP session.
Lexical diversity coefficient: a measurable parameter of a set-length text showing vocabulary wealth. It is calculated as a ratio of the number of certain lemmas and the number of their appearance in the text.
Average sentence length.
Average word length.
Number of commas.
Number of semicolons.
Number of quotes.
Number of exclamation marks.
Number of question marks.
Number of line breaks.
Number of brackets.
Number of links.
Presence of certain words and the frequency of their usage.
Web address that was detected by the Anti-Phishing module as relevant to phishing.
Numerical identifiers of companies with well-known brands that are often used to add credibility to phishing messages and are detected in the scanned email message.
Numerical values of trust level and weight for phishing detection calculated by the Anti-Phishing module. Status of phishing detection with category of phishing determined by Anti-Phishing module.
Unique identifier, which indicates that web addresses were detected in the text of the same scanned email message.
The first IP address from the "Received" message headers that is not reserved for local networks.
The following data will be processed by Kaspersky Lab on a regular basis to ensure uninterrupted performance of the Product:
Scanned object size and type.
EWS object ID.
Anonymized mailbox name and anonymized primary SMTP address.
Name of Exchange Online organization.
Anonymized message sender.
Anonymized message recipients.
Message scan result.
IP address and anonymized email address of the administrator who has modified Product settings.
The list of settings that have been modified, without indicating the actual parameter values.
Kaspersky Security for Microsoft Office 365 organization ID, date of organization setup, IP-address of the computer used to set up the organization.
Number of detections with the following statuses assigned: Clean / Infected / Spam / Mass mail / Phishing /Attachment filtering.
Number of objects in Kaspersky Security for Microsoft Office 365 backup and Exchange Online quarantine.
Total number of mailboxes in the organization, number of mailboxes covered by the license, number of mailboxes selected for protection.
Anonymized display name of OneDrive user.
Anonymized display name of the user that modified the file on OneDrive.
Display name of the application or device that modified the file on OneDrive.
OneDrive file ID, name and path.
The checksum of the OneDrive file.
Date and time of OneDrive file creation or modification.
OneDrive file size.
OneDrive file scan result .
Total number of OneDrive users in the organization, number of OneDrive users covered by the license, number of OneDrive users selected for protection.
Total number and the list of all SharePoint sites in the organization, number, and list of SharePoint sites selected for protection, number of SharePoint sites covered by the license.
All SharePoint lists.
Anonymized display name of the user that uploaded or modified the file on the SharePoint site.
Display name of the application or device that modified the file stored on the SharePoint site.
The checksum of the file stored on the SharePoint site.
Creation or modification date and time of the file stored on the SharePoint site.
ID, name, and path to the file stored on the SharePoint site.
The list of versions of the file stored on the SharePoint site.
Size of the file stored on the SharePoint site.
Scan result of the file stored on the SharePoint site.
During use of the Product, the User is fully responsible for ensuring that the processing of personal data of data subjects is lawful, particularly, within the meaning of Article 6 (1) (a) to (f) of GDPR (if data subject is in the European Union) or applicable laws on confidential information, personal data, data protection, or similar thereto.
In case that the User wants to base the lawfulness of the processing on the consent of its data subjects, the User must ensure that the consent which meets all requirements of the applicable laws, especially where the data subject is in the European Union and Article 6 (1) (a) GDPR applies, was given by each data subject of the User prior to using the Product. The User guarantees that consent of each data subject of the User was obtained prior to the processing of Personal Data.
It is agreed between the Kaspersky Lab and User that, in case of item 2.4 of this Subsection, the User is responsible for proving the existence of effective consent to the processing of personal data, especially according to Article 7 (1) GDPR where data subject is in the European Union. The User guarantees that it is able to and will prove the existence of each data subject’s consent at any time upon request by the Kaspersky Lab within 5 business days starting with the request of the Kaspersky Lab.
The User shall be fully liable in relation to the Kaspersky Lab for any damage resulting from a breach of this Agreement, in particular the User’s failure to obtain effective consent of data subject, where applicable, and/or from a failure to obtain sufficient effective consent and/or from the lack of proof and/or belated proof of effective consent of data subject and/or from any other violation of an obligation under this Agreement.
The User shall indemnify the Kaspersky Lab in relation to third parties from the claims arising from the failure of User to fulfill obligations under Subsection 2 “Data Processing for the Product” which third parties, especially the supervisory data protection authorities, assert against the Kaspersky Lab.
Kaspersky Security for Microsoft Office 365 Agreement version 2.0
This version of the Agreement is effective as of December 03, 2019
The latest version of this Agreement is available at https://cloud.kaspersky.com/Home/LegalDocuments