Version 1-2022
These Terms & Conditions (the “Terms”), along with the Statement of Work or Service Order that reference it (collectively, the “Agreement”), is made between The BTB Group, LLC (d/b/a BTB Security), a Delaware limited liability company (“BTB”) and Client effective as of the signature date on the Statement of Work or Service Order.
BTB provides an extensive range of cybersecurity services. Client wishes to engage BTB to perform the security-related professional or managed services as described in the Statement of Work or Service Order. Therefore, the parties, intending to be legally bound and with the sufficiency of consideration acknowledged, hereby agree as follows:
1. Definitions
1.1 “Affiliate” means any entity and/or corporation, directly or indirectly, through one or more intermediaries, controlling, controlled by, or under common control with BTB, including but not limited to Netrix, LLC.
1.2 “Confidential Information” means any information of a confidential, proprietary, or competitively sensitive nature relating to a party that is disclosed by one party to the other in connection with this Agreement, including, without limitation, all information relating to the financial condition, customers, business plans, employees, strategic plans and suppliers. “Confidential Information” shall not include information the receiving party can demonstrate (a) is, as of the time it is disclosed or thereafter becomes, part of the public domain, other than as a result of the actions of the receiving party, (b) was already rightfully known to the receiving party as of the time it is disclosed, (c) is subsequently learned from a third party, not under a confidentiality obligation, or (d) the receiving party independently developed the information without use or reliance on the other party’s Confidential Information.
1.3 “Client Default” means Client’s material breach of any provision of the Agreement, including any Statement of Work or any Exhibits referenced therein, that remains uncured for thirty (30) days after written notice from BTB specifying the nature of such breach.
1.4 “Normal Business Hours” means Monday through Friday, 8 am to 5 pm Eastern Standard Time (or the time zone of the location where BTB’s personnel are located, as applicable), not including holidays observed by BTB.
1.5 “Professional Services” means any professional or consulting Services performed by BTB for Client.
1.6 “Services” mean the professional or subscription services that BTB provides to Client pursuant to one or more Statements of Work, including, but not limited to, Security Services (as defined in Section 2.1), and any Professional Services.
1.7 “Statements of Work” or “Service Order” means a statement of work, service order, or other written order agreed upon by the parties describing the Professional or Subscription Services, including but not limited to Security Services, that BTB will provide to Client, including the pricing, duration, and other specifications specified in such Statement of Work or Service Order.
`1.8 “Subscription Services” means any Services subject to a term commitment that include a monthly recurring charge (“MRC”) or annual license or subscription fee, including managed services and certain Security Services.
2. Services
2.1 Statements of Work. BTB and its Affiliates shall provide Client with the Services described in one or more Statements of Work as the parties may execute. If a Statement of Work is executed by a BTB Affiliate, the term “BTB” as used in this Agreement shall refer solely to such BTB Affiliate. BTB and Client shall both abide by any obligations expressly set forth in the Statements of Work, including, where applicable, milestones, specifications, and deliverables. Unless expressly set forth otherwise in a Statement of Work, all Services are accepted upon performance.
2.2 Security Services. The Services may include BTB performing network and application scanning and ethical hacking (also known as penetration testing) in order to gain control of target Client’s systems and identify related vulnerabilities. Performance of security assessments, audits, testing, scans, and otherwise performing ethical hacking (collectively, “Security Services”) involve a variety of tools and techniques that may cause the target servers and/or applications to behave in an unintended manner. This may result in servers, services, and applications becoming unresponsive, and could potentially lead to data loss or data corruption. BTB makes no representation or warranty that the Services will disclose all vulnerabilities of the systems tested. BTB also makes no guarantees due to the unpredictable nature of how systems may react to the tools and techniques being utilized. Client is solely responsible for taking the appropriate steps to ensure that data on all systems within scope have been properly backed up prior to BTB’s performance of the Security Services. Client shall make appropriate personnel available to plan and coordinate Client’s responsibilities in connection with the Security Services to respond to issues caused by the Security Services or restore Client’s system functionality if problems arise. Client shall grant BTB sufficient access to its networks, systems, and/or applications to perform the Services outlined in the related Statement of Work.
3. Term & Termination
3.1 Client’s Material Breach. In the event of a Client Default, BTB may, at its option, terminate this Agreement (including any related Statements of Work) affected by the breach. Upon termination for a Client Default: all amounts owed to BTB under this Agreement shall become immediately due and payable (including the payments for the remaining portion of all Statements of Work), BTB may cease performance of all Services without liability to Client and all licenses granted in this Agreement shall be terminated automatically. The foregoing rights and remedies shall be in addition to all other rights and remedies available to BTB at law and in equity.
3.2 BTB’s Material Breach. Client may terminate a Statement of Work upon BTB’s material breach of such Statement of Work that remains uncured for 30 days after BTB’s receipt of written notice from Client specifying BTB’s breach.
3.3 Other Termination Rights. Statements of Works for recurring Services indicate initial term, and thereafter automatically renews on a month-to-month basis until either party provides at least ninety (90) days’ notice prior to the expiration of the then-current term. Annual licensing fees, if applicable, will be billed in the first month of the automatic renewal. For Subscription Services, after the initial 180-day period, beginning on the Statement of Work Effective Date, Client may terminate the Statement of Work for convenience by giving BTB at least thirty (30) days’ prior notice in writing. If Client makes a general assignment for the benefit of creditors, files a voluntary petition of bankruptcy of liquidation, suffers or permits the appointment of a receiver for its business or assets, becomes subject to any proceeding under any bankruptcy or insolvency law, or has wound up or liquidated its business voluntarily or otherwise, then BTB may terminate this Agreement (including any Statement of Work) upon written notice to Client. BTB may also terminate one or more applicable Statements of Work, upon 180 days’ prior written notice, if BTB decides, in its sole discretion, to generally discontinue the service or product offering described in such Statement of Work.
3.4 Transition Upon Termination. Upon termination, BTB will calculate and invoice for the balance of all outstanding fees. Subject to Client’s payment all amounts owed BTB under this Agreement (including any late fees and amounts described in Section 4.2), BTB shall engage in commercially reasonable efforts to provide Client with all of its data, reports and other documentation in BTB’s possession relevant to the Services of any terminated Statement of Work, within thirty (30) days after its termination. After such 30-day transition window, BTB may delete any Client data or materials without any liability to Client.
4. Payment
4.1 Client Payment. Client shall pay BTB all amounts for the Services as described in the Agreement. Statements of Work for managed services or other recurring Subscription Services will be invoiced monthly and will start on the 1st of the month proceeding the effective agreement date of the Statement of Work. Statements of Work for professional services will be invoiced 50% at the start of each “project” (service line items may be combined to create a “project”) and 50% upon report delivery for each respective “project” where the total “project” cost is greater than $5,000. “Projects” with a total cost under $5,000 will be invoiced upon report delivery. Payments are due 30 days after the date specified on the invoice. BTB may immediately suspend its performance of all Services upon five days’ prior written notice if Client fails to pay all amounts overdue within such five-day period.
4.2 Late Fees & Taxes. Client shall pay BTB a late fee of 1.5% per month or the maximum rate permitted by law, whichever is less, on balances outstanding after they become due. Client shall be responsible for and pay BTB any and all applicable use-based, sales, value-added, excise, or other taxes related to the Statement of Work, which are not based on BTB’s net income.
4.3 Travel & Related Expenses. Client shall reimburse BTB for all reasonable travel, meal, and lodging expenses incurred in connection with providing the Services (collectively, “Reimbursable Expenses”). At the end of each month, BTB shall invoice Client for the Reimbursable Expenses, and Client shall pay for Reimbursable Expenses in the same manner as fees. Client shall also reimburse BTB for any out-of-pocket costs associated with BTB personnel changing their travel plans, including (without limitation) as airline change fees or nonrefundable hotel charges, if (a) BTB booked non-refundable travel accommodations with Client’s consent or (b) Client requested a schedule change or stopped the applicable Services without providing at least two (2) business days’ notice.
4.4 Hourly Work. Any Services billed on an hourly basis will be billed in 30-minute increments, rounded up to the nearest increment, with a two-hour minimum charge, except for telephone support, which will be billed in 15-minute increments with no minimum charge.
5. Confidentiality & Intellectual Property
5.1 Confidentiality. Each party shall not disclose to any third party or use the other’s Confidential Information except as permitted in or necessary to perform its obligations under this Agreement. Each party shall maintain the other’s Confidential Information with at least the same degree of care as it maintains its own, and in no event with less than a reasonable degree of care. Each party shall promptly return other party’s Confidential Information to the other party upon any termination of this Agreement or the other party’s request, except that BTB may keep a copy of documents or records documenting the performance of the Services for Client (including copies of any reports or other materials about Client’s computer systems), subject to BTB’s ongoing obligation to maintain such information confidential.
5.2 Permitted Disclosures. A party may disclose the other’s Confidential Information to employees, Affiliate employees, or independent contractors who have a need to know and who have signed a written confidentiality agreement or are subject to a fiduciary obligation of confidentiality. A party may also disclose the other’s Confidential Information to enforce its rights under this Agreement or upon demand by a governmental agency or pursuant to a subpoena or court order, in any case, provided that the disclosing party notifies the other party prior to such disclosure (unless notification would be prohibited by law) and only discloses the minimum necessary information to comply with such demand.
5.3 Confidential Information. Any reports or other materials created by BTB about Client’s computer systems will be deemed to be Client’s Confidential Information (excluding BTB Proprietary Materials, defined below). Any proprietary or non-public methodologies, materials, processes, procedures, and information used by BTB in connection with providing the Services (collectively, “BTB Proprietary Materials”), including (without limitation) the Security Services will be deemed BTB’s Confidential Information.
5.4 Reservation of Rights. Subject to the limited rights expressly granted in the Agreement, BTB reserves all rights, title and interest in and to: (i) the Services: (ii) all related software and hardware, computer codes and instructions, processing systems and techniques, inputs and outputs, methodologies and technical information, user documentation, training materials, and BTB Proprietary Materials; and (iii) any customizations, improvements, modifications or derivative works of or to the foregoing, including all related intellectual property rights (collectively, the “BTB Intellectual Property”). No rights are granted to Client under the Agreement or by Client’s receipt of Services, other than as expressly set forth the Agreement.
6. DATA PRIVACY AND CLIENT PERSONAL DATA
6.1 “Client Personal Data” means data provided by or on behalf of Client which consists of data or information naming or identifying a natural person such as: (a) personally identifying information that is explicitly defined as a regulated category of data under any data privacy or data protection laws applicable to Client; (b) non-public information, such as a national identification number, passport number, social security number, driver’s license number; (c) health or medical information, such as insurance information, medical prognosis, diagnosis information or genetic information; (d) financial information, such as a policy number, credit card number and/or bank account number; (e) sensitive personal data, such as mother’s maiden name, race, marital status, gender or sexuality; and/or any other non-public personal information regarding individual consumers or customers of Client. To the extent possible, a SOW will specify the type of files and data that comprise Client Personal Data that may be accessed, collected, or otherwise processed by BTB under the Statement of work. BTB shall only use Client Personal Data provided to it under this Agreement for purposes of fulfilling its obligations under this Agreement or an applicable Statement of Work.
6.2 The Parties shall comply with their respective obligations under applicable data privacy and data protection laws and regulations (the “Data Privacy Laws”), including but not limited to with respect to Client Personal Data. In no event shall BT be required to monitor or advise on the Data Privacy Laws applicable to Client with respect to Client Personal Data.
6.3 In the event that there are any changes to any of the Data Privacy Laws which require a change to the provision of all or any part of the Services or a method of delivery of such Services in use by BTB prior to such change, including the terms of this Section 6, Client shall bear the cost of such changes; further, the Parties shall make appropriate adjustments to the terms of this Agreement and the Services (and corresponding charges) pursuant to a change order.
7. Warranties & Disclaimers
7.1 Authority. Each party represents and warrants that: (a) it is duly organized, validly existing and in good standing in its jurisdiction of incorporation or formation and each jurisdiction in which it is required to be licensed or registered; (b) this Agreement has been duly executed and delivered by such party and constitutes a legal, valid and binding obligation of such party, enforceable in accordance with its terms; and (c) it will comply with all laws applicable to its business in performing its obligations under this Agreement, including but not limited to applicable Data Privacy Laws.
7.2 Client Warranties. Client represents and warrants: (a) any premises where BTB may perform Services under this Agreement will be free from all hazards; and (b) it has obtained for BTB’s use, as contemplated in this Agreement, all necessary and appropriate licenses, titles, interests, or rights to necessary or appropriate for BTB to provide the Services.
7.3 BTB Warranties. BTB warrants that the Services will be performed in a professional, workmanlike manner and that any deliverables will substantially conform with the specifications set forth in an applicable Statement of Work. Warranty claims must be reported to BTB in writing within thirty (30) days of the earlier of completion of the relevant Services or delivery of any deliverables, as applicable. In the event of any breach of the foregoing warranty, Client’s sole and exclusive remedy, and BTB’s sole liability, will be for BTB to re-perform the defective Services at no additional charge.
7.4 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED HEREIN, BTB MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE AND SPECIFICALLY DISCLAIMS ALL EXPRESS AND IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. BTB EXPRESSLY DISCLAIMS ANY WARRANTY THAT THE SERVICES WILL BE FREE FROM ERRORS, DELAYS, INTERRUPTIONS, VIRUSES OR MALICIOUS CODE OR WILL ALWAYS BE AVAILABLE, THAT ALL ERRORS WILL BE CORRECTED, OR THAT THE SERVICES OR PRODUCTS WILL MEET CLIENT’S REQUIREMENTS OR WILL IMPROVE CLIENT’S FINANCIAL RESULTS. NO CREDITS FOR FUTURE USE OF THE SERVICE WILL ACCRUE TO CLIENT FOR CONTRACTED-FOR BUT UNUSED SERVICES.
7.5 No Warranty for Data Protection Breach. Consistent with the foregoing Disclaimer, Client specifically acknowledges that BTB does not guarantee or warrant that its provision of the Services, including Security Services, will eliminate all risk of a data security breach, including ransomware and malware attacks, or prevent damage from network or system security breaches, and that BTB’s obligations and responsibilities in connection with data security are expressly limited to those set forth in this Agreement and any applicable Statement of Work.
8. Limitations on Liability
8.1 BTB’S LIABILITY TO CLIENT FOR ANY CLAIM OR SERIES OF CLAIMS OR FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT, BTB’S PERFORMANCE OF THE SERVICES, OR BTB’S PROVISION OF ANY HARDWARE OR SOFTWARE UNDER ANY THEORY, WHETHER STRICT LIABILITY, NEGLIGENCE, OR OTHERWISE IS LIMITED, IN THE AGGREGATE FOR ANY AND ALL CLAIMS AND DAMAGES, TO CLIENT’S ACTUAL DIRECT DAMAGES AND IS NOT TO EXCEED THE AMOUNT CLIENT PAID BTB UNDER THIS AGREEMENT IN THE SIX (6) MONTHS IMMEDIATELY PRECEDING THE FACTS OR CIRCUMSTANCES GIVING RISE TO THE LAST CLAIM OF DAMAGE. IN NO EVENT SHALL BTB BE LIABLE TO CLIENT FOR ANY INDIRECT, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OR FOR LOST PROFITS OR INTERRUPTION OF BUSINESS, IN ANY CASE, EVEN IF BTB HAS BEEN ADVISED OF THE POSSIBILITY THEREOF. IN NO EVENT SHALL BTB BE LIABLE TO CLIENT FOR ANY DAMAGES RESULTING FROM OR RELATED TO ANY FAILURE OR DELAY OF BTB IN THE PERFORMANCE OF SERVICES HEREUNDER, FOR ANY LOSS OF OR INTERCEPTION OR MISDIRECTION OF CLIENT’S DATA, FILES, SOFTWARE, CODE, OPERATING SYSTEMS, APPLICATIONS, DATA STORAGE MEDIA, OR OTHER TANGIBLE OR INTANGIBLE PROPERTY.
9. Indemnification
9.`1 Client Indemnification. Client agrees to defend, indemnify and hold harmless BTB, its corporate affiliates, and their shareholders, directors, officers, agents, and employees (collectively, “Stakeholders”) from and against any judgments, awards, losses, fees, liabilities, damages, costs or expenses (including reasonable attorneys’ and other professionals’ fees) (collectively, “Losses”) incurred in connection with any third-party suit, claim or demand that arises out of or relates to: (a) Client’s breach of an obligation, representation, or warranty in this Agreement; or (b) actual or alleged cause of bodily injury to or death of any person or loss of or damage to real or tangible personal property due to acts or omissions of Client or its employees or contractors.
9.2 BTB Indemnification. BTB agrees to indemnify Client and its Stakeholders from and against any Losses finally awarded by a court of competent jurisdiction in connection with any third-party suit, claim, or demand that results from or relates to BTB’s breach of any representation or warranty in this Agreement.
9.3 Indemnification Procedures. Upon receiving a claim or demand that Client, BTB, or any of their Stakeholders (each an “Indemnitee”) believes is appropriately subject to indemnification, the Indemnitee shall promptly notify the indemnifying party in writing of the nature of the claim and the names and addresses of the persons involved in or having an interest in such claim. The indemnifying party shall assume control of the defense of such claim through counsel reasonably acceptable to the Indemnitee, and each Indemnitee may participate in its defense through counsel of its choosing at its own expense (except that the expense shall be borne by the indemnifying party if it does not assume lead defense of such claim). The indemnifying party shall be entitled to control the defense and settlement of any claim giving rise to indemnification hereunder, provided that before entering into any settlement of such claim, the indemnifying party shall be required to obtain the prior written approval of the Indemnitee if settlement would require the Indemnitee to take or refrain from taking action or make an admission of fault or liability.
9.5 Law & Venue. This Agreement shall be interpreted and construed in accordance with the substantive laws of the Commonwealth of Pennsylvania and without regard to its conflicts of law principles. Subject to the next sentence, the parties mutually agree and consent to the exclusive jurisdiction and venue of the state and federal courts located in or embracing Montgomery County, Pennsylvania. Either party may seek emergency or injunctive relief from any court of competent jurisdiction. The parties further agree that a mailing to either party by certified or registered mail shall constitute lawful and valid service of process.
9.6 Client Default. In the event of a Client Default, BTB shall be entitled to and Client shall be liable for any and all expenses incurred in connection with BTB enforcing its rights hereunder, including reasonable fees for attorneys, paralegals, and experts and any fees paid to or costs incurred with collection agencies.
9.7 Excusable Delay. BTB shall not be liable for any failure to perform, or delays or problems in the performance under this Agreement, if such delays or failures are due to strikes, inclement weather, acts of God, work shortages, supplier shortages, Internet or telecommunication disruptions, or other causes beyond the reasonable control of BTB.
9.8 Severability & Counterparts. If any provision or term of this Agreement shall be found to be illegal or unenforceable under any applicable statute or rule of law, then this Agreement shall remain in full force and effect and such provision or term shall be deemed stricken. This Agreement may be executed in one or more counterparts, including counterparts transmitted by facsimile or electronic mail, all of which shall be considered one and the same agreement. Facsimile or electronic mail copies with signatures of the parties to this Agreement, or their duly authorized representatives, shall be deemed originals and legally binding and admissible in any court or tribunal of competent jurisdiction.
9.9 Notices. All notices under this Agreement shall be in writing and delivered by First Class U.S. Mail postage prepaid, in-person, or by national overnight courier. Notices shall be deemed effective on the date received by the other party. Notices to Client must be sent to the address on the Statement of Work. Notices to BTB must be sent to:
The BTB Group, LLC
P.O Box 817
Bala Cynwyd, PA 19004
9.10 Either party may change its address with five (5) business days’ prior written notice to the other.
9.11 Assignments. Client shall not assign (whether voluntarily or by operation of law) or otherwise transfer this Agreement or any obligations or rights thereunder without BTB’s prior written consent. Any purported assignment or transfer of this Agreement by Client in violation of this Agreement shall be deemed void. Client’s permitted assignment or transfer of this Agreement shall not relieve Client from any obligation under this Agreement. BTB may assign this agreement upon notice to Client. This Agreement shall be binding upon and shall inure to the benefit of the parties hereto, their respective heirs, representatives, successors and permitted assigns.
9.12 Independent Contractor. The parties agree that BTB is an independent contractor of Client and that this Agreement does not create or imply a joint venture, partnership, association, affiliation or any form of formal business association of any kind. Neither party to this Agreement shall have any authority or control over the other party, nor shall either party have the power to bind the other party, except to the extent specifically provided in the Agreement.
9.13 Employee Non-Solicitation. During the term of this Master Agreement and for one year thereafter, Client shall not, directly or indirectly, on behalf of itself or another, communicate with any person who is then an employee of BTB with the purpose or effect of: (a) having such person terminate or reduce his or her relationship with BTB; or (b) hiring such person as an employee or independent contractor. If Client breaches the foregoing sentence and such employee is hired as an employee or independent contractor by Client, then Client agrees to compensate BTB, as BTB’s sole and exclusive remedy, an amount equal to the annualized compensation that BTB paid to such employee, calculated based on the compensation paid to such employee in the then most recent three-month period he or she was employed by BTB.
9.14 Third Party Beneficiaries. Nothing in this Agreement, expressed or implied, is intended to confer on any individual or entity, other than the parties hereto or their respective successors and permitted assigns, any rights, remedies, obligations or liabilities under or by reason of this Agreement except as expressly contemplated herein.
9.15 Data Retention. BTB standard data retention for all client data, including the RADAR service, is 365 days and up to 10TB.
Previous Versions: