Symantec Managed PKI for SSL Services Agreement
THIS SYMANTEC MANAGED PKI FOR SSL SERVICES AGREEMENT ("AGREEMENT") IS ENTERED INTO BETWEEN SYMANTEC (AS DEFINED BELOW), AND THE ENTITY YOU REPRESENT IN EXECUTING THIS AGREEMENT ("YOU"). THIS AGREEMENT SETS FORTH THE TERMS AND CONDITIONS APPLICABLE TO YOU IN PURCHASING MANAGED PKI FOR SSL CERTIFICATE SERVICES (FORMERLY "ONSITE"). BY CLICKING "ACCEPT" OR BY ACCEPTING A CERTIFICATE, YOU AGREE TO BECOME A PARTY TO, AND BE BOUND BY, THESE TERMS.
AS USED IN THIS AGREEMENT, "SYMANTEC" MEANS AS FOLLOWS: (A) SYMANTEC CORPORATION, IF YOU ARE LOCATED IN THE AMERICAS, THAILAND, OR JAPAN; (B) SYMANTEC LTD., IF YOU ARE LOCATED IN EUROPE, MIDDLE EAST, AFRICA OR ASIA PACIFIC (EXCLUDING THAILAND, JAPAN, OR AUSTRALIA); AND (C) VERISIGN AUSTRALIA PTY LTD., IF YOU ARE LOCATED IN AUSTRALIA. PLEASE NOTE THAT SYMANTEC RESERVES THE RIGHT TO CHANGE THE SYMANTEC ENTITY PARTICIPATING IN THIS AGREEMENT BY NOTICE TO YOU, AS DESCRIBED IN THIS AGREEMENT.
"Certificate" or "Digital Certificate" means a message that, at least, states a name or identifies the issuing CA, identifies the Subscriber, contains the Subscriber's public key, identifies the Certificate's Operational Period, contains a Certificate serial number, and contains a digital signature of the issuing CA.
"Certificate Application" means a request to a CA for the issuance of a Certificate.
"Certification Authority" or "CA" means an entity authorized to issue, suspend, or revoke Certificates. For purposes of this Agreement, CA shall mean Symantec.
"Certification Practice Statement" or "CPS" means a document, as revised from time to time, representing a statement of the practices a CA or RA employs in issuing Certificates. The Symantec Trust Network CPS is available in the repository, which is accessible from the homepage of Symantec's website.
"Code Signing Certificate" means a Symantec Class 3 organizational code signing certificate used by software developers and content publishers to digitally-sign code for secure delivery over networks.
"Confidential Information" means material, data, systems and other information concerning the operation, business, projections, market goals, financial affairs, products, services, customers and Intellectual Property Rights of the other party that may not be accessible or known to the general public. Confidential Information shall include, but not be limited to, the terms of this Agreement, and any information which concerns technical details of operation of any of Symantec's services, software or hardware offered or provided hereunder.
"Erroneous Issuance" means (a) issuance of a Certificate in a manner not materially in accordance with the procedures required by the Managed PKI for SSL Administrator's Handbook; (b) issuance of a Certificate to a Subscriber other than the one named as the subject of the Certificate; or (c) issuance of a Certificate without the authorization of the Subscriber that is the subject of the Certificate.
"Intellectual Property Rights" means any and all now known or hereafter existing rights associated with intangible property, including but not limited to registered and unregistered, United States and foreign copyrights, trade dress, trade names, corporate names, logos, inventions, patents, patent applications, software, know-how and all other intellectual property and proprietary rights (of every kind and nature throughout the universe and however designated).
"NetSure Protection Plan" shall mean the extended warranty program offered by Symantec.
"Operational Period" means a period starting with the date and time a Certificate is issued (or on a later date and time certain if stated in the Certificate) and ending with a date and time at which the Certificate expires or is earlier revoked.
"Registration Authority" or "RA" means an entity approved by a CA to assist persons in applying for Certificates and/or revoking (or where authorized, suspending) Certificates, and approving such applications, in connection with the service. An RA is not the agent of a Certificate Applicant, and may not delegate the authority to approve Certificate Applications other than to authorized RAAs of the RA.
"Registration Authority Administrator" or "RAA" is appointed by an RA and responsible for carrying out the functions of an RA.
"SSL Certificate" means a Class 3 organizational certificate used to support SSL sessions between a web browser and web server that uses encryption.
"Subscriber" means a person, organization or entity who is the owner of or has the right to the device that is the subject of, and has been issued, a Certificate, and is capable of using, and is authorized to use, the private key that corresponds to the public key listed in the Certificate at issue.
"Subscriber Agreement" is the agreement executed between a Subscriber and the CA or Symantec relating to the provision of designated Certificate-related services that govern the Subscriber's rights and obligations related to the Certificate.
"Symantec Trust Network" or "STN" means the Certificate-based Public Key Infrastructure governed by the Symantec Trust Network certificate policies, which enables the worldwide deployment and use of Certificates by Symantec and its affiliates, and their respective customers, Subscribers, and relying parties.
(a) Appointment. Symantec hereby appoints you as a non-Symantec RA within the Symantec Trust Network pursuant to the Symantec Trust Network CPS, and you accept such appointment.
(b) Symantec Trust Network CPS and Managed PKI for SSL Administrator's Handbook. You shall meet all requirements and perform all obligations imposed upon an RA within the STN, which shall include, but are not limited to: (i) the Symantec Trust Network CPS, as periodically amended; (ii) the Managed PKI for SSL Administrator's Handbook published at the Managed PKI Control Center, as periodically amended ("Handbook"); and (iii) the duties in Section 2 below. Symantec shall notify the individual you appoint as your Registration Authority Administrator ("RAA") of any amendments by posting the information to the Managed PKI Control Center.
2. YOUR OBLIGATIONS
(a) Appointment. You shall appoint one or more authorized employees or agents as RAA(s). All such employees or agents must meet the minimum personnel qualifications set forth in the Handbook. Such RAA(s) shall be entitled to appoint additional RAAs on your organization's behalf. You shall cause your RAAs receiving Certificates hereunder to abide by the terms of the applicable Subscriber Agreement, which can be found in the Handbook.
(b) Administrator Functions. You shall comply with the requirements set forth in the Symantec Trust Network CPS and the Handbook for validating the information in Certificate Applications, approving or rejecting such Certificate Applications, using hardware and software designated by Symantec, and revoking Certificates. You shall perform such tasks in a competent, professional, and workmanlike manner. You shall approve a Certificate Application only if (i) the application was made on behalf of a device or internet domain (for purposes of approving SSL Certificates) or a software publisher (for purposes of approving Code Signing certificates) within your organization; and (ii) your RA has authorized the use of your organizational name in the Certificate. If your RAA ceases to have the authority to act as RAA on your behalf, then you shall promptly revoke such authority. If your organizational name and/or domain registration changes, then your RAA shall promptly request revocation of all Certificates issued therein. You shall not disclose any challenge phrase, PIN, software, or hardware mechanism protecting the RAA Certificate private key to a third party.
(c) Survival. In addition to the termination, revocation, and security provisions set forth in this Agreement, the Symantec Trust Network CPS and the Handbook shall survive termination of this Agreement until the end of the Operational Period of all Certificates issued hereunder.
(d) Certificate Restrictions. You shall not use a SSL Certificate (i) for or on behalf of any organization other than your own; (ii) to perform private or public key operations in connection with any domain name and/or organization name other than the one(s) submitted by your RAA during enrollment; (iii) on more than one physical server or device at a time, unless you have selected the specific licensing option that permits the use of a Certificate on one physical device with additional Certificate licenses for each physical server that each device manages, or where replicated Certificates may otherwise reside (the "Licensed Certificate Option"). You acknowledge that the Licensed Certificate Option can result in increased security risks to your network and Symantec expressly disclaims any liability for breaches of security that result from the distribution of a single key across multiple devices. SYMANTEC CONSIDERS THE UNLICENSED USE OF A SSL CERTIFICATE ON A DEVICE THAT RESIDES ABOVE A SERVER OR SERVER FARM SOFTWARE PIRACY AND WILL PURSUE VIOLATORS TO THE FULLEST EXTENT OF THE LAW. Certificates purchased under the Licensed Certificate Option limit the amount of recovery under the NetSure Protection Plan to ten thousand US dollars (US$10,000) or the local currency equivalent thereof. You shall not use a Code Signing Certificate: (iv) for or on behalf of any organization other than your own; (v) to perform private or public key operations in connection with any domain and/or organization name other than the one you submitted on your Certificate Application; (vi) to distribute malicious or harmful content of any kind including, but not limited to, content that would otherwise have the effect of inconveniencing the recipient of such content; or (vii) in a manner that transfers control or permits access for the private key corresponding to the public key of the Certificate to anyone other than an employee that you have authorized (any such transfer to be in a secure manner so as to protect the private key). The following terms and conditions apply to the MPKI for Intranet SSL and MPKI for Intranet SSL Premium Certificate Services: Intranet SSL Certificates shall be used only with intranet domains and may not be assigned to devices that are publicly accessible from the Internet. Symantec reserves the right to monitor publicly-facing Internet servers and/or devices to ensure that Intranet SSL Certificates comply with this Section 2. If Symantec discovers any use of Intranet SSL Certificate(s) not in compliance with Section 2, then Symantec shall immediately notify your RAA of non-compliance. Your RAA must, within twenty (24) hours, either (1) immediately move the Intranet SSL Certificate to an intranet domain; or (2) remove and revoke the Intranet SSL Certificate from your servers. If your RAA does not revoke or remove the non-compliant Certificate, then Symantec may revoke the RAA Certificate.
(e) Your Warranties. You warrant that (i) all information material to the issuance of a Certificate and validated by you or on your behalf is true and correct in all material respects; (ii) your approval of Certificate Applications will not result in Erroneous Issuance; (iii) you have substantially complied with the Symantec Trust Network CPS, the Handbook, and your obligations set forth herein; (iv) no Certificate information provided to Symantec infringes the intellectual property rights of any third party; (v) the information you provide in the Certificate Application(s) (including email address(es)) has not been and will not be used for any unlawful purpose; (vi) your RAA has been (since the time of the RAA Certificate's creation) and will remain the only person possessing the RAA Certificate private key, or any challenge phrase, PIN, software, or hardware mechanism protecting the private key, and no unauthorized person has had or will have access to such materials or information; (vii) you will use the RAA Certificate exclusively for authorized and legal purposes consistent with this Agreement; and (viii) you will not monitor, interfere with or reverse engineer the technical implementation of the Symantec systems or software or the STN, except with the prior written approval from Symantec, and shall not otherwise intentionally compromise the security of the Symantec systems or software or the STN.
3. ADDITIONAL SERVICE TERMS
(a) License Grant. Symantec grants you a limited, non-exclusive, non-transferable, non-sublicenseable license during the term of this Agreement to access and use the MPKI for SSL console and, if applicable, any software or tools which Symantec makes available through the Managed PKI for SSL Services. You may use the MPKI for SSL console and such software and tools solely in accordance with the applicable instructions or documentation and any end-user license terms and/or restrictions provided therewith.
(b) Each Managed PKI for SSL Service license may support multiple organizations and multiple domain names, as long as each organization and related domain name(s) is owned and registered to the organization that owns the account. This Service is not intended for service providers that issue certificates to unrelated organizations and may not be used for such purpose.
(c) If you choose to display a website trust seal supplied by Symantec, then you must install and display such seal only in accordance with the Symantec Seal License Agreement posted on Symantec's website.
(d) Note that a "unit" refers to the volume of Certificates purchased; for example, a one-year Certificate has the value of one unit; a two-year Certificate shall require two units, etc. Further, utilization of either of the additional features below may increase the number of units required for issuance of the Certificate: (i) Licensed Certificate Option--Each Certificate shall be used on up to one physical server or device unless you selected the "Licensed Certificate Option" that permits the use of a Certificate on one physical device with additional Certificate licenses for each physical server that each device manages, or where replicated Certificates may otherwise reside. Under this Option, each certificate license has the value of one unit; thus, for example, a one-year Certificate that is used to secure three devices shall require three units, and a two-year Certificate that is used to secure three devices shall require six units, etc; (ii) Subject Alternative Name Option--Each Certificate shall be used to secure up to one domain unless you selected the "SubAltName Option" that permits the use of a Certificate to secure multiple domains. There is a limit of twenty domains or "SubAltNames" per Certificate. Under this option, each domain has the value of one unit; thus, for example, a one-year Certificate that is used to secure three domains shall require three units, and a two-year Certificate that is used to secure three domains shall require six units, etc. Certificate units may be purchased and pre-loaded into your account. However, any Unit not issued (i.e., redeemed for Certificates) within 12 months of purchase shall automatically expire.
4. SYMANTEC'S OBLIGATIONS
(a) Services. Symantec shall provide the services specified in this Agreement throughout its term. Symantec shall issue, manage, revoke, and/or renew Certificates in accordance with the instructions you provide through your RAA(s). Upon your approval of a Certificate Application, Symantec shall (i) be entitled to rely upon the correctness of the information in each such approved Certificate Application; and (ii) issue a Certificate to the Certificate Applicant submitting such Certificate Application. Notwithstanding the terms of the "Basic" Service Level Agreement, no service level commitments will apply with respect to the services provided herein unless a Gold or Platinum Service Fee obligation is then in effect.
(b) RAA Certificate. Symantec will notify you whether your RAA Certificate Application is approved or rejected. If your RAA Certificate Application is approved, Symantec will issue an RAA Certificate for use in accordance with this Agreement. After your RAA picks up or otherwise installs the RAA Certificate, your RAA must review the information in it before using it and promptly notify Symantec of any errors. Upon receipt of such notice, Symantec will revoke the RAA Certificate and issue a corrected RAA Certificate, subject to the requirements set forth herein.
(c) Symantec's Warranties and Disclaimers. Symantec warrants that (i) there are no errors introduced by Symantec in the Certificate information as a result of Symantec's failure to use reasonable care in creating the Certificate; (ii) its issuance of Certificates shall comply in all material respects with its CPS; and (iii) its revocation services and use of a repository conform to its CPS in all material aspects. EXCEPT FOR THE EXPRESS LIMITED WARRANTIES PROVIDED HEREIN, SYMANTEC DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTION OF CUSTOMER REQUIREMENTS, NON-INFRINGEMENT, AND ANY WARRANTY ARISING OUT OF A COURSE OF PERFORMANCE, DEALING OR TRADE USAGE.
5. PROPRIETARY RIGHTS
You acknowledge that Symantec and its licensors retain all Intellectual Property Rights and title in and to all of their Confidential Information or other proprietary information, products, services, and the ideas, concepts, techniques, inventions, processes, software or works of authorship developed, embodied in, or practiced in connection with the services provided by Symantec hereunder, including without limitation all modifications, enhancements, derivative works, configurations, translations, upgrades, and interfaces thereto (all of the foregoing "Symantec Works"). Symantec Works do not include your preexisting hardware, software, or networks. Nothing in this Agreement shall create any right of ownership or license in and to the other party's Intellectual Property Rights and each party shall continue to independently own and maintain its Intellectual Property Rights.
6. FEES, PAYMENTS, AND TAXES
As consideration for the services procured through the MPKI for SSL console, you shall pay Symantec the applicable fees set forth on the console at the time of your selection, or, if applicable, upon receipt of the applicable invoice from Symantec. All fees are due immediately and are non-refundable, except as otherwise expressly stated. Any renewal of certificate services with Symantec is subject to then-current terms and conditions, including, but not limited to, successful completion of any applicable authentication procedure, and payment of all applicable service fees at the time of renewal. Symantec will provide you with notice prior to the expiration of services at least thirty (30) days in advance of the renewal date. You shall be solely responsible for the credit card information provided to Symantec and must promptly inform Symantec of any changes thereto (e.g., change of expiration date or account number). In addition, you are solely responsible for ensuring the services are renewed. Symantec shall have no liability to you or any third party in connection with the renewal as described herein, including, but not limited to, any failure or errors in renewing the services. All sums due and payable that remain unpaid after any applicable cure period herein will accrue interest as a late charge of 1.5% per month or the maximum amount allowed by law, whichever is less. The fees stated are exclusive of tax. All taxes, duties, fees and other governmental charges of any kind (including sales, services, use, and value-added taxes, but excluding taxes based on the net income of Symantec) which are imposed by or under the authority of any government or any political subdivision thereof on the fees for any of the Services shall be borne by you and shall not be considered a part of, a deduction from or an offset against such fees. All payments due to Symantec shall be made without any deduction or withholding on account of any tax, duty, charge or penalty except as required by law in which case the sum payable by you in respect of which such deduction or withholding is to be made shall be increased to the extent necessary to ensure that, after making such deduction or withholding, Symantec receives and retains (free from any liability in respect thereof) a net sum equal to the sum it would have received but for such deduction or withholding being required. This section does not apply to you if you purchased the Managed PKI for SSL Services from a reseller.
7. CONFIDENTIAL INFORMATION
The parties acknowledge that by reason of their relationship under this Agreement, they may have access to and acquire Confidential Information of the other party. Each party receiving Confidential Information (the "Receiving Party") agrees to maintain all such Confidential Information received from the other party (the "Disclosing Party"), both orally and in writing, in confidence and agrees not to disclose or otherwise make available such Confidential Information to any third party without the prior written consent of the Disclosing Party; provided, however, that the Receiving Party may disclose the terms of this Agreement to its legal and business advisors if such third parties agree to maintain the confidentiality of such Confidential Information under terms no less restrictive than those set forth herein. The Receiving Party further agrees to use the Confidential Information only for the purpose of performing this Agreement. Notwithstanding the foregoing, the obligations set forth herein shall not apply to Confidential Information which: (i) is or becomes a matter of public knowledge through no fault of or action by the Receiving Party; (ii) was lawfully in the Receiving Party's possession prior to disclosure by the Disclosing Party; (iii) subsequent to disclosure, is rightfully obtained by the Receiving Party from a third party who is lawfully in possession of such Confidential Information without restriction; (iv) is independently developed by the Receiving Party without resort to the Confidential Information; or (v) is required by law or judicial order, provided that the Receiving Party shall give the Disclosing Party prompt written notice of such required disclosure in order to afford the Disclosing Party an opportunity to seek a protective order or other legal remedy to prevent the disclosure, and shall reasonably cooperate with the Disclosing Party's efforts to secure such a protective order or other legal remedy to prevent the disclosure. In addition, Symantec's treatment of any of your information collected through the Symantec website will be in accordance with Symantec's published Privacy Statement.
(a) General Indemnification. Each party hereto (the "Indemnitor") agrees to, and shall, indemnify, defend and hold harmless the other party hereto (the "Indemnitee"), and its directors, officers, agents, employees, successors and assigns from any and all third party claims, suits, proceedings, judgments, damages, and costs (including reasonable attorneys' fees and expenses) based on the gross negligence or willful misconduct of the Indemnitor, its employees, agents, or contractors in the performance of this Agreement.
(b) Symantec's Indemnification Related to Intellectual Property Infringement. To the extent any third party claim, suit, proceeding or judgment is based on a claim that the services infringe any United States patent, copyright or trade secret (an "Infringement Claim"), Symantec (as Indemnitor) shall defend and hold harmless you (as Indemnitee) and your directors, officers, agents, employees, successors and assigns from such Infringement Claim, and indemnify you for damages finally awarded against you to the extent such damages are attributable to direct infringement by the services or agreed to in settlement by Symantec, plus costs (including reasonable attorneys' fees and expenses).
In the event of any Infringement Claim, Symantec shall have the right, at its sole option, to obtain the right to continue use of the affected services or to replace or modify the affected services so that they may be provided by Symantec and used by you without infringement of third party United States patent, copyright or trade secret rights. If neither of the foregoing options is available to Symantec on a commercially reasonable basis, Symantec may terminate the service immediately upon written notice to you, and within thirty (30) days after such termination Symantec shall pay a termination fee equal to the prorated portion of any fees (excluding installation and any other non-recurring fees) paid in advance commensurate with the remaining portion of the service period for which such fees were assessed and paid.
The foregoing indemnity shall not apply to any infringement resulting from: (i) any open source or third party components or products; (ii) any use of the services not in accordance with the Agreement; (iii) any use of the services in combination with other services, software or hardware not supplied by Symantec if the alleged infringement would not have occurred but for such combination; (iv) any modification of the services not performed by Symantec if the alleged infringement would not have occurred but for such modification; or (v) use of an allegedly infringing version of the services if the alleged infringement could be avoided by the use of a more current version of the services made available to you.
NOTWITHSTANDING ANY OTHER PROVISION OF THE AGREEMENT, THE RIGHTS AND REMEDIES SET FORTH IN SECTION 8(B) CONSTITUTE THE ENTIRE OBLIGATION OF SYMANTEC AND YOUR EXCLUSIVE REMEDIES WITH RESPECT TO THE SUBJECT MATTER THEREOF.
(c) Your Indemnification Related to Your Appointment as RA. To the extent any third party claim, suit, proceeding or judgment arises from your failure to strictly comply with the obligations set forth in Section 2, you (as Indemnitor) shall defend, hold harmless, and indemnify Symantec (as Indemnitee) and its directors, officers, agents, employees, successors and assigns from such claim.
(d) Indemnification Process. The Indemnitee shall promptly notify the Indemnitor of any claim for indemnity by providing written notice pursuant to Section 11(a) hereof. When notifying an Infringement Claim, any such notice shall (i) identify the United States patent, copyright or trade secret asserted by a third party and the services potentially impacted by the third party claim; and (ii) identify, initially and on an ongoing basis, any other potential Indemnitor to whom you have provided notice of the third party claim and the services supplied to you by such other potential Indemnitor.
After receipt of such notice, the Indemnitor shall have a reasonable time to investigate whether the third party claim might fall within the scope of the indemnification prior to assuming the defense of such claim. With respect to any claim for which such notification is provided or otherwise within the scope of the indemnity, the Indemnitor shall have the right to control and bear full responsibility for the defense of such claim (including any settlements); provided however, that: (i) the Indemnitor shall keep the Indemnitee informed of, and consult with the Indemnitee in connection with the progress of such litigation or settlement; (ii) the Indemnitor shall not have any right, without the Indemnitee's written consent, which consent shall not be unreasonably withheld, to settle any such claim if such settlement arises from or is part of any criminal action, suit or proceeding or contains a stipulation to or admission or acknowledgment of, any liability or wrongdoing (whether in contract, tort or otherwise) on the part of the Indemnitee, or requires any specific performance or non-pecuniary remedy by the Indemnitee; and (iii) the Indemnitee shall have the right to participate in the defense of a claim with counsel of its choice at its own expense.
The Indemnitor's assumption of the defense of any claim asserted to be within the scope of the indemnity shall not prejudice the determination of whether a claim is properly subject to indemnification hereunder nor waive the Indemnitor's right at any time to disclaim obligations under Sections 8a, 8b and 8c with respect to any claim or damages to the extent they are not subject to indemnification under Sections 8a, 8b and 8c.
9. LIMITATION OF LIABILITY
(a) EACH PARTY'S AGGREGATE LIABILITY FOR ANY AND ALL CLAIMS UNDER THE AGREEMENT SHALL NOT EXCEED ONE MILLION DOLLARS ($1,000,000). THE FOREGOING LIMITATION DOES NOT APPLY TO LIABILITY ARISING FROM: (I) SECTION 7 (CONFIDENTIAL INFORMATION); (II) SECTION 8 ( INDEMNIFICATION); OR (III) DEATH OR SERIOUS BODILY INJURY; WITH RESPECT TO SYMANTEC'S LIABILITY, THE FOREGOING LIMITATION OF LIABILITY SHALL NOT APPLY TO CLAIMS COVERED UNDER THE NETSURE PROTECTION PLAN.
(b) NEITHER PARTY WILL BE LIABLE UNDER ANY CIRCUMSTANCES WHATSOEVER FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION LOST PROFITS OR REVENUES, WHETHER FORESEEABLE OR UNFORESEEABLE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
10. TERM AND TERMINATION
(a) Term and Termination. This Agreement shall commence on the date you click the "ACCEPT" button and shall continue for successive one (1) year term(s), until the earlier of: (i) the expiration of all Certificates issued hereunder; or (ii) a termination pursuant to section 10(b) below.
(b) Termination for Default. In the event of a material breach of this Agreement (excluding any breaches for which an exclusive remedy is expressly provided), the non-breaching party may terminate this Agreement if such breach is not cured within thirty (30) days after written notice thereof.
(c) Effect of Termination. You shall cease using the Services upon termination. Further, any termination of this Agreement shall not relieve either party of any obligations that accrued prior to the date of such termination. Sections 2(c), 5, 6, 7, 8 and 9 shall survive the termination of this Agreement for any reason.
11. GENERAL PROVISIONS
(a) Notices. You shall make all notices, demands or requests to Symantec with respect to this Agreement in writing (excluding email) to the "Contact" address listed on the website from which you purchased the Services, with a copy to the General Counsel - Legal Department, Symantec Corporation, 350 Ellis Street, Mountain View, CA 94043, USA.
(b) Entire Agreement. This Agreement (including any purchase orders issued hereunder) and any Subscriber Agreement, where applicable, constitute the entire understanding and Agreement between Symantec and you with respect to any service purchased hereunder, and supersedes any and all prior or contemporaneous oral or written representation, understanding, agreement or communication relating thereto.
(c) Amendments and Waiver. Any term or provision of this Agreement (including any purchase orders) may be amended, and the observance of any term of this Agreement may be waived, only by a writing in the form of a non-electronic record referencing this Agreement and signed by the parties to be bound thereby, and this Agreement may not be modified or extended solely by submission of a purchase order or similar instrument referencing this Agreement.
(d) Force Majeure. Neither party shall be deemed in default hereunder, nor shall it hold the other party responsible for, any cessation, interruption or delay in the performance of its obligations hereunder (excluding payment obligations) due to earthquake, flood, fire, storm, natural disaster, act of God, war, terrorism, armed conflict, labor strike, lockout, boycott or other similar events beyond the reasonable control of such party, provided that the party relying upon this provision: (i) gives prompt written notice thereof, and (ii) takes all steps reasonably necessary to mitigate the effects of the force majeure event; provided further, that in the event a force majeure event extends for a period in excess of thirty (30) days in the aggregate, either party may immediately terminate this Agreement upon written notice.
(e) Severability. In the event that any provision of this Agreement should be found by a court of competent jurisdiction to be invalid, illegal or unenforceable in any respect, the validity, legality and enforceability of the remaining provisions contained shall not, in any way, be affected or impaired thereby.
(f) Compliance with Law, Export Requirements, and Foreign Reshipment Liability. Each party shall comply with all applicable federal, state and local laws and regulations in connection with its performance under the Agreement. Without limiting the generality of the foregoing, each party agrees to comply with all export requirements ("Export Control"). Regardless of any disclosure made by you to Symantec of an ultimate destination of Certificates, software, hardware, or technical data (or portions thereof) supplied by Symantec ("Symantec Technology") and, notwithstanding anything contained in the Agreement to the contrary, you will not: (i) modify, export, or re-export, either directly or indirectly, any Symantec Technology to any destination restricted or prohibited by Export Control, without first obtaining any and all necessary licenses from the government of the United States or any other country that imposes Export Control; (ii) provide Symantec Technology to any proscribed party on the United States Treasury Department's Office of Foreign Asset Control list of "specially designated nationals and blocked persons", the United States Commerce Department's "denied parties list", the United States Commerce Departments "BIS Entity List" or such other applicable lists; or (iii) export or re-export Symantec Technology, directly or indirectly, for nuclear, missile, or chemical/biological weaponry end uses prohibited by Export Control. Symantec shall have the right to suspend performance of any of its obligations under the Agreement, without prior notice and without any liability to you, if you fail to comply with this provision.
(g) Assignment. You may not assign the rights granted hereunder or this Agreement, in whole or in part and whether by operation of contract, law or otherwise, without Symantec's prior express written consent. Such consent shall not be unreasonably withheld or delayed.
(h) Independent Contractors. The parties to this Agreement are independent contractors. Neither party is an agent, representative, joint venturer, or partner of the other party. Neither party shall have any right, power or authority to enter into any Agreement for or on behalf of, or incur any obligation or liability of, or to otherwise bind, the other party. Each party shall bear its own costs and expenses in performing this Agreement.
(i) Governing Law. This Agreement and any disputes relating to the services provided hereunder shall be governed and interpreted according to each of the following laws, respectively, without regard to its conflicts of law provisions: (a) the laws of the State of California, if you are located in North America or Latin America; or (b) the law of England, if you are located in Europe, Middle East or Africa; or (c) the laws of Singapore, if you are located in Asia Pacific including Japan. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement.
(j) Dispute Resolution. To the extent permitted by law, before you file suit or initiate an administrative claim with respect to a dispute involving any aspect of this Agreement, you shall notify Symantec, and any other party to the dispute for the purpose of seeking business resolution. Both you and Licensor shall make good faith efforts to resolve such dispute via business discussions. If the dispute is not resolved within sixty (60) days after the initial notice, then a party may proceed as permitted under applicable law as specified under this Agreement.
(k) Order of Precedence. In the event of a conflict between this Agreement and a Subscriber Agreement, the terms of the Subscriber Agreement shall
govern, but only in regard to the specific Certificate at issue.
(l) English Version. If this Agreement is translated in any language other than the English language, and in the event of a conflict between the English language version and the translated version, the English language version shall prevail in all respects.
Symantec Managed PKI for SSL Services Agreement version 7.0 (April 2012)