End User Agreement
Last Update: Nov 10th, 2024
USER LICENCE POLICY
Welcome to BCG (“BCG”), the smarter way to stay cyber-safe and compliant with
recognised standards. A binding agreement between you (“You” or “Your”) and BCG shall come into force at the time you use the Website and/or purchase any of our products (“Products”). This agreement comprises these Terms, the terms and
conditions of any Relevant Intermediary (where applicable), and our Privacy Policy
(together, the “Agreement”).
1. Definitions
In these Terms, except where expressly stated otherwise, the following words and
expressions shall have the meanings given to them as follows:
Agent: a program developed together with leading cyber security professionals that can
be installed on a computer or mobile device and which can check and secure the
configuration of the computer or device;
Auto-Fix: refers to features which, after enabled by You, can change the configuration of
Your systems;
Customer: You, as an unregistered user of the Website or a registered user of one or
more Products with an account available through the Dashboard, including if that
access has been set up by an Intermediary on Your behalf. For the purposes of these
Terms, an Intermediary may also be a Customer;
BCG: BCG ltd., company number 09545218 whose registered address is at 71-75
Shelton Street, Covent Garden, London England, WC2H 9JQ;
Dataroom: the means by which Your individual Customer account details may be
viewed and registered users can manage their Business Package Products on the
Platform;
Data Protection Laws: means the EU GDPR and the UK GDPR and any other applicable
laws relating to the processing of Personal Data;
EU GDPR: means the General Data Protection Regulation (Regulation (EU) 2016/679)
and all other EU laws regulating the processing of Personal Data, as such laws may be updated, amended and superseded from time to time;
Fees: the fees payable by You (or a relevant Intermediary on Your behalf) to BCG for the
provision of a Cybersecurity Business Package in accordance with this Agreement. The details of any Fees will be available either (i) on Your Dataroom, where You have purchased directly from BCG or (ii) from Your Intermediary;
Intellectual Property Rights: patents, copyright and related rights, trade marks, trade names and domain names, goodwill and the right to sue for passing oc, rights in designs, database rights, rights to preserve the confidentiality of information and any other intellectual property rights, including all applications for, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist, now or in the future, in any part of the world;
Intermediary: any party authorised by BCG from whom You have acquired use of the Product where You have not acquired such (Cybersecurity Business Package) Product
directly from BCG;
Personal Data means any Personal Data (as defined in UK GDPR) that is processed by
BCG on Your behalf in relation to this Agreement. Your Personal Data excludes any
Personal Data with respect to which BCG is a controller (such as, but not limited to,
business contact information relating to any relevant Intermediary and Your personnel
and representatives used for the purposes of entering into and performing this
Agreement, communicating with a relevant Intermediary in connection with this
Agreement, reporting on use of the BCG Products and services and invoicing and
receiving payments of the Fees);
Platform: the platform used by BCG to deliver and for You to access (Cybersecurity
Business Package) Products;
Subscription Overview: the confirmation by BCG displayed in the Data Room of all
active Subscriptions placed by You or by Your Intermediary (if applicable) for the
provision of the Products;
Systems: any technology or computer infrastructure, software and hardware;
Terms: the terms and conditions set out in this End User Licence Agreement;
UK GDPR: means the EU GDPR as transposed into UK law (including by the Data
Protection Act 2018 and the Data Protection, Privacy and Electronic Communications
(Amendments etc) (EU Exit) Regulations 2019) and all other UK laws regulating the processing of Personal Data, as such laws may be updated, amended and superseded from time to time;
Website: the website at https://www.bigcybergroup.com and any of its sub-domains,
including any Customer relationship management tools.
2. Scope of these Terms
1. Your use of the Website and the Products is subject to Your acceptance of the
terms of this Agreement. If You disagree with any of the provisions of the
Agreement, You should stop using the Website and/or any Products.
2. This Agreement constitutes the entire agreement under which BCG’s Products
and the Website may be used. Any prior communication, warranty or statement
shall not apply to this Agreement.
3. Headings have been inserted for convenience and may not be used to interpret
the content of this Agreement.
4. By using the Website and Products as representative of a corporate entity, You
warrant that You are entitled to do so.
3. Use of Products and Website
1. BCGBCG’s Products, Website and all its contents are owned by and under
copyright of BCGBCG and/or third-party licensors. You may not reproduce any
written content, images or concepts without the prior written permission of BCG.
You may not (and shall not incite or cause others to):
• modify, disassemble, decompile or reverse-engineer the Products or
Website, except to the extent expressly permitted by law;
• resell, sublicense, distribute or otherwise transfer any materials from the
Products or Website to any third party;
• copy any of the Product or Website content;
• circumvent, disable or remove any Product or Website security features;
• interfere (or try to do so) with the proper working of the Website or any
activities conducted on it.
2. In case of Your breach of this provision, BCG shall have the right to immediately
terminate Your access to the Website and Products and, where appropriate,
claim damages, and or any appropriate relief for the damage and losses
sucered.
3. The Website and Products are provided on an “as is” and “as available” basis
without any representation or endorsement made and BCG makes no
warranties, whether express or implied, in relation to the Website or Products or
their use. You acknowledge that BCGBCG cannot be responsible for the security
or privacy of information transmitted to BCG and You must bear the risk
associated with the use of the internet.
4. Access to the Products
1. Products may be purchased directly from BCG, or indirectly through an
Intermediary. In each case, this Agreement shall apply. Where You have
contracted through an Intermediary, You may be required to enter into an
additional agreement with that Intermediary. If You purchase additional
Product(s) from time to time, these will be added to the scope of this Agreement.
Some of the products You may wish to purchase from a third party fall into the
category of regulated products, which must be purchased directly from the third-party providers. BCG does not sell, advertise, or endorse such products. Our role
is strictly limited to sourcing quotes from providers in the market and presenting
these quotes to You.The decision to proceed with any such product rests solely
with You. We strongly recommend conducting thorough due diligence and
seeking independent legal and financial advice before making any decisions.
2. You will be granted non-exclusive, non-transferable access to any Product which is shown in Your Subscription Overview displayed on Your Data Room. You are responsible at all times for the security of its access details and BCG will not be responsible for any loss or damage caused by any third-party access caused by Your failure to keep the same secure.
3. You will be liable for any and all loss, liability and/or damage to BCGBCG or third
parties through the use of Your Website account, Data Room, Products or other
relationship tools as applicable, including any unauthorised third-party access.
You are recommended to follow best practices, including the use of strong
passwords, change in case of a suspected security breach, and to enable multifactor
authentication at all times. In the case of a suspected security breach, You
must inform BCG in writing immediately.
4. It is Your responsibility to provide BCG or Your Intermediary at all times with
accurate contact information including, but not limited to, a valid e-mail
address. Changes in Your contact information must be registered through the
Data Room or by communicating with Your Intermediary or directly with BCG.
5. Use of the Products
1. BCGBCG hereby grants to You (or shall procure the same) a licence to use the
Products (and any IPR therein) in the course of Your business in accordance with
this Agreement. BCG represents and warrants that the only licence terms that
are required for the use of the Product by You are included in this Agreement
(including, without limitation, the Product-specific terms in Schedule 2). Other
obligations may exist as set out in agreements between Intermediaries and You
where Products have not been purchased directly from BCG.
2. In order for the Products to function comprehensively, You or Your Intermediary
must install Premium Business Cybersecurity Software on Your Systems so as to
provide 24/7 compliance monitoring. You or Your Intermediary agree to Premium
Business Cybersecurity Software being installed on Your Systems, and You and
Your Intermediary will not hold BCG, its ocicers or employees liable for any
damage, loss or inconvenience caused by any such Agents.
3. BCG provides Auto-Fix solutions, which help You to implement standards more
eciciently. The Customer accepts that Auto-Fixes are applied at Your or (where
applicable) Your Intermediary’s discretion and risk. BCG it will not be held liable
for any damage incurred by You using such a function.
4. In ocering certain Products, BCG provides a non-exclusive, non-transferable
subscription to You to access certain materials through the Dashboard and Data
Room, including, without limitation, opinions and guidance. You acknowledge
that such opinions and guidance are not legally binding and BCG will not be held
liable for any damage or inconvenience resulting from You following such
opinions or guidance provided. You should always discuss any changes in Your IT
infrastructure with a professional familiar with Your Systems.
5. All information entered by You or Your Intermediary (where applicable) onto Your
account on the Dashboard or Data Room in the Product in the course of using
the Products is treated by BCG as confidential. You acknowledge that BCG, as
well as any Intermediary has the right to access, monitor and modify Your
account (including Your Dashboard) for the purpose of providing access to use
the Products.
6. BCG may make commercially reasonable changes to the Products from time to
time. If CyberSmart makes a material change to the Products, BCG or Your
Intermediary will notify You, by giving not less than 30 day’s prior notice. If You
notify BCG that You do not agree with such material change, then You will remain
governed by the Agreement in ecect immediately prior to the change until the
end of any then-current subscription terms, except where such change is
required by applicable law.
7. Individual Products may have specific requirements for their operation, details of
which can be accessed through the Dashboard or via additional instructions or
obligations from BCG or Your Intermediary and it is Your or Your Intermediary’s
responsibility to be familiar with these. You or Your Intermediary shall be liable
for any failure to meet any stated time limits, and You may as a result be required
to re-purchase Products where such limits apply.
8. You or Your Intermediary may also be required to take certain actions as a result
of a third-party audit which is an integral part of the relevant Product. A failure to
correct defects identified by any such third-party audit may require You to repurchase
a Product or pay additional fees (as identified in the relevant Product).
6. Fees
1. You shall pay or be responsible for procurement of the payment of the Fees by
Your Intermediary to BCG for continued use of the Products.
2. Fees may be reviewed by BCG at the time of renewal at BCG’s discretion. All
Fees payable under this Agreement are exclusive of VAT or any relevant local
sales taxes, for which You shall be responsible.
3. Where You have purchased a Product directly from BCG, we shall provide You
with a minimum of 30 calendar days’ notice of any change in the Fees. Where
You have purchased through an Intermediary, You will be informed of any fee
changes by them.
4. If You or an Intermediary fail to make any payment due to BCG under this
Agreement by the due date for payment, then, without limiting BCG’s remedies
under Clause 8:
• BCG may require You (or Your Intermediary) to pay interest on any overdue
amount at the rate of 4% per annum above HSBC’s base rate from time to
time. Such interest shall accrue daily from the due date until actual
payment of the overdue amount, whether before or after judgment. You
(or Your Intermediary) shall pay the interest together with the overdue
amount, including the full costs of enforcement of any debt owed
pursuant to the terms of this Agreement; and
• BCG reserves the rights to cancel Your access to the Platform and/or
Products after a thirty-day (30) notice day period.
7. Personal Data
1. Any data provided by You whilst using or accessing the Products, the Dashboard
and the Agents remain Your sole property. As a necessary part of providing the
Website, Dashboard, Data Room and Products, BCG stores and processes Your
Personal Data. The terms of the Privacy Policy apply to all processing of Personal
data under the Agreement.
2. In the event of any loss or damage to Your data (whether or not Personal Data),
Your sole and exclusive remedy against BCG shall be for BCG to use reasonable
commercial endeavours to restore the lost or damaged data from the latest
back-up maintained by BCG in accordance with its archiving procedure. BCG
shall not be responsible for any loss, destruction, alteration or disclosure of data
caused by any third party (except those third parties sub-contracted by BCG to
perform services related to data maintenance and back-up).
3. All parties agree to comply at all times with applicable Data Protection Laws.
4. Each party (the “Controller” as applicable) shall only supply to the other (the
“Processor” as applicable) and such Processor shall only process, in each case
under or in relation to this Agreement the Personal Data of data subjects falling
within the categories specified in Schedule 1 (Data processing information) (or
such other categories as may be agreed by the parties in writing).
5. The Processor shall only process the Personal Data of the Controller:
• during the term of this Agreement and for not more than 1 year following
the end thereof, subject to the other provisions of this Clause 7, unless
there is a valid business need (including, in the case of BCG, any
regulatory requirement);
• on the documented instructions of the Controller (including with regard to
transfers of Personal Data to a third country under the Data Protection
Laws), as set out in this Agreement or any other document agreed by the
parties in writing; and/or
• by way of transfer to a country, a territory or sector to the extent that the
competent data protection authorities have decided that the country,
territory or sector ensures an adequate level of protection for Personal
Data or appropriate documents are entered into for the purpose.
6. The Processor shall promptly inform the Controller if, in the reasonable opinion
of the Processor, an instruction of the Controller relating to the processing of
Personal Data infringes the Data Protection Laws.
7. Notwithstanding any other provision of this Agreement, a Processor may process
Personal Data if and to the extent that it is reasonably believes that it is required
to do so by applicable law. In such a case, the Processor shall inform the
Controller of the legal requirement before processing, unless that law prohibits
such information on important grounds of public interest.
8. The Processor shall ensure that persons authorised to process Personal Data
have committed themselves to confidentiality or are under an appropriate
statutory obligation of confidentiality.
9. Each party shall implement appropriate technical and organisational measures
to ensure an appropriate level of security for Personal Data.
10. No Processor may engage any third party to process Personal Data without the
prior specific or general written authorisation of the Controller. In the case of a
general written authorisation, the Processor shall inform the Controller at least
14 days in advance of any intended changes concerning the addition or
replacement of any third-party processor, and if the Controller reasonably
objects to any such changes before their implementation, then the Processor
must not implement the changes. Each Processor shall ensure that each third
party sub-processor is subject to equivalent legal obligations as those imposed
on the Processor by this Clause 7.
11. The Processor assist the Controller in ensuring compliance with the obligations
relating to the security of processing of personal data, the notification of
personal data breaches to the supervisory authority, the communication of
personal data breaches to the data subject, data protection impact assessments
and prior consultation in relation to high-risk processing under the Data
Protection Laws. A Processor shall notify the Controller of any breach acecting
Personal Data without undue delay and, in any case, not later than 48 hours
after the Processor becomes aware of the breach.
12. The Processor shall make available to the Controller all information necessary to
demonstrate compliance with its obligations under this Clause 7 and applicable
Data Protection Laws.
13. At the termination or expiry of this Agreement, each party shall, at the choice of
the Controller, delete or return all Personal Data to the Controller after the
provision of services relating to the processing, and shall delete existing copies
save to the extent that applicable law requires storage of the relevant Personal
Data.
14. Each party shall allow for and contribute to audits, including inspections,
conducted by the Controller or another auditor mandated by the Controller in
respect of the compliance of the processing of Personal Data with the Data
Protection Laws and this Clause 7.
8. Termination
1. You may, at any time without cause terminate this Agreement. You (or Your
Intermediary) must notify BCG directly in writing at least 30 days’ notice before
the end of a Subscription period, failing which the Subscription will
automatically renew.
2. If this Agreement terminates pursuant to Clause 8.1, where You have achieved
any certification or certifications and have paid any Fees:
• annually in advance, You shall not be entitled to any refund of monies
paid to BCG; or
• by monthly subscription(s), You shall remain liable on termination for a
sum of the dicerence between Your current fees paid and the full value of
Your subscription, with the calculation date to start from the date upon
which the subscription started. Such fees will be liable per subscription
terminated.
3. Without acecting any other right or remedy available to it, BCG may terminate
this Agreement with immediate ecect by giving written notice to You if You (or any
Intermediary on Your behalf) fail to pay any Fees due under this Agreement on
the due date for payment and remain in default for not less than 14 days after
being notified in writing to make such payment.
4. Without acecting any other right or remedy available to it, either party may
terminate this Agreement with immediate ecect by giving written notice to the
other party, if:
• the other party commits a material breach of any other term of this
Agreement, which breach is irremediable or (if such breach is
remediable) fails to remedy that breach within a period of 30 days after
being notified to do so;
• the other party suspends, or threatens to suspend, payment of its debts
or is unable to pay its debts as they fall due or admits inability to pay its
debts or is deemed unable to pay its debts within the meaning of section
123 of the Insolvency Act 1986;
• a petition is filed, a notice is given, a resolution is passed, or an order is
made, for or in connection with the winding up of that other party other
than for the sole purpose of a scheme for a solvent amalgamation of that
other party with one or more other companies or the solvent
reconstruction of that other party;
• an application is made to court, or an order is made, for the appointment
of an administrator, or if a notice of intention to appoint an administrator
is given or if an administrator is appointed, over the other party;
• the holder of a qualifying floating charge over the assets of that other
party has become entitled to appoint or has appointed an administrative
receiver;
• a person becomes entitled to appoint a receiver over the assets of the
other party or a receiver is appointed over the assets of the other party;
• a creditor or encumbrancer of the other party attaches or takes
possession of, or a distress, execution, sequestration or other such
process is levied or enforced on or sued against, the whole or any part of
the other party’s assets and such attachment or process is not
discharged within 30 days; or
• the other party suspends or ceases, or threatens to suspend or cease,
carrying on all or a substantial part of its business.
5. BCG may terminate this Agreement with immediate ecect on notice if You
undergo a change of control and Your new controlling shareholder is in BCG’s
reasonable opinion a direct competitor of BCG.
6. BCG may, in the event of a cyber or other security incident significantly acecting,
or in BCG's reasonable opinion, likely to significantly acect the provision of the
Products or harm customers, suspend access to the Products for such period as
BCG considers reasonably necessary for the incident to be contained.
7. Any provision of this Agreement that expressly or by implication is intended to
come into or continue in force on or after termination or expiry of this Agreement
shall remain in full force and ecect.
8. Termination or expiry of this Agreement shall not acect any rights, remedies,
obligations or liabilities of the parties that have accrued up to the date of
termination or expiry, including the right to claim damages in respect of any
breach of the agreement which existed at or before the date of termination or
expiry.
9. On termination for any reason, all rights granted to You under this Agreement
shall cease.
9. Warranties and Liability
1. BCG undertakes to provide the Website, Platform and Products using reasonable
skill and care and in accordance with the SLA, however, it does not warrant that
access to and/or use of the Website, Platform and Products will be uninterrupted
or error-free. In particular, BCG is not responsible for any delays, delivery
failures, or any other loss or damage resulting from the transfer of data over
communications networks and facilities, including the internet, and You
acknowledge that the Website, Platform and Products may be subject to
limitations, delays and other problems inherent in the use of such
communications facilities. BCG may, at any time and at its own discretion,
temporarily or permanently discontinue its Products where necessary as a result
of any cause beyond BCG’s reasonable control including, without limitation,
mechanical, electronic or communications failure. Under such circumstances,
BCG shall not be liable for any damage, loss or inconvenience.
2. You (and Your Intermediary) accept responsibility for the selection of the
Products to achieve Your intended results and acknowledge that the Products
have not been developed to meet Your individual requirements.
3. All other conditions, warranties or other terms which might have ecect between
the parties or be implied or incorporated into this Agreement or any collateral
contract, whether by statute, common law or otherwise, are hereby excluded,
including the implied conditions, warranties or other terms as to satisfactory
quality, fitness for purpose or the use of reasonable skill and care.
4. Notwithstanding any other provision in this Agreement, nothing will acect or limit
any rights You may have under English Law; or exclude or limit either
party’s liability for death or personal injury caused by its negligence or for fraud
or fraudulent misrepresentation or any other liability which cannot be excluded
or limited under applicable law.
5. In no event will BCG be liable for any indirect, special, punitive, exemplary or
consequential losses or damages of whatsoever kind arising out of Your use of,
or access to the Website, Platform or Products, including loss of profit, loss of
business, loss of opportunity or loss of contract whether or not in the
contemplation of the parties, whether based on breach of contract, tort
(including negligence), product liability or otherwise. BCG’s total aggregate
liability for direct losses or damages of whatsoever kind (including loss of profits)
in contract, tort (including negligence or breach of statutory duty),
misrepresentation, restitution or otherwise, relating to any claim in relation to
Your purchase of the Products shall be limited to the total fees actually paid to
BCG for Your own use of the Products during the 12 months immediately
preceding the date on which the claim arose.
10. General
1. In performing its obligations under this Agreement, You (and Your Intermediary)
shall comply with:
• the Mandatory Policies; and
• all applicable laws, regulations and sanctions relating to anti-bribery and
anti-corruption including but not limited to the Bribery Act 2010.
2. Subject to Clause 5.6 above, BCG may, at any time and at its discretion by
notice, amend these Terms and its Privacy Policy. You agree that it is Your (or Your
Intermediary’s) responsibility to regularly check the Website for notice of any
such changes to these documents.
11. Dispute Resolution and Jurisdiction
1. Any disputes shall be subject to the version of the Agreement in ecect at the date
at which the dispute was first brought to BCG’s attention in writing.
2. Before instigating court proceedings, You agree to provide BCG with sucicient
time and information to rectify the point in issue. Furthermore, before filing any
claims You agree to provide BCG with the opportunity to engage in an alternative
dispute resolution process.
3. Subject to clause 11.1, this Agreement and any claims resulting from its
application are subject to the laws of England and Wales. The English courts
shall have exclusive jurisdiction over any disputes arising under or in connection
with this Agreement You hereby waive any right of claim in any other jurisdiction.
BCG may, at its discretion, bring a claim in Your jurisdiction.